If you’ve decided a security token is for you, there are a number of key decisions you now need to make. You need to choose where to register your token and which security token issuance platform to use. Then you need to go through the necessary steps to build it and run a security token offering.

It can be a bit complicated, so we’ve made it really simple for you.

  • Section one: Decide what rights the security token provides
  • Section two: Choose which jurisdiction to operate in
  • Section three: Choose a security token issuance platform
  • Section four: Create the token
  • Section five: Run the security token offering

Disclaimer: We are not lawyers and this is not legal or investment advice.


Don’t know what security tokens are? Check out our handy guide here. Otherwise, read on.

Section one: Choose what rights your security token provides

The difference between a security token and a bog-standard utility token (offered in most ICOs) is that security tokens offer a return on the investment. There are several types of assets that security tokens can represent. Here are two examples:

Equity / Common stock

One option is to allow your token holders to become owners of your company. To do this, you should offer equity shares. These are the most important aspects:

  • Token holders own part of your company
  • The equity can be transferred from one person to another
  • Token holders receive dividends
  • Token holders are able to control the direction of your company

Companies that have already raised funds through equity-based security tokens include Atomic Capital, 22x Fund and Neufund.

Revenue sharing

Another option is to give your token holders a portion of your revenue. This means they do not have an ownership stake in your company and don’t have a right to control the direction of your company. But, you are rewarding token holders for holding your coins.


Lottery play service Lottery.com launched a revenue-based security token called LDC Crypto. This token gives out seven percent of the revenue from Lottery.com’s global impact raffle program. The company raised $47 million in a security token offering.

Simple agreement for future equity (SAFE)

A SAFE is a pre-existing contract that is used by startups to raise money. When a security token is issued as a SAFE, it means the token holders are entitled to receive equity when certain conditions happen, such as the sale of the company.

Freelance platform Moonlighting was on the first security token offeringings using the SAFE contract. According to venture crypto fund Evercity and Security Token Club, the offering closed in December 2018 and raised $100 million.

The choice of which rights to give token holders will depend on your business model and your plans for generating revenue. It also depends on which stage you are as a company. Once you have decided this, you need to consider which countries you will be operating in.

Section two: Choose which jurisdiction to operate in

While cryptocurrencies can be freely sent around the world, security tokens must comply with the regulations of each country that they are issued in. This means there must be control over who can buy the tokens. These regulations depend on the specific country involved, with the U.S. being the most important, and the strictest.

The United States of America

This is the chosen location for the majority of security token offerings so far. It has very tight rules on issuing securities and has a number of exemptions that you can use. Here are the main restrictions:

  • You must either register your offering or file an exemption with the SEC to sell the security token.
  • Only accredited investors can purchase tokens, with minimal exceptions.
  • You need to use a registered broker-dealer.

The reason why this has such an impact is because of the narrow definition of who is an accredited investor. Accredited investors have to meet this criteria:

  • Have had a yearly salary of $200,000 for two years and expect the same over the next year; or
  • Have a net worth of $1 million.

This means many security token offerings often look outside the United States. The ones that don’t will use one of the many registration exemptions afforded to companies under federal securities laws. Here are the main ones:


Regulation D

If you use Regulation D, you will have to file a “Form D.” It does not have to be filed before the token offering but must be filed within 15 days after the first sale. Regulation D is designed to benefit smaller companies and reduce costs for them. It has three different rules:

  • Rule 506(b): You can raise an unlimited amount of money from an unlimited number of accredited investors (and up to 35 non-accredited buyers), but you can’t broadly advertise the token offering.
  • Rule 506(c): You can advertise the token offering to the public, but only sell your token to accredited investors.
  • Rule 504: If you meet the criteria, you can be exempt from regulatory requirements when selling securities up to a value of $5 million within 12 months. This is very seldom used.

Rule 506(b) is the most commonly used exemption by security token offerings that have already taken place and it is often combined with Regulation S.

Regulation A+

This opens up your security token offering to non-accredited investors up to a maximum raise of $50 million. However, it comes with more stringent registration requirements. This means a security token offering under Regulation A+ can take longer and cost more to do.

Additionally, all Regulation A+ offerings must be reviewed by the SEC prior to the sale. To date, only a handful of prospective STOs have filed for a Regulation A+ exemption, and not one has yet made it out of the SEC’s review process.

Regulation S

If you want to steer clear of U.S. investors and the restrictions that come with doing so, this is the exemption to use. It means your security token offering will not be offered to U.S. investors (unless it is combined with Regulation D). You will still need to be compliant with any other country you choose to operate within.

Opening your security token up to U.S. investors could bring in much more revenue but it comes with much stricter requirements. You will have to decide if this is worth doing.

The European Union

In the EU, you must draft a prospectus and comply with security requirements. However, there are a few ways to avoid doing so. You don’t need a prospectus if you meet any of these requirements:

  • Your token offering raises less than €5 million ($5 million) in one year.
  • You sell tokens only to 150 people or fewer.
  • Each token is sold for at least €100,000 ($113,000).
  • Each investor buys at least €100,000 ($113,000) worth of tokens.

Further, individual member states are allowed to exempt token offerings up to €8 million, so it might be better to choose a country that will do so. Blockchain-friendly countries in the EU include Lithuania, Malta, and Germany.



A hot bed of crypto activity, Switzerland has been the location of choice for several security token offerings. It has published clear advice on token offerings. You will need to apply for a securities dealer licence. Here are some of the main requirements:

  • You must have a board of directors and a management team.
  • There are minimum capital requirements of CHF 1.5 million ($1.5 million).
  • You must appoint an external regulatory audit firm.

Switzerland has low taxes and is known for being friendly to businesses. It has already attracted companies such as ShapeShift, Xapo and ConsenSys (which funds Decrypt).

