An institutional tokenized securities offering is not a software product. It is a legal instrument, a compliance program, a technology deployment, a custody arrangement, and a market structure — simultaneously, and integrated. The architecture that supports a tokenized fund launch or a digital securities program reflects this complexity: five distinct layers that must interoperate without friction, each subject to its own regulatory regime, each involving vendors or in-house capabilities with specific technical requirements. Understanding this stack is a prerequisite for any institution evaluating whether to issue tokenized securities, and for any investor assessing the operational maturity of a program they are considering.
Layer One: Legal Structure and SPV Architecture
Every tokenized security exists within a legal wrapper. The token itself is a digital representation of rights in a legal entity — a limited partnership interest, a fund share, a beneficial interest in a trust, or a direct equity claim in a corporation. The legal structure defines what the token represents, what rights it confers, and what legal infrastructure supports the enforcement of those rights when things go wrong.
The Special Purpose Vehicle (SPV) is the most common legal container for tokenized real assets. An SPV is a legally separate entity — typically a Delaware LLC or limited partnership — that holds a specific asset or pool of assets and issues membership interests or limited partnership units that are then tokenized. The SPV structure provides bankruptcy remoteness: if the sponsor fails, the SPV’s assets (and by extension, the token holders’ rights in those assets) are isolated from the sponsor’s general creditors.
For tokenized funds — the BUIDL model, the FOBXX model — the legal structure is a registered investment company (for public products) or a private fund operating under an exemption (typically Section 3(c)(1) or 3(c)(7) of the Investment Company Act). The fund’s investment adviser is registered with the SEC; the fund itself files appropriate securities law documents; and the token is a fund share, subject to all of the legal requirements that fund shares carry.
The legal layer is the most expensive and time-consuming phase of a tokenized securities program to establish. Drafting fund documents, filing SEC registrations or exemption notices, establishing the SPV, and drafting the smart contract specifications that reflect the legal terms correctly require teams of securities counsel — Skadden, Simpson Thacher, Latham & Watkins, and similar — whose fees for a complex tokenized fund launch can reach $200,000 to $400,000 before any technology work begins.
Layer Two: Compliance and KYC Infrastructure
The compliance layer enforces the investor eligibility requirements, jurisdiction restrictions, and ongoing AML obligations that the legal structure defines. This layer is where regulatory requirements become technical specifications: who can hold this token, under what conditions, verified by whom, with what ongoing monitoring.
As discussed in the KYC/AML compliance stack article, this layer involves a combination of on-chain identity protocols (ERC-3643/ONCHAINID, Verite, Polygon ID), off-chain verification providers (Jumio, Onfido, Persona for document verification; Parallel Markets or VerifyInvestor for accredited investor status), and blockchain analytics providers (Chainalysis, Elliptic, TRM Labs for AML monitoring).
The compliance layer sits between investor onboarding and token issuance: an investor who has not passed KYC and compliance verification cannot receive tokens. This is technically enforced through whitelisting mechanisms in the smart contract — only addresses registered as compliant can send or receive tokens. The compliance layer must also handle ongoing obligations: re-verification when compliance claims expire, jurisdiction monitoring for investors who move, and sanctions screening that updates continuously.
For issuers using integrated platforms like Securitize, the compliance layer is pre-built and integrated with the token issuance infrastructure. For issuers building custom platforms, the compliance layer integration is typically the longest phase of the technology build — six to twelve weeks for a complete implementation, plus ongoing compliance program management costs.
Layer Three: Token Issuance Infrastructure
The token issuance layer is the blockchain-native core of the platform: smart contracts that govern token creation, transfer, corporate actions, and administrative functions. This is the layer where the legal rights defined in Layer One are expressed in code, and where the compliance requirements defined in Layer Two are technically enforced.
The smart contract stack for an institutional security token typically includes:
A token contract implementing a compliance-aware standard — ERC-3643, ERC-1400, or a proprietary standard. The token contract manages total supply, balances, and transfer logic. It enforces that every transfer passes compliance checks before executing.
