Table of Contents
TL;DR,
- At Kenya’s 16th annual retreat, seven financial regulators launched FinAccess sectoral reports (2006–2024) to steer vendor risk mapping, consumer protection, and AML/CFT.
- Kenya’s new Virtual Asset Service Providers (VASP) Act of 2025 formally regulates the crypto industry, assigning joint oversight to the Central Bank and Capital Markets Authority to manage everything from stablecoins to exchanges.
- Regulators link innovation to stability—map third‑party DLT dependencies early, strengthen consumer safeguards, and build credible backstops to prevent cascading failures.
Kenya’s seven financial regulators orchestrated a comprehensive response to the sweeping changes in fintech, digital assets, and the nation’s recent VASP law during their 16th Annual Board Retreat in Naivasha, Nakuru County (November 7, 2025).
The November retreat brought together the Central Bank of Kenya, the Capital Markets Authority, the Insurance Regulatory Authority, the Retirement Benefits Authority, the Sacco Societies Regulatory Authority, the Kenya Deposit Insurance Corporation, and the Policyholders Compensation Fund.
“Fostering Financial Stability and Resilience Amid Emerging Risks and Regulatory Reforms” was the main focus of the event.
Why Kenya’s financial regulators convened—and what they agreed
Digital assets have brought about the biggest shift in finance. Today, fintech technology is rapidly replacing traditional payment systems, and even banks are adopting this new technology. While Africa’s regulatory shifts continue to inspire new forums, a core issue that many finance regulators worry about is vendor concentration risks related to interest and adoption.
Unfortunately, most banks and financial institutions are unable to develop their own variations of DLT technology; therefore, they often rely on third-party solutions as a strategic option. Currently, organizations such as Base, Lisk, Ethereum, and various private blockchain ecosystems essentially provide the infrastructure for many financial institutions.
Digital lending platforms, blockchain-based transactions, and algorithm-driven advisory services have democratized participation while accelerating service delivery. Customer experiences have improved measurably, and efficiency gains have benefited providers and users alike.
Here’s the issue: a failure can cascade across the entire system, directly affecting financial institutions that are the backbone of some African economies. The Forum met to identify these dependencies and assess the knock-on effects on service quality and continuity.
The statement from the meeting clearly acknowledged that while “new products improve access and efficiency,” they also create “new regulatory and systemic risks that need to be addressed in advance.”
AI introduces a complex layer that challenges the fundamental principles of consumer protection and efficiency. The Forum backed a national strategy for these tools, stressing interoperability, ethical use, and vigilant supervisory oversight.
Consumer protection must keep pace. The regulators emphasized stronger frameworks for a rapidly evolving marketplace, supported by sector‑specific evidence. To that end, FinAccess Sectoral Reports (based on surveys from 2006 to 2024) were launched to inform policy and supervision.
Importantly, the financial regulators linked innovation to stability: support novel products, but map risks early and maintain credible safeguards like resolution funding and emergency backstops.
What the Kenya VASP Act changes for digital asset firms
The recently enacted Virtual Asset Service Providers Act 2025 marks a significant milestone for crypto compliance in East Africa. This legislation formally brings cryptocurrency exchanges, digital wallet providers, and blockchain-based financial platforms under regulatory authority. The twin-pillar model assigns joint oversight to the Central Bank of Kenya and Capital Markets Authority, creating coordinated supervision across the virtual asset ecosystem.
Think of this as Kenya’s formal move to accept digital assets into its economy. The Kenya VASP Act relies on financial regulators to oversee, regulate, and enhance the adoption of digital assets. Its subrules will span:
- stablecoin issuance
- tokenization of real‑world assets
- token issuance (ICOs and STOs)
- exchanges and trading platforms
- investment advisory
- capital, solvency, and insurance
- advertising and cybersecurity
- AML/CFT/CPF obligations.
These requirements form the baseline of Kenya’s regulatory standpoint while providing the necessary powers to its financial regulators. Scope matters. Included are virtual asset service providers operating in Kenya. Excluded are closed‑ecosystem, non‑transferable tokens; instruments regulated elsewhere (like securities); central‑bank digital currencies; and NFTs not used for payment, investment, or other financial purposes.
The compliance baseline at a glance
- Governance: board of at least two natural persons; fit‑and‑proper CEO.
- Conduct: Act with integrity, due care, and fairness; do not mislead clients.
- Consumer asset protection: hold sufficient amounts per asset type, segregate custody, meet financial requirements, and ensure client assets aren’t subject to creditor claims.
- AML/CFT/CPF: full compliance, including targeted financial sanctions and risk‑based supervision.
- Cybersecurity: implement appropriate and effective measures.
- Conflicts of interest: maintain policies to prevent and manage conflicts.
- Record‑keeping: maintain adequate records; regulators may obtain online, real‑time, read‑only access; retention for at least seven years.
- Reporting: audited financial statements within six months of year‑end; CEOs must notify authorities of insolvency, major non‑compliance, criminal proceedings, or cybersecurity events and submit a detailed report within seven working days.
For day‑to‑day crypto compliance, these obligations set a clear floor—and empower CBK and CMA to issue warnings, remedial directions, business restrictions, license suspensions or revocations, administrative fines, and investigations.
The Forum reaffirmed that credible AML frameworks and CFT/CPF supervision are central to positioning Kenya as a safe investment destination. Given ongoing FATF grey‑list scrutiny, tighter oversight of virtual asset flows is a necessity.
In practice, this means boosting supervisory capacity and tooling, aligning with risk‑based approaches, and embedding compliance into product design. Stronger AML frameworks also advance financial inclusion by insulating consumers from fraud and illicit finance while enabling innovation to scale responsibly. Crypto compliance expectations will therefore intensify.
