Favour Uche, Associate

PDF version downloadable here.

1.0. Introduction

The emerging virtual asset ecosystem, including cryptocurrencies and digital assets, has seen remarkable growth in adoption in Nigeria over the years, attracting regulatory attention. As the leading African country in cryptocurrency adoption¹, the Nigerian government recognizes the need for a robust regulatory framework governing virtual asset service providers like digital asset exchanges (DAX).² Operating a DAX in Nigeria requires compliance with various laws and regulations aimed at promoting market integrity, protecting investors, and preventing financial crimes. Failure to comply can result in severe penalties for the offender. 

This guide provides an overview of the regulatory landscape and compliance requirements for operating a DAX in Nigeria as primarily mandated by the Securities and Exchange Commission (SEC). It covers relevant registration processes, operational requirements related to anti-money laundering (AML), financial reporting, and other ongoing compliance obligations. By understanding and adhering to these requirements, DAX operators can legally operate in Nigeria, establish a strong foundation for their business, build trust with customers and regulators, and contribute to the development of a safe and transparent digital asset ecosystem in Nigeria.

2.0. Regulatory Requirements for DAXs in Nigeria 

The SEC is the statutory body responsible for regulating virtual and digital assets in Nigeria’s capital market. Both virtual and digital assets have been placed under the SEC’s purview. This is because they have been deemed to be securities by the SEC (until proven otherwise).³ To fulfil its regulatory role, the SEC has released several statements and rules defining relevant terms and laying down guidelines for players in this ever-growing sector. These statements and rules are highlighted below:

(a) The Statement on Digital Assets and their Classification and Treatment, released in September 2020

(b) The New Rules on Issuance, Offering Platforms and Custody of Digital Assets (“the  SEC Rules 2022”), released in May 2022 

(c) The Securities and Exchange Commission (Capital Market Operators Anti-Money Laundering, Combating Terrorism Financing and Proliferation Financing) Regulations 2022, which centres on the provisions of the Money Laundering (Prevention and Prohibition) Act 2022, Terrorism (Prevention and Prohibition) Act 2022, the Terrorism Prevention (Freezing of International Terrorists Funds and other Related Measures) Regulations 2013, and other relevant laws and regulations as it relates to Capital Market Operators (CMOs) 

(d) The Proposed Major Amendment to the Commission’s Rules on Issuance, Offering Platforms and Custody Of Digital Assets (“the Proposed SEC Rules 2024”) released in March 2024 

2.1. Definition of Terms

For the purpose of this guide, based on the joint reading of the above laws, rules, and regulations, the following definitions, as provided by the SEC, are relevant:

• Digital Asset means a digital token that represents assets such as a debt or equity claim on the issuer; 

• Digital Asset Exchange (DAX) means an electronic platform which facilitates the trading of a virtual asset or digital asset; 

• Digital Asset Exchange Operator means a person who operates a DAX;  

• Virtual Asset means a digital representation of value that can be transferred, digitally traded and can be used for payment or investment purposes;

• Virtual Asset Provider (VASP) means any entity who conducts one or more of the following activities or operations for or on behalf of another person: 

(a) Exchange between virtual assets and fiat currencies; 

(b) Exchange between one or more forms of virtual assets; 

(c) Transfer of virtual assets;

(d) Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and 

(e) Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.⁴ 

• Originator means the account holder, or where there is no account, the person (natural or legal) that places the order with the DAX to perform the capital market transaction;⁵

• Beneficiary means a natural or legal person or any other form of legal arrangement identified by the originator as a receiver of the requested transfer;⁶

• Suspicious Transaction may be defined as one which is unusual because of its size, volume, type or pattern or otherwise suggestive of known money laundering or terrorist financing methods. It includes such a transaction that is inconsistent with a client’s known, legitimate business or personal activities or normal business for that type of account or that lacks an obvious economic rationale.⁷

We consider the statements, rules, and definitions outlined above critical. Clarity and certainty are vital in every business and regulatory environment. Not only do these statements, rules, and definitions come with significant policy, regulatory, and legal implications for operators and investors, but they also help delineate the scope of SEC’s regulatory purview. Since the SEC is primarily governed by the Investments and Securities Act 2007 (ISA), operators and investors expect—and legitimately so—that the SEC’s jurisdiction over VASPs would be limited to securities and investments products and services generally. 

