Transparency & Compliance

The compliance pack, in public.

Security tokens governed by Swiss law, issued by Flo Global Markets Ltd. (BVI) under a base prospectus approved by the Liechtenstein Financial Market Authority (FMA). Flo Global Markets Ltd. is the sole investor in Flo Capital SPC (Cayman), a bankruptcy-remote Segregated Portfolio Company with an independent director that holds the underlying securities at SEC-registered broker-dealers, one-to-one with tokens outstanding. Forward this page to your compliance team. Most teams sign off after one read.

The one-paragraph version

If your compliance team only reads one page, this is it. The structure, the instrument, and the insolvency-remote design that protects holders.

Token governing law

Switzerland

Swiss-law structured notes

Prospectus

FMA-approved

Liechtenstein · EEA passportable

Issuer

Flo Global Markets Ltd.

BVI · onboards investor · sole investor in SPC

Custody

Flo Capital SPC

Cayman · bankruptcy-remote · independent director

Backing

1:1 at SEC-registered BDs

IB + Alpaca · segregated brokerage accounts

Independent audits

Sherlock · Halborn · Cantina · Cyfrin

Daily 00:00 UTC

Merkle-root cadence

Daily Accountable attestation via API

$0.01

Reconciliation tolerance

Zero on unit count

Up to $250K

Bug bounty (critical)

Coordinated disclosure

3 chains

Live deployment

Base · Arbitrum · Ethereum

Flo issues blockchain-based structured notes, on-chain certificates that track publicly traded equities one-to-one. The notes are governed by Swiss law and issued by Flo Global Markets Ltd. (BVI) under a base prospectus filed in Liechtenstein and approved by the Liechtenstein Financial Market Authority (FMA), which is passportable across the EEA under the EU Prospectus Regulation. Flo Global Markets Ltd. is the sole investor in Flo Capital SPC (Cayman), a bankruptcy-remote Segregated Portfolio Company with a trust-like shareholding arrangement and an independent director. Each note is backed 1:1 by the underlying security held by Flo Capital SPC in a segregated institutional brokerage account at a SEC-registered broker-dealer. Both entities sit structurally separate from Flo's operating company. Distribution is B2B to partners, fintechs, exchanges, neobanks, institutional clients, and startups, each of whom completes a one-time business KYC at the Flo Global Markets Ltd. layer and handles jurisdictional compliance and user-level KYC for their own end users.

Go deeper

Three dedicated pages for the evidence behind the claims on this one.

Security

Every line of code, reviewed

Audit history, $250K bug bounty, SOC 2, SSO/MFA, incident response, BCP/DR, ForDefi MPC, vendor risk.

Open security →

Reports & Artifacts

Independent verification, every day

Daily attestations from Accountable, served via public API. BVI and Cayman legal opinions, trust deed, SOC 2, and DPA. Indexed by artifact ID.

Open reports →

Proof of Reserves

On-chain. Permissionless. Verifiable.

Live reserve status. Self-verify with Merkle proofs. Cross-reference against broker-dealer positions. The math, not the marketing.

Verify reserves →

Entity & Regulatory Structure

BVI issuer · Cayman SPC custodian

Three legal layers. Flo Global Markets Ltd. (BVI) issues the structured notes and onboards the investor. It is the sole investor in Flo Capital SPC (Cayman), a bankruptcy-remote Segregated Portfolio Company with an independent director that holds the underlying securities. Flo Finance, Inc. is the operating company, structurally separate from both, providing services under arm's-length agreements.

Token holder
    │   Holds blockchain-based structured notes (transferable
    │   securities under MiFID II), tradable on-chain.
    │
    │   Direct contractual entitlement against ↓
    │
Flo Global Markets Ltd.  (British Virgin Islands)
    │   Issuer entity. Issues structured notes under the
    │   FMA-approved Liechtenstein Base Prospectus (Swiss-law
    │   tokens). Onboards the investor; runs counterparty AML,
    │   KYC, and sanctions screening. Sole investor in ↓
    │
Flo Capital SPC  (Cayman Islands)
    │   Bankruptcy-remote Segregated Portfolio Company.
    │   Independent director on the board. Trust-like
    │   shareholding arrangement. Legal owner of the
    │   underlying securities. Beneficial owner of ↓
    │
Institutional custody accounts at SEC-registered broker-dealers
    ·   Interactive Brokers LLC  (primary)
    ·   Alpaca Securities LLC    (secondary, for business continuity)
    ·   SIPC-covered. Customer property held in segregated brokerage
    ·   accounts in the name of Flo Capital SPC.

