Project

Guardian
Enabling Open and
Interoperable Networks
 This report and its contents are made available on an “as-is” basis without warranties of any kind.
The content in this report does not constitute regulatory, financial, legal or any other professional
advice and should not be acted on as such. MAS shall not be liable for any damage or loss of any kind
howsoever caused as a result of the use of the information contained or referenced in this report.

Copyright © Monetary Authority of Singapore

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system
or transmitted in any form or by any means, electronic, mechanised, photocopying, recording
or otherwise, without the prior written permission of the copyright owner.

Applications for the copyright owner’s written permission to reproduce any part of this
publication should be addressed to:

FinTech and Innovation Group (FTIG)

Monetary Authority of Singapore
10 Shenton Way MAS Building
Singapore 079117

June 2023

This report is co-developed and published by Monetary Authority of Singapore and the Bank for International Settlements with contributions from:
Contents

03 1 — EXECUTIVE SUMMARY

06 2 — INTRODUCTION

07 3—P
 ROBLEM STATEMENTS AND
MOTIVATION

09 4 — OBJECTIVES AND FOCUS AREAS

4.1 Focused Themes
4.2 Reference Model

115—A  RCHETYPES OF DIGITAL ASSET

NETWORKS
5.1 Platform Type
5.2 Asset Type
5.3 Service Access
5.4 Network Structure
5.5 Composability

196 — PRINCIPLES
 FOR FMIs AND APPLICATION
TO DIGITAL ASSET NETWORKS
6.1 N
 ovel and Notable Features of Digital
Asset Networks
6.2 General Organisation
6.3 Credit and Liquidity Risk Management
6.4 Settlement
6.5 C entral Securities Depository and
Exchange-of-Value Settlement
6.6 Default Management
6.7 G
 eneral Business and Operational
Risk Management
6.8 Access
6.9 Efficiency
6.10 Transparency

257 — CASE STUDIES

7.1 Case Study 1 - Global Liquidity Pool
7.2 Case Study 2 - A  sset Backed Security Token
with Underlying Trade and
Working Capital Loans
7.3 C ase Study 3 - D igital Native Issuance of
Structured Notes

42 8 — CONCLUSION

43 9 — REFERENCES

44 10 — ACKNOWLEDGEMENTS
 Executive Summary

Digital assets and Distributed Ledger prevent fragmentation of markets as digital assets
Technology (DLT) based networks are and decentralised protocols proliferate. The
emerging as alternative financial infrastructures project also seeks to explore the role of regulated
supporting financial transactions such as financial institutions as trust anchors to screen,
the clearing and settlement of payments and verify and issue credentials, enabling participants
securities. However, the nascency of these to only trade with verified parties.
technologies means that there is insufficient
precedence in understanding the potential This report highlights one of the foundational
opportunities, risks, and limitations of these principles of Project Guardian – the establishment
networks as Financial Market Infrastructures of open and interoperable networks. A common
(FMI). framework is introduced for understanding the
design options to enable the trading of digital
Project Guardian aims to advance best practices assets across networks and liquidity pools.
and technical standards amongst the industry to This framework considers the core principles
Project Guardian \\ Enabling Open and Interoperable Networks

3
of financial market infrastructure and takes To support the development of a responsible
reference from projects that have sought to and innovative digital asset ecosystem with
push the boundary on these topics. well-managed risks in financial stability and
integrity, concerted private and public sector
This begins with an overview of Project collaboration is needed. This report strives to
Guardian and its motivations. Next, the provide a foundation for global collaboration
characteristics of digital asset networks and of private and public sector financial industry
their common archetypes are discussed. participants towards safe and efficient financial
In subsequent sections, the principles of market infrastructures.
FMIs and their applications are considered.
The final section of the report discusses the
aforementioned concepts through illustrative
use cases contributed by financial institutions
participating under Project Guardian.

Introduction

3

4
 Project Guardian \\ Enabling Open and Interoperable Networks

5
2 — Introduction

Traditionally, ownership of financial assets and real economy assets are

represented in physical and in electronic form through account balances.
These accounts reside across different proprietary platforms, for instance
deposits take the form of balances in accounts at deposit taking financial
institutions like banks. Other examples include securities such as bonds that
are custodied in accounts with Central Securities Depositories (CSD).

The advancement in technologies like smart contracts and distributed

ledgers have prompted interest in new models of delivering financial services.
Distributed ledgers offer the potential for transactions to be performed on a
peer-to-peer basis without centralised intermediaries. Meanwhile, the use of
smart contracts to model financial transactions such as borrowing, lending, and
trading activities enable financial activities to be performed autonomously.

While much of the public and media attention has focused on the speculation1
of unbacked digital assets, the real value in the digital asset ecosystem comes
from the representation of real-economy and financial assets digitally in a
tokenised form using smart contract technology to enhance the efficiency,
accessibility, and affordability of financial services. Once represented as digital
tokens, they can be exchanged readily and used to facilitate more efficient
economic transactions across pre-trade to post-trade capital market activities.

Asset tokenisation can potentially unlock liquidity to power economic growth,

as well as improve access to and widen investments options. However,
the market is still largely untapped as only a very small proportion of the
pool of tokenisable assets in the world are being traded today. A report 2
from Boston Consulting Group and ADDX predicts that some US$16 trillion
worth of assets, most of which are illiquid, would be tokenised by 2030.

This report introduces a framework for designing open and interoperable digital
asset networks based on tokenised real-economy assets and financial assets.
The examples cited here are intended as references to illustrate key concepts
and for broad learning only. The report should not be interpreted to reflect any
policy directive or legal advice, nor to endorse any specific solution or systems.

1
 es to Digital Asset Innovation, No to Cryptocurrency Speculation (Menon, 2022).
Y
2
R elevance of On-chain Asset Tokenization in “Crypto Winter.” (Suresh et al., 2022).

6
 3 — Problem Statements
and Motivation

The advancements in digital technology in the to bridge between centralised and decentralised
form of digital assets and distributed ledgers governance models. However, this requires
hold promise to facilitate the growth of cross- the active leadership of credible actors
border transactions 3,4. However, it is observed who are experienced in operating financial
that existing digitalisation efforts fall short of market infrastructures and knowledgeable
the expectations of efficiency improvement, in digital asset technology, to organise
greater financial access, and improved revenue and provide strategic guidance on such
opportunity which proponents of digital assets decentralised governance arrangements.
and DLT tout. In this section, the current state
of digital asset networks is discussed. Network Effect
Project Guardian \\ Enabling Open and Interoperable Networks

Governance Metcalfe’s law 6 states the value of a network

is proportional to the square of the number of
Centralised governance structures, involving members in the network. In the context of digital
a single entity operating the financial market asset networks, this could refer to the number of
infrastructure, and accountable for its decisions, participants using the network or independent
are more established today. Meanwhile, validators operating the network. Additionally,
decentralised governance models whereby the nature of the transactions on these networks
anyone from anywhere in the world may participate and the economic value that they represent
and vote for change, are gaining interest. could be metrics to assess the value and long-
term viability of these digital asset networks.
While truly decentralised models are more
resilient to the failure of an operator, they are rare Public networks are open to participation by
and hard to execute in practice. For instance, any entity without requiring any pre-approvals
the Financial Stability Board (FSB) report on or authorisations. Since there are no restrictions
the Financial Stability Risks of Decentralised on who may participate in the network, public
Finance 5 highlights risk of heavy concentration networks tend to have a larger number of
of voting powers in decentralised protocols participating entities relative to private networks.
today, and in practice decisions are made and
carried out only by a few controlling actors. Meanwhile, in a private network, participating
organisations need to be invited by the
Additionally, the FSB report discusses the governing body of the network to gain entry
implication of decentralised governance to the network. Accordingly, private networks
arrangements for financial stability, where are formed by a closed and exclusive group of
there may not be full disclosure and alignment participants who are selected beforehand.
between the developers of the DeFi protocols
and the users. Unlike centralised organised In practice, applications deployed on public
markets, decentralised market infrastructures networks (e.g., Ethereum) have been able to
do not offer the same level of accountability reach millions of users immediately, while those
in terms of its operations today. running on private networks reached hundreds
and thousands at peak. While the number of
Consortium governance, whereby there is a participants and transactions executed on private
curated set of operators who makes decisions networks may be lower, the economic value that
on behalf of the participating entities, attempts the transactions represent may be higher.

3
 racking the Flow of Cross-Border Payments Around the World (Gani, 2023).
T
4
H ow new entrants are redefining cross-border payments (EY Global, 2021).
5
T he Financial Stability Risks of Decentralised Finance (Financial Stability Board, 2023).
6
M oore’s Law, Metcalfe’s Law, and the Theory of Optimal Interoperability (Yoo, 2015).

7
Unless digital asset networks are interoperable, both with
each other and with traditional FMIs, fragmentation would
reduce the network benefits and can create frictions such
as inaccessibility, increased liquidity requirements due
to separation of liquidity pools, and pricing arbitrage.

Liquidity technology means that most existing protocols

may not support enterprise grade requirements
The launch of digital asset networks could result in and offer sufficient robustness and resiliency.

Problem Statements and Motivation

a proliferation of financial market infrastructures, at
least in the short term, as not all financial activity is Currently, many central banks and financial
likely to transition to tokenisation at the same time7. institutions are researching and experimenting
Unless digital asset networks are interoperable, on DLT through proof of concepts but these
both with each other and with traditional FMIs, efforts are not yet sufficient for commercial
fragmentation would reduce the network benefits scale10. The lack of clear accountability and
and can create frictions such as inaccessibility, service level agreements in public permissionless
increased liquidity requirements due to separation platforms imply that it might be possible for
of liquidity pools and pricing arbitrage 8. outages to occur 11, 12, with no guarantee of
recovery within an acceptable time period.
Another area of concern is liquidity and maturity Furthermore, legal considerations and general
mismatch between the tokens that are traded and guidelines for the usage of private permissioned
the assets that are used to back them. For example, platforms compared to public permissionless
a tokenised asset may offer the opportunity for its platforms are areas that need to be investigated
holders to redeem its underlying value at any time, to enable standardisation in the industry.
but if the tokenised asset is backed by reserve
assets that have a maturity profile that does not Financial institutions have primarily focused
match, this might increase the redemption run- on private and permissioned platforms which
risk scenarios described in the FSB Report 9. provide assurance that transactions happen with
known counterparties. Meanwhile, emerging
Technology Readiness FinTechs are leveraging the distribution power of
public and permissionless platforms, which offer
All digital infrastructures are subject to planned ease of access but potentially introducing risks to
and unplanned outages. For financial market financial stability and integrity. Project Guardian
infrastructure, system availability and recovery seeks to provide a framework to leverage the
are especially important to preserve trust and strength of these different approaches and
confidence in a financial institution’s operational mitigate their limitations to enable a future
capabilities. The nascency of digital asset financial infrastructure that is fit for purpose.

7
 n the future of securities settlement (Bank for International Settlements (BIS), 2020).
O
8
H ow Illiquid Open-End Funds Can Amplify Shocks and Destabilize Asset Prices (Natalucci and Qureshi, 2022).
9
T he Financial Stability Risks of Decentralised Finance (Financial Stability Board, 2023).
10
T he Future of Money: Gearing up for Central Bank Digital Currency (Georgieva, 2022).
11
S olana suffered its second outage in a month, sending price plunging (Sigalos, 2022).
12
E thereum Briefly Stopped Finalizing Transactions. What Happened? (Nijkerk, 2023).

