CMTAT — Capital Markets Token Standard for Swiss Tokenization

CMTAT (CMTA Token Standard)

The CMTAT (CMTA Token) is an open-source smart contract framework developed by the Capital Markets and Technology Association (CMTA) for tokenized securities compliant with Swiss law and the DLT Act. CMTAT provides modular, audited smart contracts implementing the legal requirements for Registerwertrecht (ledger-based securities).

The standard covers share tokens, bond tokens, and fund unit tokens with built-in functionality for corporate actions (dividends, voting, stock splits), compliance controls (transfer restrictions, KYC gates, forced transfers for regulatory compliance), and register management (shareholder registry maintenance, voting right tracking). Smart contracts are deployed on Ethereum-compatible blockchains.

CMTAT’s open-source nature reduces implementation costs — particularly for SMEs and startups that cannot afford custom smart contract development and auditing. By standardizing the tokenization interface, CMTAT enables interoperability: tokens issued using CMTAT on one blockchain can be recognized by any system supporting the standard, facilitating secondary market trading on SDX and BX Digital.

CMTA members include major Swiss law firms, banks (Sygnum, AMINA), Big Four firms, and blockchain infrastructure companies. The standard is maintained through consensus-driven working group processes.

Technical Architecture and Module System

CMTAT is implemented as a modular smart contract system deployable on Ethereum and other EVM-compatible blockchains. The modular architecture allows issuers to select only the components they need. A simple bond token may require only the core transfer and registry modules, while a complex equity token may also incorporate governance voting, dividend distribution, compliance enforcement, and capital events modules. This modularity reduces deployment costs and smart contract risk by limiting the attack surface to active modules.

The core modules include the BaseModule (essential token functionality including minting, burning, and transfer), the AuthorizationModule (role-based access control for administrative functions), the PauseModule (emergency pause capability for regulatory or security incidents), the EnforcementModule (forced transfers and freezing for regulatory compliance), and the SnapshotModule (point-in-time balance snapshots for dividend distributions and voting).

Compliance modules include the ValidationModule (transfer restriction logic for KYC gates, jurisdiction restrictions, and maximum holder limits), the DebtBaseModule (bond-specific functionality including interest rate management, maturity dates, and coupon payments), and the CreditEventsModule (handling of credit events including default, restructuring, and early redemption). Corporate action modules handle dividend distributions (automated pro-rata distribution of CHF or stablecoin dividends to token holders), voting (snapshot-based shareholder voting for corporate resolutions), and capital events (stock splits, reverse splits, share buybacks).

Legal Requirements and DLT Act Compliance

CMTAT implements the three legal requirements for valid Registerwertrecht under Article 973d of the Swiss Code of Obligations. The power of disposition requirement is satisfied through the token holder’s control of their private key — only the holder (or authorized smart contract functions) can initiate token transfers. The integrity requirement is satisfied through the immutability of the underlying blockchain ledger and the CMTAT smart contract’s access control mechanisms — unauthorized modifications to ownership records are prevented by cryptographic security. The transparency requirement is satisfied through the on-chain record of all holdings, transfers, and corporate actions — providing clear, publicly verifiable documentation of token holder rights and obligations.

The register management module maintains a shareholder or bondholder registry that satisfies the DLT Act’s transparency requirement. All holders, their holdings, and transfer history are recorded on-chain, providing the clear documentation that the Act mandates. The transfer restriction module enables compliance controls such as KYC gates (only verified addresses can receive tokens), jurisdiction restrictions (blocking transfers to addresses in sanctioned jurisdictions), and maximum holder limits (enforcing private placement exemptions under FinSA).

Security Audit and Quality Assurance

The audit history of CMTAT is maintained through regular professional security audits by established blockchain security firms. Each audit report is publicly available, providing assurance to issuers and investors that the smart contract code has been reviewed for vulnerabilities, logic errors, and compliance with stated specifications. This transparency aligns with Swiss foundation law principles and the DLT Act’s integrity requirement.

CMTAT’s open-source development on GitHub enables community review and contribution. Security researchers, legal professionals, and developers from member institutions review proposed changes before they are incorporated into the standard. The consensus-driven development process ensures that changes are technically sound, legally compliant, and practically implementable across the diverse range of platforms and use cases that CMTAT serves.

