Undone

Ondo Finance’s public architecture, as checked in the May 4, 2026 source refresh, distributes different legal positions across adjacent token forms. USDY and OUSG are administered products with eligibility controls, redemption pathways, and issuer-side operational authority. Ondo Global Markets adds a thicker legal layer through a bankruptcy-remote BVI special purpose vehicle, Swiss-law sales terms, and a first-priority security interest for tokenholders. ONDO sits in the governance layer. It carries voting, delegation, and execution rights, while the checked public materials place product-layer claim order in adjacent products and vehicles.

Ondo’s architecture is best read through asset partitioning, control-versus-cash-flow separation, legal coding, and Chinese variable interest entity comparators. Hansmann and Kraakman’s (2000) asset-partitioning framework, Bebchuk, Kraakman, and Triantis (2000) on separation of control from cash-flow rights, Pistor (2019) on jurisdictional legal coding, and the literature on Chinese variable interest entities together provide the main prior-art lineage. Within that lineage, selective claim engineering and claim-order noninheritance describe the Ondo case.

Residual has two meanings here: residual claims in the Fama-Jensen sense of cash-flow position, and institutional work left outside the coded layer. The second domain includes disclosure, legal maintenance, regulatory engagement, and reputational repair in a tokenized architecture whose adjacent layers carry materially different rights. On that basis, the Ondo case fits a broader inquiry into residual institutional consequences of formalization without relying on lexical overlap alone.

Keywords: Ondo Finance, tokenized finance, governance tokens, asset partitioning, legal coding, residual claims, tokenized securities, Chinese VIEs, disclosure, legal architecture.

Ondo Finance’s public architecture distributes the route from underlying asset to wrapper to governance token across distinct legal containers and token forms. USDY and OUSG are administered products with role-gated access, redemption pathways, pricing logic, and issuer-side control surfaces. Ondo Global Markets adds a later tokenized-securities layer structured through a bankruptcy-remote BVI vehicle, Swiss-law sales terms, and secured tokenholder position. ONDO sits alongside these layers as the ecosystem’s governance token.

The central claim is specific. On the public record refreshed on May 4, 2026, ONDO carries governance rights while product-layer claim order remains attached to USDY, OUSG, and Ondo Global Markets securities. That observation matters because market-facing descriptions routinely present ONDO as the economic face of the product stack, and the compression is documentable rather than hypothesized. A registration statement for an ONDO exchange-traded product embeds platform-revenue economics in its description of the asset: "Ondo Finance generates revenue from the fees charged on the platform. A portion of this revenue may be distributed back to users in the form of rewards or incentives" (21Shares 2025). Exchange listing pages introduce the token through the product business ("ONDO is the native token of the Ondo Finance ecosystem. Ondo Finance seeks to bridge the gap between traditional and decentralised finance…​") (Kraken n.d.), an aggregator description attaches stale product-protocol language to the token itself (CoinGecko n.d.), and market reporting treats the token’s price as the register of platform-level regulatory news (Sandor 2025). The corpus is mixed rather than uniform, and the mix is itself the finding: Ondo’s own distribution-era risk factors state that the tokens give holders no rights "to any of the profits or revenues of the Company, any affiliates of the Company, the Platform, or any user of the Platform" (Ondo Foundation n.d.-c), while market-facing surfaces describe the same instrument through the product economics. Where authoritative self-description and market-facing description diverge this widely, the legal structure’s allocation has to be stated independently of both, which is this paper’s task.

Cross-entity separation between control rights, cash-flow claims, and legal protection is familiar terrain. It appears in asset-partitioning scholarship, dual-class and pyramid structures, shadow-banking debates over liability and entity shielding, and Chinese variable interest entity structures. Ondo adds a highly legible tokenized-finance case in which those distinctions are publicly visible across adjacent token layers.

Two descriptive terms organize the case. Selective claim engineering refers to the deliberate allocation of thicker and thinner claim bundles across adjacent token forms. Claim-order noninheritance refers to the resulting condition in which rights located at one layer do not automatically travel upward into an adjacent governance token. Their force is descriptive: they name the Ondo allocation within an existing body of organizational-law and securities-law scholarship.

