Project Guardian: How MAS and BIS Built the World's Most Important Tokenization Experiment

Most regulatory sandboxes generate press releases. Project Guardian has generated policy. Launched in 2022 as a collaboration between the Monetary Authority of Singapore and the BIS Innovation Hub’s Singapore centre, Guardian brought together some of the world’s largest financial institutions to test tokenized asset markets under real regulatory oversight, with real assets, and with real operational stakes. The results have fed directly into Singapore’s regulatory framework updates, influenced BIS guidance, and established benchmarks against which other jurisdictions’ tokenization frameworks are measured.

The distinction between Guardian and a conventional sandbox matters. A sandbox typically allows experimentation with regulatory exceptions — companies operate under modified rules in a protected environment. Guardian operates differently: participants work within Singapore’s existing regulatory framework, identifying where that framework accommodates tokenized assets and where it does not. The gaps are the policy findings.

Structure and Governance

Project Guardian’s governance reflects the ambition of the experiment. The Monetary Authority of Singapore provides regulatory oversight and the legal authority that allows institutional participants to operate. The BIS Innovation Hub provides technical research capacity, international connectivity, and the ability to translate Guardian findings into guidance relevant beyond Singapore. The financial institution participants — who include DBS (Singapore’s largest bank), HSBC, JPMorgan, Standard Chartered, Citi, and others — bring operational capacity, compliance infrastructure, and the institutional credibility that makes Guardian results meaningful to other major financial institutions globally.

The experiment has been structured in phases, each addressing a distinct asset class or function. Phase one focused on foreign exchange and government securities. Phase two extended to fund units and cross-border settlements. Subsequent phases have engaged with additional asset classes and, crucially, with cross-institution and cross-jurisdiction connectivity — the harder problem of making tokenized assets interoperable across different technical platforms and regulatory environments.

What Was Tested

The first major Guardian experiments focused on two asset classes where the case for tokenization is clearest: foreign exchange and government bonds.

In the foreign exchange pilots, participating banks tested payment-versus-payment settlement using tokenized currencies on a shared distributed ledger. Conventional FX settlement carries settlement risk — the risk that one party delivers currency while the other does not, which is known as Herstatt risk and which the global financial system manages through the CLS (Continuous Linked Settlement) mechanism. Atomic settlement using tokenized currencies eliminates this risk structurally: both sides of the transaction settle simultaneously or neither settles at all. Guardian’s FX pilots demonstrated this mechanism works at institutional scale with instruments that represent actual currency obligations.

The government bond pilots tested tokenized issuance and secondary market trading. Several participating central banks issued tokenized bonds — programmable digital securities that carry the same economic rights as conventional bonds but exist on a distributed ledger. Secondary market trading of these instruments, including cross-institution transfers and repo transactions (where bonds are sold and repurchased, effectively a short-term loan secured by the bond), was tested with real transactions. The findings confirmed that the technical mechanisms work. The policy findings addressed where conventional legal frameworks create friction.

Fund unit tokenization, tested in later phases, addressed a different set of challenges. Investment fund units are not standardised securities — their value derives from a portfolio of underlying assets, and subscriptions and redemptions are priced daily at net asset value. Tokenizing fund units requires integrating the token lifecycle with the fund’s valuation and administration processes, which in conventional infrastructure involves multiple intermediaries and T+2 or longer settlement cycles. Guardian’s fund unit experiments explored whether tokenization could achieve T+0 or even intraday settlement and whether smart contracts could automate subscription and redemption processes.

Key Findings: Where the Rules Don’t Fit

Guardian’s most policy-significant findings are the legal and regulatory gaps that institutional tokenized asset markets expose. These are not hypothetical — they are gaps discovered in actual operational contexts by institutions that know their regulatory obligations precisely.

Legal ownership of tokenized securities emerged as the most fundamental issue. In most major jurisdictions, securities ownership is recorded in centralised depositories — Euroclear and Clearstream in Europe, the DTC in the United States, CDP in Singapore. These registries have legal primacy: ownership is defined by what the registry records, not by what a distributed ledger records. For a tokenized security to have the same legal protection as a conventionally held security, either the token must be recognised as equivalent to a registry entry (which current law in most jurisdictions does not do), or the token must be accompanied by a corresponding entry in the conventional registry (which adds cost and complexity that limits the efficiency gains from tokenization).

Cross-border settlement presented a related challenge. When a tokenized bond issued under Singapore law is sold to an institution in the United Kingdom, which law governs the transaction? The conflict-of-laws questions for tokenized securities are unresolved in international private law, and Guardian’s cross-border experiments surfaced specific scenarios where the legal framework is ambiguous in ways that create genuine operational risk.

DeFi protocols — automated market-making and liquidity pool mechanisms — were tested as potential components of institutional tokenized markets. The finding that DeFi protocols can function in institutional contexts, with appropriate access controls and compliance layers added, was significant. It suggests that the liquidity mechanisms developed in retail DeFi markets are not inherently incompatible with regulatory requirements, but rather require adaptation: identity verification at access points, transaction monitoring, and integration with compliance systems that conventional DeFi protocols were not designed to accommodate.

Policy Implications: What Has Changed

Guardian’s findings have directly informed Singapore’s Payment Services Act framework updates, which address digital payment tokens and tokenized securities with greater specificity than the original legislation. MAS has explicitly cited Guardian findings in its consultation papers on tokenized asset regulatory treatment.

At the BIS level, Guardian findings have fed into guidance documents on tokenization that the BIS has published for the broader central bank and regulatory community. The BIS’s position — that tokenization of traditional financial assets is legitimate financial infrastructure innovation that warrants regulatory accommodation, distinct from speculative crypto — draws empirical support from Guardian’s demonstration that institutional tokenized markets function as intended.

For regulators elsewhere, Guardian provides an evidence base that justifies regulatory engagement with institutional tokenization without requiring every jurisdiction to run its own experiments. The UK’s FCA Regulatory Sandbox, the EU’s DLT Pilot Regime, and Singapore’s own expanded Guardian phases are all building on shared empirical foundations. This is how international regulatory coordination works in practice — not through formal treaty but through shared evidence that makes convergent regulatory frameworks the path of least resistance.