How KoreChain Helps Companies Raise Capital Compliantly

Recently, KoreConX’s CEO Oscar Jofre was a guest on Fintech.TV’s Digital Asset Report to discuss the KoreChain Infrastructure. Watch the full video on YouTube.

 

What is KoreChain?

The KoreChain infrastructure is a blockchain technology that can be leveraged by companies qualified with the SEC to help them raise capital. It is the first fully SEC-compliant blockchain technology to connect broker-dealers, investors, companies, secondary market alternative trading systems, banking whales,  and all stakeholders in private capital markets.

 

KoreChain overview:

  • KoreChain is a permissioned blockchain.
  • KoreChain is built on enterprise-class industrial-strength hyper ledger fabric.
  • KoreChain is safe and secure: hosted on IBMs servers with the highest level of security (FIPS 140-2 level 4).
  • KoreChain is wholly focused on tokenized securities for global private capital markets. 

 

The technology enables a roadmap that others can adopt as long as they go through the qualification process to create fully SEC-compliant stable coins, NFTs, or other blockchain offerings. By being fully SEC-compliant, KoreChain offered by KoreConX is putting best practices forward, supplying the industry with standardization about market infrastructure, regulation, and how the latest and best technology can collaborate for the best outcome.

 

Why Utilize KoreChain?

The new SEC commissioner is not against cryptocurrencies; instead, he wants these offerings to utilize regulations instead of accessing these technologies through the side or back door. Using SEC regulations provides efficiency, transparency, and secondary liquidity, particularly helpful in private markets. The KoreChain technology allows you to offer all of this when creating assets on the blockchain.

 

The characters that differentiate KoreChain from other blockchains are: 

  • Permissioned 
  • Governed (including separate audit chain)
  • Complete lifecycle management of contracts
  • Event management
  • Artificial Intelligience 
  • Modular
  • APIs that integrate with the ecosystem

 

The KoreChain is the first fully SEC-compliant blockchain that meets regulations, encouraging understanding of SEC rules, regulations, and participants. The blockchain provides added confidence, so those using blockchain technologies find the process more efficient, from the investor to everyone involved. The KoreChain is a transparent solution that shortens the cycle of creation for anyone involved because investors can follow a fully SEC-compliant playbook through the entire process. 

Forbes interview with KoreConX founders

Do you know how to invest in the private capital market?  Not many people do.  It is complicated, requires a lot of paperwork, has low transaction volume, comes with risk and volatility, and not very liquid.

Could distributed ledger technology (DLT) be used to reduce back-office fees and expand the market for this asset class?

I interviewed Oscar Jofre, CEO and co-founder of KoreConX, who believes his platform and infrastructure can help.

KoreConX is a company working to change how businesses raise capital.  Mr. Jofre is an advocate for using DLT to bring transparency to a fractured process.  Mr. Jofre mentioned, “There are over 90,000 companies in our platform from around the globe who have raised more than $6.6 billion. Companies who use the KoreConX platform raised capital working with broker-dealers or direct offerings on their own. We are purely providing the technology to make sure they are fully compliant and to manage the entire process.”

What is the private capital market?  What are the problems?

The private capital market represents companies not publicly traded on stock exchanges. Private funds, venture capital investors, and some mutual funds are typically the main buyers.  Investments can be in new start-up enterprises, mature business, or sometimes struggling firms. This type of asset is considered to be highly risky.

One critical problem, the team at KoreConX explained, was the lack of market access for small firms. Dr. Kiran Garimella, KoreConX’s CSO and CTO, said, “The majority of participants in private capital markets are smaller entities who are closely connected with local companies and investors. They cannot afford huge expenses for integrated systems.”  KoreConX specializes in connecting all sizes of firms rather than limiting their scope to more mature enterprises.  Interestingly CEO Oscar Jofre’s background is crowdfunding, which is a driving influence in his business.

Jason Futko, CFO and co-founder, said, “It is often difficult for companies in the private capital markets to identify investors to present their opportunity. The fragmentation in this market can make it difficult to find investors or other professionals to help you grow your business.”

On June 26th, 2019, Broadridge bought from Northern Trust a similar blockchain platform.  There is competition in this space from many players. Mr. Jofre said, “There are companies like Carta, Capshares, ComputerShare, AST, and Link Group that offer some of the features KoreConX provides in our all-in-one platform. We have a much different view of the market. To truly transform it, we need to make sure all participants have all the tools they need. If they don’t, then we will never see any great change in the private capital markets.”

KoreConX launched on October 11th, 2019, their new blockchain ecosystem for fully compliant digital securities worldwide.  Their mission is to ensure compliance with securities regulation and corporate law.  The KoreConX platform includes securitized token issuance, trading, clearing, settlement, management, reporting, and corporate actions.

As explained to me by the management team, the lack of data integrity and regional knowledge of jurisdictional compliance can restrict investment opportunities offered to the public.  Mr. Futko continued, “Obviously part of the solution under KoreConX has to be around connecting document fragmentation, providing access to professionals and creating trust through our blockchain, which ensures both business and regulatory logic.”

Why can blockchain technology help now?

The KoreConX team stated that the private capital markets serve over 450 million private companies worldwide today.  They have a lack of document transparency and high fees. Compare this to public capital markets, which have established listing standards and rules.  Furthermore, open markets are used every day and can handle many transactions.  Dr. Garimella said, “Blockchain offers technology that provides solid mechanisms for trust through immutability and consensus among parties.”

I asked Mr. Jofre to explain why his work was different from larger companies, like Broadridge? He responded, “KoreConX is entering a market with many providers who have a single feature or application. For private capital markets to be as efficient, as public listed markets, it needs an infrastructure layer and an application layer.  KoreConX brings both.  We do not exclude anyone because of size or geography.”

FINRA BD Requirements for RegA+ & Digital Securities

FINRA BD Requirements for RegA+ & Digital Securities

The private markets are receiving a much updated revamp by the SEC which is having a major impact on registered FINRA Broker-dealer firms.  Here are two (2) of the most common activities for which FINRA Broker-dealers (BD) are approached by companies.  Most BD’s are not aware that in order to help companies raise capital utilizing these regulations, there is a registration they must first do with FINRA.

We went to the source that has been helping many FINRA Broker-dealers and put the responses in a simple way.  Ken Norensberg, Managing Director, Luxor Financial provides the answers to which all BDs need to pay extra attention to make sure you are fully compliant.

RegA+ (Regulation A)

Broker-dealers today have the ability to help companies that are using either Regulation D (RegD) or regulation A(RegA+).  Now what they are not aware of is that in order to allow them to help companies with RegA+ they do need to be registered with FINRA. If that registration isn’t done, they are not allowed to proceed in offering those services. This process can take anywhere from 60 to 90 days or it could happen sooner.  Most firms are not aware that when they take on a RegA+ client, they must apply to FINRA to represent them in the offering. This is done at the same time the company is filing their Form 1A with the SEC for their RegA+ offering.

Digital Securities

Digital Securities are now becoming main street language and most Broker-dealers want to offer this to investors. Unfortunately, if they do not have FINRA approval for digital securities, it’s not a product they can represent or offer to investors.  Digital Securities require registration. The process is like putting a full new member application, and it will take anywhere up to four (4) months.  Your firm must file with FINRA for each of the exemptions you want to use for Digital Securities (RegD and or RegA+.  Here is what your firm will be required to answer to FINRA in its application.

