Part 5: Security Token Offerings Compliance | CBCL Module 6

6.5.1 Introduction: The STO Alternative

Security Token Offerings (STOs) represent a regulatory-compliant alternative to the largely unregulated ICO model. Rather than attempting to avoid securities classification, STOs embrace it - issuing tokens that are explicitly securities and complying with applicable securities regulations. This approach provides legal clarity and investor protection at the cost of increased regulatory burden.

Security Token Offering (STO)

A method of raising capital by issuing digital tokens that are explicitly designed as securities (representing equity, debt, revenue rights, or other investment interests), with full compliance with applicable securities regulations including registration/exemption requirements, disclosure obligations, and trading restrictions.

STO vs. ICO: Fundamental Distinction

The fundamental distinction between STOs and ICOs is regulatory posture:

Characteristic	ICO	STO
Regulatory approach	Often attempts to avoid securities classification	Explicitly embraces securities status
Token rights	Usually utility or ambiguous	Clear investment rights (equity, debt, revenue)
Investor access	Generally open to public	Often restricted to qualified investors
Disclosure	Whitepaper (variable quality)	Compliant offering documents
Secondary trading	Unregulated crypto exchanges	Licensed platforms/exchanges
Investor protection	Minimal	Full securities law protection
Legal risk	High (enforcement risk)	Lower (compliant if done correctly)

Benefits of the STO Model

Legal clarity: Compliance with known regulatory framework reduces enforcement risk
Investor confidence: Regulatory compliance signals legitimacy
Institutional participation: Regulated offerings enable institutional investment
Asset tokenization: Traditional assets (real estate, equity, debt) can be tokenized
Global capital access: Compliant offerings can access regulated global markets
Liquidity potential: Trading on licensed platforms enables regulated secondary markets

Challenges of STOs in India

Despite the benefits, STOs face significant challenges in the Indian context:

No specific STO regulations: India has not enacted STO-specific rules
Existing regulations not designed for tokens: SEBI ICDR, Companies Act assume traditional securities
No licensed security token exchanges: Secondary trading infrastructure absent
Custody challenges: No regulated crypto custodians for security tokens
Transfer agent issues: Blockchain-based registry not recognized

*The Compliance Paradox

STOs face a paradox in India: they are explicitly securities requiring SEBI compliance, but existing regulations were not designed for tokenized securities. An STO issuer must navigate regulations that assume traditional securities infrastructure (registrars, depositories, exchanges) while using blockchain technology that operates differently. This creates interpretive challenges but not impossibility - careful structuring can achieve compliance.

6.5.2 STO Regulatory Framework in India

A Security Token Offering by an Indian company or to Indian investors engages multiple regulatory frameworks. This section maps the applicable regulations and identifies the key compliance requirements.

Primary Regulatory Statutes

SEBI Act, 1992

SEBI has primary jurisdiction over securities offerings:

Section 11 grants SEBI broad powers to regulate securities market
Section 11A requires registration for issue of securities to public
Section 11AA covers collective investment schemes
Various SEBI Regulations apply depending on offering type

Securities Contracts (Regulation) Act, 1956

SCRA provides the securities definition and trading framework:

Section 2(h) defines "securities" - security tokens must fit this definition
Section 13 prohibits trading except on recognized stock exchanges
Section 28 requires recognition for securities exchanges

Companies Act, 2013

Company law governs securities issuance by companies:

Section 23 - Public offer vs. private placement distinction
Section 42 - Private placement requirements
Section 62 - Issue of securities by companies
Chapter III - Prospectus requirements for public offers

Applicable SEBI Regulations

Regulation	Applicability	Key Requirements
SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018	Public offerings of securities	DRHP, prospectus, SEBI approval, exchange listing
SEBI (Alternative Investment Funds) Regulations, 2012	Pooled investment vehicles	Fund registration, investment manager, custodian
SEBI (Collective Investment Schemes) Regulations, 1999	CIS (if token qualifies)	CIS registration, trustee, offer document
SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015	Listed securities	Continuous disclosure, corporate governance
SEBI (Depositories and Participants) Regulations, 2018	Dematerialized securities	Depository registration, participant requirements

Regulatory Pathway Options

Depending on offering structure, different regulatory pathways may apply:

Option 1: Public Offer (SEBI ICDR)

Full SEBI ICDR compliance
Prospectus filing and SEBI approval
Stock exchange listing
Suitable for: Large offerings to general public

Option 2: Private Placement (Section 42)

Limited to 200 persons per offer
Private placement offer letter
No SEBI approval required
Suitable for: Small offerings to known investors

Option 3: Alternative Investment Fund

Register as AIF with SEBI
Pooled vehicle investing in underlying assets
Minimum Rs. 1 crore investment
Suitable for: Qualified investors, fund structures

!Practical Pathway Assessment

For most STO projects, the AIF route offers the most practical compliance pathway in India. Public offerings require exchange listing (unavailable for security tokens), and private placements are severely limited (200 persons). AIFs can accommodate token structures while maintaining SEBI compliance, though minimum investment requirements restrict retail participation.