Adoption by Major Swiss Institutions

CMTAT adoption has grown steadily since the standard’s initial release. SDX integrates CMTAT standards for tokenized bond and equity issuance, meaning that CHF 750+ million in digital bonds settled using wholesale CBDC (Project Helvetia) have utilized CMTAT-compatible token infrastructure. Sygnum Bank’s tokenization platform integrates CMTAT modules for compliant securities issuance, processing real estate and financial securities tokenization. BX Digital, the second FINMA-licensed DLT trading facility, can list CMTAT-compliant tokens without custom technical integration.

RealUnit Schweiz AG’s issuance of digital registered securities on Ethereum, custodied by Hypothekarbank Lenzburg, demonstrates the CMTAT pathway for mid-market issuers. The growing adoption creates a virtuous cycle: more CMTAT deployments increase the standard’s credibility, attract more issuers, and expand the ecosystem of platforms, custodians, and service providers that support the standard.

Cross-Border Applicability and International Interest

The open-source nature of CMTAT has attracted international interest beyond Switzerland. Jurisdictions developing their own tokenization frameworks — including Singapore, the United Kingdom, Germany, and Luxembourg — can examine CMTAT’s architecture as a reference implementation for how tokenized securities standards can be structured to comply with local securities law while maintaining cross-border interoperability. The EU’s MiCA regulation, while different in approach from the DLT Act, may eventually benefit from CMTAT-like standards adapted for the MiCA framework.

CMTAT’s modular architecture facilitates adaptation for different legal frameworks. The legal compliance logic (register management, transfer restrictions, corporate actions) is conceptually separable from the Swiss-specific implementation — enabling development of CMTAT-compatible implementations that comply with German eWpG (Electronic Securities Act), Luxembourg’s dematerialized securities framework, or Singapore’s securities regulation while maintaining cross-border interoperability with Swiss-issued CMTAT tokens.

Impact on SME Capital Markets Access

For Swiss small and medium enterprises (SMEs), CMTAT significantly reduces the barrier to capital markets access. Instead of commissioning custom smart contract development — which requires blockchain engineering expertise and involves substantial development and audit costs — an SME can deploy a CMTAT-compliant token using the open-source framework with minimal technical modification. The token can then be listed on BX Digital or another CMTAT-supporting platform, providing shareholders with regulated secondary market liquidity.

This democratization of capital markets access aligns with Switzerland’s broader economic development objectives. The Swiss economy is characterized by a large SME sector (over 99% of companies) that traditionally has limited access to public capital markets due to IPO costs and listing requirements. CMTAT, combined with the DLT Act’s Registerwertrecht framework, creates a pathway where SMEs can access capital markets through tokenized equity issuance at a fraction of traditional IPO costs.

Relationship to Federal Council Proposals

The Federal Council’s October 2025 proposal for payment institution and crypto institution licenses will affect CMTA’s standards development priorities. The proposed crypto institution license — which covers wallet service providers, exchange operators, and market makers — will establish organizational and capital requirements for entities that custody and trade CMTAT-compliant tokens. CMTA’s standards may need to incorporate compliance features specific to the new license categories, such as enhanced reporting capabilities for FINMA-supervised crypto institutions.

The proposed reclassification of certain payment tokens as financial instruments under FinSA could also affect CMTAT’s scope. If Bitcoin and Ether are classified as financial instruments, the compliance controls currently limited to asset tokens (suitability assessments, information obligations) may need to be extended to payment token custody and trading. CMTA’s working groups are monitoring the legislative process and will adapt standards as the new framework takes shape.

CMTAT Deployment Process

The practical deployment of a CMTAT-compliant tokenized security follows a structured process. The issuer selects the appropriate CMTAT modules based on the instrument type and compliance requirements. A technical implementation team customizes module parameters (transfer restriction rules, corporate action schedules, voting configurations) for the specific issuance. The customized smart contract undergoes security audit by an independent firm. Upon audit completion, the smart contract is deployed to the target blockchain (typically Ethereum mainnet or a compatible network). The issuer or tokenization agent (such as Sygnum Bank or SDX) mints the initial token supply and distributes to verified investors through regulated channels.

