← All Essays

JPMorgan and MIT Built a Payment Token Blueprint. They Forgot the Foundation.

May 2025 · 25 min read

The most serious institutional thinking on blockchain-based payments identifies every problem correctly, then builds on infrastructure that guarantees those problems can never be solved.

In May 2025, something unusual happened. JPMorgan’s blockchain division and MIT’s Digital Currency Initiative jointly published a 39-page research paper on payment tokens.1 Not a marketing document. Not a press release. A genuine technical analysis of what regulated financial institutions need from blockchain-based payment systems. The paper, “*Designing Payment Tokens for Safety, Integrity, Interoperability and Usability”*is the most serious institutional thinking on this subject to date. It catalogues requirements, maps existing standards, identifies gaps, and proposes solutions. The authors clearly understand the problem space. They’ve done the work. It deserves serious engagement. So let me engage seriously and give you some insight to do so too. Buried in this thoughtful analysis is a fundamental contradiction. The authors correctly identify what’s broken. They propose intelligent solutions. But then they propose build everything on a foundation that guarantees those solutions can never fully work. This isn’t a critique for the sake of critique. The problems they’ve identified are real. The architecture they need exists - I know, because the QPQ team I lead built it. The question is whether institutions will recognise the foundation problem before they’ve built too much on sand.

Why This Paper Matters

First, let’s understand what we’re looking at. Kinexys is JPMorgan’s blockchain division - formerly Onyx, rebranded in 2024. They run Kinexys Digital Payments, a blockchain-based deposit product processing over $2 billion in daily transaction value.2 This isn’t theoretical. JPMorgan moves real money on their private blockchain rails every day. MIT’s Digital Currency Initiative sits within the MIT Media Lab. They’ve been studying digital currency systems since 2015. Not promoting coins, but analysing what works and what doesn’t. When these two collaborate on a technical paper, it’s worth reading carefully. These are serious people trying to solve real problems. The paper addresses a specific question: if financial institutions are going to issue payment tokens on blockchain infrastructure, what standards and functionality do those tokens need? The authors map fifteen different existing token standards (ERC-20, ERC-721, ERC-1400, ERC-3643, ERC-4337, and others) against a matrix of required functionality.3They identify gaps. They propose solutions. Their framing is institutional: safety, integrity, interoperability, usability. These aren’t crypto buzzwords. They’re the concerns of regulated financial institutions that answer to compliance departments, regulators, and clients who don’t care about decentralisation ideology. They care about whether the system works and whether they can trust it.

The Problem They Name But Cannot Solve

Deep in the report, the authors make a striking admission about the current state of blockchain standards: “…there is general apprehension about the proliferation of standards, where specifications developed by individual parties are framed as standards even when adoption is limited. The benefits of standards are realized through convergence and alignment, and there is a need to move beyond ‘your’ standards versus ‘my’ standards, towards the convergence of ‘our’ standards.”4 This is exactly right. It’s worth pausing on why. The blockchain ecosystem is drowning in competing standards that serve their creators’ interests. Every major protocol has proposed its own token standards. Ethereum alone has spawned dozens. Each standard was designed by parties with stakes in its adoption. Each creates lock-in to particular ecosystems. None provides neutral ground where competing institutions can converge. The authors recognise that “reaching consensus on a single set of standards may be challenging for ecosystem participants.”5 Their proposed solution is “composable standards” - modular, narrow specifications that institutions can mix and match rather than adopting monolithic frameworks: “This reference implementation should not be viewed as a standard, but rather as a blueprint of the different token standards that can be implemented together to create a bank-issued payment token that fulfills banks’ needs. While our reference implementation is currently one-dimensional, as it covers one view of the requirements, we hope that as more implementations take shape, the blueprint will encompass multiple design options for each requirement, enabling truly composable standards. We envision a future where users can select between different standards based on their requirements, and where their selection of different standards can be easily implemented in a coherent and harmonized manner*.”* 6 The emphasis here is mine. One of the problems I have long identified with the proliferation of so-called ‘Layer 1 blockchains’ is that they are specific infrastructure solutions looking to shape every need to fit their optimisation of the ‘blockchain trilemma’ (decentralisation versus security versus scale), usually favouring scale while treating decentralisation as a marketing afterthought. What users like JPMorgan actually need is to identify their specific requirements and the flexibility within those requirements to favour decentralisation - the degree to which we can trust the message and not the messenger - over raw throughput. They are a regulated institution with auditors, compliance officers, and fiduciary duties, all designed to allow us to trust them. The blockchain question for JPMorgan isn’t internal trust. It’s whether they can settle with other institutions without trusting infrastructure they don’t control. This is sensible, and it points toward the real question. But composable standards still require a foundation to compose upon. Standards for payment tokens require infrastructure to run those tokens. And here’s where the analysis breaks down.

