Section 8 Wallet Infrastructure — Layer 8
OTCM PROTOCOL Comprehensive Technical Whitepaper — Version 7.0 ST22 Digital Securities Platform | March 2026 | Groovy Company, Inc. dba OTCM Protocol |
Section 8: Wallet Infrastructure — Layer 8
Native iOS and Android securities wallet applications providing fully compliant ST22 token management. Layer 8 bridges the compliance architecture of Layers 1–7 with the end investor experience — enforcing KYC/AML verification at wallet activation so that compliance is ambient, not optional.
8.1 Architecture Philosophy
The OTCM Protocol wallet is not a generic Solana wallet with a compliance whitelist added on top. It is a purpose-built securities wallet where accreditation verification is a prerequisite for account activation, ST22 token interactions are the primary use case, and institutional custody requirements are first-class design considerations.
Layer 8 serves a specific and deliberate function in the nine-layer architecture: it provides a user experience layer that prevents investors from attempting transactions that the Transfer Hook controls at Layer 2 would reject. This pre-flight check is a user experience optimization — it eliminates failed transaction fees and compliance friction for legitimate investors — but it is not a substitute for Layer 2 enforcement. Every operation still routes through all 42 Transfer Hook controls on-chain, regardless of what the wallet application has verified at the application layer.
Wallet-Layer vs. On-Chain Compliance Wallet-layer compliance checks are UX optimizations. On-chain Transfer Hook enforcement is the definitive compliance gate. A wallet that somehow bypassed Layer 8 compliance checks would still be rejected at Layer 2 by the 42 Transfer Hook controls. The wallet layer adds investor experience quality; Layer 2 provides the security guarantee. This separation means the platform's compliance integrity does not depend on the security of any mobile application. |
8.2 Compliance Enforcement at the Wallet Layer
The wallet application enforces compliance at six gates, routing to the Empire Stock Transfer onboarding dashboard for all verification functions. OTCM Protocol does not perform investor onboarding — the wallet routes investors to Empire's dashboard, which conducts all KYC, KYB, AML, OFAC/SDN screening, and wallet verification before any investor can interact with ST22 tokens.
Compliance Gate | Layer | When Applied | Fail Behavior | Note |
Identity verification (KYC) | Layer 8 wallet | During account creation | Account creation blocked | UX optimization |
AML risk scoring | Layer 8 wallet | Onboarding + periodic refresh | Account restricted pending review | UX optimization |
OFAC/SDN screening | Layer 8 wallet | Wallet activation + hourly | Account blocked; compliance notified | UX optimization |
Accreditation check | Layer 8 wallet | Before ST22 purchase attempts | Purchase blocked; accreditation flow triggered | UX optimization |
KYB — entity verification | Layer 8 wallet | Entity account creation | Account blocked until UBO confirmed | Entity investors |
Transfer Hook execution (all 42) | Layer 2 on-chain | Every on-chain transfer | Transaction reverts with specific error code | On-chain — cannot be bypassed |
Empire Stock Transfer Routes All Verification The wallet application does not perform investor verification itself. When an investor initiates account creation or attempts to interact with ST22 tokens, the wallet routes to Empire Stock Transfer's investor dashboard for KYC, KYB (entity investors), AML screening, OFAC/SDN verification, and wallet address registration. Until Empire has completed all five verification functions and registered the wallet in the Master Securityholder File, no ST22 tokens can be delivered to or transferred from that wallet — the Transfer Hook controls enforce this at the on-chain level. |
8.3 Application Features
8.3.1 Investor Wallet
Feature | Description |
Multi-issuer portfolio | Unified dashboard for all ST22 token holdings across all issuers on CEDEX — balances, values, holding period status |
Holding period status | Real-time display of Rule 144 / Reg S countdown for each ST22 position — shows days remaining before Transfer Hook Control 24 clears |
CEDEX embedded trading | Integrated CEDEX buy/sell interface — investors trade without leaving the wallet application |
Transaction history | Full audit trail of all ST22 transfers with compliance event log — hook results, error codes, timestamps |
Compliance status | Real-time KYC/AML verification status with renewal reminders — accreditation expiry alerts sent before lapse |
Empire dashboard link | Direct routing to Empire Stock Transfer's investor dashboard for verification, updates, and redemption requests |
Staking dashboard | OTCM Security Token staking management — epoch tracking, reward display, stake/unstake operations |
Redemption workflow | Guided Series M share redemption process — routes to Empire Stock Transfer for physical share certificate issuance |
Push notifications | New ST22 issuer launch alerts, holding period expiry notifications, compliance renewal reminders |
8.3.2 Institutional Mode
Institutional investors — family offices, funds, and corporate entities — have access to an institutional mode enabling workflows that individual investor accounts do not require:
• Multi-signature approval flows — Large transactions above a configurable threshold require multi-signature authorization from designated approvers within the entity account — configurable by the institution
• Hardware wallet signing — All transaction signing handled by a connected Ledger or Trezor device — the wallet application constructs and serializes the transaction but never accesses or stores the signing key
• Bulk transaction management — Institutions managing multiple investor accounts can batch compliance status checks, holding period reviews, and transaction submissions
• Entity account management — KYB-verified entity accounts display beneficial owner structures, authorized signatories, and entity-level compliance status separate from individual signatory credentials
• Audit export — Exportable compliance event logs and transaction history in formats suitable for institutional audit and regulatory reporting
8.4 Hardware Wallet Integration
Institutional investors and high-net-worth individuals requiring air-gapped private key storage may connect Ledger or Trezor hardware wallets to the OTCM wallet application. This provides the highest available level of private key security without any compromise to on-chain compliance enforcement.