8
 4 — Objectives and Focus Areas

Open, Trust Anchors, Tokenised Institutional Grade

Interoperable Verified Entities Financial Assets Financial Protocols
Networks
Establish a trusted Examine the Study the introduction
Explore open, environment through representation of of regulatory
interoperable a common trust layer securities in the form safeguards and
networks that enable of independent of digital bearer controls into financial
digital assets to trust anchors with assets and tokenised protocols to mitigate
be traded across risk management deposits issued against market
platforms and discipline to screen by deposit-taking manipulation and
liquidity pools. and onboard entities. institutions. operational risk.
Project Guardian \\ Enabling Open and Interoperable Networks

Figure 1: Guardian Themes

Project Guardian aims to advance the classes such as investment funds. Each of
development of efficient and safe financial these asset classes exhibit characteristics
networks. The industry pilots conducted under that are distinct from an economic, legal and
the initiatives support the following objectives: regulatory standpoint. Future work could include
the study and consideration of the unique
ȡ Improve understanding of the opportunities characteristics of each asset class and their
and risks of digital assets and assess implications to digital asset networks as FMIs.
longer-term transformational impact.
ȡ Enable interoperability across 4.2 Reference Model
different platforms, use cases, and
amongst participating entities. Project Guardian references a four layered
ȡ Define standards and best practices for risk model to describe technology components in
management and operational execution. a digital asset network. The reference model
provides the context for considering the
4.1 Focused Themes interactions between different component layers
in a digital asset solution. Each layer could be
Project Guardian covers four key areas: Open, governed and implemented by different actors.
Interoperable Networks; Trust Anchors; Assets
Tokenisation; and Institutional Grade DeFi The component layers in the reference
Protocols. This report focuses on the first theme model are described as follows:
and will put forth best practices and design
considerations of digital asset networks with an A. Access Layer
emphasis on Openness and Interoperability. The access layer describes the mechanism
by which users such as borrowers, investors,
That said, digital assets cover a broad range of issuers, access the range of services directly
financial assets across equities, fixed income, or indirectly via different interfaces (custodial
foreign exchange (FX), and alternative asset and non-custodial).

9
 Meanwhile, a tokenised asset refers to existing ownership
representing real-world or traditional financial assets
being tokenised and represented on a platform which
would normally be placed with a custodian to ensure that
these tokens are constantly backed by these assets.

Access Supporting
Wallets Applications Portals Aggregators
Layer Modules

Service Exchange
Lending
Asset
Derivatives FX Trust Anchors
Layer DvP, PvP Management

Objectives and Focus Areas

Assets Tokenised Native Verifiable
Layer Asset Issuance Credentials

Platform Oracles
Execution Storage Addressing Consensus Comm
Layer

Figure 2: Reference model for Open and Interoperable Digital Asset Networks 13

B. Service Layer D. Platform Layer

Services such as payment, lending, The platform layer refers to the infrastructure
borrowing, FX, and exchange that are upon which the ownership of digital assets is
implemented through smart contracts, may recorded and service transactions executed.
interact with different types of digital assets. The platform is assumed to be programmable
and flexible, supporting different types of
C. Asset Layer digital assets including tokenised securities
The asset layer records ownership of assets. and central bank money. The technology
Native issuance refers to assets issued and used to implement the platform may be
represented on a platform. Meanwhile, a blockchain or non-blockchain based.
tokenised asset refers to existing ownership
representing real-world or traditional financial This report focuses on studying the asset and
assets being tokenised and represented on platform layers for a digital asset network. The
a platform which would normally be placed subsequent section of the report examines
with a custodian to ensure that these tokens archetypes of how this could be implemented
are constantly backed by these assets. in practice.

13
System architecture jointly developed with International Monetary Fund (IMF).

10
 5 — Archetypes of
Digital Asset Networks
This section looks at common archetypes of digital asset networks.
This sets the context for the subsequent section on how the principles
of financial market infrastructure may be applied.

5.1 Platform Type each participant can conduct. For instance, only
designated service providers may be permitted to
In public discourse, the terms public and deploy smart contracts, while financial regulators
permissionless are often used interchangeably may be allowed to view transactions within
when describing blockchains that operate over the platform, based on their authorisations.
the Internet. Notwithstanding, these terms
Project Guardian \\ Enabling Open and Interoperable Networks

refer to different qualities that a platform might Given the analysis above, platforms may be
possess. This segment introduces participation classified into three common models listed
and control as two qualities or dimensions to be below. As there is no precedence for private
considered in the analysis of the platform used (or closed) and permissionless platforms,
for a digital asset network. Combinations of each they are not included in this report.
of these qualities may result in different design
options when designing a digital asset network. Public and Permissionless (P1)

ȡ Participation: Public (open) vs Private (closed) Under this model, any participant can join and
ȡ Control: Permissionless vs Permissioned take part in activities within the platform. As
the platform is permissionless, any participant
Participation may be able to deploy smart contracts on the
platform, while being able to leverage and use
The term “Public” here refers to the level of the smart contracts created by other participants.
participation that a platform allows rather than This is because in a platform that is public and
whether data is publicly visible to everyone. In the permissionless, no single organisation or individual
context of this report, public platforms, just like is in control of it and users are all anonymous.
the public internet are open to participation by any
entity. Any entity may join a public platform. On DLT based networks feature the use of validating
the other hand, private platforms are closed to a nodes or validators which process and check the
selected group of members only and operate on an transactions submitted by network participants.
invite-only basis, where invitations are extended Collectively, validators in a platform work to
to participants for entry into these platforms. ensure the integrity of the platform, ensuring
data is consistent and secure. Validators under
Control model P1 are typically anonymous and since it is
permissionless, anyone can become a validator
The second dimension refers to the level of to ensure the integrity of the transactions that are
permissioning or extent to which the type of recorded. For their effort, validators are often paid
activities that participants may conduct in using the native token (e.g., ETH) of the distributed
are controlled. In permissionless platforms, ledger network (e.g., Ethereum). Validating nodes in
all participants may view, edit and conduct public and permissionless platforms are anonymous
activities, including deploying smart contracts and are not pre-qualified. Consequently,
on the platform. Meanwhile, in permissioned platforms that are public and permissionless,
platforms, the governing body is tasked to are particularly susceptible to malicious attacks
decide and permit the type of activities that such as a complete takeover of a network.

11
Private and Permissioned (P2) Public and Permissioned (P3)

In this model, participants will require an In this model, like P1, any participant can join
invitation from the consortium who owns the the platform and participate in activities hosted
platform or an appointed operator to join the by entities within the platform without requiring
platform. Activities that can be performed by approval beforehand. However, participants will
the invited participants are subject to different need to identify themselves and adhere to the
levels of control. For instance, the governance platform’s terms governing activities within
of the network may dictate that all participating the platform.
entities may be able to view transactions, but only
selected members may deploy smart contracts The platform is governed by a group of organisations
or onboard other participants. Private and that defines its rulebook and dictates the types of
permissioned platforms are typically controlled by activities that are permissible on the platform. For
a single organisation or a consortium that permits example, the governing body may determine that the
members to join only if they have been verified. deployment of smart contracts can only be done by
selected members or by participants who adhere to
Validators, under this model, are known entities the standards imposed by the platform14.
and permissioned by the consortium or operator
and serve to ensure the integrity of the transactions Validators, under this model, are known entities who
that are recorded. For their effort, the validators are also permissioned by the governing body of the
may be paid in fiat currency either on a transaction platform, and serve to ensure the integrity of the
basis or for a fixed fee. The closed nature of P2 transactions that are recorded. For their effort, the
typed platforms, suggest that they tend to offer validators are paid in fiat currencies. In some models,

Archetypes of Digital Asset Networks

better security and privacy options to participants. the validators may be regulated financial institutions,
However, as only members may participate and subjected to technology risk management
in the platforms, the number of participants controls. While transactions are conducted in the
and the volume of activities in each of these open, and visible to all, it may be complemented
platforms tend to be relatively lower than P1. The by privacy preserving technologies such as zero
proliferation of P2 typed networks which are not knowledge proofs and homomorphic encryption.
interoperable with each other could lead to greater
fragmentation in the financial market landscape. The open nature of such a platform allows for a
greater number of participants, which increases the
volume of activities, while ensuring a certain level of
governance in this platform.

Model P1 Model P2 Model P3

Category Public and Permissionless Private and Permissioned Public and Permissioned

Anyone may join (subject

Requires approval from
Access Anyone may join to identification and
consortium members
acceptance of terms)

Validators Anonymous Known Entities Known Entities

Fees Paid in native crypto tokens Paid in Fiat Paid in Fiat

Consensus Algorithm Probabilistic settlement Deterministic settlement Deterministic settlement

Governance Decentralised Governance Consortium Governance Consortium Governance

Example Ethereum Partior LACChain

Table 1: Illustrative Platform models

14
A Multi-Currency Exchange and Contracting Platform (Adrian et al., 2022)

12
 Project Guardian \\ Enabling Open and Interoperable Networks

13
Archetypes of Digital Asset Networks

14
 5.2 Asset Type Fungibility of tokens

In the context of Project Guardian, digital assets Tokens could be further distinguished between
refers to tokenised real economy assets and those that are fungible and those that are not. Non-
financial assets. This section discusses the Fungible Tokens (NFT) have unique identifiers and
different ways these assets could be represented. are not directly interchangeable with other tokens of
the same type.
Non-Native Tokens or Tokenised
representation of assets (T1) 5.3 Service Access

This refers to tokens which represent a claim The reference model described in Section 4.2
against the issuing institutions. In the case consists of a series of component layers. With
of tokenised deposits and similar tokenised reference to this model, it is possible to introduce
liabilities, the depository institutions that issued additional levels of control at the service component
the token is liable to the holder for the fiat amount layers such that activities on the network are
of the claim evidenced by the token15. While permissioned while the platform component layer of
for tokenised securities, this involves creating a network may be permissionless.
a digital token to represent the securities that
are traditionally issued and custodied. The To limit access to specific functions to selected
value of these tokens mirrors the value of the parties, mechanisms such as the use of address
Project Guardian \\ Enabling Open and Interoperable Networks

underlying traditional securities. For the first pilot whitelisting, partitioning through subnets or
of Project Guardian, DBS Bank and SBI Digital sidechains, and verifiable credentials may
Asset Holdings tested the concept of tokenised be employed.
Singapore Government Securities (SGS) bonds
and Japanese Government Bonds (JGB) and Address Whitelisting (A1)
conducted bilateral trades involving them.
Digital asset networks feature the use of wallet
Native Tokens (T2) addresses which are used to identify and receive
digital assets. These addresses are unique
Tokens that are native to a particular platform, identifiers in the form of alphanumeric characters.
whereby its primary system of record is the A method that can be employed to limit access to
platform, are referred to as native tokens or asset functions within a network, is to encode conditional
tokens. In the event of a dispute, these records are logic within smart contract code that checks if it
treated as the source of the truth. An example of a involves transactions originating from or targeted at
native token could be a digital currency issued by addresses that have been pre-qualified. A variation
a central bank. The central bank digital currency of this could be a denied party list, whereby wallet
in this context is a store of value itself and there addresses that are in the list will be denied access
are no separate cash reserves backing the central to functions. Whitelisting requires service providers
bank digital currency. The legal basis of these to screen and onboard participants individually to
tokens and the rights that holders of these tokens gain access to its function. Consequently, service
have is a subject of ongoing review in many providers will need to ensure they have adequate risk
jurisdictions. and compliance processes and controls in place.

