Licentium

Solutions

Token Issuers

General structuring considerations for token startups

When launching a token-based project, founders must decide on an appropriate legal entity and jurisdiction for the issuer. Token characterisation drives almost everything: if the token is effectively a share or investment, securities laws apply. If it is a pure utility or payment token, different laws (or exemptions) apply across each major market.

What we hear from clients

Common challenges

  • Choosing the right legal entity (company vs. foundation) and jurisdiction for the issuer
  • Classifying the token correctly as utility, payment, security, or stablecoin under each market's rules
  • Mapping multi-jurisdictional disclosure obligations (whitepaper, prospectus, registration) to a single launch plan
  • Navigating financial-promotions and marketing rules that often catch foreign issuers by surprise

How we help

Our approach

  1. 1

    Token classification first, structure second

    Map the token's economic function before picking a vehicle. Misclassification is the single biggest source of regulatory rework.

  2. 2

    Match the issuer to the regime

    Foundations, dual-company structures, and offshore vehicles each fit specific patterns. We pair the structure to the disclosure regime and the operating reality.

  3. 3

    Plan the disclosure regime end-to-end

    MiCA whitepapers, UK financial promotions, MAS prospectuses, VARA rulebooks — each market has its own paper trail. We build one master that maps to all of them.

  4. 4

    Build cross-border launch sequencing

    Launching in the EU first vs. UAE first vs. Singapore first changes everything downstream. We sequence around your priority markets and capital path.

General structuring considerations for token startups

When launching a token-based project, founders must decide on an appropriate legal entity and jurisdiction for the issuer. A fundamental requirement in many jurisdictions is that the token issuer be an incorporated legal person (or equivalent). For example, under the EU's Markets in Crypto-Assets Regulation (MiCA), a person shall not make an offer to the public of a crypto-asset unless that person is a legal person. This means that in the EU context, an ICO cannot be done by an informal group or unincorporated team — a company or other legal entity must be set up to issue the tokens.

Beyond the basic need for a legal entity, token ventures often consider non-traditional corporate forms. Many projects have used non-profit foundations or similar structures to issue tokens, especially when the goal is to emphasize the utility nature of a token and avoid it being deemed a share of profits. For instance, some Swiss-based token projects established foundations (Stiftung) to hold the project's assets and intellectual property, with a separate operating company for development work. The idea is to distance the token from equity-like features (no shareholders or dividends in a foundation) and thereby reduce the risk of the token being treated as a security. However, even a non-profit issuer must comply with applicable securities or token offering laws if the token conveys investment characteristics.

Another structuring option is to incorporate the issuer in a jurisdiction with crypto-friendly regulations or clear legal frameworks for tokens. Jurisdictions like Switzerland, Singapore, and certain zones in the UAE (Dubai, ADGM) have become popular for token startups because they offer regulatory clarity or sandboxes for crypto assets. Founders may also consider a dual-company structure (one entity issues the tokens and another conducts commercial operations) to compartmentalize risk and regulatory obligations. This can be useful if one entity needs to be regulated (for example, a licensed token issuer or exchange) while another handles unregulated tech development.

Regardless of structure, token characterisation is key: if the token is effectively a share or investment, securities laws will apply; if it is a pure utility or payment token, different laws (or exemptions) may apply, as detailed below for each jurisdiction.

European Union

The European Union has enacted a unified framework for crypto-assets with the Markets in Crypto-Assets Regulation (MiCA) (Regulation (EU) 2023/1114). Prior to MiCA, EU member states had fragmented approaches, but MiCA now establishes comprehensive rules for token issuers (apart from those tokens already regulated as traditional financial instruments or e-money). Under MiCA, any public offering of crypto-assets in the EU (that are not already regulated as securities or e-money) requires the issuer to prepare and publish a crypto-asset whitepaper and to notify it to regulators.

