As the dust settles over the Kenyan landscape, not just from the thousands of wildebeest doing the annual migration in the vast safari plains of the world famous Maasai Mara, but also from the thousands of visitors who recently attended the 6th Global Entrepreneur Summit in Nairobi, one thing is clear.... Kenya is on the move.

Both the President of the United States of America, Barrack Obama and President Uhuru Kenyatta of Kenya agreed that the future of Africa and more so Kenya lay in the hands of the youth and the use and adaptation of Information and Communication Technology (ICT). 

Resources

With Kenya leading the way (at least in some segments of mobile money usage) in ICT and Mobile market penetration and use in Africa we are definitely ready for the world in achieving this information technology step up.

In a recent United Nations survey (2014) on world e-government rankings Kenya has been placed second in Africa behind Morocco. This survey further stated that Kenya is the only low income country with an Open Governmental Data Portal[1].
 
This is definitely a first for Kenya.
           
As per records of the Communications Authority of Kenya, internet users in Kenya have grown significantly to around 30 million users, which tallies well with the approximate 32 million mobile subscribers in the country.
 
With stable politics, reasonably good governance, relatively good security, high levels of education and an ever expanding infrastructure environment (including 5 major underwater fibre optic cables), Kenya is the place to be for ICT, Mobile and Software development. Especially because of the huge population of youth between the ages of 20 – 32 (all tech savvy and most of whom are trained at least to University level), Kenya has the manpower to offer any serious investor resources in the ICT or mobile development field.
 
Leading by Example 
 
In 2014 Kenya launched The Kenya National ICT Master Plan which has several objectives and goals to transform Kenya into a truesilicon savannah[2]

The Government of Kenya has already begun the digital migration with at least three main services being ‘digitalized’. Other than the already existing Open Data Government Portal, the I-Tax system[3], cargo clearance at the port of Mombasa and the internal Government procurement system the Integrated Financial Management Information System[4] (IFMIS), the pace has already been set.
 
Are we headed in the right direction?        

By the success of MPESA[5] in terms of mobile payment platforms Kenya is definitely headed the right way. MPESA has set an example for many countries dealing with mobile money platforms.
Mobile Network Operators (MNO’s) have already started to shift from the current 2G and 3G networks to 4G / LTE networks, buoyed by the existing fibre networks and the new urban ICT network there will be huge development in the ICT and mobile platform service sectors.
 
Information released by the Central Bank of Kenya shows mobile money remittances in Kenya for the first half of 2015 touched 1.3 trillion Kenyan Shillings (Kes). With over 25.4 million mobile money transfer accounts in place undertaking over 2.5 million transactions per day, an average of Kes 180 billion (USD 2 billion) per month is transacted through this platform.[6]
 
With the likes of Google, IBM, Oracle, Huawei and Microsoft setting up base in Kenya, assisting with setting up tech-incubators, offering training and supplying solutions to both private business and Government this can only be good for the country. Recently Nairobi was the city chosen to launch Microsoft Windows 10 confirming that Kenya is a rising tech hub.
 
Software companies based in Nairobi are now developing local products, training local developers to write source code and selling the software in Kenya and around Africa. With the development of mobile Apps and software code for a variety of industries dealing in agriculture, commerce, banking, conservation, actuarial services and insurance, software development and improvement continues in Kenya.     

The Future and more importantly the law regulating it!

The recent entry and roll-out of services by Mobile Virtual Network Operators (MVNOs) is already being felt in the market, with consumers anticipating benefits that accrue from convenience and reduced costs of transfer, as well as more platforms and providers to choose from.

One of these MVNO’s [7] currently offers ‘Thin-SIM’ card technology which is new to Kenya and Africa. Already over 300,000 subscribers are using this new technology.
           
With such new developments it is no surprise that Kenyans are already discussing and experiencing new technology and concepts such as Crypto-currencies and Block-chain technology. Groups and forums are abuzz in Nairobi discussing how to utilize, understand and eventually develop such new technology.
 
The use and adaptation of block chain technology may be unheard of in some sectors (regulatory or private) in Kenya but eventually it will ingrain itself in the Kenyan economy. The challenge to regulators, law firms and law makers is to now start laying the foundation for laws, rules and regulations – and to adapt to these developments, as there are areas of concern that need to be addressed with such new technology.       

