Section 10: Regulatory Compliance Framework
|
OTCM PROTOCOL Comprehensive Technical Whitepaper — Version 7.0 ST22 Digital Securities Platform | March 2026 | Groovy Company, Inc. dba OTCM Protocol |
Section 10: Regulatory Compliance Framework
OTCM Protocol is designed from the ground up to operate within the full weight of U.S. securities law. The platform does not seek regulatory exemptions from investor protection requirements — it automates those requirements with mathematical precision across every layer of the architecture. This section documents the complete regulatory framework to which the platform is subject and demonstrates how each applicable requirement is satisfied.
10.1 Regulatory Foundation and Philosophy
OTCM Protocol's foundational regulatory principle is that tokenization is a delivery mechanism for securities — not a transformation of their legal character. The SEC's technology-neutral principle, affirmed in the January 28, 2026 Joint Staff Statement, states: "The format in which a security is issued or the methods by which holders are recorded does not affect application of the federal securities laws." OTCM Protocol applies this principle operationally: every ST22 Digital Security is a security under federal securities law, subject to the full Securities Act and Exchange Act regardless of its blockchain format.
This philosophy produces an architecture that the SEC's Category 1 Model B framework was designed to describe: issuer-authorized tokenization with an SEC-registered transfer agent maintaining the authoritative securityholder file, blockchain serving as the notification and enforcement layer, and all investor protection requirements enforced programmatically on every transaction through Transfer Hook controls.
|
Regulatory Compliance as Infrastructure OTCM Protocol does not layer compliance onto a finished product as an afterthought. The 42 Transfer Hook security controls are the product. KYC/AML enforcement on every transfer, OFAC screening on every wallet interaction, Rule 144 holding period enforcement by Control 24 — these are not checks that run before trading can begin. They are the mechanism through which trading occurs. Compliance cannot be bypassed because compliance is the execution path. |
10.2 SEC Category 1 Model B Classification
10.2.1 The January 28, 2026 Joint Staff Statement
On January 28, 2026, the SEC's Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets issued a joint statement on tokenized securities establishing a two-category taxonomy for the regulatory treatment of blockchain-based representations of securities. Category 1 (Issuer-Sponsored) covers tokenization occurring by or on behalf of the issuing company itself, with the issuer retaining control over the tokenization architecture and its SEC-registered transfer agent maintaining the authoritative ownership records. Category 2 (Third-Party Sponsored) covers tokenization by unaffiliated third parties.
OTCM Protocol's ST22 architecture is Category 1 in both structure and substance. Every tokenization on the platform requires explicit board authorization by the issuing company, formal Certificate of Designation filed with the Wyoming Secretary of State, irrevocable custody of underlying Series M preferred shares by Empire Stock Transfer, and CUSIP assignment. No third party can tokenize an issuer's securities on the platform without the issuer's formal corporate authorization.
10.2.2 Model B — Blockchain as Notification Layer
Within Category 1, the Joint Staff Statement distinguishes two sub-models. Under Model A, the blockchain constitutes or is directly integrated into the master securityholder file. Under Model B, the issuer issues the security off-chain and uses the blockchain as a notification layer: transfers of the token notify the issuer or its agent to record the transfer on the off-chain master securityholder file.
OTCM Protocol operates under Model B. Empire Stock Transfer maintains the authoritative Master Securityholder File for all Series M preferred shares underlying ST22 tokens. The Solana blockchain and the SPL Token-2022 Transfer Hook infrastructure serve as the operational notification layer. When an ST22 token transfer executes on CEDEX, the Transfer Hook validates all 42 security controls; upon successful validation, the transaction is recorded on-chain and simultaneously notifies Empire's systems to update the off-chain Master Securityholder File.
