Compliance Integration Guide
Compliance Integration Guide
Regulatory Mapping · BSA/AML Program · On-Chain Verification · Module-Aware Coverage · Institutional Due Diligence
Technical compliance reference for compliance officers, institutional risk teams, legal counsel evaluating the platform, and auditors verifying regulatory alignment. This document maps every regulatory obligation to the specific on-chain control or off-chain procedure that satisfies it, and details how compliance applies across all three production modules: Equities (Module 1), Real Estate (Module 2), and CORECM — Carbon Ore, Rare Earth, and Critical Minerals (Module 3).
The platform is operated by Groovy Company, Inc. The trading venue is CEDEX. The qualified-custody and onboarding anchor is Empire Stock Transfer.
This document describes what must happen for each compliance obligation, why each obligation applies, and how each obligation is verified. Specific shell commands, RPC queries, and program-account schemas used by auditors for independent verification are maintained in the platform's internal compliance runbooks and Smart Contract Reference, and are accessible to authorized auditors under non-disclosure agreement.
Table of Contents
Regulatory Framework
Category 1 Model B Requirements
The 42 Controls — Regulatory Mapping
Empire Stock Transfer Compliance Architecture
BSA / AML Program
OFAC Sanctions Program
Holding Period Enforcement
Investor Eligibility
Record Keeping and Audit Trail
Protective Conversion
On-Chain Compliance Verification
Module-Specific Compliance
Module 3 Federal-Action Coordination
Institutional Due Diligence Checklist
Regulatory Contact Matrix
1. Regulatory Framework
1.1 Governing Authorities
AuthorityJurisdictionPlatform Relevance
SEC
Federal securities law
Release No. 33-11412, Category 1 Model B, Reg D / Reg S / Reg CF, Form D, beneficial ownership
FinCEN
Bank Secrecy Act and AML
BSA compliance program, SAR / CTR filing, CIP, beneficial ownership
OFAC
Sanctions enforcement
SDN list screening, comprehensively sanctioned countries, secondary sanctions
State securities regulators
Blue Sky laws
State notice filings per Reg D
Wyoming Secretary of State
Issuer (Groovy Company, Inc.) incorporation
Wyoming Business Corporation Act, W.S. 34-29-101 (Digital Asset Statute)
Issuer states of incorporation
Corporate governance
Certificate of Designation filing, Common B share class authorization
USGS / DOE
Critical minerals classification (Module 3)
USGS Critical Minerals List, DOE Critical Materials Strategy
Federal trade and defense authorities
Strategic minerals (Module 3)
Section 232 of the Trade Expansion Act of 1962, Defense Production Act Title III, Executive Order 14017, Energy Act of 2020
FINRA
Reg CF intermediation
Funding portal registration and oversight
1.2 Primary Regulatory Citations
CitationDateRelevance
SEC Release No. 33-11412
March 17, 2026
Establishes Digital Securities taxonomy. ST22 tokens classified as Category 5 Digital Securities.
January 28, 2026 Joint Staff Statement
January 28, 2026
Defines Category 1 (issuer-sponsored) versus Category 2 (third-party sponsored) tokenization. The platform operates under Category 1 Model B.
SEC Crypto Task Force directive
March 30, 2026
Common Class B shares specified as sole backing instrument for third-party ST22 tokens across all modules.
April 13, 2026 SEC Staff Statement on Covered User Interface Providers
April 13, 2026
Statement confirming that interface providers are not subject to broker-dealer registration when they do not engage in restricted activities.
Securities Act of 1933
As amended
Registration requirements; Reg D (§230.501–506), Reg S (§230.901–905), and Reg CF (§227.100–504) exemptions.
Securities Exchange Act of 1934 §17A
As amended
Transfer agent registration requirements. Empire Stock Transfer's compliance basis.
Bank Secrecy Act (31 U.S.C. §5311)
As amended
AML program requirements, CIP, CTR / SAR filing, recordkeeping.
31 CFR Part 1010
As amended
FinCEN regulations implementing the BSA.
GENIUS Act
Enacted
USDC and PYUSD stablecoin settlement framework.
Wyoming W.S. 34-29-101
As amended
Wyoming Digital Asset Statute — statutory support for DLT-based securities.
UCC Article 8
Uniform
ST22 transfers on CEDEX constitute effective instructions to update Empire Master Securityholder File per §8-102(a)(8).
USGS Critical Minerals List
Most recent designation
Module 3 classification baseline.
DOE Critical Materials Strategy
Most recent edition
Module 3 classification baseline.
Section 232 of the Trade Expansion Act of 1962
As amended
Module 3 strategic-minerals federal-action source.
Defense Production Act Title III
As amended
Module 3 federal-action source.
Executive Order 14017 (America's Supply Chains)
February 24, 2021
Module 3 critical-minerals supply-chain policy basis.
Inflation Reduction Act critical-minerals provisions
August 16, 2022
Module 3 federal incentive and eligibility framework.
Energy Act of 2020
December 27, 2020
Module 3 critical materials and DOE coal-derived REE recovery basis.
