New regulations set to tame predatory digital lending practices in Kenya

  • 18 Mar 2022
  • 3 Mins Read
  • 〜 by Kennedy Osore

Digital lenders have up to September 2022 to comply with regulatory requirements, including licensing by the Central Bank of Kenya (CBK). The Central Bank of Kenya (Digital Credit Providers) Regulations, 2021 (“Draft Regulations”), which are expected to be published before the end of March 2022, will regulate previously unregulated digital lenders.

Speaking at this year’s World Consumer Rights Day Celebration, CBK governor Patrick Njoroge said regulations governing digital credit providers will be gazetted later this month to pave the way for licensing and oversight by the apex bank.

Rogue digital lenders have been accused of resorting to predatory lending practices such as charging exorbitant interests rates, infringement of customer privacy, debt-shaming tactics, non-disclosure of pricing terms, unfair listing of borrowers with Credit Reference Bureaus (CRBs) and their lack of dispute resolution mechanisms.

This week, the Nigerian Government shutdown digital lenders over customer privacy violations. The affected companies were GoCash, OKash, EasyCredit, Kashkash, Speedy Choice, Easy Moni, and Sokoloan. Customers had accused the financial institutions of violating their privacy in their debt recovery drive. Government officials noted that the cause of concern was the naming and shaming of borrowers and violation of their privacy with respect to how the loans are recovered.

The Draft Regulations that have now undergone public participation seek to cure the mischief within the digital lending space. We highlight the critical regulatory requirements under the Draft Regulations that digital lenders should consider as we await the final gazetted Regulations.


Digital lenders will have to apply for licensing from the CBK within six months from the publication of the regulations, i.e. by September 2022. The CBK will levy an application fee of Kshs. 5,000 and an annual licence fee of Kshs. 20,000. Non-compliance with the licensing requirement exposes them to imprisonment for two years or a fine of Kshs. 500,000 or both.

In addition, CBK will have the power to suspend or revoke a digital lender’s licence where it is found to have given false information during the licence application, does not meet or has contravened any of the licensing conditions and carries out activities outside the scope of licensed activities.

Corporate Governance

Digital lenders will have to seek customer consent before sharing customer information with any person. Further, they will be required to put appropriate policies, procedures and systems to ensure the confidentiality of customer information and transactions.

Sharing of credit information

A customer will have to consent before a digital lender submits or shares their credit information with a CRB. The digital lenders are prohibited from sharing negative information on customers where amounts do not exceed Kshs. 1,000. Digital lenders will also be restricted from sharing information obtained from CRBs with third parties to recover their debts.

Provision of credit

Digital lenders will be required to disclose the terms and conditions of the loan to a borrower. The disclosures include:

  • Charges and the circumstances under which they may be imposed.
  • Interest rate to be charged and whether on a reducing balance or not.
  • The total cost of credit, which shall include the principal amount, interest, fees and charges.
  • The date on which the amount of credit and all interest, charges or fees are due and payable.
  • Customer complaint handling procedures.

Digital lenders must also take reasonable steps to satisfy themselves of a customer’s ability to repay a loan before advancing a credit facility.

In the event of a non-performing loan, a digital lender can only recover from the customer a maximum of the principal owing, interest not exceeding the principal due, and expenses incurred in the recovery of the amounts owed by the customer.

Digital lenders are prohibited in debt collection from using threats or violence, obscene language, making unauthorised or unsolicited calls or messages to a customer’s contacts and conduct that harrases or is oppressive to a person.

Consumer protection

A digital lender must have a complaints redress mechanism that resolves customer complaints within 30 days of lodging a complaint. The digital lender must also record complaints and the outcome of the resolutions.

Digital lenders must also provide their customers with key information on benefits, risks and terms of the product or service. The information should be fair, clear, transparent, updated and easily accessible.

Further, a digital lender will be required to explain to a customer all fees, charges, penalties, and interest and how they are calculated and accrue. Customers will also need to grant their consent before the digital lender varies any credit terms.

Anti-money laundering

A digital credit provider shall comply with the Proceeds of Crime and Anti-Money Laundering Act, 2009, in conducting its business.

Oversight by CBK

A digital credit provider shall be subject to the Central Bank’s on-site and off-site monitoring and shall make such periodic reports and returns as may be specified by the CBK. The CBK can impose administrative sanctions such as monetary penalties, suspension of officers, disqualification of officers, frequent inspections, and suspension or revocation of a licence.