  • You will need a detail business plan
  • What entities are the holders of the “private keys” in the DLT network that would be required to gain access to the digital securities, cash-backed digital securities holdings or digital currency? 
  • Are multiple keys needed to gain access or is a single key sufficient?
  • Who controls or has access to the DLT network where the assets are held?
  • What happens in the event of a loss or destruction of assets (either due to fraud or technological malfunction) on the network?
  • If the broker-dealer was to fail and is liquidated in a proceeding under the Securities Investor Protection Act of 1970, as amended, how would customers’ securities and funds be treated, and how would customers access their assets?
  • In instances where firms have established partnerships with other firms to serve as their back-ups and to carry out critical functions in the event of emergencies, what type of access would those back-up firms have to the private keys?
  • How will customers or the Securities Investor Protection Corporation (SIPC) trustee access the customers’ assets in the event of a defaulted broker-dealer? What parties will be involved, and what are their roles and responsibilities?
  • How does the use or application of the DLT network affect the market risk, liquidity or other characteristics of the asset?
  • What information is maintained using the DLT network?
  • What will be deemed as the physical location of the firm’s records maintained on a node of a DLT network that may extend over multiple countries?
  • What parties have control or access to the firm’s records? What are their rights, obligations and responsibilities related to those records, and how are they governed?
  • What is the firm’s (and other participants’) level of access to the data, and in what format would it be able to view the data?
  • How does the DLT network interact with the firm’s own systems for recordkeeping purposes?
  • How would the records be made available to regulators?
  • How will the firm’s traditional exception reporting, used to supervise transactions, be generated from a DLT network?
  • How will the firm protect any required records from tampering, loss or damage?
  • Clearance & Settlement?
  • Anti-Money Laundering (AML) Procedures & Know Your Customer (KYC) Rules?
  • Customer Data and Privacy?
  • Trade & Order Reporting Requirements?
  • Supervision & Surveillance of Transactions?
  • Fees & Commissions?
  • Customer Confirmations & Account Statements?
  • Anticipated Customer Base?
  • Facilities, Hosting?
  • Licensed & Qualified Staff

As the market is evolving to provide more alternatives to companies and investors, FINRA Broker-dealers need to also make sure their licenses are up to date to be able to offer these updated alternatives.  It’s not enough that you are registered with FINRA.

Thank you to Ken Norensberg, Managing Director of Luxor Financial, who provided this valuable information to assist Broker-dealers to stay compliant.  Ken has been helping FINRA Broker-dealers manage these new registration requirements. 

About Ken Norensberg & Luxor

Luxor Financial Group, Inc. a NY based Broker-Dealer Consulting Firm that specializes in setting up Independent Broker-Dealers. We are experts in New Member Applications, Continuing Membership Applications, Expansion Filings, FINRA and SEC Audits, Anti Money Laundering Reviews, Business Development and general compliance and business development services. www.luxorbd.com

Ken is a former Member of the FINRA Board of Governors. FINRA oversees the regulatory activities and business practices of over 4,500 Broker-Dealers, 163,000 Branch offices, 630,000 registered representatives and 3,500 employees and consultants with annualized revenues and a budget of approximately $800,000,000 (Eight hundred million dollars.)

The Board contends with many complex issues that affect large organizations from generating revenues, managing expenses, personnel, legal, regulatory, political and operational issues.

Additionally, Ken was a Member of the following committees and subcommittees:

  • Regulatory Policy Committee
  • Emerging Regulatory Issues (Subcommittee)
  • Financial, Operations & Technology Committee
  • Pricing (Subcommittee)
  • Ex-Officio of the Small Firms Advisory Board (SFAB)

Wake up call, do you have the right chain for securities?

Polymath is the latest of the Ethereum fan club that has woken up to the fact that Ethereum isn’t the right blockchain platform for financial securities. The reasons include the permissionless and unverified participants, gas fees, unpredictable settlement, poor performance, and lack of scalability.

Vitalik himself was the first to point this out way back on May 9, 2016 (3.5 years ago—a lifetime in crypto-space) in a blog post on Settlement Finality: “This concept of finality is particularly important in the financial industry, where institutions need to maximally quickly have certainty over whether or not the certain assets are, in a legal sense, “theirs”, and if their assets are deemed to be theirs, then it should not be possible for a random blockchain glitch to suddenly decide that the operation that made those assets theirs is now reverted and so their ownership claim over those assets is lost.”

Independently, we (KoreConX) too came to the same conclusion when we first started looking for a good platform for our digital securities and our all-in-one applications that serve the market. This does not detract from the engineering prowess of the Ethereum team, who have taken on a monumental task in trying to create an open blockchain platform that is everything to everyone.

The real problem in the financial markets is that of investor safety. No amount of cryptography can guarantee the validity of participants and of transactions precisely because verification and validity is not in the technical domain. Rather, it’s in the social, economic, and regulatory domain. Blockchain will immutably commit all data regardless of its business validity, as long as it’s cryptographically valid. It is up to the blockchain applications and smart contracts to ensure business validity. This too is not a technical issue but a legal issue. Securities contracts should be authored by securities attorneys, not programmers. Indeed, smart contracts as conceived in Bitcoin and Ethereum are neither smart nor contracts. The word ‘contract’ is an obfuscation of ‘interface specification’ that is commonly referred to as a ‘contract’ between two applications in the software world. Unfortunately, 

To their credit, the thought-leaders of Ethereum were under no illusions about the supposed prowess of smart contracts, as defined within Ethereum. Vitalik Buterin, for example, tweeted back on October 13, 2018, “To be clear, at this point I quite regret adopting the term ‘smart contracts’. I should have called them something more boring and technical, perhaps something like ‘persistent scripts’.” Another Ethereum, Vlad Zamfir, preferred the term ‘stored procedures’.

The most important thing that the open blockchain community missed is that except for currency, financial securities are not bearer instruments. Creating fraudulent securities through shell companies is ridiculously easy with bearer instruments, which is why they are banned in responsible economies.

Besides the fact that securities are not bearer instruments, the public blockchain advocates seem to be coming to the realization that when securities are exchanged between two parties, independent and unverified miners have no business validating the transaction. Parties who have no fiduciary responsibilities, no regulatory mandate, or any skin in the game cannot perform business validation. Would you ask a stranger in New Zealand to approve the transfer of your shares in a private company to your friend when you, your friend, and the private company are all in the USA? As Polymath’s Dossa observers, “How ethereum settles transactions through mining also came into consideration for Polymath, Dossa said. Since miners, who process and sign-off on transactions for a fee, can operate anywhere in the world, institutions could face government scrutiny if fees are traced back to a sanctioned country.” More to the point, securities law does not recognize approvals from parties who are not associated with securities transactions.

Even as the public blockchain community tried to disintermediate regulators, when their assets were stolen from their wallets and exchanges, or the companies vanished outright, investors turned to those same regulators for recourse and recovery.

The other problematic aspect of Ethereum was the nature of finality, which in Ethereum, is statistical. This will not do in legal agreements. As we pointed out early last year in one of our KoreBriefings when evaluating Ethereum, “Finality [in Ethereum] if probabilistic and not guaranteed.” Would you sign an employment agreement where the fine print says there’s a one-in-ten chance that you would not be paid every two weeks. As Adam Dossa, Polymath’s head of blockchain, rightly observed, “At the center of contention is ethereum’s consensus mechanism, proof-of-work (PoW), which only offers a statistical guarantee of transaction finality.”

Incentives often have unintended consequences. We see this happen often with children and pets. Public blockchains are all about decentralization, but in fact miners’ incentives have all but centralized the blockchains. In contrast, consider that within KoreChain we have not left the question of decentralization to the vagaries of unknown miners. Instead, the KoreChain is engineered for decentralization. It is an implementation of the Infrastructure of Trust that currently runs in production in twenty-three countries; in barebones minimal cruising mode, it is capable of handling approximately 10 billion transactions per year (~318 tps) with consensus on business validity. KoreChain’s architecture also makes it massively scalable with very little effect on performance. However, as Vitalik rightly points out, finality can never be 100% even if the technology can achieve absolute finality, since the ultimate arbiter of finality is the legal system. For this reason, KoreChain includes KoreNodes independently are owned and operated independently by regulated entities and regulators worldwide..

If you hold fast to the idea that your powerful car is the only way to cross the ocean, you will be in for a continual hack of trying to make your car float on water. It is much better to recognize that a good ship is the right vehicle for the ocean. Many of the challenges of building a compliant securities application on Ethereum are actually unnecessary. Securities regulation in any one country is complicated enough. Multi-jurisdictional capital markets transactions compound that complexity by several orders of magnitude. Application designers should not be distracted by trying to create their own chains; instead, the real achievement lies in making securities transactions fully compliant in all jurisdictions, promoting innovation in financial markets, enabling flexibility, minimizing process costs, and providing an Infrastructure of Trust to which all regulated entities are welcome. 

