Standard for the tokenization of shares of Swiss corporations using the distributed ledger technology
December 1, 2021
CMTA's Standard for the tokenization of shares of Swiss corporations using the distributed ledger technology provides a guide to the tokenization process in accordance with Swiss law regarding "ledger-based securities" (Art 973d et seqq. CO). The Standard:
- sets out the requirements and recommendations for the tokenization of shares under Swiss law
- provides standard provisions for:
- the articles of association of Swiss issuers
- tokenization terms • board approvals
Share Tokenization FAQ
As an entrepreneur, an investor, or simply someone curious about new technologies, you may have heard of "tokenization" and about companies who have issued assets in the form of digital tokens on a blockchain (or "distributed ledger"). You may however wonder how that can be done and how it works.
The purpose of the following Q&A is thus to answer frequently asked questions about the tokenization of shares in Switzerland. Note that this Q&A:
- Complements CMTA's tokenization standard, which offers a comprehensive list of requirements and recommendations.
- Provides general answers aimed at a wide audience, thus it may not cover all the aspects of tokenization, nor may it be applicable to every context.
- Focuses on tokenization of shares, although Swiss law permits tokenizing other financial instruments, such as bonds and structured products.
This document has been established for the purpose of general information only, and does not constitute legal advice. For a detailed analysis of your unique case, please consult specialists such as those in CMTA's list of recognized legal and technical experts.
- Jean-Philippe Aumasson (Taurus) – firstname.lastname@example.org
- Alexandra Vraca (University of Fribourg) – email@example.com
Tokenization is the process of associating a financial asset (which can be a share or a debt security, for example) with digital tokens deployed on a distributed ledger technology (or “DLT”) platform, typically a blockchain.
Digital tokens do not have a physical existence. They are also not computer programs in the traditional sense. Tokenized shares do not appear as a clickable icon on desktop computers. Rather, in this context, digital tokens can be seen as entries into a database maintained using the DLT. In other words, if one holds tokenized shares, the DLT platform used for the tokenization will contain a corresponding entry.
The tokenization of shares increases the level of certainty that the acquirer of such instruments can place in the fact that it will effectively be recognized as their legal owner. The holder of a tokenized security cannot transfer that instrument twice. The buyer of such instruments can consequently be confident that the seller actually owned the transferred securities. This is a significant difference with traditional uncertificated securities (like, for example, the shares of a Swiss company for which no physical share certificates have been issued). With a traditional uncertificated security, the transferee only acquires a legal title to the transferred instrument if the transferor had such legal title itself. This is generally difficult to establish. Doing so requires evidence of an uninterrupted chain of assignments between all the persons who owned the instrument from the moment it was first issued. Often, evidence of such an uninterrupted chain of assignments will be missing. The buyer will then only be in a position to hope that the seller owned the transferred securities. With a tokenized security, the buyer has certainty on the subject, and Swiss law recognizes the legal title of the token's acquirer to the associated security.
Tokenization enables non-listed, private companies to leverage new financing and investment models. Tokenization allows them to open their capital to investors by different means and through different channels, such as online exchange platforms. So far, investors had few options to invest in those companies and had easy access only to public companies listed on stock exchanges. However, there are fewer than 300 such companies, whereas Switzerland counts approximately 600,000 SMEs (source). Tokenization thus contributes to the modernization and democratization of finance, by making investment simpler and more accessible, notably for retail investors.
Tokenization also reduces operational and financial costs, for companies and investors alike. Acquiring and transferring tokenized shares can be direct and effortless thanks to technological solutions interacting with a DLT involving:
- Fewer intermediaries, thus reduced associated costs;
- Faster execution of transactions, being potentially a matter of minutes.
Tokenization further allows companies to automate certain contractual tasks and corporate actions, via smart contracts such as the CMTAT token.
In Switzerland, blockchain and DLT became popular around 2017. At the time, a number of organizations leveraged DLT to raise capital via the issuance of digital tokens in a process referred to as "initial coin offerings" (ICOs). Many of the digital tokens issued then were bespoke products, which were neither shares nor debt securities, and sometimes had little or unclear documentation. The ease with which companies could organize these issuances at the technical level nonetheless sparked the interest of the financial sector.
