Nigeria SEC Digital Asset Framework: Points to watch

— William Phelps (Investment Manager at Adaverse)

Last month, Nigeria’s Securities and Exchange Commission released its long-awaited policy paper outlining a myriad of new rules and restrictions concerning digital assets. At 54 pages, the paper addresses how digital assets might be released and marketed, how and who might hold those assets as custodians, and the ways in which they can be traded on exchanges. The full document can be found here.

The response to the document has been mixed, largely split along institutional and retail lines. Bigger players in the Nigerian market have lauded the regulations as bringing a degree of legitimacy to African digital asset transactions. With an established and comprehensive regulatory framework, professional players can safely engage with crypto without fear of prosecution or overt fraud.

By contrast, many smaller commentators have pointed out that restrictions surrounding fees and capital reserves effectively lock out startups from Nigeria’s digital assets ecosystem, stunting organic growth and making what was once a fertile environment for digital currency barren.

Whilst neither response is unexpected, the most interesting judgment is yet to come. Peculiarly, the Central Bank of Nigeria has kept silent on the framework: implicitly maintaining their 2021 ruling that cryptocurrency transactions are illegal and commercial banks cannot deal in them. Of course, we should expect a clarification on this position in the months, if not weeks, to come. Nonetheless, it points to the numerous unanswered questions and points for review that characterise the SEC’s document.

Either way, it’s clear that the framework seeks to radically overhaul the Nigerian crypto space in an attempt to introduce international standards of security, risk management and constitutional regulation that prioritise investor safety and consumer protection.

To assess what this means for founders at a practical level, I’ve distilled the key points of the document below:

Rules on Issuance of Digital Assets as Securities

Addresses those seeking to raise capital through issuing digital assets, such as ICOs or any other kind of decentralised ledger technology. The emphasis of this section is on whether a digital asset offering constitutes a security.

• All whitepapers must be submitted to the SEC for review. They must contain an overview of the project, tokenomics, use of proceeds from the sale and a timeline.
• Whitepapers can be circulated pending SEC approval but must contain a disclaimer stating they have not been formally registered.
• Applications must contain independent legal evaluation as to whether the proposed digital asset offering constitutes securities.

If the SEC rules the digital assets described in the whitepaper constitute a security, the issuers must complete a registration statement:

• Token information, including price, ticker and tokenomics.
• KYC procedures, risk management and security protocols for the token.
• Independent legal certification that the issuer has acquired necessary licenses and certificates.

If approved for registration, issuers must then abide by a number of rules concerning fundraising:

• The issuer’s directors must hold at least 50% of the assets released until the end of the offering period.
• The maximum funds raised can be 20x the issuer’s shareholders’ funds up to a cap of NGN 10bil.
• The issuer must demonstrate the funds being raised are sufficient to fulfil the aims of the project, and if the soft cap is not met refund all investors within 5 days.

Restrictions have also been imposed on the amount investors can commit to any one digital asset offering:

• Sufficiently qualified institutional / HNW investors have no restrictions.
• Retail investors can invest NGN 200k per issuance, with an annual limit of NGN 2mil.

Digital Assets Offering Platforms (DAOPs)

Addresses electronic platforms designed to offer digital assets, such as those on which ICOs are hosted and tokens subsequently launched.

DAOPs must register with the SEC subject to the following charges:

• Application fee — NGN 100k
• Processing fee — NGN 300k
• Registration fee — NGN 30m
• Sponsored individuals fee — NGN 100k
• Evidence of required minimum paid up capital of NGN 500m, held in either liquid or illiquid assets.
• Active insurance (fidelity bond) of at least 25% of minimum paid up capital.

The SEC has also mandated a number of requirements for personnel appointments and internal structures of a DAOP.

• DAOP boards must be approved by the SEC, with an appropriate charter specifying responsibilities and obligations.
• DAOP CEOs must be appointed for a 5 year term, with a 2 term limit. They must fulfill specific experiential and educational requirements.

The SEC also mandates that DAOPs must fulfill numerous due diligence and risk management requirements both in its own operations and in dealing with potential new issuers.

• DAOPs must carry out due diligence and qualitative checks on the business of a new issuer, including compliance and whitepaper transparency.
• Clearly highlight necessary risk warning statements associated with individual issuers and projects.
• Establish requisite whistleblowing, segregation of function and compliance protocols.
• Set up a robust, board-approved risk management framework addressing events posing a significant risk to operations.
• Develop an internal audit function.
• Publicly disclose conflicts of interest, including holdings it may have in issued assets or referral schemes.

DAOPs must also operate their trust accounts in accordance with a number of SEC requirements:

• All assets held on behalf of investors must be clearly and accurately recorded in a protected, multi-signature account.
• This account must be operated by a Central Securities Depository registered by the SEC.
• Only release funds once the targeted amount sought has been raised and there is no material change to either the issuer or the DAOP.