The world’s capital markets are too dispersed, complex, and huge for any one participant to dominate. Revolutionizing the capital markets is only possible through collaboration. 

www.InfrastructureofTrust.com

Finality, Settlement, and Validation: The Place to Start

One of the most important concepts in capital market transactions is settlement and finality. Even though the payment infrastructure gets the majority of airtime, settlement finality is just as, if not even more, important in the securities markets. In the public markets, the structure of securities and the clearance and settlement process is quite standardized. In the private markets, a segment that is three orders of magnitude larger than the public markets, standardization does not exist. Rather than an issue, this is the strength of the private markets, since both private companies and their investors need flexibility in securities contracts. Regardless of all this, settlement finality is equally important in both markets.

The issue of settlement finality actually applies to all legal contracts in the sense that terms and conditions cannot be stated in probabilistic terms. Would you sign an employment agreement where the fine print says there is a one-in-ten chance that you would not be paid every two weeks?

In justifying Polymath’s latest move to abandon Ethereum as their platform of choice for security tokens, Adam Dossa, Polymath’s head of blockchain, rightly observed, “At the center of contention is ethereum’s consensus mechanism, proof-of-work (PoW), which only offers a statistical guarantee of transaction finality.” As we pointed out early last year in one of our KoreBriefings where we evaluated Ethereum, “Finality [in Ethereum] is probabilistic and not guaranteed.” Probabilistic or even statistical finality in legal agreements just will not do.

In “Principles of Market Infrastructure,” a publication of the Bank of International Settlements, Principle 8 (Settlement Finality) requires that “An FMI [Financial Markets Infrastructure] should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide  final settlement intraday or in real-time.”

Note the definitive language of “clear and certain final settlement.” This excludes probabilistic or statistical finality. Melvin Eisenberg, Professor of Law at the University of California, Berkeley, says, “The classical law approach to the certainty principle reflects the binary nature of classical contract law. Indeed, this approach is often referred to as the all-or-nothing rule.”1  Prof. Eisenberg goes on to provide examples of the “rejection of a probabilistic analysis.” While much of that treatment is related to damages due to non-performance of contracts, the concept of certain finality is quite relevant for securities transactions. This is a serious issue that has lately garnered a lot of attention.

Settlement finality is a statutory, regulatory, and contractual construct.2  Settlement is actually a two-step process: first is the operational settlement, which consists of all the steps using technology or otherwise to complete the process of trade, transfer, or corporate action. The second step is the legal settlement that happens when the regulatory framework provides the final approval, at which point a transaction is deemed to be fully settled. The problems due to the uncertain nature of operational settlement in Ethereum are well-known, even if generally ignored. The concept of legal settlement, on the other hand, simply does not even exist in the security token protocols based on Ethereum.

Blockchain technology must first achieve operational finality before the regulatory framework can certify legal finality. Public blockchains can only specify probabilistic and statistical finality. Smart contracts have to also provide for legal settlement. A permissioned blockchain such as Hyperledger Fabric is designed for guaranteed finality. The KoreProtocol of KoreChain, a blockchain application built on Fabric for managing the entire lifecycle of private securities, is designed to ensure legal finality also. One example of legal finality is that directors’ approval of private securities trades under certain conditions, as set forth in the shareholder agreement, is necessary before such trades are deemed to be final. The KoreProtocol is designed to capture this requirement and the KoreChain is designed to implement it.

While Polymath is the latest of the Ethereum advocates that has woken up to the fact that Ethereum isn’t the right blockchain platform for financial securities, they have not been the first. Several private companies, their securities attorneys, broker-dealers, and many other participants have noticed this deficiency and chosen to go with permissioned chains such as the KoreChain.

More significantly, Vitalik himself was the first to point this out way back in May of 2016 (over three years ago—a lifetime in crypto-space) in a blog post on Settlement Finality: “This concept of finality is particularly important in the financial industry, where institutions need to maximally quickly have certainty over whether or not the certain assets are, in a legal sense, “theirs”, and if their assets are deemed to be theirs, then it should not be possible for a random blockchain glitch to suddenly decide that the operation that made those assets theirs is now reverted and so their ownership claim over those assets is lost.”

Advocates of public blockchain also seem to be coming to the realization that when financial securities are exchanged between two parties, independent and unverified miners have no legal authority for validating the transaction. Parties who have no fiduciary responsibilities, no regulatory mandate, or any skin in the game cannot perform business validations. Would you ask a stranger in New Zealand to approve the transfer of your shares in a private company to your friend when you, your friend, and the private company are all domiciled in the USA? As Polymath’s Dossa observers, “How ethereum settles transactions through mining also came into consideration for Polymath. Since miners, who process and sign-off on transactions for a fee, can operate anywhere in the world, institutions could face government scrutiny if fees are traced back to a sanctioned country.” More to the point, securities law does not recognize approvals of securities transactions from parties who are not associated with or have any fiduciary responsibility for securities transactions.

Principles of settlement finality and authoritative validation of transactions remain some of the most important cornerstones of establishing trust in the financial markets infrastructure. It is up to the blockchain application designers to understand the spirit and intent of these principles and select technologies that facilitate the implementation of such principles rather than hinder them. It is up to the business participants (company management, securities attorneys, and broker-dealers) to recognize the importance of these principles and the limitations of some blockchain platforms.

Incentives often have unintended consequences. We see this happen often with children and pets. Public blockchains are all about decentralization, but in fact miners’ incentives have all but centralized the blockchains. In contrast, consider that within KoreChain we have not left the question of decentralization to the vagaries of unknown miners. Instead, the KoreChain is engineered for decentralization. It is an implementation of the Infrastructure of Trust that currently runs in production in twenty-three countries; in barebones minimal cruising mode, it is capable of handling approximately 10 billion transactions per year (~318 tps) with consensus on business validity. KoreChain’s architecture also makes it massively scalable with very little effect on performance. However, as Vitalik rightly points out, finality can never be 100% even if the technology can achieve absolute finality since the ultimate arbiter of finality is the legal system. For this reason, KoreChain includes KoreNodes that are owned and operated independently by regulated entities and regulators worldwide.

If you hold fast to the idea that your powerful car is the only way to cross the ocean, you will be in for a continual hack of trying to make your car float on water. It is much better to recognize that a good ship is the right vehicle for the ocean. Many of the challenges of building a compliant securities application on Ethereum are actually unnecessary. Securities regulation in any one country is complicated enough. Multi-jurisdictional capital markets transactions compound that complexity by several orders of magnitude. Application designers should not be distracted by trying to create their own chains; instead, the real achievement lies in making securities transactions fully compliant in all jurisdictions, promoting innovation in financial markets, enabling flexibility, minimizing process costs, and providing an Infrastructure of Trust to which all regulated entities are welcome. 

1 Foundational Principles of Contract Law, Melvin A. Eisenberg
2 http://yalejreg.com/nc/on-settlement-finality-and-distributed-ledger-technology-by-nancy-liao/

The world’s capital markets are too dispersed, complex, and huge for any one participant to dominate. Revolutionizing the capital markets is only possible through collaboration. 

www.InfrastructureofTrust.com

Understanding Digital Assets

There has been a lot of talk in recent years about crypto, tokens, blockchain, ICOs, STOs, Digital Securities, etc.  What does it all mean and why should you care?  In order to navigate the new financial digital world, it is important to first understand the terminology.  Below, I have broken down the typical terms being used in this current digital environment.   In certain sections, I have provided the example of the USA, and its primary regulator, but this is globally applicable.

Distinguishing the types of secondary markets or exchanges where you can trade digital or traditional assets also seems to be confusing.  I have created the following chart to try to distinguish these.

Now, why should you care?  What does this mean to you?  Despite what some people say in the press, blockchain is here to stay.  So understanding the types of digital assets that it hosts is going to be important in making business and investment decisions.

As a co-founder of a company that is focused on revolutionizing the private capital markets, I am not going to get into cryptocurrencies as this is not my area of expertise.  This is for currency experts to discuss.  Similarly, while I know the public listed markets well and how they operate, there are plenty of people who know these markets far better than I.

