The open-transfer model with reactive enforcement is a compliance design where tokens move freely between wallets, identity checks happen only at the creation and redemption gateway, and freeze functions apply reactively to bad actors rather than restricting every transfer in advance. It preserves DeFi composability while meeting AML obligations.
The model's integrity rests entirely on the gateway. Under-engineer the creation and redemption controls and you get no real compliance protection, plus a freeze function that becomes a liability instead of a backstop.
How it works
Identity verification and AML checks concentrate at the creation and redemption gateways, not inside every transfer. Between those checkpoints, tokens behave like ordinary onchain assets: they move freely between wallets, compose with DeFi protocols, and need no per-transfer permission check. The freeze capability still lives in the contract and is exercised reactively when a specific address is flagged as a bad actor, not proactively to pre-approve every recipient.
Compliance logic lives at the issuer-operated gateway. An investor clears KYC and KYB before receiving newly created tokens. A redeemer clears the same before exchanging tokens for the underlying. In between, the issuer monitors chain activity and exercises freeze functions when the law requires or when a sanctioned address appears in the holder set. It mirrors how bearer instruments have long been regulated: the burden sits at entry and exit, not on every secondary transaction.
Design consequence
The contrast is with on-transfer whitelist models such as T-REX (EIP-3643), where every transfer requires an onchain identity validation call before it settles. Whitelist models give strong proactive control but add friction at every transaction: gas cost for the identity check, latency from the oracle call, and brittleness whenever the whitelist oracle is unavailable or stale. Liquidity pools and other DeFi primitives usually cannot satisfy those checks and get excluded from the token's composability surface entirely.
Why it matters
The model aligns with MiCA's AML obligations under Article 34, which apply at issuance and redemption. It also fits FATF travel-rule guidance, which gates obligations on the originating and beneficiary VASPs rather than on every intermediate transfer. A regulator evaluating the design should find it coherent: the gateway is the regulated perimeter. Teams that pick the model only for the DeFi composability benefit, without investing in the gateway, are making a compliance decision they do not realize they are making.
See MiCA Compliance Tokenomics Guide for how this applies in practice.
More in Mechanism Design Structures
Know the terms but not sure how they apply to your project? That is what an engagement is for. We design, document, and stress-test the whole token economy inside the Tokenomics Data Room.
80+ projects advised. Complete tokenomics in 4 to 6 weeks.