6.5.3 SEBI ICDR Regulations, 2018

The SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2018 govern public offerings of securities in India. Understanding these regulations is essential for assessing the feasibility of public STOs, even though practical barriers currently prevent their use for security tokens.

Overview of SEBI ICDR

SEBI ICDR replaced the earlier SEBI (Issue of Capital and Disclosure Requirements) Regulations, 2009, consolidating and modernizing public offering requirements:

"These regulations shall apply to - (a) public issue; (b) rights issue, where the aggregate value of specified securities offered is fifty crore rupees or more; (c) preferential issue; (d) qualified institutions placement; (e) bonus issue; (f) institutional placement programme; (g) issue of convertible securities." Regulation 3, SEBI ICDR Regulations, 2018

Public Issue Requirements

A public issue of security tokens would require compliance with Chapter II of ICDR:

Eligibility Requirements (Regulation 6)

Net tangible assets of at least Rs. 3 crore in each of preceding 3 years
Operating profit from operations for at least 3 of preceding 5 years
Net worth of at least Rs. 1 crore in each of preceding 3 years
Aggregate of proposed issue and previous issues in same financial year does not exceed 5 times pre-issue net worth

Draft Red Herring Prospectus (Regulation 26)

DRHP must be filed with SEBI at least 21 days before filing prospectus
Must contain all material information as per Schedule VI
Risk factors prominently disclosed
Basis for issue price
Objects of the issue and use of proceeds

Listing Requirement

Regulation 32 requires that securities offered in a public issue must be listed on a recognized stock exchange:

"An issuer making a public issue of specified securities shall ensure that the specified securities are listed on one or more recognized stock exchanges..." Regulation 32, SEBI ICDR Regulations, 2018

!Listing Barrier for STOs

The listing requirement presents an insurmountable barrier for security token public offerings. Indian stock exchanges (BSE, NSE) do not list blockchain-based security tokens. Until exchanges develop security token listing frameworks, public STOs under ICDR are not feasible. This is a regulatory infrastructure gap, not a legal prohibition - the regulations could theoretically accommodate security tokens if exchanges were willing and technically capable.

Theoretical STO Public Offer Structure

If listing were available, a public STO would require:

DRHP preparation: Draft Red Herring Prospectus with full disclosures
SEBI filing: File DRHP with SEBI for review
SEBI observation: Address SEBI comments and observations
Exchange in-principle approval: Obtain listing approval from exchange
RHP filing: File Red Herring Prospectus with ROC
Public offer period: Open issue for subscription
Allotment: Allocate tokens to subscribers
Listing: List tokens on exchange for trading

6.5.4 Private Placement under Companies Act

Section 42 of the Companies Act, 2013 provides a pathway for issuing securities without full public offer compliance. Private placement is the most accessible route for small-scale security token offerings, though numerical limitations constrain its utility.

Section 42 Requirements

Section 42 governs private placement of securities:

"42(1) A company may, subject to the provisions of this section, make a private placement of securities.

(2) A private placement shall be made only to a select group of persons who have been identified by the Board (such persons being not more than two hundred in the aggregate in a financial year excluding the qualified institutional buyers and employees of the company being offered securities under a scheme of employees stock option), whose names are recorded by the company prior to the invitation to subscribe..." Section 42(1)-(2), Companies Act, 2013

Key Private Placement Limitations

200-Person Limit

The most significant constraint is the 200-person limit per financial year:

Maximum 200 persons (not 200 per offer - 200 total in a year)
Qualified Institutional Buyers (QIBs) excluded from count
ESOP recipients excluded from count
Exceeding limit converts offering to "deemed public issue"

Private Placement Offer Letter

Rule 14 of Companies (Prospectus and Allotment of Securities) Rules, 2014 prescribes requirements:

Serially numbered and addressed to identified persons
Contains specified particulars per Form PAS-4
Offeree must record name before invitation
Money received only through banking channels
Offer valid for 30 days from date of issue

Prohibited Activities

Private placement prohibits certain activities:

No advertisement or media announcement
No marketing to general public
No distribution of offer documents except to identified persons
No website posting of offer (unless password-protected for invitees)

Private Placement for Security Tokens

Applying Section 42 to security tokens:

Requirement	Traditional Securities	Security Token Adaptation
Offer letter	Physical/electronic Form PAS-4	Digital offer letter with token details
Payment	Bank transfer	Bank transfer (crypto payment problematic)
Allotment	Certificate/demat credit	Token transfer to wallet
Registry	Share register, depository	Blockchain record + company register
Transfer	Demat transfer	On-chain transfer (restricted)

!Section 42 STO Structure

For a compliant private placement STO: (1) Identify specific investors (max 200); (2) Record names before invitation; (3) Issue private placement offer letter per PAS-4 with token-specific disclosures; (4) Accept payment only via bank transfer; (5) Pass board resolution approving private placement; (6) File return of allotment with ROC within 30 days; (7) Issue security tokens to investor wallets; (8) Maintain both blockchain record and statutory register.