My background is geared towards the issues faced by private companies. Thus, I will elaborate on the fragmented ecosystem of the private capital markets that sorely need solutions.

Since the SEC and other government regulators around the world started stepping in to ban ICO’s, other alternatives have evolved.  The security token offering or STO is one such term that got some wings in 2018. However, the institutional and traditional investment communities were still leary of the idea of a token or blockchain solution being provided by people without an appropriate understanding of the entire market they are trying to disrupt. Many people from the ICO space were just changing the name and using STO as a new hype to sell the same ideas.

Many of the players (intentional choice of word) in the ICO space were trying to circumvent securities regulations saying they know better how the ecosystem should work.  After decades of scams, the securities regulators know that the current system has built-in checks and balances for a reason.  We all understand there are issues and inefficiencies in the private capital markets, but in order to change securities rules you better have a big budget and strong case for it. As an example, the JOBS Act took well over five and likely closer to ten years to come into place.  The use of blockchain has valuable applications that can certainly provide more efficient and cost-effective solutions to current private capital markets, as long as you work within the existing securities regulations.

There is a lot of exciting stuff being built with blockchain technology. I believe that if you are looking at this as a solution to the private capital markets, you need to consider a few things if you are looking at public chains as a potential solution:

  1. Use of private wallets for sole custody of financial instruments will not work. Securities law requires the use of transfer agents in many situations and transfer agents need to have custody of assets in order to manage them. If the digital securities are being held by individuals in their own wallet, there is no way the transfer agents can have custody of them. Think of public markets: you do not hold the securities (share certificates) yourself, they are digitally represented in your brokerage account and held by transfer agents.
  2. Mining of securities: It is generally not acceptable for unknown miners to verify transactions; even known miners must be eligible to perform business validation of a transaction either because they are parties to the transaction, have fiduciary responsibility, or certified subject matter credentials or otherwise registered and regulated entities.

Gas prices are not acceptable when it comes to securities.  In order for a token to move on some blockchains, a gas price needs to be paid to miners. Transaction fees must be contractually fixed in advance and cannot be uncertain or subject to an auction style of payment (which leads to a form of ad-hoc discrimination). For individual investors, transaction prices need to be certain  and follow execution guarantees.

Many Rights Make the KoreProtocol Right

Over the last few weeks, we have seen the highly entertaining farce of Craig Wright claiming to be Satoshi Nakamoto by registering a copyright to the original bitcoin whitepaper and code. He may very well be Satoshi. However, registering a copyright does not confer an official recognition of identity. Wei Lu, CEO of Coinsumer, proved it. Reacting to the press releases and social media statements made by Craig Wright and his supporters, the US Copyright office took the extraordinary step of publicly refuting the claim that a copyright registration is the same as official & proven recognition. This prompted the subject line of Coindesk’s May 23rd Blockchain Bites email: “Wright is wrong.”

The public blockchains provide an endless source of fun. Whatever their faults, one can’t blame them for being boring. The responsible, permissioned chains are, in contrast, boring. KoreChain in particular is relatively dull to thrill-seeking outsiders, while extremely exciting to those who truly understand private capital markets and how the KoreProtocol is spearheading innovation for private issuers and investors.

The KoreProtocol defines many types of shareholder rights in private digital securities. These rights, some mandatory and some discretionary, are well-established in securities law and corporate law. The innovation and complexity of shareholders rights is only limited by the willingness and imagination of the participants. In the absence of automation and a single source of immutable truth, the implementation of rights can become a bureaucratic nightmare. This, more than anything, becomes a limiting factor for innovative contracts. By defining shareholder rights rigorously in the KoreProtocol and implementing the full workflows in KoreChain for their exercise, the KoreProtocol and the KoreChain take away the pain and effort of managing these rights. This opens up private capital markets to very flexible and complex shareholder agreements to suit the needs of the participants.

The KoreProtocol and the implementation within KoreChain include rights such as (to give a few of the more prominent examples):

  1. Voting/non-voting
  2. Financial participation in the form of dividends or revenue
  3. Distribution of revenue or dividends as cash, reinvested securities, or other forms of payment
  4. First right of refusal
  5. Tag-along rights
  6. Drag-along rights
  7. Pre-emptive rights

Each of these rights and their numerous variations have implications and consequences in secondary market trading and in corporate actions. The KoreProtocol provides a structured way to define these rights and their impact on securities transactions. The KoreProtocol implements complete end-to-end management of financial transaction processes, some of which may be very long-running.

The definition of protocol functions to handle all the complex scenarios in securities transactions is not a trivial undertaking. However, it is much easier than the actual implementation of the protocol since that requires handling long-running processes and making tradeoffs between manual and automated processes, data sharing mechanisms, and choice of endorsers. Every step of the process must be fully compliant with securities laws, corporate laws, and the provisions of the underlying contracts.

Trying to shoehorn securities transactions into inadequately defined protocols and delegating the implementations to someone else is to do the worldwide financial community a huge disservice. Implementing the rights of issuers and investors is a very complicated undertaking. For example, ERC-1404, in the words of its creators, “…solves for the compliance challenges that are part of the issuance process and beyond.”

How does ERC-1404 solve the problem of whether senders can send tokens to a receiver and whether receivers can receive tokens from a sender? By defining two functions: CanSend() and CanReceive(). The github code itself shows one function:

detectTransferRestriction(fromAddress, toAddress, numTokens) //I made it a bit readable.

With no trace of irony, the authors of this protocol point out that: “The specific logic covering who can send and receive can be configured outside the token contract itself.”

It is easy enough to write protocols as long as we leave the messy details of implementation to someone else!

In reality, the transfer of digital securities in a fully-compliant way is quite complicated. It is not just a matter of “who can send and receive”, but also a question of the circumstances under which securities can be transferred or not. There are complex workflows and numerous checks that need to be followed before any transfers, whether P2P, beneficial, or trade-related, can occur. The checks relate to the jurisdictions and exemptions under which the securities are issued, domicile of the participants, securities laws that govern all subsequent inter- and intra-jurisdictional securities transactions, corporate laws, the rights spelled out in the shareholders’ agreements, and the presence or absence of various types of events such as corporate actions, regulatory actions, and economic events.

To be fair, the creators of simplistic protocols may very well be aware of these complexities; however, the fact remains that they come nowhere near expressing the richness and complexity of global private capital markets. Also, they offer no guidelines for implementation or even a hint of the treacherous complexities.

At KoreConX and in KoreChain, knowing the business as we do by being an SEC-registered transfer agent, we chose to not only develop a comprehensive protocol but also implement it in all its complexity. Tapping into our worldwide partner network of securities lawyers, secondary market operators, broker-dealers, academics, and other thought-leaders, we tackled the problem by creating a legal base that incorporates much of the complexity of securities law and corporate law worldwide. This includes inter-jurisdictional transactions, Blue Sky laws in the US, Canadian provincial laws, etc.

Private capital markets provide enormous flexibility for creating complex shareholders’ agreements. We have so far not seen two offerings or agreements that are similar. The public markets are relatively standardized, which can be a strength in terms of offering liquidity at the expense of flexibility of contracts. Private companies and their investors want more control and flexibility.

By incorporating the various types of rights (some mandatory, some optional, and some that are negotiated) into the KoreProtocol and implementing through the KoreChain, our mission is to create the right infrastructure to preserve and foster innovation in global private capital markets while also furthering the cause of efficient liquidity.

www.koreconx.com

www.KoreConX.io

KoreConX launches $15M Digital Securities Offering using its own Fully-Compliant KoreProtocol

KoreConX is excited to announce its Digital Securities Offering that will utilize its own KoreProtocol. The KoreProtocol is the world’s first complete end-to-end protocol that has built-in AI to manage the entire lifecycle for tokenized securities, from issuance, trading, and all types of corporate actions.

The global securities marketplace is changing, and the future is tokenization. Combining corporate and securities law with tokenization facilitates efficient liquidity and fully-compliant transactions in multiple jurisdictions.

