Share Tokenization FAQ
As an entrepreneur, an investor, or simply someone curious about new technologies, you may have heard of "tokenization" and about companies who have issued assets in the form of digital tokens on a blockchain (or "distributed ledger"). You may however wonder how that can be done and how it works.
The purpose of the following Q&A is thus to answer frequently asked questions about the tokenization of shares in Switzerland. Note that this Q&A:
- Complements CMTA's tokenization standard, which offers a comprehensive list of requirements and recommendations.
- Provides general answers aimed at a wide audience, thus it may not cover all the aspects of tokenization, nor may it be applicable to every context.
- Focuses on tokenization of shares, although Swiss law permits tokenizing other financial instruments, such as bonds and structured products.
This document has been established for the purpose of general information only, and does not constitute legal advice. For a detailed analysis of your unique case, please consult specialists such as those in CMTA's list of recognized legal and technical experts.
Lead authors:
- Jean-Philippe Aumasson (Taurus) – jp@taurusgroup.ch
- Alexandra Vraca (University of Fribourg) – alexandra.vraca@unifr.ch
Tokenization is the process of associating a financial asset (which can be a share or a debt security, for example) with digital tokens deployed on a distributed ledger technology (or “DLT”) platform, typically a blockchain.
Digital tokens do not have a physical existence. They are also not computer programs in the traditional sense. Tokenized shares do not appear as a clickable icon on desktop computers. Rather, in this context, digital tokens can be seen as entries into a database maintained using the DLT. In other words, if one holds tokenized shares, the DLT platform used for the tokenization will contain a corresponding entry.
The tokenization of shares increases the level of certainty that the acquirer of such instruments can place in the fact that it will effectively be recognized as their legal owner. The holder of a tokenized security cannot transfer that instrument twice. The buyer of such instruments can consequently be confident that the seller actually owned the transferred securities. This is a significant difference with traditional uncertificated securities (like, for example, the shares of a Swiss company for which no physical share certificates have been issued). With a traditional uncertificated security, the transferee only acquires a legal title to the transferred instrument if the transferor had such legal title itself. This is generally difficult to establish. Doing so requires evidence of an uninterrupted chain of assignments between all the persons who owned the instrument from the moment it was first issued. Often, evidence of such an uninterrupted chain of assignments will be missing. The buyer will then only be in a position to hope that the seller owned the transferred securities. With a tokenized security, the buyer has certainty on the subject, and Swiss law recognizes the legal title of the token's acquirer to the associated security.
Tokenization enables non-listed, private companies to leverage new financing and investment models. Tokenization allows them to open their capital to investors by different means and through different channels, such as online exchange platforms. So far, investors had few options to invest in those companies and had easy access only to public companies listed on stock exchanges. However, there are fewer than 300 such companies, whereas Switzerland counts approximately 600,000 SMEs (source). Tokenization thus contributes to the modernization and democratization of finance, by making investment simpler and more accessible, notably for retail investors.
Tokenization also reduces operational and financial costs, for companies and investors alike. Acquiring and transferring tokenized shares can be direct and effortless thanks to technological solutions interacting with a DLT involving:
- Fewer intermediaries, thus reduced associated costs;
- Faster execution of transactions, being potentially a matter of minutes.
Tokenization further allows companies to automate certain contractual tasks and corporate actions, via smart contracts such as the CMTAT token.
In Switzerland, blockchain and DLT became popular around 2017. At the time, a number of organizations leveraged DLT to raise capital via the issuance of digital tokens in a process referred to as "initial coin offerings" (ICOs). Many of the digital tokens issued then were bespoke products, which were neither shares nor debt securities, and sometimes had little or unclear documentation. The ease with which companies could organize these issuances at the technical level nonetheless sparked the interest of the financial sector.
In October 2018, CMTA released its first tokenization model, in the form of a blueprint for the tokenization of shares of Swiss corporations. The idea underpinning the blueprint was that, rather than issue bespoke products, companies could raise capital in a more straightforward fashion by issuing tokenized shares.
On September 25, 2020, the Swiss Parliament adopted the Federal Act on the Adaptation of the Federal Legislation to Developments in Electronic Distributed Ledger Technology (hereafter “DLT Act"). The DLT Act created a new type of negotiable instrument called ledger-based rights ("Registerwertrechte" / "droits-valeurs inscrits"), set out under Article 973d et seq. of the Swiss Code of Obligations (see “What has changed in the law to facilitate tokenization?”). A ledger-based security is essentially a digital token associated with a security, typically a share.
