Section 11: Regulatory Compliance Framework
π’ The compliance gateway through which issuers onboard, investors verify eligibility, and all KYC/AML requirements are enforced before any ST22 token interaction.
β οΈ 9.1 Institutional Purpose & Problem Statement
Prior to OTCM Protocol development, companies seeking to issue tokenized securities confronted a prohibitive compliance burden that effectively excluded smaller and mid-tier issuers from the digital securities market. The complexity, cost, and specialized expertise required created an insurmountable barrier for companies lacking substantial legal and compliance infrastructure.
πΉ 9.1.1 The Traditional Compliance Burden
Companies attempting independent securities tokenization must establish and maintain comprehensive regulatory infrastructure across six critical domains:
KYC/AML Infrastructure: Build or license identity verification platforms with document authentication, biometric matching, and sanctions screening capabilitiesSecurities Counsel: Retain specialized securities law firms with digital asset expertise for offering documentation, regulatory filings, and ongoing compliance adviceTransfer Agent Services: Engage SEC-registered transfer agents for shareholder registry maintenance, custody verification, and regulatory reportingCustody Arrangements: Establish relationships with qualified custodians for physical certificate storage and digital asset custodyRegulatory Reporting: Hire compliance staff for SEC filings, Form D submissions, and ongoing disclosure requirementsTransaction Monitoring: License blockchain analytics platforms for AML screening, suspicious activity detection, and regulatory reporting
πΉ 9.1.2 Cost Analysis: Independent vs. OTCM Portal
The following analysis compares the annual cost of establishing independent compliance infrastructure versus utilizing the OTCM Issuers Portal:
OTCM PROTOCOL Comprehensive Technical Whitepaper β Version 7.0 ST22 Digital Securities Platform | |||
One-timeSection
SMT11:mintingRegulatoryfee;Complianceongoing compliance included in 5% transaction fee structure
π‘ Cost Reduction Impact
For a company raising $5M through tokenized securities, traditional compliance costs ($650K-$2.1M) could consume 13-42% of capital raised. OTCM Portal reduces this to 0.02-0.5%, making tokenization economically viable for mid-market issuers.
πΉ 9.1.3 OTCM Solution Architecture
OTCM Protocol eliminatesis issuerdesigned from the ground up to operate within the full weight of U.S. securities law. The platform does not seek regulatory burdenexemptions from investor protection requirements β it automates those requirements with mathematical precision across every layer of the architecture. This section documents the complete regulatory framework to which the platform is subject and demonstrates how each applicable requirement is satisfied.
11.1 Regulatory Foundation and Philosophy
OTCM Protocol's foundational regulatory principle is that tokenization is a delivery mechanism for securities β not a transformation of their legal character. The SEC's technology-neutral principle, affirmed in the January 28, 2026 Joint Staff Statement, states: "The format in which a security is issued or the methods by which holders are recorded does not affect application of the federal securities laws." OTCM Protocol applies this principle operationally: every ST22 Digital Security is a security under federal securities law, subject to the full Securities Act and Exchange Act regardless of its blockchain format.
This philosophy produces an architecture that the SEC's Category 1 Model B framework was designed to describe: issuer-authorized tokenization with an SEC-registered transfer agent maintaining the authoritative securityholder file, blockchain serving as the notification and enforcement layer, and all investor protection requirements enforced programmatically on every transaction through aTransfer purpose-builtHook Issuers Portal that consolidates all compliance, identity verification, transaction monitoring, and regulatory reporting functions under a single, standardized, institutional-grade framework:controls.
"Issuers utilize our portal rather than developing independent compliance infrastructure, achieving full regulatory compliance without requiring specialized securities law expertise or expensive external counsel."
πΉ 9.1.4 Portal Component Overview
// OTCM Issuers Portal Architecture Diagram
β---β
β OTCM ISSUERS PORTAL ARCHITECTURE β
β (Unified Compliance Gateway) β
β---β
β---β
β ISSUER ADMINISTRATION DASHBOARD β
β β---β β---β β---β β---β β
β β Company β β Token β β Investor β β Compliance β β
β β Profile β β Analytics β β Registry β β Dashboard β β
β β---β β---β β---β β---β β
β---β
β
β---βΌ---β
β β β
βΌ βΌ βΌ
β---β β---β β---β
β KYC MODULE β β ACCREDITATION β β AML/SCREENING β
β β β MODULE β β MODULE β
β β’ ID Verificationβ β β’ 506(c) Verify β β β’ Risk Scoring β
β β’ Biometrics β β β’ Self-Cert β β β’ OFAC Check β
β β’ Doc Auth β β β’ Third-Party β β β’ SAR Filing β
β β’ Address Proof β β β’ Reg A+ Limits β β β’ Tx Monitoring β
β β’ Source of Fundsβ β β’ Expiration Mgmtβ β β’ Account Freeze β
β---β¬---β β---β¬---β β---β¬---β
β β β
β---βΌ---β
β
βΌ
β---β
β THIRD-PARTY INTEGRATION LAYER β
β β---β β---β β---β β---β β---β β
β β Jumio β β Onfido β β Socure β βChainalysisβ β TRM Labs β β
β β (ID) β β (Docs) β β (Fraud) β β (AML) β β (Forensics) β β
β β---β β---β β---β β---β β---β β
β---β
β
βΌ
β---β
β ON-CHAIN COMPLIANCE RECORD LAYER β
β (Immutable Audit Trail on Solana Blockchain) β
β---β
β
β---βΌ---β
β β β
βΌ βΌ βΌ
β---β β---β β---β
β Empire Stock β β SEC EDGAR β β FinCEN BSA β
β Transfer β β Filings β β E-Filing β
β (Custody) β β (Form D, etc)β β (SAR, CTR) β
β---β β---β β---βπΉ 9.1.5 Issuer Onboarding Workflow
The Portal implements a structured onboarding workflow for new issuers:
OTCM | Protocol |||
πͺͺ11.2 9. SEC Category 1 Model B Classification
11.2.1 The January 28, 2026 Joint Staff Statement
On January 28, 2026, the SEC's Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets issued a joint statement on tokenized securities establishing a two-category taxonomy for the regulatory treatment of blockchain-based representations of securities. Category 1 (Issuer-Sponsored) covers tokenization occurring by or on behalf of the issuing company itself, with the issuer retaining control over the tokenization architecture and its SEC-registered transfer agent maintaining the authoritative ownership records. Category 2 Integrated(Third-Party KYCSponsored) Frameworkcovers tokenization by unaffiliated third parties.
