Body
RegTech is composed of the words “regulatory” and “technology”. It is a collective term for the application of modern technologies, to get the increasing regulation in the banking- and financial sector under control both from an IT and a legal standpoint.
Introduction
Attitude of the country towards RegTech-services
In Kenya, RegTech is gaining gradual recognition, particularly among financial institutions such as banks, microfinance institutions (MFIs), and digital lenders that face mounting regulatory obligations under the CBK Act, Banking Act, Data Protection Act (2019), Proceeds of Crime and Anti-Money Laundering Act (POCAMLA), and others.
However, adoption remains limited, with many firms still relying on manual compliance processes or in-house legacy systems. The Central Bank of Kenya (CBK) and Capital Markets Authority (CMA) have shown support for innovation, including RegTech, but the uptake is mainly driven by market forces, not regulatory mandates.
Only a few institutions—mainly larger commercial banks and SACCOs—have started piloting RegTech tools for areas like transaction monitoring, real-time KYC/AML screening, and compliance reporting.
Legal affairs
Obligations and requirements to provide RegTech-services
As of now, RegTech service providers in Kenya are not directly regulated unless they provide regulated financial or data services. RegTech firms:
Do not require a license to operate as technology vendors.
Must, however, comply with the Data Protection Act (2019) if handling personal data.
May be required to sign contracts that meet outsourcing and operational resilience standards under CBK guidelines (especially if working with banks or licensed FinTechs).
May fall under procurement vetting or due diligence scrutiny by clients under AML/CTF obligations.
Additional comments regarding the legal situation for RegTech-services or what RegTech’s must be aware of in this business area
Although Kenya's regulatory approach to RegTech is light-touch, providers must:
Remain alert to indirect obligations imposed via service contracts with regulated entities.
Ensure compliance with cybersecurity and data localization provisions, especially when handling financial or personal data.
Align with CBK’s Risk-Based Supervision Framework and CMA’s FinTech Incubation Policy, if offering technology to supervised entities.
The absence of a dedicated RegTech framework means firms must piece together obligations from multiple sectoral laws and guidelines.
Economic conditions
Market size for RegTech-services and biggest companies in this business area
The RegTech market in Kenya is small but growing, spurred by:
Increased CBK oversight of mobile lenders and FinTechs
New Data Protection Act obligations
Heightened demand for transaction monitoring and automated KYC/AML tools