The DLT Act did not invent tokenization, but clarified that it was indeed possible to issue securities in the form of digital tokens. In so doing, it removed obstacles which stood in the way of new financing and investment models. Today, non-listed private companies can leverage tokenization to more easily raise capital, notably via online platforms open to diverse classes of investors, be they institutional or individual. Tokenization notably allows small and medium enterprises (SMEs) to finance themselves via private placement and retail investors, such that shares can be easily exchanged on secondary markets.
As of June 2022, a number of Swiss SMEs seized the opportunity and tokenized their shares. For example, 2021 saw the tokenization of companies active in diverse sectors such as IT, finance, or adventure sports. The interest and demand for tokenization increases as the technology matures and legal processes are streamlined.
Distributed ledger technology (DLT) refers to a class of systems that includes blockchain technology, which is behind cryptocurrencies such as Bitcoin and Ethereum. Blockchains use computer science and cryptography techniques to manage a database in a way that is:
- Decentralized, that is, such that no single party has authority over the database, but instead a consensus mechanism is used to validate the entries that are made therein;
- Distributed, that is, such that the computation effort is shared by multiple parties and their IT systems.
Furthermore, a blockchain's database only admits appending new entries, in a sequential manner (as a list of blocks), and previous entries cannot be removed from the chain of blocks (due to the immutability property). This corresponds to the old concept of a ledger, as used by accountants and chroniclers for millennia.
However, a DLT system is not necessarily a blockchain, as it includes other types of distributed ledgers that:
- Do not necessarily rely on a chain of blocks,
- Are not necessarily decentralized, and
- May be private, whereas the most popular blockchains are generally public.
A digital token (or just "token") is a virtual, digital representation of an asset that is created and operated through the DLT. DLT platforms do not record the name of those who hold tokens. Instead, tokens are associated with account addresses, a public identifier such as "0x85C0d1119C57a3b9ccD2Cc91e50fB4266F2287c3".
Since there is no record of the identity of token holders on DLT platforms, they do not access their account addresses by making themselves known. Instead, they must use their private key (a secret value that is associated with the account address and is typically derived from a passphrase) to cryptographically sign transactions emitted from their account, thereby ensuring their authenticity.
A token is, in most cases, not a stand-alone computer program, but only an entry into a register created on the DLT platform. Such a register is operated through a computer program called a smart contract (see “What is a smart contract?”).
A digital token is typically defined by a computer program called a smart contract, which runs atop a DLT platform such as the Ethereum and Tezos blockchains. Concretely, a token's smart contract program is deployed by the party issuing the token, smart contract functions are computed by transaction issuers, and said functions and their results are verified by nodes of the blockchain network. A smart contract allows the token to exist and to "behave" as intended by its issuer.
Note that a smart contract is not a contract under the classical legal definition, but a program that executes itself according to the logic defined by its source code and by its input arguments. For example, smart contracts allow their issuer to create ("mint") new tokens, destroy ("burn") existing tokens, and can automatically enforce transfer restrictions or execute corporate actions.
For an overview of the functionalities of a smart contract, you may refer to an example of tokenized shares showing the attributes and interfaces defined by its contract. For more details, you can read the code of the CMTAT token standard, publicly available on the GitHub open-source platform.
Apart from tokens, smart contracts can implement a variety of decentralized applications (for example the so-called DeFi trading platforms). Also, certain DLT platforms may permit the creation of digital tokens without smart contracts (for example, via special transactions, as in Algorand).
The DLT Act amended ten Swiss federal laws. The three main pillars of the DLT Act are the amendments of:
- the Code of Obligations ("Obligationenrecht" / "Code des Obligations");
- the financial market laws (including notably the Financial Services Act, the Banking Act and the Financial Market Infrastructure Act); and
- the insolvency laws.
Through these amendments, the DLT Act notably addressed the issuance and transfer of digital tokens, as well as the possibility to create trading venues on which tokenized securities can be traded.
Regarding issuance, the Code of Obligations (“CO”) now explicitly recognizes the possibility that securities can take the form of digital tokens (and thus become ledger-based securities pursuant to Article 973d et seq. CO).
Regarding transfers, the CO now clarifies that ledger-based securities do not require a written assignment to be transferred. Instead, they can be transferred through a DLT platform pursuant to pre-defined modalities, which must be set forth in so-called tokenization terms ("Registrierungsvereinbarung" / "convention d'inscription").
Regarding trading venues, the DLT Act (i) created a new license for regulated venues that specialize in DLT-based instruments, and (ii) clarified that it is possible to obtain a securities firm license for the sole purpose of operating an organized trading facility.
