Kenya’s fintech industry is rapidly expanding due to a large number of mobile phone users, a young tech-savvy population, and supportive government policies.
Fintech companies provide mobile money, digital loans, and payment solutions to make financial services more accessible. However, running a fintech business in Kenya requires compliance with various legal regulations.
The Central Bank of Kenya (CBK) regulates these services to ensure innovation and consumer protection.
Fintech companies must follow rules set by the CBK, including the CBK Payment Services Regulations, the Data Protection Act, and the Anti-Money Laundering and Counter-Terrorism Financing Act.
Understanding these legal frameworks is essential for those starting or investing in a fintech company in Kenya.
Failing to comply can result in heavy fines or losing your business license. Staying informed about these regulations is key to operating a successful and legally compliant fintech business in Kenya.
Key Takeaways
- Fintech companies in Kenya must adhere to a well-established regulatory framework that the Central Bank of Kenya oversees.
- Obtaining licenses, adhering to anti-money laundering compliance, data protection and privacy, and consumer protection laws are just some of the legal requirements that fintech companies must comply with.
- Understanding the legal framework is crucial for entrepreneurs looking to start a fintech company or investors looking to fund one.
Regulatory Framework for Fintech Companies in Kenya
In Kenya, two main organizations regulate fintech companies:
- Central Bank of Kenya (CBK)
- Capital Markets Authority (CMA)
Both organizations have created guidelines to ensure that fintech companies operate legally.
Central Bank of Kenya Regulations
The Central Bank of Kenya (CBK) has established specific rules for digital credit providers.
For instance, Regulation 4 (2) of the CBK (Digital Credit Providers) Regulations, which was published in 2022, states that anyone intending to conduct digital credit business in Kenya must apply to the CBK for a license.
When reviewing applications, the CBK looks at things like the source and proof of funds, the business plan, and the suitability of the applicant.
The Central Bank of Kenya also has a credit referencing system in accordance with the Central Bank of Kenya Act 1984 (revised edition 2019) and the Credit Reference Bureau Regulations (2020) to help fintech companies assess their customers’ creditworthiness and reduce the chance of defaults.
Capital Markets Authority Guidelines
The Capital Markets Authority regulates fintech companies involved in securities trading and capital markets.
Their guidelines aim to ensure these companies operate fairly and protect investors from fraud.
Companies must disclose all necessary information to investors, keep accurate records, and have strong internal controls and risk management systems.
If you’re running a fintech company in Kenya, it’s important to understand these regulations to avoid legal issues.
Fintech Company Licensing Requirements
If you’re starting a fintech business in Kenya, you’ll need a license from the Central Bank of Kenya (CBK). Here’s a look at what’s involved:
Application Process
The CBK (Digital Credit Providers) Regulations, 2021 require fintech companies (digital credit businesses in Kenya) to apply for a license.
The application process requires you to submit the following documents:
- A filled-out application form
- A business plan
- Details about your services
- Information on your corporate structure and ownership
- Proof of financial resources
Once submitted, the CBK will review your application and issue a license if you meet the requirements.
It’s a good idea to seek legal advice to ensure your application is complete.
Operational Requirements
After obtaining a license, you must continue to meet all legal requirements.
The specific requirements will depend on the nature of your business and the services you provide. These include:
- Adequate capitalization
- Robust risk management systems
- Adequate customer protection measures
- Compliance with anti-money laundering laws and regulations
Failing to meet these requirements can result in losing your license or facing other legal penalties.
Anti-Money Laundering Compliance for Fintech Companies in Kenya
Fintech companies in Kenya must follow Anti-Money Laundering (AML) rules to prevent their services from being used for illegal activities like money laundering or terrorist financing.
Failure to comply with these regulations can lead to significant penalties, such as substantial fines, potential revocation of the company’s license, and criminal charges.
Reporting Obligations
Fintech companies must report suspicious transactions to the Financial Reporting Centre (FRC).
This includes transactions with no lawful purpose or involving funds from criminal activity. Fintech companies must also keep records of all their transactions for at least five years.
Customer Due Diligence
Before providing services, fintech companies must verify their customers’ identities and the sources of their funds. They must also monitor customer transactions to ensure they match the customers’ income sources.
Data Protection and Privacy for Fintech Companies in Kenya
Handling Personal Data
Kenya’s Data Protection Act (DPA) of 2019 makes sure that fintech companies keep customer data safe. The DPA ensures that customer privacy and security are prioritized when collecting, processing, or storing personal data.