1.3 Mathematical versus Legal Enforcement
DimensionLegal EnforcementThe Platform's Mathematical Enforcement
Timing
After violation (detective)
Before violation (preventive) — transaction reverts
Certainty
Subject to interpretation
Binary: compliant or blocked
Dependence
Good faith of intermediaries
Solana runtime — cannot be circumvented
Override
Administrative discretion
No override exists — immutable program logic
Audit
Reconstructed from logs
Immutable on-chain record per transaction
Speed
Weeks to months
~400ms (one Solana block)
2. Category 1 Model B Requirements
Release No. 33-11412 and the January 28, 2026 Joint Staff Statement establish seven requirements for Category 1 Model B compliance. The platform satisfies all seven across all three modules.
RequirementImplementationStatusVerification
1. Direct issuer authorization
Board resolution required before Common B creation. Corporate action of the issuer — not the platform.
Binding
Board resolution on file with Empire and the platform
2. Official shareholder register
Empire Master Securityholder File — DLT-integrated. Certificate of Designation filed with the issuer's state of incorporation.
Binding
Empire MSF plus state filing
3. Regulated custody
Empire Stock Transfer — SEC §17A-registered qualified custodian. Irrevocable custody.
Binding
Custody oracle attestation per block
4. True equity backing
1:1 Common Class B shares. Issuer-designated voting, dividends, liquidation per Certificate of Designation.
Binding
Ed25519 attestation every ~400ms
5. Clear ownership chain
CUSIP assigned per Common B class (Module 1); property identifier (Module 2); basin identifier (Module 3). UCC Article 8 transfer mechanics.
Binding
Empire records
6. Investor protection
42 Transfer Hook controls plus protective conversion triggers (Controls 35–38).
Binding
On-chain verification (Section 11)
7. Token standard compliance
SPL Token-2022 with Transfer Hook extension on Solana Mainnet-Beta.
Binding
Mint account extensions query
Category 1 versus Category 2
DimensionCategory 1 Model B (the platform)Category 2 (third-party sponsored)
Issuer authorization
Required — board resolution
Not required
Counterparty risk
None — direct ownership
Significant — intermediary holds assets
Custody
Empire §17A qualified custodian
Varies — often unregulated
DLT in official records
Yes — Empire MSF
Not typically
Onboarding
Empire — sole authority
Third-party, platform-dependent
Compliance enforcement
42 immutable Transfer Hook controls
Application-layer — bypassable
3. The 42 Controls — Regulatory Mapping
Every Transfer Hook control maps to a specific regulatory obligation. The 42 controls apply identically across all three modules; module-specific extensions are documented in Section 12.
Custody Verification (Controls 1–6)
ControlFunctionRegulatory BasisError
CV-01
Verify Empire custody balance matches token supply — per block (~400ms)
Category 1 Model B Req. 3 (regulated custody)
6001
CV-02
Confirm 1:1 ratio (supply ≤ custodied Common B) — per transfer
Category 1 Model B Req. 4 (true equity backing)
6001
CV-03
Confirm Empire Stock Transfer operational status — per transfer
Exchange Act §17A
6002
CV-04
Ed25519 oracle health and latency — continuous
Category 1 Model B Req. 7 (token standard compliance)
6002
CV-05
Asset-identifier match — custodied shares match CUSIP, property, or basin assignment — per transfer
Category 1 Model B Req. 5 (clear ownership chain)
6001
CV-06
Wallet registered in Empire MSF under UCC Article 8 — per transfer
Category 1 Model B Req. 2 (official shareholder register)
6002
Investor Verification (Controls 7–14)
ControlFunctionRegulatory BasisError
IV-07
Block unverified wallets — Empire KYC required
BSA CIP (31 CFR §1020.220)
6003
IV-08
Block ineligible investors — Reg D (US accredited), Reg S (non-US), Reg CF (US retail)
Securities Act §4(a)(2), Reg D Rule 501, Reg S, Reg CF
6003
IV-09
AML risk scoring — Chainalysis KYT plus TRM Labs
BSA (31 U.S.C. §5318), 31 CFR §1010.210
6006
IV-10
Verified identity linked to wallet
BSA CIP, FinCEN CDD Rule
6003
IV-11
Block prohibited jurisdictions (comprehensively sanctioned)
OFAC regulations (31 CFR Parts 510, 515, 542, 560, 589)
6003
IV-12
Block minors from all trading
State securities laws, platform policy
6003
IV-13
Track investor classification (accredited, institutional, non-US, Reg CF)
Reg D Rule 501, Reg S, Reg CF
6003
IV-14
Require re-verification when KYC or accreditation expires
BSA ongoing due diligence, FinCEN CDD Rule
6003
Position Limits (Controls 15–19)
ControlFunctionRegulatory BasisError
PL-15
Wallet registration — Empire MSF whitelist required
Exchange Act §17A (transfer agent records)
6004
PL-16
Wallet concentration at or below 4.99% of supply
Market manipulation prevention (Exchange Act §9, §10)
6020
PL-17
Velocity limit — maximum 50 transactions per hour per wallet
Wash trading prevention
6022
PL-18
Cross-wallet clustering detection
Coordinated activity detection
6023
PL-19
Cumulative position tracking
Beneficial ownership monitoring
6020
Circuit Breakers (Controls 20–23)