Tokenization is relatively simple if you have the right experts around the table. From a legal perspective, requirements and recommendations are documented in the CMTA standard for the tokenization of shares (§3), and include for example:
- "The issuer’s articles of association contain provisions allowing the issuer to issue shares in the form of ledger-based securities."
- "The issuer’s articles of association exclude shareholders’ right to request delivery of (physical) certificates for their shares (...)".
To cover the legal and financial aspects, if you do not have in-house specialists, you will need services from lawyers and/or legal consultants. If those experts are recognized by CMTA, they can also assist you in getting the tokenization of your shares certified by that association. This certification will help your company establish that it tokenized its shares in compliance with the legal requirements and that the tokenized shares qualify as ledger securities within the meaning of Article 973d et seq. CO. From a technological perspective, you do not need to develop new computer programs or smart contracts; instead you may use a free open standard, such as the CMTAT token framework. Numerous financial institutions and investors will be familiar with open standards, which will facilitate their use, whereas custom-made smart contracts may necessitate some due diligence work before they can be accepted. Regardless of the standard you are using, consider testing it in realistic conditions before deploying your smart contract. To simplify the issuance of tokens and their subsequent management, you may also use service providers that will take care of the technology aspects for you.
Once your tokens have been issued, you will need a custody solution for the private key(s) that give you access to the smart contracts. You may perform custody operations yourself or outsource it to a third-party professional custodian.
The DLT Act is platform-agnostic, and thus allows companies to choose among a wide range of DLT platforms, in particular blockchain platforms. It is however generally recommended to choose an established platform for which documentation and tooling are readily available, and for which experts can be found.
Regarding the token type, you may reuse, or build atop CMTA's reference implementation in the Solidity language (suitable for Ethereum, its layer-2 protocols, as well EVM-compatible platforms). You may as well implement your own token. Still, in any case we recommend that you derive a token's contract from the platform's basic token standard (for example ERC-20 for Ethereum, FA2 for Tezos, and so on).
The process to tokenize shares is governed by Swiss law. A company wishing to tokenize its shares is therefore bound by certain requirements, including informing holders of tokenized shares of the functioning of the distributed ledger and smart contract. A company that does not comply with this requirement may be held liable if it causes damage to a holder of tokenized shares.
Tokenization may appear risky, given widely publicized hacks and fraud cases that have affected blockchain-based assets in the past years. However, from a cyber security perspective share tokenization has a very different risk profile compared to cryptocurrencies.
The main factor that shields share tokenization against malicious activities is that tokenized shares do not disappear and are not canceled if the tokens are stolen or lost. In other words, if the tokens have been stolen or lost, it does not mean that the ownership of the shares has changed from a legal perspective. Tokens are only a way to identify the owners of the shares, but they are not the shares. A company tokenizing its shares can therefore choose that shares will cease to be represented by tokens or will be represented by other, newly issued tokens.
Regarding the technology, most DLTs rely on modern, solid cryptography, and in particular digital signatures to authenticate transactions issued by an account as being approved by the account holder. Established blockchain platforms use vetted and thoroughly tested security protocols, and provide sufficiently high assurance to support share tokenization. In particular, blockchain platforms may be able to upgrade to quantum-safe cryptography if the risk of quantum computers increases.
Arguably, as for most IT services, a major risk that users face is that of phishing or fake emails, malicious websites, and other ways of deceiving investors into revealing their credentials or transfering money. For example, fake token sale platforms may entice investors into buying tokens of company X, while said tokens—if they exist at all—have nothing to do with the real company X. Also, token holders may be fooled into sharing their secret private key with a malicious application that will then steal their tokens.
However, the tokenization legal framework provides safeguards against cyber risks. For example, in case the issuer of tokenized shares suspects malicious activity, they may choose to freeze the token's activity, or to recreate it altogether from a new address.
It must also be considered that non-tokenized shares present their own risks. Certificated shares (i.e. shares incorporated in paper certificates) can get lost or be destroyed. It is also difficult to keep track of the ownership of uncertificated shares (i.e. shares that are not incorporated in paper certificates or in digital tokens). Companies may consequently be uncertain about who their shareholders actually are. This may give rise to disputes about the validity of certain shareholder votes, or about whether dividends or other distributions were paid to the right persons. The tokenization of shares makes it possible to address such risks (see "What are the benefits of tokenization?").
If you buy tokenized shares on an online platform, your funds will typically be under the custody of the organization running the platform. In such a case, you do not need your own wallet, thus you do not control a specific private key and account holding the tokens. You consequently do not have the responsibility of generating a secret key, managing back-ups, running a wallet application, and so on.
