Regulating Virtual Assets: Fintechs Prepare for New Compliance Demands

By Richard NUNEKPEKU &Harold Kwabena FEARON

In continuation of its dedication to overseeing digital assets, the Bank of Ghana (BOG) has initiated the registration process for all Virtual Assets Service Providers (VASPs) functioning within Ghana, such as exchanges, wallet administrators, and custodians.

This preliminary registration process aims to assist the Bank in identifying active participants, evaluating operational risks, and establishing initial oversight prior to the implementation of the upcoming Virtual Asset Service Providers (VASPs) Act.

It represents the initial tangible action in integrating virtual asset businesses within the regulatory framework and indicates the Bank's determination to act swiftly and firmly once the law is passed.

In contrast to mobile money, which is an electronic version of traditional currency (fiat), virtual assets like cryptocurrencies have emerged as completely new digital-only forms of value. Utilizing blockchain technology, they are starting to act as stores of value, means of exchange, and measures of worth – roles typically fulfilled by fiat money. As their usage expands worldwide, authorities across the globe are working quickly to establish clear regulations for their application.

In Ghana, the Central Bank has also acknowledged the need for regulatory clarity. It has stated its plan to establish a formal regulatory system by the end of September 2025, by enacting a new Virtual Asset Service Providers Act – Ghana's initial thorough virtual assets legislation.

For financial technology firms functioning in Ghana or considering market expansion, the new legislation will impose various compliance responsibilities: licensing conditions, anti-money laundering and counter-terrorism financing measures, reporting guidelines, and additional requirements. Being prepared for these compliance expectations and ensuring adherence will be essential for these companies to stay competitive and compliant once the law is implemented. Considering this, this article predicts the compliance challenges, including potential new ones that the upcoming law might bring, and provides some actionable steps for service providers to maintain compliance.

The foundational compliance demands

Although the upcoming Virtual Asset Providers Act is set to establish a specific licensing and regulatory framework for VASPs, the compliance challenges it will bring might not be completely new for participants in the fintech industry. In several respects, the expected standards will resemble the current compliance responsibilities that are already in place for Payment Service Providers (PSPs) and other authorized financial service providers.

Similar to all business organizations, VASPs must establish and register with current primary general regulators including the Office of the Registrar of Companies (ORC), the Ghana Revenue Authority (GRA), the Social Security and National Insurance Trust (SSNIT), the Data Protection Commission, and the appropriate District, Municipal, or Metropolitan Assemblies. The compliance requirements associated with these fundamental legal registrations will remain in effect, and VASPs will be expected to adhere to these responsibilities thoroughly.

Additionally, VASPs are anticipated to follow general financial regulatory guidelines that fintech and financial service companies have traditionally adhered to, such as strong Know Your Customer (KYC) procedures, following Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) measures, and meeting data protection and privacy requirements outlined in the Data Protection Act.

Furthermore, regulatory demands are expected to cover aspects like cybersecurity protections, risk-focused internal controls, and adhering to applicable international certifications such as ISO/PCI DSS along with best practice standards relevant to digital financial services. In essence, although the VASP framework will provide a more organized and customized compliance approach for virtual asset providers, many of its conditions will be based on current regulatory bases.

Some expected new regulatory obligations

Although the regulation of Virtual Assets is expected to be based on the current regulatory framework, it may bring about certain new compliance obligations due to the inherent risks involved. The Central Bank will implement a risk-focused and principle-based compliance system that aligns with global standards and draws from experiences in regions that have already pioneered regulations in the virtual asset sector.

Based on an initial review of the Bank’s Draft Guidelines concerning Digital Assets and remarks from its leadership, the planned regulatory system is expected to be significantly influenced by the principles established under the EU's Markets in Crypto-Assets (MiCA) framework, Singapore's Payment Services Act, Nigeria's SEC Rules for Digital Assets, and Kenya's proposed Virtual Asset Service Providers Bill 2025, along with other similar frameworks. These global examples offer a comprehensive view of what compliance might entail in Ghana.

