Security Tokenization Oddities: Unresolved Issues Behind the Hype

There’s a lot of tokenization discussion in 2026 that seems flooded with hype from issuers, banks, and crypto natives. I’d like to try for some balanced realism vs. breathless promotion or vague warnings.

Ripped from the hands of early pure Crypo exuberance, tokenization is clearly the big innovation in finance right now. Early crypto may have been as much ideological as it was a maybe useful new form of finance. But at this point, the benefits and use cases for more mainstream tokenization are becoming clearer. Securities that move on digital rails could settle faster, reduce reconciliation, support fractional ownership, improve transparency, automate parts of the asset lifecycle, and create new ways to use assets as collateral, and more. What could be better? As much as I’m a fan of what’s going on, among my favorite things to do is look behind the curtains, around the corners and so on. To understand – and help others see – what’s not always clear through the hype. And there’s a lot of hype.

The benefits show the attractive version. And it’s all generally true enough. Still, even with recent advances, we’re early in these efforts. The deeper version is more complicated. There’s still holes in this area. The more serious tokenization becomes, the less it looks like simply “putting stocks on-chain.” (Or whatever asset we’d be talking about.) It starts looking like a full-stack rebuild of financial market infrastructure, including issuance, investor onboarding, KYC (Know Your Customer), custody, smart contracts (which are of a course a new element), transfer agents, settlement assets, corporate actions, reporting, legal records, and dispute handling. And more. Those are just the big pieces.

This is progress. But it also proves the central point. The token is only one layer. And not everything is better. This is an opportunity to make things better. And yet there’s some new issues that get created here that we still have to collectively sort out. A recurring theme in recent tokenization discussions is that institutional tokenization is no longer being framed as crypto experimentation. It’s being framed as regulated, programmable financial infrastructure. This may be obvious. This is good, (my opinion anyway), yet we need to pay closer attention then ever. While we create more efficiency, we’re going so fast we may also be creating some possibly dangerous dependencies as we strong more of these tools together. (Consider my October, 2025 article on Will RWA Tokenization Growth Increase Systemic Risk? It was focused more on Real World Assets, but a lot of the ecosystem risks are similar.)

Since tokenization is becoming real financial infrastructure, this means the unresolved details matter more.

The Tokenization Stack

Things used to be somewhat simple. You buy some kind of security asset, it shows up in your brokerage account, or maybe you even get a paper statement for something. Great! All Done!

These new things? A tokenized security is not just a token. It’s a stack of processes and results.

The visible layer is the token. That’s what investors see in a wallet or platform account. But below that token sits the structure that gives it legal and economic meaning. (Or not in some cases. Law is still under development here in multiple countries.)

In any case, we do have a developing legal layer, which determines whether the token is the security itself, evidence of ownership, a beneficial interest, a receipt, or synthetic exposure, something else? There’s the identity layer, which determines who is allowed to hold or transfer the token. We have the recordkeeping layer, which determines who maintains the official ownership record. And the custody layer, which determines who safeguards the asset or the entitlement. Part of the mechanisms of the plumbing here is the settlement layer, which determines how the payment parts move. We have the critical governance layer, which handles voting, notices, consents, and corporate actions. Then there is the enforcement layer, which determines what happens when someone makes a mistake, loses a key, violates transfer rules, or ends up in court. (Like in the real world.) Early crypto purists are fond of phrases like “Code is Law” when referring to smart contracts. However, the truth is “law is law.” There’s some question as to whether smart contracts are really enforceable contracts at all. It’s a good and fair name for what they do, (my opinion anyway), but naming something smart or a contract doesn’t necessarily automatically imbue the thing with the properties one might want. Smart contracts can automate transaction logic, and some may be legally relevant or enforceable when connected to a valid legal agreement. But again, code alone does not automatically become a contract in the traditional legal sense. Courts still care about familiar concepts like assent, notice, authority, terms, remedies, and governing law. This might get further clarification as new laws are still being formed for this area.

Most tokenization hype seems to focus on the issuance layer. Which is great marketing. That’s the easiest thing to understand and to try to sell. Most of the hard problems live below it. That’s why the phrase “tokenized security” can be misleading. It sounds like a technical transformation. In practice, it is a legal, operational, and market-structure transformation.

