Verification knowledge hub
Everything you need to know about Security Token Offerings—definition, regulations, and KYC requirements.
Security Token Offerings (STOs) were created due to high demand for regulatory oversight of Initial Coin Offerings (ICOs), which can be used to scam investors. So what exactly is an STO? How are STOs regulated? And what are the KYC/AML requirements for STOs? Let’s get into the finer details.
STOs are a form of fundraising involving the issuance of digital tokens to investors. In many jurisdictions, tokens issued under STOs are considered a security if they represent the right to any financial gain or claim on the issuer. Tokens usually give holders rights similar to those of ordinary securities (for example, sharing, voting, dividends, etc.)
The processes for launching ICOs and STOs are similar. The main difference is based on the characteristics and functions of the issued tokens. For instance, in an ICO, capital is raised by selling utility tokens, which give owners the right to use the company’s product or service once it is developed. In security token offerings (STOs), companies sell tokenized traditional financial instruments—such as, for example, equity where token holders receive rights to future profits.
*The FATF’s Guidance on virtual assets considers ICOs as VASPs in some cases, while the FCA’s Guidance on cryptoassets considers them e-money services.
The majority of countries have regulations based on local securities laws, whereas others haven’t introduced any frameworks (e.g., China).
In the US, STOs are regulated by the Securities and Exchange Commission (SEC). Under the Securities Act of 1933, any security offering made to US residents must either be registered with the SEC or be exempted from regulation under the rules of the Act. Here are the most common exemptions:
Regulation S exempts from SEC registration all STO offers and sales that are completed entirely outside the United States and made only to non-US residents.
Regulation CF (Regulation Crowdfunding) exempts from registration the sale of up to $5 million of securities in a 12-month period. It sets no investment limits for accredited investors. Non-accredited investors are subject to investment limits based on their greater annual income and net worth.
There are no specific regulations for STOs, however a number of the EU-level regulations may apply to STOs in some cases. For example, the EU Prospectus Regulation applies if STO tokens are characterized as transferable securities under MiFID II (unless certain exceptions apply). The Prospectus Regulation sets out the regime for the prospectus that must be published by a company when its securities are offered to the public or are admitted for trading on a regulated market.
All in all, the regulation of STOs across Europe may follow one of the following approaches:
As securities/issuers of securities, STO don’t fall under national AML laws. If dealers and brokers are involved by the STO issuer to market the token sale, they must implement AML measures, such as KYC, as these are AML-regulated entities.
Know Your Customer (KYC) is the process of identifying and verifying customers. Regarding STOs, this process coverst the following:
The required information can differ across jurisdictions, but here’s a common baseline for verifying STO investors:
To verify an investor’s identity, businesses can use a document issued by an independent and reliable source containing the person’s photo (ID card or a passport).
To verify an investor’s residential address, businesses can use recent utility bills, housing insurance documents, or municipal taxes and bank account statements.
For STO projects, automated verification is the way to go. It reduces onboarding time to a couple of minutes and increases conversion rates, without needing to hire additional employees to control the process.
Let Sumsub create the best KYC solution for your STO project. Request a demo today.