The SEC also decrees that DAOPs must keep a register of all initial token holders who subscribed for assets during the initial release.

Digital Asset Custodians (DACs)

A person or service who maintains custody over users’ digital assets on the users’ behalf. Examples include self-custody software (hard/soft wallets) or exchange wallets.

DACs’ registration requirements are the same as those of DAOPs and VASPs (discussed below). However, DACs require further proof of eligibility with respect to managing clients’ assets. Furthermore, foreign DACs can be registered provided their native jurisdiction is perceived to align with the Nigerian SEC.

• Consistent and proved compliance with SEC reporting requirements as to the handling and management of client assets.
• Establishing and maintaining written policies containing a clear line of reporting, authorisation and segregation of functions.
• Lines of reporting must also include anti-corruption and whistleblowing procedures that are consistent with the nature and scale of the DAC.
• Provable safeguarding and security policies with respect to client data confidentiality.
• DAC risk management systems must include strategies to monitor and mitigate material risks. These risks must be regularly internally audited and reported to senior management.

DACs must also establish a justifiably secure storage medium for clients’ virtual assets and digital tokens:

• Adopt SEC recognised industry standards and practices for key generation and management.
• Ensure employees involved in the key generation process are prevented from having unauthorised access to client assets.
• Allow clients access to their assets independently of the DAC.
• These assets must be probably segregated from the DAC’s own assets, tracked by accurate and up to date records.
• Foreign DACs must have a separate account for Nigerian custodian services.

The SEC mandates a rigorous system of transaction reporting and recording for all DACs, including transfer timestamps, amounts, account balances and signatures of those involved. All transactions must occur in NGN.

Virtual Asset Providers (VASPs)

Rules governing all platforms facilitating trading, exchange and transfers of digital assets. These rules do not apply to technology services merely providing infrastructure or systems to a DEX.

VASPs are understood as follows:

• Exchange between virtual assets and fiat.
• Exchange between virtual assets.
• Transfer for virtual assets.
• Administration of virtual assets.
• Provision of financial services related to offer/sale of virtual assets.

With the exception of payment, VASP’s conditions of registration are the same as both DAOPs and DACs. However, the added requirement is that:

• VASPs have an office in Nigeria managed by the director of the company.
• Collect self-declared risk assessment forms and make clear to users that loss resulting from trading activities is not covered by any protection fund.
• Relevant declaration of fees, education materials and complaints mechanisms for users.
• Provide the SEC access to the platform when required.

Digital Assets Exchange (DAX)

In addition to the requirements set out for VASPs, DAXs must satisfy further conditions for operation.

Unlike other forms of VASPs, DAXs must register with the SEC subject to the same payment requirements of DAOPs.

Management and structural requirements are also the same as DAOPs. However, the SEC outlines a more robust risk management criterion:

• DAX operators’ business plans must address events that could pose a significant risk of disrupting operations.
• DAXs’ internal guidelines must incorporate the use of a secondary site to ensure that critical IT systems can resume operations in case of disruptive events.

DAXs are required to adopt and maintain internal audit systems akin to DAOPs.

With respect to trading activity, the SEC has a number of requirements going beyond those listed for DAOPs or other VASPs.

• The SEC must issue a ‘no-objection’ to any digital assets listed on a DAX before they can be traded.
• DAXs must submit an application to the SEC containing the asset’s whitepaper, legal compliance information and security protocols (including number of nodes and history of hacks).
• All trading activity, market structure, order types must be recorded and disclosed to the SEC.
• The DAX must have systems in place to detect and deter market manipulation, manage volatility and ensure transparent execution, clearing and intra-day settlement.

The SEC will also charge fees on transactions carried out with DAX traded digital assets. This rate will be determined by the SEC from time to time.

Conclusion

It’s important to remember that this framework is still subject to consultation, feedback and subsequent change. It is, after all, just a framework for now.

Despite this, the direction of travel is clearly towards more, rather than less, regulation. With the registration requirements, fees, minimum capital rules and fundraising limits imposed on all platforms, questions must be asked as to how smaller founders and startups will be able to survive.

Speaking to Nairametrics shortly after the release of the document, Senator Ihenyen of Infusion Lawyers noted that whilst the regulations marked the SEC finally stepping up to its statutory role’ of consumer protection, ‘it is debatable whether imposing huge licensing fees and paid-up capital is necessarily the answer’.

In many respects, this sums up the crossroads at which the SEC and the CBN now find themselves: balancing the need for investor safety whilst trying to preserve a competitive, open blockchain ecosystem.

Perhaps this is a wider issue that hits at the heart of the ‘problem’ of cryptocurrency. How do innovators simultaneously appease regulators whilst developing a product that is inherently unregulated? Reflected in the ongoing discussions amongst blockchain engineers about questions of metadata, authentication and compliance, these are issues that will be important not only for Nigeria but blockchain as a technology in and of itself.