Are any of these the right place for your security token offering? Either way, once you decide, you will need to select the right company to work with as you create your token.

Section three: Choose the right security token issuance platform

Now you know what rights your token will provide and where it will be issued, the trick is in finding the right partner to make it happen. Each of these platforms claims to offer its clients a fully compliant security token. These are our top picks:


Californian company Securitize offers a protocol which you can use to create and issue your security token. The Securitize protocol manages everything from smart contracts—pieces of code that automatically execute—to providing liquidity. It includes support for dividends, distributions, and share buy-backs.


In the same way that countless ICOs launched their tokens on Ethereum, Toronto-based Polymath wants to be the platform for launching STOs. It uses its own ST-20 token standard (Polymath's implementation of ERC-1400) which uses smart contracts to ensure tokens can only be held, bought, and sold by authorized addresses, subject to additional restrictions (like buy and sell lock-up periods). Polymath uses its own POLY token on the platform, which can be used for the token sale. It costs 20,500 ($1,900) POLY to run a security token offering on its platform.


California-based Harbor is a very straightforward all-in-one platform for issuing security tokens. It helps you to create a token and make sure the right investors are onboarded. Harbor also provides a good user-experience on the investor side, where investments can be made in USD, BTC or ETH.


Similar to Polymath—but launched on the Stellar blockchain—Swarm is a California-based company that offers a blockchain for launching security tokens. It uses its own SRC-20 token standard. What’s interesting about Swarm is that it doesn’t charge fees but requires you to stake a set amount of its native SWM tokens for as long as your security tokens remain issued.



TrustToken is a another California-based platform for tokenizing securities. It uses smart contracts—known as a “SmartTrust”—for its transactions. TrustToken is the company behind TrueUSD, a stablecoin which has recently started to rival Tether and is ranked 26th by market cap.

Whichever exchange you use, make sure you feel comfortable with the team, its experience and the prices they will charge.

Section four: Create the token

Okay, hard part over. Now you just need to go through the steps in actually creating your token and you’ll be a tokenized company in no time. But first things first, you need to choose some numbers.

Decide on your tokenomics

Once you know what you token will provide, you need to decide how many tokens you wish to create and what price. Here are the main things you will have to choose:

  • How many tokens to create.
  • How many tokens will be held by your company.
  • How much equity/revenue will be distributed per token.
  • What price you expect the token to be sold at.

You security exchange will be able to help you make these decisions. Once you know what you wish to do, it’s a fairly straightforward process to set your token up. While the exact steps will vary depending on which provider you choose, this is a rough guide to creating a security token.

Prove your identity with a crypto wallet

In order to interact with a blockchain, you will need an address and a wallet for that blockchain. If you’re using Polymath, you will need an Ethereum wallet, such as MyEtherWallet, and a way to sign transactions, such as MetaMask. If you’re using Swarm, you will need a Stellar wallet, and so on.

Having a crypto wallet enables you to do two things. One, you can make transactions, something necessary for any smart contract. Two, you can prove your own identity by signing transactions. Both of these will be necessary for creating your security token. But don’t think about using your current one; set up a specific one for business purposes—and make sure to keep your private key safe.

Register your token symbol

Now, it’s time to make sure your preferred token symbol is available and claim it before anyone else. You need to give it a name, such as “Decrypt” and a price ticker, such as “CRY.” Once you have done this, if you use the Polymath platform, you have a required 15-day waiting period to consult with your lawyers and advisors.


Choose your KYC/AML team

When you set up your security token on the Polymath platform, it offers you a range of KYC/AML providers to use. You can also choose a marketing and legal teams if you don’t have them already. Other platforms may include some of these services as part of their offering. But, it is essential that you have a KYC/AML provider and a legal team. You’re not in ICO-loving Kansas anymore, Dorothy.

Create the token

Now for the anti-climax. It’s time to create your security token. What does that entail? Well, put simply, you need to enter in the right details and it does it all for you. Yes, it truly is that simple—mainly because you’ve done all the hard work already.

So, just enter in the tokenomic information that you decided on at the beginning of step four. And click create. You will need to sign the transaction with your crypto wallet that you set up earlier. In the background, smart contracts will be deployed and your token will be created—albeit with no supply. This is because you will need to mint your coins, which you can do until the token offering starts. The platform will contain instructions on how to do this.

Well done you, you’ve entitled yourself to a short 10-minute break, a walk and a flat white. Once you’ve stopped feeling so smug about creating your security token, you will need to face the final challenge: running a security token offering. But, as always, we’re help to help you.

Section five: Run the security token offering

Time to send this SpaceX rocket to the moon. If you’ve followed this far, well done, now to make it all worthwhile.

Create the offering

This is as simple as creating your own security token. You just need to make a few decisions on your token sale and you’ll be getting the ball rolling in no time. You need to choose between a capped STO and an uncapped STO. This refers to whether there is a limit on the amount to be raised—often referred to as a hardcap.

Then you need to enter in the start and end date for the security token offering and the value you are selling your security token at. You will also need to select the payment method—either a mainstream cryptocurrency like Bitcoin or Ethereum, or the issuance platform’s native currency, such as POLY. Then, you’re done.

Sort out the investor whitelist

There’s not much point going this far if you’re not going to enable anyone to invest. So, you need to draw up a whitelist of accredited investors and enter them in one by one into the issuance platform. This will involve KYC/AML details to be collected from the investors. When you’ve done this, they can now invest and you can get your head around whether you can actually advertise it—or not.


Congratulations. You just created a security token and ran your own security token offering. That puts you in an elite group of, well, cryptoheads, and your project is now tokenized—how does it feel?

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.