Technology

ERC-3643 Security Tokens Explained: The Compliance Layer Built Into the Standard

A technical walkthrough of the ERC-3643 token standard — how transfer restrictions, eligibility rules, and regulatory attestations are embedded at the contract layer rather than enforced off-chain.

· Ishaan Mehrotra
ERC-3643 Security Tokens Explained: The Compliance Layer Built Into the Standard

Most coverage of "security tokens" skips the technical detail and lands on one of two extremes: either breathless claims about blockchain transforming capital markets, or dismissive hand-waving about regulatory uncertainty. Neither is useful if you are an engineer or compliance officer trying to evaluate whether ERC-3643 is actually appropriate infrastructure for a private credit issuance. This piece is the technical walkthrough we wished existed when we first evaluated the standard — what the contract architecture looks like, where compliance is enforced, and what the failure modes are.

Why ERC-20 Breaks for Securities

Start with the baseline. ERC-20 is the standard that underlies most EVM-compatible tokens. It defines a simple interface: a token has a total supply, addresses have balances, and the transfer function moves tokens between addresses. Any address can call transfer to any other address. Full stop.

This is exactly wrong for a security. Reg D 506(c) requires that purchasers be verified accredited investors. Reg S requires that non-US person status be verified. AML/KYC law requires that the beneficial owner not appear on OFAC or other sanctions lists. An unrestricted ERC-20 transfer function cannot enforce any of these. You would need an entirely off-chain compliance layer that somehow monitors every transfer — a design that has no enforcement teeth and no audit trail tied to the actual transaction.

ERC-3643 was designed to solve this by moving compliance into the token contract itself. The transfer function does not execute unless a compliance check passes. That check runs on-chain, against an on-chain registry of investor attestations, before any tokens move.

The Four Contract Components of ERC-3643

The standard defines four distinct smart contract layers that work together:

1. The Identity Registry

The Identity Registry is an on-chain mapping between investor wallet addresses and identity attestations. Each address in the registry is associated with a set of claims — structured pieces of data attesting to facts about the investor: "this address is held by a US-accredited investor," "this address passed AML screening on date X," "this address belongs to a non-US person under Reg S." Claims are signed by trusted claim issuers — typically the KYC/AML service provider integrated into your onboarding stack — and stored on-chain.

Critically, the Identity Registry does not store the underlying personal data. It stores the attestation (a claim signed by a trusted issuer) and a reference to an on-chain identity contract (called an ONCHAINID) that belongs to the investor. The ONCHAINID holds the claims. The personal data — passport scans, accreditation documentation — stays off-chain in the KYC provider's secure storage. What goes on-chain is just the compliance attestation: "this address has passed the required checks."

2. The Compliance Module

The Compliance Module is where issuer-specific transfer restrictions live. This is a separate contract from the token itself, and it is configurable per issuance. It answers the question: "given that this buyer's identity is in the registry, is this specific transfer permitted under the rules of this offering?"

Compliance rules are composed from modular conditions. Common examples in private credit contexts:

  • Maximum investor count per jurisdiction (relevant for certain Reg D rule interpretations)
  • Minimum holding period before secondary transfer (issuer-defined lock-up)
  • Maximum position size per investor (concentration limits)
  • Whitelist-only transfers (only to addresses that the issuer has explicitly pre-approved)

When a transfer is attempted, the token contract calls the Compliance Module's canTransfer function. The Compliance Module checks the buyer's identity claims against its ruleset. Only if canTransfer returns true does the transfer proceed. The whole sequence executes atomically in a single transaction — it is not a two-step confirmation flow.

3. The Token Contract

The token contract itself is an extended ERC-20 that overrides the standard transfer and transferFrom functions to call the Compliance Module and Identity Registry before executing. From the outside, it behaves like a normal ERC-20 — wallets can see balances, explorers can index transfers. But every transfer has a compliance gate that non-ERC-3643 tokens do not.

The token contract also implements forced transfer and recovery functions that the issuer controls. If an investor's wallet is compromised, the issuer can execute a forced transfer to recover tokens to a new investor address — a capability that does not exist in standard ERC-20 and is essential for meeting qualified custodian expectations around asset recovery.

4. The Token Factory

The Token Factory is the deployment mechanism. Rather than each issuance deploying custom code, the factory creates new token contract instances from a standardized implementation template. This standardizes the compliance interface across all tokens issued by a given platform, making auditing predictable and reducing per-issuance smart contract audit costs substantially. At Capkindle, our issuance engine uses a factory pattern so every token we deploy has the same compliance architecture — only the Compliance Module configuration changes between deals.