1. Licensing and regulatory authorization: Ghana's strategy is anticipated to establish a formal licensing system, potentially categorized based on function—such as a cryptocurrency exchange, wallet service, broker-dealer, or custodian. This aligns with the EU's Markets in Crypto-Assets Regulation (MiCA), which requires comprehensive licensing for all types of Crypto Asset Service Providers (CASPs), including fit-and-proper evaluations for leaders and senior staff, along with the provision of thorough business plans, governance structures, and internal policies.

In the same way, Singapore's Monetary Authority (MAS) mandates licensing under its Payment Services Act for Digital Payment Token (DPT) services. Entities offering such services must go through thorough approval procedures to prove their financial stability, internal controls, risk management systems, and cybersecurity readiness.

Kenya's 2025 VASP Bill aims to implement a tiered licensing system, distinguishing between issuers, exchange platforms, custodial services, and wallet providers. In Ghana, we anticipate that the Central Bank will follow a comparable approach, categorizing functions and applying different levels of compliance requirements depending on the risk and size of the service.

1. AML/CFT adherence and the FATF travel rule:Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) will serve as key components of Ghana's regulatory framework for Virtual Asset Service Providers (VASPs). The Financial Action Task Force (FATF)'s Travel Rule, requiring VASPs to gather and share details about the sender and recipient of transactions, has established an international standard.

The EU's updated Transfer of Funds Regulation, known as MiCA, along with Singapore's AML Guidelines (PSN02), all implement the Travel Rule. These regulations require VASPs to conduct Customer Due Diligence (CDD), keep detailed transaction records, watch for warning signs, and report any unusual activity.

In Nigeria, the SEC's digital asset framework mandates that authorized VASPs establish risk-focused AML/CFT programs that comply with the nation's Money Laundering (Prohibition) Act. This involves providing staff training, conducting compliance reviews, and designating a specific compliance officer. Ghana, which is part of both the FATF and the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA) (the regional FATF equivalent for West Africa), is expected to enforce AML/CFT responsibilities in line with these global standards. Consequently, VASPs will need to record risk evaluations, develop client verification procedures, implement transaction surveillance mechanisms, and ensure ongoing employee education as part of their compliance duties.

1. Information security, confidentiality, and digital safety:The EU's GDPR, which works in conjunction with MiCA, and Singapore's Personal Data Protection Act (PDPA), set standards that are expected to impact Ghana's approach. Both regions mandate digital asset companies to implement data minimization, privacy-by-design concepts, and encryption methods.

Furthermore, the Central Bank's Draft Guidelines regarding Digital Assets highlight a significant focus on cybersecurity strength, indicating that VASPs may need to adopt intrusion detection systems, perform routine penetration testing, and establish disaster recovery plans. For example, the MAS mandates mandatory cybersecurity reviews and bans DPT service providers from offering lending or staking services to individual customers in order to reduce systemic risk. These regulatory requirements are anticipated to be key components of the legislation governing VASPs in Ghana.

1. Consumer rights and financial education:Consumer safety is a key regulatory priority worldwide, and Ghana is anticipated to adopt similar measures. With MiCA, individuals or entities issuing crypto assets and cryptocurrency exchanges must provide explicit risk disclosures, ensure customers comprehend the product details, and keep client funds separate from company resources. Singapore's MAS has taken additional steps by mandating that service providers evaluate customer understanding and willingness to take risks prior to accepting them as clients, and by prohibiting the promotion of digital asset services in public areas or through mass media—actions aimed at protecting retail investors from potential speculative losses.

In the context of Ghana, we expect that the law and regulations will incorporate robust consumer-focused responsibilities, such as transparent fee explanations, product risk markings, channels for lodging complaints, compulsory methods for resolving disputes, and necessary remedies in cases of improper selling or fraud.