Deemed Public Issue Risk

Section 42(7) provides severe consequences for exceeding private placement limits:

"If a company makes an offer or accepts monies in contravention of this section, the company, its promoters and directors shall be liable for a penalty which may extend to the amount raised through the private placement or two crore rupees, whichever is lower..." Section 42(7), Companies Act, 2013

Additionally, the offering becomes a "deemed public issue" requiring full prospectus compliance retroactively - practically impossible to achieve.

6.5.5 Alternative Investment Fund Route

The SEBI (Alternative Investment Funds) Regulations, 2012 provide the most practical pathway for security token offerings in India. By structuring a token offering as an AIF, issuers can achieve SEBI compliance while accommodating blockchain-based securities.

AIF Regulatory Framework

SEBI AIF Regulations define Alternative Investment Fund as:

"'Alternative Investment Fund' means any fund established or incorporated in India in the form of a trust or a company or a limited liability partnership or a body corporate which - (i) is a privately pooled investment vehicle which collects funds from sophisticated investors, whether Indian or foreign, for investing it in accordance with a defined investment policy for the benefit of its investors." Regulation 2(1)(b), SEBI AIF Regulations, 2012

AIF Categories

AIFs are classified into three categories based on investment strategy:

Category I AIF

Funds investing in start-ups, early stage ventures, social ventures, SMEs, infrastructure:

Venture Capital Funds
SME Funds
Social Venture Funds
Infrastructure Funds
Government incentives may be available

Category II AIF

Funds that do not fall into Category I or III, and do not undertake leverage:

Private Equity Funds
Debt Funds
Fund of Funds
No leverage except to meet temporary funding requirements
Most flexible category for general investment

Category III AIF

Funds employing diverse or complex trading strategies including leverage:

Hedge Funds
PIPE Funds
May employ leverage through investment in listed/unlisted derivatives
Higher risk strategies permitted

AIF Registration Requirements

Requirement	Category I	Category II	Category III
Minimum corpus	Rs. 20 crore	Rs. 20 crore	Rs. 20 crore
Minimum investment	Rs. 1 crore	Rs. 1 crore	Rs. 1 crore
Manager commitment	2.5% or Rs. 5 crore (lower)	2.5% or Rs. 5 crore (lower)	5% or Rs. 10 crore (lower)
Maximum investors	1000 per scheme	1000 per scheme	1000 per scheme
Registration fee	Rs. 5 lakh	Rs. 5 lakh	Rs. 15 lakh

Structuring a Tokenized AIF

A tokenized AIF structure can achieve compliance while utilizing blockchain:

Register AIF with SEBI: Obtain Category I, II, or III registration based on investment strategy
Establish fund structure: Trust with trustee, investment manager, custodian
Token design: Create security tokens representing units in the AIF
Private placement memorandum: Detailed disclosure document per AIF Regulations
Investor onboarding: KYC, minimum investment verification, accredited investor checks
Capital call: Collect investments via banking channels
Token issuance: Issue AIF unit tokens to investor wallets
Investment deployment: Deploy capital per investment policy
NAV calculation: Regular valuation and reporting
Distributions: Returns distributed to token holders

*AIF Token Advantages

The AIF route offers several advantages for STOs: (1) Clear SEBI regulatory framework; (2) 1000 investors per scheme (vs. 200 for private placement); (3) Sophisticated investor requirement aligns with security token market; (4) Fund structure accommodates various underlying investments; (5) Potential for secondary transfers between qualified investors; (6) International investor participation possible under FVCI/FPI routes.

Practical Considerations

Custody Requirements

Regulation 20 requires custodian for AIF assets. For tokenized AIFs:

SEBI-registered custodian must hold underlying assets
Token custody arrangements need careful structuring
Private keys may need custodian safekeeping
Hot wallet/cold wallet separation recommended

Transfer Restrictions

AIF units can only be transferred to other eligible investors:

Transferee must meet minimum investment requirement
KYC/accreditation verification needed
Smart contract can enforce transfer restrictions
Manager approval may be required

Exit Mechanism

Unlike exchange-traded securities, AIF exits are typically:

Redemption at NAV (close-ended funds at maturity)
Secondary sale to other qualified investors
Listing of AIF units (if exchange supports)
Token buyback by fund (if permitted by documents)

6.5.6 Tokenization Technology and Standards

The technical implementation of security tokens must support regulatory compliance requirements. This section examines token standards, smart contract features, and technical infrastructure needed for compliant STOs.

