cryptofreedman

tl;dr for those who aren't connoisseurs of concepts like Ontology as I and Gabriel are ## intro - the "security token industry" has built compliance infrastructure assuming tokens are securities and compliance can/should be smart-contract-rules based - this is in direct conflict with the core value prop of blockchains: not "same intermediaries, on the blockchain w" but *disintermediation* - starting from this incorrect assumption about what tokens actually are has lead to a compliance theater cul-de-sac that just adds tech complexity on top (doesn't reduce compliance cost) ## the ontological confusion - Gabriel outlines 6 relationships tokens can have to securities: 1. chain-as-ledger 2. certificate tokens 3. instruction tokens 4. control agreement tokens 5. synthetic tokens 6. souvenir tokens - #1 chain-as-ledger means the token is actually the security because the blockchain is the ledger the company uses to track ownership; #3/4 instruction or control tokens direct (with varying levels of legal force) the issuer to update their offchain ownership ledger based on token movement/holdership; #6 souvenirs have 0 legal enforcement structure, may vaguely match an offchain ledger but there's no legal binding that creates consequence for dislocation - Gabriel argues only does #1 actually make tokens a security, none of the current chains/ERC implementations do so, and because of this they essentially only add complexity and compliance theater vs create meaningful economic value ## the PEB Report and the Token Instruction Model - the Permanent Editorial Board for the Uniform Commercial Code - the body responsible for monitoring and interpreting the UCC - has been circulating a draft report on the tokenization of securities transfers that primarily analyzes models #3 and 4 above, but also notes #1 (chain as ledger) is an explorable design space - the PEB report explicitly suggests tokens are not securities but Controllable Electronic Record under UCC Article 12 whose transfer of control constitutes an "instruction" to the issuer directing that the transfer of the uncertificated security be registered - under this model token transfers are messages to the issuer to "register this person as the new owner" BUT the issuer is not obligated to comply if certain conditions are not met; Gabriel argues this means the smart contract compliance logic is essentially theater because the issuer is still legally required to evaluate the transfer and determine whether to update it's offchain register or not ## why hard coded transfer compliance makes no sense for instruction tokens - when a token is simply an instruction and not a security, the entire compliance question remains where it has been with offchain securities: with the transfer agents/issuers who decide whether or not to honor the notification; these actors already have very sophisticated systems for tracking ownership and informing decision makers via richer context than onchain data provides, which renders smart contract logic redundant/thinly additive - Gabriel argues onchain compliance pipelines are worse than current offline implementations for three reasons: 1. onchain pipelines misidentify who bears compliance obligations; securities can trade peer to peer relatively freely, it's issuers, broker-dealers, transfer agents, investment advisors, etc who are subject to regulation; these intermediaries *can not* delegate their legal obligation to infrastructure (smart contract automations) and incorporating controls to attempt to do as much destroy the "marketability" of tokens (composability in defi; if you can't trust you can liquidate a token because the issuer might freeze the txn you can't accept it as collateral) 2. onchain compliance pipelines presume transfer control is the primary modality of securities regulation when it is in fact offering/holding period/resale restrictions for private market securities and broker-dealer/transfer agent/investment advisor activity in the case of public securities; some of the related activity could be monitored/controlled in smart contract functions but current implementations do not do this 3. onchain compliance pipelines are inflexible in a way that is incompatible with how compliance actually works; securities compliance is intentionally risk-based, judgement-intensive, and governed by principles not bright lines because bright-line hard-coded rules are inherently gameable; by hardcoding the compliance at the transfer layer protocols give the false impression that compliance is being handled when it is only being gestured at, which comes at the cost of gas expenses, composability constraints, a false sense of security, and the embedding of today's compliance assumptions into immutable/hard to upgrade code ## the permissioned-ledger variant - instead of wrapping public-chain tokens in compliance