|
Category 1 Model B Element |
Status |
Notes |
|
Issuer Authorization |
✓ |
Board resolution + Certificate of Designation for every ST22 issuance |
|
SEC-Registered Transfer Agent Custody |
✓ |
Empire Stock Transfer (SEC §17A registered) holds all Series M preferred shares |
|
DLT as Official Notification Layer |
✓ |
Solana blockchain notifies Empire on every transfer via Transfer Hook oracle |
|
Direct Beneficial Ownership |
✓ |
ST22 token = 1:1 direct interest in underlying Series M share — no entitlement structure |
|
No Third-Party Counterparty Risk |
✓ |
No unaffiliated intermediary between holder and underlying equity |
|
Regulatory Recordkeeping |
✓ |
Rules 17Ad-2 through 17Ad-13 compliance maintained by Empire Stock Transfer |
|
1:1 Attestation Oracle |
✓ |
Cryptographic attestation published every Solana slot (~400ms) confirming 1:1 ratio |
|
SEC Release No. 33-11412 — March 17, 2026 SEC Release No. 33-11412 (March 17, 2026) provides updated guidance on Digital Securities that OTCM Protocol's architecture satisfies. The platform's design — particularly the 42-control Transfer Hook enforcement, the Category 1 Model B Master Securityholder File architecture, and Empire Stock Transfer's role as SEC-registered custodian — was built in alignment with the regulatory direction the Commission subsequently formalized in Release No. 33-11412. |
10.3 Regulation D Rule 506(c) — Primary Offering Compliance
All ST22 primary offerings — the capital raise phase in which investors purchase newly issued ST22 tokens directly from the issuer — are conducted under Regulation D Rule 506(c) (for U.S. investors) or Regulation S (for non-U.S. investors). Rule 506(c) permits general solicitation and advertising of securities offerings provided that all purchasers are verified accredited investors and the issuer takes reasonable steps to confirm that status.
10.3.1 Rule 506(c) Requirements and Platform Satisfaction
|
Rule 506(c) Requirement |
Platform Satisfaction |
|
General solicitation permitted |
OTCM Protocol's Predictive Marketing AI Module (Layer 9) conducts general solicitation within Rule 506(c) parameters |
|
All purchasers are accredited investors |
Empire Stock Transfer verifies all investors before token delivery — verified accreditation record required |
|
Reasonable steps to verify accreditation |
Empire performs documented verification: third-party professional attestation or supporting documentation review |
|
Form D filing within 15 days of first sale |
Form D filed by issuer (coordinated by JDT Legal) as part of Stage 4 of the nine-stage onboarding workflow |
|
No integration with other offerings |
Each ST22 issuance is a standalone offering with its own Form D, CUSIP, and Series M designation |
|
No resale restriction on accredited investors |
Rule 144 6-month holding period enforced on-chain by Transfer Hook Control 24 — allows secondary sale after hold |
10.3.2 Fee Structure — Regulation D Offering Phase
OTCM Protocol charges a 5% platform fee on the gross subscription amount of every primary offering transaction — applied at the point of investor purchase, before proceeds are remitted to the issuer. This fee structure applies across the entire lifecycle of ST22 transactions, including both the primary offering phase and all subsequent secondary market trading on CEDEX.
|
Transaction Phase |
Fee Rate |
Issuer Proceeds |
Platform Fee Allocation |
|
Primary offering (Reg D / Reg S) |
5% of gross subscription |
95% of gross subscription in USD |
0.44% permanently locked to Global Unified CEDEX Liquidity Pool; remainder to OTCM Protocol |
|
Secondary market (CEDEX) |
5% of trade value |
No issuer participation in secondary fees |
0.44% permanently locked to Global Unified CEDEX Liquidity Pool; remainder to OTCM Protocol |
|
Fee Structure — V7 Authoritative Model OTCM Protocol charges a 5% transaction fee on ALL ST22 transactions — both pre-CEDEX primary offering purchases and post-CEDEX secondary market trades. Issuers receive 95% of primary raise proceeds in USD. Issuers receive no share of secondary market trading fees. The 0.44% permanent lock to the Global Unified CEDEX Liquidity Pool applies on every transaction in both phases. This is the authoritative fee model as of V7.0. |
10.4 Regulation S — Non-U.S. Investor Framework
Regulation S (17 CFR §§230.901–905) provides a safe harbor from Securities Act registration requirements for offers and sales of securities to non-U.S. persons in offshore transactions. OTCM Protocol implements Regulation S alongside Rule 506(c) to enable global investor participation in ST22 primary offerings while maintaining full compliance.
