Fintech 2025

KENYA Law and Practice Contributed by: Sammy Ndolo, Njeri Wagacha, Brian Muchiri and Sara Ndei, Cliffe Dekker Hofmeyr incorporating Kieti Law LLP

2.4 Variations Between the Regulation of Fintech and Legacy Players If the services or products offered by fintechs fall under existing Kenyan regulations, there is no distinction between how fintechs and legacy players are regulated. In this case, both fintechs and legacy players would be required to obtain a licence from the applicable regulator before providing the service or product. 2.5 Regulatory Sandbox CMA The CMA has established the Capital Markets Authority Regulatory Sandbox (CMA Sandbox), a framework designed to facilitate live testing of innovative financial products, solutions and services while prioritising investor protection. The CMA Sandbox operates under the Regula - tory Sandbox Policy Guidance Note, issued in early 2019, which outlines clear eligibility criteria, application procedures, safeguards and testing requirements for firms seeking to participate in the Sandbox. After the testing period, the CMA can take one of the following actions: • grant a full licence or approval to operate in Kenya; • issue a Letter of No Objection to the applicant to operate in Kenya under specific conditions; • create new regulations, guidelines or notices if insights gained during the testing period reveal a need for broader legal reform or a new regulatory framework to accommodate innovative business models; or • deny the applicant permission to operate in Kenya – this will occur if the innovation does not comply with prevailing legal and regula - tory standards.

Approach to regulation Once a fintech is onboarded onto the CMA Sand - box, it is required to adhere to certain minimum regulatory requirements applicable to all capital market participants, such as the prevention of money laundering, counter-terrorism financing and other illicit activities. If the fintech is already licensed by the CMA, the licence would continue to apply to all non- sandbox approved activities of the fintech. If a fintech fails to maintain any required safe - guards, submits false information to the CMA, or fails to address defects or vulnerabilities in its products that give rise to service disruptions or fraud incidents, the CMA may revoke or suspend its approval to participate in the CMA Sandbox. Communications Authority of Kenya (CA) The CA has established a regulatory sandbox to foster innovation within Kenya’s ICT sector. This sandbox provides a controlled environment for companies to test new products and services in fields such as broadcasting, cybersecurity, mul - timedia, telecommunications and e-commerce. Similar in operation to the CMA Sandbox, the CA Sandbox offers the following potential out - comes: • granting the participant a licence or approval to operate in Kenya under existing regula - tions; • granting the participant authorisation to oper - ate in Kenya, subject to specific conditions; • development of new regulations, guidelines or notices informed by sandbox testing insights, addressing regulatory gaps; or • denial of permission to operate in Kenya if current legal and regulatory requirements are not met.

457 CHAMBERS.COM

Powered by