Specifically, a person shall not make an offer to the public of a crypto-asset in the Union unless that person: (a) is a legal person; (b) has drawn up a crypto-asset whitepaper in accordance with Article 6; (c) has notified the whitepaper in accordance with Article 8; (d) has published the whitepaper in accordance with Article 9; (e) has drafted any marketing communications in accordance with Article 7; (f) has published any marketing communications in accordance with Article 9; and (g) complies with the requirements for offerors laid down in Article 14.

This effectively functions like a prospectus-lite regime: the whitepaper must disclose information about the issuer, the project, risks, and rights, and it must be filed with the competent authority at least 20 days before publication. MiCA does provide exemptions for smaller or private offerings. The obligation to file a whitepaper does not apply to offers to fewer than 150 investors per Member State, offers under EUR 1 million in total consideration over 12 months, or offers solely to qualified investors. Certain utility token offerings are exempt if the token is for access to an existing product or service and is usable at issuance (not for investment purposes).

Stablecoin issuers must obtain a licence from the national regulator and get their coin's whitepaper approved before issuance. The European Banking Authority emphasises that issuers of asset-referenced tokens (ARTs) and electronic money tokens (EMTs) are required to hold the relevant authorisation to carry out activities in the EU. This means a company issuing a stablecoin (pegged to assets or fiat) in the EU needs to meet prudential and governance requirements, and its whitepaper must be formally approved by regulators (unlike ordinary crypto-asset whitepapers, which are only filed, not approved).

If a token in Europe qualifies as a financial instrument (security) under existing law (e.g. tokenised stock or bond), MiCA does not apply — instead, the full EU Prospectus Regulation and MiFID II would apply. Token issuers in the EU must therefore first classify their token: financial instruments follow traditional securities laws, whereas other crypto-assets fall under MiCA's bespoke disclosure regime.

United Kingdom

Regulatory perimeter

Cryptoasset tokens may fall within the UK financial services regulatory perimeter if they have characteristics of regulated investments under the Financial Services and Markets Act 2000 (FSMA). Tokens conferring rights akin to shares, debt instruments or other specified investments in the Regulated Activities Order 2001 are treated as securities and regulated accordingly. By contrast, utility tokens and decentralised exchange tokens (e.g. Bitcoin) typically do not constitute specified investments and lie outside FSMA's scope — unless they meet the legal definition of electronic money.

Authorisation of issuers

Issuing one's own crypto tokens is generally not a regulated activity per se, so the token issuer itself usually does not need to be authorised under FSMA purely to issue tokens. However, if the token or the issuance process involves regulated activities — operating a collective investment, advising on investments, or issuing e-money — the issuer or its arrangers may require FCA authorisation. If the token is a transferable security, offering it to the public in the UK triggers prospectus requirements: it is unlawful to offer transferable securities to the public without an FCA-approved prospectus, absent an exemption.

Financial promotions

Marketing of cryptoassets in the UK is now tightly regulated. Since 8 October 2023, the financial promotion restriction in FSMA 2000 §21 has been extended to qualifying cryptoassets, capturing unregulated tokens. Cryptoasset promotions must be made or approved by an FCA-authorised person, or fall within a narrow exemption. The FCA's rules treat crypto promotions as high-risk investment promotions, requiring prominent risk warnings, banning referral bonuses, and imposing a 24-hour cooling-off period and appropriateness tests for first-time investors. Breaching the rules is a criminal offence.

Stablecoins and digital settlement assets

FSMA 2023 brought certain stablecoins (Digital Settlement Assets) into the UK regulatory framework when used as a means of payment. Under FSMA 2023, HM Treasury can designate payment systems using stablecoins for regulation, and the Bank of England and Payment Systems Regulator are given oversight powers for systemically important stablecoin arrangements. Impending secondary legislation will create a new regulated activity for issuing fiat-backed stablecoins under FSMA, meaning issuers in or from the UK will need to be FCA-authorised once that regime is in force.

