Skip links

Three Layers of Cross-Border Regulatory Conflict in Tokenized Securities

A line of dominoes with a broken gap in the middle where the chain has stopped falling, representing the non-atomic propagation of regulatory action in cross-border tokenized securities markets.

TL;DR

  • Cross-border tokenized securities do not face a single regulatory problem. They face three distinct conflict layers that interact: settlement cycle mismatch, KYC/AML incompatibility, and non-atomic regulatory action.
  • Each layer is manageable in isolation. In combination, they generate a compliance complexity that grows polynomially, not linearly, with the number of jurisdictions.
  • Existing approaches (common legal frameworks, regulatory sandboxes, jurisdiction-specific compliance systems) do not resolve this complexity. They manage it, defer it, or exclude it from scope.
  • The technical condition that all three layers converge on is the same: atomic cross-jurisdictional synchronization of regulatory state. Without it, production-scale cross-border tokenization operates inside an enforcement vacuum.

The Ghost of Herstatt

On June 26, 1974, the German regulator closed Bankhaus Herstatt. The bank had received Deutsche Mark from counterparties earlier that day, under foreign exchange contracts that obliged it to deliver US dollars in New York later the same day. When New York opened, the dollars never came. Counterparties had already irrevocably paid their side of the trade. The other side was now a claim against a failed bank.

The Herstatt risk (the risk that one side of a cross-border settlement is irrevocably paid while the other side fails) became the foundational lesson of modern financial infrastructure. Every piece of cross-border settlement plumbing built in the fifty years since exists, in some way, to address it. CLS Bank, Delivery-versus-Payment, Payment-versus-Payment, central counterparty clearing. The entire architecture of cross-border finance is a response to a single event in 1974.

Herstatt was, at its core, a problem of time zones. The gap between Frankfurt’s closing hours and New York’s opening hours was the window in which the asymmetry became unrecoverable. Fifty years of infrastructure have not eliminated that window. They have managed it.

The problem of 1974 was a gap in time. The same problem in 2026 operates in space. BlackRock’s BUIDL is currently deployed across nine chains, including Ethereum, Arbitrum, Solana, and Base. The same token exists as a US Treasury-backed asset under US securities law, is simultaneously exposed to EU investors under ESMA’s MiCA framework, and is simultaneously tradable on venues overseen by the Monetary Authority of Singapore. If one regulator issues a freeze order against this asset, how does that order reach the other eight environments? This is not a hypothetical. It is the live operating condition of the largest tokenized securities in circulation today.

This essay argues that cross-border tokenized securities trading does not face one regulatory conflict. It faces three, each operating at a different layer of the trade lifecycle, each interacting with the others, and each individually addressable but not collectively resolved by any existing approach.

Layer One: Settlement Cycle Mismatch

In May 2024, the United States moved to T+1 settlement for equities. The European Union, the United Kingdom, and Switzerland committed to following in October 2027. For the intervening period (and arguably beyond) cross-border trades involving US and European counterparties will settle on different cycles. A trade executed on a European venue whose underlying asset clears in the US will have one leg settling on T+1 and the other on T+2.

This is a problem that cross-border finance has absorbed many times before. What makes the T+1/T+2 gap structurally different for tokenized assets is not the gap itself. It is the fact that tokenization introduces a third, invisible cycle: the on-chain settlement cycle, which is measured in seconds rather than days.

When a European investor buys a tokenized US Treasury on an on-chain venue, the on-chain transfer can finalize in under a minute. The underlying US Treasury, however, still settles on T+1 in the traditional clearing system. For the window between on-chain finality and off-chain settlement, the investor holds something that exists on-chain but has no fully settled off-chain counterpart. During that window, regulatory status, legal ownership, and economic exposure are distributed across at least two jurisdictions and at least two finality regimes.

The US SEC and ESMA have published guidance on T+1 cross-border implementation. Neither has published guidance on how this interacts with on-chain settlement of tokenized versions of the same asset. The gap is not neglect. It is that the category of a token whose off-chain leg is still settling does not yet have a clear regulatory treatment in either framework.

