Free 30-min Web3 Consultation
Book Consultation
Smart Contract Security Audits
View Audit Services
Custom DeFi Protocol Development
Explore DeFi
Full-Stack Web3 dApp Development
View App Services
Free 30-min Web3 Consultation
Book Consultation
Smart Contract Security Audits
View Audit Services
Custom DeFi Protocol Development
Explore DeFi
Full-Stack Web3 dApp Development
View App Services
Free 30-min Web3 Consultation
Book Consultation
Smart Contract Security Audits
View Audit Services
Custom DeFi Protocol Development
Explore DeFi
Full-Stack Web3 dApp Development
View App Services
Free 30-min Web3 Consultation
Book Consultation
Smart Contract Security Audits
View Audit Services
Custom DeFi Protocol Development
Explore DeFi
Full-Stack Web3 dApp Development
View App Services
LABS
Guides

How to Design a Cross-Jurisdictional Legal Wrapper for Tokenized Securities

This guide details the technical architecture for a legal wrapper that makes tokenized assets legally enforceable across different countries, covering smart contracts, legal data integration, and digital signatures.
Chainscore © 2026
introduction
INTRODUCTION

How to Design a Cross-Jurisdictional Legal Wrapper for Tokenized Securities

A technical guide to structuring compliant tokenized securities that operate across multiple legal jurisdictions.

Tokenizing real-world assets (RWAs) like equity, debt, or real estate requires a legal wrapper—a formal legal structure that defines ownership rights and obligations on-chain. For securities, this wrapper must satisfy regulatory requirements in the issuer's jurisdiction and potentially in the jurisdictions of all investors. A cross-jurisdictional wrapper is designed to function legally across multiple territories, a critical requirement for global capital formation. This guide outlines the technical and legal architecture for building such wrappers, focusing on the interplay between smart contracts and legal entity structures.

The core challenge is mapping legal rights to token mechanics. A share of stock typically confers voting rights, dividend entitlements, and ownership claims. On-chain, these are enforced via a SecurityToken smart contract implementing standards like ERC-1400 or ERC-3643. The legal wrapper, often a Special Purpose Vehicle (SPV) in a favorable jurisdiction like the Cayman Islands or Luxembourg, holds the underlying asset. Tokens then represent beneficial ownership in the SPV. The smart contract's transfer restrictions, investor whitelists, and dividend distribution logic must be a direct, enforceable reflection of the SPV's operating agreement.

Jurisdictional compliance is managed through layered smart contract logic and legal agreements. The wrapper must integrate with identity verification providers (like Fractal or Jumio) for KYC/AML checks and maintain dynamic regulatory whitelists per jurisdiction. For example, an investor from a non-permitted country would be unable to receive tokens due to a failed verifyTransfer check in the contract. Legal opinions confirm that on-chain transfers constitute valid assignments of the beneficial interest under the governing law. This creates a hybrid system where code automates compliance, backed by traditional legal enforceability.

A practical implementation involves several key components: 1) The On-Chain Token Contract, with permissioned transfer rules; 2) The Off-Chain Legal Entity (SPV), which holds the asset and whose membership ledger is the token; 3) A Compliance Oracle or middleware that updates whitelists based on jurisdictional rule changes; and 4) The Tokenholder Agreement, a legal document digitally signed by investors, binding them to the terms encoded in the smart contract. Projects like Polymath and Securitize provide protocol-level tooling for these components.

When designing the wrapper, select a governing law and jurisdiction for the SPV that recognizes digital asset ownership and has a clear regulatory framework for security tokens, such as Switzerland's DLT Act or Luxembourg's CSSF guidance. The smart contract should emit standardized events for all material actions (transfers, dividend distributions, votes) to provide an immutable audit trail for regulators. Ultimately, a robust cross-jurisdictional wrapper turns a smart contract from a simple ledger into a legally-recognized instrument, enabling global liquidity while maintaining compliance.

prerequisites
FOUNDATIONAL KNOWLEDGE

Prerequisites

Before designing a cross-jurisdictional legal wrapper, you must understand the core technical, financial, and regulatory components involved.