What Happens During a Typical Transfer Sequence

Walk through the mechanics of a secondary transfer to see how these components interact:

  1. Seller calls transfer(buyerAddress, amount) on the token contract.
  2. The token contract calls isVerified(buyerAddress) on the Identity Registry.
  3. The Identity Registry checks that buyerAddress is registered and holds valid, non-expired claims meeting the required claim topics for this token.
  4. The token contract calls canTransfer(sellerAddress, buyerAddress, amount) on the Compliance Module.
  5. The Compliance Module checks: Does the buyer's jurisdiction pass? Is the transfer amount within position limits? Is the minimum holding period satisfied for the seller? Are both parties on the issuer's explicit whitelist?
  6. If all checks pass, the token transfer executes. Balances update. An on-chain Transfer event is emitted with full transaction metadata.
  7. If any check fails, the entire transaction reverts. No tokens move. The revert includes an error code indicating which check failed.

The whole sequence runs in a single on-chain transaction. There is no race condition between compliance check and transfer execution — they are atomic. This is architecturally different from off-chain compliance systems where a gap exists between when you check eligibility and when you settle the transfer.

Claim Issuers and Trust Hierarchies

One aspect of ERC-3643 that deserves its own attention is the claim issuer trust model. The Identity Registry only accepts claims signed by claim issuers that the platform has authorized. This authorization is itself stored on-chain.

In practice, the claim issuers are the KYC/AML service providers integrated into the platform's onboarding flow. When a KYC provider like Persona completes an investor verification, their system generates a claim — a signed assertion — and submits it to the investor's ONCHAINID. Because the KYC provider's signing key is on the platform's authorized claim issuers list, that claim is recognized by the Identity Registry when a transfer is attempted.

What this means for compliance operations: if you change KYC providers, you need to either re-issue attestations for all investors under the new provider's signing key, or maintain both providers as authorized claim issuers during a transition period. Claim expiry is also a real operational consideration — accreditation attestations should have a defined TTL (time-to-live) and trigger re-verification workflows before they expire, not after. We configure our claim issuance with a 12-month TTL on accreditation claims and a continuous monitoring trigger on AML claims.

What Smart Contract Audits Actually Check

Fund managers and their counsel frequently ask what a smart contract audit covers. The short answer: it covers what the code does, not whether the business logic is correct for your regulatory situation.

An audit of an ERC-3643 implementation will check:

  • Reentrancy vulnerabilities in the token contract and Compliance Module
  • Access control — whether administrative functions (forced transfer, claim issuer management) are properly permissioned
  • Integer overflow/underflow in balance and supply calculations
  • Correct implementation of the ERC-3643 interface specification
  • Event emissions (that Transfer, ComplianceAdded events fire correctly)

The audit does not verify that your Compliance Module configuration accurately reflects your Reg D disclosure, that your claim TTLs align with your accreditation verification cycle, or that your investor eligibility rules are legally sufficient for your offering structure. Those are legal and operations questions that require your counsel to review the Compliance Module configuration directly — not just the code audit report.

A smart contract audit is a code correctness check. It is not a regulatory compliance opinion. Your securities counsel needs to review the Compliance Module ruleset against your offering documents independently.

Permissioned Chains vs. Public Ethereum: Where ERC-3643 Gets Deployed

ERC-3643 is an EVM standard — it runs on any EVM-compatible chain. The choice between Ethereum mainnet, Polygon, a private EVM chain, or an institutional-grade permissioned network depends on your priorities.

Ethereum mainnet offers the most credible public audit trail and the deepest tooling ecosystem, but gas costs for compliance-heavy transactions (each transfer triggers 3–5 on-chain calls) can run $5–50 per transaction at moderate network congestion. For high-frequency secondary activity, that is prohibitive.

Polygon and other L2/sidechain environments bring gas costs to a fraction of a cent per transaction, with EVM compatibility that means the same ERC-3643 code runs without modification. The tradeoff is a smaller validator set and different security guarantees than Ethereum mainnet.

Private EVM chains — Hyperledger Besu, Quorum, Fabric EVM adapters — offer full control over the validator set (which can be the issuers and custodians themselves) and can satisfy institutional requirements for counterparty-known infrastructure. They give up public verifiability, which matters less for private securities than for public tokens.

Our infrastructure runs on Polygon for cost efficiency, with the option to bridge to Ethereum mainnet for issuances where LP counsel requires mainnet-grade public verifiability. The ERC-3643 implementation is identical across both — chain choice is a deployment configuration, not an architectural change.

The standard is ready for institutional use. The gaps are not in the smart contract specification — they are in the operational layer around it: how KYC providers issue and maintain claims, how compliance teams review and configure the Compliance Module, and how audit trails are surfaced for regulatory examination. Those are solvable operational problems, and they are the focus of the rest of the Capkindle platform.

Prev Next

Related Insights

Tokenization of Real-World Assets: A Primer for Credit Funds
Education

Tokenization of Real-World Assets: A Primer for Credit Funds

January 14, 2025
Blockchain Custody Architecture: How Fireblocks MPC Wallets Secure Institutional Token Holdings
Technology

Blockchain Custody Architecture: How Fireblocks MPC Wallets Secure Institutional Token Holdings

January 8, 2026
Regulation D Rule 506(c) and Tokenized Offerings
Compliance

Regulation D Rule 506(c) and Tokenized Offerings

June 10, 2025