Account-based (T3) Partitioning (A2)

For completeness, some digital asset projects Network partitioning can take place with subnets
are modelled representing traditional accounts or sidechains. Subnets are network partitions with
such as deposits held by financial institutions. its own set of rules on participation and control.
In such a scenario, the owner of the account Sidechains run independently but they maintain a
owns the value represented in the account. two-way bridge connection to the main network and
The accounts themselves are non-transferable, leverage the native tokens of the main network.
although the value held could be moved across
different accounts and the transfers recorded on a For instance, when a network is partitioned, multiple
platform. subnets are created such that network participants

15
Deposit Tokens: a foundation for stable digital money (Ozcan et al., 2023)

15
 Model A1 Model A2 Model A3
Verifiable Credentials
Category Address Whitelisting Partitioning
(Trust Anchors)

Access to network / Allowed by a single controller/ Allowed by a single controller Allowed by any authorised
protocol protocol or a consortium Trust Anchor

VCs states what participants

The controller onboards and Minimal to no permission
are allowed to do. Protocol
Permission grants permission to every required depending on the
validates if VC has the
participant required scope of the network
sufficient rights to permit

Controller/consortium of
KYC data locality All protocols/token issuers Trust Anchors only
the network

Composability
Low (bilateral arrangements) Medium to High High
between protocols

Example AAVE ARC Project Mariana16 Liquidity pool17

Table 2: Illustrative Types of Network Access Control

will only record and have access to data on a Implementing this model in practice is non-trivial
need-to-know basis – transactions that are specific as it requires the availability of trusted institutions
to the parties are recorded on its own partition with strict controls and are trusted to undertake the
and validated by a subset of authorised network process of screening individual participants at the

Archetypes of Digital Asset Networks

parties. Access to the data in the subnet will onset and on an ongoing basis. The responsibilities
require approval from the controllers of the subnet. and the liabilities of a trust anchor must be clearly
While preserving privacy between participants, defined as well. In addition, there must be sufficient
the management of such networks could become incentive for financial institutions to take on the
complex as the network scales. added responsibility of being a trust anchor.

Verifiable Credentials (A3) 5.4 Network Structure

The first pilot of Project Guardian explored the In the analysis of interactions between networks,
concept of verifiable credentials (VC) and financial it is assumed that each network should be
institutions as trust anchors. As trust anchors, interoperable and could constitute part of a larger
regulated financial institutions screen, verify and digital asset networks18. This report distils three
issue digital identities in the form of verifiable models of network interactions:
credentials to entities that wish to access specific
financial services. This ensures that participating
entities trade only with verified counterparties.
Model N1 Flat Networks

Verifiable credentials provide a rapid way to

validate identity and screen participating entities.
The information stored in physical credentials
today can be represented within the VCs, together
with digital signatures which makes it more tamper-
resistant and reliable.

The provision of services may be a third-party

service provider with a trust relationship to the trust Nodes

anchor. Once a trust relationship is established, Network

it removes the need for service providers to
onboard participants individually, as they could
Figure 3: Illustration of Model N1 - Flat Networks
delegate that responsibility to a trust anchor.

16
Project Mariana investigates the use of automated market-makers (AMM) specifically for foreign exchange (FX) trading and settlement (BIS, 2023).
17
 roject Guardian tested transaction with verifiable credentials issued by trust anchors to ensure transactions were executed in a safe and compliant
P
manner (Oliver Wyman Forum, DBS Ltd, SBI Digital Asset Holdings, & J.P. Morgan, 2022).
18
III. Blueprint for the future monetary system: improving the old, enabling the new (BIS, 2023b)

16
 Under this model, all participants interact with a nodes and serves as the common backbone across
common ledger. The transactions related to the multiple layer 2 networks. The upper layers would
transfer of ownership of digital assets are recorded therefore inherit the security of the lower layer. A
directly on the common ledger. This enables digital malicious actor that seeks to tamper a transaction
assets to be exchanged directly without the need unilaterally, would be required to reverse or modify
for bilateral setups between organisations or with a transaction on layer 2 as well as layer 1.
other networks. As all transactions are performed Layer 3 solutions are an emerging area, which
on a common ledger, it means that by default, seeks to support cross-chain interoperability,
transactions are visible to all participating nodes by facilitating asset transactions across layer 2s,
who have a copy of the ledger data. Accordingly, but these will not be covered in this report.
additional controls could be setup such that
transactions are only sent to validating nodes on a Layered networks however place heavy reliance
need-to-know basis. While on a common ledger, on the bridging or coordination mechanism
exchange of digital asset and digital currency can between the upper and lower levels. If such a
be performed in a single transaction block. This mechanism is compromised, the upper layers
is often described as atomic settlement, as the could suffer from a loss in monetary values.
exchange is completed in a single irreducible unit.
Hence, there is no possibility for desynchronised To ensure business continuity, the upper layers must
states for the different legs of the transaction, as constantly keep up with the changes made on the
they are completed in a single transaction block. lower levels to ensure continuing operations. This
Project Guardian \\ Enabling Open and Interoperable Networks

could become untenable if the lower levels change

In addition, in flat networks, all transactions frequently and the networks get increasingly complex,
are executed on a common ledger. Hence, which results in potential compatibility issues.
when the volume of transactions increase,
congestion may occur and the performance
on these networks may degrade. Model N3 Interlinked Networks

Model N2 Layered Networks

Layer 3

Layer 2

Layer 1
Figure 5: Illustration of Model N3 - Interlinked Networks
Figure 4: Illustration of Model N2 - Layered Networks

Under this model, the network is setup as a series This model consists of a network of independent
of layers. The upper layers (e.g., Layer 2) in such networks or sidechains, each with their own
a network, process individual transactions and distinct governance models. Unlike layered
record them on its own ledger while a summary of networks, sidechains do not rely on the validators
the transactions are then posted on to the lower of another network to ensure the integrity of its
levels’ ledger (e.g., Layer 1). Such a setup offloads transactions. Transactions in sidechains are
the traffic hitting the core ledger (e.g., Layer 1), recorded on its own ledger and are not posted
and consequently improves the scalability and to a separate network’s ledger periodically. To
performance of the layered network as a whole. move between these independent networks,
tokens may be held in custody in one network
The layer 1 network in this setup is likely to be and reissued on the other network. This process
more globally distributed with more validating is commonly referred to as wrapping. This makes

17
it easier for assets to be moved across different examined previously in the Project Cedar
networks. Another model involves cross-chain Phase II x Ubin+ report 19. HTLC uses a set of hash-
communication, wherein assets do not leave their locks and time-locks implemented through smart
respective chains, but instead a communication contracts on different networks, and through
layer exists to ensure that the movement of assets the release of a “secret,” all actions making up a
that exist on different chains is orchestrated. transaction are coordinated such that either they
all happen, or none happens.
Sidechains enable a larger network to be
partitioned into smaller and more specialised 5.5 Composability
subnetworks. Thus, this indirectly improves the
performance of the overall network as workload The features described in the previous section are
may be processed in parallel on each of these intended to be composable. A given digital asset
networks rather than processed serially in a single network may utilise a combination of different
flat network. platforms, network structures and service access
types in its deployment.
When the digital assets and currencies reside on
different networks, DvP (Delivery versus Payment) To illustrate the concept, two examples have
settlement may be achieved with smart contracts been provided that demonstrate how the features
replicating and replacing the processes performed could be combined. The first example is based
by a trusted intermediary. This is typically off Partior20 while the second one is based off
implemented through a two-phase-commit the pilot design by DBS Bank, J.P. Morgan Chase
model of ensuring both assets and currencies are Bank and SBI Digital Asset Holdings 21 cross-
available and locked, prior to releasing them and currency transactions on a layered network.

Archetypes of Digital Asset Networks

completing settlement. As compared to atomic
settlement in a single transaction block, this model These examples are not intended to be
requires additional steps to synchronise states exhaustive; it is foreseeable that there are other
across platforms and retains a low residual risk of combinations that might be practical in the
failure under specific exceptional scenarios. field. Additionally, there may be other forms of
mechanisms to achieve the desired goals of being
One possible technical implementation is Hashed a financial market infrastructure that might not be
Time-Locked Contracts (HTLC), which was covered in the above examples.

Digital Asset Network Archetype

Platform Network Service

Type Structure Access

Example 1 Example 2

P2 N1 A2 P1 N2 A3
Private and Flat Partitioning Public and Layered Verifiable
Permissioned Network Permissionless Network Credentials
(Trust Anchor)

The network utilises a private and The network utilises a public and
permissioned platform type, featuring a flat permissionless platform type, featuring a
network where selected participants can join. layered network where all participants join.
They are supported by the use of subnets so To restrict access, trust anchors issue and
that certain transactions are closed off and validate verifiable credentials.
only accessible by a subset of participants.
Figure 6: Composability

19
 roject Cedar Phase II x Ubin+ examined whether distributed ledger technology could be used to improve the efficiency of cross-border payments
P
and settlements involving multiple currencies (New York Innovation Center (NYIC) & Monetary Authority of Singapore (MAS), 2023).
20
Partior is a private and permissioned digital ledger platform based off Quorum.
21
Institutional DeFi - The Next Generation of Finance (Oliver Wyman, DBS Ltd, SBI Digital Asset Holdings, & J.P. Morgan, 2022).

18
 6 — Principles for FMIs and Application
to Digital Asset Networks

The Principles for Financial Market Infrastructures In addition to PFMI, other relevant international
(PFMI), jointly developed by the BIS Committee standards might need to be considered, if the
on Payments and Market Infrastructures (CPMI) extent of the functions performed by digital asset
and the International Organization of Securities networks (such as trading, issuance, custody
Commissions (IOSCO), are the international and client asset protection, asset servicing
standards for FMIs. They apply to all systemically and depositor protection) overlap with these
important payment systems, central securities standards 24. The relevant standards include:
depositories, securities settlement systems, central
counterparties (CCPs) and trade repositories. ȡ IOSCO’s Objectives and Principles of
The PFMI define an FMI as a multilateral system Securities Regulation, including the Policy
among participating institutions, including the Recommendations for Crypto and Digital Asset
operator of the system, used for the purposes of Markets25 that are currently subject to public
clearing, settling or recording payments, securities, consultation; these recommendations apply the
Project Guardian \\ Enabling Open and Interoperable Networks

derivatives or other financial transactions. The IOSCO standards to crypto asset markets.
PFMI takes a functional approach, focusing on ȡ The Basel Committee on Banking Supervision
the function that a certain arrangement performs. (BCBS) Standards, including its standard
Consequently, a digital asset network, such as on the Prudential Treatment of Crypto Asset
the ones that are the focus of this report, could fall Exposures26.
under the scope of the application of the PFMI, to ȡ The Financial Action Task Force’s (FATF)
the extent such a network performs a function that Recommendations, including its Updated
an FMI does. Guidance for a Risk-based Approach to Virtual
Assets and Virtual Asset Service Providers27.
While the PFMI are broadly designed to apply
to all FMIs, there are some principles and key This is consistent with the approach for
considerations that only apply to certain types existing FMIs.
of FMIs 22. However, the FMI functions performed
by digital asset networks may be a mix of the While the CPMI and IOSCO have not issued
functions that are expected to be performed by guidance on the application of the PFMI to digital
each of the existing categories of FMIs. Therefore, asset networks, there are three reports that
when applying the PFMI to a digital asset network, particularly provide insights into the application of
it is important to identify which FMI functions are the PFMI to such networks (in addition to the PFMI
relevant 23. Such variation in FMIs is not unforeseen themselves):
in the PFMI. The PFMI acknowledge that FMIs can
differ significantly in organisation, function and ȡ CPMI (2017) Distributed ledger technology
design. FMIs can be legally organised in a variety in payment, clearing and settlement
of forms. Depending on organisational form, FMIs – an analytical framework 28,
can be subject to different licensing and regulatory ȡ CPMI (2019) Wholesale digital tokens29, and
schemes within and across jurisdictions. Applying ȡ CPMI and IOSCO (2022) Application of the
the PFMI to a digital asset network will depend on principles for financial market infrastructures
the nature of the functions it performs and to what to stablecoin arrangements30.
extent these functions are considered as equivalent
to the functions of certain types of FMIs.

