Tag: #DLT (Distributed Ledger Technology)

Introduction

Blockchain and distributed ledger technology (DLT) are transforming Nigeria’s digital economy, offering innovative solutions across finance, supply chain, and governance. As adoption grows, so does the need for a robust regulatory framework to ensure compliance, investor protection, and market stability. The Securities and Exchange Commission (SEC) and the Central Bank of Nigeria (CBN) have introduced regulations to guide Virtual Asset Service Providers (VASPs), Digital Investment Service Providers (DISP) and businesses leveraging blockchain. This article outlines Nigeria’s regulatory requirements, focusing on SEC’s 2024 Amended Digital Asset Rules, the Investment and Securities Act 2025 (ISA 2025), and CBN’s compliance rubrics, providing actionable guidance for businesses.

Understanding Nigeria’s Blockchain Regulatory Framework

Nigeria’s regulatory approach balances innovation with oversight. The SEC classifies most digital assets—stablecoins, utility tokens, and asset-referenced tokens—as securities unless proven otherwise, requiring registration for entities issuing, trading, or managing these assets targeting Nigerian investors. The CBN, while historically cautious about cryptocurrencies, has shifted to permit regulated VASPs to operate bank accounts under specific conditions, reflecting a pragmatic embrace of blockchain’s potential.

The National Blockchain Policy, approved in May 2023, underscores Nigeria’s commitment to blockchain adoption, though it lacks legislative force. It serves as a guide for businesses, emphasizing innovation and economic growth. The introduction of the eNaira, a central bank digital currency (CBDC), and Nigerium, a blockchain that is entirely owned and controlled by Nigeria, further highlights Nigeria’s blockchain integration, regulated by the CBN and NITDA respectively.

Key Regulatory Bodies and Their Roles

1. Securities and Exchange Commission (SEC): Oversees digital assets as securities under the ISA 2025, regulating VASPs, exchanges, and custodians. The SEC’s 2024 Amended Digital Asset Rules provide a comprehensive framework for compliance.
2. Central Bank of Nigeria (CBN): Regulates financial institutions and VASPs’ banking operations, enforcing anti-money laundering (AML) and know-your-customer (KYC) requirements.
3. National Information Technology Development Agency (NITDA): Supports blockchain adoption through initiatives like the National Blockchain Adoption Strategy and data protection regulations.

SEC Regulatory Requirements for VASPs

The SEC’s 2024 Amended Digital Asset Rules and ISA 2025 outline specific obligations for VASPs, categorized by their activities:

(a) Licensing Categories:

(i)Digital Asset Offering Platform (DAOP): Facilitates token or coin offerings.

(ii) Digital Asset Exchange (DAX): Operates trading markets, including Over the Counter (OTC) and brokerage models.

(iii) Digital Asset Custodian (DAC): Provides safekeeping and asset management.

(iv) Digital Asset Intermediary (DAI): Offers brokerage, advisory, or trustee services

(v) Operators may hold multiple licenses if they meet each category’s requirements.

(vi) Accelerated Regulatory Incubation Program (ARIP): A 12-month program allowing startups to test models under SEC supervision before full registration, ideal for refining innovative services.

(b). Corporate Governance

(i) Minimum of five directors, including one independent non-executive, a non-executive chairman, an executive with fintech expertise, and 60% Nigerian citizens.

(ii) CEO tenure capped at 10 years.

(iii)Mandatory board committees: Nomination, Governance, Audit, Remuneration, and Risk.

(c) Financial Requirements: DAXs and DACs require a minimum paid-up capital of ₦1 billion, with varying thresholds for other VASPs.

(d) Advertising Compliance:

(i) Advertisements must be SEC-approved, clear, and non-misleading.Prohibited claims include “double your money” or “secure your future.”

(ii) Unverified influencers are banned, and compliance with Advertising Regulatory Council of Nigeria (ARCON) guidelines is mandatory.

(e) Privacy Coins Ban: To combat money laundering and exit the FATF Grey List, Nigeria prohibits privacy coins that obscure transaction details or user identities.

(f) Foreign VASPs: Foreign operators not targeting Nigerians may qualify for a “reverse solicitation” exemption. However, active marketing (e.g., local ads, influencers, or events) triggers registration requirements. VASPs licensed in International Organization of Securities Commissions (IOSCO), West African Securities Regulators Association (WASRA), or reciprocal jurisdictions may apply for conditional exemptions if they meet Nigerian standards.

