The SEC delayed tokenizing stocks, and here’s why that’s a relief

Updated Jun 23, 2026, 2:08 p.m. Published Jun 23, 2026, 2:01 p.m. 5 min readU.S. SEC headquarter in Washington (Jesse Hamilton/CoinDesk)After two decades building systems that evolved from reactive to cognitive – first at VMware with mobile device security, now in compliance infrastructure for digital asset markets – I've seen that following the rules isn’t the same as preventing catastrophe. So, when the SEC delayed its plan to allow tokenized U.S. stocks last week, my first reaction was relief, not frustration. Michael Burry, the investor who called the 2008 crisis, immediately warned that the plan could trigger a systemic disaster. He's right, but not for the reasons most people think.The problem isn’t tokenization itself. It’s that we’re about to tokenize the world’s most liquid markets with legacy compliance systems that aren’t built for real-time execution. Currently, there is always a lag of one to two days between when a trade is executed and when it is fully settled. As we move towards real-time execution, we need compliance systems that evaluate trades in real time, especially if they are intended to support the transfer of tokenized U.S. equities. Recent history shows that fraud occurs in the context preceding these transactions.Take the Lazarus Group's exploitation of Tornado Cash and the Ronin Bridge. Sanctioned wallets? None detected. Prohibited tokens? All clear. Protocol compliance? Perfect.Yet $600 million vanished through wallet-hopping across jurisdictions, beyond the reach of previous systems to contextualize.FTX complied with regulations until customer funds were commingled. Mango Markets’ oracle was hacked while protocols remained compliant.The fraud happened in the context, not the code.Through my travels as a CEO in digital asset markets, I've witnessed tokenization transform global financial hubs. Real estate in Dubai, tokenized by a special-purpose vehicle in the Cayman Islands, sold on a Singapore platform, with liquidity from global DeFi pools, and bought by investors worldwide. Every jurisdiction's regulations were followed. Every wallet was clean. Every token was compliant.Yet is the transaction secure for a retail investor in Ohio? They can’t answer. Maybe an institutional compliance team could. But most concerning of all, you can’t even ask current systems. They check boxes; they don’t think.What cognitive compliance requiresThe jump from paper-based markets to AI-assisted compliance took a decade. The jump from AI-assisted to cognitive compliance must happen within 24 months, or tokenized equities will become the largest attack surface in financial history.Here’s what’s needed to protect retail investors and markets:1. Multi-source regulatory intelligence:Not just static sanctions lists, but real-time ingestion of enforcement actions, geopolitical signals and guidance. By the time OFAC adds a sanctioned entity, the money’s already moved. Systems must predict, not react.2. Relationship graph context:Don’t just analyze a wallet. Examine the owner, custodian, exchange relationships, asset holdings, and jurisdiction footprint - the entire entity graph. One data point is compliance theater. Retail investors can’t build these graphs; the system must.3. Behavioral and pattern intelligence:Systems must spot sudden transaction spikes, new jurisdictions, changed thresholds, rapid accumulation, even when nothing is technically illegal. This is how manipulation is caught before retail investors lose their savings.4. Adaptive risk scoring:Static regulations can’t keep up with T+0 settlement and nonstop markets. Risk scores must adjust in real time to global events and threats, not after the fact.I know this is possible because I've lived through it three times.At VMware, endpoint management transformed from simple device tracking to a cognitive security infrastructure. We started with mobile phones, then tablets, and finally IoT devices — sensors, wearables, industrial equipment and medical devices. Each new form factor brought new attack vectors and integration requirements.The systems that survived didn't just add rules for each device type. They became cognitive. They learned to understand the environment, not just compliance. A hospital sensor suddenly communicating with external servers? Rules might allow it, but the context screams breach.The same evolution happened in cloud infrastructure. AWS and Azure stopped treating every workload as generic compute and began understanding what those workloads actually did, including which AI models they run, which integrations they require and the security posture they need. Cloud platforms now predict resource needs and detect anomalous behavior not because someone wrote more rules, but because systems developed contextual intelligence.Identity management followed the same path. Certificate lifecycle management evolved from tracking expiration dates to understanding machine identities: servers, devices, non-human entities and AI agents. The question shifted from "is this certificate valid?" to "does this identity's activity pattern align with its purpose?"The pattern is always the same: systems evolve from rule-checking to context-understanding. From reactive to predictive. From AI-assisted to cognitive.Compliance is the last critical piece of infrastructure needed to make this jump, and we're running out of time.The window is closingIf the U.S. wants to maintain its position as the center of global finance, we need to stop treating tokenization as inevitable and start treating compliance readiness as urgent.We have 12-24 months to build systems that ingest regulatory intelligence from dozens of sources simultaneously, map complete entity-relationship graphs in milliseconds, detect behavioral anomalies across jurisdictions, and dynamically adjust risk models to actual conditions.Without these capabilities, we can't protect retail investors who can't afford forensic compliance teams.Pieces of this exist today within pattern recognition systems, transaction monitoring tools and risk engines. But no one has assembled them into a holistic cognitive compliance structure.The technology exists. The question isn't can we do this. It's will we do this before the next crisis.The alternative? We tokenize U.S. equities with 2019-compliant infrastructure, retail investors become collateral damage, and the FTX downfall looks minuscule by comparison.Regulations will always lag innovation; that's how democracies work. Yet, technology doesn't have to lag.We can build compliance systems smarter than the rules they enforce. Systems that understand context, recognize patterns and think beyond checkboxes. Systems that protect the investors who need it most, not just those who can hire compliance teams.Michael Burry saw 2008 coming because he looked at the system, not just the rules. The rules said subprime mortgage bonds were AAA-rated. The system said they were toxic.Tokenized securities without cognitive compliance could be our next subprime moment.The SEC just bought us time. Let's not waste it.Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.12345678910