Legal

Compliance Notice

Last updated: 1 June 2026 · Datacraft Ltd · Nairobi, Kenya

Important Risk Warnings

  • Security tokens are high-risk investments. You may lose the entire value of your investment.
  • Security tokens may be illiquid. There is no guarantee that a secondary market will exist or that you will be able to sell your tokens at any time.
  • Blockchain networks may experience outages, congestion, or security vulnerabilities. On-chain settlement is dependent on network availability.
  • Smart contracts may contain bugs. Token-x contracts are audited before mainnet deployment, but no audit guarantees absence of vulnerabilities.
  • Regulatory frameworks for tokenized securities are evolving. Changes in law may affect your ability to hold or trade security tokens.

Protocol-Level Compliance (ERC-3643)

Token-x uses the ERC-3643 T-REX standard. Transfer restrictions are enforced at the smart contract level — not in application middleware. The following compliance controls are on-chain:

  • ·Whitelist-gated transfers: only whitelisted wallets (KYC-verified, compliance-approved) can send or receive security tokens
  • ·Freeze: Transfer Agents can freeze individual investor tokens, rendering them non-transferable
  • ·Force transfer: Transfer Agents can compel a transfer for regulatory or court-ordered reasons
  • ·Lockup modules: Reg D 12-month and Reg S 40-day restrictions enforced by TimeLockModule.sol — no application layer can override them
  • ·On-chain audit: CorporateActionRegistry records all corporate actions with M-of-N agent signature verification

KYC / AML Program

All investors must complete identity verification (KYC for individuals, KYB for entities) through our Sumsub integration before any token subscription or transfer. Sumsub screens against global sanctions databases (OFAC, UN, EU, HM Treasury) and PEP registries. Investors flagged with a SANCTIONS label cannot be whitelisted — this is a hard gate enforced in code that cannot be overridden by manual compliance approval. Know-Your-Transaction (KYT) monitoring runs continuously on all on-chain activity.

Regulatory Framework by Jurisdiction

Kenya

Token-x operates under the Capital Markets Act (Cap 485A) and the Capital Markets (Amendment) Act 2023. Security token offerings targeting Kenyan investors are subject to CMA Kenya approval. We conduct KYC in accordance with the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA).

Nigeria

Token offerings in Nigeria are subject to SEC Nigeria's rules on digital assets and the Investments and Securities Act. CBN guidelines apply to payment flows. AML compliance follows the Money Laundering (Prevention and Prohibition) Act 2022.

South Africa

Token-x is not yet a CASP (Crypto Asset Service Provider) licensed by the FSCA. Offerings to South African investors are made under applicable exemptions. AML/KYC obligations are met under FICA 2001 as amended. South Africa exited the FATF grey list in February 2024.

Ghana

Security token offerings in Ghana are subject to SEC Ghana regulations. Payment flows comply with Bank of Ghana requirements for digital financial services.

United States (Reg D / Reg S)

Offerings may be structured under Reg D Rule 506(b) or 506(c), or Reg S for non-US persons. Reg D 506(b) limits non-accredited investors to 35. Reg D 12-month transfer restrictions and Reg S 40-day distribution compliance periods are enforced at the smart contract level via TimeLockModule.

FATF / Global AML

Token-x follows FATF Recommendations for Virtual Asset Service Providers (VASPs), including the Travel Rule for transfers above USD 1,000. Transaction monitoring is performed by the KYT service using Trustformer's risk scoring API.

Compliance enquiries

Contact our compliance team at compliance@token-x.finance for regulatory queries, suspicious activity reports, or data subject requests.

Privacy Policy →Terms of Service →