Fintech 2025

KENYA Law and Practice Contributed by: Sammy Ndolo, Njeri Wagacha, Brian Muchiri and Sara Ndei, Cliffe Dekker Hofmeyr incorporating Kieti Law LLP

(d) the employment of contract or temporary staff. All permitted outsourcing arrangements must be governed by a clearly written contract that con - tains provisions emphasising the importance of clearly defined services, performance standards and the ability to monitor the service provider. It should also cover data security, termination clauses, subcontractor approval, audit rights and dispute resolution mechanisms, and specify pricing and fees. Payment Service Providers A PSP is permitted to outsource operational functions related to payment services. However, this outsourcing must adhere to specific guide - lines, including ensuring robust internal quality control, enabling CBK oversight of all involved parties, retaining ultimate responsibility by sen - ior management, and strictly complying with all customer contracts and licensing requirements. If a PSP intends to outsource any of its func - tions, it is required to notify the CBK at least 30 days before any outsourcing agreement is implemented. Market Intermediaries Market intermediaries are not restricted from engaging third parties to undertake any of their functions, but they are required to main - tain detailed records of the engagement. These records include: • contracts, with a clear outline of what ser - vices the third party will provide; • verification of the third party’s legal stand - ing, including documents to ensure they are financially sound; and

• details on the skills and experience of the third party’s employees who will be working on behalf of the market intermediary. Even if a market intermediary delegates a task to a third party, the intermediary remains ultimately responsible for ensuring the task is completed correctly. 2.9 Gatekeeper Liability Fintechs would be liable for failures to notify the Financial Reporting Centre of any transactions that are suspected to be related to money laun - dering or the proceeds of crime; please see 2.14 Impact of AML and Sanctions Rules . 2.10 Significant Enforcement Actions Kenyan financial laws (as set out in 2.2 Regula- tory Regime ) have adopted similar approaches to enforcement. As such, the main regulatory enforcement actions that can be imposed by regulators are: • discretionary fines; • revoking or suspending licences; • imprisonment of a company’s officials; • ordering compensation or restitution to per - sons affected by a regulatory breach; • issuing enforcement notices specifying reme - dial actions for rectifying a breach; and • disqualification of directors from holding office in financial institutions. The imprisonment of company officials and fines can be imposed pursuant to court proceedings in accordance with the corresponding statutes. 2.11 Implications of Additional, Non- Financial Services Regulations Data Protection The Data Protection Act provides for the regu - lation of the processing of personal data, the

459 CHAMBERS.COM

Powered by