Corporate, Commercial, Tax & IP

Regulation of Digital lending in Kenya. Proposals for reform

Written By :
Stacie Manani

Microfinance is endorsed by many governments across the world as a strategy for alleviating poverty. It is the money loaned to low-income persons and small-scale enterprises that lack access to funds through the formal lenders. The Central Bank of Kenya (hereinafter ‘CBK’), through the Microfinance Act, defines a microfinance institution (MFI) as one that offers financial services such as credit, savings, insurance and money transfer services to the poor, low-income households, and Small and Medium Enterprises (SMESs) that do not qualify for, and therefore lack access to, traditional forms of financial institutions.

Like in many other countries, there has been an emergence of digital credit providers within the microfinance industry in Kenya. These are classified into mobile network organisation (MNO)-facilitated providers such as M-Shwari, Fuliza, M-Coop Cash and KCB M-PESA; bank-driven products such as Timiza, mKey and Equitel; and financial technology (fintech) companies such as Branch and Tala.

MFIs work hand-in-hand with credit reference bureaus (hereinafter, ‘CRBs’), which are defined under the Credit Reference Bureau Regulations, 2020 as entities that are licensed under the Regulations to prepare and provide credit reports to credit information recipients (such as MFIs) based on the data they maintain. There are three licensed CRBs in Kenya and these are; TransUnion, Metropol Credit Reference Bureau Limited and Creditinfo Credit Reference Bureau Kenya Limited.

The use of digital channels to provide loans has reduced transaction and information costs associated with lending, thereby driving demand and expanding the supply of credit. However, this increase in digital credit uptake coupled with increasing default rates among the borrowers has raised questions regarding the awareness on the part, and protection of consumers, especially those in the vulnerable segments of the Kenyan society. This concern is fuelled further by the fact that these digital credit providers were largely unregulated and, therefore, had great leeway to utilise unscrupulous and exploitative lending mechanisms at the expense of unsuspecting Kenyans.

On 7th December, 2021, the Central Bank of Kenya (Amendment) Bill (hereinafter referred to as the “Act”) was passed into law by the President as an amendment to the Central Bank of Kenya Act, CAP 491 to regulate digital lending which was previously not regulated under any law. The Act requires the CBK to publish Regulations within three months of coming into force of the Act and accordingly, the CBK on 23rd December, 2021, announced the issuance of the draft Digital Credit Providers Regulations for public participation.

Flowing from this, this think piece identifies some of the challenges faced in the digital credit spheres and juxtaposes them with the Act with the aim of determining whether or not the challenges have been addressed.

Challenges faced in the digital lending sphere

  1. Lack of adherence to guidelines

Some MFIs are notorious for failing to adhere to relevant best practices, perhaps because they are not specially tailored for them. For instance, MFIs (which form part of the category of credit information providers), which are required to furnish the CRBs with customers’ negative information under Rule 26(1) of the Regulations, are also required to give adequate notice to the customers regarding the same 30 days prior to furnishing the CRBs with such information. This however, is often not done and customers remain unaware of the status regarding their non-performing loans, that is, loans that they have defaulted on. This eventually culminates into high non-performance rates among customers as was demonstrated in a 2019 report by Microsave consultancy.

Among others, CRBs are required to obtain customer information and develop a credit score for every person whose credit information has been submitted to a CRB. This is in line with their implicit duty to use customer data to build an intuitive, convenient and customised customer experience throughout the lending process. This requires effective inbound and outbound communication and management, which unfortunately, does not take place in the digital credit sphere of Kenya as customer engagement is not personalised. This lower ‘touch’ approach to lending practices is also linked to higher non-performance rates.

As indicated earlier, given that the non-adherence to best practices in the industry may be attributed to the lack of regulations tailored to categorically address MFI’s, the passing of the Act is a step towards remedying the same by dint of Section 6(3) which provides that the Bank may make regulations necessary or expedient to give full effect to the provisions of the Act.

  1. Lack of reporting uniformity and poor data quality

Some digital credit providers have missing or inaccurate data fields while some stop reporting part of their loans that were closed during the course of the year. This lack of uniformity of information shared by providers can also result in the same customers receiving different credit scores from different digital credit providers. Consequently, this leads to loan stacking, whereby a loan or cash advance is approved on top of another loan or advance which is already in place with similar characteristics and payback terms.

  1. Misuse of CRB data

CRB data is available for use in credit scoring given that it captures lending data on the same set of customers. However, in listing the status of a potential borrower, most providers merely perform basic ‘yes/no’ checks rather than digging further into the customers’ available data. Positively listed customers who have been denied loans are a reflection of the misuse of CRB data.