Here’s part of the core issue as I see it, which is similar to crypto and money itself. A lot of typical normal people don’t deeply understand macroeconomics or money itself. Which makes sense. Seriously, who cares? People might generally think, “I’ve got some cash, I’ve got checking, savings and brokerage accounts, the rest of those numbers are just numbers they spew on the news.” They show those weather maps too, but who really understands the squiggles? Just tell me the temperature and if I need an umbrella or a winter coat. The is the same with stock investors. You buy something based on what you think has future value. How the stock ownership value gets transferred, clearance agents behind the scenes… no one wants to deal with the innards of the system. Nor should typical retail investors have to care. Maybe if you’re a more serious investor you dive in a bit deeper and learn how naked short selling might take place. Or you find out about these things called dark pools. Whatever. Those are games for the fancy finance people. Maybe they do affect you, but most don’t care too much because they’re undercurrents. Unless those undercurrents turn into something that could be of more concern.

Along comes tokenization. Things change now. Not everything listed will behave the same way. The Sesame Street kids’ programs used to have a simple game, “One of these things is not like the others, one of these things is not quite the same.” This is happening with tokenization. So for all the benefits, there’s going to be more to pay attention to. It’s never been true that what you don’t know can’t hurt you. So it will be useful to pay attention to these new structures. We should always know what we’re buying and that can potentially be more challenging with some tokenized assets.

The Traditional Securities System Does Not Disappear

Securities are not just digital objects. They’re legal relationships. A stock isn’t just a unit that changes hands. It comes with ownership records, transfer rules, voting rights, dividend rights, tax consequences, disclosure obligations, custody requirements, and rules around who can buy, sell, hold, pledge, lend, or transfer it. A bond is not just a token with a coupon. It has offering documents, covenants, payment mechanics, trustees, registrars, maturity provisions, default terms, settlement systems, and reporting obligations. A fund interest is not just a balance in a wallet. It has subscription documents, redemption rules, transfer restrictions, NAV calculations, investor eligibility, tax reporting, and sometimes gates or lockups. We could keep going for every asset. And now we’re going to have some new forms as well. How well all of these translate and get associated with tokens is something new we’re going to need to look out for.

The SEC’s staff 2026 Statement on Tokenized Securities makes at least one basic point clearly. Tokenized securities remain securities, even if they are represented in crypto-asset form or ownership records are maintained through crypto networks. The SEC also distinguishes between issuer-sponsored tokenized securities and third-party products that may create linked or synthetic exposure without conferring the same rights as the referenced security. Investors need to be clear on the differences. That distinction is not some theoretical thing. It determines what the buyer actually owns. We should know what we actually own.

If the issuer itself tokenizes the security and integrates the token into the official ownership records, the token may represent the actual security. If a regulated intermediary tokenizes a security entitlement, the token may represent a beneficial or custodial interest. If a third party creates a linked security or security-based swap, the token may provide economic exposure but not equity, voting, information, or other rights in the referenced company.

To the end user investor, these may all look similar. If someone trades using a website or an app, they’ll typically see the usual ticker, balance, price, and probably a buy / sell button. Now they may also have a transfer button. But legally, even if the listed token just looks like any ticker symbol, it’s probably not the same thing. Or rather, they might be the same thing. Or not. That is the first unresolved problem behind the hype. Tokenization can make unlike things look alike. So this might be yet another annoying aspect of modernization. We get more flexibility, but we’ve got more to be aware of. Maybe a lot more.

The Holder-of-Record Problem

Let’s start with some basics. A blockchain can tell you that a wallet holds a token. Or it theoretically should. There’s issues of privacy here, and there may be some ways to obscure your holdings, but that’s not really the point here right now so we won’t go down that path. Next, we have custodial wallets which aren’t visible to others on chain as individual accounts, so maybe in this case it isn’t strictly true that a particular user’s wallet is the token holder. But for now, let’s just say generally there’s an address somewhere that’s holding some tokens. For self-managed accounts, the address still does not automatically tell you who the legally recognized owner is. And this matters. This presents challenges, even if we’re generally happy there appears to be anonymity. The irony might be this will increasingly be false. That is, over time we’re likely to see more ways people figure out how to tie wallet addresses to individuals. What’s ironic about this is that a bad actor or marketer might be able to do this, and yet for legal reporting purposes there’s still no clearly legitimate ownership verification.

