Clearing & Settlement

DTCC Tokenization on Canton

DTCC's blockchain pilot with Digital Asset — Canton Network privacy + atomic DvP eliminates fails.

Vendors

DTCC · Digital Asset · Canton Network

Compliance center

Canton privacy at Transport + atomic DvP eliminates fails at Facilitation

post-tradedtcccantondigital-assetatomic-dvpprivacy
Filter by shape:
|
PT2 · POST-TRADEDTCC tokenization on Canton·5 stations(2 compliance, 3 infra)·dtcc · digital-asset
S1INTENTS2S3S4S5TRANSPORTS6AUTHORIZATIONS7FACILITATIONS8FINALITY01Deposit02State Update03Canton Sync04Custody05Filing
3+5 shape system
GatePre-condition — blocks if it failsMonitorConcurrent — observes without haltingObligationPost-settlement — reports after the factsolid = codedashed = policy
How to read this diagram
Each station on the rail represents a compliance or infrastructure event in the DTCC tokenization on Canton path. Hover any station to inspect it. The shape tells you what kind of event it is. The ring tells you how it's enforced.
Gate Monitor Obligation| Ingress Crossing Transform Settlement Venue
This path at a glance
5 stations across 5 of 8 segments. 2 are compliance checkpoints, 3 are infrastructure.
2 code-enforced3 policy-enforced
PT2 · DTCC TOKENIZATION ON CANTON · ETHEREUM
00
Mandate
01
Intent
02
Identity
03
Discovery
04
Negotiation
05
Transport
06
Authorization
07
Facilitation
08
Finality
09
Disposition
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKETHEREUM
L5 APPLICATIONHANDOFF

Step 1 · Trade Capture (Post-Trade Handoff)Policy-Enforced

"The trade arriving from the securities rail's execution venue into Canton's post-trade processing."

Cross-rail reference: Stages 1-4 fired on the Securities Trading rail. The executed trade enters Canton Network's post-trade layer via DTCC's submission gateway. L5 lit only — handoff is a recordkeeping event.

Counterparty
DTCC submission gateway
Latency
Instant
Finality
N/A — post-trade begins
Vendors
EOA (secp256k1 externally-owned accounts) + ERC-4337 account abstraction (EntryPoint singleton + UserOperation mempool — paymaster and aggregator extensions) · MetaMask · MetaMask Institutional (ConsenSys-operated; institutional custody/MPC integrations) · Fireblocks · Safe (Gnosis Safe — multisig + module framework) · Securitize Markets ATS (SEC-registered ATS) · INX Securities ATS · BlackRock BUIDL · Franklin BENJI · Hashnote USYC · Ondo OUSG · Apollo ACRED (Ethereum mainnet deployments; issuer profiles carry SEC-registered / NYDFS limited-purpose trust / Reg D 506(c) postures detailed in the respective compliance frameworks)
Chain
Ethereum (Ethereum Foundation (protocol research + core-dev grants; protocol itself is permissionless and operated by the validator set))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKETHEREUM
L3 EXECUTIONCANTON PRIVACY
L2 CONSENSUSCANTON PRIVACY
L1 NETWORKCANTON PRIVACY
◆ Enforcement Line — code-enforced at this layer

Step 2 · Canton Privacy & Workflow OrchestrationCode-EnforcedINGESTDETECTALERT

"A Chinese Wall inside a multi-party transaction — each participant sees only the data they're entitled to, yet the transaction settles atomically across all parties."

Canton's sub-transaction privacy model ensures each participant sees only their slice of the settlement. This is compliance by architecture — data minimization (D15, GDPR alignment) is built into the protocol, not layered on top. Daml smart contracts orchestrate the multi-party workflow. L1+L2+L3 lit — privacy enforcement runs at every layer below the enforcement line. Unlike public blockchains where all data is visible, Canton reveals nothing beyond what each party needs.

