SEC Tokenized Securities Framework: The Definitive Institutional Guide
The Securities and Exchange Commission’s approach to tokenized securities represents the single most critical regulatory framework for any institution seeking to issue, trade, or invest in blockchain-based security tokens in the United States. The SEC has published specific guidance on digital asset classification. This guide provides a comprehensive analysis of how the SEC classifies, regulates, and enforces rules around tokenized securities — written for compliance officers, securities attorneys, and institutional investors who need precision, not speculation. For how the Howey Test applies to tokens, see our token classification overview and the security vs commodity distinction. For Regulation D specifics, see our SEC Reg D tokenized offerings guide.
Table of Contents
- How the SEC Defines Tokenized Securities
- The Howey Test and Digital Asset Classification
- Registration Requirements for Tokenized Securities
- Exemptions Available for Token Offerings
- Regulation D — The Primary Exemption for Security Tokens
- Regulation A+ for Tokenized Offerings
- Regulation S for International Token Offerings
- Regulation CF for Tokenized Crowdfunding
- Transfer Restrictions and Secondary Market Trading
- ATS Requirements for Security Token Platforms
- Broker-Dealer Registration for Token Intermediaries
- Custody and Safekeeping of Tokenized Securities
- SEC Enforcement Actions and Precedents
- Paul Atkins Era: Regulatory Shifts in 2025-2026
- Compliance Roadmap for Institutional Participants
How the SEC Defines Tokenized Securities
The SEC treats tokenized securities — digital representations of traditional securities such as stocks, bonds, fund interests, or other investment contracts recorded on blockchain infrastructure — identically to their traditional counterparts for purposes of federal securities law. This principle, consistently articulated across enforcement actions, staff guidance, and no-action letters, means that the use of blockchain technology for issuance, transfer, or settlement does not create new regulatory categories or exemptions.
A tokenized security is subject to the same registration, disclosure, and reporting requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934 as any other security. The underlying technology is irrelevant to the classification analysis. What matters is the economic substance of the arrangement, the rights and expectations it creates, and whether it satisfies the legal definition of a security under federal law.
This technology-neutral approach has significant practical implications. Issuers of tokenized securities must register with the SEC or qualify for an exemption. Trading platforms must register as national securities exchanges or operate as Alternative Trading Systems (ATS) under Regulation ATS. Intermediaries must register as broker-dealers. Custodians must comply with the SEC’s customer protection rule. There is no “blockchain exemption” from federal securities law.
The Howey Test and Digital Asset Classification
The foundational legal framework for determining whether a digital asset constitutes a security is the Howey test, derived from the Supreme Court’s 1946 decision in SEC v. W.J. Howey Co. The test identifies an “investment contract” — and therefore a security — where there is: (1) an investment of money, (2) in a common enterprise, (3) with a reasonable expectation of profit, (4) derived from the efforts of others.
The SEC’s Division of Corporation Finance published a “Framework for ‘Investment Contract’ Analysis of Digital Assets” in April 2019, providing detailed guidance on how the Howey test applies to digital assets. The framework emphasizes that the analysis is fact-specific and requires evaluation of the economic realities of the transaction, not its form or label.
Prong 1 — Investment of money. The SEC interprets “investment of money” broadly. Payment in fiat currency, other digital assets, or any form of consideration satisfies this prong. Airdrops and free distributions may not satisfy this prong if recipients provide no consideration, but the SEC has argued that certain airdrops designed to create a market can still constitute investment contracts.
Prong 2 — Common enterprise. Federal courts have adopted varying formulations of the common enterprise requirement. The SEC typically relies on “horizontal commonality” — the pooling of assets from multiple investors such that each investor’s fortunes are tied to the success of the overall enterprise — which is readily established for most token offerings where sale proceeds fund a development team or project.
Prong 3 — Reasonable expectation of profit. The SEC looks at whether purchasers have an objective expectation of financial return. Marketing materials emphasizing price appreciation, references to token value increasing as the network grows, and secondary market trading are all indicators. Conversely, tokens marketed purely for consumptive use within a functioning ecosystem may have a weaker nexus to profit expectations.
