The Central Bank of Kenya (CBK) is one of the regulators singled out by digital lenders for overreaching its mandate on the data aspect of their businesses.
Through their lobby, the Digital Financial Services Association of Kenya (DFSAK), the lenders have raised concern over the multiplicity of regulatory mandates by supervisory bodies, sometimes on the same complaint.
This forces them to deploy resources to apply the recommendations as specified by the regulators.
This challenge has also been exacerbated by the majority of consumers who are not well-versed on which regulator handles what sort of complaint.
Follow The Standard
channel
on WhatsApp
Apart from CBK, the Competition Authority and the Office of the Data Protection Commissioner (ODPC) are the three regulators largely involved in the digital lending space.
ALSO READ: How CBK will monitor your bank transactions in real-time
DFSAK Chairperson Kevin Mutiso pointed out that despite regulators coming in to bring sanity in the sector, there is worry among players of some of them overreaching their limits.
“We worry about regulatory overreach by CBK. They seem to also want to regulate the data aspect of our business,” he said during a stakeholder meeting among the players graced by the Data Commissioner, Immaculate Kassait.
Even as Mutiso noted a re-emergence of rogue players, which he anticipates the CBK (Non-deposit taking credit providers) Regulations, 2025 would resolve the issue, he said there is a need for a framework that would guide how and to whom complaints will be channelled for proper redress.
He said digital lenders have three players with the authority to sanction them. “The challenge the consumer has is who they go to if they have a complaint. The process is not clear. How do you manage those elements?” he posed.
“You will find more often than not, there is an intersection of data protection complaints that would be channelled to CAK. Again, CBK, being the primary regulator they also has that limit. That multiplicity creates operational challenges,” added Kennedy Osore, head of public affairs at Tala.
Numbers shared by Kassait at the event show her office has received 5,284 complaints since 2021.
These complaints revolve around unlawful access to contacts and personal data on customers’ phones, processing of third-party personal data, lack of transparency on how the data is collected and stored, and the lack of consent before data is collected.
There have been 39 determinations, 22 enforcement notices, 27 compensations and eight penalty notices.
Kassait said the ODPC works closely with other regulators, such as CBK. She confirmed that her office has been forced, in some cases, to write to CBK seeking deregistration of some lenders that are not willing to address the issues raised.
READ: Central Bank of Kenya warns public against foreign exchange dealers
“For some of the perpetual digital lenders who are not taking our work seriously, we did write to CBK to strike out their registration certificate. It is only then that they realised how serious it was; otherwise, we kept receiving complaints,” she said.
However, she pointed out that in some cases, consumers want to hide behind the Data Protection Act when they do not want to pay up. Some go to the extent of crafting messages purporting to come from the lenders harassing them to pay.
“We dismiss such cases. You cannot use the law to try and beat the purpose of contracts,” said Kassait.
Follow The Standard
channel
on WhatsApp
The Central Bank of Kenya (CBK) is one of the
regulators
singled out by
digital
lenders
for
overreaching
its
mandate
on the data aspect of their businesses.
Through their lobby, the
Digital
Financial Services Association of Kenya (DFSAK), the
lenders
have raised concern over the multiplicity of regulatory
mandates
by supervisory bodies, sometimes on the same complaint.
This forces them to deploy resources to apply the recommendations as specified by the
regulators
.
This challenge has also been exacerbated by the majority of consumers who are not well-versed on which
regulator
handles what sort of complaint.
Follow The Standard
channel
on WhatsApp
Apart
from
CBK, the Competition Authority and the Office of the Data Protection Commissioner (ODPC) are the three
regulators
largely involved in the
digital
lending space.
ALSO READ:
How CBK will monitor your bank transactions in real-time
DFSAK Chairperson Kevin Mutiso pointed out that despite
regulators
coming in to bring sanity in the sector, there is worry among players of some of them
overreaching
their limits.
“We worry about regulatory
overreach
by CBK. They seem to also want to
regulate
the data aspect of our business,” he said during a stakeholder meeting among the players graced by the Data Commissioner, Immaculate Kassait.
Even as Mutiso noted a re-emergence of rogue players, which he anticipates the CBK (Non-deposit taking credit providers)
Regulations
, 2025 would resolve the issue, he said there is a need for a framework that would guide how and to whom complaints will be channelled for proper redress.
He said
digital
lenders
have three players with the authority to sanction them. “The challenge the consumer has is who they go to if they have a complaint. The process is not clear. How do you manage those elements?” he posed.
“You will find more often than not, there is an intersection of data protection complaints that would be channelled to CAK. Again, CBK, being the primary
regulator
they also has that limit. That multiplicity creates operational challenges,” added Kennedy Osore, head of public affairs at Tala.
Numbers shared by Kassait at the event show her office has received 5,284 complaints since 2021.
These complaints revolve around unlawful access to contacts and personal data on customers’ phones, processing of third-party personal data, lack of transparency on how the data is collected and stored, and the lack of consent before data is collected.
There have been 39 determinations, 22 enforcement notices, 27 compensations and eight penalty notices.
Kassait said the ODPC works closely with other
regulators
, such as CBK. She confirmed that her office has been forced, in some cases, to write to CBK seeking deregistration of some
lenders
that are not willing to address the issues raised.
Stay informed. Subscribe to our newsletter
READ:
Central Bank of Kenya warns public against foreign exchange dealers
“For some of the perpetual
digital
lenders
who are not taking our work seriously, we did write to CBK to strike out their registration certificate. It is only then that they realised how serious it was; otherwise, we kept receiving complaints,” she said.
However, she pointed out that in some cases, consumers want to hide behind the Data Protection Act when they do not want to pay up. Some go to the extent of crafting messages purporting to come
from
the
lenders
harassing them to pay.
“We dismiss such cases. You cannot use the law to try and beat the purpose of contracts,” said Kassait.
Follow The Standard
channel
on WhatsApp
By Graham Kajilwa