Counterparty
Canton Network (Digital Asset)
Latency
<1s · Canton consensus
Finality
Workflow orchestrated · settlement pending
Vendors
Circle CCTP v2 (canonical USDC burn-and-mint cross-chain transport) · Wormhole · LayerZero · Across (intent-based settlement) · Ethereum devp2p / libp2p transport · EIP-4844 blob-data DA layer (canonical DA for OP Stack and other rollup-based L2s — Base, Arc, Tempo, Arbitrum, Optimism, etc.) · Ethereum Proof-of-Stake (Beacon Chain — Casper FFG finality + LMD-GHOST fork choice) — permissionless 32-ETH stake threshold; effective validator economics concentrated via Lido / Coinbase / Binance / Kraken / Figment staking pools · MEV-Boost relays (Proposer-Builder Separation — out-of-protocol; OFAC-compliant relays Flashbots / BloXroute Regulated have periodically dominated relay share) · Uniswap v4 (extensible AMM — concentrated liquidity + custom-logic extension framework) · Curve · Balancer · Chainalysis OFAC Oracle (on-chain SDN-list enforcement primitive · code-enforced at the contract layer for opt-in callers) · Securitize DS Protocol (on-chain transfer-restriction smart-contract framework enforcing eligible-investor whitelisting) · ERC-3643 / T-REX (industry-standard permissioned-token framework — Tokeny-developed, used by issuers outside the Securitize stack)
Chain
Ethereum (Ethereum Foundation (protocol research + core-dev grants; protocol itself is permissionless and operated by the validator set))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKETHEREUM
L3 EXECUTIONATOMIC DVP
L2 CONSENSUSATOMIC DVP
◆ Enforcement Line — code-enforced at this layer

Step 3 · Atomic DvP SettlementCode-Enforced

"The holy grail of post-trade: true atomic DvP where the security and the payment move in the same transaction. No fails, no partial settlements, no Herstatt risk."

Securities and payment settle atomically on Canton — both legs execute in the same transaction or neither does. This eliminates the settlement fail problem entirely. No need for NSCC's fail management, no SEC Rule 204 close-outs, no buy-in notices. L2+L3 lit: consensus and execution enforce atomicity. D9 (prudential) applies — the CCP's role shifts from fail management to atomic settlement coordination. The compliance innovation: replacing process with architecture.

Counterparty
Canton atomic DvP engine
Latency
<1s · atomic
Finality
Final · atomic — both legs or neither
Vendors
Circle CCTP v2 (canonical USDC burn-and-mint cross-chain transport) · Wormhole · LayerZero · Across (intent-based settlement) · EOA (secp256k1 externally-owned accounts) + ERC-4337 account abstraction (EntryPoint singleton + UserOperation mempool — paymaster and aggregator extensions) · Ethereum Proof-of-Stake (Beacon Chain — Casper FFG finality + LMD-GHOST fork choice) — permissionless 32-ETH stake threshold; effective validator economics concentrated via Lido / Coinbase / Binance / Kraken / Figment staking pools · MEV-Boost relays (Proposer-Builder Separation — out-of-protocol; OFAC-compliant relays Flashbots / BloXroute Regulated have periodically dominated relay share) · Uniswap v4 (extensible AMM — concentrated liquidity + custom-logic extension framework) · Curve · Balancer · Chainalysis OFAC Oracle (on-chain SDN-list enforcement primitive · code-enforced at the contract layer for opt-in callers) · Securitize DS Protocol (on-chain transfer-restriction smart-contract framework enforcing eligible-investor whitelisting) · ERC-3643 / T-REX (industry-standard permissioned-token framework — Tokeny-developed, used by issuers outside the Securitize stack)
Chain
Ethereum (Ethereum Foundation (protocol research + core-dev grants; protocol itself is permissionless and operated by the validator set))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKETHEREUM
L5 APPLICATIONPOSITION UPDATE
L4 ACCOUNTPOSITION UPDATE

Step 4 · Participant Position UpdatePolicy-Enforced

"The custodian bank updating the client's position — securities credited, cash debited, the settlement is reflected in the books."

Each participant's position updates on their private Canton sub-ledger. Because of Canton's privacy model, each participant sees only their own updated position — not the counterparty's. L4+L5 lit: position updates are policy-enforced at the application layer. Custodians and broker-dealers reconcile against their internal books, but reconciliation is trivial because the atomic settlement is the authoritative record.