10.4.1 Regulation S Requirements
|
Reg S Element |
Requirement |
Platform Implementation |
|
Offshore transaction |
Offer and sale must occur outside the United States |
Empire verifies non-U.S. person status; no directed selling efforts into U.S. markets |
|
No directed selling efforts |
No conditioning of the U.S. market for the securities |
AI Module (Layer 9) enforces Rule 506(c) targeting for U.S. wallets; Reg S outreach targets non-U.S. wallets only |
|
Non-U.S. person certification |
Investor certifies non-U.S. person status under Rule 902(k) |
Empire Stock Transfer KYC includes IP geolocation and document verification of residency |
|
12-month distribution compliance period |
Non-U.S. investors may not offer or sell to U.S. persons for 12 months |
Transfer Hook Control 24 enforces 12-month lock on Reg S investor wallets — Error 6024 on premature transfer |
|
Restrictive legend |
Securities must bear restrictive legend during compliance period |
ST22 token metadata includes Reg S restriction flag readable by CEDEX matching engine |
|
Flowback restriction |
Prevents immediate resale into U.S. markets |
Transfer Hook Control 18 screens Reg S transfers against U.S.-person buyer wallets during compliance period |
10.5 Transfer Hook Compliance Architecture
The 42 SPL Token-2022 Transfer Hook controls described in Section 3 are the operational mechanism through which all regulatory requirements are enforced on every ST22 transaction. This section maps the regulatory obligations to the specific controls that satisfy them.
10.5.1 Regulatory-to-Control Mapping
|
Regulatory Requirement |
Satisfied By |
Control Numbers |
|
Accredited investor verification — Reg D 506(c) |
Empire whitelist verification on every transfer |
Controls 1–5 (KYC/AML status) |
|
Rule 144 6-month holding period — U.S. investors |
On-chain holding period enforcement |
Control 24 (HoldingPeriodAccount) |
|
Reg S 12-month distribution compliance — non-U.S. |
On-chain Reg S period enforcement |
Control 24 (Reg S flag variant) |
|
OFAC SDN screening — all transfers |
Real-time SDN check on every transfer |
Controls 8–10 (OFAC / sanctions) |
|
AML transaction monitoring — BSA |
Risk scoring on every transfer event |
Controls 11–15 (AML risk) |
|
Wallet whitelist — Empire-verified only |
Wallet authorization gate on every transfer |
Control 15 (wallet registry) |
|
Wallet concentration limits |
Maximum holding enforcement |
Controls 16–20 (concentration) |
|
Circuit breakers — market manipulation |
Velocity and volume controls |
Controls 21–26 (circuit breakers) |
|
1:1 custody attestation — Model B |
Oracle attestation on every slot |
Controls 27–30 (custody oracle) |
|
Regulatory freeze — Control 42 |
CLO authorization + 3-of-5 multi-sig |
Control 42 (regulatory compliance freeze) |
10.5.2 Immutability of Transfer Hook Controls
All 42 Transfer Hook controls are immutable — they cannot be altered, suspended, or bypassed by any party, including OTCM Protocol itself. This immutability is a regulatory design choice: it means that platform operators cannot be pressured, compromised, or incentivized to weaken investor protections. The controls are deployed as a fixed program; governance authority extends only to adjustable operating parameters within hard-coded bounds, never to the existence or logic of the controls themselves.
10.6 Bank Secrecy Act and AML Compliance
OTCM Protocol and Empire Stock Transfer operate an Anti-Money Laundering compliance program consistent with the Bank Secrecy Act (31 U.S.C. §5311 et seq.) and FinCEN regulations at 31 CFR Part 1010. The program operates at three layers: investor onboarding screening by Empire Stock Transfer, continuous transaction monitoring through Transfer Hook AML controls, and platform-level analytics through Chainalysis KYT and TRM Labs integrations.
