Summary
- LACNIC escrow-and-settlement-trust analysis asks why IPv4 transfers need credible closing mechanics around payment, document exchange, seller cooperation and buyer technical readiness.
- Settlement risk rises when scarce addresses are capital-like assets but registry updates, bank review, cross-border payments and operational handover move on different clocks.
- A credible regional ledger should preserve finality, evidence and portability without becoming an escrow intermediary, price ministry or capital-control gatekeeper.
An IPv4 transfer in the LACNIC region does not fail only when somebody lies. More often it fails in the uneasier middle ground where each party has done something real, yet no one can say the deal is finished. The buyer has sent money, but the seller still appears in the registry record. The seller has signed the agreement, but the bank has not released funds. A corporate secretary has approved the sale, but a registry contact is stale. The registry has acknowledged a request, but RDAP still shows the old holder. The record changes, but reverse DNS, RPKI, route objects, abuse contacts and customer allowlists still point backward.
That is the economics of escrow and settlement trust. It is the point at which scarcity becomes a payment problem, registry architecture becomes a legal problem, and bookkeeping becomes a capital-market problem. The harder question is not whether LACNIC should approve or disapprove of trade. A registry whose core reason for being is uniqueness should not become a market priest. The question is how a thin ledger can preserve finality when private parties, banks, lawyers, operators and registry staff touch a scarce asset at different speeds.
In ordinary assets, closing has a grammar. Securities, land and commodities each use specialised records, escrow arrangements and payment rails to answer the same question: when has value moved, who bears loss if something breaks, and what record can third parties rely on after closing? IPv4 lacks that settled grammar. It has contracts, invoices, registry procedures, private intermediaries, routeability checks and operational handovers. It has the market facts of capital without the institutional maturity that capital usually demands.
LACNIC matters because Latin America and the Caribbean are not one legal, banking or operational environment. The region contains civil-law and common-law systems, large national carriers, small island markets dependent on correspondent banking, dollarised and local-currency payment practices, family-owned networks, public universities, municipal operators, hosting firms and cross-border buyers that may treat a LACNIC-region block as global inventory. A registry record may sit in one regional system; payment may pass through another jurisdiction; beneficial-ownership checks may be assessed elsewhere. The transaction is regional in record form and global in economic effect.
Escrow is supposed to make this complexity bearable. It separates willingness from completion. The buyer should not send irreversible payment directly to a seller before the seller can deliver the registry outcome and operational handover being purchased. The seller should not surrender control before the buyer has put good funds beyond unilateral recall. Yet escrow becomes a fog machine if release is not defined. Does completion mean signatures, funded escrow, registry acceptance, registry completion, RDAP update, RPKI control, reverse-DNS handover, abuse-contact change, a quiet period, or a combination of these?
The correct settlement frame begins with restraint. The registry should protect uniqueness, accuracy, continuity, transfer records, proof of control, security assertions and dispute metadata. It should not decide whether capital deserves to move, whether a seller should monetise scarcity, whether a buyer's business model is attractive, or whether a cross-border payment expresses the right regional morality. Those questions belong to holders, counterparties, courts, banks and public law. The ledger's job is narrower: tell the truth about who is recorded, what changed, when it changed, under what evidence, and whether a dispute or hold affects reliance.
The closing room has more than one clock
The first mistake in IPv4 settlement is to imagine a single closing moment. In practice, several clocks run at once. The contract clock starts when the parties sign. The funding clock starts when the buyer's money is received by escrow, cleared through the banking system and no longer revocable in ordinary circumstances. The registry clock starts when the relevant request is submitted and continues until the record is updated. The operational clock starts when engineers can control announcements, RPKI, reverse DNS, abuse contacts and related routing evidence. The reliance clock starts when customers, upstreams, security systems and counterparties treat the buyer as the practical controller of the address space. A clean transaction aligns these clocks. A risky one lets them drift apart.
This is not a drafting nicety. It determines who carries risk. If documents are signed but funds are not settled, the seller bears buyer-credit risk. If funds are settled but the registry record is unchanged, the buyer bears delivery risk. If the registry record changes but routing evidence remains with the seller, the buyer has ledger control without operational completeness. If routing changes before payment is secure, the seller has surrendered practical control before receiving value. If RPKI or reverse DNS is neglected, the buyer may receive a block that is nominally transferred but commercially impaired.
The clocks matter more in the LACNIC region because cross-border settlement can be uneven. A buyer may pay in dollars through a correspondent bank. A seller may receive into a local-currency account. The escrow provider may sit in yet another jurisdiction. Compliance review may ask for beneficial-ownership evidence, tax documents, source-of-funds explanations or sanctions-screening clarification. A public institution may need internal approvals before it can sign a release. A small ISP may depend on one director's signature and one bank officer's understanding of a transaction category the bank rarely sees. In parts of the Caribbean, de-risking can make an ordinary transfer feel exotic to the payment system. In larger South American markets, tax, currency and corporate-authority evidence can introduce different friction. This is the institutional cost of closing a scarce network asset across finance, law and operations.