ControlFunctionRegulatory BasisError
CB-20
Halt on price move above 10% in 5 minutes — 15-minute cooldown
NYSE Rule 80B equivalent, SEC market structure
6005
CB-21
Block single trade with price impact above 2% versus TWAP
SEC market manipulation prevention
6021
CB-22
Velocity limit enforcement — per-wallet transaction rate
Flash crash prevention
6022
CB-23
Halt all trading if custody oracle fails
Fail-safe — data integrity
6002 / 6038
Holding Period Enforcement (Controls 24–29)
ControlFunctionRegulatory BasisError
HP-24
Rule 144 (6 months, US accredited); Reg S (12 months, non-US); Reg CF (12 months, US retail)
Securities Act Rule 144; Reg S §230.903; Reg CF §227.501
6024
HP-25
Jurisdiction flag verification
Reg S Category 1 (equity of non-reporting issuers); Reg CF retail eligibility
6024
HP-26
Purchase timestamp immutability
Securities Act (no backdating)
—
HP-27
Timer cannot be shortened by governance
Statutory minimum enforcement
—
HP-28
Per-investor-mint tracking (one account per pair)
Individual investor compliance
—
HP-29
Reg S US-person check during compliance period
Reg S §230.903(b) — flowback prevention
6024
Sanctions Compliance (Controls 30–34)
ControlFunctionRegulatory BasisError
SC-30
Exact wallet address match against SDN list
OFAC SDN screening (50 Fed. Reg. 5342)
6003 / 6004
SC-31
Fuzzy entity name matching for entity investors
OFAC guidance on name matching
6003 / 6004
SC-32
2-hop graph clustering — funding source analysis
OFAC secondary sanctions, proxy detection
6003 / 6004
SC-33
Continuous re-screening (every transfer, not just onboarding)
OFAC ongoing screening requirement
6005
SC-34
Blacklist enforcement — confirmed matches permanently blocked
OFAC blocking requirements
6003
Protective Conversion (Controls 35–38)
ControlTriggerActionRegulatory Basis
PC-35
Issuer bankruptcy filing
Automatic conversion of Common B to common stock
Investor protection — Certificate of Designation
PC-36
SEC enforcement action or criminal indictment
Automatic conversion
Investor protection
PC-37
Loss of Empire Stock Transfer services
Automatic conversion
§17A continuity, investor protection
PC-38
Material breach of tripartite agreement
Conversion at the platform's plus Empire's discretion
Contract enforcement
Record Keeping and Governance (Controls 39–42)
ControlFunctionRegulatory BasisError
RK-39
Immutable on-chain compliance audit trail per transfer
BSA recordkeeping (31 CFR §1010.410), Securities Act
—
RK-40
Hash chain verification of audit record integrity
Data integrity
—
GOV-41
Controlled migration — upgrades in progress
Governance protocol
6041
REG-42
Regulatory compliance freeze — immediate halt
Legal Counsel plus 3-of-5 multi-signature. No timelock. Used for SEC enforcement, court orders, FinCEN SAR investigations, OFAC emergency designations, active exploits, and Module 3 federal actions.
6042
4. Empire Stock Transfer Compliance Architecture
4.1 Empire's Dual Role
RoleScopeRegulatory Basis
Qualified Custodian
Holds all Common Class B shares in irrevocable, perpetual custody. Maintains Master Securityholder File. Ed25519 attestation every ~400ms.
Exchange Act §17A; SEC custody requirements
Sole Investor Onboarding Authority
KYC (individuals), KYB (entities), AML (Chainalysis KYT plus TRM Labs), OFAC / SDN screening, wallet verification.
BSA CIP (31 CFR §1020.220); FinCEN CDD and Beneficial Ownership Rules
The platform does not perform investor onboarding. The platform Portal routes to Empire's dashboard for all verification. This architectural decision ensures that investor verification is performed by a regulated entity with §17A obligations — not by the platform operator.
4.2 Empire Verification Types
VerificationIndividual (KYC)Entity (KYB)
Identity
Government-issued photo ID, full legal name, DOB, SSN or ITIN
Entity formation documents, registration number, EIN
Address
Residential proof of address
Principal business address
Accreditation
Income ($200K+ individual, $300K+ joint), net worth ($1M+ excluding residence), or professional certification (Series 7, 65, 82)
$5M+ assets, or all equity owners accredited
Beneficial ownership
N/A
UBO at 25% or higher ownership threshold
OFAC screening
SDN list check
SDN list check plus entity officer and director check
AML scoring
Chainalysis KYT plus TRM Labs wallet risk score
Same plus entity risk assessment
Wallet
Solana wallet address linked to verified identity
Same — per authorized signer
4.3 Empire Credentials
CredentialDetail
SEC registration
Section 17A of the Securities Exchange Act of 1934
Operating since
2006
Companies served
530+ publicly traded companies
Geographic scope
Operations across 5 continents
DLT integration
Master Securityholder File with DLT record per Category 1 Model B
Conflict disclosure
Patrick Mokros serves as Chief Operating Officer of Groovy Company, Inc. and Founder of Empire Stock Transfer. The dual role is fully disclosed; all transactions between the two entities are classified as related-party transactions and subject to Audit Committee review per the platform's Related Party Policy.