22
Annex E for matrix of applicability of key considerations to specific types of FMIs (BIS, 2012, p. 158.).
23
Annex D for a high-level description of various institutional designs of traditional FMIs (BIS, 2012, p. 148.).
24
IOSCO Decentralized finance report (International Organization of Securities Commissions (IOSCO), 2022).
25
Policy Recommendations for Crypto and Digital Asset Markets (IOSCO, 2023).
26
Prudential treatment of crypto asset exposures (BIS, 2022c).
27
Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (FATF, 2021).
28
Distributed ledger technology in payment, clearing and settlement - an analytical framework (BIS, 2017).
29
Wholesale digital tokens (BIS, 2019).
30
Application of the Principles for Financial Market Infrastructures to stablecoin arrangements (BIS, 2022a).

19
Drawing on this set of prior work, the section The distributed nature of a digital asset network
considers the implications of the novel and is a novel and notable feature that needs to be
notable features of digital asset networks as considered when applying the principles around
seen and experienced from Project Guardian, general organisation. It can potentially have
compared to traditional FMIs. The 24 Principles implications for the legal basis, governance
in the PFMI are organised into nine themes: (i) and the framework for the comprehensive
general organisation; (ii) credit and liquidity risk management of risks.
management; (iii) settlement; (iv) central securities
depositories and exchange-of-value settlement In terms of legal basis, the distributed nature of a
systems; (v) default management; (vi) general digital asset network may mean that the network
business and operational risk management; (vii) is more likely to operate in a multi-jurisdictional
access; (viii) efficiency; and (ix) transparency. environment. While identifying and mitigating
Each of these themes are considered in turn in the risks arising from a potential conflict of
the following. The application of the PFMI to new laws across jurisdictions is not a new issue for
technologies is likely to evolve over time and FMIs, the distributed nature of the arrangement
therefore the considerations set out below are likely may make it more complex to identify all of the
to be revisited over time. relevant jurisdictions. Separately, the novel nature
of tokens and smart contracts may mean that
6.1 Novel and Notable Features there is uncertainty regarding their legal status
of Digital Asset Networks and enforceability.

Digital asset networks or at least certain variants In terms of governance, FMIs are expected
of them may be characterised with several novel to have governance arrangements that are
features that may provide challenges when they (amongst other things) clear and transparent;
seek to observe the PFMI (and other relevant this includes having documented governance
standards). There are some features that may arrangements that provide clear and direct

Principles for FMIs

not be unique to digital asset networks but may lines of responsibility and accountability. If
be accentuated such that they could make it responsibility for the digital asset arrangement
more challenging to observe the PFMI (and other is distributed across multiple entities, including
relevant standards). In relation to the PFMI, such potentially anonymous legal entities, this may
features would include: be more challenging to demonstrate. However,
a digital asset network may be able to address
ȡ Use of stablecoins or tokenised securities this through its framework for the comprehensive
(including use of native tokens); management of risks, under which it is expected
ȡ Multiple interdependent functions; to regularly review the material risks it bears from
ȡ Use of smart contracts; and and poses to other entities (including service
ȡ Decentralisation of operations and governance. providers) as a result of interdependencies and
develop appropriate risk-management tools to
Challenges that these features may bring about are address these risks 31 .
discussed in the following sections.
6.3 Credit and Liquidity Risk
6.2 General Organisation Management

The foundation of an FMI’s risk-management An FMI or its participants may face credit and
framework includes its authority, structure, rights, liquidity risks arising from the FMI’s payment,
and responsibilities. The principles on the legal clearing, and settlement processes. The
basis for the FMI’s activities (Principle 1), the principles on credit risk management (Principle
governance structure of the FMI (Principle 2), and 4), collateral (Principle 5), margin (Principle
the framework for the comprehensive management 6), and liquidity risk management (Principle 7)
of risks (Principle 3), provide guidance to form the core of the standards for financial risk
help establish a strong foundation for the risk management and financial resources. Taken
management of an FMI. together, these four principles are designed to

31
 ommittee on Payments and Market Infrastructures (CPMI) and IOSCO (2022) provides guidance on how to apply this principle in the context
C
of stablecoin arrangements.

20
 provide a high degree of confidence that an never reaches, zero with the passage of time with
FMI will continue operating and serve as a certain consensus mechanisms used, or because
source of financial stability even in extreme a “fork” occurs. In such circumstances, even if
market conditions. the relevant legal framework and the digital asset
network’s rules and procedures have defined the
A potentially novel and notable feature of digital point at which final settlement occurs, a possibility
asset networks is shorter settlement cycles, remains that the validation of a transaction on
including potentially instant settlement. This has the ledger cannot be achieved with absolute
implications for both credit and liquidity risks. certainty33.
Faster (or instant) settlement could reduce (or
eliminate) replacement cost risk (a form of credit Another potentially novel and notable feature of
risk) and therefore reduce (or eliminate) the amount settlement in a digital asset network is the nature
of margin required. However, this would likely of the asset used for money settlement. FMIs are
involve pre-positioning cash and digital assets pre- expected to conduct their money settlements using
trade, which would increase liquidity costs. assets with little or no credit or liquidity risk. Money
settlements in traditional FMIs involve updating
Digital asset networks may perform other functions balances in account records on a centralised
than those of FMIs for financial transactions, register or ledger of a settlement institution, such
such as issuance of tokens, listing, registration, as a central bank, FMI or commercial bank. While
trading/market making, asset servicing and credit the cash tokens used in a digital asset network
Project Guardian \\ Enabling Open and Interoperable Networks

provision. These other functions may give rise to could similarly represent a claim on a specific
credit and liquidity risks to digital asset networks settlement institution, they could represent a
and their participants, and the relevant international claim on underlying assets or funds or some
standards (other than the PFMI) that may apply to other right or interest. Consequently, in order
those functions would need to be considered. to understand the credit and liquidity risks from
money settlements it is important to understand
6.4 Settlement the nature, timeliness and enforceability of the
claim, the nature and sufficiency of the assets or
A key risk that an FMI faces is settlement risk, funds backing the claim, how the value of that claim
which is the risk that settlement will not take might be affected by changes in the value of the
place as expected. An FMI faces this risk whether underlying assets or funds 34. If the assets backing
settlement of a transaction occurs on the FMI’s the cash tokens are claims on institutions other
books, on the books of another FMI, or on the than central banks, FMIs or commercial banks,
books of an external party (for example, a central or the claim is uncertain, this could introduce
bank or a commercial bank). The principles on credit risk relative to traditional FMI arrangements.
settlement finality (Principle 8), money settlements Similarly, if the claim cannot be realised in a timely
(Principle 9), and physical deliveries (Principle 10) manner, then this could introduce liquidity risk
provide guidance on managing this risk. relative to traditional FMI arrangements.

A novel and notable feature of a digital asset 6.5 Central Securities Depository
network could be the settlement mechanism and Exchange-of-Value Settlement
used. Therefore it is important to understand how
settlement is achieved operationally, and how Central securities depositories (CSDs) and
settlement finality is protected under the applicable exchange-of-value settlement systems have
legal framework. This includes clearly defining the unique risks associated with their function and
point at which settlement becomes irrevocable design. While the nature and scope of activities
and unconditional 32. Some digital asset networks performed by CSDs vary based on jurisdiction
may feature “probabilistic settlement”, which could and market practices, CSDs play a critical role
result in a misalignment between the operational in the protection of securities and help ensure
state of the ledger and the transfers that are the integrity of securities transactions. Similarly,
legally final. For example, a misalignment could exchange-of-value settlement systems play a
occur because the probability of revocation of a critical role in mitigating principal risk by linking
transaction validated by nodes converges to, but the final settlement of one obligation to the

32
CPMI and IOSCO (2022) provides guidance on settlement finality in the context of stablecoin arrangements.
33
C PMI and IOSCO (2022) provides guidance on settlement finality in the context of stablecoin arrangements. While this guidance relates to stablecoins
and their use for money settlement, most if not all discussion provided in the guidance would be applicable to the transfer of tokenized securities.
34
Guidance on these in the context of stablecoin arrangements is set out in CPMI and IOSCO (2022).

21
Digital asset networks or at least certain variants of them
may be characterised with several novel features that may
provide challenges when they seek to observe the PFMI
(and other relevant standards).

final settlement of another. The two principles 6.6 Default Management

provide specific guidance to CSDs (Principle 11)
and exchange-of-value settlement systems An FMI should have appropriate policies and
(Principle 12). procedures to handle participant defaults.
A participant default, if not properly managed,
A novel and notable feature of digital asset can have serious implications for the FMI, other
networks is that the securities are tokenised rather participants, and the broader financial markets.
than immobilised or dematerialised. Principle 11 The principles on participant-default rules
states that a “CSD should maintain securities in an and procedures for all FMIs (Principle 13) and
immobilised or dematerialised form for their transfer segregation and portability issues for CCPs
by book entry” 35. There are parallels between native (Principle 14) provide guidance on this.
tokens (i.e., tokens that only exist on the network)
and dematerialised securities (which only exist A novel and notable feature of digital asset networks
in electronic form). Similarly, there are parallels is that it may involve a digital ledger that acts as
between non-native tokens (i.e., representations the single source of truth regarding beneficial

Principles for FMIs

of an asset that has been issued outside of the ownership. To the extent that a digital asset network
network) and immobilised securities (where paper- provides CCP services, this may make it easier for
based securities are held in a depository and transfer the digital asset network to observe the Segregation
of these securities are through book entry). These and Portability Principle. Decentralised nature of
parallels provide a starting point for considering digital asset networks or use of automation (e.g.,
the appropriate risk management arrangements smart contracts) might make it more challenging
for tokenised securities. For example, similar to the to manage contingent situations that may not be
existing arrangements for immobilised securities, anticipated ex ante but may arise in a default.
in the case of non-native tokens, the underlying
assets should be kept in custody and should 6.7 General Business and
not be used while their tokens are in circulation; Operational Risk Management
otherwise, such “double-duty” would effectively
lead to unauthorised creation of securities 36. The inability of an FMI to continue as a going
However, the novel nature of tokens may result concern could have systemic risk implications for
in additional issues that should be addressed. its participants and the broader financial markets.
Guidance on managing these risks is set out in the
Furthermore, as set out in Section 6.1, the principles on general business risk (Principle 15),
novel nature of tokens and smart contracts custody and investment risks (Principle 16), and
may mean that there is uncertainty regarding operational risk (Principle 17).
their legal status and enforceability.
As the operational arrangements (e.g., DLT)
As mentioned above, the settlement supporting a digital asset network are novel
mechanism could potentially be a novel and and notable, thorough consideration of how the
notable feature of a digital asset network. This operational arrangements affects observance
would relate to how final settlement of linked of the Operational Risk Principle is necessary.
obligations is achieved (ie delivery-versus- This consideration would need to draw on the
payment or payment-versus-payment). considerations around the principles on general
organisation.