In October 2018, CMTA released its first tokenization model, in the form of a blueprint for the tokenization of shares of Swiss corporations. The idea underpinning the blueprint was that, rather than issue bespoke products, companies could raise capital in a more straightforward fashion by issuing tokenized shares.
On September 25, 2020, the Swiss Parliament adopted the Federal Act on the Adaptation of the Federal Legislation to Developments in Electronic Distributed Ledger Technology (hereafter “DLT Act"). The DLT Act created a new type of negotiable instrument called ledger-based rights ("Registerwertrechte" / "droits-valeurs inscrits"), set out under Article 973d et seq. of the Swiss Code of Obligations (see “What has changed in the law to facilitate tokenization?”). A ledger-based security is essentially a digital token associated with a security, typically a share.
The DLT Act did not invent tokenization, but clarified that it was indeed possible to issue securities in the form of digital tokens. In so doing, it removed obstacles which stood in the way of new financing and investment models. Today, non-listed private companies can leverage tokenization to more easily raise capital, notably via online platforms open to diverse classes of investors, be they institutional or individual. Tokenization notably allows small and medium enterprises (SMEs) to finance themselves via private placement and retail investors, such that shares can be easily exchanged on secondary markets.
As of June 2022, a number of Swiss SMEs seized the opportunity and tokenized their shares. For example, 2021 saw the tokenization of companies active in diverse sectors such as IT, finance, or adventure sports. The interest and demand for tokenization increases as the technology matures and legal processes are streamlined.
Distributed ledger technology (DLT) refers to a class of systems that includes blockchain technology, which is behind cryptocurrencies such as Bitcoin and Ethereum. Blockchains use computer science and cryptography techniques to manage a database in a way that is:
- Decentralized, that is, such that no single party has authority over the database, but instead a consensus mechanism is used to validate the entries that are made therein;
- Distributed, that is, such that the computation effort is shared by multiple parties and their IT systems.
Furthermore, a blockchain's database only admits appending new entries, in a sequential manner (as a list of blocks), and previous entries cannot be removed from the chain of blocks (due to the immutability property). This corresponds to the old concept of a ledger, as used by accountants and chroniclers for millennia.
However, a DLT system is not necessarily a blockchain, as it includes other types of distributed ledgers that:
- Do not necessarily rely on a chain of blocks,
- Are not necessarily decentralized, and
- May be private, whereas the most popular blockchains are generally public.
A digital token (or just "token") is a virtual, digital representation of an asset that is created and operated through the DLT. DLT platforms do not record the name of those who hold tokens. Instead, tokens are associated with account addresses, a public identifier such as "0x85C0d1119C57a3b9ccD2Cc91e50fB4266F2287c3".
Since there is no record of the identity of token holders on DLT platforms, they do not access their account addresses by making themselves known. Instead, they must use their private key (a secret value that is associated with the account address and is typically derived from a passphrase) to cryptographically sign transactions emitted from their account, thereby ensuring their authenticity.
A token is, in most cases, not a stand-alone computer program, but only an entry into a register created on the DLT platform. Such a register is operated through a computer program called a smart contract (see “What is a smart contract?”).
A digital token is typically defined by a computer program called a smart contract, which runs atop a DLT platform such as the Ethereum and Tezos blockchains. Concretely, a token's smart contract program is deployed by the party issuing the token, smart contract functions are computed by transaction issuers, and said functions and their results are verified by nodes of the blockchain network. A smart contract allows the token to exist and to "behave" as intended by its issuer.
Note that a smart contract is not a contract under the classical legal definition, but a program that executes itself according to the logic defined by its source code and by its input arguments. For example, smart contracts allow their issuer to create ("mint") new tokens, destroy ("burn") existing tokens, and can automatically enforce transfer restrictions or execute corporate actions.
For an overview of the functionalities of a smart contract, you may refer to an example of tokenized shares showing the attributes and interfaces defined by its contract. For more details, you can read the code of the CMTAT token standard, publicly available on the GitHub open-source platform.