This data includes personal information like your name, ID number, or location. Companies must protect this information and only use it for the right reasons.
As a fintech company, you must only use personal data for the reasons it was collected and must not share it without the customer’s consent.
Data Breach Protocols
If a data breach occurs, fintech companies must notify the Data Protection Commissioner within 72 hours. They must also inform affected customers if the breach poses a high risk to their rights.
A clear data breach response plan is important, and all employees should know what to do in case of a breach.
Consumer Protection Laws
Consumer protection laws are designed to make sure fintech companies do not exploit customers and that customer interests are safeguarded. For example, the Consumer Protection Act ensures that customers receive clear and accurate information about the services they’re purchasing, fair pricing, and access to dispute resolution services.
To comply with these laws, fintech companies must also follow the Data Protection Act and handle customer data responsibly. Non-compliance can result in fines, lawsuits, or loss of trust. Contact Kraido Advocates for help ensuring your fintech company complies with consumer protection laws.
Payment Systems and Services
Mobile Money Regulations
If your fintech business deals with mobile money, it must follow the National Payment System Act of 2011 and the National Payment System Regulations of 2014, which require all mobile payment systems to be licensed by the CBK.
Electronic Payment Gateways
Fintech companies offering electronic payment services must also comply with CBK regulations. These companies must ensure their payment gateways meet anti-money laundering and counter-terrorism financing laws.
Digital Lending Regulations
The CBK Amendment Act of 2021 gives the CBK authority to license and regulate digital lenders, referred to as Digital Credit Providers (DCPs).
To legally offer digital loans, a company must get a license from the Central Bank of Kenya. The process involves submitting business and financial information to the CBK.
DCPs must follow rules that protect borrowers from high interest rates and unclear loan terms. Companies failing to meet these standards can face penalties or lose their licenses.
Cryptocurrency and Blockchain
Fintech companies working with cryptocurrency and blockchain technology must comply with the National Payments Systems Act (NPSA), the Capital Markets Act (CMA), and the Kenya Information and Communication Act (KICA).
These laws regulate payment systems, capital markets, and communications, ensuring that fintech companies operate legally and ethically.
Cross-Border Compliance and Reporting
If your fintech company deals with cross-border transactions, you must follow both Kenyan and international regulations. Non-compliance can result in penalties.
Keeping accurate transaction records and working with a reputable financial institution is essential for avoiding legal issues.
Innovation and Sandbox Framework
To encourage fintech innovation, the CMA created the Regulatory Sandbox in 2019. This framework allows fintech companies to test new products in a controlled environment for up to 12 months. Firms can apply to the CMA to participate, and the sandbox helps them evaluate their ideas before launching to the public.
Taxation of Fintech Services
Fintech companies in Kenya must pay taxes like any other business, including Value Added Tax (VAT) and Corporate Income Tax (CIT). VAT is charged on services like mobile money and digital lending, and the current rate is 16%. CIT is charged on the company’s profits, with a rate of 30% for resident companies and 37.5% for non-residents.
Emerging Trends and Future Regulations
As fintech grows, Kenya’s regulators will likely increase their scrutiny of the industry, focusing on areas like consumer protection and the integration of blockchain technology.
Here are some key points to keep in mind:
- Increased Regulatory Scrutiny: Due to fintech industry growth, regulatory scrutiny, including from the Central Bank of Kenya (CBK), is increasing for fintech companies.
- Focus on Consumer Protection: As the fintech industry expands, there is a growing need for consumer protection. Regulators are likely to impose stricter rules on fintech companies, especially those in digital lending and payments, to protect consumers.
- Collaboration with Traditional Financial Institutions: Fintech companies in Kenya are collaborating with traditional financial institutions, such as banks, to provide innovative services. This trend is expected to continue as regulators encourage greater collaboration.
- Integration of Blockchain Technology: Blockchain technology is already used in Kenya’s fintech, including cryptocurrency exchanges. In the future, more fintech companies are expected to integrate blockchain into their products and services.
In light of emerging trends and future regulations, fintech companies must stay updated with industry developments.
At Kraido Advocates LLP, we specialize in helping fintech businesses understand and comply with legal requirements. Contact us today for expert advice on licensing, compliance, and regulatory matters by calling +254 710 761 001, emailing [email protected], or using our Free Inquiry Form for a personalized consultation.