In furtherance of its commitment to regulate virtual assets, the Bank of Ghana (BOG) has commenced the registration of all Virtual Assets Service Providers (VASPs) currently operating in Ghana, including exchanges, wallet operators, and custodians. This pre-regulation enactment registration exercise is intended to help the Bank map out active players, assess operational risks, and initiate baseline supervision ahead of the enactment of the anticipated Virtual Asset Service Providers (VASPs) Act.
It marks the first concrete step toward bringing virtual asset businesses into the regulatory fold and signals the Bank’s intent to move quickly and decisively once the legislation is enacted.
Unlike mobile money, which represents electronic forms of existing currency (fiat), virtual assets such as cryptocurrencies have become entirely new digital-native forms of value. Powered by blockchain technology, they are beginning to serve as stores of value, mediums of exchange, and units of account – functions traditionally performed by fiat money. And as adoption grows globally, regulators everywhere are racing to provide regulatory certainty for their uses.
In Ghana, equally, the Central Bank has recognized the urgency for such regulatory certainty. It has announced its intention to introduce a formal regulatory framework by the end of September 2025, through the passage of a new Virtual Asset Service Providers Act – Ghana’s first comprehensive virtual assets law.
For FinTech companies operating in Ghana or those looking at market entry, the proposed law will introduce a range of compliance obligations: licensing requirements, AML/CFT protocols, reporting standards, and more. Anticipating these compliance demands and preparing for adherence will be crucial to such companies remaining competitive and compliant upon rollout.
In light of these, this article anticipates the compliance demands, including new ones that the upcoming law may introduce, and offers some practical steps on how service providers can remain compliant.
The Foundational Compliance Demands
While the forthcoming Virtual Asset Providers Act is expected to introduce a dedicated licensing and regulatory regime for VASPs, the compliance demands it will impose may not be entirely unfamiliar to players within the fintech ecosystem.
In many ways, the anticipated requirements will mirror the existing compliance obligations that already apply to Payment Service Providers (PSPs) and other regulated financial service providers.
Like every business entity, VASPs will be required to incorporate and register with existing general primary regulators such as the Office of the Registrar of Companies (ORC), the Ghana Revenue Authority (GRA), the Social Security and National Insurance Trust (SSNIT), the Data Protection Commission, and the relevant District, Municipal, or Metropolitan Assemblies. The compliance demands that come with these baseline statutory registrations will continue, and VASPs will be required to meet such obligations strictly.
Also, VASPs will be expected to comply with broader financial regulatory principles that fintech/financial service providers have long been subject to, including robust Know Your Customer (KYC) processes, adherence to Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) protocols, and compliance with data protection and privacy standards under the Data Protection Act.
Moreso, regulatory expectations will likely extend to areas such as cybersecurity safeguards, risk-based internal controls, and meeting relevant international certifications such as ISO/PCI DSS as well as best practice standards applicable to digital financial services.
In short, while the VASP framework will introduce a more structured and tailored compliance path for virtual asset players, many of its requirements will be built on existing regulatory foundations.
Some Anticipated New Compliance Requirements
While it is anticipated that the regulation of Virtual Assets will build on the existing regulatory regime, it is likely to introduce some additional compliance requirements, considering its underlying risks.
The Central Bank will adopt a risk-based and principle-driven compliance regime consistent with international standards and informed by lessons from jurisdictions that have already taken the lead in regulating the virtual asset space.
From an early look at the Bank’s Draft Guidelines on Digital Assets and statements by its leadership, the intended regime will draw heavily from regulatory themes implemented under the EU’s Markets in Crypto-Assets (MiCA) framework, Singapore’s Payment Services Act, Nigeria’s SEC Rules on Digital Assets, and Kenya’s proposed Virtual Asset Service Providers Bill 2025, among others. These international models provide a rich picture of what compliance will likely look like in Ghana.
- LICENSING AND REGULATORY AUTHORIZATION: Ghana’s approach is expected to introduce a structured licensing framework, likely tiered by function – either as a crypto exchange, wallet provider, broker-dealer, or custodial agent. This mirrors the EU’s Markets in Crypto-Assets Regulation (MiCA), which mandates full licensing for all categories of Crypto Asset Service Providers (CASPs), requiring fit-and-proper assessments of controllers and senior management, and the submission of detailed business plans, governance frameworks, and internal policies.
Similarly, Singapore’s Monetary Authority (MAS) requires licensing under its Payment Services Act for Digital Payment Token (DPT) services. Service Providers under the said Act are to undergo rigorous approval processes to demonstrate financial soundness, internal controls, risk management frameworks, and cybersecurity preparedness.
Kenya’s 2025 VASP Bill also intends to introduce a tiered licensing model, differentiating between issuers, exchange platforms, custodial services, and wallet operators.
In Ghana, we therefore expect the Central Bank to adopt a similar model, assigning functional categories and subjecting applicants to varying compliance intensity based on service risk and scale.
