The SEC’s New Taxonomy for Tokenized Securities: Same Law, New Plumbing

On January 28, 2026, staff from the SEC’s Divisions of Corporation Finance, Investment Management, and Trading and Markets published a joint statement aimed at one thing: forcing the market to be precise about what, exactly, is being “tokenized.”

That precision matters. In practice, “tokenization” is used as a catch-all label for (i) issuers putting their own securities on blockchain rails, (ii) intermediaries creating blockchain-format entitlements to traditionally held securities, and (iii) third parties offering synthetic exposure that looks like a token but behaves like a derivative. The statement’s core move is to sort these structures into clean categories, then remind everyone that changing a security’s format does not change the security’s legal status.

What follows is our practitioner’s read: the taxonomy, the legal consequences that flow from each branch, and a compliance checklist for anyone building in the space.

1) The SEC’s definition: a “tokenized security” is still a security

The statement defines a “tokenized security” as a financial instrument that already fits within the federal definition of “security,” but is formatted as (or represented by) a crypto asset, with ownership records maintained in whole or in part on one or more crypto networks.

Two immediate implications:

1. Format-neutrality is the rule. If it is stock, debt, an option, or another enumerated security, putting it “onchain” does not exempt it from registration, disclosure, broker-dealer, exchange, clearing, transfer agent, custody, antifraud, or other obligations that already apply.

2. Taxonomy is compliance. Many tokenization projects fail not because the product is impossible, but because participants cannot describe, with legal accuracy, what investors actually own.

2) Category One: Issuer-sponsored tokenized securities (the “issuer rail swap”)

The staff describes issuer-sponsored tokenization as the issuer (or its agent) issuing the security in token form, and integrating distributed ledger technology into the issuer’s recordkeeping so that an onchain transfer maps to a transfer on the issuer’s master securityholder file.

Model A: Onchain master securityholder file (or a component of it)

In the cleanest version, the blockchain is functioning as the official (or at least integrated) ownership ledger, paired with offchain identity and compliance data (for example, linking wallet addresses to names/addresses and other required records).

Legal takeaway: the issuer has not invented a new asset; it has modernized its register. That is operationally meaningful, but legally unsurprising: Securities Act registration or an exemption still governs offers and sales, and Exchange Act concepts like “equity security” do not change with the file format.

Model B: Offchain master file, onchain “transfer instruction” token

The staff also describes a second issuer-sponsored model where the token itself does not carry the security’s rights and is not integrated into the master file; instead, a token transfer serves as a mechanism to notify the issuer (or agent) to update ownership offchain.

Legal takeaway: do not let the “token” label confuse the analysis. You still have a securities transaction, but you now have additional technology, vendor, and control-point risk.

The “same class” question

The statement flags a subtle issue issuers often miss: an issuer can have tokenized and non-tokenized formats of the “same” security, but if a tokenized instrument is substantially similar in rights and privileges to the traditional one, the two may be treated as the same class for certain Exchange Act purposes.

Practical point: your cap table architecture and disclosure controls should be designed as if the SEC will look through format to substance, because the staff is telling you it will.

3) Category Two: Third-party-sponsored tokenized securities (where risk migrates to the intermediary)

Where an unaffiliated third party tokenizes someone else’s security, the staff emphasizes that holders may have materially different rights than holders of the underlying security, and may also face additional intermediary risk (including bankruptcy risk) that the underlying security holder may not bear in the same way.

The SEC then breaks this into two observed models.

Model 1: Custodial tokenized securities (tokenized “security entitlements”)

Here, the third party holds the underlying security in custody and issues a token that represents an interest through a security entitlement structure.

This is not theoretical. The SEC staff’s December 11, 2025 no-action letter to DTC, as described by the Commission, is explicitly framed around tokenized entitlements as a pathway for bringing blockchain recordkeeping into existing market infrastructure.

Legal takeaway: you are not “tokenizing the issuer.” You are tokenizing the intermediary’s entitlement ledger, which pulls you directly into the custody, clearing, and customer protection framework.

Model 2: Synthetic tokenized securities (linked securities and security-based swaps)

The synthetic branch is where market structure and derivatives law start doing real work.

The staff describes two synthetic forms:

• Linked securities: the third party issues its own security providing exposure to the referenced security, but confers no rights in the referenced issuer.