Apart from tokens, smart contracts can implement a variety of decentralized applications (for example the so-called DeFi trading platforms). Also, certain DLT platforms may permit the creation of digital tokens without smart contracts (for example, via special transactions, as in Algorand).
The DLT Act amended ten Swiss federal laws. The three main pillars of the DLT Act are the amendments of:
- the Code of Obligations ("Obligationenrecht" / "Code des Obligations");
- the financial market laws (including notably the Financial Services Act, the Banking Act and the Financial Market Infrastructure Act); and
- the insolvency laws.
Through these amendments, the DLT Act notably addressed the issuance and transfer of digital tokens, as well as the possibility to create trading venues on which tokenized securities can be traded.
Regarding issuance, the Code of Obligations (“CO”) now explicitly recognizes the possibility that securities can take the form of digital tokens (and thus become ledger-based securities pursuant to Article 973d et seq. CO).
Regarding transfers, the CO now clarifies that ledger-based securities do not require a written assignment to be transferred. Instead, they can be transferred through a DLT platform pursuant to pre-defined modalities, which must be set forth in so-called tokenization terms ("Registrierungsvereinbarung" / "convention d'inscription").
Regarding trading venues, the DLT Act (i) created a new license for regulated venues that specialize in DLT-based instruments, and (ii) clarified that it is possible to obtain a securities firm license for the sole purpose of operating an organized trading facility.
Tokenization is relatively simple if you have the right experts around the table. From a legal perspective, requirements and recommendations are documented in the CMTA standard for the tokenization of shares (§3), and include for example:
- "The issuer’s articles of association contain provisions allowing the issuer to issue shares in the form of ledger-based securities."
- "The issuer’s articles of association exclude shareholders’ right to request delivery of (physical) certificates for their shares (...)".
To cover the legal and financial aspects, if you do not have in-house specialists, you will need services from lawyers and/or legal consultants. If those experts are recognized by CMTA, they can also assist you in getting the tokenization of your shares certified by that association. This certification will help your company establish that it tokenized its shares in compliance with the legal requirements and that the tokenized shares qualify as ledger securities within the meaning of Article 973d et seq. CO. From a technological perspective, you do not need to develop new computer programs or smart contracts; instead you may use a free open standard, such as the CMTAT token framework. Numerous financial institutions and investors will be familiar with open standards, which will facilitate their use, whereas custom-made smart contracts may necessitate some due diligence work before they can be accepted. Regardless of the standard you are using, consider testing it in realistic conditions before deploying your smart contract. To simplify the issuance of tokens and their subsequent management, you may also use service providers that will take care of the technology aspects for you.
Once your tokens have been issued, you will need a custody solution for the private key(s) that give you access to the smart contracts. You may perform custody operations yourself or outsource it to a third-party professional custodian.
The DLT Act is platform-agnostic, and thus allows companies to choose among a wide range of DLT platforms, in particular blockchain platforms. It is however generally recommended to choose an established platform for which documentation and tooling are readily available, and for which experts can be found.
Regarding the token type, you may reuse, or build atop CMTA's reference implementation in the Solidity language (suitable for Ethereum, its layer-2 protocols, as well EVM-compatible platforms). You may as well implement your own token. Still, in any case we recommend that you derive a token's contract from the platform's basic token standard (for example ERC-20 for Ethereum, FA2 for Tezos, and so on).
The process to tokenize shares is governed by Swiss law. A company wishing to tokenize its shares is therefore bound by certain requirements, including informing holders of tokenized shares of the functioning of the distributed ledger and smart contract. A company that does not comply with this requirement may be held liable if it causes damage to a holder of tokenized shares.
Tokenization may appear risky, given widely publicized hacks and fraud cases that have affected blockchain-based assets in the past years. However, from a cyber security perspective share tokenization has a very different risk profile compared to cryptocurrencies.
The main factor that shields share tokenization against malicious activities is that tokenized shares do not disappear and are not canceled if the tokens are stolen or lost. In other words, if the tokens have been stolen or lost, it does not mean that the ownership of the shares has changed from a legal perspective. Tokens are only a way to identify the owners of the shares, but they are not the shares. A company tokenizing its shares can therefore choose that shares will cease to be represented by tokens or will be represented by other, newly issued tokens.
