On March 17, 2026, the SEC and CFTC did something the crypto industry had been begging for since Bitcoin's early days: they told us what's what. Interpretive Release No. 33-11412 — 68 pages of it — lays out the first formal taxonomy for classifying digital assets under US federal law. Five categories. Clear jurisdictional lines. After a decade of regulation-by-enforcement, the agencies finally drew a map.
The joint interpretation sorts digital assets into buckets based on their characteristics, uses, and functions — not their labels.
Digital commodities derive their value from the operation of a crypto system rather than from managerial efforts. Bitcoin, Ethereum, Solana, XRP, Chainlink, and eleven others were named explicitly. These fall under CFTC oversight, not the SEC.
Digital collectibles — NFTs, memecoins, cultural tokens — are designed to be collected rather than invested. Not securities.
Digital tools perform practical functions: memberships, tickets, credentials. Not securities.
Stablecoins that comply with the GENIUS Act are carved out as payment instruments under banking regulators. Not securities.
Digital securities are crypto assets issued as investment contracts with expectations of future profits. And this category explicitly includes tokenized securities — traditional financial instruments like stocks and bonds that are issued, traded, and settled on a blockchain.
That last category is where things get interesting for compliance teams. Because the tokenized securities market is no longer a whitepaper concept. It's live, growing fast, and increasingly intertwined with the same issuers your firm already covers.
Four of those five categories are not securities. The fifth — digital securities — is the one that should have every compliance officer reaching for their policy manual.
Because it's not just about crypto tokens anymore. It's about tokenized versions of the stocks already on your restricted list, trading on platforms your monitoring feeds have never heard of.
Three distinct models have emerged, and they're converging on the same destination: making traditional equities tradeable on blockchain rails, around the clock, across borders.
The SEC approved Nasdaq's proposed rule change in March 2026 to enable trading of securities in tokenized form, built on the DTC's tokenization pilot program — a three-year initiative operating under a December 2025 no-action letter. Eligible securities include the Russell 1000, US Treasuries, and major index ETFs. The NYSE followed days later, partnering with Securitize — backed by BlackRock and Ark Invest — to build an entirely new blockchain-based trading platform. Securitize has been named the first digital transfer agent eligible to mint tokenized stocks and ETFs on the platform.
This isn't experimental. These are production-grade rollouts by the two largest stock exchanges in the world.
Kraken's xStocks, powered by its acquisition of Backed Finance, have surpassed $25 billion in cumulative trading volume since launching in June 2025. The product now covers 100 tokenized US stocks and ETFs — with ambitions to reach 500 by year-end — backed 1:1 by underlying shares. Crucially, xStocks don't confer shareholder rights like voting; holders have economic exposure and creditor claims against the issuer. They trade 24/5 on Kraken and 24/7 on-chain when withdrawn to a self-custody wallet.
Dinari's dShares take a similar approach but with US-first positioning — Dinari was the first platform to secure a US broker-dealer registration for tokenized equities, and its tokens are already live across multiple blockchains with partnerships including Gemini and Flow Traders. Ondo Global Markets offers tokenized exposure to over 200 US stocks and ETFs for non-US investors, with same-day tokenization of IPOs.
Robinhood offered stock-tracking tokens to EU retail users in 2025, structured as CFD-based derivatives that give price exposure without ownership. The SEC's January 2026 staff statement flagged these as likely security-based swaps, subject to the full set of restrictions that apply to that category.
Here's the practical problem. Your restricted list says "Apple Inc." Your monitoring system watches for AAPL trades through traditional brokers. But an employee can now acquire AAPLx — a tokenized equivalent on Kraken — through a non-US account, hold it in a self-custody wallet on Solana, and trade it at 2 a.m. None of those touchpoints exist in most firms' monitoring infrastructure today.
The SEC's position is unambiguous: tokenization changes the plumbing, not the regulatory perimeter. A tokenized stock is still a stock for personal-trading purposes. The same restricted-list logic, pre-clearance requirements, and MNPI prohibitions apply — regardless of whether the instrument trades on Nasdaq or on-chain.
Restricted list architecture. Ticker-matching won't catch tokenized equivalents that trade under different symbols (TSLAx, AAPLon) or on venues outside the traditional equity-feed universe. Lists need to be issuer-based, not ticker-based, with mappings to every known instrument form.
Reportable account definitions. Policies that list "brokerage accounts" as reportable need to explicitly name tokenized-asset platforms, on-chain wallet addresses used for holding tokenized securities, and accounts at venues like Kraken's xStocks, Dinari, Securitize, and Ondo. These fall between categories in most current frameworks — not quite a traditional brokerage, not purely a crypto wallet.
Data feeds. Traditional monitoring depends on standardized custodial feeds. Some tokenized platforms now offer compliance-grade integrations. Others require manual attestation supplemented by blockchain analytics. For the next 18 to 24 months, a hybrid approach is realistic — and honest compliance programs should be building it now rather than waiting for a single-vendor solution.
Not all tokenized securities are created equal, and the compliance implications vary by structure.
Issuer-sponsored tokens where the on-chain token is the security — as with Nasdaq's DTC pilot — carry full ownership rights and are functionally identical to their traditional counterparts. Third-party custodial tokens like xStocks give economic exposure backed 1:1 by underlying assets, but holders have creditor rights rather than shareholder rights. Synthetic models strip out ownership entirely, creating what the SEC treats as security-based swaps.
For personal-trading compliance, the governing principle cuts across all three: if the instrument references an issuer on your restricted list, the restriction extends to every tokenized representation of that issuer's securities. Full stop.
The five-category framework gives the industry something it has never had: a clear map of what's a security and what isn't. The compliance challenge now isn't ambiguity — it's operational readiness. The instruments are live. The platforms are scaling. The question is whether your program can see them.
MCO’s integrated platform extends existing employee compliance and insider risk controls to digital assets — on the same system already managing traditional securities obligations:
Digital Asset Personal Trading delivers an automated and comprehensive view of personal cryptocurrency and digital asset trading activity, featuring automated wallet discovery, on-chain activity capture and multi-chain aggregation.
Ready to learn more? Request a demo today to see how MCO can help your firm stay ahead of crypto and digital asset compliance obligations.
This post was written by John Kearney, Head of Product for Employee Conflicts of Interest at MCO.