Therefore, it is not expected that the SEC will exercise jurisdiction over VASPs whose products and services do not involve securities and other investment. For example, a VASP that enables users to make payments for products and services with the use of bitcoin (BTC) or other cryptocurrency is not expected to fall under the SEC’s jurisdiction. Similarly, a VASP that enables remittances or cross-border transactions with the use of BTC or Tether (USDT)—a stablecoin—may not fall under the SEC’s jurisdiction. Considering that these two transactions are related to payments and remittances respectively, it is reasonably expected that this category of VASPs would be regulated by the CBN. This is why we believe that the recent CBN guidelines on the operation of bank accounts for VASPs⁸, which completely defers jurisdiction over all VASPs to the SEC, needs to be reconsidered in this regard. 

2.2. Registration Requirements for DAXs  

In the grand scheme of things, DAXs are considered as VASPs by the SEC. Consequently, all the requirements imposed on VASPs are by implication applicable to DAXs as well. Also, significant changes have been proposed by the SEC regarding the SEC Rules 2022. The requirements are produced below based on a joint consideration of the provisions of the SEC 2022 Rules and the proposed amendments. The proposed amendments are highlighted. 

2.2.1. General Registration Requirements for VASPs 

2.2.1.1. Eligibility Criteria

(a) Companies seeking to operate as VASPs in Nigeria must now first be incorporated with the Corporate Affairs Commission (CAC) and have a registered office in Nigeria. The Chief Executive Officer (CEO)/Managing Director (MD) or its equivalent shall be resident in Nigeria (As introduced by the Proposed SEC Rules 2024).

(b) No person or entity shall provide any virtual assets service unless first registered with the SEC (As introduced by the Proposed SEC Rules 2024).

(c) Existing Capital Market Operators (CMOs) registered to provide trading, offering platforms, and custodial services seeking registration under these Rules may be required to establish a subsidiary/separate entity to take up the function (As introduced by the Proposed SEC Rules 2024).

(d) The initial position that VASPs could simply have an office in Nigeria managed by a Director of the company is no longer tenable. (As introduced by the Proposed SEC Rules 2024).

Clearly, the proposed amendments above are intended to help the SEC improve its capacity to efficiently and effectively carry out its supervisory and monitoring roles. When for example the FTX collapse affected millions globally,⁹ including Nigerians, the SEC  appeared helpless as FTX neither had local incorporation nor local office. There was also no CEO/MD of the company resident in Nigeria to hold accountable. Business-wise, this proposed amendment offers opportunity for collaboration between foreign DAXs and local DAXs, for DAX operators who are open to consider this path.

2.2.1.2. Required Documentation for VASPs

The job of ensuring consumer protection and investor safety in the capital market is not an easy job. Investor confidence must be safeguarded, otherwise distrust sets in. To ensure trust and confidence in the market, efficiency, integrity, and transparency must be the keywords for both CMOs (including VASPs) and the regulator. This is why the SEC requires VASPs to have and submit proper documentation on every aspect of their management and operations. 

Therefore, an application for registration as a VASP must be filed on the appropriate SEC Form contained in the applicable Schedule to the SEC’s Rules and Regulations. The form must be accompanied by the following documents:

(a) A sworn undertaking that the applicant will be able to carry out its obligations as set out under these Rules;

(b) A sworn undertaking that the information or document that is furnished by the applicant to the SEC is not false or misleading nor does it contain any material omission;

(c) Evidence that the applicant is not in the course of being wound up or otherwise dissolved; 

(d) Evidence that no receiver manager or an equivalent person has been appointed within or outside Nigeria, or in respect of any property of the applicant; 