Traditional securities markets have what might sometimes still feel like ugly paper filled systems. But they provide functional distinction between registered owners, beneficial owners, brokers, custodians, nominees, transfer agents, clearing systems, and depositories. It is not an elegant system. It is arguably not modern. But it supports ownership records, proxy voting, dividend payments, tax reporting, investor communications, corporate actions, and regulatory supervision.

Tokenization introduces a different interface. The wallet address. Or some from of proxy for such addresses in the case of custodial accounts.

The problem is that a wallet address is not a person. It is not an investor profile. It is not a mailing address. It is not a tax record. It is not proof of eligibility. It is not a sanctions screen. It is not a complete legal identity. At least not in the sense we’ve always thought of such things. Seriously, the address could be just owned by an AI agent, a bot. What is THAT legally? Yes, you’re probably thinking someone controls it, but who knows right now? I didn’t bring that up just to bring us to an absurd place. Actually, it’s maybe no absurd, and we’ll need to grapple with such things. But the point was just to show some wallets don’t necessarily have legal standing on their own.

A wallet address may be controlled by a person, company, bot, smart contract, AI agent, custodian, DAO, multisig group, hacked key, or something else entirely. (We’re making new things everyday.) There may be databases of addresses that call out any issues with them. However, the address alone does not tell you which legal person stands behind it, whether they are eligible to hold the security, whether they passed KYC, whether they are sanctioned, or whether they have legal capacity to act. This is central to why tokenized securities cannot usually behave like open bearer crypto assets. (Think that through for a moment. If that’s the case, then the argument that we have a benefit of more liquidity might get a bit thinner.)

A compliant tokenized security usually needs a mapping between the wallet and the verified legal owner. That can happen through a broker, custodian, transfer agent, issuer portal, or regulated tokenization platform. But the mapping has to exist somewhere.

Without that mapping, the issuer may not know who should receive proxy materials, dividends, notices, tender offer documents, tax forms, or legal communications. The issuer may also not know whether the token was transferred to someone legally eligible to hold it.

So the promise of wallet-based ownership immediately runs into the reality of securities record keeping. The chain can show possession. But markets need ownership. More specifically, they need ownership that is legally recognized, transferable, enforceable, and predictable. This is not about the government and the tax people or just a lawyer’s concern. It’s what makes everyone comfortable enough to participate. Investors need to know what they own. Issuers need to know who their holders are. Brokers and custodians need to know who is eligible. Courts need to know whose claim prevails. Without that shared legal foundation, does tokenization create a better market? Unlikely. It creates a faster interface on top of uncertainty, but that’s it. Really, it all gets back to trust. Who’s going to participate here without things like record of ownership fully solved? Especially as these instruments appear to continue to get more complicated.

The Allowlist Liquidity Paradox

Tokenized securities are often marketed as liquidity-enhancing. And in some cases, they may be. Tokenization can also theoretically reduce transfer friction, support fractionalization, enable extended trading windows, automate settlement, and make traditionally illiquid interests easier to administer.

But compliant securities tokenization often requires transfer restrictions. This creates the allowlist liquidity paradox. Think about it. Tokenization says: “More liquidity more of the time!” Yet the compliance layer says: “Only approved parties can hold or receive this asset.”

Sure, both can be true. Sort of. They can both be true once there’s enough participants. If a security token can only move among allowlisted wallets, that may preserve compliance. It may ensure that holders are KYC’d, eligible, not sanctioned, and permitted to own the security. But it also narrows the buyer universe. What is this even going to mean to be allowlisted? Within a brokerage? Within some consortium or exchange environment? Nationwide? Worldwide? Both can be true only if the allowlist is broad enough, interoperable enough, and connected to real trading venues. Otherwise “tokenized liquidity” may just mean “easier transfer inside a small gated room.” (If there’s someone in this small space who wants to trade.)

This does not necessarily make tokenization useless. A private security that can trade among thousands of approved investors may be more liquid than one trapped in paper transfer procedures. A bond that can settle faster through institutional DLT may reduce operational friction. A tokenized fund share may be more useful as collateral than a conventional fund interest. But none of that is the same as open crypto-style liquidity.