Imminent regime for cryptoassets

The UK is expanding its financial regulatory perimeter to cover a wider range of cryptoasset activities. Draft legislation (the Financial Services and Markets Act 2000 (Cryptoassets) Order) will classify qualifying cryptoassets as regulated investments and introduce new regulated activities, including operating a cryptoasset trading platform, dealing in cryptoassets, arranging or advising on cryptoasset transactions, custody of cryptoassets, and issuing stablecoins. Firms carrying out these activities in the UK (even if based overseas) will be required to obtain FCA authorisation.

Switzerland

Token classification

FINMA classifies crypto tokens as payment tokens, utility tokens, or asset tokens, and applies existing financial laws based on each token's economic function. Asset tokens (e.g. tokenised equities or debt) are deemed securities under Swiss law, triggering securities regulation. Payment tokens are not treated as securities but must comply with AML laws. Utility tokens are generally not securities if they serve only a usage purpose at issuance; however, if a utility token functions economically as an investment, it is regulated as a security.

Crypto exchanges and trading platforms

Switzerland's Financial Market Infrastructure Act (FMIA) was amended in 2021 (the DLT Act) to introduce the DLT trading facility as a new regulated financial market infrastructure. A DLT trading facility licence permits multilateral trading of blockchain-based securities and may cover platforms admitting retail clients or providing custody/settlement of cryptoassets. FINMA granted the first such licence in March 2025 to BX Digital AG, enabling a regulated blockchain-based exchange under the FMIA.

Financial institutions and custody

There is no bespoke crypto licence for custodial or brokerage services; providers must fit within existing categories of financial institutions. Crypto brokerage or dealing in tokens that are securities requires a securities firm licence under the Financial Institutions Act (FINIA) if conducted on a commercial basis. Firms taking custody of cryptoassets for clients may require a banking licence if they accept crypto or fiat deposits from the public. FINMA has licensed crypto-focused banks (Sygnum, SEBA in 2019) under the Banking Act, demonstrating that compliant crypto businesses can operate within the traditional licensing regime.

AML regulation

Under the Anti-Money Laundering Act, anyone professionally trading or transferring virtual assets qualifies as a financial intermediary and must comply with KYC and suspicious activity reporting obligations. Crypto exchanges and wallet providers in Switzerland must either be directly supervised by FINMA or belong to a FINMA-recognised SRO. FINMA requires identification of customers for cryptocurrency transactions over CHF 1,000, aggregating linked transfers within 30 days. Transfers to unknown third-party wallets are prohibited absent an information-sharing protocol.

Singapore

Domestic licensing

Any person carrying on a business of providing cryptocurrency token services (digital payment token services) in Singapore must hold a licence under the Payment Services Act 2019, unless exempt. Operating without a licence is a criminal offence punishable by up to S$125,000 fine or three years' imprisonment for individuals, with double the fine for corporations. MAS may also revoke or suspend licences if a licensee fails to meet fit-and-proper criteria.

Overseas services

The Financial Services and Markets Act 2022 extends MAS licensing to digital token service providers operating from Singapore but serving overseas customers. Effective 30 June 2025, any Singapore individual, partnership or corporation providing digital token services outside Singapore must be licensed (unless exempt). This closes regulatory gaps by preventing unlicensed offshore token issuance activities; unlicensed conduct is an offence subject to similar penalties as under the PSA.

Securities offering rules

Token issuers offering tokens to the public in Singapore that constitute capital markets products (securities, derivatives, or units in a collective investment scheme) are subject to the Securities and Futures Act 2001 prospectus registration requirements. Any offer of digital tokens that are securities, securities-based derivatives, or CIS units must be made in or accompanied by a MAS-registered prospectus, unless an exemption applies (private placement, small offers).

Stablecoin framework

Issuers of single-currency pegged stablecoins (SCS) in Singapore face additional regulatory obligations under MAS's stablecoin framework. The framework applies to SCS pegged to the Singapore Dollar or any G10 currency. Stablecoin issuers seeking MAS-regulated status must maintain reserve assets equivalent to at least 100% of outstanding stablecoins' par value, redeemability at par value within five days, timely audits of reserve holdings, and clear disclosure via a whitepaper. They must also meet base capital and liquidity requirements.

