PSP and e-money pathways, VASP developments, and compliance as a commercial asset for fintechs operating in Kenya.

Kenya’s payments market is often described in the language of speed: faster checkout, instant transfers, real-time settlement, embedded finance. That narrative is accurate but incomplete. Payments innovation at scale is not only a product story. It is a regulatory perimeter story, and increasingly a governance and resilience story.

When a business operates in payments in Kenya, whether through a gateway, a digital wallet, merchant acquiring, or a platform layered onto mobile money rails, the question that matters is not simply whether the product works. It is whether the product is operating inside a licensing framework that regulators, counterparties, and sophisticated customers can recognise as safe.

Key insight: Licensing is not merely an approval step. It is an operating standard testing capital, governance, AML/CFT readiness, cybersecurity, reporting capability, and data governance.

Contents

  1. The core shift: licensing as operational readiness
  2. Who regulates payment services in Kenya
  3. The payments licensing perimeter
  4. PSP licensing pathways: why “PSP” is not one licence
  5. Virtual assets: what the VASP Act signals
  6. When payments drifts into banking-style regulation
  7. Compliance as a commercial asset
  8. Timelines and capital: planning realistically
  9. FAQ

1. The Core Shift: Licensing as Operational Readiness

Early-stage teams sometimes treat licensing as a binary hurdle: licensed or not licensed. In practice, regulators treat licensing as a continuous assurance framework. It requires firms to demonstrate, before launch and throughout operations, that they can manage financial risk, conduct and consumer risk, financial crime risk, technology and operational risk, and data governance.

This changes how founders should plan. If licensing is treated as a late-stage filing exercise, it often collides with reality: incomplete governance, unclear control ownership, weak documentation, and vendor arrangements that do not match the regulatory story the firm wants to tell.

2. Who Regulates Payment Services in Kenya

For most payment service providers and payment systems, the Central Bank of Kenya (CBK) is the anchor regulator under the National Payment System framework. CBK’s focus is pragmatic: safeguarding the integrity and stability of the payment ecosystem and protecting users.

Depending on the business model, other authorities may also be relevant:

  • Capital Markets Authority (CMA) where virtual assets or investment-adjacent features appear.
  • Communications Authority where telecom rails or authorisations are integral to the model.
  • Financial Reporting Centre (FRC) for AML/CFT reporting obligations.
  • Office of the Data Protection Commissioner (ODPC) for data protection compliance.
  • Kenya Revenue Authority (KRA) for tax compliance.

3. The Payments Licensing Perimeter: Substance Over Labels

The fastest way to understand licensing is to describe the product functionally rather than in marketing terms. Regulators are generally less interested in whether a product is called a “platform” or a “technology provider,” and more interested in what it controls:

  • Transaction initiation and processing.
  • Issuance of stored value.
  • Operation of a payment instrument or payment system.
  • Control over settlement flows.
  • The integrity of communications to users.

In practical terms, licensing outcomes often turn on where the business sits in the value chain: whether it is processing payments, operating payment rails, issuing e-money, or touching customer funds even briefly.

4. PSP Licensing Pathways: Why “PSP” Is Not One Licence

“PSP licence” is commonly used as shorthand, but in practice there are distinct categories that reflect different risk profiles, particularly the distinction between facilitating payments and issuing stored value.

Electronic Retail Payments and Transfer Services (Without E-Money)

This category generally captures providers facilitating electronic retail payment transactions such as gateways, acquiring and processing, and bill payments, without issuing stored value.

Small E-Money Issuer (SEMI)

SEMI structures recognise that some wallet products are low-value or limited in scope. While thresholds may differ, the underlying supervisory expectations remain meaningful: governance, AML/CFT controls, cybersecurity posture, and reporting capability must be credible.

E-Money Issuer

Where a platform issues, stores, and redeems e-money, particularly where it is usable with third parties, the regulatory intensity typically rises. At this level, safeguarding structures, reconciliations, consumer risk, and operational resilience become central.

Payment Instruments and Payment Systems

Where a business owns or operates payment instruments or systems, including switching or settlement-adjacent infrastructure, the authorisation posture can shift again, particularly where scale raises systemic considerations.

