Five major challenges

hindering security
token adoption on
Ethereum
Identity | Compliance | Confidentiality
Governance | Finality

POWERED BY
 Five major challenges hindering security token adoption on Ethereum

This document is prepared by Polymath to show how Polymath technology and the Polymath
blockchain can be used.

This document does not constitute, nor shall it be construed as, a recommendation or an offer or
solicitation to sell or acquire any security or investment in any jurisdiction including any investment in
or purchase of securities of PingAsset. Polymath is not a broker-dealer, investment advisor or
financial advisor and is not registered with any regulatory agency or body and does not provide any
investment or legal advice, endorsements, analysis or recommendations with respect to any securities
or assets.

The information in this document does not purport to be complete and has not been independently
verified. Polymath gives no undertaking, and is under no obligation, to update this document or provide
any additional information or to correct any inaccuracies which may become apparent.

2
 Five major challenges hindering security token adoption on Ethereum

Executive summary
Security token standards, and ERC 1400 in particular, go a long way
towards making security tokens more viable. They eliminate the need for
technical due diligence and provide securities-specific features on
general-purpose blockchains.

However, it’s become clear as the industry
has evolved that five keystone issues with
asset tokenization on general-purpose
blockchains need to be addressed in order
to align the functioning of the blockchain
with the requirements of modern capital
markets. To address these gaps, Polymath
has spearheaded the creation of Polymesh, an
institutional-grade permissioned blockchain
built specifically for regulated assets.

3
2 4
Confidentiality

Compliance Governance

1 Five Major
Challenges 5
Identity Finality

3
 Five major challenges hindering security token adoption on Ethereum

1. Identity
Securities issuance and transfer require a
known identity, but most chains are built for
pseudonymity. Polymesh uses a customer
due diligence process to ensure all actors
on the chain are verified and transactions
are authored by permissioned entities.

2. Compliance
Solutions built on top of general-purpose
blockchains struggle with processing the
complex logic needed to comply with
regulations. Polymesh builds compliance
into the chain, enabling faster processing
and lower protocol fees that can scale as
demand and complexity of regulation grows.

3. Confidentiality
Most market participants need their
position and trades to remain confidential,
but anyone can see holdings on general-
purpose blockchains. Polymesh has
engineered a secure asset management
protocol that enables confidential asset
issuance and transfers.

4. Governance
Contentious forks in the chain present
significant legal and tax challenges for
tokens backed by real assets. Polymesh
uses an industry-led governance model to
prevent hard forks and guide the evolution
of the chain.

5. Finality
Ethereum's probabilistic finality prevents
the blockchain from serving as a golden
record for asset ownership. By creating
assets at the protocol layer, Polymesh is
able to provide a simplified approach to
transfers and deterministic finality.

4
 Five major challenges hindering security token adoption on Ethereum

Landscape and background

The early days of The quest to establish
tokenization security-specific
Fabian Vogelsteller and Vitalik Buterin
standards
established the ERC 20 standard in November
To tackle this problem, Polymath brought
2015 and it’s the foundation of most tokens to
together 25 companies including custodians,
this day. But ERC 20 simply wasn’t designed
lawyers, exchanges, auditors, KYC providers,
for security tokens. This created a number
former regulators, and transfer agents to
of problems—for one thing, organizations
propose a unified standard for security tokens
couldn’t rely on ERC 20 to enforce KYC for
on Ethereum. The goal was to ensure that
secondary trades, which does not bode well
the token’s code met specific requirements
for certainty of ownership, an up-to-date cap
in order to allow organizations to integrate it
table, or a recovery mechanism in the event of
without costly and time-consuming technical
a lost private key.
due diligence. This standard, ERC 1400, has
since been adopted by organizations including
Numerous entities tried to overcome
ConsenSys and BNP Paribas.
these issues with proprietary standards.
Implementations include the DS protocol
ERC 1400 acts as an umbrella of standards
from Securitize, R-Token from Harbor, T-Rex
and addresses requirements specific to the
from Tokeny and ST20 from Polymath.
management of securities, including the
This multitude of implementations created
ability to conserve UBO rights for custodied
friction for the rest of the industry. Chiefly,
assets. In addition, ERC 1400 resolves some
custodians, exchanges, and other participants
of the challenges surrounding security token
needed to perform extensive due diligence
management by automating transfer control
on the code associated with the tokens
(including the need for KYC verification)
themselves, in addition to the standard
and corporate actions (including capital
business due diligence. Security tokens
distribution or voting).
were intended to bring efficiency and reduce
complexity, and adding this additional barrier
ERC 1400 brought together some of the best
was counterproductive.
minds in the industry to address the landscape
as it stood at the time, but recognizing that
regulation continues to evolve, ERC 1400 was
designed to be modular so new functionality
could be added as required.