“We are thrilled about developing and launching our Digital Securities Offering on our KoreChain. KoreConX’s AI-enabled blockchain, based on Hyperledger Fabric and hosted at IBM, provides the highest level of security. The KoreProtocol handles the complete lifecycle of the security token, from issuance, secondary trading, and all types of corporate actions,” said Dr. Kiran Garimella, KoreConX’s Chief Scientist and CTO.

KoreConX will be working with established broker-dealers worldwide to make this initial offering of $15 million USD available to accredited investors in multiple jurisdictions (countries).

KoreConX believes in complying with securities regulation and corporate law to protect investors, issuers, and other participants in the global capital markets.

“KoreConX has been a fully operational all-in-one platform for several years helping many clients worldwide with compliance activities. The opportunities are tremendous for using tokenized securities to create efficiencies, reduce costs, and provide stronger governance for private companies. Our unrelenting focus is on ensuring the safety, security, and investor protection in global private capital markets,” said Oscar Jofre, co-founder, CEO of KoreConX.

For more information visit www.koreconx.io

KoreChain & KoreContract

What is the KoreConX blockchain strategy & why choose KoreChain?

In this video, KoreConX Co-Founder and CEO, Oscar Jofre, and our Chief Scientist/CTO, Kiran Garimella, share the details of our permissioned blockchain. Built on the Hyperledger Fabric, it is secure and governed with the ability to have full lifecycle management of contracts for tokenized securities for global private capital markets.

 

Technologies of Blockchain Part 3: Cryptography, Scaling, and Consensus

In Part 2, we saw how a simple concept of a linked list can morph into complex, distributed systems. Obviously, this is a simple, conceptual evolution leading up to blockchain, but it’s not the only way distributed systems can arise. Distributed systems need coordination, fault tolerance, consensus, and several layers of technology management (in the sense of systems and protocols).

Distributed systems also have a number of other complex issues. When the nodes in a distributed system are also decentralized (from the perspective of ownership and control), security becomes essential. That’s where complex cryptographic mechanisms come into play. The huge volume of transactions makes it necessary to address performance of any shared or replicated data, thus paving the way to notions of scaling, sharding, and verification of distributed data to ensure that it did not get out of sync or get compromised. In this segment, we will see that these ideas are not new; they were known and have been working on for several decades.

Cryptography

One important requirement in distributed systems is the security of data and participants. This motivates the introduction of cryptographic techniques. Ralph Merkle, for example, introduced in 1979 the concept of a binary tree of hashes (now known as a Merkle tree). Cryptographic hashing of blocks was implemented in 1991 by Stuart Haber & W. Scott Stornetta. In 1992, they incorporated Merkle trees into their scheme for efficiency.

The hashing functions are well-researched, standard techniques that provide the foundation for much of modern cryptography, including the well-known SSL certificates and the https protocol. Merkle’s hash function, now known as the Merkle-Damgard construction, is used in SHA-1 and SHA-2. Hashcash uses SHA-1 (original SHA-0 in 1993, SHA-1 in 1995), now using the more secure SHA-2 (which actually consists of SHA-256 and SHA-512). The more secure SHA-3 is the next upgrade.

Partitioning, Scaling, Replicating, and Sharding

Since the core of a blockchain is the database in the form of a distributed ledger, the question of how to deal with the rapidly growing size of the database becomes increasingly urgent. Partitioning, replicating, scaling, and sharding are all closely related concepts. These techniques, historically used in enterprise systems, are now being employed in blockchains to address performance limitations.

As with all things blockchain, these are not new concepts either, since large companies have been struggling with these issues for many decades, though not from a blockchain perspective. The intuitively obvious solution for a growing database is to split it up into pieces and store the pieces separately. Underlying this seemingly simple solution lies a number of technical challenges, such as how would the application layer know in which “piece” any particular data record would be found, how to manage queries across multiple partitions of the data, etc. While these scalability problems are tractable in enterprise systems or in ecosystems that have known and permitted participants (i.e., the equivalent of permissioned blockchains), it gets trickier in public blockchains. The permutations for malicious strategies seem endless and practically impossible to enumerate in advance. The need to preserve reasonable anonymity also increases the complexity of robust solutions.

Verification and Validation

Zero-knowledge proofs (ZKP) are techniques to prove (to another party, called the verifier) that the prover knows something without the prover having to disclose what it is that the prover knows. (This sounds magical, but there are many simple examples to show how this is possible that I’ll cover in a later post.) ZKP was first described in a paper, “The Knowledge Complexity of Interactive Proof-Systems” in 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff (apparently, it was developed much earlier in 1982 but not published until 1985). Zcash, a bitcoin-based cryptocurrency, uses ZKPs (or variants called zkSNARKs, first introduced in 2012 by four researchers) to ensure validity of transactions without revealing any information about the sender, receiver, or the amount itself.

Some of these proofs and indeed the transactions themselves could be implemented by automated code, popularly known as smart contracts. These were first conceived by Nick Szabo in 1996. Despite the name, it is debatable if these automated pieces of code can be said to be smart given the relatively advanced current state of artificial intelligence. Similarly, smart contracts are not quite contracts in the legal sense. A credit card transaction, for example, incorporates a tremendous amount of computation that includes checking for balances, holds, fraud, unusual spending patterns, etc., with service-level agreements and contractual bindings between various parties in the complex web of modern financial transactions, but we don’t usually call this a ‘smart contract’. In comparison, even the current ‘smart contracts’ are fairly simplistic.

Read Part 1: The Foundations, Part 2: Distributed Systems and Part 4: Conclusion

Technologies of Blockchain – Part 2: Distributed Systems

We saw in Part 1 that linked lists provide the conceptual foundation for blockchain, where a ‘block’ is a package of data and blocks are strung together by some type of linking mechanism such as pointers, references, addresses, etc. In this Part 2, we will see how this simple concept gives rise to powerful ideas that lay the foundation for distributed systems.

What happens when one of the links in the linked list or one of the computers (aka, ‘nodes’) in a distributed system falls sick (and responds slowly), gets taken down (‘hacked’), or dies? How does the full list (or chain) recover from such tragic events? This brings us to the notion of fault tolerance in distributed systems. Once changes are made to the data in one of the nodes (blocks), how do we ensure that the same information is consistent with other nodes? That introduces the requirement for consensus.

Pushing the analogy of the linked list a bit further, algorithms that manage linked lists are carefully designed not to break the list. Appending links to the end or the front, for that matter, is an easy operation (we just need to make sure that the markers that indicate the start and end of the list are updated correctly). However, removing a link (or member of the chain) or adding one is a bit trickier. When it is necessary to remove or insert into the middle of the list, it’s a bit more complicated, but a well-understood problem with known solutions. We won’t go into the specifics in this article because the intent is not to describe these operations but to convey a high-level historical perspective.

In distributed systems, fault tolerance becomes a very important topic. In one sense, it is a logical extension to managing a linked list on a single computer. Obviously, in real-world applications, each of the nodes in a distributed system are economic entities that depend on other economic entities to achieve their goals. Faults within the system must be minimized as much as possible. When faults are inevitable, recovery must be as quick and complete as possible. Computer scientists began studying the methods of fault tolerance in the mid-1950s, resulting in the first fault-tolerant computer, SAPO, in Czechoslovakia.

Besides fault tolerance, when information needs to be added to the distributed system (a bit like adding, deleting, or updating the elements of a linked list), the different parties must agree. The reason for agreement is that the data that goes into the ‘linked list’ is data that arises out of transactions between these parties. Without agreement, imagine the chaos! My node would record that I sent you $90 while your node would record only $19! Or, if I send you payment for a product, I expect to receive the product. There should be agreement, settlement, and reconciliation between the transacting parties. A stronger requirement in distributed systems is that once the parties agree to something, the data that is agreed upon cannot be changed by one of the parties without the concurrence of the other party or parties. The strongest version of this requirement is ‘immutability’, where it is technically impossible to make any changes to data that is agreed to and committed to the chain.