Layer Two: KYC/AML Incompatibility

A European investor completes KYC under ESMA-aligned procedures on a European venue and receives permission to trade tokenized securities. The investor transfers the resulting tokens to a self-custody wallet. From that wallet, the tokens are traded on a venue in Hong Kong, which operates under the Securities and Futures Commission (SFC). The Hong Kong venue applies its own KYC procedures, which differ in categorical structure and in required data fields from the European ones.

Two questions arise. First, does the European KYC satisfy the Hong Kong requirement? The legal answer is: probably not without additional verification, because the two jurisdictions have not established formal mutual recognition of retail investor classifications. Second, if the Hong Kong venue re-verifies the investor, what happens to the status of the tokens already held in the wallet? Are they “known-KYC tokens” from Europe’s perspective but “unknown-KYC tokens” from Hong Kong’s perspective, simultaneously?

The current answer, in practice, is that this question is deferred to the venue level. Each venue applies its own KYC before allowing a token to be traded on its platform. The underlying token does not carry a verifiable KYC status that travels with it across venues. This works, with significant friction, when the venues are permissioned and the token is only ever traded through them. It does not work when the token is also tradable on permissionless venues, or when it passes through self-custody wallets between permissioned venues.

FATF‘s recommendations on Virtual Asset Service Providers (the Travel Rule) were designed to address a version of this problem by requiring that originator and beneficiary information travel with a transfer. Implementation has been uneven across jurisdictions, and the FATF framework does not attempt to reconcile substantive KYC requirements across jurisdictions. It requires that information be transmitted, not that the categorical definitions of eligible investor, accredited investor, or politically exposed person be harmonized.

The result is that a single tokenized asset, moving across jurisdictions, can simultaneously be in different KYC states depending on which jurisdiction’s rules are applied to evaluate it. This is not a bug of any single regulatory framework. It is a structural consequence of asset mobility outpacing the harmonization of investor classification.

Layer Three: Non-Atomic Regulatory Action

The sharpest layer of conflict emerges when regulators issue action orders against tokenized assets. Consider a concrete scenario. A tokenized bond is issued by a Hong Kong-regulated entity and held by investors across three jurisdictions. On a given day, three regulators reach three different conclusions about this asset.

The US SEC or OFAC determines that the issuing entity has violated a sanctions requirement and issues a FREEZE order against all US-held positions in the asset. The Hong Kong SFC, at the same time, conducts an eligibility review and issues a RESTRICT order limiting the asset to accredited investors. The Monetary Authority of Singapore, evaluating the same asset, concludes that no action is required. Three orders, three jurisdictions, one asset, and no protocol-level layer that determines how they compose.

Cross-Border Regulatory Action Conflict
US SEC / OFAC FREEZE Sanctions violation HONG KONG SFC RESTRICT Accredited investors only SINGAPORE MAS NO ACTION Review complete TOKENIZED ASSET Same token, same moment No protocol-level layer resolves how three orders compose. Each applies only within its direct reach.
US SEC / OFAC
FREEZE
Sanctions violation on issuing entity
Hong Kong SFC
RESTRICT
Accredited investors only
Singapore MAS
NO ACTION
Review complete
TOKENIZED ASSET
Same token · same moment
No protocol-level layer resolves how three orders compose. Each applies only within its direct reach.

Figure 1: Cross-border regulatory action conflict. Three jurisdictions, one asset, no resolution layer.

What does a FREEZE compose with a RESTRICT? If a token is both frozen (no transfers permitted) and restricted (transfers permitted only between accredited investors), is the resulting state effectively FREEZE? Is it RESTRICT with the FREEZE taking precedence on US-held positions? Is it the intersection, which is equivalent to FREEZE? There is no protocol-level answer, because there is no protocol-level semantics for what it means to compose two regulatory actions originating from different jurisdictions.