Because clocks differ, completion language must be precise. A purchase agreement that says funds will be released "on transfer" is not good enough. Transfer can mean different things to different actors. A lawyer may mean legal assignment. A seller may mean registry submission. A buyer may mean recorded holder update. An engineer may mean stable routeability and control of routing-security artifacts. A bank may mean cleared payment instructions and compliance approval. The term should be decomposed rather than worshipped.
The most sensible model is staged finality. Early stages confirm identity, authority and block description. Middle stages place funds in escrow and submit the registry request. Later stages verify the ledger update and hand over operational controls. A final quiet period can handle obvious clerical errors, failed contact changes, broken reverse DNS, RPKI transition problems or known adverse claims that surface immediately after the record changes. The quiet period should not be a general option for buyer remorse or seller regret. It should be narrow, documented and tied to defects that affect the promised settlement package.
Such staging is not bureaucracy for its own sake. It is how a market compensates for the fact that IPv4 is both a number and a capital asset. A number can be written in a database instantly. Capital cannot be moved safely merely because a field changes. The asset's economic value depends on a chain of reliance. Closing is therefore not one click; it is the managed convergence of documentary, financial, registry and operational clocks.
Scarcity turns payment timing into governance
Payment timing becomes political when the asset is scarce. If IPv4 were abundant and low value, a failed handover would be annoying but replaceable. The buyer could request more addresses, renumber with less pain or abandon the transaction. Scarcity changes the bargaining position. A buyer may need the block for a product launch, a datacentre expansion, a cloud migration, a mobile service, a banking customer, a government contract or a hosting cluster. A seller may rely on proceeds for debt, investment, network upgrade or shareholder return. Delay is no longer administrative inconvenience. It is financing cost.
This is why registry restraint matters. When a registry adds uncertainty to settlement, it does not merely slow paperwork. It changes the price of the asset. A buyer who cannot predict when the record will change will discount the purchase. A seller who cannot predict when funds will release will demand stronger deposits or avoid the market. An escrow provider who cannot define release conditions will widen fees or refuse the transaction. Banks that do not understand the asset will intensify diligence. Lawyers will write broader conditions. Brokers, where present, will be rewarded not only for finding counterparties but for navigating institutional opacity. The cost of capital rises.
The old registry vocabulary cannot absorb this transformation. A registry may describe number resources as administrative entries, but the market does not wait for conceptual permission. When an address block is scarce, transferable, financeable, useful in production and capable of supporting revenue, it behaves as capital. The settlement layer then has to answer capital questions: who holds risk before closing, what evidence defeats fraud, what event releases payment, when reliance becomes final, and who bears loss if the record is reversed or challenged.
These questions should not be answered by making the registry thicker. A thicker registry may appear protective at first: more questions, more explanations, more delay and a broader public-interest pose. But if its questions are not limited to ledger integrity, it begins to perform capital allocation without balance-sheet responsibility. That is mandate laundering in settlement form. A narrow function is wrapped in regional care, market protection, anti-speculation or community stewardship until it looks like authority over value movement. Private power enters as bookkeeping. Capital control exits as governance.
The better answer is to let payment timing discipline the parties while keeping the registry inside its lane. Escrow should manage counterparty risk. Banks should manage banking-law and AML obligations. Lawyers should manage contract, authority and remedies. Engineers should manage handover. The registry should manage record integrity and uniqueness. Courts or agreed forums should manage contested rights. No one actor should pretend to do all these jobs.
In the LACNIC region, this separation is especially important because the temptation to speak in protective language is strong. Smaller networks, public institutions and less liquid markets do need protection from predatory transactions. But protection does not require a registry to become a gatekeeper over commercial deservingness. Smaller actors are often harmed most by uncertain procedures because they cannot finance long delays, hire large legal teams or cultivate institutional familiarity. They need predictable release mechanics, clear evidence standards and reliable records. Price can be negotiated; discretionary delay is harder to price.
Escrow is a bridge, not a second registry
Escrow's virtue is that it is temporary. It exists because there is a dangerous interval between commitment and finality. During that interval, money should not sit exposed to seller default, and the resource should not sit exposed to buyer default. The escrow provider receives funds, verifies agreed conditions and releases value according to instructions. Its legitimacy comes from narrowness. It is not supposed to decide whether the IPv4 market is good, whether scarcity should be monetised, or whether the buyer's future use of addresses has social merit.
That narrowness should be explicit in IPv4 transactions. A good escrow instruction does not say, "release when the escrow provider is satisfied that the deal is fair." It says what documentary and registry facts must exist. It may require evidence of cleared funds, signed transfer documents, seller authority, buyer acceptance, registry update, absence of a specified dispute notice, control of relevant operational artifacts and completion of defined handover steps. The provider can verify those facts because they are external to the provider's moral preference. If a dispute arises, the provider can hold funds while parties use the agreed remedy process. It does not need to become a private court.
The danger is that escrow can be made to imitate the worst habits of the registry layer. If release depends on broad discretionary comfort, the provider becomes another gatekeeper. If the provider relies entirely on registry mood rather than defined ledger events, it amplifies institutional uncertainty. If the provider asks banking-style questions unrelated to legal compliance or transaction risk, it can drift into capital-control behavior. If it treats the address block as suspicious merely because it is scarce and valuable, it repeats the old mistake of treating market reality as a moral defect.