10.6.1 BSA / AML Program Elements
|
BSA/AML Program Element |
Implementation |
Regulatory Basis |
|
Customer Identification Program (CIP) |
Empire Stock Transfer performs four-pillar identity verification at onboarding for all investors |
31 CFR §1020.220 |
|
Beneficial Ownership |
KYB verification by Empire for all entity investors — UBO identification at ≥25% threshold |
31 CFR §1010.230 |
|
Ongoing Transaction Monitoring |
Transfer Hook Controls 11–15 screen every transaction; 200+ features analyzed by Chainalysis/TRM Labs |
31 CFR §1010.210 |
|
Suspicious Activity Reporting |
Empire files SARs with FinCEN for transactions of $5,000+ meeting BSA SAR criteria |
31 CFR §1010.320 |
|
Currency Transaction Reports |
Fiat on-ramp transactions of $10,000+ trigger CTR filing requirements |
31 CFR §1010.311 |
|
Recordkeeping |
Empire maintains all KYC/KYB/AML records per BSA retention requirements (5 years) |
31 CFR §1010.410 |
|
Independent Testing |
Annual compliance audit of AML program effectiveness |
31 CFR §1010.210(b) |
10.7 OFAC Sanctions Compliance
OTCM Protocol maintains a sanctions compliance program consistent with regulations administered by the U.S. Treasury Office of Foreign Assets Control (OFAC). Sanctions compliance is enforced at three independent checkpoints: Empire Stock Transfer onboarding screening, Transfer Hook real-time screening on every transaction, and the platform's AI Module pre-outreach wallet screening.
|
Sanctions Program |
CFR Reference |
Enforcement Mechanism |
|
Iran — Iranian Transactions & Sanctions Regulations |
31 CFR Part 560 |
Investor prohibited at onboarding; Transfer Hook Controls 8–10 block on every transfer |
|
North Korea — North Korea Sanctions Regulations |
31 CFR Part 510 |
Same as above |
|
Syria — Syrian Sanctions Regulations |
31 CFR Part 542 |
Same as above |
|
Cuba — Cuban Assets Control Regulations |
31 CFR Part 515 |
Same as above |
|
Crimea — Ukraine-Related Sanctions (SSIDES) |
31 CFR Part 589 |
Same as above |
|
SDN List — All Programs |
50 Fed. Reg. 5342 |
Three-layer wallet matching: exact address + fuzzy name + 2-hop clustering |
|
Continuous OFAC Re-Screening OFAC screening is not a one-time onboarding event. Transfer Hook Controls 8–10 re-screen every wallet on every ST22 transfer against the current SDN list. An investor who cleared OFAC at onboarding but is subsequently added to the SDN list is blocked automatically on their next transfer attempt — with no administrative action required by OTCM Protocol or Empire Stock Transfer. The Transfer Hook returns Error 6008 (SanctionsMatch) and the transaction reverts. |
10.8 Wyoming State Law Framework
Groovy Company, Inc. dba OTCM Protocol is incorporated in Wyoming under the Wyoming Business Corporation Act (W.S. 17-16-101 et seq.). Wyoming was selected as the jurisdiction of incorporation for three structural reasons: statutory recognition of digital assets as property, a comprehensive Digital Asset Statute providing legal certainty for tokenized securities operations, and a corporate law framework that accommodates the dual-layer securities structure (Series M preferred shares + ST22 tokens on Solana).
10.8.1 Wyoming Digital Asset Statute
Wyoming's Digital Asset Statute (W.S. 34-29-101 et seq.) provides legal recognition of digital asset transfers and ownership, property law protection equivalent to traditional assets, and regulatory clarity for digital asset businesses. For OTCM Protocol, the statute's most operationally significant provision is the recognition of digital asset transfers as legally effective transfers of the underlying property rights — supporting the Model B architecture by ensuring that an ST22 token transfer on Solana constitutes a legally effective transfer notification to Empire Stock Transfer under Wyoming law.