The current practice is that each jurisdiction’s action is applied only within the venues or custodians it directly regulates. The Hong Kong RESTRICT is applied at HKSFC-licensed platforms. The US FREEZE is applied at US-registered broker-dealers and custodians. The token itself, moving across self-custody wallets or permissionless venues, carries neither status. The same token, in the same moment, is in a frozen state from one regulator’s perspective and an unrestricted state from another’s, and neither state is enforceable on the segments of the network outside that regulator’s direct reach.

This is what non-atomic regulatory action means. Regulatory state is not synchronized across the domains in which the asset exists. The action, once issued, propagates through human and institutional channels (letters, notifications, compliance workflows) rather than through any mechanism that makes the action simultaneously effective wherever the asset is.

The Exponential Growth of Complexity

In the previous research, the complexity of the pilot-to-production transition was analyzed. A single jurisdiction with a small number of participants trading a single asset type is a manageable complexity. When this expands to multiple jurisdictions, multiple participants, and multiple asset types, complexity grows combinatorially rather than linearly.

The three conflict layers in a cross-border environment are not independent. They interact. Settlement cycle mismatch makes it ambiguous which jurisdiction’s legal custody governs an asset at which moment. That ambiguity makes it harder to determine which jurisdiction’s KYC/AML requirements apply. The ambiguity of KYC status makes it harder to determine the enforcement jurisdiction of a regulatory action. The three layers are circularly entangled.

This can be formalized as follows:

$$\text{RegComplexity}(n, k, m) = O(n^k \cdot m)$$

where \(n\) is the number of jurisdictions, \(k\) is the average interdependence of regulatory requirements (in real cross-border environments, \(k > 1\)), and \(m\) is the number of asset types.

Hastily written formula on a canteen napkin showing polynomial complexity growth in cross-border tokenized securities compliance

The moment the exponent was circled twice, when it became clear that k>1 was not a technicality but the entire shape of the problem.

As long as \(k > 1\), complexity grows polynomially with the number of jurisdictions rather than linearly. And \(k\) is greater than one precisely because regulatory requirements are not independent of each other, which is the condition the three interacting layers above have already demonstrated.

Regulatory Complexity vs. Jurisdiction Count
Complexity (relative) Number of jurisdictions (n) 12 34 56 7 025 50100 Linear (k=1) Polynomial O(n^k · m), k>1 Pilot zone Production zone Three conflict layers interact; k is always greater than one in real cross-border environments.

Figure 2: Growth of regulatory compliance complexity with jurisdiction count

The Limits of Existing Approaches

The existing responses to this complexity fall into three categories, and each category has a structural limit.

Common legal frameworks, such as the ISDA Master Agreement, resolve jurisdictional conflict at the contract level. Counterparties agree in advance on a governing law, a forum for disputes, and a set of fallback rules. This works when the counterparties are known to each other and when the instrument is bilaterally negotiated. It does not extend to anonymous on-chain trading, permissionless secondary markets, or the transfer of a tokenized asset through self-custody wallets between venues.

Regulatory sandboxes, such as the HKMA-MAS Fintech Bridge, allow multiple regulators to jointly approve a narrow pilot program that operates across their combined jurisdictions. This can demonstrate that specific cross-border flows are feasible under coordinated supervision. The structural limit of this approach is that sandboxes work by removing the complexity they are supposed to resolve. They operate in a controlled environment, with pre-approved participants, on a single asset class. They do not eliminate production-scale complexity. They defer it.

Jurisdiction-specific compliance systems, such as those built by Chainalysis and Fireblocks, implement each jurisdiction’s requirements independently and coordinate them through runtime rule engines. Adding a jurisdiction adds rules, and the rule engine’s complexity grows with each addition. There is no meta-layer that resolves conflicts between rules. Conflict resolution always happens off-chain, through human intervention, after the fact.