What Institutions Actually Need

The paper frames requirements around safety, integrity, interoperability, and usability. But there’s a prior question the authors don’t ask: where in their requirements is there flexibility to favour decentralisation over scale? JPMorgan is a regulated institution. They have auditors, compliance officers, regulators, capital requirements, and fiduciary duties. Their Audit Committee oversees “management’s responsibilities to ensure that there is an effective system of controls.”7 They’ve paid over $500 million in fines for internal control failures in recent years.8 They operate under the Bank Secrecy Act, the USA Patriot Act, and thousands of pages of regulatory requirements. We already trust them, or more precisely, we (rightly or wrongly, but the fact is, on the whole, we do) trust the system of checks that constrains them. The same is true for every major bank. The problem isn’t trust within institutions. The problem is trust between them. Every bank wants its own systems. Every bank has its own compliance requirements, its own jurisdiction, its own regulators. When JPMorgan’s Kinexys needs to settle with DBS or Standard Chartered or a European challenger bank, neither party wants to trust the other’s infrastructure. The Bank for International Settlements has documented this problem extensively. As their research notes: “banks must build their own bilateral trust links, often at significant expense” and “the level of trust among banks is volatile and subject to shocks.”9 During the 2008-09 financial crisis, interbank money markets nearly froze. Banks that had trusted each other for decades suddenly wouldn’t extend credit overnight. Today, this distrust means bilateral integration. This is expensive, slow, and scales quadratically with each new counterparty. If ten banks want to settle with each other, that’s 45 bilateral integrations. At fifty banks, it’s 1,225 connections. This is precisely what blockchain was designed to solve: trust the message, not the messenger, securely at scale. A governance-free resource layer, or to use the language of the Gajumaru, verified proof-of-stake Associate Chains with sub-chains for each bank or jurisdiction, allows institutions to operate within a wider whole without trusting one another’s systems. Each bank controls its own infrastructure. Settlement happens on neutral ground. There’s a second benefit the paper doesn’t consider: internal compliance costs fall when the ledger is immutable. Accenture’s analysis of investment bank operations found that blockchain could reduce infrastructure costs by 30%, translating to $8-12 billion in annual savings for the world’s ten largest investment banks.10 The breakdown is striking: Reconciliation, audit trails, dispute resolution—all become simpler when the record cannot be altered.11 The compliance burden that regulated institutions carry can be reduced by reference to infrastructure that doesn’t require trusting internal controls alone. The question, then, is not whether blockchain can meet institutional requirements. It’s whether the blockchain they choose actually delivers what blockchain was supposed to provide, or whether it’s just an expensive database with decentralisation marketing.

Building on Sand

The entire prototype described in the paper is built on “EVM-based blockchains”—meaning Ethereum or its derivatives.12 The authors acknowledge governance concerns but defer them: “Concerns stem mainly from the governance of open blockchains, particularly public blockchains where there is no central operator. In such scenarios, operating part of the infrastructure, such as hosting nodes and mining blocks, might be required to mitigate the risks.”13 Required by whom? Mitigated how? The report offers no answers because there are no good answers on Ethereum. Let me be specific about what’s wrong with this foundation.

The Consensus Problem

Four entities - Lido, Coinbase, Kraken, and Binance - control approximately 60% of Ethereum’s staked value.14 These are the parties who validate transactions, propose blocks, and could coordinate to censor or reorder transactions if they chose to. Anonymous proof-of-stake enables this concentration without accountability. You cannot identify individual validators. You cannot hold them responsible for coordination. You cannot sue them if they collude against your interests. The Ethereum Foundation makes governance decisions that affect all participants, but the Foundation has no fiduciary duty to JPMorgan’s clients. When JPMorgan builds payment infrastructure on this foundation, they inherit all of it. Their carefully designed administrative controls, their composable standards, their regulatory compliance. All of it sits atop infrastructure controlled by parties with no accountability to JPMorgan’s regulators or clients. The report identifies privileged administrative functions as a concern: “the existence of such functions may raise concerns about potential misuse.”15 They propose transparency and observability as solutions. But transparency at the application layer cannot compensate for opacity at the consensus layer. You can observe everything about your own smart contracts while remaining blind to what anonymous validators are coordinating beneath you.

