We've been trying to build this for two years. The first attempt in 2023 ran into a wall almost immediately: the Capital Markets Authority's digital assets framework didn't exist yet, and building a regulated security token platform without regulatory clarity is building on sand. You can write all the smart contracts you want, but if the legal wrapper isn't there, your tokens can't legally represent what they claim to represent. We made a deliberate decision to wait.
The CMA framework landed in late 2025. We shipped.
This post is about what Token-X actually does, why we made the specific technical choices we made, and, importantly, what is not done yet. We are not going to describe the finished product we wish we'd built. We're going to describe the one we shipped.
The Problem Is Access, Not Awareness
Kenyans understand investment. M-Pesa lock savings, unit trust funds, the NSE retail investor base: none of these exist because Kenyans needed to be educated about putting money to work. They exist because when the friction is low enough and the minimums are small enough, people participate.
The friction is not low. The minimums are not small. Kenyan Treasury bills require a minimum investment of KES 50,000: roughly $380 at current rates. That is three to four months of take-home income for a large fraction of the working population. Commercial real estate as an investment class effectively starts at KES 5 million, and that is before you account for transaction costs, legal fees, and the time cost of property due diligence. Agricultural bonds (the instruments that could in theory connect institutional capital to smallholder farmers) have no liquid secondary market. You buy them and you hold them, because there is nowhere to sell.
These are not edge cases or niche problems. They describe the investment landscape available to roughly 95% of Kenyans who want to invest beyond an M-Pesa savings account. The assets exist. The interest exists. The access doesn't.
Tokenization changes that arithmetic. A KES 10 million commercial property can be divided into 10,000 tokens at KES 1,000 each. A KES 500 million agricultural bond issuance can be structured so that a farmer in Nakuru holds KES 5,000 worth of tokens representing a claim on the same instrument a pension fund in Nairobi holds in larger size. Fractional ownership has always been theoretically possible. The infrastructure to enforce fractional ownership rights at the token level, to ensure the token actually represents what it claims, and that transfer restrictions are enforced without relying on a central intermediary's goodwill, is what we've built.
Why ERC-3643
We evaluated four token standards for regulated securities: ERC-1400 (the Security Token Standard), ERC-1404 (Simple Restricted Token Standard), ERC-3643 (the T-REX standard), and Polymath's ST-20.
The test we applied was not "which standard has the most features": it was "what happens when the issuer needs to freeze a fraudulent wallet, and what happens when a regulatory authority requires a transfer to be blocked in real time."
ERC-1400 is thoughtfully designed, but its compliance logic is substantially off-chain. The on-chain component handles partition-based token structures and issuance control; actual decisions about whether a specific transfer is allowed are expected to happen in off-chain systems that communicate results back to the chain. In a jurisdiction with active regulatory enforcement, off-chain compliance logic creates audit trail problems and introduces a gap between a freeze order and its enforcement.
ERC-1404 is deliberately minimal: it adds a detectTransferRestriction function to ERC-20 but leaves the restriction logic entirely to the implementer. Fine for simple use cases; no standard interface for identity verification or regulatory compliance integration.
The T-REX architecture separates the token contract from the identity registry, the compliance module, and the trusted issuers registry. Each is independently upgradeable. When the CMA issues a new requirement, and they will, because regulatory frameworks always evolve, we can update the compliance module without redeploying the token contract. For issuers who have locked KES millions in tokenized assets, "you need to redeploy your token contract to comply with new rules" is not an acceptable answer. "We've updated the compliance module; your tokens are now compliant" is.
The Rust ATS
A regulated security token platform needs a regulated secondary market. An AMM is not a regulated secondary market. An automated market maker is a liquidity pool with a pricing curve, and the CMA's regulatory requirement for an Alternative Trading System is that price discovery happens through a visible, auditable order book where buyers and sellers set prices through competitive bidding. You cannot point at a bonding curve and call it price discovery.
We prototyped the matching engine in Python. It handled approximately 200 orders per second on the hardware we were testing on. That is not an ATS: that is a slow spreadsheet. For context, the NSE's peak order rate in a volatile session runs 500–2,000 orders per second. A platform designed to eventually connect to the NSE or handle multiple simultaneous asset class markets needs to be at least one order of magnitude above that.
The Rust rewrite processes 40,000 orders per second on commodity hardware. Price-time priority. Full depth order book with visible bid/ask. Atomic matching: an order either matches completely, partially, or sits in the book; there is no intermediate state. The settlement leg triggers automatically on match, invoking the ERC-3643 transfer function after verifying that both counterparties pass the on-chain compliance check.
The choice of Rust was not aesthetic. The matching engine handles financial state that must be correct at every cycle boundary. Rust's ownership model makes a class of memory safety bugs structurally impossible, and the absence of a garbage collector means the latency profile is predictable, not occasionally punctuated by GC pauses at the worst possible moment. For an order book, a 50-millisecond GC pause is not acceptable.
KYC: What Works and What Doesn't
Identity verification that takes three days kills retail adoption. We know this because we watched it happen on a previous project. If a user signs up, submits their ID, and is told to come back in 72 hours, a significant fraction don't come back. The window of motivated engagement is narrow.
Our Smile Identity integration verifies most Kenyan national IDs in under two minutes. The check hits the IPRS (Integrated Population Registration System) database directly and returns a match result with a confidence score. For the majority of Kenyan adults with a valid national ID, the flow is: take a selfie, photograph your ID, submit, verified. We have tested this extensively. The two-minute figure is accurate for the happy path.
Passport verification takes longer, typically 15–30 minutes, because international passport verification routes through different systems and the match confidence thresholds are higher. This is a current limitation we are working on and have not resolved.
Institutional KYB is 3–5 business days regardless of how good our tooling is. The information we need to verify, company registration, beneficial ownership, director identification, simply does not move faster than that. We are building toward same-day KYB. We are not there.
What We Are Shipping Today
Token-X in its current form handles four things: regulated token issuance against a verified real-world asset, KYC-gated investor onboarding (individuals via national ID, institutions via KYB), secondary market trading through the Rust ATS, and automated compliance reporting to issuers and, where required, to regulators.
The first asset classes are T-bills, commercial real estate fractions, and agricultural bonds: exactly the three asset types that motivated this project. Minimum investment is KES 1,000. Individual KYC is self-service. Trading fees are lower than what you would pay a broker to place an NSE order.
We are not claiming we have solved asset tokenization for East Africa. We have built a compliant, technically sound platform for the asset classes that matter most to Kenyan retail investors, backed by a regulatory framework that was not available when we first tried to build this in 2023. That is the honest version of the announcement.
The two-year wait was frustrating. In hindsight, it was correct. A security token platform launched without a regulatory framework is a liability, not a product. We shipped when we could ship something real.