UK Business

Majority of banks make tokenisation platform selection mistakes, better approach detailed

Selecting a tokenisation platform is not merely a technological choice; for financial institutions moving from pilot programmes into production, it is fundamentally a governance and compliance decision that determines whether the operation can survive regulatory scrutiny. The structural properties of the platform — how it controls access, manages risk, and provides audit trails — matter far more than the depth of its feature set. As the Financial Stability Board (FSB) has underlined, the governance and design choices embedded in tokenisation platforms are key determinants of system risk, with direct implications for financial stability.

Governance and regulatory compliance

The first question any institution must ask when evaluating a tokenisation platform concerns access control, governance and counterparty risk. According to the FSB, the way a platform structures participation and transaction validation affects its operational capacity, security and risk management. Many current implementations operate in permissioned environments, but the degree of centralised control varies significantly. Institutions must assess who can participate, who validates transactions and how operators can be added or removed — at both the network layer and the protocol layer. At the protocol level, the process for proposing, approving and deploying changes to the ledger’s rules must itself produce an auditable record.

Auditability goes beyond simple data availability. A platform that generates a cryptographically ordered, tamper-resistant record of all governed actions — linked to verified participant identities and accessible to internal audit and external regulators in a structured format — provides verifiable evidence for compliance processes. Immutable audit trails are increasingly seen as a business requirement, offering tamper resistance and proof of identity, authority and intent. Cryptographic evidence transforms audit logs into mathematically verifiable proofs of integrity, a capability that is becoming essential for regulatory reporting.

Security models must be validated through real-world use. Institutions should examine the vendor’s history of vulnerability disclosure and remediation, and look for evidence that the platform has a robust security programme in place. Modular smart contract architectures, multi-party computation (MPC) and hardware security modules (HSMs) are key components of institutional-grade platforms, with independent audits verifying smart contract security and custody infrastructure integrity. The shift is towards continuous monitoring across legal, technical and operational systems.

Institutions deploying on the Cosmos stack can retain sovereign control over all layers of their infrastructure. Cosmos-based digital ledgers offer full compatibility with existing enterprise governance rules and cybersecurity policies, allowing the organisation to manage its own infrastructure and day-to-day operations. This means ongoing monitoring and adjustments can be made seamlessly as business needs change.

The UK is actively developing a comprehensive cryptoasset regime, with the Financial Conduct Authority (FCA), HM Treasury and the Bank of England leading the effort. Their approach has been to define desired outcomes — market integrity, consumer protection, operational resilience — while allowing firms flexibility in how they achieve them. Work on fund tokenisation and proposals for a financial market infrastructure sandbox are already under way. The FCA and the Bank of England have set out a shared vision for tokenisation in wholesale markets, seeking industry views on prudential treatment, tokenised collateral and settlement instruments. Separately, the Bank of England is consulting on prudential rules for systemic stablecoin issuers, signalling a more accommodating stance towards innovation within safeguards. HM Treasury has urged that tokenisation and new forms of digital money become core infrastructure for the UK’s future retail payment ecosystem.

Integration and third-party risk

Even the most robust governance framework is worthless if the platform cannot integrate with the financial institution’s existing systems. Integration is consistently cited as one of the hardest parts of production deployment, and it must be evaluated before a platform is selected. Established core banking systems were designed for batch processing, end-of-day settlement and account-based logic; they have no native concept of atomic transactions or token-based assets. Integrating distributed ledgers with these systems often requires rethinking fundamental data models, transaction processing logic and system-of-record architectures. The practical evaluation approach is to verify whether documented, production-grade integrations exist with systems comparable to the institution’s own infrastructure, rather than relying on vendor demonstrations of theoretical capabilities.

In practice, integration workflows typically follow a defined sequence: a transaction initiated in an internal system of record is transmitted to the ledger for validation and execution; settlement confirmation is recorded on the ledger; and the result is returned to internal systems for reconciliation and reporting. Cosmos-based deployments support an incremental integration model that many institutions require. A Cosmos ledger can coordinate settlement events between internal systems while existing core systems continue to handle accounts, balances and regulatory reporting. Standardised interoperability protocols ensure that integration logic is maintained consistently across connections rather than rebuilt for each one.

Every platform also introduces third-party dependencies, each carrying its own risk profile. Tokenisation often relies on external service providers as custodians, as oracles to collect and store data, and as developers of interoperability frameworks that allow asset transfer across platforms. These providers may affect platform functioning and token valuation, introducing new points of vulnerability. Institutions must assess each dependency against their vendor management standards, with formal agreements covering service levels, security and audit rights.

On the interoperability front, Swift is extending its infrastructure with a blockchain-based ledger designed to enable trusted, interoperable digital finance at a global scale. The initiative aims to complement existing infrastructure and bridge traditional finance with tokenised assets, addressing fragmentation through common standards and shared infrastructure.

Production track record and real-world validation

There is a material difference between a platform deployed in controlled pilots and one that has operated continuously at scale under real-world conditions. The Cosmos stack has supported more than 150 live blockchains, secured approximately $70 billion in assets and maintained over a decade of continuous production operation. Real-world deployments in regulated financial contexts provide the strongest evidence of institutional viability. Ondo built a digital ledger platform for institutional tokenisation on Cosmos infrastructure, achieving roughly 60 percent market share in tokenised stocks and exchange-traded funds (ETFs), with $2.5 billion in tokenised assets. HELOC lender Figure used the same stack to process more than 253,000 home equity line of credit customers while reducing operational costs by 117 basis points.

Institutional-grade tokenisation requires rigorous risk controls, strong governance, transparent infrastructure and performance that endures market cycles. Platforms are increasingly evaluated on core compliance vectors including regulatory mapping, custody architecture and operational settlement finality. The security model must have been validated through real-world use, supported by a robust vulnerability disclosure and remediation programme. Independent audits of smart contract security and custody infrastructure are non-negotiable, and the emphasis is shifting towards continuous monitoring across legal, technical and operational systems.

Central banks are also exploring tokenised reserves to preserve the safety, liquidity and policy role of central bank money within tokenised ecosystems. This involves enabling risk-free settlement and supporting more efficient, automated and resilient wholesale payment systems. The Eurosystem, for example, will offer tokenised central bank money settlement for DLT-based transactions as part of its Pontes project.

Governance structure, security model, auditability, system integration and third-party risk management are the dimensions that determine whether a tokenisation platform can support institutional deployment under regulatory scrutiny. Feature depth is secondary to all of them. The Cosmos stack addresses each dimension directly, with permissioned governance, production-validated security, built-in interoperability and documented deployments in regulated financial contexts.

Thaddeus Norwell

Business & Technology Writer
Thaddeus Norwell is a business and technology writer based in London, UK. He reports on business trends, digital innovation, and regulatory developments shaping the UK economy, focusing on practical outcomes rather than speculation. His work explores how technology and policy affect companies, markets, and consumers.
· Market and regulatory analysis, fintech sector reporting, enterprise technology coverage
· UK corporate landscape, tax and fiscal policy, interest rates and mortgages, AI regulation, cybersecurity threats, startup ecosystem

Related Articles

Back to top button