POST Token Whitepaper
Compliance & Legal
Regulatory framework and legal considerations for POST Token operations. Compliance-first architecture designed to meet the highest standards across 192 member countries.
1. Compliance Philosophy
POST Token is designed with compliance-first architecture, recognizing that a global payments network serving 192 countries must meet the highest regulatory standards.
Regulatory Neutrality
POST Token provides technology infrastructure, not financial services. Each postal operator handles local regulatory compliance using existing licenses.
Compliance by Design
AML/KYC hooks, transaction monitoring, and reporting capabilities are built into the protocol from day one — not added later.
Jurisdictional Respect
Different countries have different rules. The network supports configurable compliance parameters per jurisdiction.
Transparency
Blockchain provides immutable audit trails. Regulators can verify compliance through on-chain data.
Progressive Engagement
Active engagement with regulators, not evasion. We work with authorities to shape sensible crypto regulation.
Compliance Layers
Local Operator Compliance
Each postal operator handles local licensing, KYC, and reporting
Network Compliance Tools
Built-in AML screening, transaction limits, sanctions lists
Protocol Compliance
Audit trails, identity anchors, configurable rules
2. Token Classification Analysis
POST Token
U.S. Howey Test Analysis
No ICO or public token sale
Tokens earned through mining (work)
Decentralized across 192 countries
No profit-sharing or dividends
Primary use is network access
Assessment: POST exhibits characteristics of a utility token - required for network access, no investment contract, decentralized network.
PSDR Token
Key Characteristics
- Pegged to SDR (Special Drawing Rights)
- Algorithmic stability via POST Gateway
- Not directly purchasable (only via POST swap)
- Used for settlements and payments
Regulatory Considerations
- USA: Not fiat-backed (algorithmic)
- EU (MiCA): Asset-referenced token category
- Singapore: Different treatment than single-currency
PSDR treated as internal settlement unit, not marketed as stablecoin investment.
Disclaimer: This is not legal advice. Token classification depends on specific facts and circumstances. Consult qualified legal counsel in relevant jurisdictions.
3. Multi-Jurisdictional Framework
Classification:
Utility token (non-security)
Requirements:
- FinCEN MSB registration (if applicable)
- State money transmitter licenses (operators)
- OFAC sanctions compliance
- BSA/AML compliance
Strategy:
Legal opinion supporting utility classification. US operators obtain necessary licenses. Geo-fencing if regulatory clarity insufficient.
Framework:
Markets in Crypto-Assets Regulation (MiCA) - Effective 2024-2025
Classification:
- POST: Utility token (crypto-asset)
- PSDR: Asset-referenced token (ART)
Requirements:
- Whitepaper notification to regulators
- ART issuer requirements for PSDR
- Consumer protection disclosures
- AMLD6 compliance
Regulators:
FCA, Bank of England
Classification:
Regulated crypto-asset
Requirements:
- FCA registration
- Financial promotions rules
- AML registration
Framework:
Payment Services Act (PSA)
Classification:
Digital Payment Token (DPT)
Requirements:
- Major Payment Institution license (operators)
- Technology risk management
- AML/CFT compliance
Strategy:
SingPost as licensed operator. Singapore as Asia-Pacific hub.
Framework:
Dubai Virtual Assets Law (2022)
Classification:
Virtual Asset
Requirements:
- VARA license for operations
- Compliance officer appointment
- Technology and cybersecurity standards
Strategy:
UAE as MENA regional hub. Emirates Post partnership.