(e) A sworn undertaking that the applicant has not, whether within or outside Nigeria, entered into a compromise or scheme of arrangement with its creditors, being a compromise or scheme of arrangement that is still in operation; 

(f) Evidence that the applicant, applicant’s directors, chief executive, controller, and any person who is primarily responsible for its operations or financial management are fit and proper, taking into account the following: 

(i) That they are suitably qualified to assume the position, including having the relevant experience and track record in managing a business and not; 

(1) been convicted, whether within or outside Nigeria, of an offence involving fraud or other dishonesty or violence or the conviction of which involved a finding that he acted fraudulently or dishonestly:

(2) been convicted of an offence under the securities laws or any law within or outside Nigeria relating to capital market; 

(3) contravened any rules of a registered Exchange, registered clearing house, depository or a registered self-regulatory organisation; 

(4) contravened any provision made by or under any written law whether within or outside Nigeria appearing to the SEC to be enacted for protecting members of the public against financial loss due to dishonesty, incompetence or malpractice by persons concerned in the provision of financial services or the management of companies or against financial loss due to the conduct of discharged or undischarged bankrupts;

(5) engaged in any business practices appearing to the Commission to be deceitful, oppressive or otherwise improper, whether unlawful or not, or which otherwise reflect discredit on his method of conducting business; 

(6) engaged in or has been associated with any other business practices or otherwise conducted himself in such a way as to cast doubt on his competence and soundness of judgement; or 

(7) engaged in or has been associated with any conduct that cast doubt on his or her ability to act in the best interest of investors, having regard to his or her reputation, character, financial integrity and reliability.

(ii) Evidence that there are no other circumstances which are likely to – 

1. 1. 1. 1. lead to the improper conduct of operations by the applicant or by any of its directors, chief executive, controller or any person who is primarily responsible for the operations or financial management of the applicant; or
         2. reflect discredit in the manner it operates its business. 

 (g) Submit a business model which has a clear or unique value proposition or will contribute to the overall development of the capital market; 

(h) Submit the rules of the entity it seeks to operate and make satisfactory provisions – 

1. 1. for the protection of investors and public interest;
   2. to ensure proper functioning of the entity; to promote fairness and transparency;
   3. to manage any conflict of interest that may arise; 
   4. to promote fair treatment of its users or any person who subscribes for its services;
   5. to promote fair treatment of any person who is hosted, or applies to be hosted, on its platform; 
   6. to ensure proper regulation and supervision of its users, or any person utilising or accessing its platform, including suspension and expulsion of such users or persons; and
   7. to provide an avenue of appeal against the decision of the VASP; 

(i) Evidence that the applicant will be able to take appropriate action against a person in breach including directing the person in breach to take any necessary remedial measure;

(j) Evidence that the applicant will be able to manage risks associated with its business and operation including demonstrating the processes and contingency arrangement in the event the applicant is unable to carry out its operations;

(k) Evidence that the applicant has sufficient financial, human and other resources for its operation, at all times; and 

(l) Evidence that the applicant has appropriate security arrangements which include maintaining a secured environment pursuant to the SEC’s Rules on Technology Risk Management.¹⁰

2.2.2. General Registration Requirements for DAXs

In addition to the general requirements for VASPs as outlined above, an applicant seeking to register as a DAX Operator must comply with the following requirements:

2.2.2.1 Eligibility Criteria

(a) Payment of Prescribed Fees: 

(i) Filing/Application Fee – N300,000 (Three Hundred Thousand Naira only) (Formerly N100,000 (One Hundred Thousand Naira) but now increased by the Proposed SEC Rules 2024)

(ii) Processing Fee – N1,000,000 (One Million Naira) (Formerly N300,000 (Three Hundred Thousand Naira) but now increased by the Proposed SEC Rules 2024)

(iii) Registration Fee – N150,000,000 (One Hundred and Fifty Million Naira)  (Formerly N30,000,000 (Thirty Million Naira) but now increased by the Proposed SEC Rules 2024)