The OTCM PortalProtocol's implementsST22 comprehensivearchitecture identityis verificationCategory pursuant1 in both structure and substance. Every tokenization on the platform requires explicit board authorization by the issuing company, formal Certificate of Designation filed with the Wyoming Secretary of State, irrevocable custody of underlying Series M preferred shares by Empire Stock Transfer, and CUSIP assignment. No third party can tokenize an issuer's securities on the platform without the issuer's formal corporate authorization.
11.2.2 Model B β Blockchain as Notification Layer
Within Category 1, the Joint Staff Statement distinguishes two sub-models. Under Model A, the blockchain constitutes or is directly integrated into the master securityholder file. Under Model B, the issuer issues the security off-chain and uses the blockchain as a notification layer: transfers of the token notify the issuer or its agent to federalrecord regulatorythe requirements,transfer ensuringon the off-chain master securityholder file.
OTCM Protocol operates under Model B. Empire Stock Transfer maintains the authoritative Master Securityholder File for all investorsSeries areM properlypreferred identifiedshares beforeunderlying participatingST22 intokens. securitiesThe offerings.
πΉblockchain 9.2.1and Regulatorythe Foundation
SPL πToken-2022 31Transfer CFRHook Β§infrastructure 1010serve βas Bankthe Secrecyoperational Actnotification KYClayer. RequirementsWhen an ST22 token transfer executes on CEDEX, the Transfer Hook validates all 42 security controls; upon successful validation, the transaction is recorded on-chain and simultaneously notifies Empire's systems to update the off-chain Master Securityholder File.
Financial institutions must establish Customer Identification Programs (CIP) that verify customer identity through documentary or non-documentary methods, including collection of name, date of birth, address, and identification number.
The Portal exceeds minimum BSA/AML requirements by implementing enhanced due diligence measures appropriate for securities offerings to accredited and qualified investors.
πΉ 9.2.2 Four-Pillar Identity Verification
The Portal requires four primary identity verification components before investment eligibility is confirmed:
// Four-Pillar KYC Verification Interface (TypeScript)interface KYCVerificationPillars {
/**
Pillar 1: Legal Name VerificationMatches user-provided name against government-issued ID
*/
legalName: {
firstName: string;
middleName?: string;
lastName: string;
suffix?: string;
verificationMethod: 'OCR_EXTRACTION' | 'MANUAL_REVIEW';
matchConfidence: number; // 0-100%
};
/**
Pillar 2: Residential Address VerificationConfirms current physical residence through official documents
*/
residentialAddress: {
street: string;
city: string;
state: string;
postalCode: string;
country: string;
verificationDocument: 'UTILITY_BILL' | 'BANK_STATEMENT' | 'GOVT_CORRESPONDENCE';
documentDate: Date; // Must be within 90 days
documentHash: string;
};
/**
Pillar 3: Beneficial Ownership ConfirmationIdentifies ultimate beneficial owner of investment funds
*/
beneficialOwnership: {
ownershipType: 'INDIVIDUAL' | 'JOINT' | 'CORPORATE' | 'TRUST' | 'IRA';
ultimateBeneficiary: string;
ownershipPercentage: number; // For entities
controlPerson?: boolean; // For entities
supportingDocuments: string[]; // Document hashes
};
/**
Pillar 4: Source of Funds DeclarationDocuments origin of investment capital
*/
sourceOfFunds: {
primarySource: 'EMPLOYMENT' | 'BUSINESS' | 'INVESTMENTS' | 'INHERITANCE' | 'OTHER';
description: string;
estimatedAmount: number;
supportingEvidence?: string; // Document hash if provided
riskLevel: 'LOW' | 'MEDIUM' | 'HIGH';
};
}
Category |
Status |
Notes |
Issuer Authorization |
β |
Board |
SEC-Registered |
β |
Empire |
DLT |
β |
Solana |
|
Direct Beneficial Ownership |
β |
ST22 token = 1:1 direct interest in underlying Series M share β no entitlement structure |
|
No Third-Party Counterparty Risk |
β |
No unaffiliated intermediary between holder and underlying equity |
|
Regulatory Recordkeeping |
β |
Rules 17Ad-2 through 17Ad-13 compliance maintained by Empire Stock Transfer |
|
1:1 Attestation Oracle |
β |
Cryptographic attestation published every Solana slot (~400ms) confirming 1:1 ratio |
πΉ 9.2.3 Document Authentication Pipeline
The Portal employs a multi-layer document authentication pipeline to prevent identity fraud and ensure document authenticity:
// Document Authentication Pipeline Interfaceinterface DocumentAuthenticationResult {
// Document ClassificationdocumentType: DocumentType;
issuingCountry: string;
documentNumber: string;
expirationDate: Date;
isExpired: boolean;
// Machine-Readable Zone (MRZ) ValidationmrzPresent: boolean;
mrzValid: boolean;
mrzChecksumPass: boolean;
mrzDataExtracted: {
surname: string;
givenNames: string;
nationality: string;
dateOfBirth: string;
documentNumber: string;
};
// Security Feature DetectionsecurityFeatures: {
hologramDetected: boolean;
uvFeaturesValid: boolean;
microTextPresent: boolean;
opticalVariableDevice: boolean;
laserPerforation: boolean;
};
// Tampering DetectiontamperingAnalysis: {
fontConsistency: number; // 0-100 score
edgeAnalysis: number; // 0-100 score
colorConsistency: number; // 0-100 score
compressionArtifacts: boolean; // JPEG artifact detection
digitalManipulation: boolean; // Photoshop detection
};
// OCR Data ExtractionextractedData: {
fullName: string;
dateOfBirth: Date;
address?: string;
documentNumber: string;
issuanceDate: Date;
expirationDate: Date;
};
// Final DeterminationoverallScore: number; // 0-100 composite score
status: 'APPROVED' | 'MANUAL_REVIEW' | 'REJECTED';
rejectionReasons?: string[];
}
enum DocumentType {
PASSPORT = 'PASSPORT',
DRIVERS_LICENSE = 'DRIVERS_LICENSE',
NATIONAL_ID = 'NATIONAL_ID',
RESIDENCE_PERMIT = 'RESIDENCE_PERMIT',
UTILITY_BILL = 'UTILITY_BILL',
BANK_STATEMENT = 'BANK_STATEMENT',
}
πΉ 9.2.4 Biometric Verification System
Liveness verification prevents identity fraud through real-time biometric analysis:
SEC Release No. 33-11412 (March 17, 2026) provides updated guidance on Digital Securities that OTCM Protocol's architecture satisfies. The platform's design β particularly the 42-control Transfer Hook enforcement, the Category 1 Model B Master Securityholder File architecture, and | β ||
πΉ 9.2.5 Third-Party Provider Integration
OTCM Portal integrates with industry-leading identity verification providers to ensure comprehensive coverage and redundancy:
πΉ 9.2.6 KYC Data Architecture
// KYC Verification Flow Implementation (TypeScript)
// Complete KYC Verification Flow Implementationasync function performKYCVerification(
investor: InvestorApplication
): Promise<KYCVerificationResult> {
// Step 1: Document Verification via Jumioconst docResult = await jumio.verifyDocument({
frontImage: investor.idFrontImage,
backImage: investor.idBackImage,
documentType: investor.documentType,
issuingCountry: investor.country,
});
if (!docResult.isAuthentic || docResult.overallScore < 80) {
return {
status: 'REJECTED',
reason: 'DOCUMENT_VERIFICATION_FAILED',
details: docResult.rejectionReasons,
};
}
// Step 2: Liveness Check with Active Challengesconst livenessResult = await jumio.performLivenessCheck({
selfieVideo: investor.selfieVideo,
challengeType: 'ACTIVE', // Blink, turn, smile
minimumFrames: 30,
});
if (!livenessResult.isLive || livenessResult.spoofScore > 20) {
return {
status: 'REJECTED',
reason: 'LIVENESS_CHECK_FAILED',
details: ['Potential spoofing detected'],
};
}
// Step 3: Facial Match (ID Photo vs Selfie)const matchResult = await jumio.compareFaces(
docResult.extractedPhoto,
livenessResult.capturedFace,
{ minimumConfidence: 85 }
);
if (matchResult.confidence < 85) {
// Queue for manual review if match is uncertainreturn {
status: 'MANUAL_REVIEW',
reason: 'FACIAL_MATCH_UNCERTAIN',
matchScore: matchResult.confidence,
};
}
// Step 4: Address Verificationconst addressResult = await verifyAddressDocument({
document: investor.addressProofDocument,
claimedAddress: investor.residentialAddress,
maxDocumentAge: 90, // Days
});
if (!addressResult.verified) {
return {
status: 'REJECTED',
reason: 'ADDRESS_VERIFICATION_FAILED',
details: [addressResult.failureReason],
};
}
// Step 5: PEP/Sanctions Screening via Socureconst screeningResult = await socure.screenIndividual({
name: docResult.extractedData.fullName,
dateOfBirth: docResult.extractedData.dateOfBirth,
nationality: docResult.mrzDataExtracted.nationality,
address: investor.residentialAddress,
});
if (screeningResult.pepMatch || screeningResult.sanctionsMatch) {
return {
status: 'REJECTED',
reason: screeningResult.sanctionsMatch ? 'SANCTIONS_MATCH' : 'PEP_MATCH',
details: screeningResult.matchDetails,
};
}
// Step 6: Record KYC Completion On-Chainconst onChainRecord = await recordKYCCompletion(investor.walletAddress, {
verificationDate: Date.now(),
documentHash: hash(docResult.documentData),
facialMatchScore: matchResult.confidence,
screeningHash: hash(screeningResult),
provider: 'JUMIO_SOCURE',
expirationDate: calculateKYCExpiration(docResult),
});
return {
status: 'APPROVED',
kycRecordId: onChainRecord.transactionSignature,
expirationDate: onChainRecord.expirationDate,
verificationDetails: {
documentScore: docResult.overallScore,
livenessScore: 100 - livenessResult.spoofScore,
facialMatchScore: matchResult.confidence,
},
};
}
πΉ 9.2.7 Verification Status Lifecycle
// KYC Status Lifecycleenum KYCStatus {
PENDING = 'PENDING', // Application submitted, not started
IN_PROGRESS = 'IN_PROGRESS', // Verification underway
MANUAL_REVIEW = 'MANUAL_REVIEW', // Requires human review
APPROVED = 'APPROVED', // KYC passed, eligible to invest
REJECTED = 'REJECTED', // KYC failed, not eligible
EXPIRED = 'EXPIRED', // KYC expired, re-verification needed
SUSPENDED = 'SUSPENDED', // Account suspended pending investigation
}
// Status Transition Rulesconst validTransitions: Record<KYCStatus, KYCStatus[]> = {
PENDING: ['IN_PROGRESS', 'REJECTED'],
IN_PROGRESS: ['APPROVED', 'REJECTED', 'MANUAL_REVIEW'],
MANUAL_REVIEW: ['APPROVED', 'REJECTED'],
APPROVED: ['EXPIRED', 'SUSPENDED'],
REJECTED: ['PENDING'], // Can reapply
EXPIRED: ['IN_PROGRESS'], // Re-verification
SUSPENDED: ['APPROVED', 'REJECTED'], // After investigation
};
π11.3 9.3 AccreditationRegulation StatusD DeterminationRule 506(c) β Primary Offering Compliance
TheAll OTCMST22 Portalprimary implementsofferings dual-pathwayβ accreditedthe investorcapital verificationraise pursuantphase toin SECwhich investors purchase newly issued ST22 tokens directly from the issuer β are conducted under Regulation D Rule 506(c) requirements,(for enablingU.S. bothinvestors) third-partyor professionalRegulation confirmationS and(for self-certificationnon-U.S. subject to audit review.
πΉ 9.3.1 Regulatory Requirements
π 17 CFR 230.506(c) β Accredited Investor Verification
In offerings conducted underinvestors). Rule 506(c), issuerspermits mustgeneral takesolicitation 'and advertising of securities offerings provided that all purchasers are verified accredited investors and the issuer takes reasonable steps to verify'confirm that status.
11.3.1 Rule 506(c) Requirements and Platform Satisfaction
|
Rule 506(c) Requirement |
Platform Satisfaction |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General solicitation permitted |
OTCM Protocol's Predictive Marketing AI Module (Layer 9) conducts general solicitation within Rule 506(c) parameters |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
All purchasers are accredited
|
Empire | record ||
Reasonable steps to verify accreditation |
Empire | |
Form D filing within 15 days of first sale |
Form | workflow
|
No integration with other offerings |
Each | |
No resale restriction on accredited investors |
Rule | after |
πΉ11.3.2 9.3.3 Third-PartyFee VerificationStructure Pathwayβ Regulation D Offering Phase
TheOTCM preferredProtocol verificationcharges pathwaya involves5% third-partyplatform professionalfee confirmationon fromthe qualifiedgross professionals:
//purchase, Third-Partybefore Verificationproceeds Interfaceinterfaceremitted ThirdPartyAccreditationVerificationto {the issuer. This fee structure applies across the entire lifecycle of ST22 transactions, including both the primary offering phase and all subsequent secondary market trading on CEDEX.
