Regulators have done little to provide certainty for buyers and sellers of blockchain-based 'tokens' (more here). A page on the Securities and Exchange Commission's website on the topic of 'initial coin offerings' offers only sparse information in form of "5 things you need to know about ICOs," starting with the somewhat ominous declaration that "ICOs can be securities offerings" -- a message which seems to have found a receptive audience, judging by the growing number of projects offering their assistance with “security token offerings.” The following examines the viability and efficacy of security tokens in the context of blockchain-based systems for the purpose of securities creation and handling.
Tokens and Public Blockchains
The term 'token' took on new meaning with the emergence of blockchain-based systems. To understand a token's function within the context of blockchains, one must hence first understand the nuances of blockchain solutions.
The term blockchain technology refers to a cryptographic encryption method conceptualized in 1999 - and referenced in the Bitcoin Whitepaper - which links hashed data in a consecutive manner (neither paper uses the term 'blockchain' however). By itself, the term blockchain refers to a decentralized, open, network that makes use of the aforementioned cryptographic implementation to time-stamp and secure computation results - i.e. transactions. The latter implementation, which was introduced with the launch of the Bitcoin blockchain, is sometimes also unnecessarily referred to as public blockchain.
The decentralization component - the fact that anybody may download the code and operate a node - of blockchains makes transactions recorded in these types of ledgers extremely difficult to reverse. The necessary open collusion by a majority of network participants is unlikely to occur as the resulting distrust in the network would erode the colluding parties’ investment in computing power and/or allocation of virtual assets (stakes) in the blockchain needed for the manipulation to begin with.
Because of these features, blockchains are also referred to as "trust-less networks," and the recorded transaction are considered immutable, a quality which enables peer-to-peer transactions of blockchain-native assets (coins) and digital assets created on a public blockchain via qualified smart contract: tokens.
Tokens can be classified based on standardized smart contracts adopted by a blockchain's main-net, which allows the transfer of these assets to any wallet or exchange complying with the standard.
By far the most common standard today is Ethereum’s ERC-20 Token Standard. The standard is supported by most digital wallets and more than 200 exchanges.
The ERC-20 token standard provides a protocol for simple, fungible digital assets but is lacking any provisions for complex instruments, such as securities.
To date, almost on thousand different token types have been created using this standard (for current count see Etherscan).
'Permissioned Blockchains' And Tokens
Databases and networks operated by individual companies and consortia that use blockchain-type encryption schemes are sometimes referred to as "permissioned blockchains" or "private blockchains".
However, while transactions recorded this way may be more secure, participants in these systems are still required to trust the network provider not to alter records and to continue to operate the network.
Operators of these systems might create additional requirements needed for the exchange of virtual assets such as tokens, however, these dependencies do not constitute protocols until they are adopted by a public blockchain.
As a consequence, digital securities created with the use of a proprietary "standard" cannot be transferred simply using a wallet or exchange complying with the protocol of a public blockchain and should therefore not considered tokens.
Conclusions
In the context of public blockchains, tokens -- including security tokens -- are based on established protocols (APIs) that allow the transfer of these assets from and to wallets and exchanges, which support these standards without the need of a third party.
As of today, no public blockchain offers a "security token standard" or "security token protocol".
Due to this lack of a security token protocol on any existing public blockchain, any exchange of assets created through these systems will necessarily require these platforms to provide access to the data stored in their databases for identity and asset validation. Claims by providers using the aforementioned terms are aspirational and are limited to databases and, in some instances, application programming interfaces (APIs) maintained by these platforms. The latter term is usually indicative of a custodial solutions (either for the asset and/or personal identifiable data).
Lastly, since Web-3 agency and attribution layers are still not implemented (more here), ownership records mostly resemble those of legacy account-based systems, and as such void most advantages derived from blockchain-based rights and assets (more on identity here).
Further reading: When is an asset digital