1. Management, internal safeguards and disclosure:Numerous regions require the regular submission of financial statements, compliance audits, and operational reports. With MiCA, CASPs must establish a complaints handling system and face regulatory oversight that involves on-site visits and enforcement authority. In Kenya, the VASP Bill suggests submitting quarterly operational reports and mandates the hiring of compliance officers and internal audit roles.

In Ghana, the Central Bank may ask VASPs to appoint a Compliance Officer, provide regular reports, and inform the regulator about any significant business changes. Service Providers might also need to have annual audits, establish governance frameworks, and put in place internal controls similar to those mandated for other financial institutions regulated by the central bank.

1. Innovation trial and temporary regulatory compliance:Another key feature of contemporary VASP systems is innovation. In Japan, regulatory sandboxes are being utilized to support stablecoin initiatives. Singapore's MAS also provides regulatory sandbox frameworks that enable startups to trial their offerings in controlled settings before obtaining full licenses. The UAE's Virtual Assets Regulatory Authority (VARA), via its sandbox, facilitates regulated testing and carefully managed expansion of emerging virtual asset platforms.

Ghana's current Fintech and Innovation Office manages a comparable regulatory sandbox, which could potentially be expanded to include VASP scenarios. This might offer emerging service providers a crucial opportunity to trial blockchain products, token creation processes, or cryptocurrency trading models while being monitored by the regulatory authority.

Suggestions for establishing compliant VASPs

As Ghana gets ready to introduce regulations for virtual assets, the experiences of regions that have already implemented VASP regulatory systems provide useful insights. By learning from these global best practices, Ghana can create a balanced, progressive, and situation-appropriate framework that supports innovation while maintaining the integrity of the financial system. In this context, adopting the following recommendations and regulatory lessons will contribute to establishing a strong virtual asset regime in Ghana:

1. Clear definition and functional categorization of VASP operations:A key advantage of the EU's MiCA regulation, Kenya's VASP Bill 2025, and Singapore's MAS framework is their clear categorization of virtual asset service providers. Rather than implementing a uniform approach, these regions differentiate between custodians, exchanges, brokers, wallet service providers, and issuers, adjusting compliance requirements according to the risks involved in each category. Ghana should follow a comparable functional model, ensuring that regulatory obligations are balanced and directly aligned with the particular services provided.
2. Effortless and clear licensing procedure:In Nigeria, delays and unpredictability in the licensing procedure are said to have discouraged innovation. On the other hand, Singapore and the UAE have established efficient digital licensing platforms, defined timeframes for regulatory responses, and explicit pre-licensing checklists. Ghana could prevent similar issues by implementing a clear, organized application process that features a regulatory pre-engagement phase and publicly available service-level timelines for approvals or inquiries.
3. Integrated anti-money laundering and counter-terrorist financing financial monitoring system:Many regions currently implement the FATF Travel Rule, requiring the gathering and sharing of information about the sender and recipient. Nevertheless, nations such as South Korea and Japan have taken additional steps by incorporating real-time risk assessment, data exchange between agencies, and blockchain analysis into their anti-money laundering systems. Ghana could improve the Financial Intelligence Centre's (FIC) abilities to manage blockchain investigations and collaborate with private companies specializing in blockchain monitoring to better regulate VASPs.
4. Stringent data protection and cyber security regulations:As observed in Hong Kong, Singapore, and Switzerland, cybersecurity and data protection are not viewed as optional components but as fundamental elements of digital asset regulation. These regions implement routine vulnerability assessments, data localization requirements, mandatory breach disclosure, and encryption standards. Ghana's regulatory approach should enhance the Data Protection Act, 2012, by mandating VASPs to have cyber-risk insurance, adopt secure coding methods, and undergo independent third-party evaluations.
5. Regulatory proportionality for new businesses and low-risk VASPS:Overly strict compliance demands on small entities may hinder competition. Kenya's proposed VASP Bill presents a proportionate regulatory approach, providing different levels of licensing that modify requirements according to company size, transaction volume, and potential systemic risk. Ghana could explore implementing a comparable tiered system to prevent smaller fintechs and local VASP startups from being driven out of the market.
6. Regulatory sandbox and innovation areas:Countries such as the UK, Japan, and Singapore have established secure settings for innovation by implementing regulatory sandboxes and financial technology centers. These frameworks enable new offerings to be evaluated under less stringent compliance requirements prior to full implementation. The Central Bank needs to officially expand its sandbox to cover VASP-related services, such as tokenized assets, stablecoins, and decentralized finance applications.
7. Coordination between regulators: The realm of virtual assets frequently overlaps with various responsibilities – financial services, capital markets, cybersecurity, data privacy, and taxation. For example, the UAE's VARA works closely with the Central Bank, the Ministry of Economy, and the Securities Authority. Therefore, Ghana should encourage strong cooperation among the Bank of Ghana, the Securities and Exchange Commission (SEC), the Data Protection Commission, FIC, GRA, Cyber Security Authority, and other business regulators to maintain consistent regulation and avoid overlaps or gaps in oversight.
8. Consumer rights and financial education:In countries with high regulatory standards such as Japan, South Korea, and Singapore, authorities have imposed restrictions on VASP advertising aimed at the general population and require VASPs to evaluate user comprehension of risks prior to registration. Ghana could adopt a forward-thinking approach by mandating that VASPs provide risk disclosures in simple language, restrict aggressive promotional activities targeting inexperienced users, and promote public awareness initiatives about virtual asset risks and consumer rights.