The Scaling Problem

As stated above, the paper proposes building on “EVM-based blockchains.” Ethereum mainnet sustains approximately 15-30 TPS in practice. Kinexys Digital Payments already processes over $2 billion daily on private infrastructure. If the authors intend to bring payment token standards to public Ethereum at anything approaching institutional volumes, they will inevitably turn to ‘Layer 2’ so called ‘solutions’ - marketing speak for re-centralisations of operations without the grace of oversight (regulatory arbitrage). There they will face a mathematical impossibility that the Ethereum fanboys are desperately hoping that nobody is thinking about - sorry chaps, we did and we have and in a few weeks we’ll publish the whole story. What follows isn’t our or my opinion, it’s mathematical impossibility. Every transaction requires minimum irreducible data: a sender address (20 bytes), a receiver address (20 bytes), and a cryptographic signature (65 bytes). These components cannot be compressed away because they ARE the transaction, the identity of parties and proof of authorisation. That’s 105 bytes minimum per transaction. Now let’s do the maths for a modest Layer 2 claim of 10,000 transactions per second and put to one side that there are many, many of these competing for a limited capacity with similar claims, equally dislocated from reality:

105 bytes × 10,000 TPS × 12 seconds (Ethereum block time) = 12,600,000 bytes per block

That’s 12.6 megabytes of transaction data that must be posted to Ethereum every block. What’s Ethereum’s actual capacity? The overflow is absurd. 12.6 megabytes cannot fit in 100,000 bytes. It cannot fit in 1.125 megabytes. It cannot even fit in the theoretical maximum of 6.8 megabytes! And that’s just ONE ‘Layer 2’ at 10,000 TPS. Multiple ‘Layer 2’s’ at their claimed throughput would require more than 100% of available space. The arithmetic doesn’t work. ‘Layer 2’s’ don’t solve Ethereum’s scaling problem. They prove it cannot be scaled. The entire ‘Layer 2’ ecosystem is an implicit admission that Ethereum failed at its core purpose, and the proposed solutions are mathematically impossible at their claimed performance levels.

The Security Problem

The report proposes transparency and observability for administrative functions. But the EVM ecosystem has a more fundamental security problem that transparency cannot solve. MetaMask, the dominant wallet for interacting with Ethereum, relies on 212,620 NPM packages from anonymous contributors.16 That’s not a typo. Two hundred twelve thousand packages, each maintained by strangers who can push updates at any time. Do you really believe that every one of them is audited, even once a year? In September 2025, 18 NPM packages were hijacked in a single attack, affecting 2 billion weekly downloads, installing crypto-stealing malware.17 This wasn’t sophisticated. This wasn’t unusual. This is the normal state of NPM security: packages get compromised, malware gets distributed, users lose funds. The Ethereum ecosystem’s response to this has been LavaMoat, a JavaScript sandbox running inside an already-dangerous JavaScript environment. Security theatre designed to satisfy auditors who don’t understand the underlying problem. Real financial infrastructure - SWIFT, Fedwire, core banking systems - does not run on 212,620 unaudited packages from anonymous contributors. Banks do not build critical systems using dependencies that can be silently updated by strangers at build time. The fact that the entire Ethereum wallet ecosystem does exactly this reveals something important about what that ecosystem was designed for. It wasn’t designed for institutional finance. In fact, it has never and will never evolve beyond facilitating the crypto casino.

