If you have ever taken a loan, filed a complaint, or simply tried to understand a financial product in Kenya, you have probably dealt with a system where the rules depend on who you are dealing with. A bank says one thing, a lender app does another, and somewhere in between, your data is doing its own rounds.
Kenya now wants to clean that up.
On April 14, the Central Bank of Kenya (CBK), working with six other regulators, published a draft Financial Consumer Protection Framework that attempts to bring the entire financial system under one set of conduct rules. Banking, insurance, capital markets, pensions, savings and credit co-operatives (SACCOs), and even telecom-linked financial services will now be expected to follow the same playbook.
The framework is trying to standardise how customers are treated. It sets out six principles: fairness, transparency, product suitability, asset protection, complaints handling, and data privacy.
The proposal, out for public comment until April 28, mandates lenders to stop selling financial products, especially loans, to people who cannot afford them, clearly explain the terms, and have a proper system for when things go wrong.
Between the lines: This did not come out of nowhere. As of 2025, Kenya’s data protection office received over 4,000 complaints tied to digital lenders, many involving misuse of personal data.Â
Kenyan borrowers reportedly received over 1,000 calls from more than 60 different spam numbers during debt recovery efforts. The same unethical spam-calling tactic also mirrors South Africa, where regulators are now fighting back.
What makes this attempt different is who is involved. Alongside the usual financial regulators, Kenya has pulled in the Communications Authority (CAK) and the Competition Authority. That matters because much of the harm has happened where finance meets telecoms, especially in mobile money and digital credit, where oversight has historically been split.
Zoom out: This is part of a broader shift. Kenya is moving away from its earlier, more permissive approach to fintech innovation towards something stricter and more coordinated. The real test, as always, will not be in writing the rules, but in enforcing them consistently across a system that has long thrived on fragmentation.