However, many will follow the adage "not your keys, not your coins", and prefer to manage their tokens by themselves. Online platforms will typically allow you to withdraw tokens from the platform's account to an external address that you control. However, you then become fully responsible for the security of your tokens—"lost your keys, lost your coins".
You will (most likely) not lose your shares if you lose your private key—that is, the signing key associated with the DLT account holding the shares.
From a technical perspective, you must create back-ups of your key to be able to recover a lost key. For example, if you break the smartphone on which you had the wallet application. If you lost access to your key and don't have back-ups—or if the application fails to restore your back-up—you may contact the issuer in order to organize the transfer of the tokens to another address, or use an on-chain recovery mechanism, if available. Likewise, if your key was compromised by a malicious application, or if you accidentally shared it on a malicious website, you must contact the issuer. From a legal perspective, the owner of a tokenized share can demand that a court cancels the ledger-based security (Art. 973h CO), so that the company can re-issue a token to a new address. To do so, the owner must provide credible evidence of its original power of disposal over the token and of the loss thereof.
Note that tokenization is a reversible process—the company remains able to decide that its shares will no longer be represented by digital tokens (or will be represented by different digital tokens). This process does not affect shareholders' rights.
As with any online activity, moreover as related with blockchain technology, certain risks exist. However, if you lose your tokens after being hacked or manipulated, you would have legal recourse to recover them (see "What happens if I lose my private key?"). Following a few basic recommendations will eliminate most of the risks:
- Before buying tokenized shares online, ensure that the platform is an official, authorized one. For example, an online platform that offers you to buy shares "simply" via credit card or cryptocurrency without any identity registration may be fraudulent.
- Do not accept offers by internet strangers to sell you tokenized shares without having verified that the sellers are legitimate, registered shareholders.
- If managing your keys yourself, rather than using a custodian:
- Back-up your keys and/or associated passphrase;
- Only use established and recommended wallet applications and devices;
- Never share your secret keys or passphrase with anyone;
- Never enter your secret keys or passphrase on a website or application (unless you're convinced it is your legitimate wallet application);
- If you suspect that your key was compromised, but your tokens are still available, then transfer funds to a newly generated account (and inform the company whose share you own, so that it ensures that the register of shareholders is updated accordingly).
CMTA Token (CMTAT)
The CMTA Token (CMTAT) is an open standard for smart contracts designed specifically for the tokenization of financial instruments. It is a framework that defines necessary and optional functions that can be used for tokenizing financial instruments such as equity, debt and structured products.
It is not a token that can be bought and sold but rather a set of definitions to create such tokens.
A digital token is typically defined by a computer program called a smart contract, which runs atop a DLT platform such as the Ethereum or Tezos blockchains. The smart contract program of a token is deployed by the party issuing it, smart contract functions are computed by transaction issuers, and said functions and their results are verified by nodes of the blockchain network. A smart contract allows the token to exist and to "behave" as intended by its issuer.
A smart contract is not a contract under the classical legal definition, but a program that executes itself according to the logic defined by its source code and by its input arguments. For example, smart contracts allow their issuer to create ("mint") new tokens, destroy ("burn") existing tokens, and can automatically enforce transfer restrictions or execute corporate actions.
The CMTAT is published by the Capital Markets and Technology Association (CMTA). CMTA’s members agreed that the industry needed a standard smart contract that could provide the functionality to tokenize financial products in compliance with local regulations. The CMTAT functional specifications were defined to be compliant with Swiss law.
The CMTAT was initially developed by a working group of CMTA's Technical Committee that included members from Atpar, Bitcoin Suisse, Blockchain Innovation Group, Hypothekarbank Lenzburg, Lenz & Staehelin, Metaco, Mt Pelerin, SEBA, Swissquote, Sygnum, Taurus, and the Tezos Foundation, with the support of ABDK, a leading team in smart contract security.
The CMTAT was developed on the premise that the digital assets industry would benefit from a standardized framework, reflecting a consensus of the industry.
The code for the CMTA's reference implementation for Ethereum is copyright (c) Capital Market and Technology Association, 2018-2024, and is released under Mozilla Public License 2.0.
This reference implementation is available as open-source code on GitHub. The code can be used in its original or modified form by anyone, without requiring permission from CMTA, being distributed under a permissive license.
CMTAT is blockchain agnostic, meaning that it is not tied to a particular blockchain: the CMTAT framework is a definition of a set of functionalities that a token can implement. Reference implementations currently exist for Ethereum and Tezos.