Hong Kong

Utility tokens

Digital tokens lacking investment or pegged-value features (mere virtual commodities) fall outside Hong Kong's securities and payment regulations. Issuers of pure utility tokens are not subject to licensing or prospectus requirements, absent features that would classify the token as a security or other regulated instrument.

Security tokens

Tokens with characteristics of shares, debt, or investment schemes are deemed securities under the Securities and Futures Ordinance (Cap. 571). Their issuance is regulated like any traditional security: offering security tokens to the public requires compliance with prospectus registration or SFC authorisation unless an exemption applies. Dealing in or advising on such tokens is a Type 1 regulated activity requiring an SFC licence.

Stablecoins

Fiat-referenced stablecoins are now governed by the Stablecoins Ordinance (Ord. 17 of 2025). Issuing or managing a stablecoin that purports to maintain stable value (pegged to fiat) is a regulated activity overseen by the Hong Kong Monetary Authority. Only permitted offerors — licensed stablecoin issuers, SFC-licensed virtual asset platforms, SFC-licensed securities dealers, stored value facility licensees, or authorised banks — may offer stablecoins to the public. Unlicensed stablecoin issuance carries criminal penalties up to HK$5 million and seven years' imprisonment.

Disclosure and conduct

A stablecoin licensee must publish and maintain a current whitepaper for each stablecoin, disclosing issuance/redemption mechanics, holder rights, and technological underpinnings. Stablecoin issuers must ensure the market value of reserve assets always meets or exceeds the par value of tokens in circulation, with reserves held in the same reference asset and subject to regular independent audit. Paying interest on stablecoins is forbidden to licensed issuers.

Dubai (UAE)

VARA licensing in Dubai

Dubai's Virtual Assets Regulatory Authority (VARA) requires token issuers to obtain a VARA permit for regulated virtual asset activities within Dubai (excluding the DIFC free zone). Under Dubai Law No. 4 of 2022, any person issuing virtual assets in Dubai must establish a local entity and be licensed by VARA (especially for Category 1 issuances such as stablecoins). VARA's framework mandates comprehensive disclosure (whitepapers) and ongoing compliance for token offerings, and strictly controls marketing of virtual assets, including by foreign issuers targeting Dubai.

Federal SCA framework

At the UAE federal level, the Securities and Commodities Authority (SCA) is the primary regulator of virtual assets outside the financial free zones. Cabinet Decision 111/2022 requires SCA licensing and oversight for key virtual asset activities (exchange, transfer, custody, brokerage), while carving out payment tokens under Central Bank jurisdiction. Pursuant to Cabinet Decision 112/2022, Dubai's VARA is formally delegated to license and supervise virtual asset activities within Dubai in coordination with SCA.

Security vs utility tokens

Security tokens (digital tokens conferring rights similar to stocks, bonds, or other securities) are excluded from the virtual asset regime and instead treated as securities under UAE law. Issuers of security tokens must comply with SCA's securities offering regulations and cannot rely on VARA's virtual asset licence. Utility tokens and other non-security virtual assets are regulated as Virtual Assets — Category 1 issuances (fiat-referenced stablecoins or high-risk tokens) require a full VARA licence; Category 2 utility token issuances do not require a VARA licence but must still meet VARA's disclosure and conduct standards.

Payment tokens and stablecoins

Central Bank of the UAE regulations (Circular No. 2/2024) establish a licensing regime for Payment Token services, restricting crypto payment use to licensed AED-pegged stablecoins. Unlicensed acceptance of volatile cryptocurrencies for payments is prohibited onshore. A token issuer intending to issue a stablecoin for UAE users must obtain a CBUAE licence and comply with prudential rules (100% reserve assets in segregated custody with qualified custodians), in addition to any VARA licensing if operating in Dubai.