5
 Five major challenges hindering security token adoption on Ethereum
Gaps in functionality
left by standards
Despite these advances, standards can
only take us so far. While ERC 1400 goes a
long way towards making Ethereum more
suitable for securities, as a general-purpose
chain, there are still gaps in functionality
and scalability.
Firstly, on Ethereum, digital assets are
programmed using smart contracts and as
a result, custodians, exchanges and other
market participants have to integrate each
asset into their environment individually. ERC
1400 makes this process much more efficient
by standardizing the token configuration
and eliminating the need for technical due
diligence, but there is still room to make the
process faster and more automated.
Beyond that, it became clear as the industry
evolved that five keystone issues with asset
tokenization on general-purpose blockchains
needed to be addressed in order to align
the functioning of the blockchain with the
requirements of modern capital markets.
In order to address these gaps, Polymath has
spearheaded the creation of Polymesh, an
institutional-grade permissioned blockchain
built specifically for regulated assets. Because
ERC 1400 has been so widely adopted,
Polymesh has been able to use market
feedback to build on the foundation created
by the standard. Polymesh streamlines
antiquated processes and opens the door
to new financial instruments by solving
challenges with the public infrastructure
through five key design principles built into
the base layer of the chain, rather than as
external add-ons.
6
 Five major challenges hindering security token adoption on Ethereum
#1 Identity
Challenge
Securities issuance and
transfer requires a known
identity, but most chains
are built for pseudonymity.
Regulation dictates that securities must be
associated with an identity. However,
general-purpose blockchains were built for
censorship resistance and pseudo-
anonymity. This ethos makes it very difficult
to meet compliance requirements around
identity verification and to fulfill
Know-Your-Customer (KYC) obligations.
General-purpose
blockchains were
built for censorship
resistance and
pseudo-anonymity.
As a result of this mismatch in intention, a
number of issues arise on
public blockchains:
Token holders can subvert rules by holding
assets under multiple digital identities
Users can carry out Sybil attacks by
creating many pseudonymous
digital identities
Transactions are validated by
operators with unknown credentials
in unknown locations
Solution
Polymesh uses a customer
due diligence process to
ensure all actors on the
chain are verified.
Before interacting with the chain, every
user must validate their identity. Polymesh
streamlines this process by creating a single
identity on the chain for each real-world
individual or organization and then attaching
attestations to their identity as needed. This
modular two-stage approach to identity
verification allows for efficient onboarding as
well as specific checks.
Stage 1 - Onboarding
Firstly, every user validates their identity
through a basic customer due diligence
(CDD) process that verifies their name,
date of birth, and place of residence in
real-time. Once complete, any accounts
a user creates, or assets they hold or
transfer, will be securely and confidentially
connected to this identity.
Stage 2 - Attestations
Next, attestations can be used to layer
in additional identity verification or due
diligence actions as needed. Attestations
can be thought of as on-chain evidence
verifying an attribute of a user’s identity
(i.e. residency, accreditation, or KYC status)
and are used to automate compliance rules
around ownership and transfer.
Details on Polymesh identity can be found here.
7
 Five major challenges hindering security token adoption on Ethereum