DTC’s tokenization model is a good example of the regulated direction. (The Depository Trust Company is a core piece of U.S. market infrastructure. DTC is a central securities depository that holds securities on behalf of broker-dealers, banks, and other financial institutions, so securities can be transferred electronically instead of moving paper certificates around.) When you buy stock through a brokerage, you usually are not personally listed on the company’s shareholder register in the old-fashioned direct way. Instead, securities are often held through layers. (Investor → brokerage → DTC participant → DTC → issuer records.) Your brokerage tracks your beneficial ownership.

DTCC (Depository Trust & Clearing Corporation, of which DTC is a part) says that assets held in traditional and tokenized form have the same ownership rights and receive the same corporate-action benefits, including dividends, splits, and proxy voting, according to its DTC Tokenization Service FAQ. At the same time, legal analysis of the DTC model describes transfers as limited to DTC-allowlisted wallet addresses, with no transfers permitted to non-allowlisted wallets, according to SEC Staff No-Action Letter to DTC for Tokenization Services

That may be necessary. It may also be exactly what institutional tokenization requires. But it is not permissionless liquidity. It’s regulated liquidity. That distinction belongs near the center of any serious tokenization discussion. The only place this matters (to some) is philosophically. As I and others have written of before, a lot of the early crypto sovereign libertarian ideas and ideals are fallen by the wayside when it comes to the practical realities of incorporating traditional finance. Does anyone really care? Maybe. There are places and assets that might still live in that world, but the day-to-day real world needs that demand traditional controls are not compatible with such structures.

So the question is not whether tokenized securities can become as open as crypto. Most probably cannot. The more realistic question is whether regulated liquidity can become meaningfully better than today’s market plumbing. And I’m not sure if it’s even a question seeing as we seem to be barreling forward in that direction, whether it’s a good idea or not!

“Allowlisted” By Whom?

Even when people understand allowlist, whitelist, approved wallet list or whatever label we decide to use, another question follows quickly: whose allowlist?

A wallet may be approved by one platform and not another. A broker may support one tokenized security network and not another. An investor may be KYC’d at one brokerage, but still not eligible to receive a particular tokenized security through another transfer-agent system. A token may trade inside one issuer-controlled ecosystem but not move freely across brokerages, custodians, or venues.

This is where tokenization can quietly recreate silos.

A single-platform model can be easier to launch. The issuer, wallet, compliance engine, exchange, and investor interface all live inside one controlled environment. But liquidity is then bounded by that environment.

A broader transfer-agent model is more serious. The issuer or transfer agent maintains the official ownership record, while approved wallets and venues connect into that recordkeeping system. This can work, but only if enough brokers, custodians, market makers, and investors participate.

A shared regulated-network model is more ambitious. This is where DTC, DTCC, exchanges, broker-dealers, custodians, and transfer agents start to matter. Nasdaq has pushed toward tokenized securities trading within existing market structure, and Reuters reported that Nasdaq’s approach depends on tokenized assets offering the same material rights as traditional securities if they are to be treated equivalently.

This would be the mature direction. But it is a very different vision from “any wallet, any chain, any exchange.” The practical question is not simply, “Is the asset tokenized?” It’s more this… Is the asset portable across regulated infrastructure, or trapped inside one company’s platform? That question may decide whether tokenization becomes true market infrastructure or just another proprietary distribution channel.

Let’s Look at What Datavault is Doing with its Vault

Theory is fine. But it’s often more interesting to look at a real world example.

Let’s look at what Datavault is doing with its Dreamcoins and token vault because it is a useful early example of the single-platform pattern. It is not a clean example of tokenized securities – yet – in the strict sense, and that is part of what makes it interesting for this discussion.

Datavault AI announced a distribution of Dream Bowl Meme Coin II tokens to eligible record equity holders. (That is, existing traditional stockholders as of a particular date.) To receive the tokens, holders were required to open a Datavault AI digital wallet and execute an Opt-In Agreement. This includes typical KYC information. The company also said the tokens would be airdropped to wallets and, later, expected to be tradeable on Datavault AI’s proprietary Information Data Exchange. In other words, the shareholder record, wallet onboarding, token distribution, opt-in process, and expected trading venue all appear to be organized around Datavault’s own ecosystem. At least initially. Datavault’s own announcement says recipients must have or open a Datavault AI wallet and execute the Opt-In Agreement, and that the tokens are expected to trade on its proprietary Information Data Exchange.