Flo Finance, Inc.  (operating company, Delaware)
    ·   Employees, IP, vendor contracts, technology platform.
    ·   Provides services to Flo Global Markets Ltd. and Flo Capital
    ·   SPC under arm's-length agreements.
    ·   Has no ownership interest in either entity.

Flo Global Markets Ltd. (BVI)

Issuer entity. Issues blockchain-based structured notes under the FMA-approved Liechtenstein Base Prospectus (Swiss-law tokens). Onboards the investor and runs counterparty AML, KYC, and sanctions screening. Sole investor in Flo Capital SPC.

Flo Capital SPC (Cayman)

Bankruptcy-remote Segregated Portfolio Company. Independent director on the board. Trust-like shareholding arrangement. Legal owner of the underlying securities, held in segregated brokerage accounts at Interactive Brokers and Alpaca Securities.

Flo Finance, Inc. (operating co)

Delaware corporation. Builds and operates the Flo platform under services agreements with the issuer and the SPC. Structurally separate from both, any operating-company outcome is contained to Flo Finance and leaves the issuer, SPC, and note holders unaffected.

Structured Notes

Blockchain-based certificates

Each Flo token is a blockchain-based structured note issued by Flo Global Markets Ltd. (BVI). The note tracks the economic performance of the underlying equity one-to-one and is fully backed by that same security held by Flo Capital SPC (Cayman) in an institutional custody account at a SEC-registered broker-dealer.

Instrument

Structured note

A blockchain-based structured note, an on-chain certificate issued by Flo Global Markets Ltd. (BVI), representing direct entitlement to the economic performance of one specified underlying security.

Backing

1:1 backed

Each note is backed 1:1 by the underlying security held by Flo Capital SPC in a dedicated institutional custody account at a SEC-registered broker-dealer, in the name of the SPC for the benefit of note holders.

Ledger integrity

Audited · On-chain

Independently audited smart contracts record issuance, transfers, and redemptions. The blockchain ledger itself is the authoritative record of ownership; secondary transfers are permissionless on-chain.

Holder rights

Total-return

Note holders have direct contractual entitlement to the total-return performance of the underlying. Cash dividends, coupons, and similar distributions are reinvested into more of the underlying by Flo Capital SPC; token supply stays the same and NAV per token rises. On-chain transfer effects transfer of the note.

Bankruptcy remoteness

SPC · Segregated accounts

Flo Capital SPC is structured with a trust-like shareholding arrangement and an independent director on the board. Underlying assets sit in segregated brokerage accounts at the BD in the SPC's name, keeping them separate from both Flo the operating company and the BD's own estate.

One-to-one entitlement

One-to-one

Each note tracks one underlying security, one-to-one. Dividends and corporate actions accrue to note holders directly. This is a straightforward entitlement structure, a clean, single-name certificate rather than a managed or pooled product.

The BVI / Cayman SPC split is the standard institutional pattern for tokenized capital-markets products. The BVI issuer onboards investors and issues the notes; the Cayman SPC, with trust-like shareholding plus an independent director, holds assets bankruptcy-remote from both Flo Finance and the broker-dealer estates.

Custody & Broker-Dealer Chain

Dual-broker redundancy

The underlying security is held in a segregated brokerage account at the broker-dealer. Flo maintains two independent broker relationships, Interactive Brokers as primary and Alpaca as secondary, so the issuance chain remains operational if either relationship becomes unavailable. One broker is always sufficient; the second is there for business continuity.

Interactive Brokers LLC

Primary

SIPC Member

$500K protection

FINRA Member

Full compliance

Publicly Traded

IBKR (Nasdaq)

Client Accounts

2.6M+

FIX API · Real-time reconciliation

Alpaca Securities LLC

Secondary

SIPC Member

$500K protection

FINRA Member

Full compliance

Regulator

SEC-registered BD

Fractional Support

Native

REST API · Redundant execution path

Chain of legal title

Note holder → Flo Global Markets Ltd. (BVI)

Direct contractual entitlement to the economic performance of the underlying security, against the BVI issuer entity. Flo Global Markets Ltd. issues the notes under the FMA-approved Liechtenstein Base Prospectus.

Flo Global Markets Ltd. → Flo Capital SPC (Cayman) → underlying at the BD

Flo Global Markets Ltd. is the sole investor in Flo Capital SPC, a bankruptcy-remote Segregated Portfolio Company with an independent director. Flo Capital SPC holds the underlying securities in segregated brokerage accounts at the BD, in the SPC's name, separated from the BD's own property for the benefit of note holders.

On-chain Custody

ForDefi MPC

MPC Custody Solution

Threshold signing with hardware-secured shards. No single private key ever exists in full form.