/**
Verification pathway utilizing third-party professionalsas permitted under 17 CFR 230.506(c)
*/
pathway: 'THIRD_PARTY';
// Verifier informationverifier: {
type: 'RIA' | 'CPA' | 'ATTORNEY' | 'BROKER_DEALER';
name: string;
licenseNumber: string;
licensingAuthority: string; // e.g., 'SEC', 'State Bar of California'
firmName: string;
firmAddress: string;
contactPhone: string;
contactEmail: string;
};
// Attestation detailsattestation: {
date: Date;
accreditationMethod: 'INCOME' | 'NET_WORTH' | 'PROFESSIONAL' | 'ENTITY';
verificationPeriod: { // Time period reviewed
start: Date;
end: Date;
};
documentsReviewed: string[]; // e.g., ['Tax Return 2023', 'Tax Return 2024']
attestationStatement: string;
};
// Document evidenceattestationLetter: {
documentHash: string; // SHA-256 hash
uploadTimestamp: Date;
fileSize: number;
mimeType: 'application/pdf';
};
// Verification statusstatus: 'PENDING' | 'VERIFIED' | 'REJECTED';
expirationDate: Date; // Typically 90 days from verification
// On-chain recordonChainRecord: {
transactionSignature: string;
blockHeight: number;
recordTimestamp: Date;
};
}
Acceptable third-party verifiers include:
Registered Investment Advisers (RIAs): SEC or state-registered investment advisers with fiduciary dutyCertified Public Accountants (CPAs): Licensed accounting professionals in good standingSecurities Attorneys: Attorneys in good standing specializing in securities lawFINRA-Registered Broker-Dealers: Broker-dealer firms registered with FINRA
πΉ 9.3.4 Self-Certification Pathway
For investors unable to obtain third-party verification, the Portal enables self-certification subject to enhanced review and audit procedures:
// Self-Certification Interfaceinterface SelfCertificationAccreditation {
/**
Self-certification pathway with enhanced scrutinySubject to audit review confirming consistency
*/
pathway: 'SELF_CERTIFICATION';
// Certification detailscertification: {
date: Date;
method: 'INCOME' | 'NET_WORTH' | 'PROFESSIONAL';
selfDeclaredValues: {
// For income methodannualIncome?: {
year1: number;
year2: number;
expectedCurrent: number;
};
// For net worth methodnetWorth?: {
totalAssets: number;
totalLiabilities: number;
primaryResidenceValue: number; // Excluded
netWorthExcludingResidence: number;
};
};
};
// Required supporting documentssupportingDocuments: {
required: [
'BANK_STATEMENTS_3_MONTHS',
'BROKERAGE_STATEMENTS_3_MONTHS',
];
optional: [
'TAX_RETURNS_2_YEARS', // Strongly recommended
'PROPERTY_VALUATIONS', // If net worth claim
'BUSINESS_FINANCIALS', // If business income
];
uploadedDocuments: {
documentType: string;
documentHash: string;
uploadTimestamp: Date;
}[];
};
// Consistency validation (ML-powered)consistencyAnalysis: {
liquidAssetsDetected: number; // From bank/brokerage statements
incomePatternDetected: number; // From deposit patterns
consistentWithClaim: boolean;
confidenceScore: number; // 0-100
flags: string[]; // Any inconsistencies
};
// Audit risk assessmentauditRisk: {
priority: 'LOW' | 'MEDIUM' | 'HIGH';
factors: string[];
nextAuditDate?: Date;
};
// Legal acknowledgmentsacknowledgments: {
perjuryWarning: boolean; // 'I understand false statements may result in...'
rescissionRisk: boolean; // 'I understand investment may be rescinded if...'
auditConsent: boolean; // 'I consent to audit of accreditation status...'
signatureTimestamp: Date;
signatureHash: string;
};
}
β οΈ Audit Risk
Self-certified investors are subject to random audit review. Inconsistencies between self-certified status and demonstrated liquid assets trigger manual compliance review and potential investment rescission. False certification constitutes securities fraud.
πΉ 9.3.5 Non-Accredited Investor Pathways
For investors unable to satisfy accreditation requirements, the Portal enables participation through Regulation A+ Tier 2 offerings:
π 15 U.S.C. Section 77b(b) and 17 CFR Section 230.251
Regulation A+ Tier 2 permits offerings up to $75,000,000 annually to both accredited and non-accredited investors, subject to investment limits for non-accredited investors.
Transaction Phase |
Fee Rate |
Issuer |
Platform Fee Allocation |
Primary offering (Reg D / Reg S) |
5% of |
95% |
0.44% permanently locked to Global Unified CEDEX Liquidity Pool; remainder to OTCM Protocol |
Secondary |
5% of trade value |
No |
0.44% permanently locked to Global Unified CEDEX Liquidity Pool; remainder to OTCM Protocol |
πΉ 9.3.6 Accreditation Expiration & Renewal
Accreditation status is not permanent and requires periodic renewal:
Standard Expiration: 90 days from date of third-party verificationSelf-Certification: 90 days, subject to earlier audit-triggered reviewProfessional Certification: Valid while license remains in good standing (verified monthly via FINRA BrokerCheck)Renewal Process: Same verification requirements as initial accreditation; prior accreditation does not expedite process
π 9.4 Automated AML Screening
The OTCM Portal integrates with blockchain analytics providers to implement comprehensive anti-money laundering screening, analyzing 200+ transaction features to identify suspicious activity patterns and ensure compliance with Bank Secrecy Act requirements.
πΉ 9.4.1 200+ Feature Risk Analysis
The AML screening system analyzes over 200 distinct features across six primary categories:
OTCM Protocol charges a 5% transaction fee on ALL ST22 transactions β both pre-CEDEX primary offering purchases and post-CEDEX secondary market trades. Issuers receive 95% of | ||
11.4 Regulation S β Non-U.S. Investor Framework
Regulation S (17 CFR §§230.901β905) provides a safe harbor from Securities Act registration requirements for offers and sales of securities to non-U.S. persons in offshore transactions. OTCM Protocol implements Regulation S alongside Rule 506(c) to enable global investor participation in ST22 primary offerings while maintaining full compliance.