Escrow should instead be designed around the distinct risks of IPv4 closing. The first is authority risk: whether the seller can bind the holder and cause the promised record change or operational delegation. The second is funding risk: whether the buyer has placed good funds beyond unilateral recall. The third is ledger risk: whether the registry record can be updated accurately without duplicate or conflicting claims. The fourth is operational risk: whether the buyer receives the practical controls that the contract promises. The fifth is reversal risk: whether an adverse claim, fraud allegation or procedural defect can unwind reliance after funds move.
This mapping is also how escrow avoids becoming a second registry. The provider does not decide who owns the number resource in the metaphysical sense. It follows agreed evidence about a transfer of economic rights and recorded control. It does not create uniqueness. It waits for the ledger that protects uniqueness to record the required change. It does not police routing morality. It verifies the operational artifacts specified in the contract. It does not overrule banks. It requires that funds have cleared and compliance holds have been resolved. Its job is to hold the bridge while parties cross, not to declare itself the territory.
For LACNIC-region deals, the bridge metaphor is useful because the parties may stand in different institutional environments. The seller's corporate authority may be documented differently from the buyer's expectation. The buyer's bank may impose unfamiliar evidence demands. The registry process may be legible to network staff but not to finance departments. Escrow translates these differences into a sequence. It makes them less dangerous by preventing one side from fully performing while the other remains free to walk away.
The seller's default problem
Seller default in IPv4 transactions is often imagined as simple fraud: a seller takes money and refuses to transfer. That can happen. But the more common settlement risk is subtler. The seller may be willing but not actually able to deliver on schedule. The authority chain may be incomplete. The person negotiating may be a technical contact rather than a legal officer. A board approval may be missing. A shareholder dispute may surface. A public institution may discover that disposal of the address space needs a procurement, audit or ministry process. A family-owned company may have internal disagreement after seeing the final price. A seller may have promised a clean block without understanding stale reverse DNS, customer assignments or RPKI controls.
Escrow protects the buyer by refusing to treat seller intention as delivery. Before funds can be released, the seller should have produced evidence that the holder can act, the block is correctly identified, the agreed transaction category is possible, and the required record change or operational handover has occurred. The key is not to punish sellers with excessive paperwork. It is to identify the few documents that prove authority and prevent a buyer from paying for a promise that cannot bind the holder.
In the LACNIC region, seller-authority evidence may vary widely. A large carrier may have formal board minutes, corporate seals, delegated officers and counsel. A small ISP may have a leaner corporate file, with practical control concentrated in a founder or managing director. A university or public body may have technical control but not commercial disposal authority. A company that has merged, reorganised or changed names may need to connect old registry records to current legal identity. The settlement file must be flexible enough to recognize different legal forms and strict enough to prevent a stale contact from monetising a block without authority.
Seller default can also occur after registry submission. The seller may stop cooperating during questions, fail to provide additional evidence, delay operational handover, refuse to update abuse contacts, or leave route objects and reverse DNS in a state that makes the buyer's use harder. If escrow releases solely on registry submission, the buyer bears this risk. If escrow releases solely after every operational detail is perfect, the seller may be trapped by minor items that do not go to the substance of transfer. The release schedule should therefore distinguish between essential and remediable obligations.
Essential obligations are those without which the buyer does not receive what it paid for: effective recorded control where a transfer is promised, or effective operational use where a lease or delegation is promised. Remediable obligations are narrower: cleanup of a stale contact, correction of a typo, a reverse-DNS adjustment, delivery of a final letter, or cooperation with geolocation updates. For those items, holdbacks can work better than full non-release. The main price can release after essential delivery while a portion remains in escrow until cleanup occurs.
The seller's default problem also explains why dispute windows must be defined before closing. If a buyer can object vaguely after receiving control, it may use defects as price renegotiation. If a buyer has no post-close remedy for undisclosed adverse claims, it overpays for risk. A narrow window for specified defects is superior to indefinite uncertainty. The window should be long enough to detect immediate settlement defects and short enough to protect finality. The market cannot function if every transfer remains permanently provisional.
Seller risk should not be solved by giving the registry broad discretion to decide whether a seller deserves to sell. That would confuse authority verification with moral permission. The registry may require proof that the recorded holder authorizes the update and that the ledger will remain accurate. It may refuse forged, conflicting or incomplete changes. It should not turn seller default risk into a general theory of market control. Escrow, warranties, holdbacks, courts and insurance-like private assurances are better tools for private default. The registry's role is to keep the book truthful.
The buyer's default problem
Buyer default is the mirror image, and it is just as important. A seller who signs transfer documents before secure funding may surrender leverage. A buyer may promise payment after registry update and then delay, raise new objections, invoke bank problems, dispute minor defects, or discover that its own board, lender or compliance team is not ready. In a cross-border transaction, the seller may be asked to trust a payment path it cannot inspect. If registry procedures require seller cooperation before funding is secure, the seller becomes an involuntary creditor.
This is why funded escrow should usually precede irreversible seller performance. A buyer that is serious should be able to place funds into an account governed by release instructions, subject to legitimate banking and compliance checks. The seller then knows that the buyer's money exists and that non-payment cannot be used casually as leverage after the seller has acted. The buyer still retains protection because funds release only when agreed conditions are satisfied. The seller gains protection because the buyer cannot receive delivery while keeping money entirely under its own control.