35
Principle 11, Key Consideration 3 (BIS, 2012, p. 72.).
36
Principle 11, Key Consideration 1 (BIS, 2012, p. 72.).

22
 Project Guardian \\ Enabling Open and Interoperable Networks

23
Given the novel nature of digital asset that reasonable risk-related participation
networks, it may also be more challenging requirements are necessary to allow for fair and
to identify, monitor and manage its general open access to an FMI’s service 38. Consequently,
business risk. For example, it can be difficult such a digital asset network would need to justify
to develop a viable recovery or orderly wind- why risk-related participation requirements are
down plan for a new and novel business. not necessary in order to manage the risks that an
actual or prospective participant may pose to the
As mentioned above, a digital asset network may FMI and other participants.
involve a digital ledger that acts as the single
source of truth regarding beneficial ownership. The existence of layered networks in digital
This may affect how the FMI safeguards its own asset networks may also mean that the FMI Links
and participants’ assets under the Custody and Principle is more relevant for digital asset networks
Investment Risks Principle. While having a digital than traditional FMIs.
ledger that is a single source of truth is similar to a
direct holding system 37, unlike those systems where 6.9 Efficiency
custodians may still be involved in maintaining
the records of beneficial ownership. It would be Efficiency and safety are important to an FMI in
a more significant change from traditional FMIs performing its payment, clearing, settlement, and
that operate an indirect holding system. Under an recording functions. The following two principles
indirect holding system there is no single source of provide guidance to FMIs on efficiency and
truth; custodians hold securities on behalf of their effectiveness (Principle 21) and communication
clients in omnibus accounts in the CSD’s ledger procedures and standards (Principle 22), which is
and then separately maintain their own records one traditional aspect of efficiency.
on clients’ beneficial ownership of securities.
A digital asset network is expected to meet these
The discussion above on the legal nature of tokens principles, where relevant.

Principles for FMIs

and the asset used for money settlements is also
relevant to a digital asset network’s observance of 6.10 Transparency
the Custody and Investment Risks Principle, under
which an FMI is expected to safeguard its own and Transparency helps ensure that relevant
participants’ assets and minimise the risk of loss on information is provided to an FMI’s participants,
and delay in access to these assets. authorities, and the public to inform sound decision
making and foster confidence. Guidance for all
6.8 Access FMIs on the disclosure of rules, key procedures,
and market data to enable participants and other
Fair and open access to an FMI by direct interested parties to have a clear understanding
participants, indirect participants, and other FMIs of the risks and controls on risks associated with
is important because of the critical role many an FMI, as well as fees and other costs incurred
FMIs play in the markets they serve. Guidance by participation in the FMI is set out in Principle
on this is set out in the principles on access and 23. In addition, there is a specific principle for
participation requirements (Principle 18), the trade repositories on the disclosure of market data
management of tiered participation arrangements to allow participants, authorities, and the public
(Principle 19), and the management of FMI links to make timely assessments of OTC derivatives
(Principle 20). markets and, if relevant, other markets served by
the trade repository (Principle 24).
A novel and notable feature of digital asset
networks that use a public network is that access is A digital asset network is expected to meet
not restricted. This is in contrast to the presumption these principles, where relevant.

37
In a direct holding system, each beneficial owner has an individual account with the CSD.
38
A s per explanatory note 3.18.5 (BIS, 2012, p. 102.), an FMI should always consider the risks that an actual or prospective participant may pose to
the FMI and other participants. Accordingly, an FMI should establish risk-related participation requirements adequate to ensure that its participants
meet appropriate operational, financial, and legal requirements to allow them to fulfil their obligations to the FMI, including the other participants,
on a timely basis.

24
 7 — Case Studies
Previous sections in this report introduced the framework for the design
of open and interoperable networks. This section discusses how the
framework and associated concepts may be applied in practice.
Three industry initiatives were used as the context for this analysis.

Platform
Case Participating Network Network Service Asset
Study Institutions Type Structure Access Type
Participation Control

Global Verifiable Tokenised

SBI, DBS P1-N2-A3 Layered Public Permissionless
Liquidity Pool Credentials assets

Trade Finance
Asset
Asset-backed SCB P1-N1-A1 Flat Public Permissionless Whitelist
Tokens
Securities

Structured Asset
HSBC, UOB, MN P1-N2-A1 Layered Public Permissionless Whitelist
Notes Tokens
Project Guardian \\ Enabling Open and Interoperable Networks

Table 3: Comparison of Network Types

The industry initiatives included a study of the Bonds, Japanese Government Bonds (JGB),
feasibility of public platforms and their equivalent Japanese Yen (JPY) and Singapore Dollar (SGD).
private implementations. The inclusion of these
platforms in this report are for learning purposes For this solution, the network type used is P1-N2-A3.
and should not be inferred as an endorsement on The participants will be issued verifiable credentials
their suitability as financial market infrastructures. to partake in activities on a public permissionless
Future research includes the study of public and platform which is covered in further detail below.
permissioned platforms as well as the interlinking The network structure is layered, specifically a layer 2
of private and permissioned platforms. is used for lower costs, and to increase scalability and
performance of transaction processing. Non-native
7.1 Case Study 1 – Global Liquidity Pool tokens or tokenised representations of assets will be
used to mirror the value of the underlying traditional
Background securities and cash.
The FX market is the largest market in the global
financial system with over-the-counter (OTC) FX Tokenised representations of these assets will be
transactions amounting to more than $7.5 trillion in issued and supplied to a common liquidity pool. This
daily turnover as at April 2022 39. Currently, FX and enables traders to trade against a pool of tokenised
government securities are primarily transacted in assets as the counterparty instead of multiple different
the OTC markets involving multiple intermediaries counterparties. The trade will comprise the outright
resulting in frictions in the settlement process. purchase and sale of tokenised SGS bonds, SGD, JGB
These layers of intermediaries add to processing and JPY. The participating financial institutions will play
time and cost. Additionally, setting up counterparty different roles of liquidity provider and trader in each
lines is an onerous process and consequently liquidity pool.
liquidity is fragmented across multiple trading
venues today. The traders and liquidity providers have to be screened
through onboarding processes by trust anchors
Approach before they will be issued verifiable credentials. This
DBS Bank and SBI Digital Asset Holdings are enables the validation of verifiable credentials for
collaborating to explore the feasibility of conducting traders to access the liquidity pool and trade through
foreign exchange and government bond non-custodial wallets. This will be tested on a public
transactions against liquidity pools comprising of permissionless platform where the permissioned
tokenised Singapore Government Securities (SGS) decentralised exchange protocols will be deployed.

39
OTC Foreign Exchange Turnover in April 2022 (BIS, 2022b).

25
Figure 15: Solution Overview of Global Liquidity Pool

B Verifiable Credential Issuance Platform

2
VC On-chain Verifiable
Issue VC VC Issuer Credential Solution

3
A Tokenisation Workflow C Trading
Deposit
Verify against
Cash 5 Registry smart
SGD Liquidity Withdraw contract
Price
Provider
Boundary
Wallet
Interface Check
Proxy Smart SGD Price
SGS 4
1 Trader Contract Oracle
SGS
Wallet Trade
Tokenise Liquidity
(De-tokenise) Pools
Holding
Securities Asset held in FI Wallet
holding wallet Authorise transactions
of assets in holding wallet

Figure 7: Solution Overview of Global Liquidity Pool 40

The Global Liquidity Pool initiative focuses on the Pool. VC Tokens will be implemented in the form of
following capabilities: a NFT in accordance with ERC-721 token standard.
ȡ Liquidity Pool Protocol: A liquidity pool is setup
ȡ Tokenisation: This describes the process using smart contracts with an Automated Market
whereby cash and the underlying securities Marker (AMM) based on the Constant Function
are tokenised and distributed to a financial Market Maker Algorithm. The liquidity pool
institutions’ holding wallet. Tokenised protocol incorporates an additional control point,
assets and cash held in the holding wallets whereby users will be required to provide proof of
of respective financial institutions were ownership of a VC token as an authorisation check
implemented using the ERC-20 token standards. for depositing, withdrawing, and trading within the
ȡ Verifiable Credential Issuance Platform: liquidity pool.

Case Studies
A common set of processes for issuing Verifiable
Credential tokens has to be established with The protocol also references price oracles for off-
specific authorisations (i.e., for Liquidity chain data on asset prices as a boundary check.
Provider, Trader). The VC tokens enable the This acts as a circuit breaker in the event of an
provision of access and activities into Liquidity extreme price deviation from the rest of the market.

Key Roles and Responsibilities

Role Responsibility Participant

Responsible for the issuance of tokenised SGD and tokenised SGS bonds. DBS
Issuer
Responsible for the issuance of tokenised JPY and tokenised JGB. SBI

Conduct trading activities against the liquidity pool made up of tokenised JPY,
Trader DBS, SBI
JGB, SGD and SGS.

Responsible for the provision of liquidity into the liquidity pools in the form of
DBS
tokenised SGD and SGS.
Liquidity Provider
Responsible for the provision of liquidity into the liquidity pools in the form of
SBI
tokenised JPY and JGB.

ȡ Develops and maintains liquidity pool and AMM smart contracts.

Protocol Developer ȡ Performs modifications on lending and borrowing DeFi protocols for asset DBS
trading.

Verifiable Credentials
Develops and maintains smart contracts for verifiable credentials. DBS
Developer

ȡ Responsible for permissioning access to traders and participants.

Trust Anchor
ȡ Performs screening on participants (i.e. Traders) and issues verifiable DBS, SBI
credentials with specific authorisations (i.e., for Liquidity Provider, Trader)
to authenticate identity of participants on-chain.

40
 n-chain verifiable credential and proxy smart contract solution leveraged concepts developed by JPM during Project Guardian.
O
Refer to Institutional DeFi - The Next Generation of Finance (Oliver Wyman, DBS Ltd, SBI Digital Asset Holdings, & J.P. Morgan, 2022).

26
 Process Overview 6. Liquidity Provider or the Trader initiates
The global liquidity pool initiative consists of the the transaction through the front-end user
following steps: interface.
7. The transaction is then signed with the
Registration and Verifiable Credentials Flow Liquidity Provider and Trader’s key.
1. Onboard Liquidity Provider or the Trader and 8. The roles and identity are verified through the
conduct KYC. earlier issued VC in the Liquidity Provider or
2. KYC is successfully completed and the VC is Trader’s wallet by the Verifier Smart Contract
issued to the Liquidity Provider or the Trader. with the registry.
3. The VC administrator identity is stored in the 9. The tokenised assets will be drawn from the
Registry Smart Contract for VC verification. DBS holding wallet.
4. The VC token is then minted and issued to the 10. Liquidity Provider or a Trader can deploy the
Liquidity Provider or the Trader’s wallet. tokenised assets into the liquidity pool to
5. The VC is signed by the administrator’s wallet key. provide liquidity or trade.

A B
Verifiable Credential Onboard Liquidity Liquidity Provider
1 Provider / Trader
(VC) Administrator / Trader

Infinite
Project Guardian \\ Enabling Open and Interoperable Networks

6 Transaction
KYC Service
5 7
UI / DAPP
Sign VC by Sign transaction
HSM
administrator’s wallet key using LP /
Issuance Service Trader Wallet

Mint credential token

to LP / Trader Wallet 4
Off-Chain

On-Chain
2 Issue VC
Pull tokens from
Participant Credential Token 9 DBS Holding Wallet
• Participant Identity
• Issuer Identity
• Roles NFT
• Expiry
Stores VC administrator ERC-721
• Digital signature
3 identity in registry
for VC verification

8
Registry Verifier Proxy
Smart Contract Smart Contract Verify roles / identify Smart Contract
based on NFT info

10
Liquidity Pool Smart Contract
Interact with liquidity pool
(i.e provide liquidity / trade)

Figure 8: Registration and Verifiable Credentials flow 41

Legend
A. Administration of VC B. Users (Liquidity Provider/ Trader)
Issuance/
ȡ Administrator assigns VC token ȡ Users will need to hold the correct type of VC token Revocation
with appropriate role (i.e. Trader in own wallet to be able to perform the necessary
or Liquidity Provider) to wallet actions on the Liquidity Pool Smart Contract Trade/Liquidity
address, after verification/ KYC ȡ Interactions with the Liquidity Pool Smart Contract Provisioning
ȡ Administrator can set expiry or will involve verification against the Registry
manually revoke issued VC tokens ȡ Successful verification of liquidity provider/ trader LP/Trading Wallet:
ȡ Issuances and updates to VC wallet with the VC tokens, will authorise use of to store VC Tokens
tokens will update the Registry Tokenised Assets from the Holding wallet to perform
Smart Contract the appropriate actions (i.e. provide liquidity / trade) Holding Wallet: to store
Tokenised Assets

41
 n-chain verifiable credential and proxy smart contract solution leveraged concepts developed by JPM during Project Guardian.
O
Refer to Institutional DeFi - The Next Generation of Finance (Oliver Wyman, DBS Ltd, SBI Digital Asset Holdings, & J.P. Morgan, 2022).

