Polymath: Security Token Issuance Infrastructure

Polymath developed the ERC-1400 security token standard — now the most widely adopted standard for tokenized securities globally — and subsequently built Polymesh, the first purpose-built blockchain designed exclusively for regulated securities. Over 350 security token issuances have used Polymath’s infrastructure since 2018, representing approximately $3.2 billion in cumulative token issuance across equity, debt, fund interest, and real estate asset classes.

Company Overview

Founded in 2017 by Trevor Koverko and Chris Housser, Polymath (now operating primarily as the Polymesh Association) identified a critical gap in the security token infrastructure: existing public blockchains like Ethereum lacked the native compliance primitives — identity verification, transfer restrictions, regulatory holds, and confidential settlement — required for securities under SEC and global regulatory frameworks.

Polymath’s development proceeded in two phases: first, the creation of token standards on Ethereum that could enforce compliance (ST-20 and ERC-1400), and second, the construction of Polymesh, a dedicated blockchain where compliance is enforced at the protocol layer rather than the application layer.

Key milestones:

• 2017: Polymath founded; raised $59 million through a token sale
• 2018: Launched ST-20 token standard on Ethereum — the first purpose-built security token standard
• 2019: Led development of ERC-1400, the community standard for security tokens adopted by the Ethereum community
• 2020: Polymesh testnet launched
• 2021: Polymesh mainnet launched — the first institutional-grade blockchain for securities
• 2023: Polymesh governance token (POLYX) listed on multiple exchanges
• 2024: Enabled over 150 tokenized securities via upgraded issuance platform, with 200+ tokens deployed using the ST-20 standard
• December 2025: Partnership with tZERO for RWA tokenization on Polymesh; tZERO to operate a validator node on the Polymesh network, bridging institutional-grade blockchain infrastructure with SEC-registered ATS trading

Token Standards: From ST-20 to ERC-1400

ST-20 (Security Token Standard)

Polymath’s ST-20 standard, built on Ethereum, was the first token standard designed specifically for regulated securities. It extended the ERC-20 standard with:

• Transfer restrictions: Smart contract logic that checks compliance requirements (investor accreditation, jurisdiction, holding periods) before permitting any token transfer
• Module architecture: Pluggable compliance modules that issuers can configure based on their specific regulatory requirements — Reg D, Reg A+, Reg S, or international frameworks
• Investor registry: On-chain whitelist of verified investors linked to KYC/AML and accredited investor verification data

ERC-1400 (Security Token Standard — Community Standard)

Polymath led the development of ERC-1400, which became the Ethereum community standard for security tokens. ERC-1400 incorporates lessons from ST-20 and feedback from other security token platforms, providing:

Partitioned tokens. Unlike ERC-20 tokens that are fungible, ERC-1400 supports “partitions” — separate tranches of the same token with different properties. This enables issuers to represent different share classes, Rule 144 restricted vs. unrestricted shares, or tokens with different vesting schedules within a single contract.

Document management. Built-in functions for attaching legal documents (offering memoranda, subscription agreements, regulatory filings) to the token, ensuring that the on-chain token and its legal documentation remain linked throughout the security’s lifecycle.

Controller operations. Functions that allow authorized entities (issuers, transfer agents, courts, regulators) to force transfers — necessary for corporate actions such as stock splits, dividend distributions, and regulatory seizures. This “controlled token” concept is essential for SEC compliance because securities law requires the ability to enforce court orders, respond to regulatory holds, and execute corporate actions regardless of individual token holder consent.

Operator permissions. Granular permission system allowing different entities to perform different operations — issuers can mint new tokens, transfer agents can force transfers, compliance modules can block unauthorized transfers, and custodians can manage tokens on behalf of clients.

ERC-1400 has been adopted by Securitize (as the basis for its DS Protocol), tZERO, and numerous other security token platforms as the baseline standard for tokenized securities on Ethereum.