A compliance module that implements the specific transfer restrictions for this token — jurisdiction whitelist, maximum holder counts (relevant for Section 12(g) of the Exchange Act, which triggers full reporting obligations when a class of equity security exceeds 2,000 record holders), lockup periods, and accredited investor verification requirements.
An identity registry or integration with an external identity system (ONCHAINID, Securitize’s proprietary system) that maps wallet addresses to verified investor identities.
An agent role system that grants specific administrative capabilities — forced transfer, token minting, token burning, compliance module updates — to authorized parties (the transfer agent, the issuer’s compliance team) with appropriate access controls.
A dividend / distribution module for tokens that represent income-producing assets, handling the calculation and delivery of distributions to token holders on a pro-rata basis.
The smart contract audit requirements for this layer are discussed in the smart contract security article. A full audit by a Tier-1 firm adds $120,000 to $300,000 to the infrastructure cost and four to twelve weeks to the launch timeline.
| Platform Layer | Key Components | Build Time | Estimated Cost | Key Vendors |
|---|---|---|---|---|
| Legal / SPV | Fund docs, filing, SPV formation | 3–6 months | $200K–$400K | Skadden, Latham, Sidley |
| Compliance / KYC | Identity verification, AML, sanctions | 6–12 weeks | $50K–$150K setup + ongoing | Jumio, Chainalysis, Parallel Markets |
| Token issuance | Smart contracts, audit, deployment | 8–16 weeks | $120K–$300K (audit) + dev | Securitize, Tokeny, custom dev |
| Custody | MPC or multi-sig wallet infrastructure | 2–4 weeks | $20K–$100K annually | Fireblocks, Anchorage, BitGo |
| Secondary market | ATS, liquidity, market making | Ongoing | $50K–$200K setup + brokerage | Securitize Markets, tZERO, PPEX |
Layer Four: Custody Infrastructure
The custody layer governs the secure storage and management of the private keys that control token ownership. As discussed in the institutional custody infrastructure article, this involves either a qualified custodian holding tokens on behalf of investors, or investors holding tokens in their own wallets with custody infrastructure provided by the platform.
For institutional fund products — where token holders are sophisticated institutions — custody is typically provided by qualified custodians using MPC technology (Fireblocks MPC-CMP) or multi-signature schemes. For individual investor programs, the platform may provide hosted wallets on behalf of investors, custody through a trust company subsidiary, or allow investors to self-custody in compliant wallets.
The custody layer also interfaces with the oracle infrastructure discussed previously: custodians need reliable NAV and pricing data to accurately report client holdings values. And the custody layer interfaces with the settlement infrastructure: when tokens transfer, custody systems must update their records to reflect the new beneficial ownership.
Fireblocks has become the dominant infrastructure provider for the custody layer of tokenization platforms, with its API enabling programmatic wallet creation, policy-governed transaction approval, and compliance integrations. Most institutional tokenization platforms — whether they use Securitize, Tokeny, or custom infrastructure — use Fireblocks as the wallet and MPC layer beneath their platform UI.
Layer Five: Secondary Market Infrastructure
The secondary market layer provides liquidity for token holders who want to sell their positions before the asset matures or the fund winds down. Without secondary market infrastructure, tokenized securities offer no liquidity advantage over traditional private placements — the token is simply a more technologically interesting certificate of deposit with the same illiquidity constraints.
In the United States, secondary market trading of securities (including tokenized securities) requires either a registered national securities exchange, a registered Alternative Trading System (ATS), or a broker-dealer facilitating OTC trades. Most tokenized securities secondary market activity occurs on ATS platforms, as the registration requirements are less onerous than national exchange registration.
Securitize Markets is the most prominent ATS for tokenized securities, integrated with Securitize’s issuance platform and providing a marketplace where investors in Securitize-issued tokens can trade with each other. tZERO operates an ATS and broker-dealer licensed to trade digital securities. PPEX (North Capital’s ATS) serves the smaller Regulation D tokenized securities market.
The liquidity reality for most tokenized securities, particularly private fund tokens, remains challenging: the investor base is small, trading volume is thin, and bid-ask spreads are wide. Secondary market infrastructure exists, but it does not yet provide the liquidity that would make tokenized alternatives genuinely comparable to exchange-listed products from an investor experience standpoint. This is the next major development challenge for the tokenized securities ecosystem.