SOC 2 · ISO 27001

ForDefi is SOC 2 Type II and ISO 27001 certified. Independent attestation of custody controls.

Policy engine

Transaction policies with allowlists, co-signing thresholds, and time delays on high-value operations.

Attestation

Independent · Daily

Daily independent attestation of backing by Accountable, served via public API. On-chain proof of reserves verifiable against signed custodian records. The closest thing to continuous proof of reserves this asset class permits.

Reserve Attestation

Monthly

Independent verification that on-chain Flo token supply matches the custodied underlying at Interactive Brokers and Alpaca. Reports total tokens per series, total held per CUSIP, and any delta with explanation.

Proof of Reserves

Continuous

Merkle-tree proof published on-chain. Signed attestations from the custodian are cryptographically verifiable against the on-chain supply.

Smart Contract Audits

On-chain + half-yearly retest

Four independent audits of all smart contract logic and state transitions, Sherlock, Halborn, Cantina, and Cyfrin. Audits run on every on-chain change and are supplemented by a scheduled half-yearly retest on the full contract surface.

SOC 2 Type II

In progress

Enterprise-grade security, availability, and confidentiality controls independently assessed. Year-1 observation window under way; bridge letter available on completion.

Smart Contract Security

Quadruple Audit

Independent audits from Sherlock, Halborn, Cantina, and Cyfrin.

Bug Bounty

Up to $250K for critical vulnerabilities, operated directly by Flo.

Time-Locked Governance

All governance changes subject to a 72-hour delay before execution.

Emergency Pause

Any member of the independent security council can trigger an emergency pause. Unpause requires a higher threshold, 4/7 multisig, so recovery is deliberate and well-reviewed.

Sanctions Enforcement

OFAC-sanctioned addresses are hard-denied at the token contract level.

Security & Operations

SOC 2 in progress · ISO 27001 roadmap

Production access, change management, secrets, monitoring, incident response, business continuity. The operational controls behind the attestations.

Production access

SSO, hardware MFA (WebAuthn only), scoped IAM roles. No shared credentials. No long-lived keys in environments.

Change management

All production changes via PR with two-reviewer approval. CI/CD with signed releases; artifact provenance recorded.

Secrets management

AWS Secrets Manager and Vault. No secrets in code or env files. Rotation enforced on schedule and on departure.

Logging and monitoring

Centralised SIEM with 24/7 on-call rotation. Security alerting pipelines independent from application alerting.

Incident response

Documented runbook, tested quarterly. Material-incident disclosure to partners within 24 hours; full post-mortem within 5 business days.

Business continuity

Multi-region active-passive. RTO 4 hours, RPO 5 minutes for issuance and redemption. Failover tested quarterly.

Penetration testing

Independent third-party pen tests on application and infrastructure scheduled before public launch, then on an annual cadence and after any material architectural change. Executive summaries shareable under NDA.

Vendor risk

Vendor diligence run on any counterparty with access to production data or systems. Annual re-review; SOC 2 / ISO certs required for critical vendors.

Bug bounty

Program operated directly by Flo, covering issuance contracts, the mint/redeem API, and the web surface. Up to $250K for critical.

Jurisdictions, KYC & AML

BVI-level AML

KYC on end users is performed by the partner, fintech, exchange, neobank, institutional client, or startup, to the standard of the user's jurisdiction. Flo Global Markets Ltd. (BVI), as the issuer entity that onboards the investor, runs entity-level AML (business KYC), counterparty diligence, and sanctions screening at the BVI layer.

End-user KYC

Performed by the partner (fintech, exchange, neobank, institutional client, or startup) to the standard of the user's jurisdiction. Flo receives no end-user PII.

Entity-level AML

Counterparty diligence on BDs, partners, and banking relationships run at the BVI issuer layer (Flo Global Markets Ltd.), with AML officer appointments and onboarding KYC for every investor.

Sanctions screening

OFAC, EU, UK, and UN lists. Onboarding plus continuous daily re-screening.

Wallet screening

Chainalysis / address risk screening on every mint and redemption flow.

Contract-level denylist

OFAC-sanctioned addresses hard-blocked at the token contract level. Not just off-chain policy.

Compliance Architecture

The responsibility split between Flo and the partner. Knowing which obligations you inherit, and which you don't, is usually the first thing your compliance team wants clarified.