That is innovative. It shows how a public company can use token distribution, wallets, and a proprietary marketplace to create a new kind of digital shareholder or community experience. It also shows how tokenization can blur the boundary between investor relations, digital collectibles, loyalty, event access, and platform strategy.

But it also illustrates the problem this section is trying to get at.

Datavault is careful to say the Dream Bowl Meme Coin II does not represent or confer equity, voting, dividend, profit-sharing, or ownership rights in Datavault AI or any other entity. It also says the token is not designed as an investment, currency, or financial product and is intended for entertainment, event-access, and digital-collectible functions.

So this is not really “a tokenized share.” It is more like a shareholder-distributed digital collectible connected to a proprietary wallet and marketplace. That makes it a useful boundary case.

It raises the exact portability question:

If a company distributes a token through its own wallet and expects trading to happen on its own marketplace, is this really market infrastructure, or is it a company-controlled token ecosystem?

Datavault’s FAQ says the Meme Coins are expected to be tradeable on Datavault’s proprietary Information Data Exchange, where registered buyers and sellers can exchange payment for data assets, including the Meme Coins. It also says holders may be able to export the tokens to other digital wallets.

That last point is important. Exportability may give holders some portability. But the core liquidity path still appears tied to Datavault’s own exchange environment, at least initially. That is not inherently bad. Early systems often start this way. A single-platform model may be the easiest way to control onboarding, permissions, compliance, user experience, customer support, and market rules.

But it is very different from a shared regulated market where multiple brokers, custodians, transfer agents, market makers, exchanges, and settlement systems all recognize the same asset and the same ownership records. That is the distinction.

A company-controlled wallet and marketplace can be innovative. It can be useful. It can create engagement. It can prove out pieces of token distribution and digital asset administration. But it does not automatically solve the broader market-structure problem. It may even make the question sharper:

Is tokenization creating interoperable financial infrastructure, or just new proprietary platforms with tokens inside them?

That question matters because tokenization’s biggest promise is not merely that assets can be represented digitally. The bigger promise is that assets can become more portable, programmable, usable, and liquid across a broader financial system. A token that only works well inside one company’s environment may still be valuable, but it is not the same thing as open, shared, regulated market infrastructure. This example is just showing one early innovation by one company. They may open this up for more interoperability over time. The point is, there’s a lot going on in this space and the details of how this will all work remain unclear.

Voting Rights Do Not Automatically Travel With The Token

Voting rights are where abstractions can break down. If a token represents actual registered shares, and the token holder is the recognized holder of record, voting can be relatively clean. The issuer or transfer agent can identify eligible holders on the record date, distribute voting materials, collect votes, and reconcile the result.

But many tokenized products are not that simple. If the real security is held by a custodian, broker, nominee, trust, or platform, the token holder may only have a beneficial or contractual interest. Voting may be passed through by instruction. It may be aggregated by a custodian. It may be limited. It may not exist.

If the token is synthetic exposure, voting rights may not travel at all. The SEC’s statement notes that a security-based swap generally provides synthetic exposure and typically does not convey equity, voting, information, or other rights in the referenced security.

This is the problem with calling everything “tokenized stock.” One product may be actual issuer-sponsored equity. Another may be a custodial entitlement. Another may be a derivative-like exposure. Another may be an offshore contractual claim. Another may be a marketing wrapper. They can all look like “stock tokens.” But they’re not the same.

If the token does not preserve shareholder rights, then tokenization may have created economic exposure without shareholder ownership. That may be useful for some trading purposes, but it should not be confused with owning the actual security.