- AML/CFT COMPLIANCE AND THE FATF TRAVEL RULE: Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) will be central pillars of Ghana’s VASP compliance regime. The Financial Action Task Force (FATF)’s Travel Rule, which mandates that VASPs collect and transmit originator and beneficiary information for transfers, has become a global baseline.
MiCA, the EU’s revised Transfer of Funds Regulation, and Singapore’s AML Guidelines (PSN02) all operationalize the Travel Rule. These rules compel VASPs to perform Customer Due Diligence (CDD), maintain transactional records, monitor for red flags, and report suspicious activity.
In Nigeria, the SEC’s digital asset framework requires licensed VASPs to implement risk-based AML/CFT programs aligned with the country’s Money Laundering (Prohibition) Act. These include employee training, compliance audits, and appointing a dedicated compliance officer.
Ghana, a member of both the FATF and Inter-Governmental Action Group against Money Laundering in West Africa (GIABA) (West Africa’s FATF-style regional body), is therefore anticipated to enforce AML/CFT obligations consistent with these international standards. Thus, VASPs will be required to document risk assessments, implement client screening policies, adopt transaction monitoring systems, and conduct continuous staff training as compliance tasks.
- DATA PROTECTION, PRIVACY, AND CYBERSECURITY: The EU’s GDPR, which applies alongside MiCA, and Singapore’s Personal Data Protection Act (PDPA), provide benchmarks that are likely to influence Ghana’s implementation. Both jurisdictions require digital asset firms to apply data minimization, privacy-by-design principles, and encryption practices.
Additionally, the Central Bank’s Draft Guidelines on Digital Assets suggest a strong emphasis on cybersecurity resilience, with VASPs likely to be required to implement intrusion detection systems, conduct regular penetration tests, and maintain disaster recovery protocols.
The MAS, for instance, imposes mandatory cybersecurity audits and prohibits DPT service providers from facilitating lending or staking services for retail customers to limit systemic risk. These compliance demands are expected to be prominent features of the law regulating VASPs in Ghana.
4. CONSUMER PROTECTION AND FINANCIAL LITERACY: Consumer protection is a top regulatory objective globally, and Ghana is expected to follow suit. Under MiCA, crypto asset issuers and exchanges are required to disclose clear risk warnings, ensure clients understand product features, and segregate client assets from company funds.
Singapore’s MAS has gone further by requiring that service providers assess customer knowledge and risk tolerance before onboarding them, and by banning advertising of digital asset services in public spaces or via mass media – measures designed to shield retail customers from speculative losses.
In Ghana’s case, we anticipate that the law and regulation will embed strong consumer-facing obligations, including clear fee disclosures, product risk labeling, complaint mechanisms, mandatory dispute resolution avenues, and required redress for mis-selling or fraud.
- GOVERNANCE, INTERNAL CONTROLS AND REPORTING: Many jurisdictions mandate the submission of periodic financial statements, compliance audits, and operational reports.
Under MiCA, CASPs are required to maintain a complaints management function and are subject to regulatory supervision that includes on-site inspections and enforcement powers. In Kenya, the VASP Bill proposes the submission of quarterly operational reports and requires the appointment of compliance officers and internal audit functions.
In Ghana, the Central Bank is likely to require VASPs to designate a Compliance Officer, submit periodic returns, and notify the regulator of any material business changes. Service Providers may also be required to undergo annual audits, maintain governance structures, and implement internal controls akin to those required of other central bank-supervised financial institutions.
6. INNOVATION SANDBOX AND TRANSITIONAL COMPLIANCE: Innovation is another hallmark of modern VASP regimes. In Japan, regulatory sandboxes are being used to incubate stablecoin projects. Singapore’s MAS also offers regulatory sandbox environments that allow early-stage companies to test products in limited environments prior to full licensing. The UAE’s Virtual Assets Regulatory Authority (VARA), through its sandbox, also allows controlled experimentation and risk-managed scaling of new virtual asset platforms.
Ghana’s existing Fintech and Innovation Office operates a similar regulatory sandbox, which may now be extended to VASP use cases. This could provide early-stage service providers with a lifeline to test blockchain products, token issuance mechanisms, or crypto trading models under the regulator’s oversight.
Some Recommendations on Building Compliant VASPs
As Ghana prepares to usher in virtual asset regulation, the experiences of jurisdictions that have already introduced VASP regulatory frameworks offer valuable guidance.
Drawing from these global best practices, Ghana can develop a balanced, forward-looking, and contextually appropriate regime that fosters both innovation and ensures financial system integrity.
In this regard, implementing the following recommendations and regulatory lessons will help drive a robust virtual asset regime in Ghana:
- CLARITY AND FUNCTIONAL CLASSIFICATION OF VASP ACTIVITIES: A major strength of the EU’s MiCA regulation, Kenya’s VASP Bill 2025, and Singapore’s MAS framework is their clarity in classifying virtual asset services. Instead of adopting a one-size-fits-all approach, these jurisdictions distinguish between custodians, exchanges, brokers, wallet providers, and issuers, tailoring compliance demands based on the risks associated with each category.