Funding is not always simple. In Latin American and Caribbean transactions, payment may involve currency conversion, offshore dollar accounts, correspondent banks, capital-movement reporting, tax withholding, invoice formalities and beneficial-ownership review. A buyer may be commercially sound but delayed by bank screening. A seller may distrust a payment route because its bank asks unexpected questions. Escrow instructions should account for this by separating deposit obligation from release obligation. If funds are not accepted or cleared by a specified date, the seller should not have to continue performing indefinitely. If funds arrive subject to unresolved bank hold, the transaction should not pretend the buyer has fully performed.
Buyer default can also be operational. A buyer may be funded but technically unprepared. It may not know how it will announce the block, manage RPKI, update reverse DNS, handle abuse contacts, adjust geolocation, or coordinate customer migration. If the contract requires the seller to hand over operational artifacts, the buyer must be ready to receive them. A seller should not be blamed for delayed completion when the buyer has failed to provide necessary routing information, nameserver data, contact details or technical representatives.
There is also regulatory default. A buyer may fail AML, sanctions, beneficial-ownership or source-of-funds checks imposed by the escrow provider or bank. That failure should not be disguised as registry policy. Banking law and payment-system risk are real, but they belong to banks, escrow providers and public authorities. If the buyer cannot pass those checks, the seller should have termination rights after a defined period. The registry should not convert a bank's unresolved diligence into a generalized judgment that the transaction is illegitimate. Nor should it force the seller to keep the asset frozen while the buyer tries to satisfy an unrelated financial institution.
Buyer default risk can be reduced through deposits, deadlines and staged obligations. An initial deposit can compensate the seller for time off market if the buyer fails to fund. A funding deadline can prevent indefinite reservation. A technical-readiness covenant can require the buyer to submit routing, contact and security information before final registry steps. A cooperation covenant can require the buyer to answer reasonable registry or escrow questions without delay. These are private-law tools. They are more precise than registry discretion because they allocate risk to the party best able to control it.
Registry timing is not commercial approval
The registry record is central because it is the shared evidence layer. It tells third parties who is recorded in relation to a number resource, what contacts exist, and which security and publication services are associated with it. In an IPv4 transfer, the record is not a decorative formality. It is part of the asset's economic usability. Yet the significance of the record should not be confused with a broader power to approve capital movement.
The thin-ledger view is simple. The registry may verify that the requested change is authentic, coherent, non-duplicative and consistent with the minimum rules needed to preserve uniqueness and accurate publication. It may ask whether the current holder has authorized the change. It may require enough evidence to avoid fraud. It may record transfer history and dispute metadata. It may ensure that the record after the change will be usable by operators, relying parties and the public. That is real work. It is not trivial. It is also not the same as deciding whether the buyer's business is worthy or whether the seller's monetisation of scarcity is virtuous.
Registry timing becomes dangerous when parties make it the sole trigger for commercial finality without defining which registry event matters. Acknowledgment is not completion. Acceptance for review is not completion. A request for additional documents is not refusal. A database update may be completion for the ledger but not for operational handover. A hold or dispute notation may affect reliance differently from an outright rejection. Contracts should avoid treating "LACNIC approval" as a magic phrase and instead specify the record state required for release.
The registry itself should also resist the temptation to speak beyond its record. If it says a transfer has been recorded, that should mean the ledger has changed according to defined procedures. It should not imply that the registry has blessed the price, endorsed the commercial contract, certified tax compliance, guaranteed routeability, insured title, approved future use or declared the absence of all private disputes. Overstatement creates reliance the registry is not capitalized or designed to support. Understatement creates uncertainty the market cannot bear. The correct posture is precise modesty.
For LACNIC-region transactions, precision is particularly useful because many counterparties will be translating registry events for banks, auditors, tax advisers and boards. A finance officer may ask whether the asset has been delivered. A bank may ask whether payment can be released. A board may ask whether the company now controls the resource. An engineer may ask whether it can safely announce. Each question touches the registry record but is not identical to it. A disciplined closing package should translate registry timing into the language each actor needs without giving the registry a role it does not hold.
Running-code primacy supplies the deeper discipline. The registry record matters because running networks and relying parties need stable, accurate evidence. It does not matter because a private institution possesses metaphysical authority over the capital embodied in scarcity. When procedure conflicts with the continuity of functioning networks and the truthful state of holder control, the system should privilege operational reality and accurate records over ceremonial approval. The record should follow lawful, evidenced control; it should not manufacture power over control.
Operational handover is part of settlement trust
An IPv4 block can be recorded correctly and still be difficult to use. That is why settlement trust must include operational handover. The buyer does not buy an abstract line of text. It buys the ability to deploy scarce address space in a world where routing filters, RPKI, reverse DNS, abuse desks, geolocation databases, customer allowlists, email reputation and upstream acceptance affect value. The registry record is foundational, but it is not the entire settlement package.
