Regulatory compliance
Dec 28, 2022
4 min read

Security Token Offerings 2023: AML and KYC

Everything you need to know about Security Token Offerings—definition, regulations, and KYC requirements.

Polina Rebeka

Polina Rebeka

Content manager

Security Token Offerings (STOs) were created due to high demand for regulatory oversight of Initial Coin Offerings (ICOs), which can be used to scam investors. So what exactly is an STO? How are STOs regulated? And what are the KYC/AML requirements for STOs? Let’s get into the finer details.

What is considered a Security Token Offering (STO)?

STOs are a form of fundraising involving the issuance of digital tokens to investors. In many jurisdictions, tokens issued under STOs are considered a security if they represent the right to any financial gain or claim on the issuer. Tokens usually give holders rights similar to those of ordinary securities (for example, sharing, voting, dividends, etc.)

What is the difference between an ICO and STO?

The processes for launching ICOs and STOs are similar. The main difference is based on the characteristics and functions of the issued tokens. For instance, in an ICO, capital is raised  by selling utility tokens, which give owners the right to use the company’s product or service once it is developed. In security token offerings (STOs), companies sell tokenized traditional financial instruments—such as, for example, equity where token holders receive rights to future profits.

*The FATF’s Guidance on virtual assets considers ICOs as VASPs in some cases, while the FCA’s Guidance on cryptoassets considers them e-money services. 

How are STOs regulated? 

The majority of countries have regulations based on local securities laws, whereas others haven’t introduced any frameworks (e.g., China). 

STO regulations in the United States

In the US, STOs are regulated by the Securities and Exchange Commission (SEC). Under the Securities Act of 1933, any security offering made to US residents must either be registered with the SEC or be exempted from regulation under the rules of the Act. Here are the most common exemptions:

Regulation D

  • Rule 504 of Regulation D exempts from registration the offer and sale of up to $10 million of securities in a 12-month period. A company is required to file a notice with the Commission on Form D within 15 days after the first sale of securities in the offering.
  • Rule 506(b) allows the sale of STOs to an unlimited number of accredited investors and up to 35 other purchasers. Under this exemption, investors must self-verify their accredited status, while issuers should confirm it. 
  • Rule 506(c) allows the sale of STOs only to accredited investors. The STO issuer is obliged to conduct a check or take “reasonable steps” to verify that the investors are indeed accredited. This exemption allows unlimited raising of capital.

Regulation S

Regulation S exempts from SEC registration all STO offers and sales that are completed entirely outside the United States and made only to non-US residents. 

Regulation A

  • Tier I exempts from registration the sale of up to $20 million of securities in a 12-month period without any requirements for investors. 
  • Tier II exempts from registration the offer and sale of up to $75 million of securities in a 12-month period with an investment limit requirement for non-accredited investors.

Regulation CF

Regulation CF (Regulation Crowdfunding) exempts from registration the sale of up to $5 million of securities in a 12-month period. It sets no investment limits for accredited investors. Non-accredited investors are subject to investment limits based on their greater annual income and net worth.

STO regulations in the EU

There are no specific regulations for STOs, however a number of the EU-level regulations may apply to STOs in some cases. For example, the EU Prospectus Regulation applies if STO tokens are characterized as transferable securities under MiFID II (unless certain exceptions apply). The Prospectus Regulation sets out the regime for the prospectus that must be published by a company when its securities are offered to the public or are admitted for trading on a regulated market.

All in all, the regulation of STOs across Europe may follow one of the following approaches:

  1. Regulation of STOs under the traditional rules applicable to securities. In some cases, this includes specific legislation that facilitates the use of Distributed Ledger Technology (DLT) and may impact STOs (including France, Germany, Italy, Luxembourg, the Netherlands, Romania, Spain, and the UK); 
  2. No specific regulatory regime. In such jurisdictions, traditional securities laws are unlikely to apply to STOs without further legislative changes. This includes the Czech Republic, Poland, and Slovakia. In such cases, the regulatory treatment of STOs is based on the local laws governing intangible assets (as in the Czech Republic) or property (as in Slovakia).

KYC rules for STOs

As securities/issuers of securities, STO don’t fall under national AML laws. If dealers and brokers are involved by the STO issuer to market the token sale, they must implement AML measures, such as KYC, as these are AML-regulated entities. 

Know Your Customer (KYC) is the process of identifying and verifying customers. Regarding STOs, this process coverst the following:

  • Compliance with AML/CTF requirements;
  • Knowing whether STO investors are US citizens in order to apply either registration or exemption rules.

Identification of investors

The required information can differ across jurisdictions, but here’s a common baseline for verifying STO investors:

  • Full name;
  • Date of birth;
  • Residential address;
  • Government-issued identification number (or another similar unique identifier);
  • Citizenship.

To verify an investor’s identity, businesses can use a document issued by an independent and reliable source containing the person’s photo (ID card or a passport).

To verify an investor’s residential address, businesses can use recent utility bills, housing insurance documents, or municipal taxes and bank account statements.

For STO projects, automated verification is the way to go. It reduces onboarding time to a couple of minutes and increases conversion rates, without needing to hire additional employees to control the process.

Let Sumsub create the best KYC solution for your STO project. Request a demo today.

See Sumsub in action

ICOSTO

Explore more

Sumsub Compliance Digest — December 2023 (+ Predictions for 2024)
Sumsub Compliance Digest — December 2023 (+ Predictions for 2024)
Arina Rumyanceva

Arina Rumyanceva

Legal Counsel at Sumsub

Ask Sumsubers: What will be the verification trends of the next 10 years?
Ask Sumsubers: What will be the verification trends of the next 10 years?
Vyacheslav Zholudev

Vyacheslav Zholudev

Co-founder and CTO at Sumsub

  • Game
  • Dec 14, 2023
  • < 1 min read
Know Your Future: 2024 Verification Horoscope
Know Your Future: 2024 Verification Horoscope
Alyssa Abrams

Alyssa Abrams

Content Manager