Technology + Finance + Law and Classification and Grading: Encryption Business Compliance Strategy (Part 1)

Author: Zhang Feng

Looking back at the P2P internet finance regulatory storm that swept the country from 2014 to 2018, the trajectory from wild growth to comprehensive withdrawal provides a profound mirror for the booming RWA (Real World Assets) crypto business today. According to statistics, by the end of 2020, the number of domestic P2P platforms actually operating had completely dropped to zero from a peak of over 5,000, with outstanding balances exceeding 800 billion yuan. This figure highlights the devastating consequences of financial innovation detaching from regulatory frameworks. The P2P industry fell from the halo of “financial innovation” into the abyss of “illegal fundraising,” with the core lesson being the failure to accurately grasp the essence of finance, neglecting regulatory logic, and underestimating legal risks.

According to a forecast by the Boston Consulting Group, by 2030, the market size of tokenized assets could reach $16 trillion, and this explosive growth hides complex compliance challenges. The RWA crypto business—an emerging field that introduces traditional assets such as real estate, bonds, and commodities into the blockchain world through tokenization—is believed by many to follow a similar historical development path.

The so-called “reviewing the old and learning the new” suggests that we will build a unique three-dimensional framework of technology + finance + law, first establishing compliance as a new paradigm of core productivity, then systematically deconstructing the five layers of legal compliance risks faced by RWA crypto businesses, and proposing a classified and graded compliance strategy to provide practitioners with a clear response framework.

I. New Compliance Paradigm: From Cost Center to Value Engine

In the traditional financial business perspective, compliance is often seen as a necessary cost expenditure, a “brake” on innovation rather than an “engine.” However, in the field of RWA crypto business where “technology + finance + law” are deeply integrated, leading practitioners are redefining compliance in practice: it is no longer simply a cost center, but a crucial productivity factor, an intrinsic component of product competitiveness formation, development, and improvement.

First of all, compliance is the cornerstone of building market trust, directly translating into the core competitiveness of products. The core of RWA business lies in mapping real-world asset rights onto the blockchain, and its success hinges on obtaining dual trust from participants in both the traditional financial world and the emerging crypto market. An RWA project that operates robustly within a regulatory framework, undergoes rigorous audits, has clear asset ownership, and transparent information disclosure can significantly lower the cognitive threshold and trust costs for investors.

For example, an RWA token that is licensed in a specific jurisdiction, works with regulated custodians, and regularly publishes audited proof of reserves undoubtedly has a stronger appeal to institutional funds and conservative investors compared to similar products that operate outside of regulation. This trust premium is directly reflected in higher valuations, deeper liquidity, and greater market resilience, making compliance the most effective market entry “passport” and brand “moat.”

Secondly, the combination of compliance processes and technological tools can drive a qualitative change in operational efficiency, which is itself a manifestation of productivity. By coding and automating compliance requirements (such as KYC/AML, investor suitability, transaction reporting, etc.) through technological innovations like smart contracts, zero-knowledge proofs, and on-chain analysis, it can significantly reduce the costs and error rates of manual operations, achieving near-real-time compliance monitoring and risk interception.

The embedding of this “compliance technology” not only meets regulatory requirements but also optimizes user experience—for example, a smart contract that verifies a qualified investor preset can achieve instant and secure settlement of funds, avoiding the cumbersome offline review and long waiting periods typical in traditional finance. Here, compliance is no longer an additional step at the end of the business process, but is deeply integrated into the design of the product architecture from the outset, becoming a key engine for enhancing efficiency and ensuring a smooth user experience.

Ultimately, a forward-looking compliance strategy can provide businesses with strategic initiative and long-term development space. In areas where regulatory policies are still in the exploratory phase, actively communicating with regulatory agencies, participating in “regulatory sandboxes,” and embracing international best practices means being able to understand, influence, and adapt to the rules earlier. This proactive compliance posture allows companies to foresee and avoid potential compliance pitfalls, survive during industry reshuffling and policy tightening, and quickly capture the market with their first-mover compliance advantage.