The Finality Question

The authors raise finality as a concern: “The decentralized nature of public blockchains and the consensus mechanisms used to achieve decentralization allow for blocks to be proposed by different parties, sometimes leading to situations where some blocks are discarded… Consequently, finality in this context is probabilistic rather than deterministic.”18 This deserves careful attention, because the framing is imprecise in a way that matters for institutional settlement. All finality is probabilistic. When you drive across a bridge, you don’t think about failure probability. Engineers did, and they built to tolerances that make your confidence indistinguishable from certainty. But the bridge holding is probabilistic. We’ve simply agreed that some probabilities are high enough to treat as fact. The same is true in finance. T+2 equity settlement can be reversed. Trades get busted, errors corrected, fraud discovered. Wire transfers get clawed back. Physical cash can be counterfeit. Nothing is truly ‘final’ in the sense of being impossible to reverse under any circumstance. If I’m 99.9999% certain, that’s not marginally better than 99% certain. It’s four orders of magnitude better. The difference sounds small until you transfer a billion dollars. At 99% certainty, your risk losing $10 million. At 99.9999%, you risk losing $1,000. That’s not a rounding error. That’s the difference between acceptable settlement risk and catastrophic exposure. The question isn’t whether finality is probabilistic. The question is how probabilistic, what the probability depends on and where a person or persons can reverse it. Here, Ethereum has a serious problem that the paper doesn’t address. Ethereum’s finality depends on trusting validators not to collude. With 60% of stake controlled by four entities, that’s fundamentally a governance question: will these parties coordinate to reorg the chain? Will they comply with a social consensus to roll back transactions? This is not theoretical. In 2016, the Ethereum community did exactly this. The DAO hack resulted in a hard fork (EIP-779) that reversed approximately $60 million in transactions that had achieved ‘finality’ under the protocol’s consensus rules.19 The transactions were final according to the protocol. Then the community decided they weren’t. Social consensus overrode technical finality. The Ethereum community generally views this as a success, they reversed a theft. But from an institutional settlement perspective, it demonstrates something important: Ethereum finality can be reversed by coordinated social decision. The probability that your transaction remains final depends on whether sufficiently motivated parties decide to reverse it. Proof-of-work finality depends on different things. Each block requires computational work that cannot be faked. The probability of reversal decreases exponentially with each confirmation, not because validators choose to behave, but because reversing would require out-computing the network’s cumulative work from that point forward. This is a probability about mathematics, not governance. After sufficient confirmations, reversal becomes computationally infeasible regardless of any party’s intentions. No social consensus can change the fact that the work was done. For institutional settlement, this distinction matters enormously. Do you want your settlement to depend on trusting anonymous parties to behave? Or on mathematics that parties cannot circumvent regardless of their intentions?

What’s Happening in the Market

The MIT DCI/Kinexys paper isn’t being written in a vacuum. Major players across the financial ecosystem are recognising the same problem, and reaching similar conclusions about the need for controlled infrastructure.

Circle Is Building Arc

Announced on 12 August 2025 alongside their Q2 earnings, Circle’s Arc is their own Layer 1 blockchain with USDC as the native gas token.20 Sub-second finality—itself an indicator of very high centralisation, as this is literally impossible with genuinely distributed consensus.21Opt-in confidential transfers. Native FX engine for institutional-grade currency settlement. The public testnet launched on 28 October 2025 with over 100 design partners, including BlackRock, Goldman Sachs, HSBC, Visa, Mastercard, Fireblocks, and Ledger.22 Circle, the company that bet everything on being multi-chain, deploying USDC across two dozen blockchains, is building their own infrastructure. The instinct is correct: control your own rails. Circle has stated they plan “to transition Arc from centralised stewardship to distributed governance operated by financial institutions.”23 But governance distributed among a consortium is still governance. And governance is, by definition, exclusionary. Someone decides who’s in and who’s out. When Circle makes governance decisions, Arc participants inherit them. Or leave. For all this, Arc is Circle-governed infrastructure floating in space. There’s no resource layer beneath it.

Tether Is Building Plasma

The world’s largest stablecoin issuer is also developing blockchain infrastructure. Plasma, backed by Tether CEO Paolo Ardoino, Peter Thiel, and Framework Ventures, raised $24 million in February 202524 and a further $373 million in a July 2025 token sale.25 Plasma is purpose-built for stablecoins—an EVM-compatible Layer 1 that anchors to Bitcoin for settlement, with zero-fee USDT transfers and sub-second finality (again the giveaway that this is not decentralised). By September 2025, it launched with over $2 billion in stablecoin TVL.26 Tether recognised that being a tenant on everyone else’s infrastructure creates dependencies they can’t control. When Tron cut energy prices by 60% in August 2025, an obvious direct response to Plasma’s competitive threat, it demonstrated exactly why.27 Relying on third-party infrastructure means your business model depends on someone else’s governance decisions. But Plasma has the same underlying problem as Arc: Tether-governed infrastructure, no neutral foundation, another island in an archipelago of islands.