Conclusion

As Ghana is about to implement regulations for its digital asset sector via the upcoming Virtual Asset Providers Act, the nation has a unique and timely chance to create a robust, forward-looking regulatory system. The Bank of Ghana's initiative to establish regulation is both essential and praiseworthy. However, as observed in other regions, successful regulation needs to maintain a delicate equilibrium—safeguarding the system and the public without stifling innovation.

In Ghana's fintech sector, the future is evident: regulation is on the horizon, requiring increased transparency, governance, and adherence to rules. However, it also offers credibility, trust from investors, and an opportunity for international integration. In the end, the effectiveness of Ghana's virtual asset framework will not only rely on the content of the law but also on its execution, inclusiveness, and the industry's preparedness to meet these requirements. We have provided some suggestions in this article.

>>>Richard Nunekpeku serves as the Managing Partner at Sustineri Attorneys PRUC and works as a Technology Consultant. He earned his LL.M from Cornell University (Cornell Tech), where he expanded his knowledge in Law, Technology, and Entrepreneurship. He was also honored with the 2024 CALI "Excellence for the Future Award" for outstanding performance in AI Law and Policy studies at Cornell University, New York. He is open to receiving opinions on this article viarichard@sustineriattorneys.com

>>>Harold Kwabena Fearon serves as an Associate with Sustineri Attorneys PRUC within the Corporate, Governance, and Transactions Practice Group, focusing on delivering legal services to Startups/SMEs, Technology-driven businesses, Fintech firms, and other innovative enterprises. He is open to receiving opinions on this article throughharold@sustineriattorneys.com

Provided by SyndiGate Media Inc. (Syndigate.info).

Read More

NEPRA Orders Discos to Refund Rs0.50 per Unit, K-Electric to Pay Rs4.03 to Consumers

The National Electric Power Regulatory Authority has instructed the state-owned power distribution companies (Discos) and K-Electric to return Re0.50 per unit and Rs4.03 per unit respectively to customers, as they had charged extra based on the reference monthly fuel costs. NEPRA has also turned down the Ministry of Energy's proposal to delay K-Electric's FCA process, stating that the MoE's request to postpone the FCAs is premature without any official decision from the cabinet.