(iv) Sponsored Individuals Fee – N300,000 per individual (Three Hundred Thousand Naira)   (Formerly N100,000 (One Hundred Thousand Naira) but now increased by the Proposed SEC Rules 2024) ¹¹

(b) Proof of Minimum Paid-Up Capital and Fidelity Bond

(i) Evidence of required minimum paid up capital of N1,000,000,000 (One Billion Naira) subject to verification of the sources of the funds (Formerly N500,000,000 (Five Hundred Million Naira but now increased by the Proposed SEC Rules 2024);

(ii) Current Fidelity Bond covering at least 25% of the minimum paid up capital as stipulated by the Commission’s Rules and Regulations; 

(iii) The Commission may at any time impose additional financial requirements or other terms and conditions on the DAX Operator that commensurate with the nature, operations and risks posed by the DAX Operator;

(iv) All funds shall be made through Real-Time Gross Settlement (RTGS).¹²

Regarding prescribed fees and minimum paid-up capital, apparently, by the proposed amendments, the SEC seeks to increase the application, processing, registration, and sponsored individuals fees. This increment is significantly up by about 300% generally and by 500% for registration fee.

Apart from the devaluation as well as the depreciation of the local currency, the Nigerian Naira (NGN), being a possible reason for these proposed increments, the SEC may also have considered the need to further limit risks in the market by raising the bar on prudential requirements. In other words, the bigger the VASP, the safer it will be for customers. Think of this as the whale. While this may not always be the case, it is valid. 

But are the proposed amendments on fees and prudential requirements sound, especially for local DAX operators who may not have the capacity—relative to their foreign counterparts—to meet these financial and prudential requirements? Maybe not, and maybe yes, depending on where one stands. Generally, one would expect that before considering consolidation in the market, the regulator will allow the market to legally operate first. Besides, the prescribed fee of N150,000,000 as registration fee is 5 times bigger than SEC’s present prescribed registration fee for securities exchanges in the traditional capital market.¹³ 

However one sees it, one consideration merits attention: The need for potentially affected VASPs to start considering—if not already on the table—strategic partnerships and mergers & acquisitions (M&As). In this emerging market, it will be a marathon, not a sprint.

2.2.2.2. Required Documentation 

An application for registration of a DAX is required to be made on the appropriate SEC form and must be accompanied by the following: 

(a) Completed duplicates of the following forms:

(i) Form SEC 2 – Application Form for Registration of Sponsored Individuals under the ISA 2007; and

(ii) Form SEC 2D – Form for Fit and Proper Persons (Sponsored Individuals, Directors/Partners) for Registration in the Capital Market under the ISA 2007.¹⁴  

The forms are to be completed by all principal officers (Managing Director (MD)/Chief Executive Officer (CEO) and other Directors) and sponsored individuals/ compliance officers of the DAX in duplicates. Sponsored individuals and compliance officers for purposes of this registration are the principal officers and/or professionals held out by the applicant DAX as experts and on whose advice or actions investors are expected to rely.¹⁵ A DAX is required to register a minimum of four (4) sponsored individuals with the SEC, two of which must be the MD/CEO and the Compliance Officer of the DAX.¹⁶

(b) A copy each of the following, duly certified by the CAC:

(i) Certificate of Incorporation (original to be sighted); 

(ii) Memorandum and Articles of Association which shall include the power to perform the specified function; 

(iii) CAC Form(s) showing Statement of Share Capital, Return of Allotment, and Particulars of Directors; 

(iv) Latest audited accounts or audited statement of affairs of the company in the case of a new company.¹⁷

(c) A sworn undertaking that the applicant will be able to operate an orderly, fair and transparent market in relation to the securities including derivatives that are offered or traded, on or through its platform (As introduced by the Proposed SEC Rules 2024);¹⁸

(d) A sworn undertaking to keep proper records and render returns as may be specified by the SEC from time to time, signed by a director or the company secretary;¹⁹

(e) A sworn undertaking by a director or the company secretary, to abide by SEC Rules and Regulations and Investments and Securities Act No. 29 of 2007 as may be amended from time to time;²⁰