RPKI is an obvious example. If route-origin authorization remains under the seller's control, or if old authorizations create conflict, the buyer may face route validation problems or operational uncertainty. If the buyer needs to create new ROAs but lacks the necessary access or certificate state, closing is incomplete in a practical sense even if the holder field has changed. Reverse DNS can create similar friction. Payment companies, mail systems, hosting customers and enterprise security teams often care about reverse-DNS consistency. Abuse contacts matter because early post-close complaints can shape the buyer's reputation and the seller's residual exposure. RDAP and Whois visibility matter because counterparties use them to decide whom to contact and whom to trust.
These operational artifacts should not be made into excuses for indefinite settlement delay. They should be specified and prioritized. Some are essential to the transaction's intended use. Others are cleanup items. For a buyer acquiring space for immediate announcement, RPKI and route-related handover may be central. For a buyer holding space as inventory before deployment, immediate routeability may matter less. For a regulated customer deployment, reverse DNS and abuse-contact transition may be material. For a pure holder transfer, some operational steps may be post-close covenants rather than release conditions.
The seller also has legitimate interests during operational handover. It may need to remove old customer assignments, avoid sudden abuse escalations, coordinate withdrawal of announcements, preserve evidence that its responsibility has ended, and ensure that the buyer does not announce prematurely in a way that creates confusion. If the seller is still carrying traffic on part of the block, transition must be staged. If the block has old customers, renumbering or reassignment may be required. If old route objects exist in multiple databases, cleanup may take time. These are not reasons to block settlement; they are reasons to define a transition plan.
Operational handover is where the bookkeeper-not-gatekeeper principle becomes practical. The registry can support handover by maintaining accurate contacts, security services, transfer history and dispute metadata. It should not take over the engineering project. It should not decide whether a buyer's network design is optimal. It should not police commercial use through the back door of operational review. Its concern should be whether the public record and associated registry-supported services reflect the evidenced change accurately and safely.
In the LACNIC region, operational handover may be complicated by uneven technical capacity. Large buyers may have mature IPAM systems, RPKI automation and dedicated routing teams. Smaller buyers may rely on upstreams, consultants or hosting providers. Sellers may be sophisticated carriers or quiet legacy holders whose address records have not been touched for years. A settlement process that assumes all parties have the same engineering maturity will either overburden small actors or underprotect buyers. The right model is modular: define which operational elements matter for this transaction, assign responsibility, set dates, preserve evidence, and use holdbacks or covenants for cleanup.
Dispute windows must protect finality, not destroy it
Every settlement system needs a way to handle defects. It also needs a way to stop handling them. Without a dispute window, fraud and mistake can pass unchecked. With an endless dispute window, no transfer is final. The institutional problem is to preserve correction without making all transactions permanently provisional.
IPv4 transfers are vulnerable to several kinds of post-close dispute. A former officer may claim the seller lacked authority. A creditor may allege that the asset was transferred improperly. A buyer may discover undisclosed operational impairment. A seller may allege non-payment or breach of release instructions. A third party may claim prior rights. A bank may raise a late compliance hold. A registry may receive inconsistent notices from contacts whose authority is unclear. Some disputes go to the core of transfer validity. Others are commercial warranty claims. Others are merely operational defects dressed up as rescission arguments.
The settlement architecture should classify these disputes before they occur. Core validity disputes can justify a hold, notice, or, in extreme cases, a freeze on further changes while evidence is assessed by the agreed forum. Commercial warranty disputes should generally affect damages, holdbacks or indemnity, not the public record, unless the contract and applicable law say otherwise. Operational cleanup disputes should be handled through specific performance, service credits, holdbacks or cooperation covenants. The registry should not become the place where every category collapses into one emergency.
Reversal is the most dangerous remedy because it attacks reliance. Once a buyer is recorded, announces the block, updates customers, configures security systems, changes reverse DNS and builds services, reversing the record can harm not only buyer and seller but also downstream users. Sometimes reversal may be necessary, especially in cases of fraud or forged authority. But because reversal is costly, the threshold should be bright. A mere allegation should not automatically unwind a completed transfer. A credible, evidenced claim may justify a temporary notation or hold. A final adjudication may justify correction. The sequence matters.
The dispute window should also be short enough to be meaningful. A period of days or weeks for specified settlement defects may be reasonable depending on the transaction. An indefinite right to object is not a window; it is a cloud. Markets cannot price assets that may be clawed back whenever an old internal conflict resurfaces. If a serious hidden defect emerges later, ordinary law can still respond. But the registry record should not be held in permanent adolescence because private parties failed to define their remedies.
For LACNIC, finality is not merely a commercial convenience. It is a regional liquidity issue. If buyers believe LACNIC-region transfers are vulnerable to late reversal or unclear objection processes, they will discount offers. If sellers fear that registry uncertainty can trap payment, they will avoid the market or demand more money. If banks and escrow providers cannot explain when a transfer is final, they will treat the transaction as unusual risk. Finality lowers the cost of capital. That is why a thin ledger must be firm as well as modest.
AML diligence belongs to payment rails, not the number ledger
IPv4 transfers involve money, and money attracts financial diligence. In cross-border LACNIC-region transactions, escrow providers and banks may need to understand the parties, beneficial owners, source of funds, sanctions exposure, politically exposed persons, tax documentation, invoice description and purpose of payment. These checks can be frustrating, especially when bank staff are unfamiliar with number resources. But they are not imaginary. Payment rails are regulated, and escrow providers cannot ignore the rules that govern their accounts.