Fault-Tolerance and Consensus

Distributed systems, therefore, require fault-tolerance, consensus, and immutability in varying degrees, depending on the needs of the business. Mechanisms for fault-tolerance and consensus evolved since the early days. Notable developments are:

  • Byzantine Fault Tolerance (BFT) by Lamport, Shostak, and Pease in 1982, to deal with situations where one or more of the nodes in the distributed system become faulty or malicious.
  • Proof-of-Work (POW), first described in 1993 and the term coined in 1999, which is a technique for providing economic disincentives for malicious attacks. A precursor idea of POW was proposed in 1992 by Cynthia Dwork and Moni Naor, as a means to combatting junk mail—a problem that was already a significant nuisance way back in 1992!* Their solution was to require a sender to solve a computational problem that was easy enough for sending emails normally but becomes computationally expensive for sending massive amounts of junk emails.
  • Hashcash, a POW algorithm, was proposed by Adam Back in 1997. This was used as the basis of POW in bitcoin by Satoshi Nakamoto in 2008, which brought awareness of POW to a much wider audience.
  • A high-performance version of BFT, called Practical Byzantine Fault Tolerance (PBFT), by Miguel Castro and Barbara Liskov, in 1999; and so on.
  • Paxos**, a family of consensus algorithms, has its roots in a 1988 work by Dwork, Lynch, and Stockmeyer, and first published in 1998 (even though conceived several years earlier) by Leslie Lamport.
  • Raft consensus algorithm was developed by Diego Ongaro and John Ousterhout. Published in 2014, it was designed to be a more understandable alternative to Paxos.

State machine replication (SMR) is a framework for fault-tolerance and consensus is a way to resolve conflicts or achieve agreement on the state values. SMR’s beginnings are in the early 1980s, with an influential paper by Leslie Lamport, “Using Time Instead of Timeout for Fault-Tolerant Distributed Systems” in 1984.

In Part 3, we will do a high-level review of mechanisms designed to keep distributed systems secure, consistent, and able to handle large volumes of transactions.

Read Part 1: The Foundations, Part 3: Cryptography, Scaling, and Consensus, and Part 4: Conclusion

*Their paper, “Pricing via Processing or Combatting Junk Mail”, begins with a charming expression of exasperation: “Some time ago one of us returned from a brief vacation, only to find 241 messages in our reader.”

**No known relation to the blockchain company, Paxos.com

Technologies of Blockchain – Part 1: The Foundations

Blockchain is not just a single technology but a package of a number of technologies and techniques. The rich lexicon in the blockchain includes terms such as Merkle trees, sharding, state machine replication, fault tolerance, cryptographic hashing, zero-knowledge proofs, zkSNARKS, and other exotic terms.

In this four-part series, we will provide a very high-level overview of each of the main components of technology. In reality, the number of technologies, variations, configurations, and considerations of trade-offs are numerous. Each piece in this puzzle was motivated by certain business requirements and technical considerations.

In this first part, we look at the origins of the ‘chain’ and the most important technological advancement that makes blockchain (and all e-commerce) possible, i.e., the Internet.

While there have been genuine innovations within the last decade, blockchain’s underlying technologies are mostly quite old (in computer science time scale). Let us unpack a typical blockchain to trace out the origins of the constituent technologies. In this short post, I’ll only point to a very small (some may say, infinitesimally small) subset of the historical origin of technologies that make the modern blockchain possible. I’ll make no attempt to trace the development of these concepts from origin to the present time (that would fill up several books). The fact that blockchain’s technologies have a long and respectable history should help us gain confidence that blockchain, as a technology, is not some fly-by-night, newfangled idea cooked up by the crypto fandom.

What is less certain and much more controversial is the economic justification for blockchain (or at least some types of blockchain), ranging from the unrealistic expectation that it is a panacea for all of humankind’s ills (most optimistically, for social and economic inequities), to the total and premature dismissal of blockchain in its entirety.

The Beginnings

At the conceptual heart of blockchain is the ‘chain’. By definition, the links of the chain are, well, linked. It’s a list of data elements or packets of information (in blockchain, these are called ‘blocks’) that are linked. A blockchain is, therefore, a type of linked list.

The concept of a linked list was defined by pioneers of computer science and artificial intelligence, Alan Newell, Cliff Shaw, and Herbert Simon, way back in 1955-56.

In the early days of computer science, data and processing power lived on individual computers. Soon, people wanted these computers to ‘talk’ to each other. The grand idea of an Intergalactic Computer Network was put forth by J. C. R. Licklider as early as 1963. Unfortunately, even after half a century of rapid development, we have achieved only a planetary-wide Internet so far. An ‘intergalactic’ network is still a few years away!*

These ideas and the need to connect dispersed computers gave rise to wide-scale distributed systems in the 1960s-70s, with the advent of ARPANET and Ethernet. Technically, these linked computers are not necessarily treated in the same way as a traditional linked list that lived on one computer, but the conceptual idea is similar. When data and computational power get dispersed, layers of management, coordination, and security become increasingly important.

Blockchain would not exist without the Internet, which itself would not exist without TCP/IP, developed by Bob Kahn and Vint Cerf in the 1970s and ‘80s. Along the way, some scientists managed to have some fun too. They carried out an April Fools prank in 1990 by issuing an RFC (1149) for IPoAC protocol (IP over Avian Carriers, i.e., carrier pigeons). The punch line was delivered in April 2001 when a Linux user group implemented CPIP (Carrier Pigeon Internet Protocol) by sending nine data packets over three miles using carrier pigeons. They reported packet loss of 55%. A joke that takes a decade to pull off is practically Saturday night live comedy in Internet time scale!

In part 2, we will see how the extension of the concept of linked list on the Internet leads to distributed systems, the attending challenges, and their solutions.

Read Part 2: Distributed Systems, Part 3: Cryptography, Scaling, and Consensus, and Part 4: Conclusion 

*We first need to take care of a minor detail: find or colonize alien planets in this and other galaxies.

Joining Hyperledger to Revolutionize Tokenization of Private Securities Globally

We are thrilled to announce our membership in the Hyperledger Project. This was a carefully thought-out decision, but given the nature of our business, a fairly easy one to make.

Our roots are in providing managed compliance-related services to private companies globally. Building on this experience and success, we are well into executing on our vision of revolutionizing the tokenization of private securities. The revolutionary nature of our journey is in providing an environment for security tokens that ensures full compliance, safety, and complete lifecycle management. Investor protection has always been our unrelenting focus. We look to the business requirements to drive the selection, design, and deployment of technology.

Hyperledger, with its roots in the Linux Foundation and Apache culture, gives us access to a community of dedicated practitioners and researchers in technology. Fabric, in common with the other Hyperledger projects, is all about enterprise-class applications. Anything involving money had better be serious business.

One of the most critical aspects of finance is the safety and security of transactions. Legitimate participants in the financial markets may be frustrated by the inefficiencies of regulation, but they welcome the protections offered by such regulation. Fabric chose not to create its own native cryptocurrency. This avoids the dependence on crypto-mining and its attendant issues of fraud, forking, fictitious participants, and losses. By avoiding commingling of payment mechanisms (which include legitimate cryptocurrencies) with securities instruments, we can keep our economics clean. We can also avoid confusing currency regulation with that of securities regulation.

The architecture of Fabric includes several characteristics that are highly-desirable for financial transactions: modularity, performance, scalability, and security. It also helps that many financial institutions have adopted Fabric and over 400 applications are in development on it. All this is certainly a confidence-booster.

In a series of posts, I’ll cover the various aspects of Fabric, the philosophy behind the KoreToken protocol, and how KoreChain’s business functionality fits into this solid foundation.

KoreSummit – an opportunity to learn about what is a fully compliant Security Token

Security Token – and all the technology and buzzwords that go with it – is not an easy topic. Search these terms online, and you can get lost in a labyrinth of links, manuals and definitive guides. Above all, you will find many experts that will guarantee this is the next big thing and they know all about it.

The complexity surrounding the security tokens is second only to the importance it carries in the financial world. It can indeed be the next big thing. If companies get the foundation and development of security tokens right, this has the potential to bring down the market as we know today.

Which only adds more pressure to get to the right information. Take, for instance, the thousands of ICO that emerged with the blockchain phenomena. Thousand of investors thought they were well informed and ended up victims of scams.