What Flo Does

FBVI-issued structured notes (Flo Global Markets Ltd.)
FCayman SPC custody chain (Flo Capital SPC) into Interactive Brokers and Alpaca
FOn-chain audit trail and immutable settlement records
FProof of reserves and daily attestations
FCollateral enforcement via independent security agent
FEntity-level AML, KYC, and sanctions screening at the BVI issuer layer
FContract-level OFAC sanctions enforcement
FAPI rate limits and operational security

What You Control

YKYC and AML of your end users
YGeographic restrictions and allowlisting
YUser onboarding experience
YRegulatory licensing in your jurisdiction
YTax reporting and statements to users
YUser-facing disclosures and suitability
YTravel-rule reporting at the user layer
YUser-relationship-level data controllership

Frequently Asked

The questions compliance teams ask most often on first calls.

What if Flo the company fails?+

The issuer entity is Flo Global Markets Ltd. (BVI), separate from the operating company. Flo Global Markets Ltd. is the sole investor in Flo Capital SPC (Cayman), a bankruptcy-remote Segregated Portfolio Company with an independent director and a trust-like shareholding arrangement; Flo Capital SPC holds the underlying securities. Flo Finance, Inc. has no ownership interest in either entity, it provides services under arm's-length agreements. Any outcome at the operating company is contained there. Note holders retain their direct entitlement from the issuer, and the underlying remains segregated at the broker-dealer in the SPC's name.

Is this a stablecoin or an E-money token under MiCA?+

No. Flo tokens are transferable securities under MiFID II, issued as Swiss-law structured notes and documented under the EU Prospectus Regulation via the FMA-approved Liechtenstein base prospectus. MiCA expressly excludes transferable securities (Article 2(4)(a)), so MiCA's stablecoin and E-Money Token classifications do not apply.

What happens on a corporate action: dividend, split, M&A?+

Flo runs a total-return model. Token supply changes only on mint and redeem; every other economic event at the underlying flows through NAV per token. (a) Cash dividends: Flo Capital SPC's broker receives the dividend net of any applicable issuer-country withholding tax, reinvests the net cash into more of the same underlying, and the resulting higher shares-per-token ratio is reflected in NAV per token. Token supply stays the same; NAV per token rises by the corresponding amount, captured in the next /v1/positions read and the next proof-of-reserves snapshot. Holders receive the dividend value as token-price appreciation, and can convert any portion to cash via the redeem endpoint at any time. (b) Stock splits: token supply stays the same. Flo Capital SPC's share count adjusts by the split ratio (forward or reverse) and NAV per token reflects the new shares-per-token ratio. Dollar-value backing per token is preserved across the split. (c) Cash M&A: notes redeem at the deal price on closing; proceeds flow through the standard redeem rail. Stock-for-stock M&A: Flo Capital SPC receives the new issuer's shares and the note continues to track the new entity. Special dividends, scrip dividends, and rights issues follow the same accumulating treatment: proceeds reinvest into the underlying and NAV per token captures the value. Bond coupons and money-market accruals follow the same rule: Flo Capital SPC reinvests, token supply stays the same, and NAV per token accrues.

Is Flo regulated?+

Yes. Security tokens governed by Swiss law, issued by Flo Global Markets Ltd. (BVI) under a base prospectus approved by the Liechtenstein Financial Market Authority (FMA) and passportable across the EEA. Flo Global Markets Ltd. is the sole investor in Flo Capital SPC (Cayman), a bankruptcy-remote Segregated Portfolio Company with an independent director that holds the underlying securities in segregated brokerage accounts at SEC-registered broker-dealers. Full document pack available under NDA via compliance@flo.finance.

Can US persons hold the tokens?+

Flo tokens are permissionless ERC-20s and transfer freely on the secondary market under EU/EEA law. Token contracts have no on-chain wallet allowlist. The offering is non-US: Flo does not solicit or distribute to US persons at the SDK layer. Partners distribute the offering to non-US users in their respective jurisdictions.

What's the recovery process if a wallet's keys are lost?+

Token custody sits with the partner and their end users; Flo does not custody token-holder wallets. EOA (single-key) wallets are not recoverable: if the private key is lost, the assets at that address are permanently inaccessible. Flo strongly recommends threshold-MPC wallets for any institutional partner (typical configurations are 5-of-7 or 3-of-5), which let any quorum of remaining key-holders rotate a lost or compromised key without any loss of access. Compatible MPC platforms are widely available; partners choose the one that fits their team and compliance posture.

Is there a separate transfer agent?+

No. Tokens transfer permissionlessly on-chain, and the blockchain ledger itself acts as the authoritative record of ownership. There is no separate transfer-agent register parallel to the chain.

Compliance-ready from the first call.

Forward this page to your compliance team. Request the full document pack, legal opinion, SOC 2 status, audit reports, attestations, under NDA. One business day turnaround.

Request document pack Latest attestation