5. BSA / AML Program
5.1 Program Elements
ElementImplementationCFR Reference
Customer Identification Program (CIP)
Empire performs four-pillar identity verification at onboarding
31 CFR §1020.220
Customer Due Diligence (CDD)
Risk-based due diligence at onboarding plus ongoing monitoring
31 CFR §1010.210
Beneficial Ownership
Empire identifies UBOs at 25% or higher for all entity investors
31 CFR §1010.230
Transaction Monitoring
Transfer Hook Controls 9 and 11 through 15 screen every transfer. Chainalysis and TRM Labs analyze 200+ behavioral features.
31 CFR §1010.210
Suspicious Activity Reports
Empire files SARs with FinCEN for transactions at $5,000 or above meeting BSA criteria
31 CFR §1010.320
Currency Transaction Reports
Fiat on-ramp transactions at $10,000 or above trigger CTR filing
31 CFR §1010.311
Recordkeeping
5-year retention for KYC, KYB, and AML records. 7-year retention for transaction records.
31 CFR §1010.410
Independent Testing
Annual external audit of AML program effectiveness
31 CFR §1010.210(b)
Compliance Officer
Designated BSA compliance officer
31 CFR §1010.210(b)
Training
Annual AML training for all staff. Quarterly for compliance officers.
31 CFR §1010.210(b)
5.2 Three-Layer AML Architecture
The platform's AML defense operates in three layers, each handling a different point in the investor lifecycle:
Layer 1 — Empire Onboarding (one-time plus periodic refresh). Performed by Empire Stock Transfer at investor onboarding and on each periodic refresh. Includes identity verification (CIP), accreditation verification (Reg D Rule 501; Reg S non-US person determination; Reg CF eligibility), beneficial-ownership identification for entity investors, OFAC and SDN screening, AML risk assessment, and wallet registration in the Master Securityholder File.
Layer 2 — Transfer Hook (every transfer, real-time). Enforced by the on-chain Transfer Hook program at the Solana runtime level. Every transfer evaluates Controls 1 through 6 (custody verification via Ed25519), Controls 7 through 14 (investor eligibility), Controls 8 through 10 (OFAC re-screening against current SDN list), Control 11 (AML risk score check), Control 24 (holding period enforcement), and Controls 15 through 42 (position limits, circuit breakers, audit trail).
Layer 3 — Platform Analytics (continuous). Off-chain monitoring. Includes Chainalysis KYT real-time transaction monitoring, TRM Labs behavioral pattern analysis, volume-spike detection (100x threshold), cross-wallet clustering for coordinated activity, and SAR-trigger analysis.
5.3 AML Risk Disposition
ScoreTierActionSAR Trigger
0–30
Low
Approve — transfer proceeds
No
31–70
Medium
Approve and flag — compliance reviews within 24 hours
If investigation confirms suspicious activity
71–100
High
Reject (Error 6006) — wallet blocked
Yes — SAR filed if at $5,000 or above
6. OFAC Sanctions Program
6.1 Three-Layer Screening
LayerMethodCatches
Layer 1: Exact address
Direct Solana wallet match against SDN addresses
Directly sanctioned wallets
Layer 2: Fuzzy entity
Entity name and alias matching via Chainalysis entity resolution
Slight name variations ("ACME Corp" versus "ACME Corporation LLC")
Layer 3: 2-hop clustering
Transaction graph analysis — wallets within 2 degrees of SDN entities
Proxy wallet strategies, indirect funding paths
6.2 Comprehensively Sanctioned Jurisdictions
Transfer Hook Control 11 blocks wallets associated with OFAC comprehensively sanctioned jurisdictions:
JurisdictionCFR Reference
Iran
31 CFR Part 560
North Korea
31 CFR Part 510
Syria
31 CFR Part 542
Cuba
31 CFR Part 515
Crimea region
31 CFR Part 589
6.3 Continuous Re-Screening
OFAC screening is not a one-time onboarding event. Controls 8 through 10 re-screen every wallet on every ST22 transfer against the current SDN list (refreshed hourly plus emergency push). A wallet clean at onboarding but later added to the SDN list is blocked immediately on its next transfer attempt. This continuous re-screening is architecturally impossible in an application-layer compliance system; the Transfer Hook enforces it at the Solana runtime level.
6.4 Staleness Safeguards
SDN List AgeBehavior
0–24 hours
Normal operation — screening on every transfer
24–48 hours
Cached list used. P2 alert raised. OFAC indexer investigated.