If you want to invest in the blockchain, by buying security tokens or offering it through your own company, you better listen to experts. That is why events such as the KoreSummit, in which renowned professionals share their insights with the public, are so important.

No wonder this is an invite-only event. This is exclusive information that you may not get elsewhere. All aspects around the new KoreToken protocol, including the KoreChain, Hyperledger Fabric, and Security Tokens will be discussed with the public.

Usually, you would pay a significant fee to access this type of information. But the KoreSummit is for free, in the same spirit of the KoreConX platform.

You can apply for the event here, and our team will review your application.

Hope we can meet there.

Top Questions a Securities Lawyer will Ask an STO Issuer (in USA or Canada)

Security Token Offering is a serious business. The days of the ICO are over. These are clear messages not only from the SEC and other regulatory bodies but also from thoughtful and experienced professionals. The SEC, in particular, is delivering this message mainly through regulatory actions and the position of SEC Chairman Jay Clayton. Most recently, a federal judge ruled that the U.S. securities laws may cover ICOs, giving the Feds a much-needed victory in their battle against fraud and money laundering.

Regardless of the nuances and the debate, what should be clear to issuers who have legitimate businesses or startup plans is that investors, as well as issuers, require protection. If anything, legitimate issuers should welcome such scrutiny and regulation which ensures the market is kept free of bad actors and questionable affiliations.

However, companies considering a security token offering need to be prepared to respond to questions that their securities lawyers will ask. To this end, we reached out to top lawyers to learn which information is crucial to them when a client reaches out for advice on their Security Token.

The professionals that contributed to this list are Sara Hanks (CrowdCheck Law, LLP – USA); Ross McKee (Blake, Cassels & Graydon, LLP – Canada), Lewis Cohen (DLX Law, LLP – USA); Rajeev Dewan and Kosta Kostic (McMillan, LLP – Canada); Alessandro Lerra (Lerro & Partners – Italy), and Alan Goodman (Goodmans, LLP – Canada).

Below is the list of items on which lawyers and other advisors will be focusing. There is no particular order, but you should be ready when contacting your securities lawyer or advisors to make sure you are prepared. This list is subject to change as the market develops.

  1. What jurisdiction is your company incorporated in and in what jurisdictions is your company doing or will do business?
  2. In which countries are you planning to offer your security token?
  3. Is the company already a public reporting issuer anywhere or are any of its other classes of securities already listed on an exchange?
  4. Will you be conducting a Direct Offering or a Broker-Dealer Offering?
    1. If a Direct Offering, how will you manage all of the regulatory requirements (including “Know Your Client” requirements)
    2. If you aren’t using a Broker-Dealer and you are selling to retail investors, how will you comply with the requirements of states that require you to register yourself as an issuer-dealer?
  5. Will this be for accredited investors only or will it also be made available to non-accredited investors?
  6. How do you plan to confirm or verify accredited investor status?
  7. How do you plan to confirm or verify investors are not on prescribed lists?
  8. Do you have a method to establish the suitability of the investment for an investor?
  9. What securities law exemptions do you intend to rely on for each jurisdiction you want to sell your security token?
  10. What documentation or certification will investors be required to sign?
  11. What is your investor record-keeping system and how do you plan to handle regulatory reporting of the distribution of securities tokens?
  12. What are the tax implications of the sale of the token for both the issuer and the investor?
  13. If ongoing tax reporting (e.g., FATCA) is required, how will that be handled?
  14. Which blockchain is the token going to be created on?
  15. Does the client understand the differences between public blockchains and closed or permission blockchains?
  16. Does the platform already exist?
  17. Do you know which Security Token Protocol you would like to use?
  18. Does the Security Token Protocol manage the lifecycle, custodianship requirements, and corporate actions of the security token?
  19. Does the Security Token Protocol have the capabilities to be managed by a regulated Transfer Agent?
  20. Has the smart contract code for the token been audited by a code audit firm?
  21. What level of assurance does the code audit firm give in terms of their work?
  22. Is the Security Token Protocol implemented on robust, highly-secure, and enterprise-class technology platform?
  23. Does the blockchain for the STO prevent cryptocurrency fraud, unauthorized mining, and forking?
  24. Does the blockchain for the STO provide guaranteed legal finality for securities transactions?
  25. Does the blockchain for the STO provide for recourse with forking or technical intervention in case of errors, losses, or fraud?
  26. Is there a utility element in the token?
  27. Is the security token coupled with a cryptocurrency?
  28. Does the blockchain have a well-defined and published governance model, and are you confident that the governance processes and governing entities are credible?
  29. Does the blockchain have adoption and recognition from financial institutions?
  30. Will the tokens be immediately delivered to the purchasers?
  31. What is the stated purpose of the offering and what is the business of the issuer?
  32. Is the number of tokens fixed or unlimited? Is there a release schedule for future tokens?
  33. How many tokens, if any, are being retained by management?
  34. Will the tokens have a fixed value?
  35. How many security token holders do you expect?
  36. Are you aware of the requirements for a Transfer Agent?
  37. What are the rights of security token holders?
    1.  Voting?
    2. Dividends?
    3. Share of revenue/profits?
    4. Wind up the business?Will the purchasers be seeking a return on their investment or are they buying the token for other purposes?
  38. Will the purchasers be seeking a return on their investment or are they buying the token for other purposes?
  39. What is the exit strategy for the company?
  40. Does your company currently have a Shareholders Agreement?
  41. Does the company have a board of directors?
  42. Do you have financial auditors?
  43. Do you intend to list the tokens on any secondary markets and are those markets in compliance with regulatory requirements that apply to securities exchanges?
  44. Following issuance of the tokens, are any lock-up periods required or advisable with respect to the token?
  45. Are there any requirements that the tokens may only be traded with persons in (or outside) certain jurisdictions?
  46. Once any lock-up period has concluded, where will the tokens be able to trade?
  47. How will any applicable resale restrictions be implemented and complied with? How will subsequent sellers and purchasers of tokens be made aware of these resale restrictions?
  48. How are any requirements for the tokens to trade on a given market or alternative trading system being handled?
  49. Does the company intend to provide ongoing reporting to investors and if so, how will that be handled?
  50. Will the blockchain be used to facilitate any additional levels of transparency?
  51. What social media platforms are you using?
    1. Telegram
    2. Twitter
    3. Facebook
    4. Medium
    5. LinkedIn
  52. Do you know what limitations on communication or other requirements (such as legending or delivery of an offering document) apply to social media communications?
  53. Are you planning set up a “bounty” or similar program that offers free tokens?
  54. Will you be using airdrops?
    1. How are recipients selected and what do recipients need to do in order to receive airdrops?
    2. Have you made sure the airdrops comply with applicable securities law?
  55. Do you have a white paper?
    1. Has the whitepaper been released?
    2. Does the whitepaper include a clear business plan?
    3. What statements, representations, or comments have been made by management in the whitepaper, any other publication, or orally, about the future value or investment merits of tokens?
    4. Should the whitepaper be characterized as an offering memorandum and if so, does it have the prescribed disclosures and notices?

We hope this can assist you in preparing for your security token offering (STO). Obviously, for those who have already raised their money, tokenizing their securities will require some of the same questions.

A Big Lesson from the Delaware Blockchain Amendments

Andrea Tinianow, the founding director of the Delaware Blockchain Initiative (and ‘Blockchain Czarina’), recently published a very insightful article on the significant gap in the mainstream protocols for security tokens. The gap is in the way the Delaware Blockchain Amendments are interpreted by the mainstream security token platforms.

The Delaware Blockchain Amendments were an outcome of the Delaware Blockchain Initiative. The Amendments were introduced in the Delaware Senate Bill 69 and signed by the Governor on July 21, 2017. This landmark legislation allows Delaware corporations to maintain their stock ledgers on a blockchain. In making this provision, what the Delaware Bill meant was that all of the stock ledger data should be maintained on the chain, rather than only a portion of the data.