Polymesh: Purpose-Built Securities Blockchain

Architecture

Polymesh is a permissioned, public blockchain built specifically for regulated securities, using a Nominated Proof of Stake (NPoS) consensus mechanism. Unlike general-purpose blockchains where compliance is enforced at the application layer through smart contracts, Polymesh embeds compliance primitives into the base protocol:

Identity at the base layer. Every Polymesh account must be linked to a verified identity through a Customer Due Diligence (CDD) provider. There are no anonymous transactions — a fundamental requirement for securities regulation where the identity of every beneficial owner must be known to the issuer and transfer agent.

Compliance engine. Transfer compliance rules are enforced at the protocol level, not in individual smart contracts. This means compliance cannot be bypassed through smart contract exploits, protocol-level upgrades automatically apply to all tokens, and compliance rule changes can be implemented without requiring each issuer to update individual smart contracts.

Settlement finality. Polymesh provides deterministic settlement finality — once a transaction is confirmed, it cannot be reversed through chain reorganizations. This property is essential for securities settlement under clearing and settlement rules that require delivery finality.

Confidential transactions. Polymesh supports confidential asset issuance and transfer through the MERCAT (Mediated Encrypted Reversible Confidential Asset Transactions) protocol, enabling zero-knowledge proof-based settlement where transaction amounts are hidden from the public blockchain but verifiable by authorized parties (issuers, regulators, auditors).

Governance. Protocol upgrades are managed through on-chain governance by POLYX token holders, with a technical committee providing oversight. This governance model ensures that protocol changes reflect the needs of the securities market participants rather than the general cryptocurrency community.

Polymesh vs. Ethereum for Security Tokens

Regulatory Positioning

Polymath occupies a distinctive position in the regulatory landscape: it is an infrastructure provider rather than a regulated financial intermediary. Polymath itself does not hold broker-dealer or ATS registrations — those registrations are held by the platforms and intermediaries that use Polymath’s infrastructure to issue and trade security tokens.

This positioning is deliberate. By operating as a technology and protocol provider, Polymath avoids the direct regulatory obligations that apply to FINRA member firms, transfer agents, and exchanges. Instead, it enables those regulated entities to build compliant services on its infrastructure.

For issuers, Polymath’s infrastructure integrates with the full offering exemption framework. Security tokens issued on Polymesh can be offered under Reg D 506(c) with programmatic accredited investor verification, under Reg A+ with retail investor access, or under Reg S with geographic restriction enforcement.

Competitive Landscape

Polymath competes primarily with Securitize for the security token issuance infrastructure market, though the competitive dynamics differ:

• Securitize is vertically integrated (issuance + transfer agent + ATS), proprietary, and operates as a regulated financial intermediary. Securitize’s DS Protocol is built on Ethereum using ERC-1400 standards that Polymath helped develop.
• Polymath/Polymesh is horizontally positioned as infrastructure, open-source, and operates as a protocol/blockchain provider without direct financial intermediary registrations.

For token issuers, the choice between platforms depends on whether they prefer an integrated service provider (Securitize) or a configurable infrastructure layer (Polymath) with the flexibility to choose separate broker-dealers, transfer agents, and trading venues.

For the ATS platform comparison of trading venues where Polymath-issued tokens may trade, see our comparisons section. For interoperability standards across different blockchain platforms, see our market structure analysis.

Market Adoption Metrics

As of Q1 2026, Polymath/Polymesh has processed over 350 security token issuances across multiple asset classes:

These figures position Polymath as the second-largest security token infrastructure provider by issuance count, behind Securitize but ahead of most blockchain platforms in the security token vertical.

Looking Ahead

Polymath’s roadmap includes expanding Polymesh’s compliance engine to support additional jurisdictions beyond the U.S. and Europe, developing cross-chain bridges that maintain compliance attestations when tokens move between Polymesh and other chains, and enhancing confidential transaction capabilities for institutional users requiring privacy in settlement and position data. The platform’s success depends on continued adoption by ATS platforms and broker-dealers that integrate Polymesh as an issuance layer within their regulated operations.

The platform’s integration with the SEC Crypto Task Force’s evolving framework for digital asset registration pathways could further strengthen Polymesh’s position as regulators develop standardized compliance requirements that align with Polymesh’s base-layer compliance architecture.

For authoritative references, see the ERC-1400 standard documentation and Polymesh documentation.