Above 48 hours
All transfers halt — Error 6005 until SDN list refreshed
6.5 Module 3 Secondary Sanctions Considerations
Module 3 issuances may involve basin-asset entities operating in or sourcing materials from jurisdictions where US secondary sanctions apply. Empire applies enhanced screening for Module 3 entity investors and basin-asset issuers, including review of supply-chain counterparty exposures where federal counter-party diligence is appropriate.
7. Holding Period Enforcement
7.1 On-Chain Mechanism
Transfer Hook Control 24 enforces mandatory holding periods at the Solana runtime level. This is not a contractual agreement — it is mathematically enforced code that rejects transfers before the statutory period elapses.
Investor TypeExemptionHolding PeriodEnforcementStatutory Basis
US accredited
Reg D
6 months (15,778,800 seconds)
On-chain (Control 24)
Securities Act Rule 144(d)
Non-US
Reg S
12 months (31,536,000 seconds)
On-chain (Control 24)
Reg S §230.903(b)(3)
US retail
Reg CF
12 months (31,536,000 seconds)
On-chain (Control 24)
Reg CF §227.501
7.2 HoldingPeriodAccount
A per-investor-per-mint state account is created at token delivery. The account records the purchase timestamp (set by the Solana runtime clock — never by user input), the jurisdiction flag (US / Non-US / Reg CF), the holding period in seconds (immutable per investor type), and the lock status.
7.3 Properties
PropertyEnforcement
Cannot be shortened
Holding period seconds are hard-coded program constants — governance cannot reduce below statutory minimum
Cannot be backdated
Purchase timestamp is set by the Solana runtime clock at transaction execution
Cannot be overridden
No administrative override path. The platform cannot unlock a holding period early.
Per-investor tracking
One HoldingPeriodAccount per investor and per mint
Jurisdiction immutable
Set by Empire at onboarding. Cannot be changed post-delivery.
7.4 Verification
Auditors verify holding period enforcement by querying the HoldingPeriodAccount for a specific investor-mint pair. The query returns the jurisdiction (US, Non-US, or Reg CF), the purchase timestamp, the holding period in seconds, and the lock status. Verification methodology is documented in the Smart Contract Reference and the platform's compliance runbooks.
8. Investor Eligibility
8.1 Accredited Investor Definition (SEC Rule 501)
Qualification PathThreshold
Income
$200,000 individual ($300,000 joint) in each of the 2 most recent years with reasonable expectation of continuance
Net worth
$1,000,000 or higher excluding primary residence
Professional certification
Series 7, 65, or 82 license holders
Entity
$5,000,000 or higher in assets, or all equity owners accredited
Knowledgeable employee
Of the private fund issuer
8.2 Verification by Empire
Empire Stock Transfer performs all accreditation verification. Accepted methods include:
Third-party accreditation letter (valid 90 days).
Tax return verification (IRS Form W-2, 1099, K-1).
Account statements (broker-dealer, bank).
Professional license verification.
Entity documentation (audited financials, formation documents).
8.3 Reg S Investor Qualification
Non-US investors must satisfy Reg S requirements:
Not a "US person" per Reg S §230.902(k).
Transaction occurs in an "offshore transaction."
No "directed selling efforts" into the United States.
Verified by Empire Stock Transfer.
8.4 Reg CF Investor Qualification
US retail investors purchasing in Reg CF offerings must satisfy the SEC Rule 100(a)(2) investment-limit determination:
Annual income or net worth determines the maximum amount the investor may purchase across all Reg CF offerings in a 12-month period.
A FINRA-registered funding portal must intermediate the offering.
Empire performs the eligibility determination at onboarding and the funding portal applies the per-offering investment limit at purchase.
8.5 Investor-Type Determination at Onboarding
Empire's onboarding determination flags each investor as US accredited (Reg D), non-US (Reg S), or US retail (Reg CF). The flag is recorded in the Master Securityholder File and on chain via the HoldingPeriodAccount jurisdiction field. The flag is immutable after delivery — an investor's classification cannot be changed post-purchase.
9. Record Keeping and Audit Trail
9.1 Dual Record Architecture
Record LayerWhatRetentionRegulatory Basis
On-chain (immutable)
Every ST22 transfer with all 42 control results, amounts, timestamps, wallet addresses, error codes
Permanent (Solana ledger)
BSA §1010.410; Securities Act
Empire Stock Transfer
KYC and KYB records, accreditation documents, MSF entries, SAR and CTR filings
5–7 years per BSA
31 CFR §1010.410
Platform compliance database
Oracle attestation history, circuit breaker events, AML scores, OFAC screening results, Module 2 NAV records, Module 3 federal-action records
7 years
BSA plus Securities Act
9.2 On-Chain Audit Record
Every successful transfer emits a TransferValidated event including the mint, sender, recipient, amount, timestamp, and a signal that all 42 controls passed. Every rejected transfer returns a specific error code identifying which control failed. Both outcomes are recorded on the Solana ledger — immutable and independently verifiable by any party with an RPC connection.
