Answer ... When building a governance framework, blockchain developers should consider two primary goals:
- maximising the strengths and opportunities associated with the framework, in light of the primary goal of the protocol; and
- minimising the risks and threats associated with the framework, in light of the general regulatory regimes and issues.
These general regulatory regimes and issues include the following.
General laws and regulations: Nigeria has no specific legislation or regulations on blockchain/distributed ledger technology (DLT). However, certain existing laws and regulations generally apply to a number of blockchain/DLT applications across various industries.
The Investments and Securities Act 2007 regulates investments and securities in Nigeria and establishes the Securities and Exchange Commission (SEC), which is empowered to enforce the act. Among other things, the act regulates collective investment schemes, initial public offerings and securities. Therefore, initial coin offerings (ICOs), securities token offerings, token generation events and similar offers of securities to the public may fall under SEC regulation.
The following Central Bank of Nigeria (CBN) know-your-customer (KYC) and anti-money laundering/counter-terrorist financing (AML/CFT) policies and other CBN regulatory frameworks also apply:
- the Three-Tier KYC Requirements 2013;
- the Anti-money Laundering/Combating the Financing of Terrorism (Administrative Sanctions) Regulations 2018;
- the AML/CFT Policy and Procedure Manual 2018;
- the Consumer Protection for Banks and Other Financial Institutions 2016;
- the Consumer Protection Regulations 2019;
- the Guidelines on Mobile Money Services in Nigeria;
- the Guidelines on International Mobile Money Remittance Services;
- the Guidelines on International Money Transfer Services; and
- the Central Bank of Nigeria Act 2007.
Other regulations that may apply include:
- the Nigeria Data Protection Regulation 2019;
- the National Health Act;
- the Cybercrimes (Prohibition, Prevention, etc) Act 2015;
- the National Identity Management Act 2017;
- the Companies Income Tax Act;
- the Capital Gains Tax Act;
- the Personal Income Tax Act;
- the Value Added Tax Act;
- the Companies and Allied Matters Act;
- the Finance Act 2019;
- the Statute of Frauds 1677;
- the Evidence Act 2011;
- the Money Laundering (Prohibition) Act, 2011 (as amended);
- the Terrorism Prevention Act, 2012 (as amended);
- the Terrorism Prevention (Freezing of International Terrorist Funds and other Related Matters) Regulations, 2013;
- the Economic and Financial Crime Commission (Establishment) Act 2004; and
- the Banks and Other Financial Institutions Act 1991.
Cybersecurity: Although blockchain technology is theoretically unhackable because of its decentralised and distributed structure, blockchain developers must carefully consider the security of their blockchain/DLT protocols. Blockchain developers also need to be careful with the code used in writing the protocol. Any vulnerability in the code may result in a hack, such as the decentralised autonomous organisation (DAO) hack in 2016, when $50 million worth of cryptocurrency was stolen.
Privacy: Implementing blockchain/DLT protocols is difficult for certain industries, particularly the financial (banking), health and legal industries. This is because information is typically open and permissionless, enabling anyone that wishes to have access and participate to do so. Blockchain developers need to consider privacy issues when building the governance framework for blockchain/DLT protocols.
Legal issues: Some of the legal issues include:
- how to determine the jurisdiction of nodes for enforcement purposes;
- the legal status of a DAO which runs on smart contracts; and
- smart contracts and their enforceability under traditional contract law and before the Nigerian courts.
In Nigeria, none of these legal issues has been legislated or adjudicated upon.
Regulatory issues: In Nigeria, as in a considerable number of countries, there is some level of regulatory uncertainty. Twice - in January 2017 and February 2018 - the CBN warned both financial institutions and the public that virtual currencies are not legal tender in Nigeria. Similarly, the SEC warned Nigerians about the significant risks involved in investing in virtual assets, particularly those that are unregulated or unauthorised. The lack of regulation may have encouraged a number of scams in the space, especially through unrealistic ICOs.
Ethical issues: As blockchain applications increase, one major ethical issue is the use of cryptocurrencies to perpetrate criminal acts. Nigeria already faces numerous challenges in fighting cybercrime. The ability to carry out transactions through cryptocurrencies has now made tracing illegal activities such as drug trafficking, human trafficking and terrorism either extremely difficult or impossible for law enforcement agencies. Blockchain developers may thus come under increasing pressure from the state to put public safety before individual privacy when building the governance frameworks of blockchain/DLT protocols.
From an environmental perspective, power usage for cryptocurrencies such as bitcoin that require significant amounts of electricity is not yet an issue in Nigeria, as cryptocurrency mining activities remain insignificant.
Incentive system: Blockchain developers should consider adopting a governance framework incorporating an incentive system that safeguards the collective interests of the protocol. Whether through proof of work (eg, as adopted by Bitcoin and Ethereum) or proof of stake (eg, as adopted by EOS), a strong incentive system helps to minimise the risk of 51% attacks on the blockchain. Without strong incentives for core developers, nodes and token holders, voting on issues and validating transactions may become problematic, and this may threaten the continued operation of the protocol. For example, one major issue that resulted in the DAO hack was a code vulnerability which could have been discovered and fixed by core developers if the DAO had no incentive issue.
Security versus scalability trade-off: Blockchain developers should consider a governance framework that safely manages the trade-off between security and speed. While a more decentralised governance framework will typically enjoy better security, but lower speed (eg, Bitcoin), a less decentralised governance framework will typically enjoy higher speed, but less security. While poor scalability may affect mass adoption, poor security often results in loss of funds - an issue that usually gets regulators’ attention.
Data storage and immutability: Data protection regulations now require that data controllers be identifiable and data subjects be entitled to request the modification and deletion of their personal data. Blockchain developers should start considering issues such as data storage and the principle of immutability on the blockchain.
Interoperability: As more blockchains/DLT protocols are developed and introduced by blockchain developers, the need for interoperability increases. If blockchain technology will truly be the third-generation Internet, blockchains must communicate and interact with one another. To ensure that blockchains can speak the same language, blockchain developers must adopt open protocols and multi-chain frameworks.