A legal wrapper is the corporate or contractual structure that holds the tokenized asset, providing a bridge between the on-chain token and off-chain legal rights. For tokenized securities, common wrappers include Special Purpose Vehicles (SPVs), funds, or specific legal entities like the Luxembourg Securitization Vehicle or Swiss Collective Investment Scheme. The wrapper's primary functions are to establish legal ownership, enforce rights (e.g., dividends, voting), and ensure compliance with securities laws in the jurisdictions where the token is offered and held. Choosing the wrong structure can lead to regulatory action or invalidate investor rights.

You must have a firm grasp of the underlying asset being tokenized. The legal and technical requirements differ significantly for equity in a private company, real estate, a bond, or a fund unit. Each asset class has specific regulations governing its issuance, transfer, and reporting. For instance, tokenizing real estate involves property law and title registries, while tokenizing a fund requires adherence to investment fund directives like the EU's AIFMD. The wrapper must be designed to reflect the economic and legal reality of this specific asset, not just its digital representation.

Technical proficiency in blockchain fundamentals is non-negotiable. You need to understand how smart contracts on platforms like Ethereum, Polygon, or Solana will interact with the legal wrapper. Key concepts include token standards (e.g., ERC-1400 for security tokens), identity verification via oracles or decentralized identifiers (DIDs), and the mechanics of on-chain compliance through rule-enforcing contracts. The legal agreements must be precisely mirrored in code to automate conditions like transfer restrictions, investor accreditation checks, and dividend distributions, creating a legally enforceable link between the digital token and the wrapper.

Finally, you must conduct a multi-jurisdictional regulatory analysis. Identify the primary jurisdictions involved: where the issuer is based, where the asset is located, and where investors reside. You'll need to map requirements for securities offerings (e.g., SEC Regulation D in the US, Prospectus Regulation in the EU), anti-money laundering (AML) laws like the Travel Rule, and tax implications such as withholding taxes. This analysis informs the wrapper's governing law, the choice of licensed intermediaries (custodians, transfer agents), and the structure of the offering to avoid creating unintended legal liabilities across borders.

key-concepts-text
ARCHITECTURE GUIDE

How to Design a Cross-Jurisdictional Legal Wrapper for Tokenized Securities

A technical and legal framework for structuring tokenized assets that comply with regulations across multiple sovereign jurisdictions.

A legal wrapper is the structured legal entity that holds the underlying asset and issues the on-chain token representing ownership or economic rights. For cross-jurisdictional offerings, the wrapper must be designed to satisfy the securities laws of the issuance jurisdiction (where the asset is tokenized), the target jurisdictions (where investors are located), and often a neutral governing law jurisdiction. Common structures include Special Purpose Vehicles (SPVs) in jurisdictions like the Cayman Islands, Luxembourg, or Singapore, which offer regulatory clarity for digital assets. The wrapper's constitutional documents—its memorandum and articles of association—must explicitly authorize the issuance of tokens, define shareholder/tokenholder rights, and embed on-chain governance mechanics for votes and distributions.

The technical architecture must enforce the legal structure's rules. This is achieved through a compliance layer, often implemented as a set of RestrictedToken or SecurityToken smart contracts. Core functions include enforcing transfer restrictions via an Investor Accreditation Registry, managing cap tables, and processing dividends. For example, a contract might integrate with an off-chain Verifiable Credentials system to check an investor's jurisdiction and accreditation status before allowing a token transfer, blocking transactions to unauthorized wallets. The legal wrapper's articles should reference the smart contract address as the definitive record of ownership, creating a hybrid legal-tech governance model.

Jurisdictional compliance requires mapping regulatory requirements to technical functions. Key considerations include: Transfer Restrictions (Rule 144A, MiFID II), Disclosure Obligations (periodic reporting to tokenholders), Custody Rules (qualified custodians for underlying assets), and Tax Treatment (withholding taxes, VAT). The wrapper must appoint local legal counsel in each target market to ensure adherence. A practical approach is to use a base jurisdiction with strong conflict-of-law principles (like England & Wales or Switzerland) for the wrapper's governing law, while using regulatory sandbox approvals or specific digital asset regimes (like Luxembourg's RAIF or Singapore's VCC) for the issuance.