Canton

Digital Asset’s Canton Network - backed by Goldman Sachs, BNY Mellon, Citadel, and others - is, on the face of it, a serious attempt to create shared infrastructure for institutional finance. They raised $135 million in June 2025, with total funding exceeding $397 million.28 By late 2025, Canton claims over $6 trillion in tokenised assets and 600,000+ daily transactions, with Broadridge processing $280 billion in daily repo settlements through the network.29 But Canton is not a blockchain. It deliberately uses “chain” rather than “blockchain” in its documentation. There are no blocks. There is no peer-to-peer architecture. It is a centralised client-server system dressed in blockchain terminology. From Digital Asset’s own documentation: “The sequencer is trusted to correctly provide a global total-order multicast service.” “The mediator is trusted to produce and distribute all results correctly.”30 This describes the fundamental operations that blockchains exist to decentralise: transaction ordering and result distribution. If you must trust the sequencer and mediator, you have a database with extra steps - to what end? The entire purpose of blockchain technology is to allow us to trust the message, not the messenger, securely at scale. If you cannot trust the message - if you must instead trust the sequencer - then any use of blockchain is grossly inefficient relative to a centralised database and exists only to create a dangerous illusion of trust. It begs the question of why create the pretence at all. The “Global Synchronizer” - Canton’s coordination layer - turns out to be Digital Asset themselves, rebranded, operating as a node in every private blockchain on the network. They provide the central intermediary that everyone must trust, but they are not regulated as such. A system that orders transactions, provides settlement finality, and coordinates cross-domain settlements is performing functions similar to a Central Clearing Counterparty, one of the most heavily regulated categories of financial market infrastructure.31 Canton operates as a software vendor but they clearly are far more than that and this is dangerous for its users. Whether banks trust each other is beside the point. They all have to trust Canton. And when Canton’s interests diverge from theirs - or when Canton fails - there’s nowhere to go.

The Cheerleader Problem

What’s striking about the MIT DCI/Kinexys paper is its seriousness. The authors are genuinely grappling with real problems, they’re not writing marketing material. This stands in contrast to much of what passes for “blockchain analysis” in institutional finance, where technical complexity serves as cover for advocacy. The question is whether the risk and compliance officers at institutions adopting these solutions understand what they’re actually trusting. Technical complexity creates information asymmetry. The blockchain teams staffed by former Ethereum Foundation and Consensys employees speak a language (or share the interests of) their Chief Risk Officers don’t. Dense technical terminology obscures rather than illuminates. I note that it is a so common a practice as to seem a deliberate feature of the documentation for many ‘projects’, including major infrastructure projects, that their materials contain dense technical terminology that to an actual expert makes no sense at all. I fear that the people trusted as ‘blockchain experts’ have ideological and financial allegiances to the Ethereum ecosystem that created their careers, allegiances that may not align with critical evaluation or the interests of the financial institutions that they work for. When technical leadership becomes cheerleading rather than critical review, institutions inherit risks they haven’t properly assessed. The pervasiveness of this dynamic may explain why Ethereum’s many issues - validator concentration, governance capture, the mathematical impossibility of Layer 2 scaling claims - receive so little scrutiny from institutional adopters. The MIT DCI paper deserves credit for breaking this pattern. The authors are asking real questions. They’ve identified real problems. The tragedy is that they’ve then handed the solution to the same ecosystem whose failures created those problems in the first place.

The Pattern and What’s Missing

The pattern is clear: major players are recognising that deploying on Ethereum or other public chains means depending on infrastructure they don’t control. The response has been to build their own rails. But building your own rails creates islands. Circle’s Arc can’t natively settle with Canton. Tether’s Plasma can’t natively settle with Kinexys. Each institution builds their own walled garden, and we’re back to the problem the MIT DCI paper identified: “your standards versus my standards” rather than “our standards.” All three solutions of those outlined here - Arc, Plasma, Canton - are, like everything else in ‘blockchain’, infrastructure floating in space. No neutral foundation beneath any of them. When Goldman Sachs and BNP Paribas disagree about transaction ordering on Canton, where do they appeal? When Circle makes a governance decision that disadvantages a participant, what’s their exit? When trust within any of these consortiums breaks down, there’s nowhere to go. The missing piece isn’t more private infrastructure. It’s neutral ground, a foundation that no party controls, where competing institutions can settle without trusting each other’s systems. A governance-free resource layer solves this problem. Institutions can build governed infrastructure on top, their own ‘Associate Chains’ - Gajumaru terminology, meaning infrastructure that connects to Groot, the proof of work resource layer of the Gajumaru, while maintaining their own validators, rules, compliance, governance and sovereignty. This enables settlement between institutions on neutral ground that no party controls. Neither party trusts the other’s infrastructure, they do not need to. Both trust the resource layer that has no sequencer to trust, no foundation to capture, no CEO to compromise. The resource layer doesn’t replace trusted systems, it makes them possible by providing a trustless foundation for negotiation.