πΉ11.4.1 9.4.2 RiskRegulation ScoringS ModelRequirements
Each investor and transaction receives a composite risk score based on weighted feature analysis:
// AML Risk Scoring Modelinterface AMLRiskAssessment {
// Composite risk score (0-100)overallRiskScore: number;
// Category-level scorescategoryScores: {
walletClustering: number; // 0-100, weight: 25%
temporalPatterns: number; // 0-100, weight: 15%
volumeAnalysis: number; // 0-100, weight: 15%
mixingExposure: number; // 0-100, weight: 20%
exchangePatterns: number; // 0-100, weight: 10%
criminalDatabase: number; // 0-100, weight: 15%
};
// Risk classificationriskTier: 'LOW' | 'MEDIUM' | 'HIGH' | 'SEVERE';
// Specific flags triggeredtriggeredFlags: {
flag: string;
severity: 'INFO' | 'WARNING' | 'CRITICAL';
description: string;
evidence: string[];
}[];
// Recommended actionrecommendedAction: 'AUTO_APPROVE' | 'ENHANCED_REVIEW' | 'MANUAL_REVIEW' | 'AUTO_REJECT' | 'SAR_REQUIRED';
}
// Risk Tier Thresholdsconst RISK_THRESHOLDS = {
LOW: { min: 0, max: 30, action: 'AUTO_APPROVE' },
MEDIUM: { min: 31, max: 50, action: 'ENHANCED_REVIEW' },
HIGH: { min: 51, max: 70, action: 'MANUAL_REVIEW' },
SEVERE: { min: 71, max: 100, action: 'AUTO_REJECT' },
};
Reg S Element |
Requirement |
Platform Implementation |
|
Offshore transaction |
Offer and sale must occur outside the United States |
||
πΉ 9.4.3 Real-Time Transaction Monitoring
TheEmpire Portal implements real-time monitoring of all investor transactions post-issuance:
// Transaction Monitoring Configurationinterface TransactionMonitoringConfig {
// Real-time triggers (per-transaction)realTimeRules: {
// Large transaction alertlargeTransactionThreshold: number; // $10,000 USD equivalent
// Rapid succession detectionrapidSuccession: {
transactionCount: number; // 3+ transactions
timeWindowMinutes: number; // within 10 minutes
};
// Structuring detectionstructuringDetection: {
targetThreshold: number; // $10,000 (CTR threshold)
toleranceRange: { min: number; max: number }; // $9,000 - $9,999
transactionCount: number; // 2+ transactions in range
timeWindowHours: number; // within 24 hours
};
// Round number detectionroundNumberAlert: {
enabled: boolean;
threshold: number; // e.g., $5,000+
consecutiveCount: number; // 3+ round amounts
};
};
// Batch analysis (daily)batchRules: {
velocityAnalysis: boolean; // Transaction frequency vs baseline
peerGroupComparison: boolean; // Deviation from similar investors
geographicAnomalies: boolean; // Unusual IP/location patterns
networkAnalysis: boolean; // New connections to flagged wallets
behaviorProfiling: boolean; // Deviation from established pattern
};
}
πΉ 9.4.4 Suspicious Activity Detection
The system identifies suspicious activity patterns that may indicate money laundering, fraud, or sanctions evasion:
Structuring: Breaking transactions into smaller amounts to avoid reporting thresholdsLayering: Rapid movement of funds through multiple addresses to obscure originVelocity Anomalies: Sudden increase in transaction frequency or volumeGeographic Inconsistencies: Transactions from unusual locations or VPN usageCoordinated Activity: Multiple accounts acting in concertCriminal Exposure: Transactions with addresses associated with known criminal activity
πΉ 9.4.5 SAR Filing Automation
When suspicious activity is detected, the Portal automates Suspicious Activity Report filing with FinCEN:
π 31 CFR Β§ 1010.320 β SAR Filing Requirements
Financial institutions must file SARs for transactions involving $5,000 or more if the institution knows, suspects, or has reason to suspect the transaction involves funds derived from illegal activity, is designed to evade reporting requirements, or has no lawful purpose.
// SAR Filing Automationasync function evaluateSARRequirement(
investor: Investor,
suspiciousActivity: SuspiciousActivityDetection
): Promise<SARFilingResult> {
// Evaluate SAR filing criteriaconst sarCriteria = {
amountThreshold: suspiciousActivity.totalAmount >= 5000,
suspiciousPattern: suspiciousActivity.patternConfidence >= 70,
criminalExposure: suspiciousActivity.criminalExposure > 0,
structuringDetected: suspiciousActivity.structuringScore >= 50,
sanctionsRisk: suspiciousActivity.sanctionsRisk > 0,
};
const requiresSAR = Object.values(sarCriteria).some(c => c === true);
if (requiresSAR) {
// Build SAR reportconst sarReport: SARReport = {
filingInstitution: {
name: 'OTCM Protocol, Inc.',
ein: 'XX-XXXXXXX',
address: '...',
},
subjectInformation: {
name: investor.legalName,
address: investor.residentialAddress,
identificationNumber: investor.kycDocumentNumber,
walletAddresses: investor.associatedWallets,
},
suspiciousActivity: {
dateRange: suspiciousActivity.dateRange,
totalAmount: suspiciousActivity.totalAmount,
activityType: suspiciousActivity.activityTypes,
narrative: generateSARNarrative(suspiciousActivity),
},
transactionDetails: suspiciousActivity.transactions,
};
// Submit to FinCEN BSA E-Filingconst filingResult = await fincenAPI.submitSAR(sarReport);
// Record SAR filing on-chain (hash only, not content)await recordSARFiling(investor.walletAddress, {
filingDate: Date.now(),
bsaId: filingResult.bsaId,
reportHash: hash(sarReport),
// Note: SAR content is confidential and not stored on-chain});
return {
filed: true,
bsaId: filingResult.bsaId,
filingDate: new Date(),
};
}
return { filed: false, reason: 'SAR criteria not met' };
}
πΉ 9.4.6 Account Freezing Procedures
When high-risk activity is detected, accounts may be frozen pending investigation:
π 9.5 Global Investor Eligibility
The OTCM Portal accommodates global investor participation while implementing jurisdiction-based restrictions to ensure compliance with US sanctions laws and international AML standards.
