A security token offering is a capital-raising transaction in which the issuer sells tokens that constitute securities under federal and state law. The compliance framework is identical in principle to traditional securities offerings – the Securities Act of 1933 requires either registration with the SEC or an applicable exemption – but the technology layer introduces additional compliance considerations around smart contract design, transfer restrictions, investor verification, and secondary market infrastructure.
The STO market has matured from a niche concept to an established capital formation pathway. Over $10 billion in security tokens have been issued under various SEC exemptions, with real estate, private equity, and debt instruments leading the asset classes. Platforms including Securitize, Polymath, and tZERO provide the infrastructure for compliant issuance and secondary trading. The pathway to a compliant STO is well-established, but requires meticulous attention to securities law, careful structuring, and the right team of legal counsel, technology providers, and compliance service providers.
Is Your Token a Security?
The Howey Test
The threshold question for any token offering is whether the token constitutes a security. Under SEC v. W.J. Howey Co. (1946), an investment contract – and therefore a security – exists when there is:
- An investment of money
- In a common enterprise
- With an expectation of profits
- Derived predominantly from the efforts of others
The SEC has applied this test broadly to digital assets. The Division of Corporation Finance’s “Framework for ‘Investment Contract’ Analysis of Digital Assets” (April 2019) provides detailed guidance on how the Howey test applies to tokens, examining factors including:
- Whether purchasers have a reasonable expectation of profit
- Whether value is derived from the efforts of an “Active Participant” (the issuer or promoter)
- Whether the token has consumptive use functionality that limits the expectation of profit
- The degree of decentralization of the network
If the token meets the Howey test, it must be registered with the SEC or issued under an applicable exemption.
Registration Exemption Pathways
Regulation D: Private Placement
Regulation D is the most common exemption for security token offerings. It provides three rules:
Rule 506(b):
- Raise unlimited capital
- Up to 35 non-accredited investors (who must be “sophisticated”) plus unlimited accredited investors
- No general solicitation or advertising permitted
- No SEC qualification or review required
- Form D filing within 15 days of first sale
- Transfer restrictions under Rule 144 (one-year holding period for non-reporting issuers)
Rule 506(c):
- Raise unlimited capital
- Accredited investors only
- General solicitation and advertising permitted (critical for token offerings that are inherently visible)
- Issuer must take “reasonable steps” to verify accredited investor status
- Form D filing within 15 days of first sale
- Transfer restrictions under Rule 144
Rule 504:
- Raise up to $10 million in a 12-month period
- Can sell to accredited and non-accredited investors
- Limited general solicitation in some states
- Less common for STOs due to the lower raise limit
Regulation D is the preferred pathway for most STOs because:
- Rule 506(c) permits general solicitation, which is essential for token offerings that are marketed online
- No SEC review or qualification is required, enabling faster time to market (2-4 months)
- No limit on the amount raised
- Federal preemption of state blue sky registration (though state notice filings are required)
Regulation A+ (Tier 2): Mini-IPO
Regulation A+ Tier 2 allows issuers to raise up to $75 million in a 12-month period from both accredited and non-accredited investors:
- SEC qualification required (Form 1-A filing reviewed by SEC staff)
- Two years of audited financial statements required
- Investment limits for non-accredited investors: the greater of 10% of annual income or 10% of net worth
- General solicitation permitted
- Ongoing reporting: annual reports (Form 1-K), semi-annual reports (Form 1-SA), current event reports (Form 1-U)
- Securities are freely tradable (no transfer restrictions)
- Federal preemption of state blue sky qualification
Reg A+ is suited for STOs seeking:
- Broad retail distribution (non-accredited investors can participate)
- Liquid secondary market (freely tradable securities)
- Higher profile public offering with SEC imprimatur
Drawbacks:
- SEC qualification process takes 6-12 months
- Legal and accounting costs of $300,000-$750,000
- Ongoing reporting obligations add $75,000-$200,000 annually
- SEC staff may issue extensive comment letters requiring iterative responses
Regulation S: Offshore Offerings
Regulation S provides a safe harbor for offers and sales made outside the United States to non-US persons:
- No SEC registration or qualification required
- No limit on the amount raised
- Must satisfy two conditions: the offer is made in an “offshore transaction” and no “directed selling efforts” are made in the US
- Transfer restrictions during the “distribution compliance period” (40 days for equity of reporting issuers; one year for non-reporting issuers)
- Often conducted in parallel with a Regulation D offering (Reg D for US investors, Reg S for international)
Regulation CF: Crowdfunding
Regulation CF permits raises of up to $5 million through registered crowdfunding intermediaries:
- Available to both accredited and non-accredited investors
- Must be conducted through an SEC-registered funding portal or broker-dealer
- Investment limits based on income and net worth (greater of $2,500 or 5% of income/net worth for investors below $124,000; 10% for investors above $124,000, capped at $124,000)
- Form C filing required with specific disclosures
- Annual report filing (Form C-AR)
- Transfer restrictions: one year holding period
Step-by-Step STO Compliance Process
Step 1: Legal Structuring (Weeks 1-4)
Engage experienced securities counsel to:
- Analyze the token under the Howey test and confirm security classification
- Select the appropriate exemption pathway based on the target investor base, raise amount, and timeline
- Structure the offering entity (typically a Delaware LLC or corporation)
- Draft the offering documents: Private Placement Memorandum (for Reg D), Offering Circular (for Reg A+), or Form C (for Reg CF)
- Draft subscription agreements with appropriate representations, warranties, and risk factors
- Prepare the operating agreement or corporate documents to reflect token holder rights
- Obtain a legal opinion on the token’s security classification
Cost: $100,000-$250,000 for Regulation D; $250,000-$500,000 for Regulation A+
Step 2: Smart Contract Development (Weeks 3-8)
The security token smart contract must implement compliance features:
- Transfer restrictions: Only addresses that have been whitelisted by the transfer agent can receive tokens. Smart contracts check a whitelist registry before executing any transfer.