logic, Canton replaces the public chain entirely with a permissioned ledger where unauthorized txns can't even be constructed; Gabriel argues Reg SCI / PFMI / CFTC compliance don't require that unauthorized txns can't be attempted, they just can't be processed (by compliance departments who aren't disintermediated by any blockchain), so Canton trades away public chain competitive advantage while overfitting compliance needs - in doing this, he argues Canton is essentially isomorphic to existing post-trade infrastructure (DTCC/Euroclear/Clearstream), essentially adding a DAML layer on top of their COBOL, as it still requires all the same institutions, same gated membership, same bilateral opacity as the existing system - Canton's sub-transaction privacy also kills a concrete legal benefit to transparent blockchains: DGCL §§ 219/220 grant stockholders the right to inspect the stock ledger, and a public-chain architecture makes that automatic; to solve for privacy near-term: issuer-controlled view keys encrypting PII while the ledger structure remains publicly verifiable; longer-term: per-issuer ZK rollups (ZKsync's Prividium, already live with Deutsche Bank) settling to a public chain, gives you transparent settlement + encrypted state ## the common thread - the common failure across ERC-XXXX and Securitize/Canton tokenization standards is that all treated intermediation as a design constraint rather than the problem to be solved; every architectural choice assumes the existing intermediary chain persists and blockchains just add slight efficiency; this produced the false premises: if intermediaries are given, the token doesn't need to be constitutive, compliance can be encoded in the token, and the chain doesn't need to be public - by reducing the chain to a notification layer for offchain intermediaries (instruction/souvenir/control agreement tokens), these protocols threw away the one structural advantage of public blockchains: settlement finality; when onchain state is a suggestion not a fact, or even where state is authoritative there are god-mode admin powers, tokens become unusable as a DeFi primitive which is why tokenized securities have generated near-zero meaningful ecosystem activity - the "progressive decentralization" defense (ship instruction tokens now, make the chain constitutive later) has a poor track record: centralized dependencies become structurally embedded, the offchain DB becomes the system of record, admin keys become operationally necessary, compliance modules become contractual obligations to institutional partners, and migration cost exceeds maintenance cost ## what it means to really put securities onchain - Gabriel argues onchain compliance only does real work when the token is the security, which is why MetaLeX CyberCorps build from DGCL outward; bylaws designate the onchain system as the stock ledger under § 224, each Stock Ledger Entry Token (ERC-721) carries the full legal metadata (holder, class/series, share count, § 202 restrictions, Rule 144 dates, officer auths), and the smart contract's rejection of a noncompliant transfer is the issuer's refusal to register; ownership mutates via metadata updates not wallet transfers so a stolen NFT doesn't change who owns shares - entry/scrip separation solves defi composability: ERC-721 entry tokens hold the authoritative legal record + issuer governance powers, ERC-20 cyberSCRIPs mint against them for fungible liquidity with irreversible admin renunciation capability; lenders get real security interest with no override risk vs. ERC-3643 where agent freeze makes collateral unusable; the scrip layer accommodates multiple legal theories per issuer while chain-as-ledger stays intact underneath ## conclusion - the corrective isn't a better compliance module but a different question: "what legal architecture makes onchain state authoritative?"; Gabriel argues the answer starts from corporate law: bylaws designating the onchain system as the record, tokens carrying their own legal metadata, compliance doing structural work on the actual stock ledger not theater on a notification channel; a token that doesn't know what it is can't be made compliant by infrastructure that doesn't know what it's protecting - his argument revolves around what a token actually is as a matter of law: get it right and compliance follows naturally, the blockchain does real work, the intermediary chain shortens; get it wrong and no compliance engineering meaningfully closes the gap - the stakes are whether tokenization delivers its promise: self-custodied legally authoritative ownership, peer-to-peer settlement, open stock ledgers, programmable full-lifecycle infrastructure; that requires chain-as-ledger (tokens = legal record, chain = ledger, governing instruments fusing both); instruction tokens can't get there regardless of wrapper sophistication