Corporate Actions Are Still Plumbing-Heavy

Voting is only one piece of the securities lifecycle. Do you get those notices sometimes in your brokerage account? Or paper notices in the mail? Maybe they’re postcards or larger letters. Sometimes they ask you to verify things if you want to participate in a lawsuit or something. Upon receipt of such thing I’ve always thought, “Hey you sent this to me… don’t you already know exactly when I own and as of what dates? Why do I have to fill all this out?” Part of the answer is maybe they don’t know. They just know who a current owner is, but not all the background for privacy reasons. The point is, a lot of these mechanisms are still very old school. Now that obviously begs the question, “Aren’t these exactly the areas ripe for digitization?” I’d personally argue that answer is yes. And yet, I’m not sure how easy it is to flip a switch to change over decades of rule sets into a new system. It’s likely a large number of those rules aren’t even needed at this point. Maybe. Regardless, we’re looking at some complexity here. And I’m just guessing, but I’d suppose there are probably a few legacy outliers that may have to be dealt with along the way.

Real securities have dividends, interest payments, splits, conversions, calls, redemptions, tender offers, mergers, consent solicitations, tax reporting, notices, and eligibility checks. These do not disappear because someone waves a token into existence.

A bond token still needs coupon payments and maturity redemption. A stock token still needs dividends, splits, proxy voting, and tender-offer mechanics. A fund token still needs subscriptions, redemptions, NAV calculations, transfer restrictions, tax reporting, and sometimes gates or lockups.

DTC’s Tokenization Service FAQ says corporate actions such as dividends, splits, and proxy voting would be supported, and that traditional and tokenized forms would have the same ownership rights and corporate-action benefits. That’s the point. Serious tokenization does not remove the lifecycle machinery. It has to integrate with it or replace it in kind with something that covers existing relationships and rules. The more institutional the tokenization project, the more it starts to look like a redesign of the back office, not a replacement for it. And that’s maybe still a highly valuable thing.

The Cash Leg Is As Important As The Asset Leg

A security transaction has two sides: the asset and the money. It is not enough for the security token to move instantly if the payment leg is still slow, fragmented, risky, or operationally separate. Real settlement requires delivery versus payment, not just delivery.

This is why tokenized deposits, wholesale CBDCs, commercial bank money, and stablecoins keep appearing in serious tokenization discussions. The asset token is only half the transaction.

Project Agorá, led by the BIS Innovation Hub with central banks and private-sector financial institutions, is exploring a multi-currency unified ledger for wholesale cross-border payments. Its FAQ describes work on tokenized commercial bank money and wholesale central bank money on a programmable platform.

UK Finance’s tokenised sterling deposits project has a similar logic. UK Finance describes GBTD as digital representations of traditional sterling commercial bank money that retain the trust and regulatory protections of conventional deposits while aiming to improve speed and fraud protection. The material you shared also frames tokenized deposits as bank-grade infrastructure requiring APIs, core banking, KYC/AML systems, treasury and liquidity management, payment rails, policy engines, risk controls, reconciliation, and reporting.

Maybe I’ve buried the lead, but this is one of the most important points in the whole article:

Tokenized securities do not become useful at scale just because the asset can move. They become useful when the asset leg, cash leg, identity layer, compliance layer, custody layer, and legal record all work together.

That’s why the future of tokenization may depend as much on tokenized money as tokenized assets. As many people that have adopted crypto there may be, everyone else isn’t coming unless it’s easier. And there’s still a lot of friction in everything from wallets and account setups to transferring things.

Finality Sounds Good Until Something Goes Wrong

Crypto finality is attractive. At least some see it as a benefit. Once a transaction settles, it is done. But securities markets have always needed correction mechanisms.

Mistakes happen. Fraud happens. Keys are lost. People die. Courts issue orders. Assets are stolen. Transfers violate restrictions. Sanctions lists change. Custodians fail. Operational breaks happen. A regulated market cannot always say, “Sorry, the chain is final.”

That’s why many serious tokenized security systems include administrative controls: freezes, burns, remints, blacklists, transfer restrictions, and recovery processes. Crypto-native users may dislike these controls. But regulated securities often need them.

This creates another oddity. Tokenization borrows the user interface and settlement language of crypto, but the more compliant it becomes, the more it reintroduces controlled transfer, reversal logic, recovery processes, identity checks, and legal authority.