Another reflection of incorrect use of CRB data is the rampant identity fraud in the industry. The aforementioned rapid approval process presents a prime opportunity to apply for multiple loans within a short time. Fraudsters may therefore use stolen data to borrow loans from several providers at the same time. Additionally, minority of service agreements address fraud against the user and they exclude liability of the providers at the expense of customers, who are forced to bear the consequences of any fraud occasioned against them without any redress.

  1. Mismatch of reporting frequency

As has been discussed above, credit providers have a duty to furnish CRBs with accurate information within 30 days of informing the customer. Unfortunately, with the increasingly digital nature of credit, these cycles are too long to allow for up-to-date information. Similar to the other challenges discussed herein, this may also have a ripple effect of loan stacking and increased non-performance rates.

  1. Aggressive marketing practices

Doing business in today’s highly competitive digital-first world is quite challenging. For 30 percent of the customers currently, local presence is the primary motivation for opening an account with a credit facility while 60 percent of the customers are motivated by recommendations from others. Consequently, credit providers need to have an all-round digital presence, which is critical to brand augmentation and customer acquisition. Lack of regulation with regard to marketing of these entities has resulted in the use of various aggressive marketing practices such as the use of push messages, intrusive calls and the breach of privacy.

Proposed solutions

In light of the challenges highlighted above, there is need to draft legislation that is best-suited for regulation of the lending and is peculiar to credit providers that utilise online platforms. The following are some issues the proposed legislation should capture:

  1. CBK to issue a central application programming interface (API)

In dealing with the challenges posed by lack of reporting uniformity and mismatch of reporting frequency, the proposed legislation should mandate the CBK to issue a central API. APIs are designed to produce activity logs and reports for administrative human oversight. They can be private, public or open. In Kenya’s digital credit sphere, there are numerous public APIs in use, for instance, M-PESA’s newly public API. There are also open APIs such as the one by PesaPal. Currently, many digital credit providers have their own APIs and each of the three CRBs use their own APIs as well. This could be a contributing factor to the lack of uniformity and it is therefore pertinent that the CBK issues a central API to streamline reporting and data management.

While the Act does not expressly call for the issuance of an API, the implication of the requirement that CBK take such measures as may be necessary for the regulation of digital lending is that the CBK is at liberty to consider issuing an API to streamline reporting of credit information.

  1. Revision of the reporting template

As opposed to having the digital credit providers report every 30 days, this time frame should be revised to require them to furnish CRBs with reports on a weekly or bimonthly basis. This will remedy the mismatch in reporting frequency and will also ensure that more robust data is collected on a timely basis so as to enable a better lending process.

Through Section 6(3)(g), the Act calls for Regulations that will address reporting requirements for digital credit providers. These will go a long way in remedying the current mismatch in reporting frequency.

  1. Digital lenders to offer customer sensitisation

As has been discussed above, the non-performance rate in Kenya’s digital credit sphere is high. In analysing defaulting on loans, a report done by Financial Sector Deepening Kenya (FSD Kenya) outlined some reasons for late repayment and non-performance by population subgroups. The reasons detailed in the report include, inter alia; poor business performance, loss of a job or source of income, poor planning of expenses, unexpected emergencies and money being tied up with other loans. While digital loans are preferable as has been mentioned, the consequences of late repayment or default can be grave. Therefore customers should be sensitised on the gravity of the issue and be advised on ways that they can make timely repayments. While the Act has not addressed the same, digital credit providers ought to adopt the same as part of industry best practices.

  1. Harmonisation of validation rules

Currently, different rules are used in listing the validity of an individual as a borrower. Entities that undertake credit scoring should harmonise these varied rules so as to address data quality issues and to ensure data consistency. This will also help in curbing loan stacking as borrowers who have been positively listed or blacklisted will be the same across the board.

Once again, The Act has not categorically addressed this issue. However, a reading of Section 6(3) of the Act indicates that the CBK may consider putting in place measures that ensure harmonisation of validation rules.

  1. Liability of digital lenders

It is the nature of digital lending that the processes are heavily reliant on collection of customer information, which is based on acceptance of terms and conditions. Human nature is such that we skip over terms and conditions as they are too long and too complex and this eventually becomes detrimental to protection of data privacy. Some lenders like Kopa Leo are not subject to the requirement that regulated lenders face – to report to the CRBs which serve as a formal channel to share positive and negative borrower history in a safe and supervised manner as has been mentioned above. This means the manner in which positive or negative information on the borrower is disclosed is at the discretion of the lender. The Act calls for Regulations which incorporate measures to ensure protection of customer information at the hands of digital credit providers as well as punitive measures for misuse of the same.


In conclusion, the passing into law of the Act is applauded as the first step towards proper regulation of digital lending. It is crucial that the legal framework caters to all participants in the digital lending system. Should the draft Digital Credit Providers Regulations be gazetted, the digital lending space in Kenya will finally be safe enough for participation by all.