#2 Compliance
Challenge Solution
Security tokens are subject Polymesh builds compliance
to a growing number of into the chain, enabling
regulations, but general- faster processing and lower
purpose blockchains protocol fees that can scale
struggle with the complex as demand and complexity
logic needed to comply. of regulation grows.
Security tokens are subject to a myriad of Compliance requirements are constantly
regulations and we expect these to grow in evolving, and they vary depending on the
number and complexity. Many capital markets jurisdiction and asset in question. Polymesh
participants have implemented proprietary gives issuers the flexibility to set rules around
solutions, but they require manual intervention ownership and transfer requirements based
and are yet to deliver the end-to-end on their specific needs. This includes token-
automation that’s necessary for automated based criteria (i.e. buy or sell lockups tied to
compliance. when a token was issued) as well as identity-
based criteria (i.e. residency).
Polymesh gives issuers
Once the issuer inputs preferences and
the flexibility to restrictions, Polymath’s technology automates
set rules around their enforcement. In short, before permitting

ownership and transfer a transfer to take place, Polymesh checks

to ensure all requirements are met and
requirements based on whether the buyer and seller have the right
their specific needs. attestations tied to their identity.

Because this functionality is built into the core

Built on top of the chain, these layer 2
of the chain rather than as an add-on, even
applications can automate key steps, but as
very complex compliance requirements can be
users begin to layer on successive rules, the
automated efficiently (and cost-effectively) at
number and complexity can push the chain to
scale.
its computational limits. This drives up costs
and processing time, which in turn limits the
Details on Polymesh compliance can be
potential to innovate and automate.
found here.