The term residual does two kinds of work in this case. It first refers to residual claims in the Fama-Jensen sense of cash-flow position and claim order. It also names institutional work left outside the coded layer, in the infrastructure-studies sense in which a formal system’s usability rests on continuing maintenance and articulation work around it (Star and Ruhleder 1996). Ondo’s cross-layer claim architecture generates a second domain of work: disclosure drafting, investor explanation, jurisdictional upkeep, regulatory engagement, and reputational repair when market adjacency encourages readers to treat legally distinct layers as economically unified. The argument concerns both domains and states the relation explicitly.

Williamson (1985) is relevant but secondary. Asset partitioning carries transaction-cost and monitoring-cost logic in its background, so transaction-cost economics remains part of the frame. The immediate object is legal claim architecture across adjacent containers, which is better addressed by asset-partitioning, control-versus-cash-flow, and legal-coding scholarship than by market-hybrid-hierarchy analysis.

The analysis is a public-architecture study. Ondo is selected on public legibility: the architecture is unusually documented across product, vehicle, and governance surfaces at once. Legibility selection carries a known bias, since architectures that disclose well may differ systematically from those that do not, and the inference is bounded accordingly: the case shows what selective claim engineering looks like where it is visible, and claims nothing about its prevalence. The analysis relies on four source classes refreshed on May 4, 2026.

First, product and governance documentation from Ondo Foundation and Ondo Finance identifies how Ondo describes ONDO, USDY, OUSG, Flux, and Ondo Global Markets to users and counterparties. Second, repository materials, including the usdy, ondo-v1, and flux-finance/contracts code surfaces, show the administered and role-gated character of the product layer. Third, public legal and regulatory pages for Ondo Global Markets identify the BVI SPV structure, Swiss-law sales terms, collateral buffer, and first-priority security interest for tokenholders. Fourth, contemporary regulatory materials, especially the SEC’s January 28, 2026 joint staff statement on tokenized securities, provide the doctrinal landscape, as of the May 4, 2026 review, against which the architecture is being read. A fifth class, market-facing descriptions of ONDO (exchange listing pages, aggregator descriptions, product registration statements, and market reporting, accessed June 12, 2026), documents the compression premise of Part 1; it is used only to establish how the token is described to markets, never as evidence of legal position.

The public-record boundary is part of the method. Hidden side agreements, undisclosed fee-routing, non-public governance commitments, and market price are outside the evidentiary basis for the legal-architecture claim. Where the public record is mixed, the analysis marks the complication instead of flattening it. One further class sits at the boundary’s edge: primary-market sale documents for ONDO itself (the token’s distribution-event terms and purchase agreements). Those documents are the ones the post-Ripple representation question of Part 8 would turn on, and the present pass does not reach them; their examination is marked as the next evidentiary step rather than folded silently into the architecture claim.

That boundary matters especially for governance-parameter evidence. The analysis relies on Ondo Foundation documentation and Tally’s public Ondo DAO interface for proposal threshold, quorum, voting period, timelock, governor, and token descriptions. The governance discussion is a public-interface claim about visible architecture; the four quantitative governance parameters in Part 4.B were verified by direct contract call on June 12, 2026, and the remaining governance description carries the public-interface boundary.

The same caution narrows the thesis. The record supports a more specific statement than an across-the-stack uniformity claim would allow: the strongest claim-order separation appears between the ONDO governance layer and USDY, OUSG, and Ondo Global Markets. Flux is a partial exception because ONDO governance reaches that institutional surface more directly.

The main legal point is straightforward. Governance rights remain distinct from product-layer claims unless an architecture gives them a defined transmission route.

This is the point at which residual disambiguation matters. Residual in this Part refers to residual claims in the Fama-Jensen sense. The question is who sits in the legally relevant position with respect to cash-flow entitlement, secured status, and claim order. On the reviewed public record, ONDO sits outside that position for USDY, OUSG, and Ondo Global Markets.