27
Case Studies

28
 Funding the wallets
1. Minting SGD and SGS tokens: DBS mints tokens representing SGD cash and SGS.
2. Minting JPY and JGB tokens: SBI mints tokens representing JPY cash and JGB.

(1) DBS mints SGD (2) SBI mints JPY

and SGS tokens and JGB tokens

Figure 17: OTC Trade – JPY and SGD tokens

DBS SBI

Figure 9: Minting tokens and funding wallet

Trading
1. OTC Trade – JPY and SGD tokens
a) Conducting the trade: DBS and SBI enters into an OTC FX (JPY/SGD) spot trade.
Project Guardian \\ Enabling Open and Interoperable Networks

JPY tokens
JPY
(1A) OTC FX spot trade

DBS S$ SBI
SGD tokens

Figure 10: OTC Trade – JPY and SGD tokens

Figure 18: Liquidity Pool 1 (SGD – SGS bond tokens)

2. Liquidity Pool 1 – SGD and SGS tokens
a) Funding the liquidity pool: DBS (liquidity provider) invests SGD and SGS tokens in
Liquidity pool 1.
b) Conducting the trade: SBI (trader) buys SGS and pays SGD to the Liquidity Pool
1 in a single atomic transaction.
c) W ithdrawing from the liquidity pool: DBS withdraw liquidity from Liquidity Pool 1.

Liquidity Pool 1
S$ SGS

(2A) Invest (2B) Pay SGD S$

SGD

SGS SGS
Liquidity Provider / (2C) Withdraw (2B) Buy SGS Trader /
DBS SBI
S$ SGS

Figure 11: Liquidity Pool 1 (SGD – SGS bond tokens)

29
 3. Liquidity Pool 2 – JPY and JGB tokens
Figure 19: Liquidity Pool
a) Funding 2 (JPY –pool:
the liquidity JGBSBI
tokens)
(liquidity provider) invests JPY and
JGB tokens in Liquidity Pool 2.
b) Conducting the trade: DBS (trader) buys JGB and pays JPY to the
Liquidity Pool 2 in a single atomic transaction.
c) W ithdrawing from the liquidity pool: SBI withdraws liquidity from
the Liquidity Pool 2.

Liquidity Pool 2

JPY JGB

(3A) Invest (3B) Pay JPY JPY

JPY

JGB JGB
Liquidity Provider / (3C) Withdraw (3B) Buy JGB Trader /
SBI DBS
JPY JGB

Figure 12: Liquidity Pool 2 (JPY – JGB tokens)

4. Liquidity Pool 3 – SGD and JPY tokens

Case Studies
a) Funding the liquidity pool: DBS and SBI (liquidity providers) invest SGD
and JPY tokens in Liquidity Pool 3.
Figure 20: Liquidity Poolthe
b) Conducting 3 (SGD
trade: – JPY
SBI tokens)
buys SGD and pays JPY to Liquidity Pool 3;
DBS buys JPY and sells SGD to Liquidity Pool 3 in a single atomic transaction.
c) W ithdrawing from the liquidity pool: DBS and SBI withdraw liquidity from
Liquidity Pool 3.

Liquidity Pool 3

PY JPY
S$ JPY ) Pay J
(4B
GD S$ Trader /
Liquidity Provider / (4A) Invest B uy S
(4B) SBI
SBI SGD
(4C)
Pay S
JPY G D
(4D) Withdraw (4C) S$
B uy JP
Y
S$ JPY Trader /
Liquidity Provider / JPY
DBS
DBS

Figure 13: Liquidity Pool 3 (SGD – JPY tokens)

30
 This has the potential to transform current trading
and settlement processes, as trading in a permissioned
liquidity pool protocol achieves greater efficiency
by reducing friction and minimising risks, while the
tokenised assets bring the benefits of atomic settlement.

Limitations of proposed solution Key learnings and future developments

Privacy Concerns The use of a liquidity pool could increase efficiency
Under the existing market infrastructures, while reducing the number of intermediaries in
transactional privacy applies generally to all executing a trade. The increase in trading velocity
transactions except for certain scenarios as and volumes with deeper liquidity pools creates
required by regulation. However, on a public more pricing and spread efficiencies when trading
network, there is full transparency over trades in the AMM. This is a virtuous cycle, as a highly
originating from each wallet address. This liquid market attracts more participating investors.
may cause concerns where participants to a
trade and such activity can be traced through These tests highlight the benefits of atomic
Project Guardian \\ Enabling Open and Interoperable Networks

transactions and wallet addresses. Although, settlement and the potential for creating deeper
given the pseudonymity of wallets, only the secondary liquidity across multiple financial assets
wallet addresses can be identified, while the and markets. In this solution, pricing will be available
information on the owners of the wallets will pre-trade before the trader decides to accept
continue to be privately maintained with the the trade conditions. The combination of steps
trust anchors. In such cases, only the trust in the trade and settlement process brings about
anchors and authorised financial regulators will operational efficiencies in the trade execution and
be able to identify the owner of the wallet. reduces settlement risks. With fewer intermediaries
required in a trade, costs can be reduced, and
Regulatory and Legal Treatment transaction speeds can increase.Transactions are
The legal and regulatory landscape for tokenised immutable and transaction statuses are visible on the
financial assets and DeFi is still evolving. For network without the need to trace these transactions
instance, the legal treatment of digital financial manually. That said, the protocols need further
assets as property, settlement finality and the development to cater to and cope with the complexity
regulation of DeFi protocols, are all subject of of multi-asset pools and efficient price discovery.
ongoing research and consultation. Furthermore,
the complexity is compounded as DeFi trades This has the potential to transform current
are subject to differing regulations across trading and settlement processes, as trading in
different jurisdictions. Hence, a coordinated a permissioned liquidity pool protocol achieves
international approach amongst financial greater efficiency by reducing friction and
regulators and international standard setting minimising risks, while the tokenised assets
bodies is required to achieve common regulatory bring the benefits of atomic settlement.
outcomes across jurisdictions and reduce
frictions in cross-border transactions. 7.2 Case Study 2 – Asset Backed
Security Token with Underlying
Smart Contract Vulnerability Trade and Working Capital Loans
The liquidity pool and trading functionalities
are developed mainly using smart contracts. Background
Hence, smart contract vulnerabilities are an Trade finance is a critical part of the global real
important area of concern from an operational economy, facilitating cross-border transactions for
and business continuity perspective. Examples businesses of various sizes. Currently, up to 80%
of potential vulnerabilities include transaction of global trade is facilitated by financing solutions
frontrunning whereby frontrunners can or credit insurance. The global trade finance
submit subsequent identical transactions to market size is projected to reach USD 10 trillion
the ledger to be prioritised for processing by year 2027, an increase of 24% since year 2020.
with incentives such as additional fees. Trade finance offerings include sale of invoices

31
Case Studies

32
 Pool of Non-Fungible Tokens

Tokenisation
Underlying NFT1 NFT2 NFT3 NFTN
Assets
Tranching

Wallets

Class A – Senior Fungible Token: ERC–20 Fungible Tokens

stated coupon; not rated
by a credit rating agency Initial Token Distribution Token
Offering
Class B – Junior Fungible Token:
excess spread; not rated
by a credit rating agency
Cash

Figure 14: Solution overview of ABS tokenisation scheme

Project Guardian \\ Enabling Open and Interoperable Networks

or accounts receivables as well as short-term platform which is covered in further detail below.
lending solutions to optimise cash flows. The flat network structure allows for the ABS
tokens to be exchanged directly without
Trade finance assets, while typically difficult to needing intermediaries.
access, are seen as low risk investments. The low
risk involved with trade finance makes owning trade The ABS tokenisation initiative focuses on the
finance assets a great way to diversify investments. following capabilities:
However, history has shown that the lack of ȡ Tokenisation of Trade Finance Receivable
liquidity in trade finance assets paired with duration Assets in the form of non-fungible tokens.
risks have made it difficult for non-institutional ȡ Tranching, the core of securitisation
investors to gain access to these assets. On the transactions where the risk/rewards on
other hand, there has been increasing demand for a portfolio of risky assets are allocated
digital assets and there is also growing interest between senior tranches and junior tranches
amongst investors to diversify their portfolio with according to strict cashflow allocations (e.g.
new forms of tokens with traceable intrinsic value. ‘cashflow waterfall’), where:
→ t he junior tranche is the most exposed
Approach to the variability, performance
Standard Chartered is leading an Asset- and ultimately default risks of the
Backed Securities (ABS) tokenisation initiative underlying assets and;
to develop a platform and marketplace to → t he senior tranche is insulated, to a
transform real-economy assets such as import/ certain extent, by a buffer in the form
export financing assets into standardised of the junior tranche
digital assets instruments. The initiative aims ȡ Production of two new types of Fungible
to allow a broader base of investors to access Tokens: the fungible tokens are linked to
bank-originated real economy assets, such the same portfolio consisting NFTs of Trade
as trade finance and working capital loans. Finance Receivable Assets with senior/junior
split. This is per a typical securitisation where
For this solution, the network type P1-N1-A1 will the senior fungible token will be linked to the
be used. The participants are to be whitelisted to senior tranche and the junior fungible token,
partake in activities on a public permissionless to the junior tranche.

33
 To support these capabilities, the ABS token automated by the smart contract, eliminating the
leverages smart contract technology for the token need for a third party to perform the calculation.
offering, asset pool creation, NFT assignment,
redemption and replenishment, maturity This initiative seeks to investigate the primary
redemption and payout to token holders. Process issuance of real-economy digital assets tokens.
automation through smart contracts streamlines The initiative aims to increase the capability to
and enhances efficiency, enabling investors to support real economy flows and provide digital
invest in asset-backed securities securely and asset investors to diversify their portfolios, as well
transparently without relying on intermediaries. For as greater transparency and reduced information
example, the calculation of token holder interest is asymmetry.

Key Roles and Responsibilities

Role Responsibility Participant

Responsible for the issuance of the asset-backed token, and the issuer will be a Standard
Issuer
Special Purpose Vehicle (SPV). Chartered

ȡ Responsible for originating the trade finance assets (e.g., in form of lending
money to obligor and collecting the principal plus interest at maturity). Standard
Asset Originator
ȡ Asset Originator will surrender ownership of the assets it owns through a legal Chartered
outright sale but will continue to service the underlying trade finance assets.

Arranges, underwrites and facilitates the sale of ABS tokens in the Initial Token Standard
Arranger
Offering. Chartered

Case Studies
Review of the ABS token offering and publication of the information under the
Listing Venue SGX Group
sandbox for digital bond listings.

ȡ Develops ABS token product smart contracts.

Protocol Developer
ȡ Enables the transfer and settlement of ABS tokens. Linklogis
ȡ Performs the on-chain registration, record keeping and lifecycle management
of ABS tokens.