9.3 Retention Summary
Record TypeRetentionRegulatory Basis
KYC records
5 years after account closure
BSA
KYB records
5 years after relationship ends
BSA, FinCEN CDD
Transaction records
7 years
Securities Act, IRS
Accreditation records
5 years
Reg D
OFAC screening records
5 years
OFAC regulations
SAR filings
5 years from filing
BSA
CTR filings
5 years
BSA
Audit reports
5 years
BSA
Training records
5 years
BSA
Module 2 appraisal records
7 years
Real-property records standard; SEC offering documentation retention
Module 3 federal-classification records
Permanent
Federal record-keeping standard for strategic-minerals diligence
On-chain transfer records
Permanent
Solana ledger
10. Protective Conversion
10.1 Trigger Events
Controls 35 through 38 implement automatic protective conversion — converting Common B shares to common stock upon adverse events, protecting investors even if the issuer fails:
TriggerControlActionInvestor Impact
Issuer bankruptcy filing
PC-35
Automatic conversion per Certificate of Designation
Investor holds common stock through bankruptcy proceedings
SEC enforcement action
PC-36
Automatic conversion
Investor holds common stock — exits tokenized structure
Criminal indictment (officer or director)
PC-36
Automatic conversion
Same
Loss of Empire services
PC-37
Automatic conversion
Investor holds common stock — custody transfers
Material breach of tripartite agreement
PC-38
Conversion at the platform's plus Empire's discretion
Case-by-case determination
10.2 Purpose
Protective conversion ensures that investors retain genuine equity ownership (common stock) even if the tokenization infrastructure fails. This is the safety valve that separates Category 1 Model B from Category 2 — the investor is never left holding a token with no underlying claim.
10.3 Module-Specific Protective Conversion
The same four trigger types apply across all modules. Module-specific considerations:
Module 1 (Equities). The investor receives common stock of the issuer corporation upon conversion.
Module 2 (Real Estate). The investor receives common stock of the single-asset entity that holds the property. The single-asset entity continues as a going concern post-conversion; the investor's claim is now to the entity's equity directly rather than to a tokenized representation.
Module 3 (CORECM). The investor receives common stock of the basin-asset entity that holds the mineral basin or mining concession. As with Module 2, the entity continues as a going concern, and the investor holds direct equity.
11. On-Chain Compliance Verification
Auditors and institutional risk teams independently verify every compliance claim without relying on the platform's representations. The platform exposes verification methodology and reproducible procedures through the Smart Contract Reference, the platform's published audits (Quantstamp, Halborn, OtterSec, Certora), and on-chain queries that any party with a Solana RPC connection can perform.
11.1 Verifications Required Across All Modules
VerificationWhat Is Confirmed
Transfer Hook permanently attached
The Token-2022 mint extension stores the Transfer Hook program ID; the SPL Token-2022 standard makes attachment permanent
1:1 custody backing
The custody oracle reports common_b_balance greater than or equal to token_supply; Ed25519-verified; no discrepancy detected
Holding period enforcement
The HoldingPeriodAccount records the correct jurisdiction-specific period; lock status accurate
Global Pool permanently locked
LP mint supply is zero, LP mint authority is None, pool program upgrade authority is None
OFAC oracle current
The OFAC oracle's is_fresh status is true; entry count consistent with the published SDN list
SecurityConfig parameters
All parameters within governance-approved ranges; pause flag false during normal operation
Holding period constant immutability
Verified by Certora invariant E.4 plus examination of deployed program bytecode against audited source
11.2 Module-Specific Verifications
Module 2 and Module 3 add verification points for the module-specific oracles:
VerificationModuleWhat Is Confirmed
NAV oracle freshness
Module 2
last_reappraisal within nav_reappraisal_max_age_secs; appraiser signature verified
NAV deviation within bounds
Module 2
On-chain price within nav_deviation_max_bps of NAV
Classification oracle freshness
Module 3
USGS and DOE classification within classification_max_age_secs
Federal-action status
Module 3
Classification oracle reports current federal-action status for the basin
11.3 Independent Verifiability
Every verification listed above can be performed without the platform's cooperation. The on-chain accounts are public; any Solana RPC provider returns the data; the Ed25519 signatures are verifiable using Empire's published public key; the program bytecode is verifiable against published audit hashes. This is a structural property of Category 1 Model B, not a discretionary practice of the platform.
12. Module-Specific Compliance
The 42 Transfer Hook controls apply identically across all three modules. Module-specific compliance considerations sit at the asset-class and federal-framework layer, not at the on-chain enforcement layer.
12.1 Module 1 — Equities
Asset class. Public-company equity securities sourced from OTC microcap, NASDAQ, AMEX, TSX, and other global exchanges.
Compliance posture. Standard Reg D, Reg S, and (where applicable) Reg CF offering exemptions. CUSIP-identified Common Class B share class. EDGAR pipeline integration provides issuer-disclosure intelligence to support investor-protection controls (Layer 9 IDOS).
Empire onboarding considerations. Standard accreditation paths. Investor-type classification flags Reg D, Reg S, or Reg CF.