Integrated vs. White-Label vs. Custom: The Build/Buy Framework
Institutions evaluating a tokenized securities program face a fundamental architecture decision: use a fully integrated platform, license a white-label solution, or build custom infrastructure.
Fully integrated platforms — Securitize being the dominant example — provide all five layers as a service. The issuer provides the legal instrument (fund documents, investment advisory agreement) and the Securitize platform handles tokenization, KYC, compliance, custody integration, and secondary market. This approach minimizes integration complexity and launches fastest, but constrains the issuer to the platform’s technical and compliance architecture. It also creates vendor dependency: if Securitize’s pricing or platform policies change, migrating to another provider is technically complex.
White-label platforms — Tokeny, Polymath, and others — provide the smart contract infrastructure and compliance modules that issuers can deploy under their own branding and operate themselves. Tokeny’s ERC-3643 framework is the most institutionally mature white-label option, used by issuers in Europe and the US who want standard compliance infrastructure with the flexibility to choose their own custody providers, verification vendors, and market venues. The white-label approach requires more technical resources but provides greater flexibility and less vendor dependency.
Custom infrastructure — building the smart contracts, compliance modules, and platform integrations from scratch — is appropriate only for large institutions with sufficient technical teams and the scale to amortize development costs. Franklin Templeton’s FOBXX is an example of a custom approach: the firm built its own blockchain-as-record transfer agent infrastructure rather than using a third-party platform. BlackRock used Securitize for BUIDL rather than building custom infrastructure, suggesting that even the world’s largest asset manager prefers integration over custom development for its first tokenized product.
The API Economy of Tokenization
The tokenization platform architecture increasingly operates as an API economy: discrete infrastructure services that can be mixed and matched by issuers constructing their platform stacks. Fireblocks provides the custody and wallet API. Chainlink provides the oracle and cross-chain interoperability API. Chainalysis provides the AML screening API. Securitize provides the transfer agent and investor relations API. Parallel Markets provides the accredited investor verification API.
This API modularity creates flexibility — an issuer can choose best-in-class providers for each layer rather than accepting a bundled platform’s choices across the board. It also creates integration complexity: each API must be integrated with the others, the data formats must be compatible, and the operational dependencies must be managed.
The modular architecture also creates resilience: if one API provider has an outage or fails, the platform can potentially substitute an alternative provider for that specific layer without rebuilding the entire stack. Contrast this with a fully integrated platform: if Securitize experiences a significant service disruption, all aspects of a Securitize-dependent program are affected simultaneously.
Cost Framework for a Full STO
Drawing together the layer-by-layer cost estimates, a full institutional security token offering — a tokenized private fund with $50 million to $100 million initial target capitalization — requires infrastructure investment in the range of $150,000 to $400,000 for setup, plus ongoing annual costs of $200,000 to $500,000 for compliance, custody, and platform services.
The specific cost distribution varies significantly by approach: a Securitize-integrated program may cost $200,000 in legal fees and $40,000 annually in platform fees. A custom-built program with Tier-1 audit, Fireblocks custody, and proprietary compliance integration may cost $600,000 in initial investment with $150,000 annually in infrastructure fees. The build-vs-buy decision for tokenized securities programs is ultimately a cost/control tradeoff: more control over the architecture costs more money and takes more time, while platform-integrated solutions move faster and cost less but constrain flexibility.
For institutions evaluating the economics, the relevant comparison is not to the cost of traditional fund administration (which runs 0.15% to 0.50% of AUM annually) but to the revenue and operational advantages that tokenization enables: lower minimum investment thresholds that expand the investor universe, automated compliance that reduces administrative overhead, and the long-term infrastructure for secondary market liquidity that may eventually reduce the illiquidity premium demanded by private fund investors.
The technology investment in tokenization platform architecture is ultimately a bet on the future liquidity and distribution efficiency of private markets. The firms making that investment most thoughtfully — with rigorous attention to each layer of the stack, realistic assessment of build vs. buy economics, and institutional-grade security and compliance at every layer — are the ones best positioned to capture that future.