The paradox is that institutional issuers of tokenised real-world assets prefer permissioned, whitelist-gated transfer mechanics for compliance reasons, yet permissionless composability is the structural feature that turns a tokenised asset into productive on-chain capital rather than parked inventory. Tokenisation puts the asset on chain. Composability is what determines whether anything happens to it after that. The April 2026 data shows two opposite leaderboards: Treasuries account for ~48% of tokenised AUM but ~2% of DeFi deposits, while reinsurance accounts for ~1% of AUM but generates roughly 80% composability rates (Dune composable RWAs dashboard, April 2026). The same asset can be a leader in one ranking and an afterthought in the other depending on whether the wrapper is structured for transferability into lending markets or whether each transfer requires a per-investor whitelist gate. For an institutional tokenisation operator deciding between a permissioned default and a permissionless wrapper running in parallel, the paradox is the strategic question that frames the design.
Why the inversion exists
Three conditions need to hold for a tokenised asset to be composable in DeFi. First, the token must be transferable into a lending market without a per-investor whitelist gating each transfer; this can be fully permissionless (Maple's syrupUSDC) or a permissioned market with institutional KYC at the venue level rather than at the token level (Aave Horizon). Second, the collateral yield must exceed the borrow rate by enough margin to justify leverage costs; private-credit collateral at ~6% works against ~3% stablecoin borrow, Treasuries at 3.5% do not. Third, a third-party curator (Gauntlet, Steakhouse, Resolv) needs to build a leveraged vault around the asset, or a stablecoin protocol needs to accept it as backing. Without integration, "available collateral" never becomes "deployed capital."
Treasuries fail the first two conditions for most institutional issuers. BlackRock's BUIDL has a whitelist-only transfer model that forecloses arbitrary protocol integration; the yield is too thin to justify leverage; and the curator integrations have not formed. Reinsurance, by contrast, sits on permissionless-by-default wrappers with high carry yields and an active curator set. The asset class that should look most like productive on-chain collateral on first principles (the deepest, safest, most liquid asset class in the world) is the one that has structurally foreclosed the composability flywheel.
The Centrifuge worked example
Centrifuge has $1.85B+ in tokenised AUM but only ~$13M of that is composable in DeFi as of April 2026. The architecture is permissioned by default; the deRWA wrapper that allows arbitrary protocol integration shipped in September 2025, late enough that the live composability footprint remains small. The Janus Henderson Anemoy AAA CLO product (JAAA) deployed as $100M in Aave Horizon as leveraged collateral by Resolv in April 2026 is the worked counterexample: a permissioned-at-the-venue, KYC-gated configuration where the institutional collateral becomes productive in DeFi without exposing the issuer to indiscriminate distribution (Centrifuge announcement). The structural lesson is that institutional composability is not all-or-nothing; venue-level permissioning is a partial resolution.
What institutional issuers face
The paradox is actually a triple bind. The compliance posture pushes toward whitelist-only transfers. The distribution upside pushes toward permissionless integration. The regulatory posture (Clarity Act ambiguity, MiCA's CASP perimeter, the SEC's transfer-agent rules) pushes back toward control. An asset manager issuing a tokenised feeder into an existing strategy has to choose: ship a Type C/D structure (Ondo OGM, Robinhood EU's wrapped equities) where the on-chain instrument is a derivative referencing the underlying and full DeFi composability is preserved at the cost of the asset manager owning the wrapper risk; ship a Type A/B structure where the on-chain token is the legally operative record but transfers are gated; or ship both in parallel via a permissionless wrapper layered onto a permissioned core (the Centrifuge deRWA pattern).
Most major asset managers have so far chosen the Type A/B route with whitelist gating. The November 2025 DeFi contagion (where curator vaults absorbed $3B+ in losses on opaque-synthetic collateral selections) gave the institutional side an additional reason not to wire its tokenised products into the curated-vault flywheel. The composability the protocols want is the composability the issuers have just been reminded is dangerous.
Where this resolves
Three plausible trajectories. First, the "venue-level KYC" pattern (Aave Horizon, the Securitize-Apollo Plume integration, the Anchorage-fronted Morpho institutional vaults) becomes the dominant compromise. Permissioned at the protocol-access layer, permissionless at the on-chain mechanics layer. This preserves the issuer's compliance posture while allowing curator integration on top.
Second, a token standard wins (Vault Registrar EIP, ERC-3643, or a successor) that puts compliance logic on chain in a way DeFi protocols can read. The asset becomes self-describing for KYC and transfer-restriction purposes, and protocol integration ceases to require off-chain coordination with the issuer. Securitize is the most-cited candidate to drive a Vault Registrar EIP in this direction; whether the EIP lands and which institutional issuers adopt it determines the trajectory.
Third, the wrapper layer becomes a separable utility. A protocol like Centrifuge deRWA, or a horizontal infrastructure provider sitting between any tokenised security and any DeFi protocol, takes the regulatory surface off the asset manager and presents the same instrument under permissionless mechanics on the protocol side. The asset manager's exposure is to the wrapper provider's compliance posture, not to the protocols downstream. This is the cleanest separation and the most architecturally invasive.
Open questions
- At what credit-yield level does the credit-dominance of DeFi deposits collapse. Aave Horizon shows USCC's collateral share dropping from 93% to 67% as basis-trade yields collapsed from ~15% to ~4%; the threshold where Treasuries reclaim share is plausibly around the stablecoin borrow rate.
- Whether any GSIB asset-management arm (BlackRock, Franklin Templeton, JPMorgan) ships a Type A/B product with a permissionless wrapper running in parallel. Apollo's ACRED on Plume is the closest example; whether the pattern propagates determines the speed of resolution.
- Whether MAS or HKMA explicitly addresses the wrapper question. The current regulatory grammar in APAC (Project Guardian funds and asset-management workstream, the SCS framework) does not directly address how a permissionless wrapper around a permissioned tokenised security should be regulated.