On-chain enforcement is critical for automation and auditability. Smart contracts should be programmed to: automatically distribute dividends or interest payments in stablecoins; execute share buy-backs triggered by specific events; and facilitate voting where token balances translate to voting power. Oracles can be used to feed in real-world data for performance triggers. All such automated functions must have a clear legal correlate in the wrapper's operating agreement. Furthermore, the system must plan for upgradeability and dispute resolution. Using a transparent, timelock-controlled proxy pattern for core contracts allows for legal-mandated upgrades, while the legal documents should specify arbitration forums (e.g., the Singapore International Arbitration Centre) for on-chain/off-chain disputes.

The final design must ensure asset segregation and bankruptcy remoteness. The legal wrapper should be a bankruptcy-remote entity, meaning its assets are separate from the issuer's operational assets and protected in an insolvency. This is a key investor protection. Technically, this can be reinforced by having the underlying asset custody addresses be multi-signature wallets controlled by independent directors or a professional custodian, with the smart contract logic permitting releases only upon fulfillment of encoded conditions. Regular attestation reports from auditors, comparing the on-chain token supply with the wrapper's shareholder register and custodian holdings, are essential for maintaining trust and regulatory compliance across borders.

STRUCTURAL ANALYSIS

Comparison of Legal Wrapper Implementation Approaches

A comparison of the primary legal structures used to tokenize securities, evaluating their suitability for cross-jurisdictional compliance.

Legal FeatureSpecial Purpose Vehicle (SPV)Fund / Investment VehicleDirect Issuance by Operating Company

Legal Entity Required

Asset Segregation / Bankruptcy Remoteness

Regulatory Complexity for Issuer

High

Medium

Low

Typical Setup Timeline

8-12 weeks

6-10 weeks

2-4 weeks

Ongoing Compliance Burden

High

Medium-High

Low-Medium

Investor KYC/AML Delegation

To SPV Manager

To Fund Manager

Issuer Responsibility

Cross-Border Security Law Recognition

Strong (via treaties)

Moderate

Limited

Typical Minimum Capitalization

$500k+

$250k+

Varies by jurisdiction

TECHNICAL ARCHITECTURE

Implementation by Blockchain Platform

Ethereum & EVM-Compatible Chains

Primary Standards: ERC-1400 and ERC-3643 are the dominant frameworks for security tokens on Ethereum and EVM chains like Polygon, Avalanche C-Subnet, and Arbitrum. ERC-1400 provides a modular structure for representing and transferring securities, while ERC-3643 (T-REX) is a comprehensive, permissioned token standard with integrated on-chain compliance.

Key Implementation Steps:

  1. Deploy the core token contract (e.g., using the OpenZeppelin ERC-1400 library or the Tokeny T-REX suite).
  2. Integrate an on-chain identity/verification solution (like Polygon ID or a custom verifiable credentials system) for KYC/AML.
  3. Implement transfer restrictions using the token's detectTransferRestriction and messageForTransferRestriction functions.
  4. Use upgradeability patterns (Transparent Proxy, UUPS) via OpenZeppelin to allow for future legal or regulatory updates.
  5. Consider deploying on a private, permissioned EVM instance (like Hyperledger Besu) or a regulated L2 for enhanced control.

Example Restriction Check:

solidity
// Simplified check within an ERC-1400 style contract
function detectTransferRestriction(address from, address to, uint256 value) public view override returns (uint8) {
    if (!_kycRegistry.isVerified(to)) {
        return 1; // Code 1: Recipient not KYC'd
    }
    if (_jurisdictionChecker.isRestricted(from, to)) {
        return 2; // Code 2: Cross-jurisdictional transfer not allowed
    }
    return 0; // Code 0: No restriction
}
LEGAL WRAPPERS

Frequently Asked Questions

Common technical and procedural questions about structuring tokenized securities to comply with multiple regulatory jurisdictions.

A legal wrapper is a structured legal entity or contractual framework that holds the underlying asset and issues a token representing ownership or economic rights. It is essential for tokenized securities because the token itself is not the security; it is a digital representation. The wrapper provides the legal bridge, defining the rights of token holders (e.g., dividends, voting) and ensuring the issuance and transfer of tokens are recognized under applicable securities laws. Without a proper wrapper, tokens risk being classified as unregistered securities or mere utility tokens, exposing issuers to regulatory action and investors to a lack of legal recourse.

