Token listing policy how to set criteria and avoid claims

Nikita Veremeev

22.03.2026 | 6 min read

Updated: 22.03.2026

Since 2016 I have been running COREDO as a platform where legal precision and financial engineering serve the growth of international companies. During this time the COREDO team has carried out dozens of projects to register legal entities in the EU, the UK, Singapore and Dubai, obtain crypto, payment and forex licenses, as well as provide comprehensive AML consulting. Today I want to systematically analyze one topic that often becomes a bottleneck for exchanges and issuers: token listing policy. Properly designed token listing and token compliance criteria save months of approvals, reduce regulatory risks and build investor trust.

Regulatory landscape MiCA, AMLD, MAR

• EU. MiCA sets uniform requirements for listing crypto-assets, including issuer governance standards, disclosure and management of conflicts of interest. At the same time the AML Directives (AMLD5/AMLD6), the Market Abuse Regulation (MAR), the EU Prospectus Regulation and, where necessary, KID/PRIIPs for retail investors apply. MiCA listing requirements are especially important for platforms licensed in Lithuania, Estonia or Cyprus that are planning European expansion.
• United Kingdom and Switzerland. The FCA and FINMA closely monitor asset classification, risks of market manipulation and insider trading, as well as custody solutions.
• Singapore and Hong Kong. MAS and the SFC emphasize risk management, travel rule compliance and clear token typology (security vs utility).
• UAE (VARA/ADGM). Regulators encourage transparent listing procedures and strict AML/CFT frameworks with a focus on on-chain analytics and sanctions screening.

Security vs utility tokens

A fair classification of tokens: the skeleton of any policy. Any token listing procedure should start with legal qualification:

• The Howey test and tokens. We compare the facts to the criteria of an investment contract: investment of money, common enterprise, expectation of profit, efforts of a third party.
• MiCA. In the EU the main question is the type of crypto-asset (ART, EMT, other crypto-assets) and the level of requirements for issuance and listing.
• Securities law compliance. For jurisdictions outside the EU we assess the risks of classification as a security and the applicability of prospectus rules, retail restrictions and registration requirements.

Token Listing Policy Architecture

The token listing policy is not a ‘for show’ document. It is the exchange’s operating system that links commercial objectives and compliance. I use a structure of six blocks.

1. Scope and definitions
   • Which types of assets are accepted (utility, governance, stable; NFT collections with securities-like functions are excluded or follow a separate track).
   • Terms: beneficial ownership verification, Enhanced Due Diligence (EDD), market manipulation detection, travel rule, on-chain analytics, code escrow.
2. Token listing criteria
   • Legal: legal assessment of tokens, MiCA compliance/AMLD, absence of signs of a security without registration, cross-border compliance.
   • Financial: tokenomics modeling, economic design and inflation schedule, transparency of team and investor funds.
   • Technical: audited smart contract code, smart contract audit, security pentest, bug bounty programs, resilience to MEV and flash loans.
   • Reputational: beneficiaries’ biographies, PEP screening, sanctions screening, absence of ties to fraud or sanctioned jurisdictions.
   • Market: liquidity, independent market making, requirements for volume and distribution, protection against pump-and-dump.
3. Token listing procedure
   • Application submission, closed data room, legal support for token listing.
   • Token due diligence: technical audit, corporate documents, beneficial ownership, financial models, marketing promises vs reality.
   • Listing committee decision, token listing agreement and SLA, terms and transparency of listing fees.
4. AML/CFT and token compliance
   • CDD/EDD on the issuer and key beneficiaries, KYC requirements, AML for listing.
   • Travel rule compliance, transaction monitoring, blockchain forensics and chain analysis for AML.
   • Suspicious activity policy and reporting to authorities (SARs).
5. Disclosure and investor protection
   • Whitepaper, aligning the whitepaper with legal requirements, prospectus and disclosure documents.
   • Risk disclosure policy and investor protection, MAR, insider trading prevention.
   • KID/PRIIPs considerations for a retail audience.
6. Token delisting, liability and insurance
   • Token delisting: reasons and procedure, delisting and remediation procedures.
   • Exchange liability for a fraudulent token and mechanisms: indemnities, insurance policies, escrow arrangements.

Token evaluation and documentation for listing

• Legal transparency (20%): presence of a legal opinion, absence of indicators of a security, compliance with MiCA.
• Team and BO (15%): verification of beneficial ownership, experience, corporate governance of the issuer at listing.
• Tokenomics (20%): issuance model, vesting, role of the market maker, liquidity requirements for listing.
• Technical reliability (20%): smart contract audit, penetration testing, code escrow, bug bounty, use of external code audits to minimize claims.
• AML/sanctions (15%): PEP/sanctions screening, on-chain historical analysis, geo-risk.
• Reputation and market (10%): community, partnerships without paid boosting, absence of manipulations.

How to formalize listing criteria and avoid claims? Three rules:

1. Transparency of the methodology and publication of a token listing policy template with clear indicators.
2. Decision-making traces: listing committee minutes and justification of the assessment.
3. Consistency of application: exceptions are allowed only with documented risk acceptance.