CBN Regulatory Compliance Requirements

The CBN’s regulatory framework, while not blockchain-specific, imposes critical compliance obligations on businesses using blockchain/DLT, particularly VASPs. Key requirements include:

a.  Guidelines on Operations of Bank Accounts for VASPs (December 2023): VASPs registered with the SEC can open bank accounts with CBN-regulated institutions, provided they obtain SEC license. However, CBN-regulated entities are prohibited from dealing in cryptocurrencies or facilitating payments for unregistered VASPs. Accounts of non-compliant entities must be identified and closed by banking and financial institutions.

b. Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Regulations (2019): VASPs must implement robust AML/CFT policies, including transaction monitoring and suspicious activity reporting, to prevent financial crimes.

c. Three-Tier KYC Requirements (2013): Businesses must verify customer identities through tiered KYC processes, ensuring traceability of blockchain transactions. This addresses anonymity concerns, requiring platforms to link user addresses to real identities.

d. Risk-Based Cybersecurity Framework (2019): VASPs must adopt cybersecurity measures, including governance, risk management, and resilience assessments, to protect digital assets and customer data.

e. Consumer Protection Framework: VASPs must safeguard consumer data and implement measures to prevent unauthorized disclosures, aligning with the Nigerian Cybercrime (Amendment) Act 2024.

These requirements ensure VASPs operate transparently and securely within Nigeria’s financial system, complementing SEC regulations.

Other Relevant Laws and Regulations

a. The NDPA-GAID 2025 provides detailed guidance under the Nigeria Data Protection Act 2023, setting data governance standards for all entities processing Nigerians’ personal data, locally or abroad. Blockchain businesses must carry out Data Privacy Impact Assessments, appoint certified Data Protection Officers, and file annual compliance audits if classified as major data controllers or processors. They must ensure transparency, implement privacy-by-design, uphold user rights, and obtain explicit consent for cookies and tracking on their platforms

b. Companies and Allied Matters Act (CAMA) 2020: Governs corporate registration and operations for all businesses, including fintechs.

c. Federal Competition and Consumer Protection Act (2018): Protects consumers from unfair practices, applicable to digital asset services.

d. Cybercrime (Amendment) Act 2024 mandates stricter compliance for electronic platforms handling user information, and enhancing enforcement against cyber fraud. Importantly for Virtual Asset Service Providers (VASPs), and blockchain-based services within the scope of its cybersecurity and data governance obligations mandates traceability of all transactions, log maintenance and cooperation with investigative authorities. The Act also introduces higher penalties for non-compliance with know-your-customer (KYC) obligations, aligning with Nigeria’s broader anti-money laundering (AML) strategy.

Practical Guidance for Businesses

1.Assess Your Business Model: Determine if your services fall under DAOP, DAX, DAC, or DAI categories and apply for the appropriate SEC licenses. Use ARIP for pilot projects.

2. Secure CBN Compliance: Register with the SEC to access banking services and implement AML/CFT, KYC, and cybersecurity measures to meet CBN standards.

3.Establish Governance: Appoint a compliant board with Nigerian representation and establish required committees to ensure transparency.

4.Mind Marketing Practices: Obtain SEC and ARCON approval for ads, avoiding misleading claims or unverified influencers.

5.Avoid Privacy Coins: Ensure your platform does not support privacy coins to comply with Nigeria’s anti-money laundering efforts.

6. Prepare Financially: Meet the ₦1 billion capital requirement for DAXs/DACs and budget for registration fees and compliance costs.

7.Foreign Operators: If the intention is to target foreigners, maintain a passive presence to avoid SEC registration. If marketing locally, secure a license.

8.Engage Experts: Consult legal expert on fintech matters to navigate SEC and CBN requirements, ensuring compliance with local laws.

Conclusion

Nigeria’s blockchain regulatory framework, led by the SEC’s 2024 Amended Digital Asset Rules, ISA 2025, and CBN’s compliance requirements, provides a clear path for businesses to thrive while ensuring investor protection and market integrity. By securing SEC licenses, adhering to CBN’s AML/CFT and KYC mandates, and aligning with data protection laws, blockchain businesses can build trust and sustainability. Early engagement with regulators through programs like ARIP and robust governance will position entrepreneurs to lead in Nigeria’s dynamic digital economy.

Written by Adeola Osifeko LLB, LLM, ACIS, ABR. Principal Partner at AEO Law Practice. Contact adeola@aeolawpractice.com