Common wrapper structures include Special Purpose Vehicles (SPVs), funds, or specific contractual arrangements governed by a chosen jurisdiction's law.

architecture-deep-dive
TECHNICAL ARCHITECTURE DEEP DIVE

How to Design a Cross-Jurisdictional Legal Wrapper for Tokenized Securities

A legal wrapper is the critical on-chain and off-chain framework that ensures a tokenized security complies with regulations across multiple jurisdictions. This guide outlines the architectural components and design patterns for building a compliant, enforceable, and interoperable legal wrapper.

A legal wrapper for tokenized securities is a hybrid construct comprising on-chain smart contracts and off-chain legal agreements. The primary function is to encode the rights, obligations, and transfer restrictions of a traditional security (like equity or debt) into a digital asset. The core architectural challenge is creating a system where the on-chain token's behavior is a deterministic reflection of the off-chain legal reality, enforceable in courts. Key design goals include regulatory compliance, investor protection, enforceability of rights, and interoperability with global DeFi infrastructure and traditional finance (TradFi) systems.

The technical architecture typically follows a modular pattern. At its heart is a Security Token Smart Contract, often built to standards like ERC-1400/1404 or ST-20, which manages token balances and embeds core compliance logic. This contract interfaces with an On-Chain Registry of Legal Provisions, which stores hashes of key legal documents (Prospectus, Terms & Conditions) and links to investor accreditation status. A critical module is the Compliance Oracle or Validator, an off-chain service or decentralized network that attests to regulatory statuses (e.g., verifying an investor's jurisdiction is not on a sanctions list) and feeds verified data to the smart contract to authorize or block transactions.

Jurisdictional logic must be explicitly encoded. This involves designing a Rule Engine within the smart contract or as an attached module that evaluates transactions against a ruleset defined by the legal wrapper. Rules can include: transfer restrictions (lock-up periods, holding requirements), investor eligibility based on jurisdiction (accredited investor status, geographic whitelists/blacklists), and cap table management (enforcing ownership limits). For cross-jurisdictional offerings, the system must manage multiple, potentially conflicting rule sets and apply the strictest applicable rule to any given transaction, a concept known as Regulatory Stacking.

The off-chain component is equally critical. The Legal Anchor is a cryptographically signed document (often a PDF with an embedded hash) that constitutes the definitive legal agreement. Its hash is stored on-chain, creating an immutable link. Enforcement relies on Arbitration or Governance Modules. Many wrappers integrate with on-chain dispute resolution platforms like Kleros or Aragon Court, or specify a traditional legal jurisdiction in the terms. The architecture must also plan for Lifecycle Events such as dividend distributions, voting, and corporate actions, which may be triggered by oracles and executed via smart contract functions.

Implementation requires careful technology selection. For the smart contract layer, consider upgradeability patterns (like Transparent Proxies or UUPS) to accommodate evolving regulations, but balance this with decentralization and security. Use identity solutions like decentralized identifiers (DIDs) and verifiable credentials (VCs) to manage KYC/AML data privately. A reference architecture might use: a base ERC-1400 token contract, a modular rule engine like Polymath's ComplianceSmart contract, an oracle service like Chainlink for external data, and IPFS/Arweave for document storage. Always engage legal counsel to audit the code-to-law mapping.

Testing and deployment demand a regulatory sandbox approach. Deploy first on a testnet and simulate transactions across mock jurisdictions. Use tools like Tenderly or OpenZeppelin Defender to monitor and automate compliance checks. The final step is a legal opinion from qualified counsel in each target jurisdiction, confirming the wrapper's enforceability. Remember, the most robust technical architecture fails if it does not accurately mirror and uphold the legal rights it represents. The goal is a seamless, automated, and legally sound bridge between blockchain execution and real-world law.

smart-contract-walkthrough
SMART CONTRACT WALKTHROUGH

Programmable Registry: Designing a Cross-Jurisdictional Legal Wrapper for Tokenized Securities

This guide details the architecture for a smart contract-based registry that enforces legal compliance across multiple jurisdictions for tokenized securities like bonds or equities.

A programmable legal wrapper is a smart contract system that codifies the rights, obligations, and transfer restrictions of a security token. Unlike a simple ERC-20, it acts as an on-chain representation of a legal agreement, often a Special Purpose Vehicle (SPV) or fund structure. The core challenge is designing a registry that can validate investor eligibility based on jurisdiction-specific rules (e.g., Regulation D in the US, Prospectus Regulation in the EU) and enforce holding periods or lock-ups. The contract must serve as the single source of truth for ownership while being governed by off-chain legal events.