In the P2P wave, those platforms that actively sought bank custody and conducted strict information disclosure early on, although they bore higher operational costs in the short term, have also gained a longer survival window and better market reputation. For RWA, laying out strategies in advance regarding complex legal issues such as data privacy, cross-border regulatory cooperation, and risk isolation will accumulate valuable institutional capital and technological capital for companies to cope with the future unification and refinement of global regulations.

Therefore, in the competition of RWA, the most successful enterprises will be those that can best integrate technological prowess, understanding of financial risks, and legal compliance wisdom. Compliance, in this model, has undergone a paradigm revolution from being a cost of passive defense to becoming a core productivity that actively creates value.

II. Historical Reflection: The Warning of the P2P Regulatory Storm and the Coexistence of Opportunities and Risks for RWA

The rise and fall trajectory of the P2P industry reveals the core law of the relationship between financial innovation and regulation: any financial innovation that departs from the regulatory framework will ultimately pay a heavy price. P2P initially positioned itself as an “information intermediary” to evade financial regulation, but in practice, it transformed into a credit intermediary, accumulating systemic risks such as maturity mismatch, fund pooling, and self-financing. When regulation tightened comprehensively, the entire industry faced cleanup and rectification, and a large number of platforms were forced to exit the market due to crimes such as illegal absorption of public deposits.

From a legal perspective, the fundamental reason for the decline of the P2P industry lies in its business model, which completely matches the four elements of the crime of illegal absorption of public deposits as stipulated in Article 176 of China's Criminal Law: absorbing funds without legal permission from relevant authorities, publicly promoting through media channels, promising to repay principal and interest, and absorbing funds from unspecified members of the public. This fundamental legal defect results in platforms of all sizes ultimately being unable to escape legal sanctions. The introduction of the “Interim Measures for the Administration of Business Activities of Online Lending Information Intermediary Institutions” in 2016 was supposed to provide a compliant development path for the industry, but most platforms failed to timely adjust their business models, ultimately leading to systemic collapse.

RWA's crypto business has surpassed P2P in terms of technological innovation, yet its core risk logic is interconnected. RWA utilizes blockchain technology to tokenize traditional assets, achieving asset fragmentation, enhanced liquidity, and optimized trading efficiency, reflecting a deep integration of “technology + finance.” However, this integration also brings more complex legal challenges: the legal nature of tokenized assets, the coordination of cross-border compliance, and the legal validity of smart contracts are interwoven, creating a multidimensional risk matrix.

Observing global regulatory dynamics, the 2017 investigation report by the SEC regarding the DAO incident concluded that tokens are classified as securities. Additionally, in the U.S., cases where specific tokens are deemed securities based on the “Howey Test” are not uncommon. The lawsuit against Coinbase in 2023 is the latest interpretation of the securitization attributes of crypto assets. At the same time, the implementation of the EU's MiCA regulations provides a new regulatory framework for the crypto asset market, and these foreign regulatory experiences hold significant reference value for the development of RWA business in China. Within the Chinese legal framework, the RWA business must also contend with restrictions imposed by Article 9 of the Securities Law regarding public offerings of securities and other regulatory documents such as the “Announcement on Preventing the Risks of Token Issuance Financing”. These legal red lines form the foundational boundaries for business compliance.

Three, Five-Level Risk Warning: A Gradual Deconstruction from Civil Disputes to Model Violations

Based on reflections on the lessons from P2P and an analysis of the characteristics of RWA, we propose to build a five-layer risk warning model from surface to depth, providing practitioners with a clear framework for risk identification. This model not only considers the legal nature of risks but also comprehensively assesses the probability of risk occurrence and the severity of harm, providing a theoretical basis for differentiated compliance strategies.

First Layer: Civil Dispute Risks - Technical Defects and Contract Vulnerabilities

This is the most superficial risk, primarily stemming from the imperfections in technical implementation and business arrangements. In RWA business, coding errors in smart contracts may lead to failures or errors in the transfer of asset ownership; deviations in oracle data pricing may trigger liquidation disputes; unclear legal connections between token holders and underlying asset rights may cause ownership disputes. Although such risks do not directly touch upon administrative or criminal red lines, they can erode user trust and affect business sustainability.

