Nigeria: Series 2: SEC New Rules On The Issuance, Offering Platforms And Custody Of Digital Assets – What You Need To Know

This is the second series of our analysis of the Securities and Exchange Commission's ("SEC") Rules on Issuance, Offering Platforms and Custody of Digital Assets (the "Rules"). The first part can be found on this link. We will, in this series, analyse the provisions of Part B of the Rules which relate to Digital Assets Offering Platform ("DAOP"). The Rules define a DAOP as an electronic platform operated by an operator for offering digital assets. DAOPs are required to register with the SEC.

There is no indication in the Rules as to whether this definition covers only DAOPs based in Nigeria or include offshore DAOPs engaged in digital assets offering targeted at persons resident in Nigeria. As we will see in the requirements for registration below, the Rules applies to DAOPs incorporated and with an office in Nigeria. An offshore DAOP that wishes to engage in digital assets offering targeted at persons resident in Nigeria will be required to incorporate as a separate company in Nigeria in order to register as such with the SEC.

Registration Requirements of a DAOP

The Rules provide that before the incorporation of a company seeking to register as a DAOP at the Corporate Affairs Commission (the "CAC"), such company must first present the proposed membership of its board including the Chief Executive Officer ("CEO") and Principal Officers to the SEC for its approval. This provision is not surprising as the SEC considers the business of a DAOP as a sensitive one, involving a lot of risks, and the SEC has to ensure that the board is well constituted and capable of running the business of the DAOP. The Rules do not, however, provide for what the process should be in a situation where an already incorporated company seeks to register as a DAOP. We believe that such a company will be required to present a list of its board members to the SEC for approval and possible amendment as part of the registration process. To enhance good corporate governance, the Rules requires that the CEO shall only hold the office for a maximum of two 5-year terms with the second 5-year term being subject to the approval of the SEC. Rules 14 and 15 further specify the qualifications of the board of a DAOP and their governance composition.

Registration Fees

The Rules stipulate that, in addition to the requirements for the registration of VASPs, an applicant seeking to register a DAOP shall do so by filing the appropriate SEC Form 2 and 2D which shall be completed in duplicates. The applicant for registration will be required to make payment of the following prescribed fees: (a) filing/application fee – NGN100,000.00; (b) processing fee – NGN300,000.00; (c) registration fee – NGN30,000,000.00; and (d) sponsored individuals fee – NGN100,000.00.

Information Provision

Regarding the registration requirements for VASPs which also apply to a DAOP, these include sworn undertakings that the applicant will be of good conduct and carry out its obligations; a sworn undertaking that the information or document that is provided to the SEC is not false, misleading etc; and submit the rules of the entity it seeks to operate and with provisions, among other things, for the protection of investors and public interest, to manage any conflict of interest that may arise, to promote fair treatment of its users or any person who subscribes for its services. Other requirements include evidence that the applicant has sufficient financial, human and other resources for the operation of the exchange and appropriate security arrangements which include maintaining a secured environment pursuant to the SEC's Technology Risk Management Guidelines.

Where an applicant is regulated by another sectoral regulator, the applicant must also submit to the SEC a no objection or approval letter from the relevant sectorial regulator when making the application. In addition, like a VASP, a DAOP shall have an office in Nigeria managed by a Director of the company.

Required Share Capital

The SEC requires a DAOP to have a minimum paid up capital of NGN500 million either in bank balances, fixed assets or investment in quoted securities, and a current fidelity bond covering at least 25% of the minimum paid-up capital. Evidence of this must be presented as part of the application documents. It should be noted that, notwithstanding the requirement for a minimum paid up capital, the SEC may at any time impose additional financial requirements on a DAOP commensurate with the nature, operations and risks posed by the DAOP to investors.

Sponsored Individuals

As part of its requirements, the SEC requires a DAOP to have sponsored individuals. Sponsored individuals are key officials of capital market operators registered and approved by the SEC. Without sponsored individuals, the SEC will not register a DAOP.

Other Requirements of DAOP

A DAOP has other operational requirements which the SEC mandates it to comply with in its operations. Some of these are discussed below.

Due diligence: Before a DAOP accepts a Digital Asset Offering from an issuer, it is required to carry out its independent due diligence on such issuer to verify, among other things, the business of such issuer, its directors and senior management and to understand the features of the virtual asset/digital token to be issued by the issuer and the rights attached to it. A DAOP must also ensure that both the issuer and its whitepaper are compliant with the Rules. An issuer is prohibited from being hosted concurrently on multiple DAOPs or on an equity crowdfunding platform. As a result, as part of its due diligence, a DAOP must ensure that the issuer is not already hosted on another platform.

Risk management: A DAOP must ensure that token holders are protected. On this basis, the Rules requires a DAOP to identify and manage any risks associated with its business and operations, including any possible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls.

Internal audit: A DAOP is required to establish an internal audit function to develop, implement and maintain an appropriate internal audit framework which is commensurate with its business and operations.