What Would Actually Work

The paper correctly identifies what payment tokens need: safety, integrity, interoperability, and usability. It correctly identifies the limitations of current standards. It correctly calls for convergence toward “our standards” rather than competing proprietary specifications. But “our standards” require neutral ground. Standards don’t converge when every party is trying to lock others into their ecosystem. Convergence requires infrastructure that no party controls, where the foundation itself doesn’t favour any participant. This requires something the paper doesn’t consider: a governance-free resource layer. Not a private chain. Private chains are islands. Kinexys can’t natively settle with DBS. Circle’s Arc can’t natively settle with Canton. Every private chain is another silo that requires bilateral integration to connect. Not a public chain with anonymous governance. Ethereum, Solana, and their derivatives are someone else’s kingdoms. You inherit their governance decisions, their validator incentives, their upgrade politics. Your carefully designed application layer sits atop a foundation you don’t control. A governance-free resource layer is different. No admin keys. No foundation making decisions. No anonymous validators who might collude. Just proof-of-work consensus where the rules are the rules, enforced by mathematics rather than trust. On this foundation, institutions can build governed infrastructure: their own Associate Chains with their own validators, their own compliance rules, their own governance. But settlement between institutions happens on neutral ground. Neither party trusts the other’s infrastructure. Both trust the resource layer that no one controls.

The RIPA Model

This architecture model has a name: RIPA. Resource, Infrastructure, Platform, Application. The critical insight is separating the resource layer (trustless) from infrastructure (governed, trusted). Infrastructure is always governed. That’s not a bug, it’s definitional. JPMorgan should control Kinexys. Circle should control Arc. Regulated institutions need governance to satisfy regulators. In fact, MOST so called ‘Layer 1 blockchain’s’ are so obviously centralised that they should be regulated institutions. The problem isn’t that infrastructure is governed. The problem is that there’s no neutral ground beneath it. A governance-free resource layer provides that neutral ground. Institutions control their own infrastructure while settling through a foundation no one controls. Each institution maintains sovereignty over their own systems. Settlement between them doesn’t require trusting a competitor’s infrastructure. This is analogous to how CLS (Continuous Linked Settlement) works for FX. Neither party to an FX trade trusts the other’s infrastructure. Both trust CLS for payment-versus-payment settlement. CLS handles $6.5 trillion in daily FX volume because hub-and-spoke beats bilateral.32 But CLS is not neutral ground, its consortium-governed shared infrastructure. Owned by major banks. Regulated (as any such infrastructure should be) as a Systemically Important Financial Market Utility. Someone decides who’s in and who’s out. CLS is exactly the kind of governed infrastructure that could become a Master Associate Chain, maintaining its own rules while connecting to genuinely neutral settlement beneath it. The architecture supports hierarchical relationships. A “master” Associate Chain like CLS - or Canton, if it chose compliance rather than decentralisation in marketing only - could serve as the hub for multiple sub-chains beneath it. Those sub-chains might be:

  • National infrastructure: A country’s regulated financial system (like Liechtenstein’s LTIN, or a future Swiss or Singapore equivalent)
  • Institutional infrastructure: A single bank’s internal blockchain (like Kinexys, or Goldman’s internal settlement systems)

⠀Each sub-chain maintains full sovereignty over its own rules, compliance requirements, and governance. The master chain provides coordination within a domain (FX settlement, securities, trade finance). The resource layer provides neutral settlement between master chains that don’t trust each other. The governance-free resource layer extends this model beyond FX and facilitates operations outside of any given multi-lateral infrastructure. Any tokenised asset, any payment, any settlement, without requiring trust in anonymous validators or competitor-controlled infrastructure. The Archipelago Analogy I have said previously that each of these financial institutions’ infrastructure becomes a dislocated island in space. To extend that metaphor, think of each consortium as an archipelago. CLS is an island chain, its member banks are islands connected by bridges and ferries operated by CLS, a consortium that all of the member islands own. They’ve solved the connection problem within their domain. Each consortium builds internal bridges. But the archipelagos themselves float in space, disconnected from each other. To settle between CLS and, for example, a properly structured version of Canton, would require building a new bridge across open water. This is bilateral integration, expensive and bespoke and remember, bilateral integration scales quadratically. The governance-free resource layer is the navigable ocean. The high seas that connect all archipelagos. Sail from any port to any other via waters that no nation governs. Each archipelago maintains its own rules on land. But the sea between them is neutral ground. The question isn’t whether to have governed infrastructure, archipelagos need governance. The question is whether those archipelagos connect through bilateral bridges (expensive, doesn’t scale) or through open sea (neutral, connects everyone).