In the RWA scenario, similar technical failures in smart contract security may lead to incorrect transfer or freezing of real-world assets, triggering large-scale civil claims. From a legal applicability perspective, such disputes need to be handled according to the Contract Section of the Civil Code and related judicial interpretations, but the anonymity and decentralization characteristics of blockchain technology pose challenges to traditional evidence rules and jurisdiction determination.

The lesson from the P2P era is that initially simple disputes over debt assignment contracts evolved into collective lawsuits as the business became more complex, ultimately dragging down many platforms. RWA practitioners need to establish a mechanized dispute prevention and resolution system, including multiple audits of smart contracts, clear legal document design, and effective customer communication mechanisms, to keep civil disputes within a manageable range. In particular, introducing formal verification technology during the smart contract development phase and clearly stipulating jurisdiction and applicable law during the legal document design phase can significantly reduce the likelihood of civil disputes and the costs of handling them.

Second Layer: Administrative Procedure Violation Risks - Lack of Admission and Reporting Norms

This level of risk involves violations of administrative regulatory procedures, primarily manifested in engaging in activities that require a license without permission, failing to fulfill reporting obligations as required, and insufficient information disclosure, etc. In RWA operations, token issuance may touch upon the procedural requirements for public offerings of securities, asset custody arrangements may violate regulatory provisions specific to certain industries, and cross-border operations may overlook local filing procedures.

According to the current legal framework in China, the administrative licenses that RWA business may involve include but are not limited to: the securities business license stipulated by the Securities Law, the derivatives business license stipulated by the Futures and Derivatives Law, and the deposit and loan business license stipulated by the Banking Supervision and Administration Law, among others. Particularly in the process of asset tokenization, if it is determined to be a “securities issuance,” it must comply with the procedural regulations of public issuance set forth in Article 12 of the Securities Law, otherwise it will face administrative penalties. The enforcement action taken by the SEC against BUSD issuer Paxos in 2023 is a real example of procedural compliance risk.

Looking back at the development of P2P, many platforms initially overlooked procedural requirements such as record-keeping and fund custody, believing that “substance is more important than form,” which ultimately led to a complete withdrawal due to procedural flaws when regulations tightened. RWA practitioners should actively embrace regulation, maintain communication with regulatory agencies, and fully understand the procedural requirements for digital assets and traditional financial businesses in various jurisdictions to ensure compliance in business operations. Especially in cross-border business scenarios, it is necessary to simultaneously meet the procedural requirements of multiple jurisdictions, including the location of the assets, the place of issuance, and the place of transaction, and establish a matrix compliance management system.

Third Layer: Substantive Administrative Violation Risk - Lack of Risk Control and Misalignment with Investors

This level of risk has reached substantive compliance issues in business, mainly manifested in inadequate risk control mechanisms, lack of investor suitability management, and insufficient asset quality control. In RWA business, if high-risk real estate projects are tokenized and sold to ordinary investors without adequate risk warnings and qualifications screening, it constitutes a substantial administrative violation; if the management of stablecoin reserve assets is not transparent and lacks liquidity, it may also face regulatory penalties.

From the essence of financial regulation, the core of administrative substantive compliance is to ensure that financial risks are controllable and that the rights and interests of investors are fully protected. China's “Implementation Measures for the Protection of Financial Consumers' Rights and Interests” clearly require financial institutions to establish an investor suitability management system. As an emerging financial form, RWA business should also adhere to these basic principles. The collapse of the Terra/Luna ecosystem in 2022, on the surface, was a technical failure of algorithmic stablecoins, but in essence, it was a systematic lack of risk control mechanisms. This case serves as a wake-up call for risk management in RWA business.

The issues of maturity mismatches, insufficient risk preparation, and false listings that are common in P2P platforms are typical cases of substantial administrative violations. RWA practitioners need to adopt measures that combine technology and law, such as establishing a blockchain-based transparent disclosure system, designing dynamic risk assessment models, and implementing strict investor certification procedures to fundamentally ensure that business risks are controllable. Especially in terms of quality control on the asset side, traditional financial industry due diligence standards can be introduced, combined with the traceability of blockchain technology, to build a risk management system for the entire lifecycle.