Regulation and compliance: RWA trading globally

Real-world asset (RWA) tokenization is expanding across bonds, equities, real estate, commodities and private credit. But market growth hasn’t produced a unified global regulatory response. Participants navigate a patchwork of securities law, banking regulation and digital asset frameworks that differ by jurisdiction, asset type and platform.

Understanding these frameworks is not optional. Asset class, jurisdiction of issuance and investor's country of residence each determine what’s permissible. In addition, platform licensing status and disclosure obligations vary. 

This article explains why RWA regulation is structurally complex, how key jurisdictions approach it and what this means for investors.

Key Takeaways:

• Tokenizing an asset doesn’t change its regulatory classification. A tokenized bond remains a bond, and a tokenized equity remains a security.

• Major jurisdictions — including the US, EU, UAE, Singapore and Hong Kong — each apply distinct and evolving frameworks to RWA issuance and trading.

• Know-your-customer (KYC) and anti–money laundering (AML) compliance function as a universal minimum floor across all RWA markets, regardless of jurisdiction.

Why regulation is structurally complex for RWA

RWA tokenization does not occupy a single regulatory category. The applicable framework depends upon the underlying asset, not on the fact that it’s been tokenized. Moreover, the scale of the challenge isn’t merely academic. A CACEIS survey found that 58% of asset owners cite regulatory constraints as the primary hurdle to crypto asset investment. That figure reflects real friction in the way that existing legal frameworks interact with tokenization infrastructure.

A tokenized Treasury bond is subject to securities law. For instance, a tokenized real estate interest may simultaneously trigger property law, securities law and banking regulation, and a tokenized commodity product may fall under derivatives regulation (depending upon structure and leverage).

Several structural factors drive this complexity:

• Multiple legal frameworks apply at once. A single RWA product can face securities regulation at issuance, and property or custodial law at the asset level. Banking oversight may also apply if institutional custody is involved. AML/KYC requirements apply at every point of transaction.

• The technology is neutral, but the asset is not. Regulators don’t treat tokenization as a new legal category. The blockchain wrapper changes the delivery mechanism, but it doesn’t change the regulatory obligation.

• Cross-border transactions multiply jurisdictional complexity. For example, when a Singapore-based platform issues a tokenized bond backed by US real estate to a European investor, at least three jurisdictions have regulatory interest. Which disclosure rules apply? Which courts have jurisdiction? The answers are rarely clear.

• Platform and investor obligations differ. The issuer, the custodian, the trading platform and the investor each face separate regulatory requirements. A platform compliant in its home jurisdiction may still be inaccessible to investors elsewhere.

How major jurisdictions approach RWA regulation

United States

In the US, there is no single dedicated RWA tokenization framework. The Securities and Exchange Commission (SEC) applies the Howey Test to determine whether a tokenized asset qualifies as a security, and most tokenized RWAs — including bonds, equity interests and fund shares — are treated as securities.

Issuers must either register with the SEC or qualify for an exemption. Regulation D covers private placements to accredited investors. Regulation S applies to offerings conducted outside the United States. Both regulations restrict who can participate, how the offering is marketed and resale timing.

A federal digital asset framework is in legislative development. The FIT21 Act and a bipartisan stablecoin bill introduced in early 2025 signal congressional intent to establish clearer rules. Until that framework is enacted, the SEC's existing securities law interpretation remains the operative standard.

European Union

The EU applies its Markets in Financial Instruments Directive (MiFID II) to tokenized financial instruments. Tokenized securities are treated as financial instruments, and face the same disclosure, authorization and conduct requirements as their traditional counterparts.

The EU's Markets in Crypto-Assets regulation (MiCA) became fully applicable in December 2024. It covers most crypto assets but explicitly excludes tokenized securities, which remain under MiFID II. For RWA participants, both regimes may be relevant, depending upon asset type and structure.

The EU's DLT Pilot Regime creates a temporary sandbox for trading and settlement of tokenized securities outside some existing infrastructure requirements. European Securities and Markets Authority (ESMA) guidelines from late 2025 clarified how tokenized bonds can comply with both MiCA and MiFID II. This dual-compliance path reflects the evolving nature of EU RWA oversight.

Asia

Three jurisdictions — Singapore, the UAE and Hong Kong — have developed particularly active and distinct frameworks for RWA tokenization, with each area taking a different structural approach.

Singapore

The Monetary Authority of Singapore (MAS) oversees tokenized securities under the Securities and Futures Act (SFA). Digital payment tokens fall under the Payment Services Act (PSA). Singapore finalized its stablecoin licensing framework under the PSA in 2023.

MAS Project Guardian has explored asset tokenization across fixed income, foreign exchange and fund management through multi-institution pilot programs. Singapore's approach is collaborative, and MAS develops frameworks through live industry pilots, rather than imposing fixed rules in advance.