Listing: from application to first trade

Predictability is important for both the exchange and the issuer. The process the COREDO team systematically implemented for clients looks like this:

1. Pre-application session
   • Legal screening: classification security vs utility, MiCA/AMLD impact, EU Prospectus Regulation and MAR.
   • Technical scope: how to check the smart contract before listing, plan for audits and pentests.
   • Documentation package: articles of association and registration of a legal entity, cap table, agreements with a market maker, marketing policy.
2. Official application and documents
   • Whitepaper/Lightpaper, tokenomics, roadmap, information about funds, disclosure of beneficiaries.
   • Legal opinion and, if necessary, Howey test analysis.
   • Compliance policies: AML/CFT, data protection and GDPR, information security standards (ISO 27001) and SOC 2 compliance, incident response plan.
3. Token due diligence
   • Legal: legal risks when listing tokens, VASP/EMI/PSP licenses, cross-border compliance, jurisdictional risk assessment.
   • Technical: smart contract audit by two independent providers, code escrow, bug bounty, infrastructure pentest, custody review (cold storage vs hot wallets, multisig custody, third-party custody providers).
   • Financial and economic: assessment of tokenomics, resistance to inflation, incentives for validators/stakers, liquidity resilience.
   • AML/sanctions: CDD/EDD, sanctions/PEP screening, beneficial ownership verification, on-chain analytics of the issuer and key wallets’ history, travel rule readiness, transaction tracing tools.
4. Listing decision and agreements
   • Listing committee memo, token listing agreement and SLA, listing fee disclosure, market making agreements, escrow arrangements.
   • Information barriers, insider trading prevention, wall-crossing procedures, MAR policies.
   • Delisting conditions and remediation plan, insurance and indemnities.
5. Preparation for launch
   • Opening trading pairs, order books and market-making, liquidity and limits.
   • Market notification, prospectus and disclosure documents, risk disclosure policy.
   • Setting up transaction monitoring, market manipulation detection and alerts.

AML/CFT and compliance in practice

1. Onboarding. Customer Due Diligence (CDD), EDD for complex structures, document checks and document verification technologies, PEP and sanctions screening, assessment of geo-risks and international sanctions and their impact on token listings.
2. Transaction analytics. Transaction monitoring, travel rule compliance, on-chain analytics and blockchain forensics, use of blockchain analytics providers to identify mixers and sanction «traces».
3. Response and reporting. Suspicious activity reports (SARs), escalation framework, decision log, interaction with regulators.
4. Information and security. GDPR, ISO 27001/SOC 2, access control, network segmentation, incident management protocols.

Disclosure and investor protection

Disclosure: this is not copying someone else’s whitepaper. I require consistency across three layers:

• Whitepaper/Lightpaper. Product, economic model, treasury management, risks, burn/mint mechanics.
• Prospectus and disclosure documents. If applicable, risk architecture, sections on conflicts of interest, token allocation and lock-ups, KID/PRIIPs for retail.
• Exchange policies. Alignment of marketing statements, prohibition of predictive promises of returns, investor protection policy and risk warnings.

Token delisting: reasons and procedure

Delisting is a normal risk management tool. I recommend documenting:

• Reasons: violation of listing criteria, signs of market manipulation, deterioration of technical security, regulatory orders, mass complaints.
• Procedure: notifying the issuer and the market, a remediation period, a liquidity withdrawal strategy, user support.
• Remediation: a remediation plan, a follow-up code audit, reporting on remediated issues.

Structuring legal entities and licenses

Registering a legal entity to operate with tokens in the EU and beyond is fundamental. The COREDO team has carried out projects in:

• EU: Estonia and Lithuania for VASP operations, Cyprus and Slovakia for holding and IP structures, coordination with MiCA transitions.
• United Kingdom: registration and engagement with the FCA for crypto companies with a focus on AML.
• Singapore: Licensing under the PSA with MAS, AML/CFT preparation and the travel rule.
• UAE: structuring in Dubai/VARA and ADGM, local requirements for KYC, custody and information security.

Due diligence checklists and smart contract

I always give clients working lists. Below are the reference checklists.

• Legal documentation: registration, articles of association, cap table, agreement with market maker, AML policies/CFT, GDPR, ISO 27001/SOC 2.
• Legal qualification: legal opinion, howey test analysis, MiCA mapping, cross-border compliance.
• Tech audit: smart contract audit (two independent), pentest, code escrow, bug bounty, remediation reports.
• AML/sanctions: CDD/EDD, BO verification, sanctions/PEP screening, on-chain analysis of key wallets, travel rule readiness.
• Tokenomics: issuance, vesting schedules, inflation, incentives, liquidity requirements for listing, market making agreements.
• Disclosure: whitepaper, risk disclosures, prospectus/KID if required.