Post-deployment, the CMTAT contract provides ongoing lifecycle management through automated module functions. Register management maintains an accurate shareholder or bondholder registry. Transfer restriction enforcement ensures that only verified addresses can receive tokens. Corporate action modules execute dividend distributions, interest payments, and voting on scheduled dates. The administrative role holder (typically the issuer or a designated service provider) manages the contract’s administrative functions including adding verified addresses, executing corporate actions, and — in exceptional circumstances — using enforcement modules for regulatory compliance (freezing or forced transfer of tokens pursuant to court order or regulatory instruction).

Version History and Evolution

CMTAT has evolved through multiple versions, each incorporating feedback from market participants, legal analysis, and security audit findings. Early versions provided basic transfer and registry functionality. Subsequent versions added compliance modules (transfer restrictions, KYC gates), corporate action modules (dividends, voting), and enhanced security features (emergency pause, role-based access control). The evolution reflects the growing sophistication of the Swiss tokenization market and the increasing complexity of instruments being tokenized — from simple bond tokens to equity tokens with full corporate governance functionality.

The standard’s evolution is managed through CMTA’s consensus-driven working group process, ensuring that changes reflect the needs and expertise of issuers, legal advisors, platforms, custodians, and regulators. Proposed changes undergo review periods where member institutions evaluate technical soundness, legal compliance, and practical implementability before incorporation into the standard.

Interoperability with External Systems

CMTAT’s standardized interface enables integration with external systems beyond DLT trading facilities. Portfolio management systems can read CMTAT token balances and transaction history through standard blockchain APIs. Tax reporting systems can extract CMTAT event data (dividends, interest payments, transfer events) for automated tax report generation. Custody systems can interact with CMTAT tokens through standardized interfaces for institutional asset servicing. This interoperability reduces the integration cost for institutional market participants and enables CMTAT tokens to be managed alongside traditional securities in existing operational workflows.

CMTAT and Institutional Market Infrastructure Integration

CMTAT’s role extends beyond individual token issuances to become a foundational component of Swiss institutional market infrastructure. The standard’s integration with SDX’s settlement system, Project Helvetia’s wholesale CBDC, and institutional custody infrastructure at Sygnum Bank and AMINA Bank creates an end-to-end institutional value chain built on standardized open-source components. This institutional integration distinguishes CMTAT from proprietary tokenization solutions that lock issuers into specific platform ecosystems. The open-source, standards-based approach enables competition among service providers while maintaining interoperability that benefits issuers and investors. As the Swiss tokenized securities market grows from its current base of CHF 750 million in settled digital bonds toward broader adoption across equity, real estate, and fund tokenization, CMTAT’s role as the standardization layer becomes increasingly significant for market efficiency, liquidity, and institutional confidence. The standard’s continued development through CMTA’s consensus-driven working group process ensures that it evolves alongside market needs, regulatory requirements, and technological capabilities, maintaining relevance as the Swiss tokenization ecosystem matures.

The standard’s audit history, maintained through regular professional security reviews by established blockchain security firms, provides the assurance that institutional issuers and investors require before deploying significant capital through CMTAT-based tokenized instruments. The open-source nature of CMTAT ensures that the standard remains accessible to all market participants, from large institutional issuers deploying on SDX to small Swiss SMEs tokenizing equity for the first time. CMTAT has established itself as the de facto standard for Swiss tokenized securities, with growing adoption across institutional platforms, banking infrastructure, and SME issuances that collectively demonstrate the viability of standardized, open-source tokenization within a regulated financial market framework. The standard’s continued development through consensus-driven industry processes ensures its relevance as the Swiss tokenization ecosystem scales and matures toward mainstream institutional adoption.

For FINMA token classification of CMTAT-issued tokens (asset tokens), see our regulatory analysis. For the DLT Act framework enabling Registerwertrecht, see our coverage. For real estate tokenization using CMTAT, see our DeFi section. For DAO governance of tokenized equity, explore our governance section. For data, visit dashboards.