Existing Approaches to Cross-Border Compliance
APPROACH 1 Common Legal Frameworks e.g. ISDA Master Agreement MECHANISM Bilateral pre-agreed governing law and forum WORKS WHEN Counterparties known, instrument negotiated LIMIT Fails on permissionless venues, self-custody Excludes from scope APPROACH 2 Regulatory Sandboxes e.g. HKMA-MAS Fintech Bridge MECHANISM Joint supervision of pre-approved pilot WORKS WHEN Controlled participants, single asset class LIMIT Works by removing the complexity it resolves Defers complexity APPROACH 3 Jurisdiction Compliance Stacks e.g. Chainalysis, Fireblocks MECHANISM Per-jurisdiction rules, runtime rule engine WORKS WHEN Each jurisdiction handled independently LIMIT No meta-layer resolves inter-rule conflicts Manages after the fact None provides protocol-level atomic resolution of conflicting regulatory state.
APPROACH 1
Common Legal Frameworks
Example: ISDA Master Agreement
Works when: Counterparties known, instrument negotiated
Limit: Fails on permissionless venues and self-custody transfers
Excludes complexity from scope
APPROACH 2
Regulatory Sandboxes
Example: HKMA-MAS Fintech Bridge
Works when: Controlled pilot, single asset class
Limit: Works by removing the complexity it resolves
Defers complexity
APPROACH 3
Jurisdiction Compliance Stacks
Example: Chainalysis, Fireblocks
Works when: Rules handled independently per jurisdiction
Limit: No meta-layer resolves inter-rule conflicts
Manages after the fact

Figure 3: Comparison of existing cross-border compliance approaches. Each manages or defers conflict rather than resolving it.

What This Problem Requires to Be Solved

The three conflict layers converge on a set of technical conditions. They are not independent conditions. They are layered, with each building on the previous. Stated in the order in which they must be satisfied:

Condition 1: A Shared Regulatory Vocabulary

This is what the settlement cycle and KYC layers point toward. When regulators in different jurisdictions issue commands (freeze, restrict, recover) those commands must be interpretable under a single semantics. A FREEZE issued by the SEC and a FREEZE issued by the SFC must refer to the same category of state transition on the underlying token. This is not primarily a technical standard. It is a standardization of regulatory language itself. Without it, the other two conditions cannot be defined, because there is no common object they operate on.

Condition 2: A Deterministic Priority Mechanism

This is what the non-atomic regulatory action layer points toward. When two regulatory commands originating from different jurisdictions arrive at the same token, there must be a protocol-level rule that determines which takes precedence, or how the two compose. The rule must be deterministic (the same inputs must always produce the same outcome) and it must be defined in advance of any specific conflict. Without this, the shared vocabulary is useless, because two valid commands in that vocabulary can still produce undefined behavior when they meet.

Condition 3: Atomic Cross-Domain Propagation

This is what the three layers jointly point toward. Once a regulatory command has been issued and its priority resolved, its application must reach every domain in which the asset exists, at once. “At once” here has a strict meaning: at no point should it be possible to observe an intermediate state in which the command has been applied to some domains and not others. Partial application is itself a new form of state inconsistency, arguably worse than non-propagation, because it creates enforceable fictions about the asset’s status.

The three conditions are layered. Without a shared vocabulary, priority cannot be defined. Without priority, atomic propagation is not deterministic. Without atomic propagation, neither of the first two conditions delivers enforceable outcomes. Each depends on the ones before it.

A hard limit must be acknowledged here. Even if all three technical conditions are met, the problem is not solved. If regulators do not agree on the shared vocabulary or the priority rules, no amount of technical infrastructure closes the enforcement gap. This is a technical problem and a policy problem at the same time. The progress of the two layers is not independent. Policy agreement presupposes technical expressibility. Technical implementation presupposes policy clarity. In that circularity, neither layer is currently advancing far enough.


Conclusion: Complexity Cannot Be Deferred

The previous research identified three bottlenecks in the transition from institutional tokenization pilots to production. One of them (the Pilot Success Fallacy) was that pilot environments depend on simplifications they themselves remove: a single jurisdiction, a small set of known participants, a single asset type.