πΉ 9.5.1 Regulation S Framework
The Portal enablesverifies non-USU.S. nationalperson investor participation through the Regulation S framework:
π 17 CFR Section 230.903 β Regulation S Offshore Transactions
Permits securities offerings to foreign persons in offshore transactions without SEC registration, provided (1)status; no directed selling efforts ininto theU.S. United States, (2) the issuer reasonably believes all offerees are outside the United States, and (3) appropriate offering restrictions are implemented.markets
// Regulation S Compliance Interfaceinterface RegulationSCompliance {
// Offshore transaction requirementsofferingLocation: 'OFFSHORE'; // Must be outside United States
buyerLocation: string; // Non-US jurisdiction
sellerLocation: string; // Any jurisdiction
// No directed selling effortsdirectedSellingEfforts:No {conditioning of the U.S. market for the securities
usMediaAdvertising:
usDirectedWebsite:AI false;Module //(Layer No9) enforces Rule 506(c) targeting for U.S. wallets; Reg S outreach targets non-U.S. wallets only
Non-U.S. person certification
Investor certifies non-U.S. person status under Rule 902(k)
Empire Stock Transfer KYC includes IP geolocation and document verification of US IPsresidency
usRoadshows:
usBrokerEngagement: false; // No US broker solicitation
};
// Buyer certification requirementsbuyerCertification: {
nonUSPersonCertification: boolean; // Required
residencyVerification: {
method: 'DOCUMENT' | 'IP_GEOLOCATION' | 'BOTH';
verificationDate: Date;
documentType?: string;
ipCountry?: string;
};
};
// Distribution compliance (Category 3 - Equity)distributionCompliance: {
restrictionPeriod: 40; // 40-day12-month distribution compliance period
flowbackRestriction:Non-U.S. boolean;investors //may not offer or sell to U.S. persons for 12 months
Transfer Hook Control 24 enforces 12-month lock on Reg S investor wallets β Error 6024 on premature transfer
Restrictive legend
Securities must bear restrictive legend during compliance period
ST22 token metadata includes Reg S restriction flag readable by CEDEX matching engine
Flowback restriction
Prevents immediate USresale resaleinto U.S. markets
Transfer Hook Control 18 screens Reg S transfers against U.S.-person buyer wallets during compliance period
11.5 Transfer Hook Compliance Architecture
The 42 SPL Token-2022 Transfer Hook controls described in Section 3 are the operational mechanism through which all regulatory requirements are enforced on every ST22 transaction. This section maps the regulatory obligations to the specific controls that satisfy them.
legendRequirement: boolean; // Restrictive legend on certificates
distributorAgreement: boolean; // Written agreements with distributors
};
// OFAC compliance (required regardless of Reg S)ofacCompliance: {
sdnScreeningPassed: boolean;
sanctionedCountryCheck: boolean;
screeningTimestamp: Date;
};
}
πΉ11.5.1 9.5.2 ProhibitedRegulatory-to-Control JurisdictionsMapping
The Portal implements absolute restrictions preventing investor participation from jurisdictions subject to comprehensive US sanctions:
Regulatory Requirement |
Satisfied By |
Control Numbers |
|
|
Accredited investor verification β Reg D 506(c) |
Empire whitelist verification on every transfer |
Controls 1β5 (KYC/AML status) |
|
|
Rule 144 6-month holding period β U.S. investors |
On-chain holding period enforcement |
Control 24 (HoldingPeriodAccount) |
|
|
Reg S 12-month distribution compliance β non-U.S. |
On-chain Reg S period enforcement |
Control 24 (Reg S flag variant) |
|
|
OFAC SDN screening β all transfers |
Real-time SDN check on every transfer |
Controls 8β10 (OFAC / sanctions) |
|
|
AML transaction monitoring β BSA |
Risk scoring on every transfer event |
Controls 11β15 (AML risk) |
|
|
Wallet whitelist β Empire-verified only |
Wallet authorization gate on every transfer |
Control 15 (wallet registry) |
|
|
Wallet concentration limits |
Maximum holding enforcement |
Controls 16β20 (concentration) |
|
|
Circuit breakers β market manipulation |
Velocity and volume controls |
Controls 21β26 (circuit breakers) |
|
|
1:1 custody attestation β Model B |
Oracle attestation on every slot |
Controls 27β30 (custody oracle) |
|
|
Regulatory freeze β Control 42 |
CLO authorization + 3-of-5 multi-sig |
Control 42 (regulatory compliance freeze) |
11.5.2 Immutability of Transfer Hook Controls
All 42 Transfer Hook controls are immutable β they cannot be altered, suspended, or bypassed by any party, including OTCM Protocol itself. This immutability is a regulatory design choice: it means that platform operators cannot be pressured, compromised, or incentivized to weaken investor protections. The controls are deployed as a fixed program; governance authority extends only to adjustable operating parameters within hard-coded bounds, never to the existence or logic of the controls themselves.
11.6 Bank Secrecy Act and AML Compliance
OTCM Protocol and Empire Stock Transfer operate an Anti-Money Laundering compliance program consistent with the Bank Secrecy Act (31 U.S.C. Β§5311 et seq.) and FinCEN regulations at 31 CFR Part 1010. The program operates at three layers: investor onboarding screening by Empire Stock Transfer, continuous transaction monitoring through Transfer Hook AML controls, and platform-level analytics through Chainalysis KYT and TRM Labs integrations.
11.6.1 BSA / AML Program Elements
|
BSA/AML Program Element |
Implementation |
Regulatory Basis |
|
Customer Identification Program (CIP) |
Empire Stock Transfer performs four-pillar identity verification at onboarding for all investors |
31 CFR Β§1020.220 |
|
Beneficial Ownership |
KYB verification by Empire for all entity investors β UBO identification at β₯25% threshold |
31 CFR Β§1010.230 |
|
Ongoing Transaction Monitoring |
Transfer Hook Controls 11β15 screen every transaction; 200+ features analyzed by Chainalysis/TRM Labs |
31 CFR Β§1010.210 |
|
Suspicious Activity Reporting |
Empire files SARs with FinCEN for transactions of $5,000+ meeting BSA SAR criteria |
31 CFR Β§1010.320 |
|
Currency Transaction Reports |
Fiat on-ramp transactions of $10,000+ trigger CTR filing requirements |
31 CFR Β§1010.311 |
|
Recordkeeping |
Empire maintains all KYC/KYB/AML records per BSA retention requirements (5 years) |
31 CFR Β§1010.410 |
|
Independent Testing |
Annual compliance audit of AML program effectiveness |
31 CFR Β§1010.210(b) |
11.7 OFAC Sanctions Compliance
OTCM Protocol maintains a sanctions compliance program consistent with regulations administered by the U.S. Treasury Office of Foreign Assets Control (OFAC). Sanctions compliance is enforced at three independent checkpoints: Empire Stock Transfer onboarding screening, Transfer Hook real-time screening on every transaction, and the platform's AI Module pre-outreach wallet screening.
