CBK freezes all online lenders without operating license

Two things happened today: the CBK announced that only 10 digital lenders were allowed to run their operations in Kenya. Second, he revealed that he received 288 applications and is reviewing those that were not approved. This means that the list can exceed 10 companies, and there is a good chance that the majority of them will be rejected.

The CBK also said companies that have not been named in the said list must cease operations immediately until their licensing review process is approved. This follows the expiration of the 6-month transition period following the publication of the CBK’s digital online regulations in March.

“We urge these applicants to promptly submit pending documents to allow for the completion of the review of their applications. All other unregulated DCPS who have not applied for a license must cease and desist from conducting digital credit,” CBK said in a statement.



The regulations state that no one shall establish or carry on a digital credit business in Kenya or otherwise hold themselves out as carrying on a digital credit business unless they have obtained a license under the amendment.

Any person who contravenes the provisions of the foregoing regulations commits an offense and is liable on conviction to a fine of five hundred thousand shillings or imprisonment for two years or both.

Any person who, at the beginning of these regulations, was engaged in digital credit activities not regulated by another written law, must apply to the CBK for a license within six months of the publication of these regulations.

NOTE: Many online lenders have not been registered because there were no laws prohibiting their operations. This means that they will have to re-register their loan transactions and comply with the stated laws.


A digital lender must have appropriate policies, procedures, and systems in place to ensure the privacy of customer information and transactions.

An online credit provider will not share customer information with anyone without the client’s consent.

Directors, officers, employees and agents of a digital credit provider must protect the confidentiality of customer information and transactions.

No director, officer, employee or agent of a Digital Credit Provider shall, during or after the termination of their engagement or employment with the Digital Credit Provider (except as part of their duties and/or with the digital credit provider’s written agreement) consent) disclose or use any secrets, copyrighted material or any correspondence, account of the digital credit provider or its customers.

Customer Consent

A digital credit provider must ensure that customer consent is obtained before submitting or sharing credit information with a credit reporting agency.

A customer may provide consent by oral, printed or electronic means, subject to the satisfaction of the digital credit provider as to the authenticity of the electronic consent.

A Digital Credit Provider who provides negative information to a Bureau regarding a Customer must, in writing or electronically, notify the Customer of its intention to submit the negative information at least thirty days prior to submitting the negative information to the Bureau or within a shorter period than the contract between the digital credit provider and the customer may provide.

A digital credit provider who has provided credit information to a bureau must, within thirty days from the date the information was provided to a bureau, notify the customer that the customer’s credit information has been transmitted in the office.

place of business

Online lenders should have at least one physical office according to the provisions of the bill.

No branch or establishment of a digital credit provider may be opened, moved or closed without the prior written approval of the Central Bank.

Credit collection

This has been a problem for the majority of Kenyans who have been harassed by debt collectors, some of whom go so far as to insult them or call family members to shame them for not repaying their loans on time.

To this end, the CBK declares that a digital credit provider, its directors, employees or agents must not, in the context of debt collection, engage in any of the following behaviors against the customer or any other nobody :

  • use of threat, violence or other criminal means to physically harm the person, their reputation or their property;
  • use of obscene or profane language;
  • make unauthorized or unsolicited calls or messages to a customer’s contacts;
  • improper or unreasonable debt collection tactics, method or conduct.
  • any other conduct that has the effect of harassing, oppressing or abusing any person in connection with the collection of a debt.

Comments are closed.