The CMTAT is blockchain agnostic and the CMTA welcomes the development of implementations on different blockchains, increasing the choice for companies looking to tokenize their securities. The CMTA is currently aware of the following implementations of the CMTAT:
Implementations developed by the CMTA:
Currently the CMTA GitHub account provides the CMTA’s reference implementation of CMTAT for Ethereum, as an ERC-20 compatible token:
- EVM: CMTAT(solidity): https://github.com/CMTA/CMTAT
- EVM: RuleEngine(solidity): https://github.com/CMTA/RuleEngine
- EVM: DvP (solidity): https://github.com/CMTA/DVP
Implementations developed by the Tezos Foundation
An implementation of CMTAT for Tezos in SmartPy (Python) is available. The code was developed by the Tezos Foundation. CMTA's Tech Committee reviewed the implementation for compliance with CMTA's standard only.
- Tezos: CMTAT-FA2 (SmartPy/Python): https://github.com/CMTA/CMTAT-Tezos-FA2
Other CMTAT implementations:
An implementation of CMTAT for Tezos written in Ligo is available. CMTA has not been involved in this project:
- Tezos: CMTAT-Ligo (Ligo): https://github.com/ligolang/CMTAT-Ligo
The CMTAT was originally designed for the tokenization of equity and debt securities, in particular shares of Swiss companies or bonds. The CMTAT is also suitable for tokenizing structured products (see the 2022 proof-of-concept organized by the CMTA).
CMTAT is suitable for the digitalization of various financial assets. Below is a selection of case studies:
Digitalization of equity securities: The CMTAT was initially designed for the digitalization of company shares. For SMEs, digitalization provides an opportunity to access new financing and investment models by selling digital shares through online exchanges (full list of benefits see our tokenization FAQ). Some companies that have digitalized shares using the CMTAT include:
- Magic Tomato SA an online grocery platform opened its governance and capital to its community, by issuing digital non-voting shares (bons de participation), allowing customers, suppliers and supporters to participate financially in the development of the company
- Qoqa Brew: The online retailer Qoqa opened the capital of its on-site brewery Q-Brew to its community by issuing digital non-voting shares
- Cité Gestion SA, a Swiss bank and wealth manager, issued digitalized shares in 2022, using the CMTAT. This case underlines the benefits of digital shares for private companies, whose shares are not offered to the public: companies have a real-time and accurate view of their shareholder base online, whilst their shareholders benefit from legal certainty for share transfers, thanks to the evidence of ownership provided by the digital ledger.
- daura uses the CMTAT to digitalize the shares of companies using its platform:
Digitalization of debt securities:
- UBS: CMTAT was used to issue a digital bond by UBS, as part of the first live repo transaction with a natively-issued digital bond on a public blockchain.
- SCCF: trade finance firm SCCF issued short term tokenized notes to refinance a loan to a commodity trading firm active in biofuels.
Digitalization of structured products:
- Credit Suisse, Pictet and Vontobel issued tokenized investment products that were traded on BX Swiss as part of a proof-of-concept leveraging the CMTAT.
Although initially designed for the Swiss legal framework, CMTAT has proven to be suitable for tokenization in other jurisdictions. The CMTAT's modular design means that the token code can be modified by adding, removing, or modifying features as required for compliance with other jurisdictions. Local legal representation should be consulted for questions on specific jurisdictions.
- The CMTAT supports the following core features:
- Basic mint, burn, and transfer operations
- Pause of the contract and freeze of specific accounts
The present implementation uses standard mechanisms in order to support:
- Upgradeability, via deployment of the token with a proxy
- "Gasless" transactions (so that fee payment can be transferred to another account than that of the transaction issuer).
- Conditional transfers, via a rule engine
The code of the CMTAT reference implementation for Ethereum contracts has been audited by ABDKConsulting, a globally recognized firm specialized in smart contracts security. Please refer to the CMTA GitHub repository for the latest audited version and the audit reports.
Each tokenization framework has unique properties, and different use cases call for different technology choices. Some of CMTAT's unique aspects include:
- CMTAT is not an "ERC" and is therefore not tied to Ethereum. It is suitable for multiple platforms, not only EVM platforms.
- CMTAT is more flexible than an ERC standard, as it is not bound to a technical specification, only to initial functional requirements. The functionalities can therefore be extended as required.
- The CMTAT is optimized for Swiss law following careful examination of the legal requirements and how they translate into technical requirements (but can be used in any jurisdiction if it complies with the jurisdiction's requirements.)
- The CMTAT is not managed by a single company, but a not-for-profit association counting multiple contributors. It is thus unlikely to be abandoned or tied to a private company's interest.
We have produced a detailed comparison of the CMTAT with other current tokenization standards, namely ERC-1400 and ERC-3643: https://cmta.ch/news-articles/a-comparison-of-different-security-token-standards