EST · MMXXVI
Home/Jurisdictions/Compare/Foundation vs Company: Wrapping a Token Project
DeFi, Tokenization & Smart-Contract Law

Foundation vs Company: Wrapping a Token Project

Foundation vs Company: Wrapping a Token Project. Cross-border digital-asset legal counsel for business – licensing, disputes and structuring. Talk to OBOLUS.

Token projects launching in the current regulatory environment face a structural choice before they write a single line of code: which legal entity – or combination of entities – should sit around the protocol, hold intellectual property, issue tokens and interface with regulators? The wrong answer does not merely create administrative inconvenience. It can convert a product launch into an unregistered securities offering, expose founders to personal liability, or strand treasury assets in a jurisdiction that cannot bank them. This comparison maps the two dominant wrappers – the foundation (a non-share-capital, purpose-led entity) and the company (a share-capital, equity-bearing structure) – across five decision axes and offers a clear, profile-driven framework for making the choice.

With regulatory regimes from MiCA in the EU to VARA in Dubai tightening the perimeter around token issuance, custody and exchange, the entity-selection question has never carried higher legal consequence. This page walks through the structural logic, the cross-border complications and the situations in which each instrument – or a hybrid of both – best serves the project's goals.

Why Entity Choice Matters for Token Projects

The legal wrapper determines who owns the protocol, who receives regulatory scrutiny, and who bears liability when something goes wrong. A foundation sits outside the equity capital structure: it holds assets for a stated purpose and, in most jurisdictions, cannot distribute profits to founders. A company issues shares, generates equity value for investors, and creates a conventional profit-extraction path. For a token project, that distinction drives the entire commercial and regulatory analysis.

A utility token issued by a foundation can credibly claim it represents access to a protocol rather than a stake in a profit-seeking enterprise. The same token issued by a profit-oriented company invites regulators to ask whether it looks more like a security token – an instrument representing rights in an underlying equity or revenue stream. Under the applicable MiCA regime, the ESMA-supervised token taxonomy turns on the substance of rights conferred, not the label on the whitepaper. VARA in Dubai applies a functionally similar analysis. The entity structure either supports or undermines that classification argument.

The cross-border dimension compounds the choice. A foundation domiciled in the Cayman Islands may have its token distributed by a company in Singapore, with smart-contract deployment attributable to developers in Switzerland, and users concentrated in the EU. Each jurisdiction's regulator will apply its own test to determine which entity – and which individuals – fall within its perimeter. A structure that looks clean in one hub can create unintended regulatory nexus in another.

The Foundation Wrapper: What It Is and When It Works

A foundation is a legal entity without shareholders: it is constituted by a charter or articles of association that define its purpose, and any surplus must be applied to that purpose rather than distributed. Popular domiciles include the Cayman Islands (the Cayman Foundation Company), Switzerland (the Stiftung), Singapore (CLG and foundation variants), Panama, and the British Virgin Islands. The absence of an equity capital structure is its most important legal characteristic.

For a token project, the foundation wrapper works best in three situations. First, where the token is genuinely intended as a governance or access instrument rather than a return-seeking investment. Second, where the founding team wishes to signal that they are building a community-owned protocol rather than a venture-backed product extracting profit. Third, where grant-based funding – rather than equity investment – is the primary early-stage capital mechanism.

The Cayman Foundation Company, in particular, has become a leading instrument for DAO (decentralized autonomous organization) wrapping. It can hold IP, enter contracts and receive assets, while its governance documents can be written to mirror on-chain voting outcomes. In our cross-border practice, we have seen foundations used to separate the stewardship layer of a protocol from the operational layer, with a subsidiary company handling the commercial activities that regulators are more likely to treat as licensable services.

One limitation is critical: a foundation cannot straightforwardly provide equity upside to early investors. If venture capital participation is part of the capital stack, the foundation-only model creates a structural problem. Sophisticated investors expect shareholder rights, liquidation preferences and board representation – none of which a foundation can deliver in the conventional sense.

The Company Wrapper: What It Is and When It Works

A company is the conventional profit-seeking corporate entity: it issues shares, has shareholders, distributes dividends and generates equity value. For a token project, a company wrapper is the natural fit where the commercial objectives are closely aligned with the operation of the protocol – where revenue flows to the entity and ultimately to shareholders.

Companies are the preferred wrapper for licensed activities. A VASP (virtual asset service provider) licence under VARA, a Digital Payment Token licence under the MAS Payment Services Act in Singapore, or an FCA cryptoasset registration in the UK – all are issued to legal persons carrying on business for profit. A foundation seeking to operate an exchange or custodian function in most flagship jurisdictions will be directed to incorporate an operating company. The regulatory logic is straightforward: licence conditions assume a profit motive, capital adequacy requirements assume shareholders, and fit-and-proper assessments assume a board accountable to equity holders.

