Fintech 2025

KENYA Law and Practice Contributed by: Sammy Ndolo, Njeri Wagacha, Brian Muchiri and Sara Ndei, Cliffe Dekker Hofmeyr incorporating Kieti Law LLP

2.13 Conjunction of Unregulated and Regulated Products and Services Industry participants do offer unregulated prod - ucts and services, but such activities are under - taken through affiliate entities rather than by the regulated entity itself, due to restrictions placed on the regulated entities by the applicable laws. For instance, a bank can only undertake “bank- ing business” and is not permitted to undertake any other type of business. 2.14 Impact of AML and Sanctions Rules The Proceeds of Crime and Anti-Money Launder - ing Act, Cap 59A of the Laws of Kenya (POCAM - LA), sets out rules and obligations that various types of “reporting institutions” are required to abide by. In this regard, a fintech would be sub - ject to POCAMLA if it falls within the definition of “reporting institution” . Under POCAMLA, “reporting institution” is a financial institution or a designated non-finance business and profession. A financial institution is defined as a person or entity that conducts business in one of the following activities or operations: • accepting deposits and other repayable funds from the public; • lending, including consumer credit, mortgage credit, factoring, with or without recourse, and financing of commercial transactions; • issuing and managing means of payment (such as credit and debit cards, cheques, travellers’ cheques, money orders and bank - ers’ drafts, and electronic money); • participation in securities issues and the provision of financial services related to such issues; • investing, administering or managing funds or money on behalf of other persons;

• comply with any order issued by a court to submit subscriber information to a police officer or authorised person; • comply with any requests from a police officer of authorised person to preserve any data that is at risk of modification, loss or destruc - tion; and • respond expeditiously to requests for assis - tance from a police officer or authorised person. A fintech would fall within the definition of a ser - vice provider and would therefore be required to comply with the above requirements. In addition, any person who obtains unauthor - ised access, causes unauthorised interference or, without authorisation, intercepts data in relation to a protected computer system com - mits an offence and is liable on conviction to a fine not exceeding KES25 million or impris - onment for a term not exceeding 20 years, or both. A protected computer system is defined in the CMCA to include a computer system used directly in connection with – or necessary for the provision of services directly related to – com - munications infrastructure, banking and financial services, and payment and settlement systems and instruments. 2.12 Review of Industry Participants by Parties Other than Regulators The activities of fintechs are largely subject to review by various private industry organisations, such as the Kenya Bankers Association, the Fin - tech Association of Kenya, the Digital Financial Services Association of Kenya and the Associa - tion of Fintechs in Kenya. These organisations aim to act as forums for education, information sharing and networking between fintech, policy - makers and the general public.

461 CHAMBERS.COM

Powered by