Nigerian crypto regulation has evolved rapidly since the SEC Digital Assets Rules (DARE) 2022. Today, a fully compliant Nigerian blockchain business must satisfy at least five regulatory frameworks simultaneously:
1.SEC Nigeria — Virtual Asset Service Provider (VASP) registration
2.CBN — Banking and foreign currency guidelines
3.NFIU — AML/CFT and KYC requirements
4.NDPC — Data protection compliance
5.FIRS — Cryptocurrency tax obligations
This checklist organises the most critical requirements so you know exactly where you stand.
SEC VASP Compliance Checklist
Company incorporated with CAC (Certificate of Incorporation obtained)
Minimum capital requirement met (₦500M for exchanges, ₦150M for others)
Capital verified by bank letter dated within 3 months
Qualified Compliance Officer appointed (3+ years AML experience)
Money Laundering Reporting Officer (MLRO) appointed
AML/CFT Policy Manual drafted and board-approved
KYC Customer Onboarding Procedures documented
Technology and Cybersecurity Policy in place
Technology Security Audit commissioned from SEC-approved auditor
Business continuity and disaster recovery plan documented
Consumer protection and complaint handling procedures in place
Beneficial ownership register maintained
VASP application submitted to SEC with ₦300,000 fee
SEC Approval-in-Principle (AIP) received and conditions met
Final VASP Registration Certificate received
CBN Compliance Checklist
Corporate bank account maintained at a CBN-licensed bank
CBN guidelines on Virtual Assets (2023) reviewed and implemented
Foreign currency transactions above applicable thresholds reported to CBN
P2P platform participants subject to enhanced due diligence
Bank relationships maintained with SEC-licensed VASP status
NFIU AML/CFT Compliance Checklist
Tiered KYC implemented (Tier 1, 2, 3 with appropriate limits)
Customer Due Diligence (CDD) performed on all users before onboarding
Enhanced Due Diligence (EDD) for Politically Exposed Persons (PEPs)
Sanctions screening against UN, OFAC, EU, and Nigerian lists
Suspicious Transaction Reporting (STR) procedures in place
STR filing system connected to NFIU portal
Currency Transaction Reports (CTR) for transactions above ₦5 million
Travel Rule implemented for crypto transfers above USD 1,000
Transaction monitoring system in place with alert thresholds
Records retained for minimum 5 years
Annual AML staff training conducted and documented
Annual AML programme audit completed
NDPC Data Protection Checklist
Privacy Policy published and accessible on your platform
Legal basis documented for each category of data processing
Data subject rights process implemented (access, correction, deletion)
Data breach response procedure in place (72-hour NDPC notification)
Data Protection Impact Assessment (DPIA) conducted for biometric/high-risk processing
Data Processing Agreements signed with all technology vendors
NDPC registration completed and annual compliance audit filed
Data Protection Officer (DPO) appointed if required
Cross-border data transfer protections in place (for cloud/AI providers)
Cookie policy and consent mechanism in place (if applicable)
FIRS Tax Compliance Checklist
Company Income Tax (CIT) registration with FIRS
Value Added Tax (VAT) registration (if applicable)
Crypto asset treatment understood: property for tax purposes
Capital gains from disposal of crypto assets tracked and reported
Mining or staking income reported as ordinary income
All crypto transactions recorded with acquisition cost and disposal value
Transaction records retained for minimum 6 years
Annual tax returns filed declaring all crypto-related income
Transfer pricing documentation for related-party transactions (if applicable)
Ongoing Compliance Activities
Once you are registered and compliant, these activities must be maintained:
Monthly:
Review STR reports and file any identified suspicious transactions
Monitor transaction volumes for CTR obligations
Check sanctions lists for updates
Quarterly:
Report to SEC as required under DARE Rules
Review KYC data quality for accuracy
Internal AML review meeting with Compliance Officer
Annually:
File NDPC compliance audit
Renew NDPC registration
Conduct full AML/CFT programme audit
Submit annual VASP reports to SEC
File annual returns with CAC
Conduct AML staff training
Use RegBridge to Complete This Checklist
RegBridge generates a personalised version of this checklist based on your specific business model. Our AI assessment identifies which of these requirements apply to you, in what order you should tackle them, and what documents you need to prepare.