A cross-border environment removes all three simplifications at once. And the complexity produced by that removal is not linear. In an environment where settlement cycle mismatch, KYC/AML incompatibility, and the non-atomicity of regulatory action interact, complexity grows polynomially, and no existing approach resolves it at its root.

That complexity can be deferred. Joint pilots, sandboxes, and bilateral agreements can manage it in specific environments for specific periods. But for cross-border tokenized securities to become real infrastructure in global capital markets, the complexity has to be handled at the protocol layer, not at the contract layer, not at the venue layer, not at the human workflow layer that currently absorbs it.

What that protocol layer should look like is still an open question. What it must do is no longer an open question. It must provide a shared regulatory vocabulary, a deterministic mechanism for resolving conflicting commands within that vocabulary, and the atomic propagation of resolved commands across every domain in which an asset exists. These are not three desirable properties. They are three necessary conditions, each dependent on the one before it.

The next research will examine how this question connects to the conditions under which DeFi protocols can accept RWA as genuine collateral.


References

[1] Bank for International Settlements. (1996). Settlement Risk in Foreign Exchange Transactions. bis.org/publ/work37.htm
[2] BNP Paribas Securities Services. (2026). T+1 in Europe: What’s next for the EU, the UK and Switzerland? securities.cib.bnpparibas
[3] Bank of America Securities. Global Accelerated (T+1) Settlement. business.bofa.com
[4] TD Securities. (2024). The Cross-Border Implications of T+1 Settlement. tdsecurities.com
[5] US SEC. (2026). Remarks at the Asset Management Derivatives Forum 2026. sec.gov
[6] Katten. (2025). SEC Clears Path for Tokenized Securities. quickreads.ext.katten.com
[7] Grant Thornton. (2026). Crypto compliance in 2026: AML, sanctions and what’s next. grantthornton.com
[8] International Monetary Fund. (2026). Tokenized Finance. IMF Note 2026/001. imf.org
[9] Kim, J. & Hong, J. (2026). A Regulatory Compliance Protocol for Asset Interoperability Between Traditional and Decentralized Finance in Tokenized Capital Markets. arXiv:2603.29278. doi.org/10.48550/arXiv.2603.29278

Learn More

The Institutional Tokenization Ceiling: Why Every Pilot Succeeds and Every Scale-Up Stalls →
The RWA 2.0 Declaration: Blockchain Innovation That Embraces Legacy →

Read Next

Cross-Domain State Preservation Proofs Are Now Public and Verifiable
Oraclizer's cross-domain state preservation proofs are now public: we proved and machine-verified that a regulated asset's state stays consistent across public blockchains, enterprise ledgers, and off-chain systems. The full proof is open source under BSD-3-Clause, so it is not a promise to trust but a result anyone can build and check.
Oraclizer Core ⋅ Jun 24, 2026
Three Category Axioms, One Proved Functor
A research-journal account of mechanizing the functor laws and the degree-hierarchy natural transformation in Isabelle/HOL, where the obstacles were almost never the mathematics. The measure decrease I feared closed at once; a reserved keyword broke seven builds; a finiteness clash forced a redefinition; and the code overturned my belief that glue gives validity.
Oraclizer Core ⋅ Jun 06, 2026
Insurance and Recovery Economics: Preparing for Black Swan Events
Earlier designs cut node risk by 73%, but the unpredictable 27% needs different rules. This study fixes how a staking insurance pool is sized (15% of stake, not protected value), bootstrapped, and banded; why a reserve held in its own token collapses with it; and how session protection follows the sync-degree hierarchy when security breaks mid-session.
Oraclizer Core ⋅ May 29, 2026
Tokenized Securities Under the CLARITY Act: The Weight of Codification
The CLARITY Act tokenized securities clause settles a single proposition in statute: tokenization is a delivery method, not a new asset class. That one sentence codifies the regulatory status of tokenized securities in U.S. law for the first time and derives an entire infrastructure specification for boundaries the token crosses.
Oraclizer Core ⋅ May 23, 2026