The more accurate interpretation of the provision bumps up against one limitation that public blockchains face. As the number of nodes in the chain grows dramatically—as it should in a truly decentralized system—the performance of the chain suffers. Validation, consensus, and finality take longer and longer. The problem becomes significant when security tokens are involved, since the data payload of securities transactions is much larger than the normal token payment data within Bitcoin and other payment-oriented cryptocurrencies and tokens. More importantly, contract execution is much more complicated than technical (or cryptographic) validation of transactions. Even simple contracts can generate a multitude of mini-transactions that need to follow a labyrinth of complex processes in the securities world. All this activity generates more data, exacerbating a problem that currently has no clean solution in fully decentralized public blockchains.

One way around this problem is to put securities data off-chain and store the keys on-chain. This can provide some relief on storage but probably not as much impact on performance. Even with the limited payload, the Bitcoin blockchain has grown from around 1 MB in 2010 to more than 170 GB eight years later! Transactions speeds are even less impressive. Hardcore fans of Bitcoin deem it unfair to compare its 7 transactions per second with that of Visa (which conducts around 20,000-30,000 or even more transactions per second), since Visa had over 60 years to improve its technology. Presumably, Bitcoin fans predict that Bitcoin’s transaction speed would match that of Visa if the Bitcoin network too had a couple of decades of improvements. But these arguments miss the point: by the time Bitcoin achieves Visa’s throughput, Visa itself could double or treble its own performance. Ethereum too is facing similar issues and currently experimenting with various approaches, including sharding and proof-of-stake.

In any case, putting securities data off-chain violates the provisions of the Amendments. “Thus, although the ERC-884 is designed to transfer shares of stock, the share ownership information is captured in an off-chain database,” says Andrea Tinianow, alluding to a derivative of the ERC-20 protocol. “This arrangement is in stark contrast to what was contemplated by the Delaware Blockchain Amendments….”

In contrast, the KoreChain maintains all information on the chain. Scalability and performance are not issues precisely because this is a permissioned chain with functional sharding (a topic for another blog) but no mining, proof-of-work, or proof-of-stake. The KoreToken protocol also addresses the full ecosystem of participants in securities transactions. The implementation of services is too important to leave it to interpretations and all the subsequent hassle of reconciling varied interpretations. For example, even the most basic partial sale of security tokens on a secondary market exchange requires a minimum of twenty-five separate sub-transactions involving upto five participants. In order to be robust, real-life implementations have many more steps. Currently, all these steps do take place, but the majority of them happen after the primary sale transaction occurs. These tasks fall into various groups of activities such as clearance, settlement, reporting, disclosure, and corporate record-keeping.

There is no debate that the whole process is inefficient, costly, and error-prone. This makes the process an excellent candidate for true smart contracts on the blockchain. But this does not imply that the blockchain makes these tasks unnecessary. From the context of a naive security token protocol, Andrea Tinianow points out in her article, “Tokenized shares do not eliminate many of the types of errors that are symptomatic of a system that relies on third-party intermediaries to manage and control shareholder databases.” KoreChain, engineered carefully to be fully compliant with all the complexities of securities regulation and corporate law, mitigates errors and creates efficient end-to-end securities transactions without ignoring the risks. The KoreChain implements all tasks that are mandated by securities regulation and corporate law.

A Security Token for Full Lifecycle Compliance

ICOs suffer from disapproval from not only the SEC but also several media that have banned ICO advertising. This disapproval seems justified, since many of the ICOs had no business plans, no product, no service, no credible team, and no roadmap for generating value. Of the remaining well-intentioned ones, the problem of passing regulatory scrutiny for a utility token is insurmountable since it is a utility in name while a security in intent and form. The only way out is to re-classify it correctly as a security token.

The Responsible Approach of the KoreToken Security Protocol

The ERC-20 protocol and the concept of smart contracts are steps in the right direction for many use cases and great for many applications. However, for the financial markets, we need a protocol that can meet all regulatory requirements. We have taken an approach that originates solidly from securities law. We recognize the paramount need for safety, security, and risk management. We know all parties in a securities transaction must be protected at all times – these are the investors, issuers, directors, officers, lawyers, broker-dealers, transfer agents, secondary exchanges, and secondary token holders. There must be complete traceability and auditability.

Blockchain, in creating an immutable record, guarantees validity and (perhaps eventual) finality. However, this validity is technical validity and finality is the committing of the block to the chain. In the securities world, validity and finality means a lot more. Technical validity is necessary but not sufficient. Validity should include contractual validity and legal validity. Similarly, finality is achieved only upon authorized approval of transactions. KoreChain, our implementation of blockchain using Hyperledger Fabric, addresses this broader and more comprehensive definition of validity and finality. The KoreToken protocol and specification includes modular methods to implement various aspects of business validity and finality.

A Comprehensive Specification and Implementation

The KoreToken’s specification and protocol address the requirements for data and methods for the complete lifecycle of a security token. KoreConX will itself use this specification and protocol to create its own security token as well create security tokens for its issuers. The protocol includes data and methods that fall into three broad categories: public interface layer, business layer, and governance layer. The methods themselves can be invoked by participants in various transactions.

The execution of security transactions, from issuance to corporate actions to exit, cannot happen in a vacuum. Registered entities are accountable for knowing where these securities are, who are their holders, and the state of their compliance. More than issuing a protocol, KoreConX has taken the unique approach of providing a full operational platform as well as partnerships with other participants in the ecosystem such as broker-dealers and secondary market operators. KoreConX itself is an SEC-registered transfer agent, meaning that we can offer full custodianship services for securities.

The KoreToken architecture is modular, allowing security token designers to compose entire securities transactions and implement various use cases. The heavy lifting of blockchain functionality as well as business-related functionality such as event management, transaction management and process management are handled by the KoreChain.

Please see the following Executive KoreBriefing on The KoreToken Specification and Protocol.

We will release the detailed technical whitepaper shortly.

 

Introducing the KoreChain

The KoreChain is the first blockchain on a serious industrial-strength infrastructure that is focused exclusively on the complex world of global financial securities. The KoreChain is a permissioned Hyperledger Fabric blockchain. This gives it the native advantage of Fabric, a blockchain platform that has been engineered from the ground up for handling enterprise-class applications. KoreChain is implemented on IBM’s hosting platform since it provides the highest level of security as define by the US National Institute for Standards and Technology.

In electing Hyperledger Fabric to be the foundational blockchain infrastructure for KoreChain rather than Ethereum, we made a clear commitment to good engineering, enterprise-class architecture, and implementation with well-established tools rather than new and untested programming environments.

Hyperledger Fabric Strengthens KoreChain

The following benefits of Fabric come to us practically out of the box:

  1. Membership and access-rights management: The securities world has many complicated rules about data privacy, KYC, AML, need-to-know, etc. Some of these vary by region or by exemption rules. In addition to regulatory constraints, the platform also has to accommodate privacy conditions of participants in various transactions. Fabric provides this flexibility through channels.
  1. High levels of performance and scalability: Securities transactions are more complicated than point-of-sale authentication and authorization. While all securities transactions don’t require response and completion within seconds (as, for example, in trading), the sheer volume of multiple transactions and subsidiary events in capital markets requires a robust infrastructure that can stand up to spikes and also support secondary trading.
  2. Security and safety: The combination of Hyperledger Fabric and the hosting infrastructure at IBM provide a protected environment that includes end-to-end cryptography and the highest level of security defined by the US National Institute of Standards and Technology (NIST), the level 4 of FIPS 140-2, that includes, for example, Hardware Security Modules.

KoreChain’s Specialized Capabilities

In addition to these, KoreChain provides a number of specialized capabilities such as several layers of artificial intelligence, event management, and transaction management for securities.

All this makes the KoreChain an industrial-strength engine for KoreContracts, which are true smart contracts for financial services. One special category of KoreContracts is the  KoreTokenContract, which is the fundamental template for KoreTokens. The KoreChain is carefully designed to ensure a safe and secure environment for security tokens and their management throughout their entire lifecycle, including provision for various corporate actions.

More on these exciting developments in subsequent blogs and articles!
Please see the following introductory Executive KoreBriefing on What is KoreChain?
We will release the detailed technical whitepaper shortly.