5. Virtual Assets: What the VASP Act Signals for Kenya Fintechs

Kenya’s Virtual Asset Service Providers Act, 2025 signals a formal shift toward licensing and supervision of digital asset activity. While implementing regulations and guidelines are awaited, the strategic implication for product teams is immediate: classify activities honestly (custody, exchange, issuance, advisory) and build for licensing readiness in governance, AML/CFT maturity, cybersecurity controls, and defensible disclosures.

6. When Payments Drifts Into Banking-Style Regulation

A common strategic risk is designing a payments product that quietly begins to resemble deposit-taking or bank-like services. Where a model involves deposit-like accounts, savings behaviour, or lending structures, the licensing framework can shift into a materially stricter regime under the Banking Act.

Product design should therefore be treated as regulatory design, particularly where the roadmap includes credit, savings, or account-like features.

7. Compliance as a Commercial Asset for Kenya Fintechs

For growth-stage fintechs, licensing and compliance are often viewed as cost centres. In reality, they are frequently deal accelerators. Sophisticated counterparties increasingly ask for evidence: who owns AML/CFT controls, what cybersecurity standards are implemented, how personal data is handled, what incident response looks like, and whether vendor relationships allocate responsibilities clearly.

Firms that can answer these questions with coherent documentation, including governance papers, policies, logs, and enforceable contracts, move faster in negotiations and inspire confidence in partners and investors.

8. Timelines and Capital: Planning Realistically

Licensing is a project, not a form. A realistic plan allows time for pre-application engagement, application review, regulator queries, and final issuance steps. Depending on the model and readiness, timelines can extend over several months and, in some cases, closer to a year.

Minimum capital requirements vary by category. Examples commonly referenced for certain PSP categories include:

  • Small E-Money Issuer (SEMI): KES 1,000,000
  • Electronic retail payments services: KES 5,000,000
  • E-Money Issuer: KES 20,000,000
  • Designated payment instrument issuer: KES 50,000,000

Capital, however, is rarely the only determinant of speed. Governance and operational controls are often what determine momentum through the licensing process.

MN Legal supports clients across the lifecycle of payment and digital finance businesses, from early model structuring to licensing submissions and ongoing compliance posture. This includes mapping transaction flows to the right authorisation pathway, preparing governance and compliance documentation, aligning AML/CFT and operational resilience expectations, advising on data protection governance, and structuring partner and vendor contracts so the operating model matches the regulatory position.

Make an enquiry  |  Explore Practice Areas

Frequently Asked Questions

What licence does a payment service provider need in Kenya?

It depends on the model. The CBK regulates most PSP activity under the National Payment System framework. The right category depends on whether the business is processing payments, issuing e-money, operating payment instruments, or touching settlement flows. There is no single “PSP licence.”

How long does payment licensing take in Kenya?

Realistically, several months from pre-application engagement to issuance, and in some cases closer to a year. Governance and operational controls readiness often determines pace more than capital alone.

What does the VASP Act mean for digital asset businesses in Kenya?

The Virtual Asset Service Providers Act, 2025 introduces a formal licensing and supervision framework for digital asset activity. Businesses should classify their activities honestly and begin building for licensing readiness now, ahead of implementing regulations.

Can a payments product drift into banking regulation?

Yes. Where a model begins to resemble deposit-taking, savings, or lending, the applicable framework can shift toward the Banking Act, which carries significantly stricter requirements. Product design should be treated as regulatory design from the outset.

Why does licensing matter commercially, not just regulatorily?

Sophisticated partners, investors, and enterprise customers increasingly ask for evidence of governance, AML/CFT controls, cybersecurity posture, and data protection compliance. Firms with coherent documentation move faster in commercial negotiations and due diligence processes.

How can MN Legal help with Kenya payments licensing?

MN Legal advises on model structuring, licensing pathway selection, governance and compliance documentation, AML/CFT readiness, data protection governance, and vendor and partner contracting for payment and digital finance businesses operating in Kenya.

Disclaimer: This article is for general information only and does not constitute legal advice. Licensing requirements vary by jurisdiction and specific facts. For advice on your specific model, contact MN Legal.