Regarding the technology, most DLTs rely on modern, solid cryptography, and in particular digital signatures to authenticate transactions issued by an account as being approved by the account holder. Established blockchain platforms use vetted and thoroughly tested security protocols, and provide sufficiently high assurance to support share tokenization. In particular, blockchain platforms may be able to upgrade to quantum-safe cryptography if the risk of quantum computers increases.
Arguably, as for most IT services, a major risk that users face is that of phishing or fake emails, malicious websites, and other ways of deceiving investors into revealing their credentials or transfering money. For example, fake token sale platforms may entice investors into buying tokens of company X, while said tokens—if they exist at all—have nothing to do with the real company X. Also, token holders may be fooled into sharing their secret private key with a malicious application that will then steal their tokens.
However, the tokenization legal framework provides safeguards against cyber risks. For example, in case the issuer of tokenized shares suspects malicious activity, they may choose to freeze the token's activity, or to recreate it altogether from a new address.
It must also be considered that non-tokenized shares present their own risks. Certificated shares (i.e. shares incorporated in paper certificates) can get lost or be destroyed. It is also difficult to keep track of the ownership of uncertificated shares (i.e. shares that are not incorporated in paper certificates or in digital tokens). Companies may consequently be uncertain about who their shareholders actually are. This may give rise to disputes about the validity of certain shareholder votes, or about whether dividends or other distributions were paid to the right persons. The tokenization of shares makes it possible to address such risks (see "What are the benefits of tokenization?").
If you buy tokenized shares on an online platform, your funds will typically be under the custody of the organization running the platform. In such a case, you do not need your own wallet, thus you do not control a specific private key and account holding the tokens. You consequently do not have the responsibility of generating a secret key, managing back-ups, running a wallet application, and so on.
However, many will follow the adage "not your keys, not your coins", and prefer to manage their tokens by themselves. Online platforms will typically allow you to withdraw tokens from the platform's account to an external address that you control. However, you then become fully responsible for the security of your tokens—"lost your keys, lost your coins".
You will (most likely) not lose your shares if you lose your private key—that is, the signing key associated with the DLT account holding the shares.
From a technical perspective, you must create back-ups of your key to be able to recover a lost key. For example, if you break the smartphone on which you had the wallet application. If you lost access to your key and don't have back-ups—or if the application fails to restore your back-up—you may contact the issuer in order to organize the transfer of the tokens to another address, or use an on-chain recovery mechanism, if available. Likewise, if your key was compromised by a malicious application, or if you accidentally shared it on a malicious website, you must contact the issuer. From a legal perspective, the owner of a tokenized share can demand that a court cancels the ledger-based security (Art. 973h CO), so that the company can re-issue a token to a new address. To do so, the owner must provide credible evidence of its original power of disposal over the token and of the loss thereof.
Note that tokenization is a reversible process—the company remains able to decide that its shares will no longer be represented by digital tokens (or will be represented by different digital tokens). This process does not affect shareholders' rights.
As with any online activity, moreover as related with blockchain technology, certain risks exist. However, if you lose your tokens after being hacked or manipulated, you would have legal recourse to recover them (see "What happens if I lose my private key?"). Following a few basic recommendations will eliminate most of the risks:
- Before buying tokenized shares online, ensure that the platform is an official, authorized one. For example, an online platform that offers you to buy shares "simply" via credit card or cryptocurrency without any identity registration may be fraudulent.
- Do not accept offers by internet strangers to sell you tokenized shares without having verified that the sellers are legitimate, registered shareholders.
- If managing your keys yourself, rather than using a custodian:
- Back-up your keys and/or associated passphrase;
- Only use established and recommended wallet applications and devices;
- Never share your secret keys or passphrase with anyone;
- Never enter your secret keys or passphrase on a website or application (unless you're convinced it is your legitimate wallet application);
- If you suspect that your key was compromised, but your tokens are still available, then transfer funds to a newly generated account (and inform the company whose share you own, so that it ensures that the register of shareholders is updated accordingly).