Kenya’s fintech (Financial & Technology) scene has been growing at a fast pace. The country is ranked among the top 3 African countries with innovators in the financial sector followed by South Africa and Nigeria.
The fintech industry, largely driven by mobile and internet penetration has seen exceptional application of technology in solving the needs of consumers and firms in the financial space. Such technologies include electronic payment systems as well as top-notch financial management tools that enable ease, speed, and convenience.
As financial institutions, governments and companies are embracing this new development, this calls for a careful legal and regulatory analysis required as part of the risk assessment involved in using these transformative technologies. The risks range from Cybersecurity, Data Leakage, privacy among others in the digital ecosystem.
Kieti Law is one such law firm that has recently ventured into FinTech Legal space, designed to assist fintech’s with legal compliance and advising on all aspects of the FinTech sector. The local law firm announced the move in a partnership earlier this year with Cliffe Dekker Hofmeyr broadening its mandate to offer Legal Tech.
In an interview with The East African Business Times, Sammy Ndolo the managing partner of Kieti Advocates LLP sheds light on the fintech law space.
How important is data protection for financial technology (FinTech) Companies?
Data protection is important for fintech companies because it enables them to create product offerings that their customers can trust to protect their personal information in compliance with the applicable rules and regulations and best practice.
Establishing trust is a key tool in driving customer acquisition and retention in the consumption of fintech services.
RegTech is an industry that continuously challenges the law. How can law firms like Kieti help fintech’s accelerate? Also, how are you planning to adjust as the sector keeps on changing with the emergence of new technologies.
Kieti Law assists fintech companies to conceptualise and develop RegTech by providing advice on the legal and regulatory framework for complicated compliance processes.
Some of the initiatives by the firm have included special fee arrangements to facilitate and accelerate their development.
The emerging new technologies enhance existing ones or address new gaps and we adjust by making sure we are adaptable to a changing legal landscape and that we remain knowledgeable about the new technologies.
Data protection has been a major discourse among stakeholders worldwide. What are some of the laws that currently exist and governs data protection in Kenya?
The Data Protection Act in Kenya is the primary legislation that governs data protection in Kenya, and it came into force on 25 November 2019. The regulations that will guide the implementation of the Act are being developed.
Is it compulsory for fintech companies to comply with the Kenya Data Protection Regulation? Are there any penalties for non-compliance? What kind of data is required to be protected?
It is compulsory for fintech companies that are data controllers or processors to comply with the Kenyan data protection laws in relation to information that relates to an identified or identifiable natural person.
Non-compliance will result in penalties imposed by the Data Commissioner and payment of damages to the offended data subject.
How has the Cybercrime Act evolved over the last few years?
The Computer Misuse and Cybercrimes Act, 2018 faced significant resistance since it was enacted into law and there was a court temporary injunction against the implementation of its most important provisions on the basis that it violated certain fundamental rights and freedoms.
The court eventually determined there was no violation and the injunction was lifted on 20 February 2020 meaning the obligations and offences it creates in relation to, among other things, the protection of computer systems and data and cybercrimes can be enforced.
The court’s determination that no fundamental rights or freedoms were violated has been appealed without any further conservatory orders being issued and it remains to be seen if the appeal will succeed.
Kenya remains vulnerable to online money laundering and financial fraud. How best can this be addressed?
Money laundering and financial fraud risks affect many countries including those in advanced economies. In Kenya, enhanced public sensitisation and proper and fair enforcement of the existing robust laws and regulations would likely significantly mitigate these risks.
Does monitoring employees’ social media accounts, obtaining information from their social media and making use of said information infringe any data privacy laws?
The monitoring of such employee information would likely be considered to be a breach of the constitutional right to privacy and also as an infringement on the Data Protection Act.
Any person data must, among other things, be processed in accordance with the right to privacy of the data subject and collected for explicit, specified and legitimate purposes and not further processed in a manner incompatible with those purposes.
The tech industry in Kenya has matured over the last few years with larger transactions and increased involvement of Big Tech firms. What are some of the critical legal, regulatory, and policy issues associated with these new trends?
It seems to be a mix of factors including the early and deep adoption of mobile phone-based technology and the existence of private and public service sector bottlenecks that present an opportunity for innovative entrepreneurs and investors.
Finally, what are some of the key legal and regulatory challenges FinTech firms in various sectors face?
The key legal and regulatory challenges faced by fintech companies are in relation to grey areas that exist for some of their products as the current rules and regulations may not be in keeping with the technological advancements and this is can be compounded when dealing with a conservative regulator.
