Every securities market on earth separates issuance from settlement. Ethereum and Solana merged them and called it elegance.
Written for @FiveNorthHQ · July 2026
DTC custodies roughly $100+ trillion in securities. It issues exactly none of them. That split (one entity creates the claim, a different one settles its transfer) isn't an accident of legacy plumbing. It's the design.
On Ethereum, the same machine does both. BlackRock issues BUIDL as a contract; the network settles every transfer of it; the result is a token whose 61 holders are visible to anyone with a browser. Issuance and settlement aren't separate roles that happen to share a chain. They're one role. Etherscan is the proof.
Walk a regulator through a design that keeps the two apart and they follow it in minutes. It's the shape of every market they oversee. Walk a crypto founder through the same design and the first question is "why isn't this one smart contract?" Same diagram. One room reads competent structure; the other reads wasted motion. Both are reasoning correctly, from different decades.
The separation is the system
Traditional markets don't run on one ledger. They run on a chain of distinct entities, kept separate by regulation. The issuer creates the claim. The transfer agent keeps the register. The central securities depository (DTC, Euroclear) immobilizes and settles. The central counterparty (NSCC, ICE Clear) novates and absorbs default risk. Four jobs, four balance sheets, four points of failure that don't cascade into each other. When one breaks, the others contain it. Each sits inside its own regulatory perimeter. That's not bureaucracy. It's the reason one firm blowing up doesn't take the settlement layer down with it.
Nominal separation versus functional separation
Here's the fair objection: Ethereum separates these too, since the contract deployer isn't the validator set. True. But that separation is nominal. The issuer can gate who holds the asset. Allowlists and freeze functions are routine, and BUIDL itself is whitelisted. What the issuer can't do is choose who sees it. Every balance, every transfer, every counterparty is published to the whole world; the allowlist controls the guest list, not the one-way mirror. And the control is itself public: when Circle freezes an address, the freeze is an on-chain event anyone can read. Settlement is no different: ordering and finality belong to a validator set the issuer never met, roughly a million of them on Ethereum, on a chain everyone can read. Issuance, registry, and settlement collapse into a single public machine. Separate on paper. Fused in fact. Solana is the same bargain with the dial turned toward throughput.
The founder's "why not one contract" is that fusion restated as a feature. And it isn't dumb. One global state is exactly what gives Ethereum its composability. An asset that can touch every other asset on the same ledger is genuinely powerful. The model isn't wrong. It's answering a different question than the one an $87 trillion depository was built to answer.
What functional separation looks like on-chain
Canton keeps the split real. The issuing party's node controls the asset and its rules: who may hold it, on what terms it moves. Ordering and settlement finality are a separate role, run by synchronizers operated by other parties, which sequence and finalize transactions without holding or reading their contents. Selective disclosure means the register isn't world-readable; only the parties to a contract see their slice. And settlement is still atomic: asset leg and cash leg commit as one operation, across counterparties and across synchronizers. Depository-style role separation, with programmable atomic settlement on top.
The production data tracks the thesis. Broadridge's DLR repo platform settled $368B in average daily volume on Canton in April 2026, nearly $8T for the month, up 268% year over year. DTCC will tokenize DTC-custodied US Treasuries on Canton, MVP in H1 2026. Goldman's Digital Asset Platform runs natively on it. Strategic investors closing late 2026 included BNY (custodian for $57T in client assets), Nasdaq, S&P Global, and iCapital - led by a16z. These are the institutions analysts mean by "trillions are coming on-chain," and they're not deploying on rails that fuse the two jobs.
The tradeoff, stated honestly
This isn't free. The price of functional separation and default privacy is the permissionless, fully public composability that powers the other model. And yes, privacy can be retrofitted onto public chains: zero-knowledge proofs, private rollups, encrypted mempools. It can be done. The question is what the default is. On a transparent global chain, each of those is a bolt-on fighting the base layer's nature. On Canton, default-private with opt-in disclosure is the base layer. For a regulated claim, confidentiality you have to engineer back in, against the grain of the system, is not a posture a compliance committee signs. Privacy as the default, transparency as the deliberate exception: that's the only shape that clears.
Which question is your asset asking?
Two questions resolve most of it:
- Confidentiality. Does the asset need to control who can see positions, flows, and counterparties? (Gating who holds it is solved on both; visibility is the real fork.)
- Composability. Does its value come from touching everything else on one open ledger?

The two rooms aren't arguing about quality. They're arguing about which question the asset is asking. Pick the rail that answers it. For a regulated claim, that means keeping the two jobs apart, the way every market that clears tens of trillions already does.
Five North is an infrastructure provider on the Canton Network. We build wallets, explorers, and validator infrastructure, operate as a Super Validator, and invest in middleware and applications across the regulated digital asset ecosystem.