Cash settlement Responsible to perform the cash leg settlement for the issuance to achieve Standard
Bank Delivery vs Payment. Chartered

Figure 20: Sale of Assets from Originator to SPV

Process Overview
There are four stages to transform the underlying assets into transferable tokens.

1. Legal Outright Sale of Assets

The first step in the process is the legal sale of assets from the originator to the SPV.
In this transaction, all the rights and interests to the underlying assets, including the
associated risks, are transferred to the SPV.

Sale of underlying
Trade Finance Receivable Assets

Originator SPV

Figure 15: Sale of Assets from Originator to SPV

34
 Figure 21: Tokenisation of underlying assets

2. Tokenisation of Underlying Assets

As the assets are transferred to the SPV, the underlying assets are tokenised as
NFT records. Each underlying asset corresponds to one count of NFT, whose
ownership record on the ledger represents the legal ownership of the assets. This
facilitates the recording of ownership changes on the ledger, with transparency and
traceability, and reduces information asymmetry between Issuer and Investors.

$ Tokenisation of Underlying
Trade Finance Receivable Assets

Figure 16: Tokenisation of underlying assets

Figure 22: Natively Issued ABTs

3. Repackaging of Tokenised Underlying Assets to Fungible Tokens

Asset pools can be used to diversify geographical, sectorial, and business risks to
avoid over-concentration on a particular industry or business. In this case, multiple
NFTs are assigned to an asset pool (a smart contract programmed to automate
Project Guardian \\ Enabling Open and Interoperable Networks

interest compounding and pay-outs). This asset pool is then bifurcated into a two
tranches (senior and junior) with distinct risk and reward characteristics. Fungible
tokens with different levels of seniority are then issued, which each representing
fractional ownership of the corresponding tranche.

Senior Junior
Repackaging

Tokenised Trade Finance Natively Issued

Receivable Assets Fungible Tokens

Figure 17: Natively Issued ABS tokens

Figure 23: ABT roadshow and Initial Token Offering process

4. Token Offering
Institutional investors can purchase fungible tokens through an Initial Token
Offering exercise. They can submit subscription requests to the issuer through
the token offering, and the arranger makes allocation decisions accordingly. If
the tokens are allocated, investors pay fiat currency for tokens. For this trade,
settlement is handled outside of the network, through traditional payment
mechanisms such as SWIFT, or e-banking transfers facilitated by Standard
Chartered. In future, a digital currency based atomic DvP could enable more
efficient exchange of digital asset and currency tokens.

Subscription Request

Allocation

Investors Issuer

Figure 18: ABS token and Initial Token Offering process

35
The transformation of trade assets into native digital
tokens could broaden the investor base for real economy
assets. Additionally, standardisation and automation
efforts are expected to bring cost savings in the set-up
and ongoing operations.

Limitations of proposed solution Key learnings and future developments

Privacy Concerns The transformation of trade assets into native
In this trade, the NFTs and fungible tokens are digital tokens could broaden the investor
published on a public permissionless platform. base for real economy assets. Additionally,
The choice of a public platform was based on the standardisation and automation efforts are
consideration of enhancing transparency and expected to bring cost savings in the set-up and
confidence for investors, allowing them to track the ongoing operations.
provenance of their tokens and view the number of
NFTs held in the asset pool. To address concerns Asset Tokenisation Standards
around data privacy, the underlying obligor names The asset tokenisation standard of underlying
in the NFTs are kept private to protect the interests assets was adopted and modified from Bankers

Case Studies
of the lending customer and originator. Association for Finance and Trade (BAFT) best
market practices. As shown in Table 1: Ledger
Credit and Liquidity Risks Infrastructure Models, the NFT Data Schema
Like any investment product, the underlying assets contains most of the data fields recommended
in the ABS token are subject to default risk, which by Distributed Ledger Payment Commitment
could reduce the expected returns of the tokens. Working Group (‘DLPC’ Working Group). In
If the underlying assets default, any shortfall in the addition, NFTs encapsulate a rich set of attributes
replenishment of the underlying assets will lead to that can comprehensively present asset
early repayment of the senior ABS token, thereby information and facilitate effective asset lifecycle
lowering the yields on the junior tokens. management. Smart contracts were built on
the Solidity programming language, leveraging
Additionally, there is a risk where the issuer is industry-standard tokenisation technologies
unable to fulfil the obligations to replenish the and protocols. Specifically, smart contracts for
assets due to unforeseen market conditions or fungible tokens were developed using the ERC-
other liquidity issues with the originator that may 20 standard.
result in insolvency.
Future Extendibility
Technical and Operational Risks The use of the ERC-20 standard is significant
The issuance of ABS tokens on a public because it enables interoperability with the
permissionless network increases the complexity digital assets ecosystem as well as decentralised
and potential surface area of attacks. As such, finance (DeFi) protocols. The availability of
there is a risk of software or smart contract fungible tokens on the public network opens
vulnerabilities such as attacks or cybersecurity possibilities for future extendibility, with
breaches. The use of open-source public protocols investors potentially being able to sell down
that are not maintained by regulated financial their investment holdings via institutional DeFi
institutions would mean that it is possible for the platforms that are operated 24/7, and further
underlying software to be forked or enhanced expand liquidity pools and reaching more
which may render the ABS token incompatible. investors globally.

36
 7.3 Case Study 3 – Digital Native (“AWM”) ‘token factory’ to enable the creation,
Issuance of Structured Notes distribution, and transfer of these assets.

Background For this solution, the network type used is

Over the counter (OTC) structured notes P1-N2-A1. The Parties have to be mutually
are a popular wealth management product whitelisted for the native issuance and
with substantial traction and demand in distribution activities of the AWM tokens on a
Asian wealth centres such as Singapore. The public permissionless platform. The network
products’ popularity notwithstanding, there chosen is a layered network, specifically a layer
remains opportunities to improve upon existing 2 for scalability and performance of transaction
operational processes. processing.

The current structured note issuance process The AWM token factory was designed to be
is relatively manual and requires multi-party used across multiple products and participants
coordination (i.e., with involving layers of in the future. In designing the infrastructure,
custodians, sub-custodians, middle offices, etc.). the Parties focused primarily on (i) appropriate
Meanwhile, due to their bespoke nature, servicing asset class selection in an AWM context and
of structured notes can be operationally intensive, (ii) a sequenced modular build plan. Structured
leading to higher risks of operational errors such notes were eventually selected due to their
as incorrect or delayed payments. frequent issuance nature and asset lifecycle
Project Guardian \\ Enabling Open and Interoperable Networks

management challenges. As opposed to being

Approach a captive platform, AWM token factory was
HSBC, Marketnode, and UOB (the “Parties”) designed at the onset to be an accessible
are creating an asset and wealth management market-wide platform.

Figure 11: Solution Overview of AWM Token Factory

Issuer

Issuance engine
Origination Data

Marketnode
Security Template
Data Lake

Post-processing
Engine
EVM-compatible token factory

Structured data Issuance and

Whitelist
ready for tokenisation Selement

Digital Custodian
Figure 19: Solution Overview of AWM Token Factory

37
By utilising DLT, structured products that are
created digitally can be safekept and distributed
using distributed ledgers on-chain, reducing
creation and distribution times.

The AWM token factory aims to ȡ Enhancing transparency across asset

achieve the following goals: lifecycle: The platform also serves to unify
participants and enhance transparency throughout
ȡ Digitalisation of issuance process: the entire lifecycle of the asset, allowing access
The platform digitalises and automates to important information such as the workflow
issuance workflows, lowering issuance costs status or movements of cash and securities during
and time to create, record and distribute settlement, redemptions, fixing and events.
structured notes in a digital format. ȡ Business model enablement: As a result of a
ȡ Automation of lifecycle events: lower overall cost structure and a more efficient
The platform digitalises and automates issuance and asset servicing process, business
lifecycle events such as creation, recording, models based around smaller issuance sizes,
coupon payments and payoff calculations to deeper customisability and wider distribution

Case Studies
ensure a single source of truth and real-time are now feasible. These allow issuers and
updates to wealth managers and investors. wealth managers to provide greater access to
products, potentially attracting greater issuance
volumes through a digitally native format.

Key Roles and Responsibilities

Role Responsibility Participant

Responsible for the issuance of the digital structured note under an existing
Issuer HSBC
medium-term note (MTN) programme.

Arranger Underwrites and facilitates the sale of the structured notes. HSBC

Issuing Agent Responsible for delivering the structured product against the proof of payment. HSBC

ȡ Develops AWM products’ smart contracts

Protocol Developer
ȡ Enables the transfer and settlement of AWM tokens Marketnode
ȡ Performs the on-chain registration, record keeping and lifecycle
management of AWM tokens.

Responsible for the maintenance of the register of wallet addresses

Registrar Marketnode
and the mapping to accounts.

Escrow Account
Manages an escrow cash account for fiat payments related to the transaction. Marketnode
Manager

Responsible for distribution of AWM products to end investors

Wealth Manager UOB
(i.e., institutional, or accredited investors).

Digital Custodian Provides solutions for the storage of private cryptographic keys for the tokens. UOB

38
 Process Overview
The digitally native structured product initiative consists of the following steps:

Issuance
1. The arranged deal terms are automatically restructured into a smart
contract readable format.
2. Security
Figure tokensCycle
12: Issuance are automatically
Flow issued to the Issuer; and Restricted Settlement
Units (RSUs) are automatically issued to the Distributor.
3. Effect the settlement transaction with atomic DvP.

Holds
security balance
post-selement
Issuance of selement RSU
2
aer final deal details confirmation
Distributor’s
Distributor Wallet

Marketnode
1 Gateway
Project Guardian \\ Enabling Open and Interoperable Networks

3
Exchanging
Marketnode of tokens
Operator

Marketnode dAPP
Issuer’s
Wallet
Issuance of security token
2
aer fiat details confirmation Holds
Issuer
selement balance
post-selement
Figure 20: Issuance Cycle Flow

Registration
1. Upon confirmation that settlement will proceed, the smart contract will be automatically
Figure 13: Registry Mechanism Flow
deployed to mint a non-fungible token (NFT) representing registration of the security.
2. The minted NFT will sit in Registrar’s wallet.

Marketnode
Gateway
1 2
Deployment of Minting of NFT to sit
smart contract in Registrar’s wallet
to mint NFT
Marketnode Registrar’s
Tokenisation Engine Wallet

Marketnode
Operator

Marketnode dAPP
Figure 21: Registry Mechanism Flow

39
Coupon Payment
1. On coupon payment day, Marketnode will programmatically confirm the fiat
details for the coupon payment.
Figure 14: Coupon Payment Cycle Flow
2. The coupon RSU will be automatically issued after matching value in fiat.
3. Once confirmed, fiat will be released to the Distributor for payment to investors,
and the corresponding security tokens are burnt.

Release of fiat
3 for payment
Distributor

Marketnode Confirmation of fiat

Marketnode’s
Tokenisation Engine Escrow Cash Account

Marketnode Marketnode’s
Operator 3
Wallet
2 Burning of
Issuance of coupon security RSU
Marketnode dAPP
RSU aer matching
value with fiat

Figure 22: Coupon Payment Cycle Flow

Case Studies
Limitations of proposed solution in combination with the digital representation of
Regulatory and Legal Considerations cash could allow for atomic settlement through
There is little legal precedence for digitally native real-time, instantaneous DvP autonomously,
securities today. For instance, greater legal and thereby shortening the settlement cycle.
regulatory clarity on the treatment of digitally native
securities as property as a first step, especially To ensure that the operational risks are carefully
across jurisdictions, will be a key factor to promote managed, a series of repeated and iterative testing
adoption by the wider global financial ecosystem. on a multitude of scenarios is required. For example,
the participating entity developed a platform-wide
Operational Risks business continuity plan to cover potential platform
With smart contracts, most of the operational risks and registrar events alongside remedial actions across
such as incorrect or delayed payments, can be various scenarios. The participating entities performed
greatly reduced. But due to the bespoke nature extensive quality assurance testing and multiple
of structured products, the servicing of such runs before successfully executing the issuances.
products can still be operationally intensive. For
instance, there can still be errors when information To achieve the scale and potential of the solution,
such as pricing or duration are incorrectly the project team is contributing to industry-wide
inputted by the issuers into the smart contract. efforts to establish a set of common industry
standards for asset issuance and exchange.
Key learnings and future developments Future integration to capabilities provided by the
Structured notes that are created digitally can be broader asset ecosystem will also be necessary
safekept and distributed using distributed ledgers to unlock the maximum potential of tokenisation,
on-chain, reducing creation and distribution such as enhancing distribution via connecting
times. Additionally, digital structured products to platforms such as ADDX or HSBC Orion.