8
 Five major challenges hindering security token adoption on Ethereum
#3 Confidentiality
Challenge
Most market participants
need their position
and trades to remain
confidential, but anyone
can see holdings on general-
purpose blockchains.
Capital markets participants value confidentiality
and privacy, regardless of their size or purpose.
Financial institutions must protect client
information to comply with privacy requirements
and safeguard their own financial interests. Non-
reporting entities, usually with a small pool of
shareholders, often do not want any ownership
or transfer information to become public.
On general-purpose blockchains, layer 2
solutions can be used to make transactions and
balances confidential, but they come with an
unworkable compromise—to add transaction
privacy, they must sacrifice the ability to
automate compliance checks or ownership
reporting.
Solution
Polymesh has engineered a
secure asset management
protocol that enables
confidential asset issuance
and transfers.
Because Polymesh is intended for securities, it
makes it possible to transfer and hold assets
confidentially, while still automating compliance
checks and cap table updates.
This is done through MERCAT, which stands for
Mediated, Encrypted, SeCure Asset Transfers,
and represents a new protocol for securely
managing assets in a confidential and auditable
way by using a hybrid design approach
that combines zero-knowledge proofs with
restrictions enforced by trusted mediators,
such as the asset issuer or exchanges.
The cryptography behind MERCAT is quite
complex, but the experience for the issuers,
investors, and other market participants
remains simple. Issuers on Polymesh are
given the option to make transactions with
their security token confidential during
configuration.
Just by pressing a few buttons, Polymesh
can provide:
Transfer Amount Confidentiality
Transfer amounts and account balances
are kept confidential through the use of
zero-knowledge proofs that prove validity
of the transfer and resulting balances.
Asset Confidentiality
Not only is the price and quantity of
an asset confidential, the asset type
transferred is also kept confidential, which
enables users to maintain private portfolios.
Auditability
Users can provide audit rights to the
trusted parties to view transaction details
without removing the privacy of those
transactions or disclosing any other user
secrets such as the cryptographic private
keys or asset spending key.
Details on confidentiality can be found here.
9
 Five major challenges hindering security token adoption on Ethereum
#4 Governance
Challenge
Contentious forks in the
chain present significant
legal and tax challenges for
tokens that are backed by
real assets.
Governance can be a difficult topic for any
blockchain, but this is especially true for
security tokens, where the chain is not only
the source of truth for potentially billions of
dollars, but must also allow investors, issuers,
and capital markets participants to fulfill their
regulatory obligations.
Because of its decentralised nature, when
there is a disagreement, a blockchain can be
split into two separate chains—known as a
fork—which can expose major legal and tax
challenges for tokens backed by real assets.
If an investor owns one ounce of tokenised
gold, they will not get a second ounce of gold
when the blockchain forks and the asset is
duplicated, because the extra gold doesn’t
exist in the real world. As a result, a blockchain
for securities must have a governance process
that can mitigate contentious forks.
Polymesh addresses
the challenges general
purpose blockchains
face with governance
by building it into
the core of the
blockchain.
Solution
Polymesh uses an industry-
led governance model to
prevent hard forks and guide
the evolution of the chain.
Polymesh addresses the challenges general
purpose blockchains face with governance
by building it into the core of the blockchain.
This comes to life through the approach to
upgrades and on-chain governance.
Upgrades
Normally, blockchains are susceptible to
forks during upgrades. Polymesh is built
on Substrate Framework, which provides
Forkless Runtime Upgrades. Unlike other
frameworks, this allows for seamless
upgrades on the chain to avoid the risk
of hard forks. Without getting into the
technical details, this means the ability
to upgrade Polymesh is a feature of the
blockchain itself, with any changes to the
chain recorded directly on the chain itself.
Governing Council
In addition, Polymesh relies on a council
of key stakeholders to review Polymesh
Improvement Proposals (PIP) submitted
by committees or token holders, find
consensus, and chart a path forward for its
future development. The ability to direct
the evolution of mission-critical software
presents a major leg up over a traditional
‘vendor’ relationship and provides a means
of steering the chain past potential issues
or disagreements.
Details on Polymesh governance can be found here.
10
 Five major challenges hindering security token adoption on Ethereum
#5 Finality
Challenge
Ethereum’s use of
probabilistic finality
prevents it from serving as
a golden record for asset
ownership.
A recent German draft law on the introduction
of electronic securities makes it clear that
“blockchain or DLT systems can only be
used for maintaining a crypto securities
register if they sufficiently ensure the finality
of transactions.” In other words, for the
blockchain to contain a true representation
of ownership, it must provide deterministic
finality. But between Ethereum’s probabilistic
finality mechanism, cumbersome compliance
automation, and the unknown identity of block
authors, this just isn’t possible.
Solution
By creating assets at
protocol layer, Polymesh is
able to provide a simplified
approach to transfers and
deterministic finality.
Polymesh addresses settlement roadblocks
through its unique, protocol-level asset
transfer process. It reduces delivery failure
without requiring prefunding and can provide
deterministic transaction finality through
the GRANDPA finality gadget, as well as
stringent identity verification requirements,
a comprehensive compliance validation
framework, and a forkless upgrade process.
In essence, settlement finality is possible
on Polymesh because of how identity,
compliance, and governance are woven
together in the core of the chain.
Identity
In addition to ensuring that the buyer and
seller both have known identities, Polymesh
ensures that node operators are known
and permissioned. This is critical from a
finality standpoint, because otherwise the
question “did the transaction happen?”
may yield two different answers—the
mathematical one, which says there is a
transaction in a block that was verified and
broadcasted, and a legal one that might not
tell the same story.
Compliance
Once a buyer and seller affirm a transfer,
the assets are ‘committed’. This solves
problems with delivery failure and pre-
funding—the assets can’t be spent in other
transactions, but the holder doesn’t need
to relinquish control in advance. Once
assets are locked, compliance rules are
automatically checked, and the transfer
is either wholly completed (and instantly
settled atomically) or wholly rejected (and
the assets are immediately returned).
Governance
Firstly, Polymesh relies on its Governing
Council to set criteria and permission
node operators. Beyond that, forkless
upgrades provide critical assurance that
the transaction won’t be reverted having
followed the wrong fork.
Details on Polymesh settlement can be
found here.
11
 Five major challenges hindering security token adoption on Ethereum

Conclusion
When it comes to creating and managing
digital securities, Polymesh’s specificity
gives it (and the applications built on it) a
distinct advantage over general-purpose
blockchains.

The purpose-built infrastructure is able to

address the gaps in Ethereum’s
architecture needed to align the
functioning of the blockchain with the
requirements of modern capital markets.

Security tokens have been tried

on other blockchains with varying
levels of success, but factors such
as gas fees and the principles of
anonymity meant it was always a
difficult proposition.

With Polymesh we can move beyond

those challenges.

Mike Kessler,
CEO and Founder
Tokenise

12
polymath.network

About Polymath
Polymath makes it easy to create, issue, and manage security tokens on
the blockchain. Over 200 tokens have been deployed using our Ethereum-
based solution and we are now in the midst of launching Polymesh, an
institutional-grade blockchain built specifically for regulated assets. It
streamlines antiquated processes and opens the door to new financial
instruments by solving the inherent challenges with public infrastructure
around identity, compliance, confidentiality, and governance.

Learn more