Stating the claim order layer by layer makes the point concrete, and it requires naming the position the public record leaves implicit. For Ondo Global Markets, the checked materials describe tokenized securities issued through a bankruptcy-remote BVI special purpose vehicle, with tokenholders described as holding a first-priority security interest over the vehicle’s assets and an added collateral buffer; on those materials, secured tokenholders stand first against the vehicle’s assets, and whatever remains after their claims flows to the vehicle’s equity. For OUSG, holders stand as shareholders of an administered fund, with claims against the portfolio mediated by the fund’s redemption and eligibility machinery. For USDY, holders stand as noteholders against the issuing vehicle, senior to that vehicle’s equity. In each ladder, the bottom position, the claim on whatever remains after product-layer obligations are met, belongs to the equity of the operating and issuing entities behind each product. That is the residual claimant in Fama and Jensen’s sense, and the public record nowhere places ONDO in that position or in any senior position above it. ONDO appears in none of the three ladders. The negative finding is therefore precise in both directions: the secured and senior positions sit with the product-token holders themselves, and the product-layer residual claims that market narrative may attribute to the governance token sit with the equity of the operating and issuing entities.

Asset partitioning and control-versus-cash-flow separation provide the more precise vocabulary. Residual control in the Grossman and Hart (1986) sense is less central because the public-record problem is not a contest over an asset the ONDO layer once possessed. The governance token never appears on the checked public record as the holder of the relevant product-layer asset authority in the first place.

Within that vocabulary, claim-order noninheritance is the useful descriptive term. It means that legal rights present at one layer do not travel upward into an adjacent governance token absent an explicit mechanism that routes them there. Such a mechanism could exist. It could take the form of direct fee-routing, a contractual entitlement, a secured position, or a legal restructuring that gives token holders a defined product-layer right. The point is that, on the public record reviewed here, such a mechanism has not been identified for ONDO with respect to the thick product layers that matter most.

The strongest objection to the noninheritance description is contingent rather than present. ONDO holders hold the governance power through which a product-layer entitlement could be voted into existence, and the Flux exception shows that Ondo DAO’s formal reach already extends to one institutional surface’s economic parameters. Under the valuation literature on governance and membership tokens (Sockin and Xiong 2023; Cong, Li, and Wang 2021), a token carrying the power to acquire future cash-flow routing is a contingent claim, and a market pricing that contingency is doing something other than compressing layers in error. The objection is answered by holding two registers apart. As a matter of present legal coding, the noninheritance description is exact: no checked instrument gives ONDO holders a product-layer right today, and the first falsification condition in Part 9 binds the analysis to revise if one is created. As a matter of valuation, the contingency is real, and the analysis takes no position on how it should be priced; the scope statement in Part 9 already excludes market-price claims. What the contingency cannot do is collapse the legal distinction. A governance path through which a right could be created is a different legal object from the right itself, and disclosure law treats the difference as material, which is the burden Part 8 develops. The Flux surface sharpens rather than dissolves this boundary, because it shows what DAO reach looks like when it exists: documented, surface-specific, and absent for USDY, OUSG, and Ondo Global Markets on the checked record.

Selective claim engineering names the design choice to distribute thicker and thinner bundles across adjacent forms. In Ondo’s architecture, product tokens and product vehicles receive the legal density needed for issuance, redemption, and holder protection, while ONDO receives governance rights without parallel product-layer claim position.

Once framed this way, the Ondo case sits squarely within existing scholarship. It resembles dual-class and pyramid literature because control and cash-flow travel differently. It resembles VIE logic because adjacency and economic narrative do not settle claim inheritance. It resembles asset-partitioning cases because legal containers allocate priority and shielding selectively. Its distinctive value is empirical clarity within tokenized finance.

The second residual domain must be identified with precision. Residual in this Part refers to institutional work left outside the coded layer.

That work is visible in at least four places.

First, there is disclosure work. Where adjacent layers carry materially different rights, the architecture requires continuous explanation to users, tokenholders, counterparties, and regulators. The public must be told that governance rights, product claims, structured-note protections, and secured positions do not collapse into one unified token entitlement.

That work is operational. It includes keeping offering materials, governance documentation, onboarding materials, and product explanations aligned across legally distinct layers so that market narrative does not outrun legal position. In a structure like Ondo’s, explanation is part of maintenance. If the explanatory layer drifts, the claim-order distinction becomes harder to sustain in practice even if it remains intact on paper.