|
Sanctions Program |
CFR Reference |
Enforcement Mechanism |
|
|
Iran β Iranian Transactions & Sanctions Regulations |
31 CFR Part 560 |
Investor prohibited at onboarding; Transfer Hook Controls 8β10 block on every transfer |
|
|
North Korea | β North Korea Sanctions Regulations |
31 CFR Part 510 |
Same as above |
|
Syria | β Syrian Sanctions Regulations |
31 CFR Part 542 |
Same as above |
|
Cuba | β Cuban Assets Control Regulations |
31 CFR Part 515 |
Same as above |
|
Crimea | β Ukraine-Related Sanctions (SSIDES) |
31 CFR Part 589 |
Same as above |
|
SDN List β All Programs |
50 Fed. Reg. 5342 |
Three-layer wallet matching: exact address + fuzzy name + 2-hop clustering |
πΉ 9.5.3 FATF High-Risk Handling
Jurisdictions designated as high-risk by the Financial Action Task Force (FATF) receive enhanced due diligence:
Enhanced KYC: Additional documentation and verification requirements beyond standard KYCMandatory Source of Funds: Detailed source of funds documentation with supporting evidenceEnhanced Monitoring: Lower thresholds for transaction alerts and more frequent reviewSenior Approval: Manual compliance officer approval required before investment eligibility confirmedRegular Review: Quarterly re-verification of investor status and activity
πΉ 9.5.4 Regulation A+ Tier 2 for Non-Accredited
For global non-accredited investors, the Portal implements Regulation A+ Tier 2 investment limits:
Offering Limit: Up to $75,000,000 annually per issuerNon-Accredited Limit: 10% of greater of annual income or net worthSEC Qualification: Requires SEC Form 1-A qualificationOngoing Reporting: Semi-annual (Form 1-SA) and annual (Form 1-K) reports required
πΉ 9.5.5 Country-Specific Requirements
The Portal implements country-specific additional requirements as needed:
OFAC | Hook |
ποΈ11.8 9.6 PortalWyoming TechnicalState ArchitectureLaw Framework
ThisGroovy sectionCompany, detailsInc. dba OTCM Protocol is incorporated in Wyoming under the technicalWyoming implementationBusiness Corporation Act (W.S. 17-16-101 et seq.). Wyoming was selected as the jurisdiction of incorporation for three structural reasons: statutory recognition of digital assets as property, a comprehensive Digital Asset Statute providing legal certainty for tokenized securities operations, and a corporate law framework that accommodates the dual-layer securities structure (Series M preferred shares + ST22 tokens on Solana).
11.8.1 Wyoming Digital Asset Statute
Wyoming's Digital Asset Statute (W.S. 34-29-101 et seq.) provides legal recognition of digital asset transfers and ownership, property law protection equivalent to traditional assets, and regulatory clarity for digital asset businesses. For OTCM Protocol, the statute's most operationally significant provision is the recognition of digital asset transfers as legally effective transfers of the OTCMunderlying Issuersproperty Portal,rights β supporting the Model B architecture by ensuring that an ST22 token transfer on Solana constitutes a legally effective transfer notification to Empire Stock Transfer under Wyoming law.
11.8.2 Series M Preferred Share Structure
Each ST22 issuance requires the issuing company to authorize a new series of preferred shares β Series M β through a Certificate of Designation filed with the Wyoming Secretary of State. The Certificate of Designation specifies: the number of authorized Series M shares, the non-voting and non-dividend characteristics, the irrevocable custody requirement with Empire Stock Transfer, the 1:1 tokenization ratio, and the protective conversion mechanism that converts Series M shares to common shares upon a mandatory redemption event if the issuer ceases platform participation.
11.9 UCC Article 8 Transfer Compliance
The SEC's January 28, 2026 Joint Staff Statement (footnote 5) assumes that transfers of crypto assets representing tokenized securities comply with Article 8 of the Uniform Commercial Code, including systemeffective components,indorsement, APIinstruction, specifications,or securityentitlement architecture,order as applicable. OTCM Protocol's Transfer Hook mechanism is designed to satisfy these requirements.
Each ST22 transfer on CEDEX triggers a programmatic instruction to Empire Stock Transfer to update the Master Securityholder File, constituting an effective entitlement order under UCC Β§8-102(a)(8). The Transfer Hook's 42 controls β including KYC/AML verification, wallet concentration limits, and performancecircuit metrics.
πΉβ 9.6.1operate Systemas Components
programmatic //that Portalonly Systemlawful Architectureand //compliant OTCMtransfers Portalare Systemrecorded Architecturein β---βthe βsecurityholder CLIENT LAYER β
β β---β β---β β---β β---β β
β β Issuer Web β β Investor β β Admin β β Mobile β β
β β Dashboard β β Portal β β Console β β Apps β β
β β (React) β β (React) β β (React) β β (React Nat) β β
β β---β β---β β---β β---β β
β---β
β
βΌ
β---β
β API GATEWAY β
β (AWS API Gateway / Cloudflare) β
β Rate Limiting | DDoS Protection | SSL Termination β
β---β
β
βΌ
β---β
β APPLICATION LAYER β
β β---β β
β β Node.js / TypeScript API β β
β β (Express / Fastify) β β
β β---β β
β β---β β---β β---β β---β β
β β KYC Service β β Accred Svc β β AML Service β β Reporting β β
β β---β β---β β---β β---β β
β---β
β
β---βΌ---β
β β β
βΌ βΌ βΌ
β---β β---β β---β
β PostgreSQL β β Redis β β Solana RPC β
β (User Data) β β (Cache) β β (Blockchain) β
β---β β---β β---βπΉ 9.6.2 API Specifications
// API Endpoints
// Core API Endpoints
// KYC ModulePOST /api/v1/kyc/initiate // Start KYC processfile.
POST /api/v1/kyc/document/upload // Upload ID document
POST /api/v1/kyc/liveness/start // Start liveness check
GET /api/v1/kyc/status/:investorId // Get KYC status
POST /api/v1/kyc/address/verify // Submit address proof
// Accreditation ModulePOST /api/v1/accreditation/third-party // Submit third-party verification
POST /api/v1/accreditation/self-cert // Submit self-certification
GET /api/v1/accreditation/status/:id // Get accreditation status
POST /api/v1/accreditation/renewal // Renew expiring accreditation
// AML ModuleGET /api/v1/aml/risk-score/:walletAddress // Get wallet risk score
POST /api/v1/aml/screen // Initiate AML screening
GET /api/v1/aml/monitoring/:investorId // Get monitoring alerts
// Issuer DashboardGET /api/v1/issuer/investors // List all investors
GET /api/v1/issuer/analytics // Token analytics
GET /api/v1/issuer/compliance-report // Compliance summary
// Investor PortalGET /api/v1/investor/profile // Get investor profile
GET /api/v1/investor/investments // List investments
POST /api/v1/investor/invest // Initiate investment
πΉ 9.6.3 Security Architecture
The Portal implements enterprise-grade security across all layers:
Encryption at Rest: AES-256 encryption for all stored dataEncryption in Transit: TLS 1.3 for all API communicationsAuthentication: OAuth 2.0 + JWT with hardware key support (WebAuthn)Authorization: Role-based access control (RBAC) with least-privilege principlesAudit Logging: Immutable audit trail for all actions with cryptographic signaturesPenetration Testing: Quarterly third-party penetration testing
πΉ 9.6.4 Performance Specifications
UCC The Transfer Hook architecture produces a legally effective entitlement order under UCC Article 8 on every ST22 transfer: ( | 1) ||
| 42 | validate ||
11.10 CEDEX Trading Venue β Regulatory Considerations
CEDEX, OTCM Protocol's proprietary Centralized-Decentralized Exchange, operates as the exclusive secondary market venue for ST22 Digital Securities trading. The appropriate regulatory classification of CEDEX as a trading venue is under active evaluation by OTCM Protocol's Chief Legal Officer, Jeff Turner (JDT Legal). The company is engaged with the SEC's Division of Trading and Markets and the Crypto Task Force to determine the appropriate registration pathway.