- Accredited investor verification: The whitelist is populated only with addresses belonging to verified accredited investors (for Reg D 506(c)) or qualified investors (for Reg S)
- Jurisdiction blocking: Transfers to addresses in restricted jurisdictions are prevented
- Holding period enforcement: Transfers are blocked during the Rule 144 holding period for Reg D offerings
- Maximum holder limits: For Rule 504 or to avoid Exchange Act registration triggers
- Corporate actions: Dividend distribution, voting, and other rights encoded in the smart contract
Token standards: ERC-1400 (security token standard), ERC-3643 (T-REX protocol), or proprietary standards from platforms like Securitize (DS Protocol)
Cost: $50,000-$150,000 for smart contract development and audit
Step 3: Transfer Agent Registration (Concurrent)
The entity maintaining the token holder registry must be registered as a transfer agent with the SEC under Section 17A of the Securities Exchange Act:
- Self-registration by the issuer or engagement of a registered transfer agent
- Securitize is the most prominent SEC-registered transfer agent for security tokens
- The transfer agent maintains the definitive record of token ownership, regardless of blockchain records
- Annual reporting obligations and SEC examination requirements
Step 4: Platform and Technology Setup (Weeks 5-10)
Select and configure the STO technology stack:
Issuance Platform: Securitize, Polymath, TokenSoft, or Vertalo for token creation, investor onboarding, and compliance management
KYC/AML Provider: Integrated identity verification for investor onboarding (Sumsub, Jumio, or the issuance platform’s built-in KYC)
Accredited Investor Verification: Verify Investor, Accreditation.io, or manual verification through securities counsel (for 506(c) offerings)
Escrow: An escrow agent to hold investor funds during the offering period until closing conditions are met
Custody: Qualified custodian for token safekeeping if the issuer is an investment adviser
Step 5: Regulatory Filings (Varies by Exemption)
Regulation D: File Form D with the SEC within 15 days of the first sale. File state notice filings (blue sky) in each state where securities are sold. Most states accept the Uniform Form D via the NASAA EFD system. State notice filing fees range from $100 to $750 per state.
Regulation A+: File Form 1-A with the SEC. Respond to staff comment letters (typically 1-3 rounds over 3-6 months). Obtain SEC qualification before commencing sales. File Reg A+ offering page information on EDGAR.
Regulation S: No SEC filing required, but the issuer must implement distribution compliance period restrictions and maintain records of offshore transactions.
Step 6: Investor Onboarding and Token Distribution (Ongoing)
- Investors complete KYC verification and accreditation checks through the issuance platform
- Investors sign subscription agreements electronically
- Investor addresses are whitelisted on the smart contract after verification
- Funds are collected and held in escrow
- At closing, tokens are distributed to whitelisted addresses
- The transfer agent records the issuance on its books and records
Step 7: Post-Offering Compliance (Ongoing)
- File Form D amendments if material changes occur
- Manage transfer restrictions and whitelisting for secondary transfers
- File ongoing reports if required (Reg A+ Tier 2: 1-K, 1-SA, 1-U)
- Monitor for Exchange Act registration triggers (2,000 holders of record or 500 non-accredited holders with $10M+ total assets)
- Distribute tax documents (K-1s for LLCs, 1099-DIV for dividends)
- Maintain anti-fraud compliance and insider trading policies
Cost Summary
| Component | Reg D 506(c) | Reg A+ Tier 2 |
|---|---|---|
| Securities counsel | $100,000-$250,000 | $250,000-$500,000 |
| Smart contract development and audit | $50,000-$150,000 | $50,000-$150,000 |
| Issuance platform fees | $25,000-$75,000 | $25,000-$100,000 |
| Audited financial statements | Not required | $30,000-$100,000 |
| SEC filing and qualification | $0 (Form D free) | $0 (no filing fee) |
| State notice filings | $5,000-$25,000 | Preempted |
| KYC/accredited investor verification | $10,000-$30,000 | $10,000-$50,000 |
| Marketing and investor relations | $25,000-$100,000 | $50,000-$250,000 |
| Total | $215,000-$630,000 | $415,000-$1,150,000 |
| Timeline | 2-4 months | 6-12 months |
For the Regulation D framework, see the Reg D compliance guide. For offshore offerings, see the Reg S guide. For the security token encyclopedia entry, see Security Token. For transfer agent requirements, see the transfer agent guide. For the Securitize platform, see the Securitize profile. For the SEC profile, see SEC regulator. For AML compliance, see the AML program guide. For official guidance, consult the SEC EDGAR database.