The Foundation Question

Every other question in the MIT DCI/Kinexys paper - token standards, administrative controls, compliance frameworks, interoperability protocols - is secondary to the foundation question. If you build on Ethereum, you inherit anonymous validator governance, mathematically impossible scaling, and supply chain security that’s been compromised repeatedly. Your composable standards compose on sand. If you build private chains, you create islands that require bilateral integration to connect. The “your standards versus my standards” problem doesn’t go away, it gets worse, quadratically. If you build on genuinely neutral ground - a governance-free resource layer - you can have both institutional governance AND neutral settlement. Your standards. My standards. Our settlement layer. The paper identifies this need implicitly when discussing “our standards.” But “our standards” can’t emerge on infrastructure that “they” control. Convergence requires neutral ground.

Where This Goes

The report authors conclude by hoping their work “can serve as a starting point for further dialogue and collaboration with the ecosystem.”33 Good. That dialogue should happen. But it should start with the foundation question. Every other technical decision = token standards, administrative controls, compliance frameworks - is a standards question that allows for interconnectivity protocols, not addressing the interoperable foundation. Build on the wrong foundation, and you’ll spend years building workarounds for problems that didn’t need to exist. The problems the paper identifies are real:

  • Standards proliferation that serves creators’ interests
  • Governance concerns with public blockchains
  • Finality that depends on trust rather than mathematics
  • Scaling limitations that constrain institutional use

⠀The solution exists:

  • Neutral ground that no party controls
  • Proof-of-work finality that depends on mathematics
  • Throughput that actually scales (via state channels, not L2 fraud)
  • Institutional governance where institutions need it, neutral settlement where they need that

⠀This isn’t theoretical. The architecture is operational. The high seas option to extend the earlier metaphors is here now, a real and sensible choice against dislocated infrastructure in space. A European sovereign has already demonstrated real foresight and chosen to build with it. The MIT DCI/Kinexys paper is a serious contribution. The authors understand the problem space better than most. But they’ve built their prototype on infrastructure that guarantees their carefully designed solutions can never fully work. The foundation question is the only question that matters. Everything else follows from it.