Prong 4 — Efforts of others. This is the most contested prong. The SEC examines whether purchasers rely on a centralized team or third party for the development, management, or operation of the network. Former Director William Hinman’s 2018 speech articulated the concept that a sufficiently decentralized network might not satisfy this prong — but the SEC has never formally adopted “sufficient decentralization” as a regulatory safe harbor.
Registration Requirements for Tokenized Securities
Section 5 of the Securities Act of 1933 prohibits the offer or sale of securities unless a registration statement is in effect or an exemption applies. For tokenized securities, this means:
- Form S-1 registration for public offerings, requiring full financial disclosures, risk factors, management discussion, and ongoing reporting obligations under the Exchange Act
- Form S-3 for eligible seasoned issuers with tokenized securities already trading on a registered platform
- Form 10-K, 10-Q, and 8-K ongoing reporting for registered issuers
The registration process for tokenized securities follows the same procedures as traditional securities. The Division of Corporation Finance reviews registration statements and may issue comments requiring amendments. The SEC has not created separate forms or procedures for blockchain-based securities.
Exemptions Available for Token Offerings
Most tokenized security offerings in the US market rely on exemptions from registration rather than full SEC registration. The principal exemptions used are:
Regulation D (Rules 504, 506(b), 506(c)) — The most frequently used exemption for security token offerings, particularly Rule 506(c) which permits general solicitation to verified accredited investors.
Regulation A+ (Tier 1 and Tier 2) — Often called a “mini-IPO,” Regulation A+ permits offerings of up to $75 million (Tier 2) with scaled-down disclosure requirements and allows sales to non-accredited investors.
Regulation S — Provides an exemption for offerings made exclusively outside the United States to non-US persons.
Regulation CF — Permits crowdfunding offerings of up to $5 million through registered intermediaries.
Section 4(a)(2) — The statutory private placement exemption, typically used in conjunction with Regulation D safe harbor provisions.
Regulation D — The Primary Exemption for Security Tokens
Regulation D is the workhouse exemption for the security token market. The vast majority of compliant US security token offerings have relied on Rule 506(b) or Rule 506(c).
Rule 506(b) permits issuers to raise unlimited capital from an unlimited number of accredited investors and up to 35 non-accredited “sophisticated” investors, provided no general solicitation or advertising is used. This restriction has practical implications for token offerings — issuers cannot publicly market the token sale or post offering details on public websites accessible to the general public.
Rule 506(c) permits general solicitation and advertising, but sales must be made exclusively to verified accredited investors. The issuer must take “reasonable steps” to verify accredited investor status, which may include reviewing tax returns, bank statements, brokerage statements, or obtaining written confirmation from a registered broker-dealer, attorney, or CPA. For tokenized offerings, this verification typically occurs through a KYC/AML onboarding process integrated into the token issuance platform.
Form D filing. Issuers relying on Regulation D must file a Form D with the SEC within 15 days of the first sale. The Form D is a notice filing, not an application for approval, but failure to file can jeopardize the exemption under certain circumstances.
Transfer restrictions. Securities sold under Regulation D are “restricted securities” under Rule 144. Holders generally cannot resell these securities for a minimum of six months (for reporting issuers) or twelve months (for non-reporting issuers) after the sale, and even after the holding period, resales must comply with Rule 144’s conditions or another exemption.
For tokenized securities, these transfer restrictions are typically enforced through smart contract logic that restricts token transfers to whitelisted wallet addresses corresponding to verified, eligible investors.
Regulation A+ for Tokenized Offerings
Regulation A+ has been used by several tokenized securities issuers seeking to reach a broader investor base including non-accredited investors.
Tier 1 allows offerings of up to $20 million in a 12-month period, requires SEC qualification of an offering circular, but does not require ongoing Exchange Act reporting.
Tier 2 allows offerings of up to $75 million in a 12-month period, requires SEC-qualified offering circular with audited financial statements, and imposes ongoing reporting requirements (annual reports on Form 1-K, semi-annual reports on Form 1-SA, and current reports on Form 1-U). Non-accredited investors in Tier 2 offerings are limited to investing no more than 10% of their annual income or net worth.