Module-specific records. Issuer board resolution, Certificate of Designation filed with the issuer's state of incorporation, CUSIP assignment, EDGAR filings.
12.2 Module 2 — Real Estate
Asset class. Tokenized real-property assets held via single-asset entities.
Compliance posture. Same Category 1 Model B framework. Common Class B is issued by the single-asset entity that holds the property. Module-specific NAV oracle reports appraised value alongside Empire's per-block custody attestation; on-chain price is constrained to remain within governance-set deviation bounds of NAV.
Empire onboarding considerations. Standard accreditation paths. The investor's economic exposure is to the single-asset entity's equity; offering documentation discloses the property's specific risks (jurisdiction, title status, tenancy, environmental, insurance).
Module-specific records. Property identifier, appraisal-cycle metadata, single-asset entity formation documents, title diligence package, initial appraisal, periodic reappraisals.
Module-specific compliance considerations. NAV oracle staleness triggers a P1 incident under the Incident Response Playbook. NAV deviation outside nav_deviation_max_bps triggers a per-mint circuit breaker that pauses AMM trading on the affected mint until a fresh appraisal restores the on-chain price within bounds.
12.3 Module 3 — CORECM
Asset class. Tokenization of US strategic minerals supply chain. CORECM means Carbon Ore, Rare Earth, and Critical Minerals. Frameworks include the USGS Critical Minerals List, the DOE Critical Materials Strategy, Section 232 of the Trade Expansion Act of 1962, Title III of the Defense Production Act, the Inflation Reduction Act critical-minerals provisions, Executive Order 14017, and the Energy Act of 2020. Carbon Ore covers DOE coal-derived rare-earth element recovery.
Compliance posture. Same Category 1 Model B framework. Common Class B is issued by the basin-asset entity that holds the mineral basin or mining concession. Module-specific Classification oracle reports federal classification status from USGS and DOE feeds alongside Empire's per-block custody attestation.
Empire onboarding considerations. Empire applies enhanced KYC depth for Module 3 issuances. Enhanced depth includes verification of any federal-program eligibility constraints applicable to the basin (such as DOE coal-derived REE recovery program participation), confirmation of the investor's eligibility under any applicable export-control regime, and additional review for entity-investor UBO chains where federal counter-party diligence is appropriate.
Module-specific records. Basin identifier, USGS classification, mineral class, basin-asset entity formation documents, geological survey, mineral-rights documentation, federal-program participation records, federal-action history.
Module-specific compliance considerations. Classification oracle staleness triggers a P2 incident (P1 if staleness exceeds 48 hours; P0 if a federal-action notification arrives during staleness). Federal-action issuance against a basin asset is automatically a P0 — see Section 13.
13. Module 3 Federal-Action Coordination
Federal actions affecting strategic minerals are a regulatory category unique to Module 3. They have no parallel in Module 1 (Equities) or Module 2 (Real Estate).
13.1 What Constitutes a Federal Action
Federal actions include:
Executive Orders affecting strategic minerals (such as Executive Order 14017 and successor orders).
Section 232 tariff or restriction orders issued under the Trade Expansion Act of 1962.
Defense Production Act Title III orders.
Department of Energy program changes affecting eligibility (such as changes to the DOE coal-derived REE recovery program).
Inflation Reduction Act critical-minerals eligibility determinations.
Court orders or regulatory directives specifically naming a basin or mineral classification.
13.2 Detection
The platform's Module 3 federal-action feed monitors federal sources (Federal Register, DOE program announcements, USGS classification updates, Department of Defense procurement directives) on a 5-minute cadence. New actions that match a basin or mineral class associated with an issued ST22 mint trigger an automatic P0 incident under the Incident Response Playbook (Section 13).
13.3 Response Procedure
Federal-action response is governed by the Incident Response Playbook Section 13. The procedure summarized:
Capture the federal action — issuing agency, action type, effective date, and scope.
Identify affected mints by mapping each Module 3 mint to its basin identifier, mineral class, and federal-program participation.
Activate Control 42 (regulatory freeze) on each affected mint — same Control 42 mechanism as SEC enforcement actions or court orders. Legal Counsel authorization plus 3-of-5 multi-signature; no timelock.
Notify Empire Stock Transfer within the 15-minute SLA.
Notify affected issuers (basin operators) and affected investors.
Update the Classification oracle with the federal-action status.
13.4 Resolution
The freeze remains active for the full duration that the federal action prohibits transfer or while substantial uncertainty about transfer status persists. Resolution requires the federal action to expire, be rescinded, the basin to be exempted, or the issuer to obtain an authorized variance — followed by Legal Counsel authorization, 3-of-5 multi-signature execution, Classification oracle update, and stakeholder notification.
13.5 Investor and Issuer Communication
Module 3 federal-action incidents involve a fourth external audience beyond Module 1 and Module 2 incidents: the federal agency. The platform's Communications Lead and Legal Counsel coordinate counsel-to-counsel communication with the issuing federal agency through the platform's outside SEC counsel where appropriate, and review all external communications before publication regardless of audience.