The important boundary is institutional. AML and bank diligence should not be laundered into registry authority. A bank may refuse to process a payment because it cannot verify a beneficial owner. An escrow provider may hold funds while a sanctions false positive is resolved. A seller's bank may ask for documentation about why a foreign buyer is paying for an intangible network resource. These are payment-system events. They should affect funding deadlines, release conditions and termination rights. They should not cause the registry to become a financial regulator or capital-control gatekeeper.
The registry may need to know enough about parties to prevent fraud against the ledger. It may need to verify holder authority, contact authenticity and the consistency of transfer evidence. That is not the same as reviewing source of funds. It may receive notices that a transaction is subject to a legal order or credible fraud claim. That is not the same as conducting bank due diligence. The line matters because if the registry begins to absorb AML logic, every transfer can become a discretionary economic-permission event. The ledger would stop being a record of holder control and become a gate through which capital must justify itself.
Payment actors can manage their own risk with better documentation. A closing file should describe the asset in plain commercial language, identify buyer and seller, show authority, state price and currency, explain the escrow structure, include invoices or settlement statements where appropriate, and provide tax or corporate documents required by the banks involved. The file should avoid mystical vocabulary. It should not pretend the registry is selling the addresses. It should say that parties are transacting over rights and recorded control associated with scarce Internet number resources, subject to registry record update and operational handover.
Latin American and Caribbean payment realities make this documentation especially valuable. Correspondent banks may be cautious with unfamiliar counterparties. Currency controls or reporting rules may exist in some jurisdictions. Smaller banks may ask more questions because they see fewer transactions of this type. Caribbean entities may face de-risking pressures unrelated to the merits of a particular IPv4 deal. Public-sector sellers may need audit trails. Private companies may need board-level explanations. A precise settlement package reduces the chance that a compliance officer fills the gap with suspicion.
The registry can help indirectly by keeping its record events clear and its role narrow. If the ledger produces reliable evidence of recorded holder change, banks and escrow providers can use that evidence without asking the registry to bless the transaction. If the registry's language implies broad discretion over commercial legitimacy, payment actors may treat registry uncertainty as financial risk. Narrowness is therefore not hostility to compliance. It is a way of letting each compliance system do its own work without contaminating the others.
AML diligence also should not be used by private parties as opportunistic delay. A buyer should not invoke vague bank review after missing a funding deadline unless the review is real and evidenced. A seller should not refuse reasonable payment documentation and then claim the buyer failed to fund. Escrow instructions can address this by requiring timely production of compliance documents, notice of holds, deadlines for curing payment obstacles and termination rights if the payment path remains blocked. Again, the cure is defined procedure, not registry discretion.
Brokers, prices and title insurance are separate questions
Escrow trust is sometimes confused with three neighbouring problems: broker conduct, price transparency and the analogy with title insurance. They overlap at closing, but they are not the same problem. A broker may introduce counterparties, test demand, describe a block, gather documents and keep a transaction moving. That does not make the broker a market regulator. If a broker withholds known defects or favours one side, private law and professional discipline should respond. The registry should not answer broker risk by turning every trade into an approval hearing.
Price transparency is also distinct. A more visible market can lower search costs and reduce insider advantage. That may help a university, a municipal network or a small provider judge whether an offer is credible. But public price data cannot substitute for settlement mechanics. A buyer can know the market price and still lose money if funds release before the registry record and operational controls move. Transparent prices improve negotiation; they do not establish finality.
The title-insurance analogy is useful only if kept modest. Land markets developed insurers, registries and closing providers because defects can surface after a sale. IPv4 has similar anxiety but a different asset: a routable, scarce number resource whose value depends on public records, network acceptance and control of operational artefacts. A private assurance product may one day cover forged authority, undisclosed claims or reversal risk, but that would be a contract about loss allocation. It would not be a substitute registry, a guarantee of future routeability or a licence for capital movement.
Keeping these questions separate improves discipline. Brokers help counterparties find deals. Price information helps parties value scarcity. Insurance-like assurances can shift defined residual risks. Escrow aligns money and performance. The registry records the evidenced state of a unique resource. When one institution tries to perform all five tasks, it becomes opaque and dangerous.
Finality is the asset the ledger sells
The registry does not sell IPv4. It does not create the value of the address block. Operators, scarcity, customer demand, routing reliance and accumulated network practice create that value. But the registry does provide one indispensable service to the market: finality of the public record. If that finality is weak, the asset is worth less. If it is strong, predictable and narrow, the asset becomes easier to trade, finance and deploy.
Finality does not mean error can never be corrected. A forged transfer should not be protected merely because it was recorded. A duplicate claim should not be allowed to stand because someone moved quickly. A court order may require action. But finality means that after defined procedures and dispute windows, ordinary reliance should be safe. Third parties should be able to read the record and act without wondering whether every past transaction is a live political question.
This is where the bookkeeper metaphor is most useful. A good bookkeeper is not passive. It verifies entries, preserves audit trails, prevents double entry of the same asset in inconsistent ways, records corrections and makes the book reliable. But a bookkeeper who starts deciding whether the business should have made the sale has changed role. The LACNIC ledger should be strong in the first sense and restrained in the second. Its authority comes from accuracy, not from moral supervision.