Companies also interface better with traditional finance. Banks, payment processors and prime brokers conduct counterparty due diligence against corporate entities with audited accounts, identifiable ultimate beneficial owners and a clear regulatory home. A foundation-only structure often triggers enhanced due diligence or outright refusal at the banking stage – a practical obstacle that founders underestimate until the treasury cannot be banked.

The liability exposure that a company creates is the principal drawback. Shareholders and directors carry legal duties. A company that issues a token subsequently classified as an unregistered security faces enforcement action as an entity, and personal liability risk for its directors. The foundation model insulates the protocol stewardship layer from those risks – but only if the separation between foundation and operating company is genuine and not a formality.

Five Decision Axes for Choosing Your Wrapper

The choice between a foundation and a company – or a hybrid of both – turns on five structural questions. Each axis points to a different instrument. The operator profile that matches most of these axes to one answer has a relatively clear path; the profile that splits across axes is the case for a layered structure.

Axis 1: Token Classification Risk. If the token's rights – revenue sharing, governance over treasury, redemption rights – resemble the rights of an equity holder, the classification risk is high. A foundation wrapper reduces (though does not eliminate) the argument that the issuer is profit-seeking. A company wrapper, by contrast, strengthens a regulator's argument that the token is a security or a financial instrument under the applicable MiCA classification or a comparable national regime. Operators with high classification risk should lean toward foundation issuance, with any commercial activities housed in a subsidiary company.

Axis 2: Capital Structure and Investor Expectations. Institutional investors expect equity. If a Series A or a SAFT (Simple Agreement for Future Tokens) backed by accredited investors is in the plan, the operating entity must be a company capable of issuing shares or SAFT interests. A foundation-only structure is incompatible with this capital path. The practical solution – and the one we most frequently advise in early-stage structuring – is a foundation (issuer of tokens, holder of IP, steward of the protocol) paired with a company (the operational vehicle that takes investment, employs staff and holds any licences).

Axis 3: Regulatory Perimeter. If the project intends to operate a licensable service – exchange, custody, lending, staking-as-a-service, OTC dealing – the licensed entity must be a company in almost every major hub. Under the VARA regime in Dubai, under the ADGM framework in Abu Dhabi, under MAS in Singapore and under the AIFC/AFSA in Kazakhstan, licences are issued to companies carrying on regulated business. The foundation handles stewardship; the company carries the licence.

Axis 4: Banking and Treasury Access. A company with a clean corporate structure, audited accounts and an identifiable beneficial ownership chain will open bank accounts more readily than a foundation, whose purpose-driven nature and diffuse governance create compliance questions for banking counterparties. If the project holds significant treasury in fiat-equivalent stablecoins or needs to on- and off-ramp frequently, the company's banking track is the more practical choice for the operational layer.

Axis 5: Liability and Founder Protection. The foundation separates the founders from personal commercial liability more cleanly than a company, provided the foundation's activities genuinely match its stated purpose. A company's directors and – in some jurisdictions – controlling shareholders can face personal liability for regulatory breaches, token misrepresentation or smart-contract failures attributable to the company's operation. Where founders are building a community-governed protocol and stepping back from operational control, the foundation model offers structural distance from that liability. Where they are running a commercial business, the liability exposure in a company is offset by the regulatory and commercial advantages.

The Hybrid Model: Foundation Plus Company

The most frequently adopted structure for serious token projects is the hybrid: a foundation as the token-issuing, IP-holding and governance layer, with one or more companies as the operational, licensed and banking layer beneath or alongside it. This structure is not a legal fiction – it requires genuine separation of function, independent governance and arm's-length dealings between the two entities.

A Cayman Foundation Company holds the protocol IP and the token generation event. A Singapore or UAE company (or both, depending on user geography) holds the exchange or custody licence, employs the team and receives revenue from protocol fees. The foundation receives grants from the company – or from ecosystem participants – to fund protocol development. Investors take equity in the operating company; token holders participate in protocol governance through the foundation's charter.

In a recent structuring matter, a DeFi protocol team we advised had initially incorporated only a foundation in a common-law offshore jurisdiction. When they sought a banking relationship and began onboarding institutional market-maker counterparties, every counterparty required a company entity for KYC purposes. We restructured the arrangement to introduce an operating company in a MAS-supervised jurisdiction, with the foundation retaining the IP and token governance role. The restructure preserved the token's classification argument while unlocking the banking and counterparty relationships the business needed to scale.