10.8.2 Series M Preferred Share Structure
Each ST22 issuance requires the issuing company to authorize a new series of preferred shares — Series M — through a Certificate of Designation filed with the Wyoming Secretary of State. The Certificate of Designation specifies: the number of authorized Series M shares, the non-voting and non-dividend characteristics, the irrevocable custody requirement with Empire Stock Transfer, the 1:1 tokenization ratio, and the protective conversion mechanism that converts Series M shares to common shares upon a mandatory redemption event if the issuer ceases platform participation.
10.9 UCC Article 8 Transfer Compliance
The SEC's January 28, 2026 Joint Staff Statement (footnote 5) assumes that transfers of crypto assets representing tokenized securities comply with Article 8 of the Uniform Commercial Code, including effective indorsement, instruction, or entitlement order as applicable. OTCM Protocol's Transfer Hook mechanism is designed to satisfy these requirements.
Each ST22 transfer on CEDEX triggers a programmatic instruction to Empire Stock Transfer to update the Master Securityholder File, constituting an effective entitlement order under UCC §8-102(a)(8). The Transfer Hook's 42 controls — including KYC/AML verification, wallet concentration limits, and circuit breakers — operate as programmatic conditions precedent that must be satisfied before the transfer instruction is effective, ensuring that only lawful and compliant transfers are recorded in the securityholder file.
|
UCC §8-102(a)(8) Effective Entitlement Order The Transfer Hook architecture produces a legally effective entitlement order under UCC Article 8 on every ST22 transfer: (1) the 42 controls validate that the transfer is legally permissible; (2) upon successful validation, the on-chain transfer executes; (3) the custody oracle simultaneously notifies Empire Stock Transfer's systems to update the off-chain Master Securityholder File; (4) Empire's update constitutes the official transfer of record. This four-step sequence satisfies the UCC Article 8 requirements that the SEC's guidance contemplates for Model B notification layer architectures. |
10.10 CEDEX Trading Venue — Regulatory Considerations
CEDEX, OTCM Protocol's proprietary Centralized-Decentralized Exchange, operates as the exclusive secondary market venue for ST22 Digital Securities trading. The appropriate regulatory classification of CEDEX as a trading venue is under active evaluation by OTCM Protocol's Chief Legal Officer, Jeff Turner (JDT Legal). The company is engaged with the SEC's Division of Trading and Markets and the Crypto Task Force to determine the appropriate registration pathway.
10.10.1 ATS Evaluation
CEDEX may qualify as an Alternative Trading System (ATS) under Regulation ATS (17 CFR Part 242), which requires registration as a broker-dealer and filing with the SEC. OTCM Protocol's CLO is evaluating the ATS pathway, including potential operation under a broker-dealer partnership. Until regulatory classification is finalized, CEDEX operates within the existing compliance framework, and the 42 Transfer Hook controls enforce compliance requirements that exceed those of traditional trading venues.
|
CEDEX Regulatory Classification — Pending OTCM Protocol will engage with the SEC Crypto Task Force to confirm the appropriate regulatory classification for CEDEX prior to full secondary market launch. The platform has been designed to accommodate any resulting registration requirement without architectural changes — the compliance infrastructure exceeds ATS requirements. Institutional participants and issuers should note that secondary market trading will not open until CLO Jeff Turner has confirmed the regulatory status of CEDEX with the SEC. |
10.11 Compliance Governance — Officers and Responsibilities
|
Officer |
Role |
Compliance Responsibilities |
|
Jeff Turner |
Chief Legal Officer, JDT Legal |
SEC filings (Form D, EDGAR), regulatory submissions to SEC Crypto Task Force, CEDEX ATS classification, Transfer Hook legal review, blue sky filings, CLO authorization for Control 42 regulatory freeze |
|
Patrick Mokros |
COO · President of Empire Stock Transfer |
Investor onboarding authority (KYC/KYB/AML/OFAC/Wallet Verification), Master Securityholder File maintenance, SAR filings with FinCEN, BSA recordkeeping, custodian compliance |
|
Frank Yglesias |
CTO |
Transfer Hook immutable parameter oversight, AI model governance (CTO sign-off on new model promotion), smart contract upgrade governance (5-of-9 multi-sig), annual technical security audit |
|
Berj Abajian |
CEO |
Board-level regulatory strategy, SEC Crypto Task Force engagement, Wyoming corporate law compliance, issuer relationship management |
10.12 Annual Compliance Audit Framework
OTCM Protocol maintains an annual compliance audit cycle covering all regulatory programs. The audit program is administered by the CLO and is independent of routine operational compliance monitoring.