The architecture typically involves a modular system. A core Registry.sol contract holds the canonical ledger of token balances and investor data. It delegates permission checks to a ComplianceModule.sol, which contains the logic for Know Your Customer (KYC) and Accredited Investor verification. This module can be updated by a multisig wallet representing legal counsel to reflect changes in regulation. Transfer functions are overridden to call checkTransferCompliance(msg.sender, to, amount) before execution, blocking non-compliant trades. This separation of concerns keeps legal logic upgradeable without migrating the core registry.

For cross-jurisdictional functionality, the compliance module must manage attributes per investor. Storage might include a mapping like mapping(address => InvestorData) investorInfo, where InvestorData is a struct containing fields for jurisdictionCode (e.g., "US-CA"), accreditationStatus, kycExpiry, and lockupEndTime. On transfer, the contract compares the sender's and receiver's jurisdictions against a Rule Engine—a set of conditional statements or an external oracle—to determine if the trade is permitted. For example, a rule may prohibit transfers from a US-accredited investor to a non-accredited investor in a restricted country.

Integration with real-world legal events is crucial. The wrapper must have oracle or multisig-operated functions to mirror corporate actions. This includes:

  • executeDividendPayout(address token, uint256 amountPerShare)
  • processStockSplit(uint256 ratio)
  • imposeLockup(address investor, uint256 period) These privileged functions are guarded by a DEFAULT_ADMIN_ROLE assigned to a multisig of the issuer's board or a designated administrative agent. Events like DividendDistributed and LockupUpdated provide an immutable audit trail for regulators and auditors.

Security and upgradeability require careful design. The registry should be non-upgradeable to guarantee the permanence of the ownership ledger, while the compliance module should use a transparent proxy pattern (e.g., OpenZeppelin's) for governance-approved updates. All state changes must be gated behind robust access control using OpenZeppelin's AccessControl. A comprehensive test suite should simulate regulatory scenarios, including jurisdiction changes and expiry of KYC credentials, to ensure the wrapper behaves as a trust-minimized, autonomous legal entity on-chain.

In practice, deploying this wrapper involves coordinating off-chain legal documentation with the on-chain parameters. The contract's constructor initializes the token name, symbol, total supply (representing the security's issuance), and the initial compliance rule set. Legal counsel must attest that the code accurately reflects the offering memorandum. Once live, investor onboarding flows through a KYC provider API that whitelists addresses in the compliance module. This creates a seamless bridge between traditional securities law and decentralized settlement, enabling global capital formation with enforceable compliance.

integration-patterns
INTEGRATION PATTERNS WITH TRADITIONAL SYSTEMS

How to Design a Cross-Jurisdictional Legal Wrapper for Tokenized Securities

A technical guide to structuring legal entities that bridge on-chain tokenized assets with off-chain regulatory compliance across multiple jurisdictions.

A legal wrapper is a traditional legal entity, such as a Special Purpose Vehicle (SPV) or fund, that holds the underlying assets for a tokenized security. This structure is critical for compliance, as the token on-chain represents a claim or interest in the wrapper, not the asset directly. The wrapper manages all off-chain legal obligations—distributions, voting, KYC/AML—while the token handles on-chain transferability. Common structures include Luxembourg Securitization Vehicles, Singapore Variable Capital Companies (VCCs), and Delaware Series LLCs, each chosen based on target investor regulations and asset type.

Designing for cross-jurisdictional compliance requires mapping the token's lifecycle to the wrapper's legal functions. Key design patterns include: the Asset-Backed Token Model, where the SPV holds the asset and tokens are pro-rata shares; the Receipt Token Model, where a custodian holds the asset and tokens are digital receipts; and the Syndicated Loan Model, using a common legal framework like the Loan Market Association's (LMA) standards to tokenize participation notes. The choice dictates the smart contract architecture, particularly for enforcing transfer restrictions.

Smart contracts must encode the wrapper's legal logic. For a Regulation D 506(c) offering to accredited investors, the contract needs a whitelist managed by the issuer or a licensed transfer agent. For a Regulation S offering, it requires a geoblocking module to prevent transfers to prohibited jurisdictions. Code snippets often integrate with identity verification providers like [Fireblocks](https://www.fireblocks.com) or [VerifyInvestor](https://www.verifyinvestor.com). An upgradeability pattern, such as a Transparent Proxy, is often essential to adapt to evolving regulations without migrating the token.