The Laws
 
With the use of all this new technology and to ensure Kenya keeps ahead of its regional competitors and remains a hub in Africa, the authorities, and more importantly the legislature, must adapt and ensure the correct and sustainable structure is in place.

Unfortunately, as with any new technological advancement, this is not without challenges.  Regulation, fraud prevention and basic ICT standards are far from satisfactory. However, the Kenyan Government is beginning to develop regulatory frameworks to safeguard consumers and to manage and standardize the sector.
 
Sufficient strides have been made to laws within our system to address such development and advancement. Being a former British colony, Kenya has borrowed much of its laws from the United Kingdom; but over time Kenya has moulded most of its laws to reflect challenges and outcomes in Kenya.

An example is The Evidence Act[8] which has had several amendments made to it and now includes the admission of electronic messages and digital material in court proceedings.
 
The Communications Authority of Kenya (CA)[9] has also set out key legislation, in particular the Kenya Information and Communications Act and The Kenya Information and Communications (Consumer Protection) Regulations amongst other regulations. Coupled with the Constitution of Kenya[10] and the Consumer Protection Act, these laws are designed to protect both providers and customers.
 
Another first for Kenya is the Proceeds of Crime and Anti Money Laundering Act[11]. Under this Act the Financial Reporting Centre (FRC) was launched to coordinate matters thereof with regulations on mobile payment service providers regarding money laundering. Payment service provider firms are obligated to have procedures and controls to handle such situations.
 
In addition to these laws, Kenya has set up its own national Computer Incident Response Teams (CIRTs)[12] to handle incidences of cyber-crime and related issues.
 
Another very key piece of legislation specifically targeted at mobile money payment platforms is the National Payment Act and the recently formulated National Payment System (NPS) Regulations[13]. Guided by the Central Bank of Kenya (CBK), the NPS Regulations provide much needed certainty in the market for consumers and direction for investors seeking to enter the market, incorporating practices and developments that have taken place in Kenya.
 
There are mechanisms and provisions for consumer redress, privacy and confidentiality of data. More importantly key definitions, such as ‘e-money’, ‘electronic payment service provider’ and‘mobile service payment provider’ are now defined and part of Kenyan law. Prior to these regulations, requirements and obligations for mobile money providers were set out in letters granted by the Central Bank of Kenya.
 
These regulations now make it clear that a payment service provider is liable to its customers for the conduct of its agents. Some other notable features of the new regulatory framework are:

  • Safeguarding of funds: In order to allocate risk and minimise the placement of trust fund balances in one institution, the NPS Regulations require that the funds be diversified across strong-rated institutions[14] effectively ring-fencing the funds. Customer funds must be held in trust and no lending or investment of such funds is permitted.[15]
  • Risk management: In order to maintain good risk management practices, the regulations have made provisions for the application of international standards[16]. Operators are required to comply with such international standards in addition to any other technical standards that the CBK may prescribe.
  • Security: The Regulations set forth requirements of a Payment Service Provider to include the governance arrangements of the applicant and internal control mechanisms[17]. Applicants have to establish and comply with local anti-money laundering obligations and conditions as contained in the Prevention of Terrorism Act.
  • Operability: The regulations require payment service providers to have customer agreements that stipulate amongst other requirements, the electronic retail providers privacy policy, data retention and protection and exclusions and limitations of use of services.

With respect to ICT, Kenya is making efforts to ensure that there is a sufficient policy and legal frameworks to address the challenges arising from cyber and other computer related crime. Kenya has already developed a national Cyber Security Strategy which provides a national-level plan to defend and secure the country’s digital infrastructure. The strategy includes the development of information security management controls and procedures; cyber security systems; and identity and access management systems, among other key issues.
 
Upcoming legislation includes the Cybercrime and Computer Related Crimes Bill.[18] This will be in addition to the Data Protection Act, which is a key Act, in light of a recent case that unsuccessfully challenged the implementation of new technology in Kenya (thin SIM) without having appropriate data protection in place.
 
There is also the Critical Infrastructure Protection Bill which the Government wants to use to implement key infrastructure across the country which is considered critical in nature, specifically focusing on ICT.[19] It is on this basis that the government and the private sector have considered it necessary to come up with legislation to guide the implementation and management of this critical infrastructure.
 
Some issues that remain
 
Customers, MNOs, financial institutions, issuers of e-money, payment platforms and developers of the same are the main participants in the process of mobile development / finance and ICT. As these participants have different interests, they will face conflicts with each other that require different legal solutions.
 