(f) Before a DAX Operator can commence  operations, the SEC may require the following documents:

(i) Evidence of Information Technology (IT) assurance regarding the system readiness and;

(ii) A written declaration by its internal auditor confirming that it has: 

1. 1. 1. Sufficient human, financial and other resources to carry out operations;
      2. Adequate security measures, systems capacity, business continuity plan and procedures, risk management, data integrity and confidentiality, record keeping and audit trail, for daily operations and to meet emergencies; 
      3. Sufficient IT and technical support arrangements; and
      4. A Chief Information Security Officer to ensure amongst other things, that cyber risks are adequately mitigated.²¹

(g) Such other documents that may be required by the SEC from time to time to be necessary for registration.

3.0.  Operational Requirements and Obligations for DAXs 

In addition to the above-listed requirements for the registration of DAXs, the following are operational requirements and obligations for DAXs as stipulated by the SEC which may affect its continued registration:

3.1. General Obligations of DAXs:

A DAX shall ensure the following:

(a) Monitor and ensure compliance of its rules; 

(b) Ensure fair treatment of its users; ensure that all disclosures are accurate, clear and not misleading; 

(c) Obtain and retain self-declared risk acknowledgement forms from its users prior to them investing through a DAX; 

(d) Provide a conspicuous disclaimer on its platform informing investors that any loss resulting from the investors trading or investment through the DAX is not covered by any protection fund; 

(e) Ensure that all fees and charges payable are fair, reasonable and transparent; 

(f) Ensure that the same account holder is not on both sides of the same transaction (As introduced by the Proposed SEC Rules 2024);

(g) Ensure that investors only invest or trade in virtual or digital assets hosted on its platform using Naira. The rate for conversion of foreign currency denominated assets shall be the official exchange rate as published by the CBN (As introduced by the Proposed SEC Rules 2024);

(h) Ensure that it does not engage in any business practices that appears  to be deceitful, oppressive or improper (whether unlawful or not) to the SEC or which otherwise reflect discredit on applicant’s method of conducting business; 

(i) Carry out continuous awareness and education programmes; 

(j) Have in place adequate policies, procedures and controls to mitigate against money laundering, terrorism financing and counter proliferation financing requirements and comply with Anti Money Laundering/Combating Financing of Terrorism and Countering Proliferation Financing laws and regulations;

(k) Disclose and display prominently on its platform, any relevant information relating to the DAX such as – 

(i) All necessary risk warning statements, including all risk factors that users may require in making a decision to participate on the platform;

(ii) Information on rights of investors relating to investing or trading on the Exchange;

(iii) Criteria for access to the Exchange; 

(iv) Education materials, including comparative information where necessary; 

(v) Fees, charges and other expenses that it may charge, impose on its users;

(vi) Information about complaints handling or dispute resolution and its procedures; 

(vii) Information on processes and contingency arrangement in the event the DAX is unable to carry out its operations or cessation of business; 

(viii) And any other information as may be specified by the SEC.²²

3.2. Corporate Governance Requirements

(a) SEC-Approved Board: A DAX  is required to have a Board whose appointment shall be subject to approval of the SEC.²³

(b) SEC-Approved Appointment of Chief Executive and Principal Officers 

(i) The Chief Executive Officer of a DAX shall hold office for a period of five (5) years in the first instance and may be re-appointed for a further period of five (5) years and no more; 

(ii) The appointment of a Chief Executive Officer and Principal Officers of a DAX  shall be subject to the prior approval of the SEC;

(iii) The Chief Executive Officer and other Principal Officers of a DAX shall: 

