KENYA Trends and Developments Contributed by: Stella Muraguri, Linet Okaka and Pride Kabue, MMW Advocates LLP
reputational – it signalled inadequate financial crime controls. EU‑based institutions were required to apply manda - tory enhanced due diligence (EDD) to relationships with Kenyan clients, complicating routine transac - tions. In response, Kenya enacted the Anti‑Money Laundering and Combating Terrorism Financing Laws (Amendment) Act of 2025, strengthening due diligence obligations and aligning more closely with FATF and ESAAMLG standards. However, these reforms were again reactive. The Act followed Kenya’s grey‑listing; it did not precede it. This pattern raises a key question: is Kenya shap - ing its compliance destiny or responding only under external pressure? Given fintech’s high‑speed, cross‑border, and some - times anonymous transactions, anticipatory AML reg - ulation is essential. Without it, Kenya risks remaining in perpetual compliance catch‑up. Data and privacy protection Fintech firms handle some of the most sensitive cat - egories of personal data, making them prime targets for cyber-attacks. The Data Protection Act, 2019 enhances consumer protection by granting individu - als enforceable rights regarding their personal infor - mation. Fintech companies frequently act as data controllers or processors and must comply with strict require - ments on data collection, use, storage, and sharing. Non‑compliance risks administrative fines, penalties, compensation claims, and reputational damage. Consumer protection compliance Kenya’s Consumer Protection Act, 2012 safeguards consumers from unfair, deceptive, or misleading busi - ness practices. In fintech, the Act upholds consum - ers’: • right to information – requiring clear disclosure of fees, interest rates, loan terms, and charges; • right to safety – protecting consumers from harmful or predatory practices; and
• right to redress – enabling complaints and dispute resolution through the Competition Authority of Kenya (CAK). Article 46 (1) of the Constitution reinforces these rights. Despite this framework, fraud persists across the fintech ecosystem – from phishing and SIM‑swap schemes to predatory lending and misleading pro - motions. In 2026, global losses from credit card fraud alone are estimated to reach USD43 billion. Digital Lending Regulations The Central Bank of Kenya (CBK) regulates not only traditional banks but also payment systems and digital credit providers (DCPs). Kenya’s digital lending envi - ronment has transitioned from minimally supervised to a structured, compliance‑driven regime under the Digital Credit Providers Regulations, 2022. By September 2025, the CBK had approved 153 DCPs, with more expected as applications continue undergoing review. Virtual Assets and Blockchain Regulation Virtual assets operate on blockchain infrastructure, enabling value transfer without traditional intermedi - aries. Until 2025, most blockchain‑based activities in Kenya existed in a regulatory grey zone. The Virtual Assets and Service Providers (VASP) Act marked a turning point, though again driven largely by FATF grey‑listing pressures rather than proactive governance. The Act introduces Kenya’s first clear framework for licensing and supervising virtual asset service provid - ers. It establishes CBK and the CMA as the primary regulators and imposes stringent AML/CFT/CPF obli - gations, governance, reporting, and capital require - ments. It also provides a 12‑month transition period ending November 2026. This legal clarity strengthens investor confidence, reduces commercial risk, and improves Kenya’s standing in global financial markets.
483 CHAMBERS.COM
Powered by FlippingBook