8.4.1 Supported Devices
Manufacturer | Supported Models | Connection Method |
Ledger | Nano S, Nano X, Nano S Plus, Stax | USB (Nano S/S Plus) · Bluetooth (Nano X) · USB-C (Stax) |
Trezor | Model T, Safe 3, Safe 5 | USB |
8.4.2 Signing Architecture
• Non-custodial by design — The OTCM wallet application never accesses, stores, or transmits private keys — regardless of whether the investor uses a software wallet or hardware device
• Transaction construction — The wallet application constructs and serializes the unsigned Solana transaction, including all Transfer Hook account references required for Layer 2 compliance enforcement
• Hardware device signing — The serialized transaction is transmitted to the hardware device for signing — the investor physically approves on the device display
• Broadcast and settlement — The signed transaction is broadcast to the Solana network; Transfer Hook execution occurs normally on-chain, identical to a software wallet transaction
• User confirmation latency — Hardware wallet signing adds approximately 3–5 seconds for user confirmation — this is a security feature, not a performance limitation
8.5 Non-Custodial Architecture
The OTCM wallet is non-custodial. Private keys are generated and stored exclusively on the investor's device or hardware wallet. OTCM Protocol, Empire Stock Transfer, and any other platform participant never has access to investor private keys.
This architecture has an important implication for the custody model: while Empire Stock Transfer holds the Series M preferred shares that back each ST22 token in its capacity as registered transfer agent and qualified custodian, the on-chain ST22 tokens themselves are held by investors in self-custody wallets. Empire's custody role is over the underlying securities — not over the blockchain tokens representing them. This is consistent with the Category 1 Model B architecture and the January 28, 2026 Joint Staff Statement's framework for issuer-sponsored tokenization.
8.5.1 Key Loss Recovery
Because the wallet is non-custodial, OTCM Protocol cannot recover lost private keys. Investors who lose access to their wallet private key should contact Empire Stock Transfer directly. Empire, as the holder of the Master Securityholder File and the qualified custodian of the underlying Series M shares, can work with the investor and legal counsel to verify identity and authorize the minting of replacement ST22 tokens to a new verified wallet address — after completing a full re-verification of the investor's identity, accreditation status, and beneficial ownership. The lost tokens would be burned from the old address and re-minted to the new Empire-verified address, maintaining the 1:1 backing ratio throughout.
8.6 Performance Specifications
Metric | Specification |
Platform support | iOS 16+ and Android 12+ — native applications (not web-based) |
Wallet creation time | < 60 seconds including key generation and secure enclave enrollment |
Empire onboarding routing | Immediate — wallet routes to Empire dashboard; Empire KYC/KYB process: 15–30 minutes |
Transaction signing latency — software wallet | < 200ms |
Transaction signing latency — hardware wallet | 3–5 seconds (user confirmation on device required) |
CEDEX order submission latency | < 100ms from order confirmation to Solana network broadcast |
Balance sync cadence | Real-time via Helius RPC WebSocket subscription — updates within 400ms (one Solana block) |
Supported ST22 tokens | All ST22 tokens listed on CEDEX + OTCM Security Token |
Supported hardware wallets | Ledger Nano S/X/S Plus/Stax · Trezor Model T/Safe 3/Safe 5 |
Offline capability | Balance display and transaction history — available offline. Order submission requires network. |
Groovy Company, Inc. dba OTCM Protocol | CIK: 1499275 | Version 7.0 | March 2026 | Confidential |