13.6 Why This Matters Architecturally
Federal-action coordination demonstrates that Category 1 Model B compliance scales beyond securities-law obligations to other federal regulatory frameworks. The same Control 42 freeze mechanism and the same Empire-coordinated response procedure handle SEC enforcement, court orders, FinCEN SAR investigations, OFAC emergency designations, and Module 3 federal actions — without a new on-chain primitive for each new regulatory category. The platform's compliance architecture is extensible by design.
14. Institutional Due Diligence Checklist
For institutional investors, fund managers, or compliance teams evaluating the platform.
Regulatory
Verify SEC Release No. 33-11412 applies (March 17, 2026).
Confirm Category 1 Model B alignment (seven requirements — Section 2).
Verify Empire Stock Transfer's §17A registration.
Confirm Reg D, Reg S, and Reg CF offering frameworks as applicable to the issuance.
Review Form D filing status for the issuance (where applicable).
Verify no SEC enforcement actions against Groovy Company, Inc. (EDGAR query).
Review the OFAC sanctions program (Section 6).
Review the BSA / AML program elements (Section 5).
For Module 3 issuances, review the basin's USGS classification, DOE Critical Materials status, and any pending federal action affecting the basin or mineral class.
Custody
Verify Empire holds Common B shares in irrevocable custody.
Verify Ed25519 attestation updating per block.
Verify 1:1 backing ratio on-chain.
Confirm zero-discrepancy production history.
Review protective conversion triggers (Section 10).
Technology
Verify the Transfer Hook is permanently attached to the mint.
Verify all 42 controls are active by querying SecurityConfig.
Verify Global Pool immutability (LP burn complete; pool program upgrade authority is
None).Review audit reports (Quantstamp, Halborn, OtterSec, Certora).
Review the six Certora formal-verification invariants.
Verify holding period enforcement.
For Module 2 issuances, verify NAV oracle freshness and deviation bounds.
For Module 3 issuances, verify Classification oracle freshness and federal-action status.
Operational
Review the conflict of interest disclosure (Patrick Mokros dual role).
Verify multi-signature configuration (5-of-9 for upgrades; 3-of-5 for parameter and emergency).
Review incident response procedures (Incident Response Playbook).
Verify monitoring and alerting infrastructure (Datadog and PagerDuty escalation).
Review the bug bounty program (refer to the Security Model).
For Module 3 issuances, review the federal-action monitoring and response procedure (Incident Response Playbook Section 13).
15. Regulatory Contact Matrix
MatterContactChannel
Issuer onboarding
Empire Stock Transfer plus the platform's issuer services
Through Empire's onboarding dashboard
Compliance inquiries
Compliance team
compliance@rwatokens.net
Security vulnerabilities
Security team
security@rwatokens.net
SEC and regulatory
Legal Counsel (JDT Legal)
Through the platform's SEC counsel coordination
Empire Stock Transfer
Empire compliance team
Through platform-Empire coordination
Technical and CTO
Frank Yglesias, Chief Technology Officer
frank@rwatokens.net
Module 3 federal-action
Legal Counsel (JDT Legal)
Counsel-to-counsel through the platform's SEC counsel
SAR Filing
Empire Stock Transfer files SARs with FinCEN per 31 CFR §1010.320. The platform provides transaction data and AML analytics to support Empire's filing obligations. SAR filings are confidential — contents are not disclosed to the subject of the report.
Regulatory Examination Support
In the event of an SEC, FinCEN, OFAC, or federal-agency examination, Groovy Company, Inc. and Empire Stock Transfer cooperate fully. On-chain records are independently verifiable and cannot be altered. Off-chain records are maintained per the retention schedule in Section 9.3. For Module 3 issuances, federal-program participation records are maintained on a permanent retention basis appropriate to federal record-keeping standards.
Related Documentation
Solana Blockchain Foundation — Why Solana, Token-2022, Transfer Hook, module-specific foundations
Architecture Decisions — ADR-001 through ADR-012, including ADR-011 (three-module architecture) and ADR-012 (Empire as sole onboarding authority)
Security Model — Threat model, key management, formal verification, module-specific threat surfaces, bug bounty
Infrastructure Overview — Cloud architecture, environment separation, blockchain infrastructure
Network Configuration — Program addresses, RPC endpoints, oracle PDAs, multi-signature addresses, production parameters
Deployment Guide — Build, deploy, verify, upgrade, rollback procedures including module-specific initialization
Incident Response Playbook — P0 through P3 runbooks; Module 3 federal-action freeze runbook (Section 13)
Empire Stock Transfer Integration — Custody architecture, Ed25519 attestation, MSF, KYC / KYB / AML / OFAC, conflict of interest disclosure, module-aware custody coverage
Smart Contract Reference — Transfer Hook control implementations, account schemas, error codes
Oracle Integration Guide — Custody, OFAC, AML, NAV (Module 2), Classification (Module 3) relay architecture
Issuer Onboarding Guide — Customer-facing nine-stage process
RWA Tokens · Compliance Integration Guide · Groovy Company, Inc.
Last updated
Was this helpful?