References

1MIT Digital Currency Initiative and Kinexys by J.P. Morgan, “Designing Payment Tokens for Safety, Integrity, Interoperability and Usability,” May 2025. https://www.jpmorgan.com/kinexys/documents/designing-payment-tokens-for-safety-integrity-interoperability-usability.pdf 2Ibid., p. 3: “Kinexys Digital Payments offers a blockchain-based deposit product… This is a live deposit product with daily transaction values exceeding $2 billion.” 3Ibid., pp. 21-23. 4Ibid., p. 24. 5Ibid., p. 35. 6Ibid., p. 24. 7JPMorgan Chase & Co., “Audit Committee Charter,” https://www.jpmorganchase.com/about/governance/committees/audit-committee 8Compliance Corylated, “Four banks account for over half of $2.2bn fines for systems and controls failings,” March 2025. JPMorgan fined $494 million by five regulators in 2024 alone. 9Bank for International Settlements, “Trust Bridges and Money Flows,” BIS Working Papers No. 1112, 2023. https://www.bis.org/publ/work1112.pdf 10Accenture and McLagan, “Banking on Blockchain: A Value Analysis for Investment Banks,” January 2017. https://newsroom.accenture.com/news/2017/blockchain-technology-could-reduce-investment-banks-infrastructure-costs-by-30-percent-according-to-accenture-report 11Frontiers in Blockchain, “Auditing in the blockchain: a literature review,” April 2025. PwC achieved 90% reduction in manual reconciliation time. https://www.frontiersin.org/journals/blockchain/articles/10.3389/fbloc.2025.1549729/full 12MIT Digital Currency Initiative and Kinexys by J.P. Morgan, “Designing Payment Tokens for Safety, Integrity, Interoperability and Usability,” May 2025. p. 4: “MIT DCI and Kinexys Digital Payments at J.P. Morgan collaborated on the research and development of a prototype for payment tokens on EVM-based blockchains.”https://www.jpmorgan.com/kinexys/documents/designing-payment-tokens-for-safety-integrity-interoperability-usability.pdf 13Ibid., p. 37. 14Lido, Coinbase, Kraken, and Binance stake concentration data from rated.network and beaconcha.in validator statistics, December 2025. 15“MIT DCI and Kinexys Digital Payments at J.P. Morgan collaborated on the research and development of a prototype for payment tokens on EVM-based blockchains.”, p. 15. https://www.jpmorgan.com/kinexys/documents/designing-payment-tokens-for-safety-integrity-interoperability-usability.pdf 16MetaMask GitHub Issue #5728 documents the NPM dependency tree. The issue was raised in 2019 and the dependency count has grown since. 17eSecurityPlanet, “18 Malicious NPM Packages Target Cryptocurrency Users,” September 2025. https://www.esecurityplanet.com/news/npm-packages-hijacked-crypt-stealing/ 18“MIT DCI and Kinexys Digital Payments at J.P. Morgan collaborated on the research and development of a prototype for payment tokens on EVM-based blockchains.”, p. 37 https://www.jpmorgan.com/kinexys/documents/designing-payment-tokens-for-safety-integrity-interoperability-usability.pdf 19Ethereum Improvement Proposal EIP-779 implemented the DAO fork on 20 July 2016, reversing approximately $60 million in transactions. The fork was controversial within the community and resulted in Ethereum Classic (ETC) continuing the original chain. See ethereum.org historical documentation. 20Circle, “Introducing Arc: An L1 Blockchain for Stablecoin Finance,” 12 August 2025, https://www.circle.com/blog/introducing-arc-an-open-layer-1-blockchain-purpose-built-for-stablecoin-finance 21BFT consensus research consistently shows distributed consensus requires minimum 1-2 seconds latency across geographically distributed nodes. Tendermint achieves “approximately 1 second” with global validators; EOS/DPOS BFT observes “2-3 second latency” across networks. Sub-second finality requires either: (a) a very small, tightly coupled validator set, (b) validators in close geographic proximity, or (c) a trusted sequencer—all forms of centralisation. See: MDPI Electronics, “Byzantine Fault-Tolerant Consensus Algorithms: A Survey,” September 2023; Daniel Larimer, “DPOS BFT—Pipelined Byzantine Fault Tolerance,” Medium, May 2018. 22Circle, “Circle Launches Arc Public Testnet,” Press Release, 28 October 2025, https://www.circle.com/pressroom/circle-launches-arc-public-testnet 23The Coin Republic, “Circle Launches Arc Layer-1 Blockchain but CRCL Stock Dips 2%,” 28 October 2025, https://www.thecoinrepublic.com/2025/10/28/circle-launches-arc-layer-1-blockchain-but-crcl-stock-dips-2/ 24Fortune, “Exclusive: Stablecoin company Plasma raises $24 million from Framework to launch its own blockchain,” 13 February 2025, https://fortune.com/crypto/2025/02/13/exclusive-stablecoin-company-plasma-raises-24-million-from-framework-to-launch-its-own-blockchain/ 25Blockhead, “Plasma Raises $373M in Oversubscribed Token Sale for Stablecoin Blockchain,” 30 July 2025, https://www.blockhead.co/2025/07/29/plasma-raises-373m-in-oversubscribed-token-sale-for-stablecoin-blockchain/ 26Elliptic, “Elliptic partners with record-breaking stablecoin infrastructure provider, Plasma, to power compliance at scale,” September 2025, https://www.elliptic.co/media-center/elliptic-partners-with-record-breaking-stablecoin-infrastructure-provider-plasma-to-power-compliance-at-scale 27BlockEden.xyz, “Plasma Blockchain: Tether’s $2 Billion Vertical Integration Gambit,” 25 November 2025, https://blockeden.xyz/blog/2025/11/25/plasma-blockchain/ 28DropStab Research, “What Is Canton Network? The Blockchain Powering Wall Street,” 1 November 2025, https://dropstab.com/research/crypto/canton-network-the-blockchain-powering-wall-street 29Figment, “Canton First Look: Bringing Traditional Finance Onchain,” 29 August 2025, https://www.figment.io/insights/canton-first-look-bringing-traditional-finance-onchain/ 30Digital Asset, Daml SDK Documentation, “Overview and Assumptions,” https://docs.daml.com/canton/architecture/overview.html 31Central Clearing Counterparties are designated as Systemically Important Financial Market Infrastructures under the Dodd-Frank Act (US), EMIR (EU), and equivalent regimes globally.” 32CLS Group, “What We Do,”https://www.cls-group.com/ CLS settles payment instructions for FX transactions, handling average daily values exceeding $6.5 trillion. 33MIT Digital Currency Initiative and Kinexys by J.P. Morgan, “Designing Payment Tokens for Safety, Integrity, Interoperability and Usability,” May 2025, P. 35 https://www.jpmorgan.com/kinexys/documents/designing-payment-tokens-for-safety-integrity-interoperability-usability.pdf