Security Token Standards

Various token standards have emerged for security tokens, primarily on Ethereum:

ERC-1400 Security Token Standard

The most widely adopted security token standard, designed specifically for compliant securities:

Partitioned tokens: Tokens can be divided into tranches with different rights
Document management: On-chain references to legal documents
Transfer restrictions: Programmable restrictions on who can hold/transfer
Forced transfers: Enables corporate actions like forced buybacks
Issuance/redemption: Controller can issue or redeem tokens

ERC-1404 Simple Restricted Token

Simpler standard focused on transfer restrictions:

Transfer restriction checks before any transfer
Returns specific reason codes for failed transfers
Easier implementation than ERC-1400
May be sufficient for simpler STO structures

ERC-3643 (T-REX)

Token for Regulated EXchanges - institutional-grade standard:

On-chain identity management
Claim-based verification (investor accreditation claims)
Modular compliance rules
Used by major institutional platforms

Required Technical Features

Compliant security tokens require specific technical capabilities:

1. KYC/AML Integration

Whitelist of verified investor addresses
Integration with KYC providers
Only whitelisted addresses can receive tokens
Blacklist capability for AML compliance

2. Transfer Restrictions

Lock-up period enforcement
Maximum holder limits
Geographic restrictions
Investor qualification checks

3. Corporate Actions

Dividend distribution capability
Voting mechanism for governance
Token split/consolidation
Forced transfer for regulatory compliance

4. Regulatory Compliance

Pause functionality (halt trading if required)
Admin controls for issuer/regulator
Audit trail and transaction history
Reporting data extraction

!Smart Contract Audit Requirement

Security token smart contracts MUST undergo professional security audit before deployment. Bugs in security token contracts can result in loss of investor funds, regulatory violations, or inability to enforce compliance rules. Engage reputable audit firms, address all findings, and publish audit reports to investors. Multiple audits from different firms provide additional assurance.

Infrastructure Requirements

Component	Traditional Securities	Security Token
Registry	Share register, depository	Blockchain + parallel register
Transfer agent	Registrar and Transfer Agent	Smart contract + compliance provider
Custody	Depository participant	Crypto custodian + key management
Trading	Stock exchange	Security token exchange (if available)
Settlement	T+1/T+2 settlement	Near-instant on-chain settlement
Corporate actions	RTA processes	Smart contract execution

6.5.7 STO Compliance Framework

This section provides a comprehensive compliance framework for Security Token Offerings in India, synthesizing the regulatory requirements discussed throughout this part into actionable guidance.

Pre-Launch Compliance Phase

1. Structure Determination

Assess which regulatory pathway (public offer, private placement, AIF)
Determine token type (equity, debt, revenue share, fund unit)
Evaluate minimum viable compliance structure
Prepare legal opinion on structure

2. Entity Setup

Establish issuing entity (company, LLP, trust)
Obtain necessary registrations (AIF registration if applicable)
Appoint required service providers (custodian, manager, trustee)
Corporate authorizations (board resolutions, shareholder approvals)

3. Documentation

Private Placement Memorandum/Offer Document
Token terms and conditions
Subscription agreement
Risk disclosures
KYC/AML policies

Offering Phase Compliance

1. Investor Onboarding

KYC verification for all investors
Accreditation verification (minimum investment, sophistication)
Geographic eligibility check
Subscription document execution
Wallet address verification and whitelisting

2. Capital Collection

Accept funds only via banking channels
Maintain separate escrow/subscription account
Source of funds verification for AML
Issue receipts and confirmations

3. Token Issuance

Smart contract deployment (after audit)
Token minting to issuer address
Transfer to investor wallets
Allotment confirmation
ROC filings (return of allotment)

Post-Offering Compliance

1. Ongoing Disclosures

Regular NAV calculations (for fund tokens)
Financial reporting to token holders
Material event disclosures
Annual reports and statements

2. Transfer Compliance

Verify transferee eligibility before transfer
Update whitelist for new holders
Maintain transfer records
Report transfers as required

3. Tax Compliance

TDS on distributions
Annual tax reporting to holders
VDA reporting if applicable
GST on management fees

Key Takeaways from Part 5

STOs embrace securities status: Unlike ICOs, STOs acknowledge securities classification and pursue compliance
Public STO not currently feasible: Listing requirement under SEBI ICDR cannot be met without exchange support
Private placement limited: Section 42 caps at 200 persons, constraining scale
AIF route most practical: Registered AIF can issue tokenized units to qualified investors
Technical standards matter: ERC-1400 and similar standards enable compliance features
Smart contract audit essential: Security vulnerabilities can cause regulatory and financial failures
Infrastructure gaps exist: No regulated security token exchanges or custodians in India yet
Compliance is ongoing: Post-offering obligations continue throughout token lifecycle