1. 1. 1. be registered by the SEC as Sponsored Individuals;
      2. be persons of proven integrity with no record of criminal conviction; 
      3. hold at least a university degree or its equivalent;
      4. have at least five (5) years cognate experience;
      5. not have been found complicit in the operation of an institution that has failed or been declared bankrupt or has had its operating licence revoked as a result of mismanagement or corporate governance abuses;
      6. not have been found liable for financial impropriety or any other misdemeanour by any court, panel, regulatory agency or any professional body or previous employer;
      7. comply with any other criteria which the SEC may, in the public interest, determine from time to time.²⁴

c. Outsourcing Board

The DAX Operator must have a Board that is accountable for all outsourced functions. The Board shall be responsible for the following:

(i) Establish policies and procedures for outsourcing arrangements, including a monitoring framework to track service provider performance;

(ii) Ensure the service provider has adequate policies/procedures to monitor any sub-contractors;

(iii) Periodically assess service providers as part of monitoring and report assessments to the Board/senior management;

(iv) Obtain a sworn undertaking from providers/subcontractors allowing the SEC access to all relevant information/records; and

(v) Notify the SEC within 2 weeks of any adverse development in an outsourcing arrangement that could significantly impact the DAX’s operations.²⁵

3.3. Reporting Requirements

A DAX Operator shall submit to the SEC the following: 

(a) Weekly and monthly trading statistics and all reporting requirements;

(b) Quarterly and annual financial as well as compliance reports to demonstrate its compliance with any conditions imposed by the SEC pursuant to the registration of the DAX operator; 

(c) Its latest audited financial statements, within three months after the close of each financial year or such period that the SEC may allow; and

(d) Any information required by the SEC.²⁶

3.4. Requirements for DAXs to Trade Virtual Assets/Digital Tokens

(a) No DAX Operator shall facilitate the trading of any virtual/digital asset unless the SEC has issued a “no objection” to the trading of the virtual/digital asset. 

(b) The issuance of virtual asset/digital token shall comply with the relevant Rules issued by the SEC. Such virtual asset/digital token would require approval from the SEC before being traded on any DAX. 

(c) In relation to trading of such assets, a DAX is required to submit an application to the SEC enclosing relevant documents and any other information to be determined by the SEC from time to time;

(d) A DAX must demonstrate availability of information related to the project, including but not limited to – 

(i) The whitepaper or any other disclosure document accompanying the virtual/digital Asset;

(ii) The progress of the project including both business and technical aspects;

(iii) Compliance with all other legal and regulatory frameworks in Nigeria and other jurisdictions where the project operates in; 

(iv) Security of the underlying distributed ledger, including but not limited to –

1. 1. 1. The number of nodes;
      2. Any history of hacks and other forms of attacks; and any known security vulnerabilities.

(e) A DAX Operator must –

(i) ensure that its platform is operating in an orderly, fair and transparent   manner;

(ii) have in place rules and procedures for the trading, clearing and settlement of virtual assets/digital tokens on the platform; and 

(iii) conduct real-time market surveillance.²⁷

3.5. Internal Audit Requirements 

A DAX Operator is required to establish an internal audit function to develop, implement and maintain an appropriate internal audit framework commensurate with its business and operations.²⁸

3.6. Risk Management Requirements 

A DAX Operator must identify and mitigate operational risks (internal and external) through implementing a robust operational risk management framework with appropriate systems, policies, procedures, and controls. This includes defining clear roles/responsibilities for addressing risk, setting operational reliability objectives and policies to achieve them, ensuring adequate capacity to meet service levels under stress volumes, and implementing comprehensive physical and information security policies to address vulnerabilities/threats.²⁹

3.7. Asset Protection Requirements

A DAX Operator must ensure the following –

(a) Establish systems and controls for maintaining accurate and up-to-date records of investors and any monies or virtual assets/digital tokens held in relation thereto;

(b) Ensure investors monies and virtual assets/digital tokens are properly safeguarded from conversion or inappropriate use by any person, including but not limited to implementing multi-signature arrangements; 

(c) Establish and maintain with a registered Central Securities Depository or Trustee, one or more Central Securities Depositories or trust accounts, designated for the monies received from investors; 

(d) Ensure that the Central Securities Depository or trust accounts are administered by an independent registered Central Securities Depository or trustee; 