The SEC has qualified several Regulation A+ token offerings, establishing precedent that blockchain-based securities can proceed through this exemption pathway. The qualification process typically takes 3-6 months and involves substantive SEC review of the offering circular.
Regulation S for International Token Offerings
Regulation S provides a safe harbor for offers and sales of securities that occur outside the United States. For tokenized securities, Regulation S is significant because blockchain networks are inherently global — tokens can technically be transferred to any wallet address worldwide.
To rely on Regulation S, issuers must ensure that: (1) the offer and sale occur in an “offshore transaction”; (2) no “directed selling efforts” are made in the United States; and (3) applicable “distribution compliance period” restrictions are observed.
For tokenized securities, compliance with Regulation S typically requires geo-fencing mechanisms in the token sale platform, IP address screening, contractual representations from purchasers regarding their non-US status, and smart contract transfer restrictions that prevent tokens from being transferred to US-flagged wallet addresses during the distribution compliance period.
Regulation CF for Tokenized Crowdfunding
Regulation CF permits issuers to raise up to $5 million through SEC-registered intermediaries (either registered broker-dealers or funding portals). Token offerings under Regulation CF must be conducted through a platform registered with the SEC and FINRA.
The maximum amount an individual investor can invest across all Regulation CF offerings in a 12-month period depends on their income and net worth — investors with annual income or net worth below $124,000 (2026 threshold) can invest the greater of $2,500 or 5% of the lesser of their annual income or net worth.
Transfer Restrictions and Secondary Market Trading
One of the most critical practical considerations for tokenized securities is the legal framework governing secondary market trading. Unlike utility tokens or payment tokens, security tokens cannot freely trade on unregulated platforms.
Restricted securities sold under Regulation D or other private placement exemptions are subject to resale restrictions under Rule 144. The holding periods, volume limitations, and manner-of-sale conditions apply regardless of the blockchain-based form of the security.
Transfer agent requirements. Section 17A of the Exchange Act requires transfer agents for securities to register with the SEC. Companies using blockchain as a stock ledger or transfer system may need to register as transfer agents or use registered transfer agents for their tokenized securities.
Smart contract enforcement. The tokenized securities industry has developed compliance-enforcing smart contracts that restrict transfers to pre-verified wallet addresses. These “permissioned” token contracts maintain on-chain whitelists of eligible investors, ensuring that transfers only occur between wallets that have passed KYC/AML verification and meet applicable investor qualification requirements.
ATS Requirements for Security Token Platforms
Platforms that facilitate secondary trading of tokenized securities must register with the SEC as a national securities exchange or operate as an Alternative Trading System (ATS) under Regulation ATS.
An ATS must be operated by a registered broker-dealer, file a Form ATS with the SEC, and comply with requirements covering fair access, order display, confidentiality, and record-keeping. Several platforms — including tZERO, INX, and Securitize Markets — have obtained ATS registration to facilitate security token trading.
The SEC has emphasized that platforms facilitating trading in tokenized securities cannot operate without proper registration. Enforcement actions against unregistered platforms have established clear precedent that operating a marketplace for security tokens without ATS registration or exchange registration constitutes a violation of Section 5 of the Exchange Act.
Broker-Dealer Registration for Token Intermediaries
Entities that effect transactions in tokenized securities, solicit orders, or handle customer funds and securities in connection with token trading must register as broker-dealers with the SEC and become members of FINRA.
The SEC’s Division of Trading and Markets has issued a Joint Staff Statement on broker-dealer custody of digital asset securities, addressing the specific challenges of applying the SEC’s customer protection rule (Rule 15c3-3) to digital assets. The statement acknowledges that distributed ledger technology creates unique custody considerations but maintains that the protective principles of the customer protection rule apply.
Special purpose broker-dealers that limit their activities to digital asset securities may operate under a conditional framework the SEC has established, provided they maintain certain controls and meet specific conditions.
Custody and Safekeeping of Tokenized Securities
Custody of tokenized securities presents unique regulatory challenges. Under the SEC’s customer protection rule, broker-dealers must maintain physical possession or control of customer securities. For digital assets, “control” requires the broker-dealer to maintain exclusive access to the private keys controlling the tokens.