The economics of finality are visible in price. A block with clean records, clear holder authority, no unresolved disputes, coherent security metadata and predictable transfer mechanics commands more confidence than a block surrounded by procedural uncertainty. Buyers discount uncertainty. Lenders hesitate around uncertainty. Auditors ask more questions. Sellers face thinner demand. Settlement finality is therefore not an administrative afterthought. It is part of the asset's quality.
A thin ledger also protects weaker participants. If finality depends on personal familiarity, institutional mood or opaque discretion, large players can navigate it better than small ones. They can hire counsel, cultivate intermediaries and absorb delay. Smaller sellers and buyers need rules they can read, evidence they can gather and timelines they can plan around. Finality is egalitarian when it is rule-bound; it is regressive when it is discretionary.
The ledger should also preserve dispute metadata without weaponising it. If a credible claim exists, the record may need to show that status. If a transfer is under court order, that fact may matter. If a hold prevents further movement, counterparties should know. But not every complaint deserves the same public effect. A notation should be proportionate to evidence and consequence. Otherwise parties can use allegations to poison marketability. A dispute field can protect reliance; it can also become a cheap weapon if thresholds are weak.
In the end, the public record's value lies in telling third parties when they may stop asking yesterday's question. Who is the holder now? Which contacts are current? What security assertions attach? Is there a known dispute affecting reliance? If the record answers those questions reliably, it has done its job. If it tries to answer whether the market should exist, it has left its job.
The registry must not become a capital-control gatekeeper
Every settlement friction creates an invitation to expand authority. Fraud risk invites more verification. Payment risk invites more documentation. Cross-border risk invites more compliance language. Dispute risk invites more holds. Operational risk invites more technical review. Each expansion can sound reasonable in isolation. Together they can turn a registry from a uniqueness ledger into a capital-control gatekeeper.
The danger is not that controls exist. Some controls are necessary. Forged authority should be blocked. Duplicate claims should be prevented. Contacts should be authenticated. Security metadata should be protected. Transfers should leave an audit trail. Emergency holds may be justified when credible evidence shows imminent harm to the ledger. The danger is using these necessary controls as a bridge to broader commercial supervision. Once the registry asks whether capital movement is desirable, whether regional value should be retained, whether a holder has morally earned liquidity, or whether a buyer's business model is acceptable, it has crossed the line.
In a scarce IPv4 market, this line has distributional consequences. A capital-control registry may claim to protect local interests, but it can trap local holders. A small operator that wants to sell surplus space to finance network upgrades may face delay. A public institution may be pushed into opaque workarounds. A buyer serving regional customers may be unable to expand. A seller may accept a lower price from the only counterparty willing to endure uncertainty. Liquidity leaves the formal market and returns as private negotiation, insider advice and fear.
The better institutional design is bright-line restraint. The registry verifies holder authority, record accuracy, uniqueness and relevant security state. It records the transfer if those conditions are met. It records disputes when evidence justifies it. It maintains continuity of RDAP, Whois, reverse DNS and RPKI services. It publishes clear status. It does not review price. It does not approve business models. It does not convert AML concerns into registry permission. It does not use regional rhetoric to override holder rights.
Holder rights are central. The lawful holder who operates, finances, maintains and bears the risk of a number resource is not a tenant of institutional grace. The registry record describes that holder's relationship to the resource; it does not create a superior ownership claim in the registry. When the holder chooses to transfer, lease, pledge or otherwise commercialize the resource subject to law and valid contracts, the registry's concern should be whether the ledger remains truthful and unique.
Portability sits behind this argument. A holder who cannot leave a registry system is exposed to lock-in. Even if LACNIC operates competently in ordinary cases, no registry should be the permanent gate through which holder capital must pass without exit. Portability disciplines registries by making service quality and restraint matter. In settlement terms, it would lower the premium attached to local institutional uncertainty.
This does not mean abolishing regional service. Local expertise, language support and regional knowledge can be useful. A registry can understand Latin American and Caribbean operating conditions without claiming to decide whether value may move across borders. It can be regional in service without being territorial in authority.
Capital-control temptation should be named early because it rarely announces itself as control. It appears as protection, prudence, stewardship, fairness, anti-speculation or community concern. Some of those concerns may be sincere. But sincerity does not create mandate. A mailing list, a board policy or a service-region narrative cannot authorize a private registry to govern the economic destiny of assets whose value is created by operators and relied upon by customers. The ledger may record. It may coordinate. It may protect uniqueness. It may not rule.
A better settlement architecture points beyond the present registry model
The best version of LACNIC escrow practice would make transfers safer, but it would not solve the deeper architectural problem. Escrow can align payment and delivery. Contracts can define dispute windows. Banks can improve documentation. Engineers can professionalize handover. The registry can narrow itself to truthful records. Yet the system would still depend heavily on a regional registry as the source of public finality. That dependence is why settlement risk is so intense.