The public documentation stack already shows this burden in concrete form. ONDO governance and token materials sit on Foundation pages and Tally. USDY and OUSG product surfaces have their own basics and eligibility materials. Ondo Global Markets has separate overview, legal-and-regulatory, and trust-and-transparency pages. Those parallel explanatory surfaces record the institutional work required to keep legally distinct layers intelligible to different audiences at the same time. Ordinary product segmentation explains the existence of separate pages; what the layered architecture adds is the burden each surface carries to mark what its layer holds and what it leaves elsewhere, because adjacency invites compression that a single-product issuer’s pages never have to manage.

Second, there is legal-maintenance work. A layered architecture like Ondo’s has to be sustained across legal documentation, entity upkeep, service-provider coordination, and jurisdiction-specific drafting. Delaware entities, a BVI SPV, Swiss-law sales terms, and issuer-side product controls do not maintain themselves. The architecture formalizes rights at specific layers, but it pushes the burden of maintaining those distinctions into ongoing legal and organizational labor.

The same point appears in product evolution. Ondo’s own public materials around OUSG’s shift into BlackRock’s BUIDL and around round-the-clock subscriptions and redemptions show continual updating, re-documentation, and re-explanation as product-layer arrangements change. That is the practical meaning of legal-maintenance work in this context: the claim structure has to be kept current across entities, counterparties, and public-facing documentation instead of declared once.

Third, there is regulatory-engagement work. A structure that separates governance tokens from product-layer claims must continually be interpreted against securities, tokenization, disclosure, payments, and cross-border legal frameworks. The distinction is analytically useful only because someone must keep specifying it to regulators and markets.

Fourth, there is reputational and explanatory work. Market adjacency encourages compression, and the documented descriptions in Part 1 show the encouragement operating: a registration statement, exchange listings, and market reporting each present the token through the product economics the legal structure places elsewhere. When buyers or observers treat ONDO as though it inherits product-layer economics, the architecture generates an interpretive gap that has to be managed through public communication, investor education, and, in harder cases, litigation or enforcement-facing clarification.

These burdens are practical costs of a design that formalizes rights at one layer while leaving adjacent audiences to infer relationships across layers. The more successful tokenized-finance brands become, the stronger this interpretive pressure becomes. That is why the residual domain here is concrete: the continuing work required to keep legal separation legible in a market environment that rewards compression.

The connection between claim-order analysis and residual-authority analysis is now explicit. Ondo’s layered claim structure is a property-rights case and a case in which formalization at one layer creates a durable residual burden of legal maintenance, disclosure, regulatory engagement, and explanation elsewhere.

Two comparator families help locate the Ondo case.

The SEC’s January 28, 2026 staff statement on tokenized securities is relevant here, but only if described correctly. It is a joint statement of the Divisions of Corporation Finance, Investment Management, and Trading and Markets. It says that tokenized securities generally fall into two primary categories: securities tokenized by or on behalf of issuers, and securities tokenized by unaffiliated third parties. Within the third-party category, the statement distinguishes custodial and synthetic models. The analysis uses this taxonomy as stated.

Because the staff statement has no binding force, its value here is limited but useful. It shows that the January 2026 staff taxonomy had already moved toward architectural differentiation among tokenized structures. The Ondo case suggests that one more dimension deserves explicit attention within that broader differentiated landscape: claim order across adjacent token layers.

That implication is mostly about disclosure. Where a governance token is publicly adjacent to product-layer instruments, issuer and ecosystem communications should specify what the token holds, lacks, and leaves elsewhere. Governance rights, fee expectations, product access, redemption rights, and secured positions should not be allowed to blur into one undifferentiated token story.

More specifically, claim-order disclosure should be compositional rather than atmospheric. It should identify, layer by layer, which entity issues the instrument, which holder rights attach to it, whether those rights are contractual, governance-based, secured, or residual, and which adjacent tokens leave those rights elsewhere. That is a more demanding disclosure posture than generic ecosystem branding, but the Ondo case shows why it is needed.

