Kenya: The Central Bank Of Kenya (Amendment) Act, 2021

On the 23rd of December 2021, the Central Bank of Kenya (Amendment) Act (CBK Amendment Act) came into force. It amends the Central Bank of Kenya Act (CBK Act) by granting the Central Bank of Kenya (CBK) regulatory jurisdiction over digital credit providers. The CBK Amendment Act also seeks to ensure that there is a fair and non-discriminatory marketplace for access to credit.

Kenyans are increasingly relying on digital credit providers for fast and easy access to credit. Various digital credit providers have made credit easily and quickly accessible making them a very popular alternative to traditional credit providers. However, the growing popularity of these digital credit providers has come with its own set of challenges. Prior to the enactment of the CBK Amendment Act, there was no legal framework governing digital credit providers. This left the public unprotected and vulnerable. The lack of regulation led to unforeseen consequences such as misuse of private data in debt enforcement and high interest rates. Due to the myriad of challenges caused by the unregulated digital credit providers, it become necessary to develop a regulatory framework around it.

The CBK Amendment Act introduces the definition of new terms to the CBK Act that allow for better understanding of the new scope of regulation that the CBK has been granted by the CBK Amendment Act.¹ The CBK Amendment Act adds Section 33R to the CBK Act to provide for the regulation of digital credit providers by the CBK. It grants the CBK the ability to determine capital adequacy, minimum liquidity and approve the digital channels and business models through which digital credit may be conducted.²

The CBK Amendment Act states that any regulations that the CBK deems necessary to give effect to its provisions should be made within three months of the CBK Amendment Act coming into force.

No person shall carry out digital service business unless that person is licensed by the CBK or permitted to do so under any other law. The CBK Amendment Act prescribes a fine not exceeding five million shillings or imprisonment for a term not exceeding three years or both for persons who contravene the digital credit business provisions in the CBK Act. In applying for a license, digital credit providers are required to submit the following documents:

1. a copy of the certificate of incorporation under the Companies Act;
2. a certified copy of the applicant's memorandum and articles of association;
3. a notification of the company's registered address;
4. a certificate of registration issued pursuant to Section 19 of the Data Protection Act.
5. a statement as to compliance with the provisions of Part VII of the Consumer Protection Act; and
6. such other documents as may be prescribed by the CBK.³

The procedure and application forms required for registration under the Data Protection Act are provided for in the Data Protection (Registration) Regulations 2021. These regulations came into force on 14th January 2022, however, we understand that certificates are not yet being issued. The CBK may have to coordinate with the Office of the Data Protection Commissioner (ODPC) on the timeline for issuance of the registration certificates under the Data Protection (Registration) Regulations so as to avoid a situation where an applicant is unable to provide requisite documentation. Regarding the Consumer Protection Act, it is not clear how digital credit providers will provide evidence of compliance with Part VII since an official regulatory body under the Consumer Protection Act has not been appointed. The CBK will need to issue guidelines on this to avoid digital credit providers being unable to comply by virtue of circumstances beyond their control.

After application, CBK may grant or reject an application for a license by written notice addressed to the applicant within sixty days from the date of receipt of an application. Before the thirteenth day of March each year CBK shall publish the names and addresses of all licensed digital credit providers in the gazette and on the CBK website. The license is renewable and shall remain valid unless suspended or revoked by the CBK.

The CBK is also granted the power to revoke a license by written notice to the relevant digital lender if:

1. the digital credit provider does not meet the conditions prescribed by the CBK;
2. the digital credit provider is in breach of the new Section 33S(3) of the CBK Amendment Act or the conditions of the Data Protection Act or the Consumer Protection Act;⁴
3. the digital credit provider is found to have given false information during the application;⁵

Within thirty days of a license being revoked or suspended, the name and address of the digital credit providers whose licenses have been suspended or revoked shall also be published on the CBK website. The publishing of licensed digital lenders and lenders whose licenses have been revoked allows users to be aware of the status of the digital credit providers they are using.

The CBK will now have the ability to make the relevant regulations necessary to:

1. facilitate licensing;
2. outline permissible and prohibited activities;
3. anti-money laundering and measures for countering financing terrorism.⁶

Digital credit providers will be required to be transparent about all the terms and conditions applicable to borrowers. These terms and conditions must be accepted by a borrower before activation of a mobile loan account. This full disclosure by the digital credit provider will ensure the borrower is fully aware of all the terms and conditions attached to the loan being received.

The CBK Amendment Act, requires licensed digital credit providers to disclose any positive or negative information of its customers to the licensed credit reference bureaus, where such information is reasonably required for the discharge of the functions of the digital credit providers and the licensed credit reference bureaus. However, the disclosure of this information must still be done in consideration of the Data Protection Act and with the consent of the borrower. The CBK barred unregulated digital credit providers from listing credit defaulters with a Credit Reference Bureau (CRB) after a public outcry that the digital credit providers were misusing the credit information sharing mechanism.⁷ Our understanding is that unregistered digital service providers will remain barred from listing credit defaulters with a CRB.

The CBK may, through its regulations, prescribe penalties to be paid by digital credit providers who fail or refuse to comply with the provisions in the CBK Amendment Act and the regulations made in regard to digital credit. The penalties shall however not exceed five hundred thousand shillings or an additional ten thousand shillings for each day the digital credit providers fails or refuses to comply.

While the regulation of digital credit providers is long overdue, in enforcing the CBK Amendment Act, the CBK should endeavor not to inhibit the growth of the sector but rather regulate it in a manner that ensures the protection of consumers and the growth of positive regulation around the sector. Coordination by the CBK with the ODPC will be important so that timelines for registration of applicants are not prejudiced by timelines for processing of registration under the Data Protection Act. Clarity will be required on how applicants will prove compliance under the Consumer Protection Act as mentioned earlier.

Footnotes

1. The new terms include:

1. digital channels which means internet, mobile, application or computer devices;
2. digital credit which means credit facilitated through a digital channel; and
3. digital creditor provider which is a person licensed by CBK to carry on digital credit business.
4. digital credit business which means the business of providing credit facilities or loan services through a digital channel;
5. specified digital credit provider which means a licensed digital credit provider within the meaning of Section 33R;

2. The CBK Amendment Act also grants the CBK the ability to:

1. supervise digital credit providers;
2. suspend or revoke a license; and
3. direct or require such changes as the Bank may consider necessary.

3. The Draft Central Bank of Kenya (Digital Credit Providers) Regulations, 2021 lists out all of the documents that will be required during the registration process.

4. Section 33S(3), CBK Amendment Act 2021. This outlines the documents required during the application for a licence to carry out any digital credit business

5. Other reasons that the Bank may revoke a digital lenders licence include:

1. the digital lender goes into liquidation or an order for winding up is issued;
2. the carries out activities outside the scope of the licensed activities;
3. the digital lender is in breach of any of the provisions of this Act and the regulations made thereto relating to digital lending.

6. CBK will also have the ability to make the relevant regulations necessary to:

1. regulate credit information sharing;
2. ensure compliance with the data protection act;
3. ensure consumer protection;
4. outline reporting requirements;
5. outline offences and enforce penalties or any other measures necessary for regulation of digital lending

7. Find the CBK public notice barring unregulated digital credit providers from listing credit defaulters with a CRB here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.