|
Audit Domain |
Scope |
Frequency |
Responsible Party |
|
AML / BSA Program |
CIP effectiveness, SAR filing completeness, transaction monitoring coverage |
Annual + event-triggered |
Empire Stock Transfer + external auditor |
|
Transfer Hook Controls |
Verification that all 42 controls remain deployed, unmodified, and functioning as specified |
Annual + post-upgrade |
CTO (Frank Yglesias) + independent security firm |
|
1:1 Attestation Oracle |
Verification that on-chain token supply equals Series M shares in Empire custody |
Continuous (per Solana slot) + annual audit |
Empire Stock Transfer + Chainalysis |
|
Accreditation Records |
Sample review of investor accreditation documentation for Rule 506(c) compliance |
Annual |
Empire Stock Transfer + CLO |
|
OFAC Screening |
Retroactive screening of investor wallet universe against updated SDN list |
Annual + on SDN list updates |
Transfer Hook Controls 8–10 (automated) |
|
AI Model Governance |
Drift detection, retraining compliance, governance gate documentation |
Quarterly (drift) + annual (full audit) |
CTO sign-off |
|
Penetration Testing |
Web portal, API layer, wallet application security |
Quarterly |
Third-party security firm |
10.13 Regulatory Citation Reference
|
Regulation / Authority |
Citation |
Applicability to OTCM Protocol |
|
SEC Joint Staff Statement on Tokenized Securities |
January 28, 2026 — Div. Corp. Fin., Div. Inv. Mgmt., Div. Trading & Markets |
Category 1 Model B classification; technology-neutral principle; UCC Article 8 assumption |
|
SEC Release No. 33-11412 |
March 17, 2026 |
Digital Securities guidance — platform architecture satisfies all stated requirements |
|
Regulation D Rule 506(c) |
17 CFR §230.506(c) |
Primary offering framework for all ST22 issuances to U.S. accredited investors |
|
Regulation S Rules 901–905 |
17 CFR §§230.901–905 |
Offshore offering framework for non-U.S. investor participation |
|
Securities Act of 1933 |
15 U.S.C. §77a et seq. |
ST22 tokens are securities subject to full Securities Act obligations |
|
Securities Exchange Act of 1934 |
15 U.S.C. §78a et seq. |
Transfer agent registration (Section 17A); ongoing Exchange Act obligations |
|
Bank Secrecy Act |
31 U.S.C. §5311 et seq.; 31 CFR Part 1010 |
CIP, AML program, SAR and CTR filing obligations |
|
OFAC Sanctions Programs |
31 CFR Parts 510, 515, 542, 560, 589 |
Prohibited jurisdiction and SDN list enforcement |
|
Wyoming Business Corporation Act |
W.S. 17-16-101 et seq. |
Corporate formation and governance law |
|
Wyoming Digital Asset Statute |
W.S. 34-29-101 et seq. |
State-law recognition of digital asset transfers and property rights |
|
UCC Article 8 |
Uniform Commercial Code §8-102 |
Effective entitlement order framework for token transfer notification architecture |
|
Rule 144 |
17 CFR §230.144 |
Resale restriction (6-month holding period) enforced by Transfer Hook Control 24 |
|
Form D |
17 CFR §239.500 |
Filed within 15 days of first sale for each ST22 Reg D issuance |
|
Groovy Company, Inc. dba OTCM Protocol | CIK: 1499275 | Version 7.0 | March 2026 | Confidential |