Virtual Asset Service Provider (VASP) license in Nigeria is what every crypto business operating in the country now needs.

Nigeria has one of the highest rates of crypto adoption in the world, and the regulatory environment has finally caught up. The enactment of the Investment and Securities Act (ISA) 2025 put to rest the uncertainties surrounding virtual assets in Nigeria and now Virtual Assets are formally recognised as securities, with the Securities and Exchange Commission (SEC) as the regulatory authority responsible for registering VASPs and other digital asset service providers.

Before ISA 2025, businesses operating in the digital asset space faced serious ambiguity, particularly following the Central Bank of Nigeria’s 2021 directive that pushed crypto transactions out of the traditional banking system. Well, that era is over. The rules are now clear, and the SEC is enforcing them.

What Is a VASP Under Nigerian Regulation?

A Virtual Asset Service Provider (VASP) is any business that provides services involving the exchange, transfer, custody, or administration of virtual assets on behalf of other people.

The following businesses fall within this definition:

1. 1.Crypto Exchanges : These are platforms where users buy, sell, or swap cryptocurrencies for naira or other digital assets. Whether centralised or peer-to-peer, if your platform matches buyers and sellers of virtual assets, you are a VASP.
2. 2.Wallet Providers: These are businesses that hold, manage, or provide custody of digital assets on behalf of users. If you control the private keys to a user's funds, you are providing a regulated service under Nigerian law.
3. 3.OTC Trading Platforms: These are over-the-counter desks that facilitate large crypto trades outside of public exchanges. If your business model involves trading, exchanging, or facilitating the movement of virtual assets in any form, you are likely within the SEC's regulatory scope.
4. 4.Digital Asset Brokerage Services: These are businesses that act as intermediaries, helping clients buy or sell virtual assets without operating a full exchange. These businesses handle client funds or instructions, which places them firmly under SEC oversight.

Understanding the SEC's Role in VASP Licensing

The SEC’s oversight goes beyond just issuing licenses. As Alliance Law Firm explains, the SEC introduced the Accelerated Regulatory Incubation Program (ARIP) to simplify the onboarding process for VASPs, enabling businesses to obtain preliminary approval in principle, allowing them to operate in compliance with regulatory standards before commencing full operations in the capital market.

The SEC's objectives includes:

1. 1.Protecting investors
2. 2.Ensuring AML/CFT compliance,
3. 3.Ensuring market transparency, and
4. 4.operational accountability.

The SEC uses the VASP licensing process as a way to make sure these four objectives are being complied with.

Step-by-Step Process to Get a VASP License in Nigeria

Step 1: Incorporate a Legal Business Entity

Your company must be fully registered with the Corporate Affairs Commission (CAC). You need a valid Certificate of Incorporation, a Memorandum and Articles of Association (MEMART), and a current Status Report. You must also maintain a physical office in Nigeria, and your CEO or MD must be a resident in the country.

Additionally, 60% of your board members must be of Nigerian origin, with the board chairman and majority of directors being non-executive. The CEO's appointment is also subject to SEC's prior approval.

Step 2: Meet the Capital Requirements

The minimum share capital requirement is currently ₦500 million, with proposed increases to ₦1 billion for digital asset firms. This must be paid-up capital which means that the money must actually be invested into the company's equity. The SEC registration fee alone is ₦30,000,000 (Thirty Million Naira), with additional application, processing, and sponsored individuals' fees on top.

Step 3: Develop Your AML/CFT Compliance Framework

This is where many applications fall short. Before submitting anything, you need fully documented KYC and customer due diligence procedures, transaction monitoring systems, suspicious transaction reporting processes, and risk assessment policies. These must be implemented and actively used in business and not just written on paper.

Step 4: Prepare Your Full Documentation Package

Your application must include compliance manuals, internal control policies, operational procedures, cybersecurity policies, and data protection frameworks. Every document must reflect how your business actually operates.

Step 5: Submit Your Initial Assessment Filing to the SEC

The first step is submitting an initial assessment filing to the SEC, after which you may be approved to participate in ARIP and obtain an Approval-in-Principle (AIP). As the SEC's official ARIP checklist confirms, the initial assessment is submitted online through the SEC ePortal. Once the SEC reviews and confirms eligibility, a formal ARIP application is completed, followed by AIP issuance.