(e) Establish and maintain a sufficiently and verifiably secured storage medium designated to store virtual assets/digital tokens from investors; and

(f) In relation to investors’ virtual assets/digital tokens, have arrangements and processes in place to protect against the risk of loss, theft or hacking.³⁰

3.8. Settlement and Custody Requirements

A DAX Operator must: 

(a) ensure there are orderly, clear and efficient clearing and arrangements; settlement;

(b) ensure these arrangements include prior or upfront deposit of monies and virtual assets/digital tokens with the DAX Operator before entering into a transaction on the DAX; and

(c) provide clear and certain final intraday settlement.³¹

3.9. Record Keeping Obligations 

A DAX is required to maintain records of all transactions and activities executed on its platform in a form and manner to be determined by the SEC from time to time.³²

3.10. Transaction Fees Requirements 

(a) The SEC shall charge fees on transaction carried cut virtual assets/digital tokens traded on a DAX at a rate or percentage to be determined by the SEC from time to time.

(b) All transaction fees payable to DAX by its users shall be subject to approval of the SEC.³³

3.11. Anti-Money Laundering, Countering the Financing of Terrorism and Countering Proliferation Financing (AML/CFT/CPF) Obligations of DAXs

A most critical area of compliance for DAXs operating in Nigeria is the implementation of robust anti-money laundering, countering the financing of terrorism, and countering proliferation financing (AML/CFT/CPF) measures. The anonymity and decentralised nature of digital assets have raised concerns about their potential misuse for illicit activities, such as money laundering, terrorist financing, and the proliferation of weapons of mass destruction. As a result, the SEC has placed a strong emphasis on ensuring that VASPs such as DAXs have adequate AML/CFT/CPF controls to mitigate these risks and comply with relevant laws and regulations. Some of these obligations include the following:

(a) Adoption of AML/CFT/CPF Policies: A DAX is required to adopt policies stating its commitment to comply with AML/CFT/CPF obligations under the law. This will ensure the prevention of any transaction that facilitates criminal activities on the DAX platform.³⁴

(b) Assignment of a Designated AML/CFT/CPF Chief Compliance Officer: A DAX is required to have a designated AML/CFT/CPF Chief Compliance Officer with relevant competence, authority, and operational independence to implement the AML/CFT/CPT policies of the platform. Such an officer is also to be registered with the SEC as a sponsored individual and must satisfy the fit and proper persons’ requirement set out by the SEC.³⁵

(c) Identification and Filing of Suspicious Transactions Reports (STRs) to the Nigerian Financial Intelligence Unit (NFIU): DAXs are tasked with the identification and the reporting of any suspicious transactions derived from activities such as terrorism and terrorist financing, trafficking in human beings and migrant smuggling, sexual exploitation including sexual exploitation of children, illicit arms trafficking, illicit trafficking in stolen and other goods, corruption and bribery, and fraud, among others to the NFIU.³⁶ 

(d) Conduct of Customer Due Diligence (CDD): From the moment the life cycle of a client’s (private individual clients, quasi-corporate clients, corporate clients, and other institutions) business relationship begins with a DAX till the end of such relationship, a DAX is required to conduct risk-sensitive CDD measures on that client.³⁷ Where the client is classified as high risk, the DAX is to adopt an enhanced CDD (ECDD) process and apply greater caution.³⁸ All virtual asset transfers are treated as cross-border transfers and should automatically be treated as high risk by the DAX.³⁹ Where the DAX cannot perform CDD on a client, it must consider filing an STR to the NFIU in respect of such a client.[/efn_note] All virtual asset transfers are treated as cross-border transfers and should automatically be treated as high risk by the DAX.⁴⁰ In addition to this, the DAX is required to put in place appropriate risk-management systems to determine whether a potential client, existing client, or the beneficial owner of the digital asset is a politically exposed person (PEP).⁴¹

(e) Compliance with Travel Rule Requirements: Originator and beneficiary VASPs must obtain and hold full, accurate, and available originator and beneficiary information. Full beneficiary and originator information must contain:

(i) the full name of the originator; 

(ii) the originator’s wallet address;

(iii) the physical address or national identity number of the originator. Where the originator is not a natural person, the incorporation number or business registration number; 

(iv) the name of the beneficiary; and

(v) the beneficiary’s wallet address.⁴²

For transactions below $1,000, DAXs must ensure that all such transfers include the    name of the originator, the name of the beneficiary, and the wallet address for each.Regulation 15(6) of the Securities and Exchange Commission (Capital Market Operators Anti-Money Laundering and Combating the Financing of Terrorism) Regulations, 2022⁴³

(f) Comprehensive Employee Education and Training Programme: DAXs must design comprehensive employee-training programs to ensure awareness of AML/CFT/CPF obligations and equip employees with relevant skills. The training content and timing should be tailored to the DAX’s specific needs under the guidance of the AML/CFT/CPF Chief Compliance Officer and top management, and should cover the following:

(i) AML/CFT/CPF laws, regulations and offences

(ii) Nature of money laundering, terrorism financing, proliferation financing

(iii) AML/CFT/CPF red flags, suspicious transactions, typologies, virtual assets and emerging trends

(iv) Reporting requirements

(v) Customer due diligence (CDD)

(vi) Risk-based approach to to AML/CFT/CPF

(vii) Record keeping and retention requirements

All DAXs must submit their annual AML/CFT/CPF employee training program to the SEC by 31 December of every financial year for the upcoming year.⁴⁴

(g) Performance of Know Your Customer (KYC) and Identification Procedures: A DAX is not to establish any relationship with a client until all relevant parties have been identified through the submission of relevant information and the nature of the business to be conducted has been ascertained.⁴⁵ Sufficient information on the nature of the business relationship include:

(i) the purpose and reason for opening the account or establishing the relationship;

(ii) the nature of the activity that is to be undertaken; 

(iii) the expected origin of the funds to be used during the relationship; and

(iv) the details of occupation, employment, business activities and sources of wealth or income.⁴⁶ 

A DAX is to establish and independently validate information for all private individuals whose identities need to be verified. The client’s identity, address, and other available information should be checked physically or electronically through databases and directories.⁴⁷  This requirement extends to all other types of clients who may establish business relationships with the DAX.

(h) Record Keeping: A DAX is mandated to keep and preserve all necessary records related to transactions and business relationships for at least five years.⁴⁸

4.0 Other Relevant Regulatory Bodies to DAX Operations in Nigeria 

Although the SEC is the primary regulatory body for DAXs, the laws and regulations released by several other relevant regulatory bodies may apply to DAXs. Where applicable, they must be complied with to ensure complete coverage under the law. These bodies include:

(a) the Economic and Financial Crimes Commission (EFCC) as it relates to the prevention of financial crimes in DAXs;

(b) the NFIU as it relates to financial intelligence and money laundering monitoring requirements in a DAX;

(c) the Federal Inland Revenue Service (FIRS) as it relates to corporate-tax obligations of the DAX; 

(d) the Nigerian Data Protection Bureau (NDPB) as it relates to data control and processing requirements to be observed by DAXs in their operations;

(e) the Federal Competition and Consumer Protection Commission (FCCPC) as it relates to consumer protection and competition law; and

(f) the Advertising Regulatory Council of Nigeria (ARCON) as it relates to the advertising and marketing activities of the DAX.

5.0. Conclusion

As the regulatory landscape for virtual and digital assets in Nigeria continues to evolve, operators and players must stay vigilant and seek professional advice to ensure that they remain compliant with the latest regulatory requirements. This guide only serves as a starting point and not a final destination for a DAX’s compliance journey in Nigeria. It must be understood that compliance is not a one-time exercise but an ongoing process that requires continuous monitoring, reassessment, and adaptation. The world of digital assets is a dynamic one. Having a legal partner in innovation with expertise and experience in digital assets innovation, policy, regulation, and licensing can make any DAX operator’s journey more purposeful, reassuring, and rewarding.