In two separate rulings, the regulatory body has approved a negative adjustment of Re0.50 per unit against the positive adjustments of Re0.10 per unit that the DISCOs had requested, concerning the May monthly FCA. Conversely, regarding the negative adjustments of Rs4.69 per unit sought by KE, the authority has permitted a refund of Rs4.0349 per unit to consumers based on the April FCA. In a petition filed on behalf of the former WAPDA Distribution Companies (DISCOs), the Central Power Purchasing Agency Guarantee Limited (CPPA-G) stated that the actual fuel cost in May was Rs7.4940 per unit, which is Re0.1015 per unit more than the reference cost of Rs7.3925 per unit for that month.

However, following multiple calculations, the regulator determined that the real fuel cost for May was Rs.6.8972 per unit, which is Rs 0.4952 per unit lower than the reference tariff of Rs.7.3925 per unit. The regulator has instructed the Discos to return Re0.4952 per unit to consumers in the July bill.

The CPPA-G has asked for Rs57.333b in fuel cost elements from different plants for May 2025, but the regulator approved Rs51.847b after subtracting Rs5.486b, due to the latest NEPRA decisions on applicable fuel cost components for the same month. K-Electric had requested NEPRA's approval for a refund of Rs4.69 per unit to consumers, which would affect Rs7.713 billion, as a result of the April 2025 monthly FCA.

However, after setting aside Rs0.8 billion related to partial load, open cycle, and degradation curves along with startup costs for the period from July 2023 to April 2025, the regulator has approved a refund of Rs4.0349 per unit. K-Electric had requested Rs16 billion for the same reasons during the period from July 2023 to April 2025. The Authority has already temporarily set aside Rs15.2 billion from monthly FCAs between November 2024 and March 2025 to avoid placing an excessive burden on consumers in the future for these outstanding costs. Therefore, as of April 2025, Rs0.8 billion remains pending due to partial load, open cycle, and degradation curves along with startup costs, according to K-Electric's claims.

In line with the principle of not overburdening consumers at a later stage and ensuring timely recovery of reasonable costs, the Authority has decided to temporarily withhold the pending amount of Rs.0.8 billion from the immediate FCA of April 2025. 31. Based on the above discussion and after considering the adjustments mentioned earlier, the Authority has calculated a negative FCA of Rs4.0349/unit, resulting in a negative impact of Rs6,176 million for the month of April 2025, which will be passed on to consumers in the billing month of July 2025. 32. The aforementioned negative FCA of Rs.4.0349/unit is being provisionally allowed, subject to adjustment once the MYT of KE for the period FY 2024-30 is announced. Any difference in cost, if applicable, will be adjusted in future revisions. NEPRA has also turned down the federal government's request to delay the KE's FCA process for April, stating that provisional FCA proceedings have been ongoing for about two years, yet the MoE never raised any objection to the reference FCC of Rs15.9947/unit. The proceedings for the FCA of April 2025 were initiated through an advertisement dated 12.06.2025, and the hearing was rescheduled twice, but the MoE has not managed to submit any policy guidelines or obtain Cabinet approval. The regulator stated that the MoE's request to delay the FCAs is premature without any formal decision from the Cabinet. Furthermore, under Section 31(7) of the NEPRA Act, the Authority may, on a monthly basis and no later than seven days, make adjustments to the approved tariff due to variations in fuel charges, although these timelines are considered advisory rather than mandatory.

The NEPRA Act ensures consistent tariffs for public sector licensees, but the NE Policy 2021 states that the government can also maintain a uniform consumer tariff for K-Electric and state-owned distribution companies (even post-privatization) by including direct or indirect subsidies. Hence, it is yet to be determined if the NEPRA Act and other relevant documents permit uniformity in FCAs or not. Moreover, the delay in MLRs does not prevent the Authority from continuing with FCA proceedings, as there is no suspension in place. The regulator has instructed KE to refund Rs4.0349 per unit to consumers in the July bill.

Provided by SyndiGate Media Inc. (Syndigate.info).

Read More