Other Key Jurisdictions
| Jurisdiction | Regulators | Framework |
|---|---|---|
| Japan | FSA, JFSA | Payment Services Act |
| South Korea | FSC | Virtual Asset User Protection Act |
| Brazil | CVM, BCB | Crypto Framework Law (2023) |
| Switzerland | FINMA | DLT Act (favorable) |
4. AML/KYC Framework
FATF Compliance
POST Token aligns with FATF (Financial Action Task Force) Recommendations for VASPs:
Recommendation 15: Virtual Assets
- Risk-based approach to AML/CFT
- VASP licensing/registration
- Supervision and monitoring
Recommendation 16: Travel Rule
- Originator/beneficiary information sharing
- Applicable to transfers > $1,000
- Technical implementation via protocol
KYC Tiers
< $1,000/month
Requirements:
Phone number + email verification
Limits:
$200/transaction, $1,000/month
$1,000 - $10,000/month
Requirements:
Government ID + Address verification
Limits:
$2,500/transaction, $10,000/month
> $10,000/month
Requirements:
Full KYC + Source of funds + Enhanced DD
Limits:
$50,000/transaction, $100,000/month
Operators/Validators
Requirements:
Corporate KYB, UBO identification, ongoing DD
Limits:
Unlimited (subject to monitoring)
KYC Verification Process
Post Office Verification (Primary)
- Customer visits post office
- Presents government ID
- Clerk verifies identity (existing postal process)
- KYC status recorded on-chain (hash only)
- Wallet linked to verified identity
Online Verification (Secondary)
- Upload government ID photo
- Biometric verification (selfie)
- Third-party KYC provider (Jumio, Onfido)
- Results anchored to blockchain
5. Transaction Monitoring
Real-Time Screening
- OFAC SDN list
- EU sanctions lists
- UN consolidated list
- Country-specific lists
- PEP databases
Pattern Detection
- Structuring (smurfing) detection
- Unusual velocity patterns
- Round-trip transactions
- Layering detection
- Network analysis
Risk Scoring
- Transaction risk score (0-100)
- Address risk score (Chainalysis/Elliptic)
- Country risk scoring
- Behavioral risk scoring
Monitoring Workflow
Incoming transaction enters monitoring queue
BLOCK if sanctioned address/entity match found
Calculate risk score based on multiple factors
Integration Partners:
6. Sanctions Compliance
The following jurisdictions are blocked at protocol level:
1. IP Geolocation
- Block access from sanctioned jurisdictions
- VPN detection and blocking
- Periodic verification
2. Wallet Blocking
- Known sanctioned addresses blocked
- OFAC wallet list integration
- Real-time updates
3. Validator Enforcement
- Validators must reject sanctioned transactions
- Non-compliance = slashing
- Governance can add to blocklist
Country Risk Tiers
| Tier | Status | Treatment |
|---|---|---|
Tier 1 | Blocked | Comprehensive sanctions - No access |
Tier 2 | Restricted | Enhanced DD, lower limits |
Tier 3 | Standard | Normal operations |
Tier 4 | Favorable | Pilot countries, clear regulation |
7. Data Protection & Privacy
Privacy-by-Design Architecture
Challenge: Blockchain immutability vs. Right to Erasure (GDPR Article 17)
ON-CHAIN (Public, Immutable)
- Transaction hashes
- Wallet addresses
- Token balances
- Smart contract state
- Proof of Transit hashes
OFF-CHAIN (Private, Erasable)
- Personal information
- KYC documents
- Delivery addresses
- Payment details
- Customer communications
GDPR Rights Implementation
Right to Access (Art. 15)
User dashboard shows all personal data. Export functionality available.
Right to Rectification (Art. 16)
Off-chain data can be corrected. On-chain hashes remain (link broken).
Right to Erasure (Art. 17)
Off-chain personal data deleted. Hash-to-data link destroyed.
Right to Portability (Art. 20)
Machine-readable export. Standard data formats.
8. Legal Structure
POST Token Foundation
Zug, Switzerland
Primary entity for protocol stewardship, treasury, and governance.
Why Switzerland:
- Clear crypto regulatory framework (FINMA)
- Foundation-friendly legal structure
- Crypto Valley ecosystem
- Political stability
- International neutrality
Foundation Board:
- Independent directors
- Fiduciary duty to ecosystem
- Governance oversight
Operating Subsidiaries
POST Labs AG (Switzerland)
Protocol development, engineering team, technical operations
POST Token Ltd (Singapore)
Asia-Pacific operations, regional partnerships
POST Token Inc (Delaware - Future)
US operations (if clarity achieved)
POST Token Ltd (Dubai - Future)
MENA operations, VARA licensed entity
Key Takeaways
- Token Classification: POST = Utility token, PSDR = Asset-referenced token
- Multi-Jurisdiction: Operators handle local compliance, network provides tools
- AML/KYC Framework: 4-tier system from Basic to Institutional
- Travel Rule: FATF compliant information sharing for transfers >$1,000
- Data Protection: On-chain pseudonymous, off-chain GDPR compliant
- Sanctions: Protocol-level blocking of sanctioned jurisdictions
- Legal Structure: Swiss Foundation with regional subsidiaries
- Regulatory Engagement: Proactive sandbox participation worldwide
Disclaimer: This section provides general information about the compliance framework. It does not constitute legal advice. Consult qualified legal counsel for specific guidance.