Platforms operating in Singapore require licensing under the SFA for capital markets activities, or under the PSA for digital asset services. Investor eligibility restrictions and KYC requirements apply, irrespective of license type.

UAE

The UAE operates two parallel regulatory environments. In Dubai, the Virtual Asset Regulatory Authority (VARA) oversees virtual asset service providers. VARA has published updated Activity-Based Rulebooks in May 2025, setting detailed compliance requirements for licensed entities.

In Abu Dhabi, the Abu Dhabi Global Market (ADGM) operates a separate financial services framework with distinct provisions for digital securities. The Dubai International Financial Centre (DIFC) adds a third regulatory environment within Dubai.

The UAE has signaled openness to RWA tokenization, particularly for real estate and fixed income. However, licensing requirements, investor eligibility rules and asset-specific regulations still apply across all three regimes.

Hong Kong

Hong Kong's Securities and Futures Commission (SFC) treats tokenized securities as securities under existing law. The SFC requires that platforms dealing in tokenized securities hold appropriate licenses, and it has published specific guidance on security token offerings (STOs).

From 2023, Hong Kong implemented a licensing regime for virtual asset trading platforms (VATPs), and the SFC published updated guidelines in April 2025. The government's July 2025 Policy Statement 2.0 on the Development of Digital Assets added specific initiatives on RWA tokenization and stablecoins.

In addition, the Hong Kong Monetary Authority (HKMA) has been active through Project Ensemble, focused on wholesale tokenization and settlement infrastructure. The government's own tokenized green bond issuances have established a sovereign precedent for on-chain debt in the jurisdiction.

The universal compliance floor: KYC and AML

Regardless of jurisdiction, RWA platforms and issuers must implement KYC and AML procedures. Financial Action Task Force (FATF) recommendations have been adopted by most major jurisdictions. They establish a compliance baseline that covers customer identification, transaction monitoring, sanctions screening and suspicious activity reporting.

FATF Recommendation 16 — the so-called Travel Rule — requires virtual asset service providers (VASPs) to share originator and beneficiary information on transactions above defined thresholds. This applies to RWA token transfers, and creates operational data requirements for platforms.

For investors, the practical implication is clear. No legitimate RWA platform will allow participation without identity verification. The level required — basic KYC, enhanced due diligence or accredited investor certification — depends upon the specific platform, jurisdiction and asset type. Regardless, some form of verification is universal.

What this means in practice for RWA investors

This regulatory landscape has several direct implications for investors approaching the RWA market:

• Access depends upon jurisdiction. For example, an RWA product available in Singapore may be unavailable to US investors without SEC registration. Always verify whether a given product is accessible in your country of residence before you decide to participate.

• Platform licensing matters. An unlicensed platform offering tokenized securities may be operating outside its legal authorization. Confirm that any platform holds the appropriate license for both the asset type and the jurisdiction in which it operates.

• Investor eligibility requirements apply. Many RWA products are restricted to accredited or professional investors. These thresholds exist because tokenized securities are often issued under private placement exemptions that prohibit public marketing.

• Custody and redemption rights vary. Unlike a listed ETF — for which custody and redemption are standardized — RWA products differ significantly in how the underlying asset is held and whether investors can redeem. Understanding the custodial structure is a material part of due diligence.

Where the framework is heading

Global convergence on RWA regulation is a long-term process. Several multilateral bodies are working toward greater coordination.

The FSB published its thematic peer review on crypto-asset regulation in early 2025, assessing implementation across member jurisdictions. The review found that 39% of assessed jurisdictions had finalized a comprehensive framework, while 29% were still consulting or finalizing rules.

IOSCO has published complementary recommendations on crypto and digital asset markets that apply to RWA platforms. Both the FSB and IOSCO are moving in the same direction: treat tokenized assets under the same rules as their untokenized equivalents, with procedural accommodations for blockchain-based features.

As institutional participation in RWA markets grows, regulatory frameworks are becoming more detailed. Access rules are tightening, disclosure requirements are expanding and cross-border coordination is increasing. However, full harmonization remains some distance away.

The bottom line

RWA tokenization doesn’t operate in a regulatory vacuum. The underlying asset, jurisdiction of the platform and investor's country of residence each determine which rules apply.

Major jurisdictions have moved to apply existing financial law to tokenized assets, while developing supplementary frameworks to accommodate blockchain-specific features. No jurisdiction has yet produced a comprehensive, standalone RWA regulatory regime. What exists is a set of evolving and overlapping frameworks that sophisticated participants must carefully navigate.

The practical takeaway is clear: Work with licensed platforms, verify your eligibility before participating and understand the custodial structure of any product you hold. Don’t assume that a token's blockchain format changes its underlying legal obligations.

#LearnWithBybit