Participants have agreed that where borrowers have non-performing loans, they shall enter into repayment arrangements that involve providing a discount of at least fifty percent (50%) of the non-performing loans outstanding as at end October 2022. In addition, they are expected to update the borrowers’ credit standing from non-performing to performing and enter into a prepayment plan for the balance of the loan, based on the agreement with the borrower. After the Framework expiry period lapses, the credit standing of borrowers will depend on their repayment performance during the six-month period.

Importantly, the Framework intends to cover loans with a repayment period of thirty (30) days or less and which were offered by the institutions through mobile phones i.e., with a DCP licensed by CBK. Mobile phone loan borrowers covered by the Framework are those with loans from commercial banks regulated under the Banking Act and microfinance banks regulated under the Microfinance Act by CBK.

The Framework comes at a time when most enterprises are recovering from adverse implications of the Covid-19 pandemic. Without a doubt, it will encourage repayment and make sure that the borrowers’ creditworthiness is not affected by CRBs as they rebuild their livelihoods in the recovery process.

While we expect the Framework to increase loan repayment of non-performing loans by defaulters, the institutions are likely to experience a converse somewhat bittersweet implication. This position is attributed to the requirement to collect lower loan repayments.

Borrowers should be aware that this is a temporary arrangement and not permanent – they will be expected to repay all loans in future and face consequences of default. For DCPs, there are queries on the adequacy of the repayment period, and whether borrowers have been adequately screened. Nonetheless, DCPs should consider issuing loans with more favourable repayment terms such as low interest rates to ensure repayment in future.

Compliance with CBK (Digital Credit Lenders Providers) Regulations of 2022

The CBK introduced new regulations in 2022 that prohibit DCPs from carrying out digital credit business in Kenya without having been licensed by the CBK. These regulations outline the procedure of applying to the CBK for a license and considerations considered by CBK in issuance of a license.

Notwithstanding the foregoing requirement, there is still low response from DCPs as only 10 out of 278 have been licensed by the CBK. Hence, it is crucial for DCPs to ensure that they adhere to the requirements under the CBK (Digital Credit Lenders Providers) Regulations of 2022 in 2023.

Google Play policy changes for financial services

Effective 31 January 2023, DCPs in Kenya are required to complete additional proof of eligibility requirements. DCPs are required to complete the Personal Loan App Declaration for Kenya and provide the necessary documentation to support the declaration.

In particular, DCPs should complete the DCP registration process, obtain a license from the CBK, and provide a copy of the CBK license as part of the declaration.

If a company is not directly engaged in money lending activities and is only providing a platform to facilitate money lending by registered DCP(s) to users, such company will need to accurately reflect this in the declaration and provide a copy of the DCP license of their respective partner(s).

Penalty for non-compliance with data protection

On 21 December 2022, the Office of the Data Protection Commissioner (ODPC) issued its first penalty notice against Oppo Kenya (the Company) because of neglect or default to comply with an enforcement notice issued against it. The penalty notice follows an enforcement notice issued against the Company on 3 November 2022 after it infringed on the privacy of a complainant by using their photo on the company’s Instagram account via the Instagram stories feature without the complainant’s consent.

The Company is, therefore, required to pay to the ODPC a penalty of KES 5,000,000 pursuant to section 63 of the Data Protection Act of 2019 and Regulation 20 of the Data Protection (Complaints Handling Procedure and Enforcement) Regulations of 2021.

The Data Commissioner has urged entities to comply with the Data Protection Act of 2019 by implementing data protection principles and safeguards to all processing activities that relate to the collection, storage, and other processing of personal data and sensitive personal data.

Conclusion

To sum it up, Fintech companies need to be on the lookout for several administrative updates that affect their day-to-day business in 2023. Notable updates include CBK Credit Repair Framework, compliance with CBK (Digital Credit Lenders Providers) Regulations of 2022, Google Play policy changes for financial services, and compliance with Data Protection Act of 2019.