The hybrid model also provides resilience against regulatory perimeter expansion. If a regulator reclassifies the token, enforcement action targets the company – the entity conducting regulated business – rather than the foundation, which holds the IP and protocol stewardship function. That separation has practical limits: if the foundation and company are controlled by the same individuals and the separation is nominal, regulators and courts in most jurisdictions will look through it. Substance over form is the consistent principle across MiCA, VARA, MAS and the applicable VASP provisions in the BVI and Cayman Islands.

For a scoped assessment of your entity structure before you commit to a domicile, contact OBOLUS at info@oboluslaw.com. The structure you choose now determines the licensing path, the investor documentation, the banking options and the regulatory exposure for the life of the project.

What Does Smart-Contract Law Say About the Entity?

Smart-contract liability has not yet crystallized into a unified body of law, but the direction of regulatory and judicial thinking is clear: where a protocol causes loss, regulators and litigants will seek the nearest identifiable legal person. A well-constructed entity wrapper provides that legal person and channels liability to a defined entity; a naked protocol with no wrapper leaves founders personally exposed.

Under the applicable legal frameworks in England and Wales, Singapore and the DIFC Courts, a smart contract (self-executing code on a blockchain whose terms are recorded in that code) can constitute a binding contract. The question for liability purposes is not whether the code is a contract – it increasingly is – but which legal person stands behind it. A foundation or company that deployed and maintains the smart contract, or that profits from its operation, is the natural target for claims arising from its failure or exploitation.

The DIFC Courts have developed a body of practice around on-chain instruments and digital-asset disputes. England and Wales – where CFAAR (the Crypto Fraud and Asset Recovery network, launched in London in September 2021) coordinates cross-border recovery – remains the most active forum for smart-contract-related litigation against identifiable entities. For a DeFi project with users in multiple jurisdictions, the question is not whether the entity will face a claim – it is which jurisdiction's court will hear it, and whether the entity structure was designed to respond to it.

The token classification question and the smart-contract liability question are connected. A token that regulators treat as a security issued by the company creates direct liability exposure for that company's directors. A token issued by a foundation – where the foundation's governing documents genuinely vest governance in token holders and the founders have stepped back – presents a more defensible liability profile, though not an impenetrable one.

DAO Wrappers and Decentralization Arguments

A DAO that operates entirely on-chain, with no legal entity, is not shielded from regulatory action – it simply has no legal capacity to respond to it. Regulators in the United States (SEC and CFTC), the EU under MiCA, and Singapore under MAS have each signaled that the absence of a legal wrapper does not exempt a protocol from regulation: it shifts the liability question to the developers and token holders who control or profit from the protocol.

The legal wrapper for a DAO is therefore not optional. It is a question of which wrapper best maps onto the DAO's governance reality. A Cayman Foundation Company whose directors are required to implement on-chain governance votes – subject to a legal carve-out for unlawful instructions – is a legally coherent structure that has been used in multiple token launches. An unincorporated association of token holders, by contrast, may constitute a general partnership in some jurisdictions, with joint and several liability for all members.

In our practice, we assess DAO structures against three questions: who controls the upgrade keys, who controls the treasury, and who profits from protocol fees. The entity or individuals who satisfy the most of those three criteria are the ones a regulator will treat as the responsible party. A well-designed wrapper accepts that responsibility formally, documents it in governance materials, and provides a legal anchor for the DAO's contractual relationships with service providers, auditors and exchanges.

Cross-Border Complications: Jurisdiction Choice and Tax

Jurisdiction selection for the foundation or company is not primarily a tax question – though tax is not irrelevant. It is primarily a regulatory access question: which jurisdiction's entity type, regulatory status and treaty network best supports the project's intended activities and user geography?

A Cayman Foundation Company is broadly recognized in common-law jurisdictions but may not satisfy the substance requirements expected by EU regulators under MiCA for a CASP authorisation. A Swiss Stiftung enjoys strong credibility with FINMA and EU counterparties but involves meaningful incorporation costs and regulatory engagement. A BVI company is simple and inexpensive but, standing alone, is unlikely to satisfy a MAS or SFC licensing application. The mismatch between the offshore holding structure and the onshore operational reality is the single most common structural flaw we encounter in cross-border token project reviews.

Tax treatment of the foundation or company depends on the jurisdiction in which it is tax-resident and the nature of its activities. A foundation that receives grants and holds IP may be tax-exempt in some jurisdictions; a company that earns protocol fees is taxable. Token issuance events may give rise to corporate income tax, VAT or analogous indirect tax obligations depending on the applicable regime – none of which can be assumed to be zero without jurisdiction-specific analysis. We advise clients to treat the tax analysis as a parallel track to the entity-selection process, not an afterthought.

