The Central Bank of Kenya's approach to fintech regulation has been one of the defining forces shaping Silicon Savannah, alternating between permissive innovation - the regulatory tolerance that allowed M-Pesa to revolutionise payments - and restrictive intervention that threatened to stifle the digital lending industry. The CBK's regulatory posture has determined which fintech business models could survive in Kenya and which were regulated out of existence.
The CBK's most consequential regulatory decision was one it made by not acting. When Safaricom launched M-Pesa in 2007, mobile money existed in a regulatory grey zone - it was not banking, not telecommunications, and not payments processing as any existing regulation defined these categories. The CBK chose to permit M-Pesa to operate under a "letter of no objection" rather than requiring full banking licensure, a decision that allowed M-Pesa to scale without the capital requirements and compliance burdens that would have made the service commercially unviable. This regulatory forbearance became legendary in global fintech circles - cited by regulators, academics, and entrepreneurs worldwide as the model for enabling financial innovation.
The National Payment System Act of 2011 and its subsequent regulations provided the formal legal framework for mobile money, retroactively legitimising M-Pesa and establishing licensing requirements for payment service providers. The framework was generally permissive, allowing companies like Pesapal, iPay Kenya, and Kopokopo to build payment businesses within a clear regulatory structure.
The CBK's approach became markedly more restrictive with the rise of digital lending. By the late 2010s, dozens of mobile lending apps - led by Tala, Branch International, and a proliferating number of smaller operators - were issuing loans through mobile phones using alternative credit scoring. Many charged effective annual interest rates exceeding 100 percent. Some engaged in aggressive collection practices, including threatening borrowers' contacts. Consumer complaints about predatory lending practices, data privacy violations, and debt spirals reached levels that demanded regulatory response.
The CBK's response came through the Central Bank of Kenya (Amendment) Act 2021, which brought digital lenders under CBK supervision for the first time. The Act required digital lenders to obtain licences, capped certain fees, mandated transparent disclosure of loan terms including annualised interest rates, and restricted the sharing of borrower data with credit reference bureaus without consent. The regulations also prohibited the practice of "shaming" - contacting a borrower's phone contacts to pressure repayment.
The licensing process was disruptive. Of the estimated 288 digital lending apps operating in Kenya, only a fraction applied for and received CBK licences. The majority - particularly small operators running predatory lending schemes - shut down or went underground. For legitimate digital lenders like Tala and Branch, the licensing requirements imposed compliance costs but also reduced competition from unregulated operators.
The CBK also shaped fintech regulation through its approach to cryptocurrency and blockchain. In 2015, the CBK issued a public warning against virtual currencies, declaring them unregulated and potentially facilitating money laundering. This cautious stance contrasted with the CBK's earlier permissiveness toward M-Pesa and reflected concerns about capital flight, monetary policy control, and the use of cryptocurrency for illicit transactions. Companies like BitPesa (later AZA Finance) operated in Kenya despite - not because of - the regulatory environment, navigating a grey zone where cryptocurrency was not illegal but was not explicitly permitted.
The CBK's regulatory evolution reflected a broader tension in developing-market fintech regulation: how to encourage innovation that expands financial access while protecting vulnerable consumers from predatory practices. Kenya's experience suggested that the answer was neither blanket permissiveness nor comprehensive restriction, but targeted intervention that addressed specific harms while preserving space for beneficial innovation.
See Also
Sources
- Central Bank of Kenya. "The Central Bank of Kenya (Amendment) Act, 2021." Kenya Gazette, 2021.
- Ndung'u, Njuguna. "Digital Technology and State Capacity in Kenya." CGD Policy Paper, Center for Global Development, 2019.
- Muthiora, Brenda. "Enabling Mobile Money Policies in Kenya." GSMA Mobile Money Regulatory Guide, 2015.
- Kazeem, Yinka. "Kenya's Digital Lending Crackdown Is Reshaping Fintech." Rest of World, 2023.