Fintech regulation globally has always been reactive and the approach in Kenya is not any different. Despite Kenya being a pioneer in financial inclusion through its early adoption of mobile money transfer systems, the country lacks a single and comprehensive regulatory framework that deals with this technology-based business.
What is fintech?
Fintech can be defined as technology-enabled innovation in financial services. It is a new financial business model that applies technology to improve the access to and delivery of financial services and products. The fintech business model is disruptive and covers business models that deviate from existing financial models. M-pesa in Kenya is a classic example of a disruptive model that saw the service gain 15 million new users in the first four years of its inception.
The main regulator of the financial services sector in Kenya is the Central Bank of Kenya which is responsible for formulating financial policies and overseeing the financial services industry. The Ministry of Information, Communications and Technology is also tasked with the role of setting up policies and regulations in the technology sector.
The National Payment Systems Act 2011 (the “NPS Act” ) was enacted after Safaricom had introduced M-pesa into the Kenyan market. The NPS Act sets out a framework for the regulation and supervision of the payments system and payment service providers. The national payments system in Kenya is made up of the Central Bank of Kenya, the Government, commercial banks, financial institutions and the payment system providers. Further, the national payment system in Kenya is classified into two categories, i.e. large value (wholesale) payment systems and low value (retail) payment systems. Mobile money transfer services are classified under the low value (retail) category.
The NPS Act defines a payment service provider as:-
- A person, or company or organisation acting as a provider in relation to sending, receiving, storing or processing of payments for the provision of other services in relation to payment services through any electronic system; or
- a person, company or organisation which owns, possesses, operates, manages or controls a public switched network for the provision of payment services; or
- any other person, company or organisation that processes or stores data on behalf of such payment service providers or users of such payment services.
The NPS Act prohibits any one from conducting the business of a payment service provider in Kenya without the prior authorisation of the Central Bank of Kenya. Any person who therefore proposes to carry out the business of a payment service provider shall apply to the Central Bank of Kenya for authorisation before commencing such business. The enactment of the NPS Act has seen an increase in the number of licensed payment service providers in Kenya.
The fintech business is largely technologically based and therefore licensing under the Kenya Information and Communications Act maybe required. This licensing is done by the Communications Authority of Kenya. The fintech business may require a content service provider license if the business establishes its own telecommunication infrastructure or results in generation ?!? of content for example the sending of One Time Password (OTP) text messages to users or if the business employs the use of the Unstructured Supplementary Service Data (USSD) protocols.
Fintech service providers may also be subject to other sector specific regulatory regimes. For example, a fintech business may be subject to the Capital Markets Act if it intends to issue shares to the public. The Capital Markets Authority’s approval will be required for the fintech business to sell shares to the public by way of public placements or initial public offerings. Authorisation from the Insurance Regulatory Authority under the Insurance Act may be required if a proposed fintech business seeks to offer insurance related products and services.
Fintech service providers setting up in Kenya are also required to comply with laws relating to anti-money laundering and other financial crimes. Fintech businesses are required to comply with the requirements of the Proceeds of Crime and Anti-Money Laundering Act 2009 which seeks to prevent money laundering, tax evasion, terrorist financing, theft and fraud among other crimes. Fintech service providers are also required by the Prevention of Terrorism Act 2012 to monitor their products and services for possible use in facilitating terrorist activities.
Kenya does not have a single data protection law that deals with handing of personal data. However, there is a Data Protection Bill pending in Parliament which seeks to set out the framework for protection of personal information and data. The Constitution of Kenya guarantees every person’s right to privacy which includes the right not to have a person’s private information or that of his/her family revealed unnecessarily. The Kenya Information and Communications Act also guarantees protection against personal information being revealed. Fintech service providers are required to comply with these basic protections.
Other regulatory regimes that fintech service providers are required to adhere to include consumer protection and competition matters. The Competition Act establishes the Competition Authority whose mandate is to oversee business entity business conduct. The Competition Act prohibits restrictive trade practices, regulates mergers and acquisitions, concentration of economic power (monopolies) and protects consumers from unfair and misleading market practices.
For further information regarding fintech regulation and licensing in Kenya please write to us at email@example.com. To download a PDF version of this article click here
By Bryan Yusuf
Bryan is the Managing Partner at Bryan Yusuf Advocates. He is an experienced corporate commercial lawyer with expertise in general commercial and corporate matters, banking and finance, real estate and intellectual property. He is also a Certified Professional Mediator and advocates for mediation as an alternative dispute resolution mechanism. Bryan is passionate about startups and small businesses and provides them with consultancy and legal services.
Legal Disclaimer: The material contained in this alert is provided for general information purposes only and does not contain a comprehensive analysis of each item described. Before taking (or not taking) any action, readers should seek professional legal advice specific to their situation. No liability is accepted for acts or omissions taken in reliance upon the contents of this alert.