• Security-based swaps: a token that functions as a security-based swap, with the familiar constraints on who can be offered the instrument absent registration, and where it can trade.

Legal takeaway: if you are selling exposure, not ownership, you should expect the SEC (and counterparties’ counsel) to treat the instrument like structured product or swap engineering, not like a simple “token wrapper.”

4) What market participants should do next (a working checklist)

The statement is not a rule, and it does not create new obligations. But it is an enforcement roadmap in the most practical sense: it tells you what the staff believes the market is doing, and the categories it will use to analyze those activities.

Here is the checklist we would run internally before anyone ships a tokenized securities product:

A. Start with the rights, not the rails

• What legal rights does the holder have (dividends, voting, redemption, information rights, liquidation preference, remedies)?

• Do those rights run against the issuer, a custodian, or a special purpose vehicle?

B. Identify the ledger of record

• Is the master securityholder file onchain, offchain, or hybrid?

• Who is the transfer agent (or functional equivalent), and how are reversals, errors, liens, and transfer restrictions implemented?

C. Place the product into the SEC’s taxonomy

• Issuer-sponsored (integrated ledger)

• Issuer-sponsored (offchain master file; token as transfer mechanism)

• Third-party custodial entitlement

• Third-party synthetic (linked security)

• Third-party synthetic (security-based swap)

D. Map the regulatory perimeter

• Securities Act registration or exemption analysis for offers and sales, regardless of format.

• Trading venue implications (exchange, ATS, broker-dealer activity, and related rule sets), depending on where and how secondary trading will occur.

• If derivatives economics are present, run the security-based swap test early, not late.

E. Disclosures should track the actual risk transfer

If the token holder is exposed to intermediary insolvency risk, operational risk, or a different remedies package than the underlying security holder, that needs to be drafted, not hand-waved. The staff’s emphasis on third-party risk is not subtle.

5) The larger signal: the SEC is standardizing “tokenization” around existing market structure

Read in context, the January 28 statement pairs with the Commission’s growing willingness to discuss tokenization as modernization of securities infrastructure rather than as a separate, parallel system. The DTC tokenized entitlements pilot is the clearest example of that orientation.

This is also consistent with Commissioner Peirce’s repeated theme that tokenization can be innovative without being legally magical, and that the hard work is fitting new distribution and trading models into investor-protection architecture.

Bottom line

If you are building with tokenized securities, you should treat the SEC’s taxonomy as a gating document. Your project’s success will often turn less on chain selection and more on whether you can clearly answer two questions:

1. What does the holder actually own?

2. Whose regulated system is actually being operated: the issuer’s, the custodian’s, or a synthetic issuer’s?

That’s all for now,

Braeden

Important legal notice

This article is for general informational purposes only and does not constitute legal advice. Reading it does not create an attorney-client relationship. Tokenization of securities is highly fact-specific and can implicate federal and state securities laws, SEC rules, and other regulatory requirements. You should consult qualified counsel before implementing any strategy described here.

- - - - - - - - - - - - -

About the author

K. Braeden Anderson is a Partner at Gesmer Updegrove LLP, where he leads the firm’s Securities Enforcement & Investigations practice, and chairs Mackrell International’s Blockchain & Digital Assets Group and Securities Enforcement & Investigations Group. He is a nationally recognized securities regulatory and enforcement attorney whose practice sits at the intersection of traditional financial regulation and emerging technology. He has been recognized in Best Lawyers: Ones to Watch® in America (2025) for Financial Services Regulation Law and Securities Regulation, and was named the #1 most-read fintech thought leader in the United States in Mondaq’s Spring 2025 Thought Leadership Awards.

Before joining Gesmer Updegrove, Braeden founded a Washington, D.C.–based law firm. He previously served as Assistant General Counsel at Robinhood Markets, Inc. (NASDAQ: HOOD), advising on high-stakes regulatory and enforcement matters, and earlier practiced at Kirkland & Ellis LLP and Sidley Austin LLP in New York and Washington, D.C.

Braeden is a prominent voice in securities and crypto regulation and a leading example of how lawyers can build brand through education and content. He publishes a weekly newsletter reaching more than 20,000 legal and financial professionals, runs a YouTube channel with over 160,000 subscribers, and regularly produces written and multimedia thought leadership through his blog, Anderson Insights. His work focuses on enforcement trends, fintech regulation, and the evolving role of digital assets in capital markets.