Counterparty
Participant custody/prime broker
Latency
Instant on atomic settlement
Finality
Position updated · books reconciled
Vendors
MetaMask · MetaMask Institutional (ConsenSys-operated; institutional custody/MPC integrations) · Fireblocks · Safe (Gnosis Safe — multisig + module framework) · EOA (secp256k1 externally-owned accounts) + ERC-4337 account abstraction (EntryPoint singleton + UserOperation mempool — paymaster and aggregator extensions) · Securitize LLC (SEC-registered transfer agent; runs Reg D 506(c)(2)(ii) accredited-investor verification workflow) — off-chain compliance function paired with on-chain DS Protocol enforcement · EigenLayer (restaking primitive — slashing-conditional re-pledge of staked ETH and LSTs to Actively Validated Services; compliance-relevant for AVSs that supply oracle / fast-finality / DA security to downstream protocols) · Securitize Markets ATS (SEC-registered ATS) · INX Securities ATS · BlackRock BUIDL · Franklin BENJI · Hashnote USYC · Ondo OUSG · Apollo ACRED (Ethereum mainnet deployments; issuer profiles carry SEC-registered / NYDFS limited-purpose trust / Reg D 506(c) postures detailed in the respective compliance frameworks)
Chain
Ethereum (Ethereum Foundation (protocol research + core-dev grants; protocol itself is permissionless and operated by the validator set))
L5 APPLICATIONL4 ACCOUNTL3 EXECUTIONL2 CONSENSUSL1 NETWORKETHEREUM
L5 APPLICATIONREPORTING

Step 5 · Regulatory ReportingPolicy-EnforcedINGESTDETECTALERT

"Filing the trade report — but because settlement was atomic, there are no fails to report, no amendments to file, no reconciliation breaks to resolve."

Regulatory reporting captures the full lifecycle. Because settlement is atomic and Canton provides privacy, the reporting layer extracts only the data each regulator is entitled to — FINRA gets trade data, the SEC gets position data, tax authorities get PnL. L5 Application lit only. Structural note: Canton's architecture means post-trade reporting is cleaner than traditional DTCC — no fails, no amendments, no reconciliation exceptions. The complexity that drives most post-trade compliance costs simply doesn't exist.

Counterparty
FINRA / SEC / tax authorities
Latency
Batch · end of day
Finality
Final · atomic settlement leaves no loose ends
Vendors
EOA (secp256k1 externally-owned accounts) + ERC-4337 account abstraction (EntryPoint singleton + UserOperation mempool — paymaster and aggregator extensions) · MetaMask · MetaMask Institutional (ConsenSys-operated; institutional custody/MPC integrations) · Fireblocks · Safe (Gnosis Safe — multisig + module framework) · Securitize Markets ATS (SEC-registered ATS) · INX Securities ATS · BlackRock BUIDL · Franklin BENJI · Hashnote USYC · Ondo OUSG · Apollo ACRED (Ethereum mainnet deployments; issuer profiles carry SEC-registered / NYDFS limited-purpose trust / Reg D 506(c) postures detailed in the respective compliance frameworks)
Chain
Ethereum (Ethereum Foundation (protocol research + core-dev grants; protocol itself is permissionless and operated by the validator set))

Resolved 5 steps across 1 chain(s). 0 threshold(s) triggered. Frameworks: Common Reporting Standard / FATCA.

Coverage notes: 5 disclosed gap(s).

Other Clearing & Settlement Paths

PT1 DTCC/NSCC T+1 Clearing DTCC · NSCC
PT3 Chainlink CRE Cross-Chain DvP Chainlink · Kinexys
PT4 On-Chain Repo Digital Asset · Canton
PT5 LCH DigitalAssetClear LCH SA · GFO-X
PT6 Cross-Chain Bridge Settlement Chainlink CCIP · LayerZero
SETTLEMENT CHAINS
Ethereum
← All Clearing & Settlement Paths
Resolve Your Own Path →