Marketing and cross-border issuance

VARA's Marketing Regulation applies extra-territorially to any person (domestic or foreign) who markets virtual assets in or targeting Dubai/UAE consumers, regardless of licensing status. All crypto advertisements must be fair, clear, and not misleading, clearly identified as marketing, and include prominent consumer warnings. Cross-border token issuance into the UAE is tightly controlled — a foreign token issuer may not offer or advertise tokens to UAE/Dubai investors without local regulatory compliance. UAE law requires any person conducting virtual asset business in the Emirate to incorporate locally and obtain VARA approval before launch.

Panama and BVI

Panama: no specific crypto statute

Panama currently lacks any dedicated crypto-asset legislation. A 2022 bill to regulate cryptoassets and VASPs was vetoed and struck down as unconstitutional in 2023. No special licensing regime exists for cryptocurrency businesses; oversight defaults to general securities and AML laws. The Panamanian SMV has officially opined that cryptocurrencies and other virtual assets are not securities under Panama's Securities Market Law, so utility token ICOs to the public fall outside securities law (no prospectus required when the token carries no debt/equity characteristics).

Panama: security tokens and AML

Crypto tokens may be deemed securities if they confer rights akin to stocks, bonds, fund units, or other valores. Any public offering of such security tokens to retail investors must be registered with the SMV and accompanied by a prospectus. Private or limited offerings to accredited investors are exempt — Panama allows unregistered private offerings to ≤50 investors or only to qualified investors with a minimum subscription of US$100,000. There is no requirement to obtain a financial licence solely to issue tokens or operate a crypto exchange in Panama, so long as the activity does not involve regulated securities or brokerage services. General AML/CFT laws still apply.

BVI: comprehensive VASP framework

The British Virgin Islands has enacted the Virtual Assets Service Providers Act 2022 (VASP Act), in force since 1 February 2023. Any entity incorporated or operating in or from the BVI that provides virtual asset services must be registered with the BVI Financial Services Commission (FSC) as a VASP. Covered services include exchanging virtual assets for fiat, transferring virtual assets, safekeeping/custody, and participation in financial services related to an issuer's offer or sale of a virtual asset. The law deems a BVI business providing services outside the territory as doing so from within the BVI. Operating a VASP without registration is a criminal offence punishable by fines up to US$100,000 and/or five years' imprisonment.

BVI: utility vs security tokens

Pure virtual assets (cryptocurrencies, utility tokens) are generally not classified as investments under BVI's Securities and Investment Business Act 2010 (SIBA) — they are regulated mainly through the VASP Act. However, if a token has the features of a traditional security (equity, debt, profit-sharing rights, fund interests), it falls under SIBA's scope and the issuer may need to register as a VASP and comply with SIBA's requirements. Tokenised fund units are explicitly within SIBA's ambit. Public offerings of virtual assets in or from the BVI require regulatory authorisation; offers limited to qualified investors or restricted circles are exempt from public issuance rules.

BVI: AML and compliance

BVI imposes AML/CFT compliance on all virtual asset businesses. The VASP Act mandates VASPs to implement customer due diligence, record-keeping, and reporting measures in line with the territory's AML laws. Failure to maintain required KYC records or institute adequate AML systems is an offence carrying up to US$100,000 fines and five years' imprisonment. BVI-registered VASPs are supervised by the FSC's Enforcement and AML units and must adhere to the Anti-Money Laundering Regulations and Terrorist Financing Code of Practice.

DAOs and emerging structures

Both Panama and the BVI are adapting gradually to decentralised models like DAOs. Neither jurisdiction currently recognises DAOs as legal persons, so a corporation or foundation is typically used to wrap a DAO for legal activities. In either jurisdiction, the legal entity behind a DAO must comply with the relevant laws — if a BVI company operates a DAO-controlled protocol that offers tokens or financial services, that company must obtain any necessary VASP registration or securities licences. Token issuers commonly use a Panama+BVI dual structure (Panamanian operating entity with a BVI token-issuing vehicle) to balance business needs with compliance.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started