Ghana should adopt a similar functional approach, ensuring that compliance obligations are proportionate and clearly mapped to the specific services offered.
2. STREAMLINED AND TRANSPARENT LICENSING PROCESS: In Nigeria, delays and uncertainty in the licensing process have reportedly deterred innovation. In contrast, Singapore and the UAE have developed streamlined digital licensing portals, timelines for regulatory feedback, and clear pre-licensing checklists.
Ghana can avoid such bottlenecks by adopting a transparent, well-structured application process that includes a regulatory pre-engagement window and published service-level timelines for approvals or queries.
3. INTEGRATED AML/CFT AND FINANCIAL SURVEILLANCE INFRASTRUCTURE: Most jurisdictions now enforce the FATF Travel Rule, mandating the collection and transmission of originator and beneficiary data. However, countries like South Korea and Japan have gone further by integrating real-time risk monitoring, inter-agency data-sharing, and blockchain analytics into their AML frameworks.
Ghana could enhance its Financial Intelligence Centre’s (FIC) capabilities to handle blockchain forensics and partner with private blockchain surveillance firms to supervise VASPs more effectively.
4. STRONG DATA PRIVACY AND CYBERSECURITY MANDATES: As seen in Hong Kong, Singapore, and Switzerland, cybersecurity and data protection are not treated as add-ons but as central pillars of digital asset regulation. These jurisdictions enforce regular vulnerability testing, data localization, breach notification obligations, and encryption protocols. Ghana’s framework should build on the Data Protection Act, 2012, by requiring VASPs to maintain cyber-risk insurance, secure coding practices, and independent third-party audits.
5. PROPORTIONAL REGULATION FOR STARTUPS AND LOW-RISK VASPS: Excessive compliance burdens on small players can stifle competition. Kenya’s proposed VASP Bill introduces proportional regulation, offering tiered licensing that adjusts requirements based on size, transaction volume, and systemic risk. Ghana should consider adopting a similar tiered model to ensure smaller fintechs and local VASP startups are not regulated out of the market.
6. REGULATORY SANDBOX AND INNOVATION ZONES: Jurisdictions like the UK, Japan, and Singapore have created safe environments for innovation through regulatory sandboxes and fintech hubs. These structures allow new products to be tested under reduced compliance conditions before full-scale rollout. The Central Bank should formally extend its sandbox to VASP-related services, including tokenized assets, stablecoins, and DeFi applications.
7. COORDINATION BETWEEN REGULATORS: The virtual asset space often sits at the intersection of multiple mandates – financial services, capital markets, cybersecurity, data protection, and tax. UAE’s VARA, for instance, operates in close coordination with the Central Bank, the Ministry of Economy, and the Securities Authority.
Ghana must therefore promote active collaboration between the Bank of Ghana, Securities and Exchange Commission (SEC), Data Protection Commission, FIC, GRA, Cyber Security Authority, and other regulators of business operations to ensure regulatory consistency and eliminate duplication or regulatory gaps.
8. CONSUMER PROTECTION AND FINANCIAL LITERACY: In high-interest jurisdictions like Japan, South Korea, and Singapore, regulators have restricted VASP advertising to the general public and mandated that VASPs assess user risk understanding before onboarding.
Ghana can take a proactive stance by requiring VASPs to include risk disclosures in plain language, limit aggressive marketing to unsophisticated users, and support public education campaigns on virtual asset risks and rights.
Conclusion
As Ghana stands on the cusp of regulating its virtual asset ecosystem through the anticipated Virtual Asset Providers Act, the country has a rare and timely opportunity to build a strong, future-proof regulatory framework. The Bank of Ghana’s move to regulate is both necessary and commendable. Yet, as seen in other jurisdictions, effective regulation must strike a careful balance – protecting the system and the public without choking innovation.
For Ghana’s fintech space, the path ahead is clear: regulation is coming, and it will demand greater transparency, governance, and compliance. But it also brings legitimacy, investor confidence, and a gateway to global alignment.
Ultimately, the success of Ghana’s virtual asset regime will depend not just on what the law says, but on how it is implemented, how inclusive it is, and how compliance-ready the industry is to meet its demands, and we have offered some recommendations in this article.
About the Authors
RICHARD NUNEKPEKU is the Managing Partner of SUSTINERI ATTORNEYS PRUC, and a Technology Consultant, who holds an LL.M from Cornell University (Cornell Tech), where he deepened his expertise in Law, Technology, and Entrepreneurship. He is also a recipient of the 2024 CALI “Excellence for the Future Award” for excellent achievement in the study of AI Law and Policy at Cornell University, New York. He welcomes views on this article via richard@sustineriattorneys.com
HAROLD KWABENA FEARON is an Associate at SUSTINERI ATTORNEYS PRUC with its Corporate, Governance, and Transactions Practice Group, specializing in legal service provision for Startups/SMEs, Technology-enabled companies, Fintechs, and other Innovations. He welcomes views on this article via harold@sustineriattorneys.com