Banking is the practical chokepoint. A foundation in the Cayman Islands, a company in Singapore and a smart-contract deployment from Switzerland represent three separate banking relationships – each requiring its own compliance onboarding. Allied counsel in the relevant jurisdiction can assist with the local compliance narrative, but the entity structure must be coherent across all three before any of the banking relationships can be established. Where the structure is inconsistent – for example, where the foundation holds treasury but cannot be banked because it lacks a commercial purpose recognizable to the bank's compliance team – the project stalls at the operational level regardless of its legal elegance.

If your structure is already in place but banking relationships have stalled or a prior application encountered difficulty, write to OBOLUS at info@oboluslaw.com for a second read. A structural adjustment at this stage is substantially less costly than a regulatory re-registration or a litigated classification dispute.

A Common Assumption That Costs Founders

A common assumption among token project founders is that attaching the word "utility" to a token in the whitepaper resolves the regulatory classification question. It does not. Regulators across every major hub – ESMA under MiCA, the SFC in Hong Kong, the SEC in the United States and VARA in Dubai – assess token classification against the substance of the rights the token confers, not the label the issuer applies. A token that grants its holder a share of protocol revenue, voting rights over a treasury, or redemption rights against an issuer – regardless of what the whitepaper calls it – will be analyzed against the applicable security, e-money or asset-referenced token test in the relevant regime.

The entity wrapper either supports or undermines that substance analysis. A foundation issuing a governance token with no revenue claim and no redemption right has a defensible classification argument. A company issuing the same token while simultaneously paying dividends to shareholders from protocol revenue has a much harder case. We assess classification against the substance of rights – the economic reality of what the token holder can do with the instrument – and advise on the entity structure that best aligns the legal form with the intended substance.

The converse assumption – that a foundation is automatically beyond regulatory reach – is equally dangerous. Foundations that control significant protocol upgrades, receive meaningful fee income and are directed by identifiable individuals will be treated as regulated entities by any regulator with a functional perimeter. The structure must match the substance. That match is the work; the entity type is only the starting point.

Related at OBOLUS

FAQ

Can a DeFi protocol be regulated?

Yes. The absence of a central operator does not automatically exempt a DeFi protocol from regulatory oversight. ESMA under MiCA, the SFC in Hong Kong, MAS in Singapore and the SEC in the United States have each indicated that functional control – over upgrade keys, treasury or fee flows – creates a regulatory nexus. The entity or individuals exercising that control are the likely target of supervision or enforcement, regardless of the protocol's on-chain architecture.

What legal wrapper suits a DAO?

The most widely used structure is a foundation company – particularly the Cayman Foundation Company – whose governance documents are written to implement on-chain voting outcomes within defined legal limits. An unincorporated DAO may constitute a general partnership under the laws of certain jurisdictions, exposing all token holders to joint liability. The right wrapper depends on the DAO's governance design, its user geography and whether it operates any licensable services.

Who is liable when a smart contract fails?

Liability follows control and benefit. Courts and regulators in leading common-law forums – including England and Wales, Singapore and the DIFC Courts – will look to the legal person that deployed, maintains or profits from the smart contract. A properly structured entity wrapper channels that liability to a defined legal person. Where no wrapper exists, founders and controlling developers carry personal exposure. The applicable legal test varies by jurisdiction but consistently focuses on the substance of who operates and benefits from the protocol.

OBOLUS is an independent digital-asset law boutique acting only for businesses. We advise exchanges, custodians, token issuers and funds on licensing across 70+ jurisdictions, on disputes and on-chain asset recovery across 25+ forums, and on the tax, banking and compliance that sit around them. Digital assets are the whole of our practice. We assess token classification against the substance of rights – not the marketing label – and our disputes team coordinates freezing relief and on-chain tracing across leading common-law forums. To discuss your situation, contact info@oboluslaw.com.

By Roman Levitt, Technology and DeFi Counsel – specializing in entity structuring, smart-contract liability analysis and cross-border regulatory positioning for token and DeFi projects.

This publication is general information about the law and does not constitute legal advice. It is not a substitute for advice tailored to your circumstances. OBOLUS accepts no liability for action taken or not taken on the basis of this material. For advice on your situation, contact info@oboluslaw.com.

Tell us the task — we'll map your options in 30 minutes.

Fixed-fee packages with defined scope and SLAs. The first call is free and under NDA. Business clients only.

Map your optionsinfo@oboluslaw.com · t.me/oboluslaw · reply < 2 hours