Conflicts of Interest Management: A DAOP is prohibited from providing direct or indirect financial assistance to investors to invest in the virtual assets/digital tokens of an issuer hosted on its platform. To this end, a DAOP shall make appropriate disclosure of any conflicts of interests in a manner prescribed by the SEC. While the Rules do not prohibit a DAOP from holding shares in an issuer whose digital asset securities are listed on its platform, it prohibits a DAOP from holding more than 30% shareholding in any of such issuer on its platform.

Operation of a trust account: A DAOP is a trustees of the money of its investors. As a result, DAOPs are required to establish and maintain trust accounts with a receiving bank designated for monies received from investors and which account shall be administered by a trustee or Central Securities Depository registered by the SEC. Monies in the trust account shall only be released to the issuer in accordance with Rule 20(1)(e). A DAOP must maintain accurate and up to date records of investors and any monies or virtual assets/digital tokens held in relation to investors. Regarding having a trust account, as we indicated in Series 1, the Central Bank of Nigeria prohibits Nigerian banks from operating accounts for cryptocurrencies and virtual assets exchanges. As a result, unless the CBN lifts the prohibition, it is unclear at the moment how the SEC expects DAOPs to open and maintain such trust accounts with Nigerian banks.

Disclosure: A DAOP is, among other things, required to disclose its interest in an issuer or virtual/digital assets hosted on its platform, fees, risk warning statements, rights of the investors and complaint procedures to the investors. Any loss which an investor may suffer as a result of an investment in a digital asset is not covered by any Investor Protection Fund established pursuant to the Investments and Securities Act 2007.

Transaction Recording: A DAOP is required to maintain a register of initial token holders who subscribed for the virtual assets/digital tokens during the offer period and enter into detailed particulars of each investor. It should also maintain a record of all transactions to be carried out on its platform in a manner as determined by the Commission.

Outsourcing Obligations

As part of its operations, a DAOP is permitted to outsource any of its functions (such as back office processes, internal audit, compliance and risk management functions) to external service providers. The decision-making functions of a DAOP, or any direct contact with the issuer or token holder, are not permitted to be outsourced to a third party. Where a DAOP outsources the payment service on its platform to a payments service provider, it is required to obtain a no objection from the CBN. As we stated in the series 1 publication, the CBN does not currently permits entities regulated by it assist in facilitating payment and settlement for cryptocurrencies and virtual assets transactions.

Where the internal audit and risk management functions are outsourced, it cannot be further sub-contracted. A DAOP's board of directors will remain accountable for all outsourced functions as outsourcing such functions does not absolve them of their duties and responsibilities.

Custody

Digital assets could be held with a custodian for investors. On this basis, a DAOP may appoint a digital asset custodian to provide custody of virtual or digital assets for investors. Where a DAOP chooses to provide its own custody service to token holders, the SEC requires that it must comply with the requirements of the Rules. What this means is that, in addition to its registration as a DAOP, it must also obtain registration with, or obtain the approval of, the SEC to act as a custodian.

Cessation of Operations

Before a DAOP ceases to carry on its business and operations, it is required to give prior notification to the SEC. Upon receipt of such notice, the SEC may issue a direction or impose any term or condition on that DAOP for the purposes of ensuring the orderly cessation of its operations. The cessation of business will not take effect until the SEC is satisfied that all the requirements stated in the relevant laws and regulations have been complied with or fulfilled.

Cancellation of Registration

The registration of a DAOP may be cancelled by the SEC pursuant to the Rules under various circumstances. Such circumstances include where: the SEC finds that the DAOP has provided any false or misleading information or that there is a material omission of information; the DAOP fails to meet the requirements as provided in the relevant laws or regulations; the DAOP fails or ceases to carry on the business or activities for which it was registered for a consecutive period of six (6) months; the DAOP contravenes any obligation, condition or restriction imposed under the Rules; or the DAOP fails to pay any fee prescribed by the SEC.

On the other hand, a DAOP may voluntarily apply to the SEC for the withdrawal of its registration. Where the SEC approves the withdrawal of the DAOP's registration, the withdrawal shall not take effect until the SEC is satisfied that adequate arrangements have been made to meet all the liabilities and obligations of the DAOP that are outstanding at the time when the notice of the withdrawal is given. The SEC shall also ensure that the withdrawal does not absolve the DAOP of any agreement, transaction or arrangement entered into by it, whether the agreement, transaction or arrangement was entered into before or after the withdrawal of the registration, or affect any right, obligation or liability arising under any such agreement, transaction, or arrangement.

Conclusion

Part B of the Rules apply to persons who intend to provide offering platforms for issuers of digital assets. A DAOP must be incorporated and have its office in Nigeria. This applies to DAOPs that intend to target persons resident in Nigeria in the offering of digital assets. One sore point remains the ability to operate accounts with Nigerian banks. At the moment, they will be unable to do that in light of the CBN prohibition of financial institutions under its regulatory purview from engaging in or facilitating payments for transactions involving cryptocurrencies and virtual assets.

Given that the SEC expects DAOPs to operate a bank account for their business and interact with CBN regulated institutions, we hope that the SEC will engage with the CBN with a view to getting the CBN to hopefully relaxing this prohibition. Until the CBN does that, the inability to operate a bank account will remain a key challenge for DAOPs and other operators in the digital and virtual assets space.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.