11.10.1 ATS Evaluation
CEDEX may qualify as an Alternative Trading System (ATS) under Regulation ATS (17 CFR Part 242), which requires registration as a broker-dealer and filing with the SEC. OTCM Protocol's CLO is evaluating the ATS pathway, including potential operation under a broker-dealer partnership. Until regulatory classification is finalized, CEDEX operates within the existing compliance framework, and the 42 Transfer Hook controls enforce compliance requirements that exceed those of traditional trading venues.
|
CEDEX Regulatory Classification β Pending OTCM Protocol will engage with the SEC Crypto Task Force to confirm the appropriate regulatory classification for CEDEX prior to full secondary market launch. The platform has been designed to accommodate any resulting registration requirement without architectural changes β the compliance infrastructure exceeds ATS requirements. Institutional participants and issuers should note that secondary market trading will not open until CLO Jeff Turner has confirmed the regulatory status of CEDEX with the SEC. |
11.11 Compliance Governance β Officers and Responsibilities
|
Officer |
Role |
Compliance Responsibilities |
|
Jeff Turner |
Chief Legal Officer, JDT Legal |
SEC filings (Form D, EDGAR), regulatory submissions to SEC Crypto Task Force, CEDEX ATS classification, Transfer Hook legal review, blue sky filings, CLO authorization for Control 42 regulatory freeze |
|
Patrick Mokros |
COO Β· President of Empire Stock Transfer |
Investor onboarding authority (KYC/KYB/AML/OFAC/Wallet Verification), Master Securityholder File maintenance, SAR filings with FinCEN, BSA recordkeeping, custodian compliance |
|
Frank Yglesias |
CTO |
Transfer Hook immutable parameter oversight, AI model governance (CTO sign-off on new model promotion), smart contract upgrade governance (5-of-9 multi-sig), annual technical security audit |
|
Berj Abajian |
CEO |
Board-level regulatory strategy, SEC Crypto Task Force engagement, Wyoming corporate law compliance, issuer relationship management |
11.12 Annual Compliance Audit Framework
OTCM Protocol maintains an annual compliance audit cycle covering all regulatory programs. The audit program is administered by the CLO and is independent of routine operational compliance monitoring.
|
Audit Domain |
Scope |
Frequency |
Responsible Party |
|
AML / BSA Program |
CIP effectiveness, SAR filing completeness, transaction monitoring coverage |
Annual + event-triggered |
Empire Stock Transfer + external auditor |
|
Transfer Hook Controls |
Verification that all 42 controls remain deployed, unmodified, and functioning as specified |
Annual + post-upgrade |
CTO (Frank Yglesias) + independent security firm |
|
1:1 Attestation Oracle |
Verification that on-chain token supply equals Series M shares in Empire custody |
Continuous (per Solana slot) + annual audit |
Empire Stock Transfer + Chainalysis |
|
Accreditation Records |
Sample review of investor accreditation documentation for Rule 506(c) compliance |
Annual |
Empire Stock Transfer + CLO |
|
OFAC Screening |
Retroactive screening of investor wallet universe against updated SDN list |
Annual + on SDN list updates |
Transfer Hook Controls 8β10 (automated) |
|
AI Model Governance |
Drift detection, retraining compliance, governance gate documentation |
Quarterly (drift) + annual (full audit) |
CTO sign-off |
|
Penetration Testing |
Web portal, API layer, wallet application security |
Quarterly |
Third-party security firm |
11.13 Regulatory Citation Reference
|
Regulation / Authority |
Citation |
Applicability to OTCM Protocol |
|
SEC Joint Staff Statement on Tokenized Securities |
January 28, 2026 β Div. Corp. Fin., Div. Inv. Mgmt., Div. Trading & Markets |
Category 1 Model B classification; technology-neutral principle; UCC Article 8 assumption |
|
SEC Release No. 33-11412 |
March 17, 2026 |
Digital Securities guidance β platform architecture satisfies all stated requirements |
|
Regulation D Rule 506(c) |
17 CFR Β§230.506(c) |
Primary offering framework for all ST22 issuances to U.S. accredited investors |
|
Regulation S Rules 901β905 |
17 CFR §§230.901β905 |
Offshore offering framework for non-U.S. investor participation |
|
Securities Act of 1933 |
15 U.S.C. Β§77a et seq. |
ST22 tokens are securities subject to full Securities Act obligations |
|
Securities Exchange Act of 1934 |
15 U.S.C. Β§78a et seq. |
Transfer agent registration (Section 17A); ongoing Exchange Act obligations |
|
Bank Secrecy Act |
31 U.S.C. Β§5311 et seq.; 31 CFR Part 1010 |
CIP, AML program, SAR and CTR filing obligations |
|
OFAC Sanctions Programs |
31 CFR Parts 510, 515, 542, 560, 589 |
Prohibited jurisdiction and SDN list enforcement |
|
Wyoming Business Corporation Act |
W.S. 17-16-101 et seq. |
Corporate formation and governance law |
|
Wyoming Digital Asset Statute |
W.S. 34-29-101 et seq. |
State-law recognition of digital asset transfers and property rights |
|
UCC Article 8 |
Uniform Commercial Code Β§8-102 |
Effective entitlement order framework for token transfer notification architecture |
|
Rule 144 |
17 CFR Β§230.144 |
Resale restriction (6-month holding period) enforced by Transfer Hook Control 24 |
|
Form D |
17 CFR Β§239.500 |
Filed within 15 days of first sale for each ST22 Reg D issuance |
|
Groovy Company, Inc. dba OTCM Protocol | CIK: 1499275 | Version 7.0 | March 2026 | Confidential |