40
 Project Guardian \\ Enabling Open and Interoperable Networks

41
8 — Conclusion

This report on enabling open and interoperable networks sought to provide

a framework for considering the types and implementation of digital asset
network through the core principles of financial market infrastructure.
To illustrate the concept of open and interoperable networks, real world
case studies and examples of solutions were provided in the report. The
inclusion or exclusion of specific technologies should not be used to
interpret their suitability as a financial market infrastructure.

Technological advancements and innovations in digital assets and DLT

continue to develop at a rapid pace. Hence, it is possible that future
technological developments and ongoing industry implementations will
yield insights that will supersede the observations highlighted in this paper.
Policymakers and operators will need to review the standards and practices
for risk management and operational execution on an ongoing basis.

Digital asset networks may play a foundational role in a future-state

financial landscape where digital assets and currencies can be exchanged
seamlessly across different networks. Project Guardian continues to
foster collaboration with the financial industry to ensure financial market
infrastructure serves the needs of market participants, ensures financial
integrity, and maintains financial stability. Future areas of exploration as
part of the Project Guardian report will encapsulate the other focused
themes of Trust Anchors and Institutional DeFi.

42
 9 — References
1. Menon, R. (2022, August 29). Yes to Digital Asset Innovation, No to Cryptocurrency Speculation [Speech]. Monetary Authority
of Singapore (MAS). Retrieved from https://www.mas.gov.sg/news/speeches/2022/yes-to-digital-asset-innovation-no-to-
cryptocurrency-speculation
2. Suresh, R., Kumar, S., Liu, D., Kronfellner, B., & Kaul, A. (2022, September 12). Relevance of On-chain Asset Tokenization in
‘Crypto Winter’ [PDF]. Retrieved from https://web-assets.bcg.com/1e/a2/5b5f2b7e42dfad2cb3113a291222/on-chain-asset-
tokenization.pdf
3. Gani, A. S. (2023, April 21). Tracking the Flow of Cross-Border Payments Around the World. Retrieved from
https://www.bloomberg.com/news/articles/2023-04-21/tracking-the-flow-of-cross-border-payments-around-the-world
4. EY Global. (2021, February 23). How new entrants are redefining cross-border payments. Retrieved from
https://www.ey.com/en_sg/banking-capital-markets/how-new-entrants-are-redefining-cross-border-payments
5. Financial Stability Board (FSB). (2023, February 16). The Financial Stability Risks of Decentralised Finance [PDF].
Retrieved from https://www.fsb.org/wp-content/uploads/P160223.pdf
6. Yoo, C. (2015, November 25). Moore’s Law, Metcalfe’s Law, and the Theory of Optimal Interoperability [PDF]. Retrieved from
https://scholarship.law.upenn.edu/cgi/viewcontent.cgi?article=2652&context=faculty _scholarship
7. Bank for International Settlements (BIS). (2012, April 16). Principles for financial market infrastructures [PDF].
Retrieved from https://www.bis.org/publ/cpss101a.pdf
8. Bank for International Settlements (BIS). (2017, February 27). Distributed ledger technology in payment,
clearing and settlement - an analytical framework [PDF]. Retrieved from https://www.bis.org/cpmi/publ/d157.pdf
9. Bank for International Settlements (BIS). (2019, December 12). Wholesale digital tokens [PDF]. Retrieved from
https://www.bis.org/cpmi/publ/d190.pdf
10. Bank for International Settlements (BIS). (2020, March 01). On the future of securities settlement [PDF].
Retrieved from https://www.bis.org/publ/qtrpdf/r_qt2003i.pdf
Project Guardian \\ Enabling Open and Interoperable Networks

11. Bank for International Settlements (BIS). (2022a, July 13). Application of the Principles for Financial Market Infrastructures
to stablecoin arrangements [PDF]. Retrieved from https://www.bis.org/cpmi/publ/d206.pdf
12. Bank for International Settlements (BIS). (2022b, October 27). OTC Foreign Exchange Turnover in April 2022 [PDF]. Retrieved
from https://www.bis.org/statistics/rpfx22_fx.pdf
13. Bank for International Settlements (BIS). (2022c, December 16). Prudential treatment of crypto asset exposures [PDF].
Retrieved from https://www.bis.org/bcbs/publ/d545.pdf
14. Carstens, A. (2023, February 22). Innovation and the future of the monetary system [Speech]. Presented at the Monetary
Authority of Singapore. Retrieved from https://www.bis.org/speeches/sp230222.htm
15. Bank for International Settlements (BIS). (2023, April 11). Project Mariana: CBDCs in automated market-makers.
https://www.bis.org/about/bisih/topics/cbdc/mariana.htm
16. Bank for International Settlements. (2023b, June 20). III. Blueprint for the future monetary system: improving the old, enabling
the new [PDF]. Retrieved from https://www.bis.org/publ/arpdf/ar2023e3.pdf
17. Natalucci, F., Qureshi, M. S., & Suntheim, F. (2022, October 4). How Illiquid Open-End Funds Can Amplify Shocks and
Destabilize Asset Prices. Retrieved from https://www.imf.org/en/Blogs/Articles/2022/10/04/how-illiquid-open-end-funds-
can-amplify-shocks-and-destabilize-asset-prices
18. Georgieva, K. (2022, February 9). The Future of Money: Gearing up for Central Bank Digital Currency. Retrieved from https://
www.imf.org/en/News/Articles/2022/02/09/sp020922-the-future-of-money-gearing-up-for-central-bank-digital-currency
19. Adrian, T., Grinberg, F., Mancini-Griffoli, T., Townsend, R. M., & Zhang, N. (2022, November). A Multi-Currency Exchange
and Contracting Platform. Retrieved from https://www.imf.org/-/media/Files/Publications/WP/2022/English/wpiea2022217-
print-pdf.ashx
20. Adrian, T., & Mancini Griffoli, T. (2023, June 19). The Rise of Payment and Contracting Platforms [PDF]. Retrieved from
https://www.imf.org/-/media/Files/Publications/FTN063/2023/English/FTNEA2023005.pdf
21. Sigalos, M. (2022, June 1). Solana suffered its second outage in a month, sending price plunging. Retrieved from
https://www.cnbc.com/2022/06/01/solana-suffered-its-second-outage-in-a-month-sending-price-plunging.html
22. Nijkerk, M. (2023, May 17). Ethereum Briefly Stopped Finalizing Transactions. What Happened?. Retrieved from
https://www.coindesk.com/tech/2023/05/17/ethereums-loss-of-finality-what-happened/
23. New York Innovation Center (NYIC), Monetary Authority of Singapore (MAS). (2023, May 18). Project Cedar Phase IIx Ubin+:
Improving wholesale cross-border multi-currency payments and settlements [PDF]. Retrieved from
https://www.newyorkfed.org/medialibrary/media/nyic/project-cedar-phase-two-ubin-report.pdf
24. Oliver Wyman Forum, DBS Ltd, SBI Digital Asset Holdings, & J.P. Morgan. (2022, November 2). Institutional DeFi -
The Next Generation of Finance [PDF]. Retrieved from https://www.oliverwymanforum.com/content/dam/oliver-wyman/ow-
forum/future-of-money/Institutional-DeFi-The-Next-Generation-of-Finance.pdf
25. Ozcan, G., Koyluoglu, U., Ekberg, J., Sizaret, L., Mallela, N., Toprak, B., Zaltsman, N., & Tombazzi, M. (2023, February 9).
DEPOSIT TOKENS - A FOUNDATION FOR STABLE DIGITAL MONEY [PDF]. Retrieved from https://www.oliverwyman.com/
content/dam/oliver-wyman/v2/publications/2023/feb/oliver-wyman-jp--morgan-deposit-tokens-report-final.pdf
26. International Organization of Securities Commissions (IOSCO). (2022, March 24). IOSCO Decentralized Finance Report [PDF].
Retrieved from https://www.iosco.org/library/pubdocs/pdf/IOSCOPD699.pdf
27. International Organization of Securities Commissions (IOSCO). (2023, May 24). Policy Recommendations for Crypto
and Digital Asset Markets [PDF]. Retrieved from https://www.iosco.org/library/pubdocs/pdf/IOSCOPD734.pdf
28. Committee on Payments and Market Infrastructures (CPMI), International Organization of Securities Commissions (IOSCO)
(2022, July 13). Application of the Principles for Financial Market Infrastructures to stablecoin arrangements [PDF]. Retrieved
from https://www.iosco.org/library/pubdocs/pdf/IOSCOPD707.pdf.
29. Financial Action Task Force (FATF). (2021, October 28). Updated Guidance for a Risk-Based Approach to Virtual Assets
and Virtual Asset Service Providers [PDF]. Retrieved from https://www.fatf-gafi.org/content/dam/fatf-gafi/guidance/Updated-
Guidance-VA-VASP.pdf
30. KPMG. (2022, November 21). Investing in Digital Assets: Family office and high-net worth investor perspectives on digital asset
allocation [PDF]. Retrieved from https://assets.kpmg.com/content/dam/kpmg/sg/pdf/2022/11/investing-in-digital-assets.pdf

43
10 — Acknowledgements
Co-Authors

Name Organisation Name Organisation

Alan Lim Monetary Authority of Singapore Vincent Pek Monetary Authority of Singapore

Darren Tng Monetary Authority of Singapore Tara Rice Bank for International Settlements

Nigel Lam Monetary Authority of Singapore Takeshi Shirakami Bank for International Settlements

Ong Chin Sin Monetary Authority of Singapore Jenny Hancock Bank for International Settlements

Contributors

Name Organisation Name Organisation

Keith Desouza DBS Bank Naveen Mallela JPMorgan Chase & Co

Kelvin Ang DBS Bank Tyrone Lobban JPMorgan Chase & Co

William Kan DBS Bank Toh Wee Kee JPMorgan Chase & Co

Low Yu Song DBS Bank Nikhil Sharma JPMorgan Chase & Co

Lee Zhu Kuang HSBC Jason Beale SBI Digital Asset Holdings

Rajeev Tummala HSBC Lars Schouw SBI Digital Asset Holdings

Tan Xin Yi HSBC Steven Hu Standard Chartered

Hashir Rahim HSBC Marc Freydefont Standard Chartered

Rachel Roch HSBC Adrian Tan Standard Chartered

Rehan Ahmed Marketnode Seth Thomas Standard Chartered

Chris Chien Marketnode Edmund Leong United Overseas Bank

Lau Yee Sheen Marketnode Chua Chek Ping United Overseas Bank

Additional contributions from MAS departments

ȡ Markets Policy and Infrastructure Department (MPI)

ȡ Prudential Policy Department (PPD)
ȡ Technology & Cyber Risk Supervision Department (TCRD)

Report designed by

ȡ Garçon Design

44