The use of Fin-tech is projected to increase significantly even in the post COVID-19 era, according to experts and it is likely to remain a key part of our daily lives.
Even so, to maintain that momentum, regulatory intervention in the protection of consumers and protection of data will be key according to Sammy Ndolo, the Managing Partner from Kieti Law LLP.
“It will be key to ensure customers are protected from unfair or unconscionable business practices, are aware of the ability to issue and withdraw their consent to the processing of their data and are able to seek intervention of regulators in the event of breach of their rights by fintech companies to ensure fairness and openness in the fin-tech market,” said Mr Ndolo.
During the ongoing Coronavirus pandemic period, remote working has become the new normal for businesses – a new norm that continues to expose businesses and customers’ data.
An organisation’s data is essential for its daily operations, decision-making and business growth. Such data can also be monetized and valued in a digital economy.
A company’s data is constantly being targeted by malicious actors through data breaches, ransomware, intelligence work and espionage.
Data has thus become an important asset that Kenyan SMEs need to protect and leverage if they are to maintain their foothold in the regional market, according to Mr. Ndolo.
Adding that when it comes to data protection for SMEs, raising staff competencies and awareness through training, briefings and audits should be an ongoing and sustainable process and above all the sector needs to be regulated in order to remain ‘sound’.
“Potential conflicts between regulators are averted by the regulatory having a common understanding and approach. In certain instances, memoranda of understanding have been signed between regulators to provide for a mechanism and process for dealing with products or operations that involve multiple regulators,” says Ndolo.
Claims of intrusion into customer data privacy by digital lenders including tapping location details and sharing of the data to third-parties are also thought to be one of the biggest customer concerns to date.
In many instances, a digital lender will have obtained a customer’s consent to use the customer data by the digital lender.
“With the Data Protection Act now being implemented, a digital lender must make sure that the form of the customer’s consent and the reason for collection and proposed processing of that customer’s data complies with the detailed requirements of the Act,” he continues.
Adding that, “This includes, among other things, that the consent must be express, unequivocal, free, specific and informed and the lender must state the specific purposes for collection of the customer’s data, how it will be processed and confirmation that it will not be used for any commercial use other than the stated purposes.”
He argues that owing to the fact that Kenya has a robust regulatory framework for consumer protection, its implementation has been poor and this should be the focus of attempts to deal with violation of consumer rights.
The recent proposal to license digital lenders for instance, is likely to increase bureaucracy with an overworked Central Bank and stifle innovation in that space according to Mr. Ndolo.
Kenya’s data protection Act requires Data Controllers and Processors to process data lawfully; minimize collection of data, restricts further processing of data, requires data controllers and processors to ensure data quality and that they establish and maintain security safeguards to protect personal data.
Additionally, statistics show that remaining data compliant continues to be a challenge for all organizations, large or small, but can be especially difficult for businesses with few employees and smaller offices.
“The key components here are cost and lack of management expertise. If a small business is breached and loses customer data, it is likely to be punished by regulators,” he says.
This comes even amid concerns and debate that innovation in Fintech space should supersede regulations – in a trend that such companies have had to argue that a focus first on innovations and later come up with pro-innovation laws to effectively support growth of Fintech is deemed the right method.
Ndolo argues that such an approach would be detrimental to the sector’s growth.
“Kenya in dealing with innovative products such as M-pesa has largely taken the step of allowing innovations to advance and mature before developing laws that regulate the products. This approach seems to have worked well in a rapidly evolving technology landscape where the regulation barely keeps up with these developments,” he advises.
He also wants some of these companies to prioritize partnerships if they are to survive such attacks.
“The opportunities that this partnership represents will strengthen the capabilities of both firms to practically and affordably service the market both within Africa and abroad. Although there have been a few South African law firms expanding into other African jurisdictions over the years, this partnership represents a significant step for our firm to utilise CDH’s renowned capabilities in both M&A and Fintech law,” he concluded.
1,042 total views, 1 views today