The oracle problem is central to cross-jurisdictional wrappers. Smart contracts need trusted, legally-recognized data feeds for events like dividend declarations, shareholder votes, or regulatory status changes. This requires oracles that can attest to off-chain legal documents. Solutions range from using a trusted API from the corporate administrator to more decentralized models using [Chainlink Functions](https://chain.link/functions) to fetch and verify data from authenticated sources. The legal wrapper's operating agreement must explicitly define the oracle's role and the conditions for on-chain execution.

Operational resilience depends on integrating traditional corporate actions. A tokenized share must facilitate dividend payments, which can be executed on-chain via the wrapper distributing stablecoins or off-chain with the token contract updating a claimable balance ledger. Voting can be managed through snapshot voting platforms like [Snapshot](https://snapshot.org) or [Tally](https://www.tally.xyz), where votes are cast off-chain with signatures, and the result is executed by the wrapper's directors. The legal documents must specify which actions are advisory (on-chain) and which are binding (executed by the wrapper).

Finally, exit and dissolution mechanisms must be legally sound. The smart contract should include a function, triggerable only by the wrapper's authorized signers, to burn tokens and distribute final proceeds, either on-chain or to registered bank accounts. Audit trails are crucial; all major actions (minting, burning, dividend payments) should emit events that correspond to entries in the wrapper's official register. This creates a verifiable link between the immutable blockchain ledger and the legal entity's records, satisfying auditor and regulator requirements for a complete audit trail.

LEGAL WRAPPER DESIGN

Common Implementation Mistakes and Risks

Designing a legal wrapper for tokenized securities across multiple jurisdictions introduces complex technical and regulatory risks. This guide addresses common developer pitfalls in structuring on-chain compliance, managing legal entity interaction, and ensuring enforceability.

A single smart contract representing a legal entity (like an LLC) cannot automatically comply with the securities laws of every jurisdiction. Developers often mistakenly assume that a token's programmability overrides local regulations.

Key issues include:

  • Regulatory Arbitrage: A wrapper valid in the Cayman Islands may not satisfy EU's MiCA or the U.S. Howey Test. The wrapper's governing law must be explicitly defined and its limitations acknowledged on-chain.
  • Enforceability Gaps: Smart contract logic for investor accreditation (KYC/AML) must integrate with off-chain legal opinions verifying that the wrapper's structure is recognized in target jurisdictions.
  • Example: A tokenized fund using a Singapore Variable Capital Company (VCC) wrapper must embed logic restricting transfers to non-accredited investors in the U.S., referencing specific SEC regulations.

Always design with a primary jurisdiction and explicit, coded restrictions for others.

conclusion
IMPLEMENTATION ROADMAP

Conclusion and Next Steps

This guide has outlined the core legal and technical components for structuring a compliant tokenized security. The final step is to operationalize this framework.

Successfully launching a tokenized security requires moving from design to execution. Your immediate next steps should be to finalize the legal wrapper's governing documents—the Offering Memorandum, Token Holder Agreement, and Custody Agreement—with qualified counsel in your target jurisdictions. Concurrently, the technical team must implement the RestrictedToken or SecurityToken smart contract, integrating the transfer restrictions and investor accreditation checks validated during the KYC/AML onboarding process. Tools like OpenZeppelin's contracts for role-based access and pausable functions are essential starting points.

For ongoing compliance, establish clear operational procedures. This includes a process for managing the cap table on-chain, handling corporate actions like dividend distributions via the token contract, and maintaining records for regulatory reporting. Consider leveraging specialized middleware platforms (e.g., Securitize, Tokeny, Polymath) that provide integrated solutions for investor onboarding, lifecycle management, and regulatory reporting, which can significantly reduce operational complexity and legal risk.

The landscape for digital assets is evolving rapidly. Stay informed on regulatory developments from key bodies like the SEC, FCA, and MAS, as well as technical standards like the ERC-3643 token standard for permissioned assets. Engage with legal and technical communities through forums and working groups to share best practices. The combination of a robust legal foundation, transparent on-chain mechanics, and agile compliance operations is what ultimately builds investor trust and ensures the long-term viability of your tokenized security offering.