Kenya has put in place policies and regulations to handle or otherwise deal with any potential conflicts. As ICT issues are still relatively new in Kenya, the laws policies and procedures will continue to evolve over time.
 
Some issues that we in Kenya are currently facing in the ICT sector are to do mainly with trust and liability of mobile money platforms. Considering the point that mobile financial transactions are concluded in an automated manner, we need to find ways of creating procedures and policies that can assist customers to prove intention or negligence of financial institutions. Rather than simple reversal for incorrect transactions we must also address the issue of MNO culpability and liability for the financial transaction platforms they provide.

Can we effectively say whether it is the financial institution or the MNO who will be liable for any customer loss, or will such loss or negligence always be attributed to the customer? It is almost impossible for customers to clarify whether errors were caused by a financial institution or the MNO and we need clear guidelines on this.

Have we effectively adopted the role of Independent Trusted Service Managers (TSM) in Kenya, where such TSM’s are not financial institutions offering the mobile money services? We do have degrees of liability set out in our laws and regulations that relate to financial institutions but what about having the same imposed on a TSM? There is definitely place in Kenya to have more independent and professional TSM’s offering their services and linking with both the provider and the user.

At present, stakeholders have not clearly separated roles within the mobile payment ecosystem. Financial institutions and MNOs are competing for the entity that will hold the customer account and receive the biggest portion of fees.
 
The concept of ICT is still new for many people in Kenya, and one of the major areas of concern is trust. With regulatory affairs, financial institutions and MNO’s still operating under heavily fortified corporate veils and issuing concise and non-negotiable terms and conditions to users it will still be a while before Kenyans fully adopt ICT and put all their trust in the same.
 
Furthermore all electronic communication made by means of messages and financial transactions require clear concise definitions and legal recognition by laws governing electronic communications. “UNCITRAL Convention on the Use of Electronic Communications in International Contracts” and “UNCITRAL Model Law on Electronic Commerce” are the most important international instruments covering those issues. Regulatory and legal practitioners in Kenya need to study these regulations and find a way of fully adopting them into Kenyan laws, but more importantly actually effecting them in practice by educating the users and showcasing to investors that the regulatory side can handle and keep up with the ICT growth.

With several software firms operating in Kenya and many software contracts in existence, the use and interpretation of the same is still wanting. Improperly drawn up agreements or easily downloadable agreements are the norm, effectively rendering unfair protection to both the developer and the user. Furthermore, the understanding of provisions of intellectual property, escrow, ownership rights and mechanisms for dispute is still far from ideal. Education is key and adaptation of the laws whether local or international more so important.

The interpretation of software contracts (though technically a contract) requires proper legal counsel and advice through advisors experienced in handling such matters. Disputes are bound to arise. Issues of trust law, cryptography and e-discovery are all relatively new in Kenya and these must be explored from now so that with time both lawyers and advisors in general including regulatory authorities are able to keep up with the changing times.
 
The hunger to adapt to international standards of practice and the pressure by international companies on developers and business in Kenya is intense. This effectively results in sub-optimal agreements and unfair dispute mechanisms. Due to the fear of unsuitable jurisdiction laws in Kenya, many tend to accept international law as governing these agreements without understanding the proper consequences of costs and legalities of the same. Education and proper placement of information is crucial to both end users and developers in Kenya.
 
Conclusion

Technology, whether in the form of mobile payment systems or ICT is now a part of economic development in Kenya. What is required is the proper investment infrastructure and legislation. This will lead to an improved quality of digital revolution in Kenya.
 
However, with the new regulatory framework and proposed new laws, as well as tackling of corruption and spending on education and infrastructure, Kenya shows promise for a better environment in the field of mobile money and ICT in general. With time the net effect of these new developments, laws and focus will provide the pathway for the expansion of the digital ecosystem in Kenya. The implementation of the NPS regulations, bolder actions being taken by the Kenya Communications Authority on dominant market players, and the Central Bank of Kenya willing to partner with mobile payment and e-payment partners to find solutions to practical problems and close the net on untrustworthy transactions are all steps in the right direction. With MPESA the laws only followed after the roll out and success of the product and this is the uniqueness that we have in Kenya.
 
It is my hope that with more consumer awareness, improved legislation and understanding both by legal practitioners and regulators, we can streamline the ICT sector in Kenya to effectively cement our place in the region as a true silicon savannah.