Kenya's financial sector regulators have published a draft Financial Consumer Protection Framework for public comment, marking the most ambitious attempt yet to unify market conduct standards across the country's fragmented supervisory landscape.
- •The Central Bank of Kenya, leading a seven-regulator Technical Working Group, released the draft on April 14, 2026, with a public comment deadline of Tuesday, April 28, 2026.
- •The framework establishes standards across six principles: fair treatment, transparency, product suitability, asset protection, accessible complaints handling, and data privacy.
- •It applies across banking, insurance, capital markets, pensions, SACCOs, telecoms-based financial services, and competition oversight, bringing under one architecture standards that have until now sat in separate sector-specific guidelines with uneven enforcement.
The publication arrives against a documented backdrop of consumer harm. The Office of the Data Protection Commissioner had received over 4,000 complaints of digital lenders misusing customer data as of early 2025, with only a fraction progressing to formal investigation. Separate research by Financial Sector Deepening Kenya and CGAP found some borrowers had received more than 1,000 calls from over 60 different numbers as part of aggressive debt recovery campaigns.
The framework's data privacy and complaints handling pillars map directly onto these failures. Product suitability standards, if implemented with enforcement capacity, would also constrain origination of loans to borrowers with no demonstrated capacity to repay, a practice at the core of Kenya's digital lending crisis.
The Technical Working Group comprises the CBK, Capital Markets Authority, Insurance Regulatory Authority, Retirement Benefits Authority, Sacco Societies Regulatory Authority, Communications Authority of Kenya, and Competition Authority of Kenya.
The inclusion of the Communications Authority and Competition Authority alongside traditional financial regulators is significant with a material share of consumer harm in Kenya occurring at the intersection of financial services and telecoms, in mobile money, digital credit, and mobile insurance products, where jurisdictional gaps between regulators have historically created space for harmful practices to persist.
The framework is part of a concentrated wave of regulatory consolidation in 2025 and 2026. The CBK has separately been reviewing the CBK Act and Banking Act, targeting provisions on digital banking, fintech oversight, and cybersecurity.
The Virtual Asset Service Providers Act 2025 brought digital asset businesses within the regulatory perimeter. These moves reflect a deliberate shift from the permissive innovation posture of the last decade toward structured, enforceable oversight.
