The Sumsuber

Best practices for KYC/AML

How to
4 min read

Security Token Offering: STO Legal and KYC Process

Security Token Offering, otherwise referred to as STO, is simply a security represented as a token on the blockchain, marketed by issuers as a form of tradable assets or investments in the issuing company.

STOs were created due to high demand for regulations in Initial Coin Offerings as a means to protect investors from ICO scams. Recently, the popularity of STOs has increased so rapidly that many in the financial sector consider 2019 to be the year of security tokens.

So you maybe asking, what exactly is a Security Token Offering? How is an STO regulated? What are the KYC / AML requirements for STOs? We have provided answers to these questions in subsequent paragraphs.

What is a Security Token Offering—STO?

A Security Token Offering or STO is a security that has monetary value. It is tradable and represents an expectation of future compensation or profits resulting from the activity of the STO issuer.

STO Crypto 

If an ICO passes the Howey test, which means its values are derived from being an external tradable asset, then it will be considered an STO by the SEC.

Most ICOs are regarded as investment opportunities in the offering company, so partially most ICOs are considered to be securities.


An ICO is a token that doesn’t have monetary value or cannot be traded in the stock market, therefore classifying them as utility tokens. Most ICOs are usually offered by companies to be purchased during crowdfunding.

Investors in ICOs do not need to be accredited or qualified to participate in the token sales.

While an STO, purchased during the public offering can be traded, sold or held as assets by an investor. Since security tokens are actual financial securities, they are backed by the assets and revenue of the issuing company, unlike an ICO; backed by speculations of what could be.

KYC for STO—everything you need to know

Since Security token offerings (STOs) are, by definition, securities, they must comply with the same regulations as traditional securities offerings. These regulations aim at protecting investors from the pump-and-dump pattern of fraudulent ICOs.

During the public offering of a security token, performing a KYC process is mandatory for the verification of accredited and qualified investor status. The purpose is to ensure that only verified investors can participate in the offering and also make certain that security tokens are not being acquired with illicit funds.

In reality, most issuers only need the token to be subject to accredited investors, not asset ownership. But that also depends on the issuer’s jurisdiction and the regulations in place which the Security Token Offering must comply with.

STO token—regulations involving STOs 

The legal definition of Securities varies by jurisdiction. We will explore the main jurisdictions for you in subsequent paragraphs.

The United States: the U.S. SEC regulations state that any security offering made to U.S. residents must either be registered with the SEC or be exempted under the Securities Act of 1933. Issuers seek a private placement exemption because it is easier and saves both time and money.

Speak to one of our compliance experts today.


The most common exemptions 

  • Regulation D; which contains Rule 506(b)and Rule 506(c)

Under Rule 506(b), an issuer may sell its Security Token Offerings to an unlimited number of accredited investors and up to 35 other purchasers. This exemption requires investors to self-verify their accredited status and the issuer should confirm this status. Unfortunately, this exemption does not allow general solicitation.

Rule 506(c) allows the sale of STO to only accredited investors, and furthermore, the STO issuer is obliged to conduct a KYC process or take “reasonable steps” to verify that the investors are indeed accredited. This is the most popular exemption because it allows general solicitation and unlimited capital raise.

  • Regulation S

Reg S exempts all STO offers and sales that are completed entirely outside the United States and made only to non-US residents. Even though this exemption can be used alongside rule 506(c), it is unpopular because it is subject to different state laws.

  • Regulation A+: Reg A+ is divided into Tier i and Tier II.

Under Tier I, issuers can raise up to $20 million and it does not preempt state securities registration laws.

Under Tier II, issuers can raise up to $50 million and it preempts state securities registration laws. It is popular amongst ICO/STO, but the downside is the legal costs of going through the SEC review process and ongoing maintaining annual and semi-annual reporting requirements.

  • Regulation CF

Regulation CF or the crowdfunding exemption allows STOs to be sold to both accredited and unaccredited investors. It has been popular with startups aiming to raise seed capital from unaccredited investors. A disadvantage is the limited capital raise of up to $1 million only.

What’s in Europe?

Directive 2003/71/EC of the European Parliament states that the Member States shall not allow any offer of securities to be made to the public within their territories without prior publication of a prospectus.

But publishing a prospectus is not mandatory if securities are offered solely to:

  • qualified investors; are like accredited investors but the KYC checks for them are simpler;
  • 100 natural or legal persons per Member State;
  • Investors who acquire securities for a total consideration of at least €50 thousand per investor, for each separate offer;
  • If the security’s denomination per unit amounts to at least EUR €50 thousand;
  • an offer of securities with a total consideration of less than €100 thousand, which limit shall be calculated over a period of 12 months.

However, there are still local exemptions in each EC member state. For example, in Estonia, STO issuers have to register their prospectus with the Estonian Financial Supervision Authority (EFSA), if their security token does not meet similar criteria as listed above.

The only differences between these local exemptions and the European Commission’s are the numbers of ordinary investors permitted and the amount of money to be invested. These factors may vary across EC member states.
Additionally, the term ‘qualified investors’ includes “legal entities, national and regional governments, central banks, international and supranational institutions, certain natural persons and SMEs included in the register of qualified investors.

At Sum&Substance, years of expertise working with ICOs, including accredited investors and FinTechs, make us your perfect candidate when choosing a KYC service for your STO. Get in touch with us by leaving a message here.