Regulation of Digital Lending in Kenya

Regulation of lending in Kenya is largely conducted by the Central Bank of Kenya (CBK). Currently, CBK’s regulatory framework is limited to supervising traditional institutions such as banks and microfinance institutions. As such due to the character of the digital lending platforms, they are often exempt from classification as financial institutions as under the Banking Act and the Microfinance Act. Digital technologies have often challenged the way governments regulate as they tend to blur the traditional delineation of sectors. Therefore, the digital lenders have been operating under a lacuna in the law. As a result, there have been several reports from borrowers regarding the digital lenders’ flouting of consumer protection policies through utilising aggressive debt collection tactics and charging of exorbitant interest rates. It is notable that Kenya’s position on the regulation of digital lending remains the same as provided in our article prepared last year.

Credit Information Sharing in Kenya

Credit Information Sharing (CIS) is a process where credit providers (such as banks, microfinance institutions, Savings and Credit Societies (SACCOs) etc.) exchange information on their outstanding loans and advances through licenced Credit Reference Bureaus (CRBs).[1] This process is very important as it provides the full picture of a borrower’s debt obligation thereby encouraging responsible and sustainable debt lending by the creditors.

Prior to the introduction of the Banking (Credit Reference Bureau) Regulations, 2020 (Regulations), the 2013 CRB Regulations placed a mandatory requirement on all CBK licensed institutions to submit data to the licensed CRBs while non-bank institutions such as digital lenders would participate in the process on a voluntary basis. It is reported that most non-banks would participate in the process only to offload negative credit information to CRBs.[2]It was further reported by Treasury that banks would shy away from using the credit information. Their approach towards credit information was more ‘compliance-based’ than ‘value-based’.[3]Generally, the CIS mechanism would be utilised as a blacklisting tool instead of a risk management tool as it was initially intended. Further, the lack of positive credit information from institutions such as SACCOs would contribute to data inaccuracies as the data provided would not reflect the true position of a borrower’s credit information.

In April, CBK introduced the Regulations which have advanced a structure for the exchange of borrowers’ credit information between banks, microfinance institutions, SACCOs, credit information providers approved by the CBK and CRBs. The Regulations provide for the following information to be shared among the stakeholders:

  • borrower’s identity;
  • borrower’s credit status. This includes the nature and amount of loans or credit facilities granted to the borrower and the outstanding amounts;
  • nature and details of securities taken or proposed to be taken by an institution as security for credit facilities;
  • details of payment of credit facilities or default in payment by the borrower;
  • actions taken by an institution to recover unpaid amounts; and
  • identity details of the shareholders, directors, partners or officials of an entity which has defaulted in repaying its credit facilities.

Express consent of the borrower must also be sought where the credit information is to be shared to any of the authorised institutions. This is in line with Sections 29 and 30 of the Data Protection Act, No. 24 of 2019. The sections establish the duty of data controllers and processors (i.e. the authorised institutions) to notify data subjects (i.e. the borrower) of the purpose of the collection of their personal data and the prerequisite of obtaining a data subject’s consent prior to the processing of their personal data respectively. Credit information providers are also required to give a borrower at least thirty (30) days’ prior written or electronic notification of their intention to submit negative information to CRBs. Further, in order to encourage the approved credit providers to utilise the credit information, the Regulations provide that a customer’s credit scores be used as one of the factors in determining whether a credit facility should be granted.

Effects of the exclusion to the digital lending sector.

In the press release announcing the publication of the Regulations, CBK further declared that it had withdrawn the approvals granted to unregulated digital lenders as third party credit information providers to CRBs. By leaving them out from accessing the CIS mechanism, digital lenders, will no longer be able to use the ‘threat’ of submitting negative information to CRB, to compel payment of outstanding debt, by borrowers. Further, they will be issuing credit facilities with little to no means of assessing a borrower’s credit worthiness which is highly risky.

While it is understandable that the digital lenders’ rouge mode of operation needs to be controlled, this move has had the effect of denying  any lender the ability to  assess a  borrower’s  credit worthiness and locking out of digital lenders, consequently stifling innovation in the lending industry. As we had previously proposed, a better approach that would encourage innovation and responsible development is the ‘sandbox approach’.[4]

Some of digital lenders in Kenya have come together and formed the Digital Lenders Association of Kenya (DLAK) with an aim to ensure that the digital lending industry is built on best practices in lending and consumer protection.[5]DLAK has also established its own code of conduct which is built on consumer protection. This is proof of the market players’ willingness to self-regulate and collaborate in order to drive the growth of the industry.


Innovation is fast paced and often outpaces legislation. Instead of putting in place regulations that stifle innovation, governmental authorities, as gatekeepers for society, should collaborate with the digital lenders in order to develop regulation that would safeguard the borrower’s interest as well as strengthen the digital lending industry.

As matters stand, it is likely that most digital lenders will withdraw from the market reducing financial inclusion, increasing the cost of securitization and reducing the ability of the ordinary mwananchi and the small scale trader access to debt.

Article by Christine Wambui,

Advocate at MMAN in Banking and Finance and Real Estate Practice Areas.

[2] National Treasury and Planning, National Policy to Support Credit Information Sharing (CIS) Mechanism (September 2019)

[3] Ibid

[4] The sandbox approach allows businesses to test out new services, business models and delivery channels in a live environment where consumers are protected. This approach has been utilised in the following jurisdictions: Australia, Hong Kong, Malaysia, Singapore, Switzerland, Thailand, the United Arab Emirates an Sierra Leone – see Herbert Smith Freehills, Hong Kong Launches Regulatory Sandbox in Wake of Developments in Australia, Malaysia, Singapore, and the UK , .

[5] See the Digital Lenders Association of Kenya .

4th Floor, Wing B, Capitol Hill Square, Off Chyulu Road, Upper Hill, Nairobi, Kenya.
P.O. Box 8418 Nairobi 00200 / T: +254-208697960/+254-202596994 / M: +254 718 268 683

Dropping Zone: No 62, Embassy House