Step 6: Complete ARIP and Apply for Full Registration

Once you operate successfully under ARIP, you qualify to apply for full SEC registration. After securing full approval, you receive a formal operational license to function as a VASP in Nigeria and can walk into any Nigerian bank and open a corporate account without being flagged as a high-risk entity.

Common Challenges Nigerian VASPs Face During Licensing

Getting a VASP license in Nigeria is not a straightforward process. Many businesses apply and either get rejected or stall midway. This is because they are unprepared on the compliance side. These are the most common reasons applications fail:

1. Weak AML Controls

Many VASP applicants submit AML policies that exist only on paper. The SEC expects to see a functioning Anti-Money Laundering framework, one with documented customer risk ratings, clear escalation procedures, and evidence that it is being actively used.

2. Incomplete Documentation

The SEC requires a comprehensive documentation package that includes compliance manuals, internal control policies, cybersecurity frameworks, data protection policies, and governance documents. The application may also be denied where the proposed activities of the applicant violate any laws, rules and regulations of the SEC or where submitted documentation is insufficient to demonstrate operational readiness.

Missing even one required document can delay or kill an application entirely.

3. Poor Transaction Monitoring Systems

Regulators want to see that your business can detect suspicious activity in real time not after damage has been done. Many applicants have no transaction monitoring system in place at all, or rely on manual processes that cannot scale.

The SEC expects automated systems capable of flagging unusual transaction patterns, screening customers against sanctions lists, and generating audit-ready reports.

4. Lack of Internal Compliance Expertise

Without someone internally who understands AML/CFT obligations, KYC requirements, and regulatory reporting, the application process becomes guesswork.

5. Difficulty Meeting Evolving Regulatory Expectations

The SEC regularly updates its rules and compliance expectations. As a result, VASPs and new entrants must continuously review and adjust their operations, policies, and controls to remain compliant. A process or compliance measure that met regulatory standards a few months ago may no longer satisfy current SEC requirements.

Why Transaction Monitoring Matters for VASP Compliance.

Getting your VASP license in Nigeria is step one but keeping it is another challenge entirely as basic KYC alone is no longer enough. The SEC increasingly expects VASPs to demonstrate visibility into wallet activity, transaction flows, linked entities, and the movement of suspicious funds. This is where many licensed operators still fall short and where the real compliance work begins.

At A&D Forensics, we support VASPs with blockchain analytics, AML/CFT compliance monitoring, transaction tracking, compliance reporting, and forensic investigation capabilities designed to strengthen regulatory readiness.

From transaction monitoring systems to fund-flow analysis and audit support, we help digital asset businesses improve their compliance framework in an evolving regulatory environment.

Having a VASP license in Nigeria is an important milestone but that's not all. The businesses that remain compliant and avoid regulatory penalties are the ones that continuously maintain, update, and actively manage their compliance processes, not those that only set them up once and forget about them.

The SEC will continue to tighten its framework and the penalties for non-compliance will grow. The VASPs that survive long-term will be the ones that combine regulatory readiness with deep transaction visibility and proactive risk management.

The Current Status of the CBN and SEC Sandbox

The Central Bank of Nigeria (CBN) has gradually shifted from its earlier restrictive stance toward a more compliance-focused approach. The CBN’s 2021 directive restricted banks and financial institutions from processing cryptocurrency-related transactions, which significantly limited crypto businesses’ access to formal banking channels. That position was formally reversed in December 2023, when the CBN issued new guidelines permitting banks to open designated accounts for VASPs but only for those holding a valid VASP license Nigeria issued by the SEC

In response, the Securities and Exchange Commission (SEC) introduced its sandbox and incubation programs (Regulatory Incubation (RI) and Accelerated Regulatory Incubation Program (ARIP), providing a structured pathway for Virtual Asset Service Providers (VASPs) to operate under regulatory supervision while working toward full approval.

However, coordination between banking regulation and digital asset supervision is still evolving. Practically, some licensed VASPs still report difficulties accessing banking services, with accounts being flagged despite holding valid approvals. As a result, the SEC's ARIP and RI frameworks currently serve as the most practical entry point for crypto companies seeking regulatory legitimacy and eventual integration into Nigeria's formal financial system.

Contributor: Ademola-Adesola Ifeoluwaposimi