The compositional rule has operational content for three professional audiences, and stating it at that level shows the rule is practicable. For transactional and disclosure counsel, it requires three departures from ecosystem-level practice. Each token form is analyzed separately: which entity stands behind it, which contractual or organizational document governs it, which rights attach to holding it alone, and which rights do not travel with it even where adjacent forms carry them. Governance rights and product rights are treated as analytically independent until an explicit bridge is identified (contractual, organizational, reserve-based, redemption-based, or security-interest-based); where no bridge appears in the record, the safer legal reading is separation rather than assumed transmission. Disclosure is then drafted and evaluated compositionally, with six rights dimensions kept distinct inside each layer wherever the record allows: governance rights, redemption rights, secured or priority position, administrative or issuer-side operational authority, product-user economic position, and the presence or absence of any explicit bridge into the governance token.

For a regulator, the parallel duties are to identify, before classification, what is the platform, what is the tokenized product, what is the governance token, and which layer carries the rights that matter for investor protection, redemption, priority, and operational control; to demand disclosure that separates product wrappers, governance token, legal container, and any cross-layer control surfaces, precisely because the public architecture permits readers to over-compress the stack; and to evaluate noninheritance as a live possibility rather than assuming that a governance token adjacent to a product stack inherits its protections.

For an analyst, the burden is procedural: identify the adjacent layers, map which rights attach to each, ask whether any explicit bridge carries rights upward, and only then infer whether the governance token is economically linked, legally linked, both, or neither. Indirect coupling (recapitalization value, fee-switch logic, surplus linkage of the kind the Part 7 pressure ring documents) and direct inheritance are different categories, and conflating them is the analytical counterpart of the compression this paper documents in market descriptions. The articulation stays deliberately short of a new doctrinal test: the claim is disclosure significance on the present record, and whether the pattern generalizes across tokenized finance is the comparative question Part 9’s second falsification condition leaves open.

That recommendation fits the SEC’s own movement toward architectural differentiation. The January 2026 staff statement distinguishes tokenized structures by issuer relation and by custodial versus synthetic model, while adjacent token layers within a branded ecosystem raise the separate problem of claim distribution. Compositional disclosure is the practical answer to that remaining problem. It supplements tokenized-securities taxonomy at the point where governance-token adjacency can blur claim position.

The point also matters for litigation and enforcement analysis, with case law used as background rather than foundation. The post-Ripple and post-Terraform environment, as of the May 4, 2026 review, remained divided on how to analyze token transactions and issuer representations. Judge Torres’s transaction-specific reasoning in Ripple (2023) and Judge Rakoff’s rejection of that distinction in Terraform (2023) leave the Ondo question open. They do, however, clarify that factual precision about what token holders are told they possess is legally consequential. A market-facing story that implies product-layer claim inheritance where no such right exists would raise a different problem from a story that accurately discloses the separation.

Compositional evaluation is therefore the right regulatory posture. Tokenized-finance systems should be evaluated layer by layer rather than by assigning one economic substance to an entire branded ecosystem. Ondo’s architecture is an especially clear example of why.

The claims are open to revision under public, observable conditions.

First, the claim-order analysis would weaken if ONDO acquired a documented and enforceable product-layer economic entitlement through fee-routing, contractual amendment, secured status, or legal restructuring. Second, the comparative positioning would weaken if a broader set of tokenized-finance cases showed governance tokens routinely passing the inheritance test of Part 7.C in ways absent from the Ondo record reviewed here. Third, the residual-work claim would weaken on a comparative showing: if single-instrument tokenized funds of comparable scale (BUIDL, FOBXX) maintain documentation, legal, and regulatory surfaces of comparable extent and revision frequency, then the burden Part 6 describes is the ordinary cost of tokenized products rather than a consequence of layering. The claim survives only if the layered architecture demonstrably adds explanation and maintenance work beyond that single-instrument baseline, measured by the count of distinct per-layer documentation surfaces and the cross-layer clarifications they require.

The scope is deliberately narrow. The analysis describes public architecture refreshed as of May 4, 2026. It does not infer private agreements, make a fraud allegation, or claim that ONDO’s market price is caused by misunderstanding of claim order. It argues only that public legal and technical materials place different rights at different layers, and that those distinctions matter.

The closing inference follows that bounded record. Ondo is best understood as a layered tokenized-finance architecture that separates governance from product-layer claim order while requiring ongoing legal, disclosure, and regulatory work to keep that separation intelligible. Asset-partitioning and legal-coding scholarship already tell us how to see this kind of structure. The Ondo case shows how the same problem now appears in tokenized finance.