Investment advisers are subject to the SEC’s custody rule (Rule 206(4)-2 under the Investment Advisers Act), which requires that client assets be held by a “qualified custodian.” The SEC proposed amendments in 2023 to expand the custody rule to cover all client assets including digital assets, requiring qualified custodians to maintain them in a manner that protects against loss.
State-chartered trust companies have emerged as qualified custodians for tokenized securities, with several states (including Wyoming, South Dakota, and New York) granting trust charters to digital asset custodians.
SEC Enforcement Actions and Precedents
The SEC has brought hundreds of enforcement actions related to digital assets, establishing significant precedent for the treatment of tokenized securities.
Key enforcement themes include:
- Unregistered offerings. The SEC has pursued issuers who conducted token offerings without registering or qualifying for an exemption. Settlements have ranged from disgorgement of proceeds plus penalties to comprehensive undertakings including offering rescission to token purchasers.
- Unregistered exchange operations. Platforms that facilitated trading in tokens the SEC deemed to be securities without registering as exchanges or ATS have faced enforcement action.
- Fraud and misrepresentation. Cases involving material misrepresentations about technology, team qualifications, or use of proceeds in connection with token offerings.
- Market manipulation. Actions against individuals and entities engaging in pump-and-dump schemes, wash trading, and other manipulative practices involving security tokens.
Paul Atkins Era: Regulatory Shifts in 2025-2026
The appointment of Paul Atkins as SEC Chair in 2025 signaled a meaningful shift in the Commission’s approach to digital asset regulation. Chair Atkins, known for his support of innovation and market-based solutions during his previous tenure as SEC Commissioner (2002-2008), has implemented several notable changes:
Staff guidance approach. Rather than regulation-by-enforcement, the Atkins SEC has prioritized issuing staff guidance, no-action letters, and interpretive releases to provide clarity on specific tokenization use cases. This includes guidance on tokenized money market funds, tokenized treasury securities, and fractionalized real estate tokens.
Crypto Task Force. The establishment of a dedicated Crypto Asset Task Force within the Division of Corporation Finance to provide a point of contact for issuers seeking guidance on token offerings and registration questions.
Regulatory sandbox signals. While the SEC has not formally established a regulatory sandbox, Chair Atkins has signaled openness to time-limited, conditions-based relief for innovative tokenization platforms operating in good faith.
Continued enforcement. Despite the shift in tone, the SEC continues to bring enforcement actions against clearly fraudulent token offerings and platforms that operate without required registrations. The distinction is between enforcement against fraud versus enforcement as a tool for establishing regulatory policy.
Compliance Roadmap for Institutional Participants
For institutions entering the tokenized securities market, the following compliance framework applies:
Step 1 — Classification analysis. Determine whether the token constitutes a security under the Howey test. Engage securities counsel to conduct a formal classification analysis documented in a legal memorandum.
Step 2 — Exemption selection. If the token is a security, select the appropriate registration exemption. For institutional offerings, Regulation D Rule 506(c) is the most common pathway. For offerings to a broader investor base, evaluate Regulation A+ or Regulation CF.
Step 3 — Smart contract compliance. Implement transfer restriction logic in the token smart contract to enforce holding periods, investor qualification requirements, and jurisdictional restrictions.
Step 4 — Intermediary registrations. Ensure that any platform facilitating trading, any entity effecting transactions, and any custodian holding tokens has the appropriate SEC and FINRA registrations.
Step 5 — Ongoing compliance. Maintain Form D filings, blue sky notice filings, AML/KYC records, and any ongoing reporting obligations required by the applicable exemption.
Step 6 — Secondary market monitoring. Monitor for unauthorized trading of the tokenized securities on unregistered platforms and take appropriate action to maintain exemption compliance.
This analysis is provided for informational purposes only and does not constitute legal advice. Consult qualified securities counsel for guidance specific to your circumstances. For additional regulatory intelligence, explore our US Federal Tokenization Policy hub or our Definitive Guide to Tokenization Regulation.