Tokenization of real-world assets: governance frameworks for institutional issuers

From Experiment to Infrastructure

The tokenisation of real-world assets — from real estate and private credit to fund units and trade receivables — has progressed from proof-of-concept to operational reality at a small but growing number of institutions. The question is no longer whether tokenised issuance works technically. It is whether the governance frameworks supporting it are adequate for institutional scale.

In most cases, they are not. The governance structures that institutions have applied to tokenised issuances were borrowed from adjacent contexts — securities law, distributed ledger technology pilots, digital asset custody frameworks — and assembled under time pressure. The result is functional but fragile: adequate for pilot volumes, insufficient for the liability and complexity that production-scale issuance entails.

The Governance Gaps We Consistently Observe

1. Token lifecycle governance

Most issuers have designed governance for the issuance event but not the full token lifecycle. Questions that remain unanswered include: who authorises secondary market restrictions? Who governs smart contract upgrades? What process applies when an error in the on-chain representation requires correction? These are not edge cases — they are operational certainties in any programme that runs for more than six months.

2. Custody and key management accountability

The separation of private key management from issuer operations is well understood in principle but poorly documented in practice. We frequently encounter situations where key management responsibilities are either undocumented or split across counterparties without a clear authority matrix. For regulated institutions, this is a significant prudential concern.

3. Investor rights enforcement in a tokenised context

Legal analysis of token structures regularly lags the technical implementation. The result is that investor rights — to information, to redemption, to participation in governance events — are defined in legal documentation without corresponding on-chain enforcement mechanisms. When smart contract behaviour diverges from legal terms, the resolution path is unclear.

4. Cross-jurisdictional regulatory mapping

Tokenised instruments routinely attract investor interest across multiple jurisdictions. Issuers frequently rely on private placement exemptions without conducting the jurisdiction-by-jurisdiction analysis required to verify that exemption conditions are met in each relevant market.

5. Incident response and asset recovery

Incident response plans for tokenised assets are rarely tested and often do not address the scenarios most likely to arise: smart contract exploits, lost access credentials, oracle failures, or blockchain reorganisation events. Regulatory authorities are increasingly asking for evidence of tested plans before approving issuance programmes.

A Structured Governance Framework

We propose a four-layer governance architecture applied across jurisdictions and asset classes. It is designed to be modular — adaptable to different legal structures and blockchain architectures — while providing comprehensive coverage of the governance gaps identified above.

Layer 1: Legal and structural foundation

The token must have an unambiguous legal characterisation in every relevant jurisdiction. This layer defines the relationship between on-chain representation and underlying legal rights, the enforcement mechanism for investor rights, and the governing law for each dimension of the structure.

Layer 2: Operational governance

This layer defines the decision-making authority for each class of operational event: token issuance and redemption, smart contract modifications, oracle updates, and corporate actions affecting the underlying asset. It includes the authority matrix for key management and specifies escalation paths for unresolved operational questions.

Layer 3: Risk and compliance governance

A standing risk committee with defined membership, meeting cadence, and escalation authorities. This layer integrates the tokenised programme with the institution's existing risk management infrastructure and ensures that regulatory developments are monitored and acted upon systematically.

Layer 4: Investor-facing governance

Disclosure standards, investor communication protocols, and the mechanism for investor participation in governance events where applicable. This layer ensures that the governance framework is legible to investors and that their rights are protected throughout the token lifecycle.

Jurisdiction Considerations for 2025

• Switzerland (DLT Act) — Switzerland's DLT Act provides one of the most developed legal frameworks for tokenised securities globally. FINMA's guidance on ledger-based securities continues to mature, offering meaningful legal certainty for properly structured programmes.
• European Union (MiCA and DLT Pilot Regime) — MiCA establishes a framework for crypto-asset service providers but does not directly regulate tokenised securities, which remain subject to MiFID II. The DLT Pilot Regime provides a sandbox for limited experimentation with tokenised securities infrastructure.
• UAE (VARA and ADGM) — The UAE continues to attract institutional issuance programmes, with both VARA and the ADGM offering relatively clear frameworks. Due diligence on the applicable regulatory perimeter remains essential.

Building for Scale

Governance frameworks built for a first issuance rarely survive contact with a second or third programme unchanged. Institutions that invest in modular, documented governance architecture from the outset — rather than programme-specific solutions — build the institutional capability to scale tokenised issuance efficiently and with lower regulatory risk.

The institutions that will lead the tokenisation of real-world assets are not those who move fastest in isolation. They are those who move decisively with governance that matches their ambition.