• Automated bytecode analysis and test coverage.
• Independent audits and vulnerability assessment (reentrancy, integer overflow/underflow, access control).
• Pentest of the environment and deployment, multisig on critical functions, code escrow and emergency pause-mode procedures.
• Bug bounty with rewards and SLAs for fixing discovered vulnerabilities.

• Economic design and inflation schedule, validator incentives, sustainability of returns.
• Distribution and vesting schedules, anti-dump mechanics, buyback/burn program.
• Liquidity plan, role of market makers, spread limits and order book depth requirements.

Agreements and liability

Drafting a listing agreement and an SLA is protection for both parties. I recommend including:

• Terms of listing, disclosure obligations, reporting cadence, the right to pause trading in the event of incidents.
• Listing fee disclosure, market fees, refunds in case of force majeure, transparency of settlements.
• Market abuse and MAR compliance, insider trading prevention, information barriers.
• Insurance and indemnities, compensation mechanisms, how fines and claims are regulated across different jurisdictions.
• Delisting and remediation procedures and the process for communicating with users.

COREDO Custom Cases: What Worked

Case 1: European Exchange and MiCA-ready Listing

The COREDO team implemented a token listing policy for a platform licensed in the EU. We conducted due diligence on six projects, built a criteria scale, integrated MAR procedures and transaction monitoring. The result — a reduction in time from application to launch to 7 weeks, no regulatory claims at the post-listing stage, and a standardized token listing agreement approved by the local regulator.

Case 2: Singapore Issuer with a Focus on AML/CFT

The issuer was preparing a listing for a utility token. Our specialists prepared a legal opinion with Howey test analysis, compiled an AML dossier, implemented travel rule compliance and on-chain analytics to monitor treasury wallets. The solution developed at COREDO enabled successful EDD at three exchanges in Asia and the EU without requests for additional documentation.

Case 3: Dubai Exchange and Delisting Policy

A partner faced market manipulation risks related to one of the assets. We updated the section «token delisting: reasons and procedure», included criteria for market manipulation detection, agreed on an escrow for market-making and strengthened ISO 27001/SOC 2 access control. The exchange preserved user trust and avoided escalation to the regulator.

Custody and information security infrastructure

A good listing policy considers asset custody and information security:

• Custody solutions for crypto: cold storage vs hot wallets, multisig custody, third-party custody providers with SOC 2 and ISO 27001 certifications.
• Escrow arrangements and code escrow for critical updates.
• Key management procedures, access policy, logging and independent audits.
• Bug bounty programs and continuous vulnerability monitoring.

International risk management

Cross-border compliance – a constant backdrop. I recommend:

• Jurisdictional risk assessment: a risk map by country of presence of users and investors.
• Regulatory engagement strategy: a plan for engagement with the FCA, FINMA, MAS, VARA, including pre-submission meetings.
• Reputational risk management: a public statements policy, marketing oversight, rapid incident response.
• Insurance and indemnities: coverage for cyber risks, D&O insurance for directors, specialized liability insurance for listing.

How COREDO structures a project

I value predictability. Therefore I structure the project into four stages:

1. Diagnosis and roadmap
   • Gap analysis of listing and AML policies, document audit, assessment of process maturity.
   • Roadmap with timelines and responsible parties.
2. Design and implementation
   • Token listing policy, criteria, procedures, reporting forms.
   • Updating contracts: listing agreement, SLA, market making agreements, escrow.
   • Integration of AML tools: onboarding and KYC providers, transaction tracing tools, blockchain analytics providers.
3. Testing and training
   • Tabletop exercises on market abuse/insider trading, SARs simulations.
   • Team training: listing committee, AML/KYC, information security.
4. Ongoing support
   • Compliance-as-a-service provider model: monitoring regulatory changes, policy updates, quarterly review of criteria.
   • Preparation for audits (ISO 27001/SOC 2) and interaction with regulators.

Token Listing Policy for a Cryptocurrency Exchange

As a guideline, here is an example of a token listing policy:

• Introduction and objectives (investor protection, transparency, compliance with MiCA/AMLD/MAR).
• Scope and definitions.
• Token listing criteria: legal, technical, financial, AML and market-related.
• Listing procedure: application, due diligence, listing committee, agreement and SLA, listing fees.
• Legal documentation requirements for listing: legal opinion, incorporation documents, BO disclosure.
• AML/CFT: CDD/EDD, travel rule, transaction monitoring, SARs.
• Disclosure: whitepaper, prospectus/KID, risk policy.
• Operational matters: custody, market making, monitoring, incident response.
• Delisting: reasons, procedure, remediation.
• Policy updates and version control.

Listing as a discipline of trust

Token listing: not an event but a process where the quality of policy, clarity of criteria and the maturity of AML/CFT build market trust. I follow a simple principle: every line of policy should help make a balanced decision and protect the investor. COREDO grew at the intersection of law, finance and technology, and this experience allows us to assemble resilient frameworks in the EU, the UK, Singapore and Dubai: from registration and licensing to legal support for token listings and operational compliance.