That may be good design. It’s also not the same thing as bearer crypto. Again, this becomes kind of a “purist” vs. practical argument. But it’s really not. The purist part feels almost over. Realities are realities. Yes, that was profound. Just think about it. Transfers… think about one tragic edge case that we all face at some point; estate planning. If you’ve ever been anywhere near this, the complexities of dealing with assets of a deceased person, then you know the entire area is a giant paperwork and legal mess that has vagaries across states and certainly nations. It’s challenging on the best day in traditional structures. For digital? How many assets are disappearing with the demise of a principal holder? How many beneficiaries might suffer here? As painful as it may be to work within some traditional systems, at least the records are somewhere and there’s some form of regulatory framework.

Privacy Is Not A Side Issue

Public blockchains offer transparency. Securities markets often require confidentiality. An issuer may not want its private cap table visible. A fund may not want its investor list exposed. A corporate buyer may not want strategic accumulation visible. An institution may not want counterparties to infer trading behavior from wallet movements.

IOSCO’s 2025 report on financial asset tokenization identifies risks around ownership rights, transfer rights, DLT infrastructure, data leakage, market fragmentation, smart contract bugs, and loss of private keys. Those are not theoretical concerns. They become more serious as tokenized securities move from pilots to real capital markets.

This is also why systems like Canton, permissioned DLT, privacy-preserving settlement, and selective disclosure show up repeatedly in institutional tokenization material. The market wants the benefits of digital transfer without exposing everything to everyone.

This is a hard balance. Full transparency can be dangerous and yet full opacity can recreate the old problems. Institutional tokenization seems yet to find the middle.

The Real Question Is Not Whether Tokenization Works

It is tempting to ask whether security tokenization is real or hype. This is probably the wrong question. There seems to be real value here, and there’s more than just a little drift in this direction. The better question is: which part is real? Or even better perhaps, “What’s real now, what’s still not and what’s coming next.” That complicates things. But we have to deal with truth.

Tokenized bonds are real. Tokenized funds are real. Tokenized Treasuries are real. Institutional pilots are real. DTCC, HSBC, Nasdaq, UK Finance, BIS, and others are not simply dabbling in memes. HSBC says its Orion platform has been used in several digital bond transactions, including the European Investment Bank’s first digital sterling bond and Hong Kong government digital green bond activity.

But real does not mean simple. The mature version of tokenization may look less like permissionless crypto and more like programmable financial infrastructure. That is still important. It may be more important. But it means the winning systems will not just mint tokens. They will solve identity, ownership, transfer restrictions, custody, settlement, lifecycle management, reporting, interoperability, and legal enforcement. The token may be the visible artifact, but we need the whole stack to be functional, secure and trustworthy.

Conclusion: Tokenization Exposes The Old Machinery

Tokenization may become one of the most important financial infrastructure shifts of the next decade. But not because it magically removes the old world.

It forces the old world to become programmable. While this is happening, it’s making us look at some of the old or still existing structures. In some cases, we may question why they’re still there. In others, we may find hidden places where things have been going on we don’t particularly like; things that can and should be eliminated. (Things like naked short selling perhaps.) If we go deep into that, we’ll be here a long time. That’s its own huge topic.

Securities markets are full of rules for a reason. Some are outdated, duplicative, or inefficient. Others protect ownership, fairness, settlement, disclosure, tax reporting, and investor rights.

Tokenization can modernize pieces of that system. It can reduce manual reconciliation, improve settlement speed, automate lifecycle events, support new collateral flows, and make certain markets more accessible. But it doesn’t eliminate many hard questions; some of which are the same old obvioius ones, others that are new.

Who owns the asset? Who is the holder of record? Who can receive the token? Who maintains the official register? Who holds the keys? Who handles voting? Who processes corporate actions? What is the cash leg? What happens if a transfer is mistaken, fraudulent, or legally invalid? Can the asset move across brokerages, or only inside one platform? Does the token preserve rights, or merely create exposure?

These aren’t edge cases. They’re the whole market! The unresolved problem behind tokenization hype is not whether a token can represent a security. It seems we’ve answered that and it can. The harder question is whether the entire tokenization stack can preserve the rights, protections, and operational reliability that securities require. Until that is solved broadly, tokenized securities will remain an awkward middle: not quite traditional finance, not quite permissionless crypto, and not yet the seamless global market the pitch often implies.