The SEC delayed tokenizing stocks, and here’s why that’s a relief

After two decades building systems that evolved from reactive to cognitive – first at VMware with mobile device security, now in compliance infrastructure for digital asset markets – I've seen that following the rules isn’t the same as preventing catastrophe. So, when the SEC delayed its plan to allow tokenized U.S. stocks last week, my first reaction was relief, not frustration. Michael Burry, the investor who called the 2008 crisis, immediately warned that the plan could trigger a systemic disaster. He's right, but not for the reasons most people think.

The problem isn’t tokenization itself. It’s that we’re about to tokenize the world’s most liquid markets with legacy compliance systems that aren’t built for real-time execution. Currently, there is always a lag of one to two days between when a trade is executed and when it is fully settled. As we move towards real-time execution, we need compliance systems that evaluate trades in real time, especially if they are intended to support the transfer of tokenized U.S. equities.

Recent history shows that fraud occurs in the context preceding these transactions.

Take the Lazarus Group's exploitation of Tornado Cash and the Ronin Bridge. Sanctioned wallets? None detected. Prohibited tokens? All clear. Protocol compliance? Perfect.

Yet $600 million vanished through wallet-hopping across jurisdictions, beyond the reach of previous systems to contextualize.

FTX complied with regulations until customer funds were commingled. Mango Markets’ oracle was hacked while protocols remained compliant.

The fraud happened in the context, not the code.

Through my travels as a CEO in digital asset markets, I've witnessed tokenization transform global financial hubs. Real estate in Dubai, tokenized by a special-purpose vehicle in the Cayman Islands, sold on a Singapore platform, with liquidity from global DeFi pools, and bought by investors worldwide. Every jurisdiction's regulations were followed. Every wallet was clean. Every token was compliant.

Yet is the transaction secure for a retail investor in Ohio? They can’t answer. Maybe an institutional compliance team could. But most concerning of all, you can’t even ask current systems. They check boxes; they don’t think.

The jump from paper-based markets to AI-assisted compliance took a decade. The jump from AI-assisted to cognitive compliance must happen within 24 months, or tokenized equities will become the largest attack surface in financial history.

Here’s what’s needed to protect retail investors and markets:

Not just static sanctions lists, but real-time ingestion of enforcement actions, geopolitical signals and guidance. By the time OFAC adds a sanctioned entity, the money’s already moved. Systems must predict, not react.