A better long-term model would make proof of holder control more portable, audit trails more tamper-evident, dispute metadata more standardized and record transitions more locally verifiable. Parties would still need contracts and payment rails, but they would not need to treat one institution's discretionary recognition as the center of commercial reality. The common layer would contain only what running networks require: uniqueness, proof of control, accurate records, security assertions, transfer history, dispute status, auditability, portability and replacement paths. Everything else would remain closer to the holder, the market, the court, the bank or the operator.
This is why the Number Resource Society direction matters at the end of the settlement debate. Its significance is not promotional. It supplies the only positive institutional model that fits the economics of scarcity without converting scarcity into registry rent. Exit rights instead of enforced permanence, portability instead of lock-in, redundancy instead of monopoly, mechanisms instead of moral narratives: these principles are not slogans when applied to escrow. They are settlement infrastructure.
Imagine an IPv4 transfer where the holder's control proof is cryptographically verifiable, the chain of prior state is auditable, dispute flags have defined thresholds, security assertions can move under deterministic rules, and registry service providers compete to maintain publication rather than monopolize recognition. Escrow would still exist because money and performance would still need sequencing. But escrow would release against clearer state transitions. Banks would receive better evidence. Buyers would discount less for registry uncertainty. Sellers would not have to trust a single gatekeeper's mood.
Such a model would also reduce the pressure on LACNIC itself. A registry asked to be bookkeeper, fraud controller, settlement oracle, market guardian, compliance interpreter and regional steward will disappoint someone. A registry confined to accurate, portable, verifiable records can be judged by a narrower and more useful standard. Did it keep the book accurate? Did it preserve uniqueness? Did it maintain publication and security continuity? Did it record the evidenced state without converting procedure into power?
The transition would not be instant. Existing contracts, records, banks, courts and routing systems would continue to matter. But settlement practice can begin moving in that direction now by refusing false unity. Payment is not registry approval. Registry update is not operational completeness. AML diligence is not capital governance. Escrow is not a court. A broker is not a licensing authority. A service region is not an owner. A ledger is not a sovereign.
The LACNIC-region IPv4 market needs trust, but it should be settlement trust rather than institutional faith. Settlement trust is built from defined evidence, aligned clocks, staged release, narrow dispute windows, accurate records, operational handover and finality that third parties can rely on. Institutional faith asks market actors to believe that a private coordinating body will always exercise restraint while sitting above scarce capital. The first can scale. The second becomes more fragile as value rises.
IPv4 scarcity has made the old ambiguity expensive. It has turned transfer timing into financing cost, registry update into asset delivery, bank diligence into closing risk, and operational handover into part of value. LACNIC can help the region by keeping its ledger precise and modest. Market actors can help by building escrow practices that respect the difference between record, money and routeability. The future architecture should go further, toward portable proof and decentralized continuity. That is the sober promise of the Number Resource Society model: not a new throne above the old one, but a way to make the throne unnecessary.
Sources and further reading
These references provide the article's public doctrine and background context. They are used for institutional-economic framing, not for adopting any registry or official-sector narrative.
- Lu Heng, all notes index: https://heng.lu/all-notes/
- The Policy Mirror: https://heng.lu/the-policy-mirror/
- The Bill of Rights of Uniqueness Coordination: https://heng.lu/the-bill-of-rights-of-uniqueness-coordination/
- The Multi-Stakeholder Mirage: https://heng.lu/the-multi-stakeholder-mirage-how-the-multi-stakeholder-model-turned-attendance-into-mandate/
- The Registry Continuity Fallacy: https://heng.lu/the-registry-continuity-fallacy-protect-the-ledger-not-the-gatekeeper/
- Running-Code Primacy: https://heng.lu/running-code-primary-the-patch-needed-to-preserve-the-internet-original-design/
- The Poverty Penalty: https://heng.lu/the-poverty-penalty-how-the-rir-model-taxes-the-poor-while-calling-it-equality/
- Sovereignty inversion: https://heng.lu/from-double-extraction-to-sovereignty-inversion-how-nations-lose-sovereign-control-to-rirs-for-us100/
- Registry power and liability: https://heng.lu/on-when-registry-power-detaches-from-liability-why-the-present-rir-coordination-model-cannot-survive-in-its-current-form/
- Number resources are not political property: https://heng.lu/on-internet-number-resources-are-not-political-property/
- Thick RIR governance as double extraction: https://heng.lu/on-regional-internet-registries-thick-governance-turns-uniqueness-into-double-extraction/
- Registries must never become enforcers: https://heng.lu/why-registries-must-never-become-enforcers/
- RIR enforcement creep and IPv4 liquidity: https://heng.lu/on-why-rir-enforcement-creep-is-the-silent-killer-of-ipv4-liquidity-and-why-it-must-be-stopped/
- Cost structure of regional Internet registries: https://heng.lu/on-the-cost-structure-of-regional-internet-registries/
- Decentralising global IP address registration: https://heng.lu/on-decentralising-global-ip-address-registration-with-distributed-ledger-technology/
- Unlocking the hidden value of IPv4: https://heng.lu/unlocking-the-hidden-value-of-ipv4/
- Portability of number resources: https://heng.lu/on-portability-of-number-resources-and-the-icp-2-revision/
- Number Resource Society: https://nrs.help/
- BTW Media: https://btw.media/
- LARUS: https://larus.net/

