The Standard Group Plc is a multi-media organization with investments in media platforms spanning newspaper print operations, television, radio broadcasting, digital and online services. The Standard Group is recognized as a leading multi-media house in Kenya with a key influence in matters of national and international interest.

Standard Group Plc HQ Office,
The Standard Group Center,Mombasa Road.
P.O Box 30080-00100,Nairobi, Kenya.
Telephone number: 0203222111, 0719012111
Email: [email protected]

NEWS & CURRENT AFFAIRS

Digital News

Digital lenders accuse Central Bank of overstepping mandate

Business

By Graham Kajilwa | Aug 23, 2025

Immaculate Kassait, Data Commissioner Kevin Mutiso, Chair Digital Financial Services Association of Kenya during a stakeholders meeting with players in the digital finance space on compliance and regulations.[Wilberforce Okwiri,Standard]

Digital lenders in Kenya, under the Digital Financial Services Association of Kenya (DFSAK), have accused the Central Bank of Kenya (CBK) of overstepping its authority by regulating their customer data management.

They argue that overlapping mandates from CBK, the Competition Authority of Kenya (CAK), and the Office of the Data Protection Commissioner (ODPC) create operational challenges, forcing lenders to allocate significant resources to comply with conflicting regulatory requirements.

The lack of clarity on which regulator handles specific complaints further confuses consumers and lenders alike.

Follow The Standard channel on WhatsApp

DFSAK Chairperson Kevin Mutiso said on Thursday, members are concerned about some regulators, including CBK, overreaching their mandate.

“We worry about regulatory overreach by CBK. They also seem to want to regulate the data aspect of our business,” he was speaking in Nairobi during a stakeholder meeting also graced by the Data Commissioner Immaculate Kassait.

Even as Mutiso noted a re-emergence of rogue players, he said there is a need for a framework to guide how and to whom complaints should be channelled for proper redress.

“The challenge the consumer has is to whom they go if they have a complaint. The process is not clear. How do you manage those elements?” he posed.

“You will find more often than not, there is an intersection of data protection complaints that would be channelled to CAK. Again, CBK, being the primary regulator, is also limited. That multiplicity creates operational challenges,” added Kennedy Osore, head of public affairs at Tala.

According to the Data Commissioner, Kassait, her office has received 5,284 complaints since 2021.

These complaints revolve around unlawful access to contacts and personal data on customers’ phones, processing of third-party personal data, lack of transparency on how the data is collected and stored, and the lack of consent before data is collected.

There have been 39 determinations, 22 enforcement notices, 27 compensations and eight penalty notices. Kassait said the ODPC works closely with other regulators, such as CBK. She confirmed that her office has been forced, in some cases, to write to CBK seeking deregistration of some lenders not willing to address the issues raised.