40 Digital Lenders Under Investigation Over Data Breaches 

Forty Digital Credit Providers (DCPs) are under investigation over suspicion of breaching data privacy laws following complaints from customers, the Office of the Data Protection Commissioner (ODPC) has revealed. 

In a statement dated Wednesday, October 5, 2022, the ODPC revealed that it had received a total of 1,030 complaints from Kenyans of which 555 were admitted. Of those 299 were lodged against digital lenders which represents about 54% of all cases admitted.

“The ODPC wishes to notify the public that it is conducting preliminary documentary assessment on 40 Digital Credit Providers (DCPs) whose practices regarding the processing of personal data has been raised to the Data Commissioner as complaints by various members of the public,”  the statement reads in part.

Read Also: Digital Loans to Cost Even More - Money Weekly

The DCPs in question include:

1. APESA/Zerox Technology Company Ltd
2. ASAPKASH/Joyot Technology Limited
3. Branch
4. CASH
5. CASH SEA
6. COLLECTPLUS
7. COOPESA
8. CREDIT KES
9. CREDIT MOJA
10. Deltech Capital Limited/Mykes Loan
11. DIRECT CASH
12. FAIRCASH
13. Flashpesa
14. Flexi cash
15. Hela Credit
16. Hikash
17. IKASH Connect
18. INSTARCASH
19. IPESA
20. KASH LOAN
21. KASHBEAN
22. KASHPLUS
23. KASHWAY
24. KESLOAN
25. LEMON KASH
26. LIONCASH/GROLA TECH LTD
27. M-CREDIT
28. METALOAN
29. MOKASH
30. PAPCASH
31. POCKET CASH
32. PREMIER CREDIT LTD
33. ROCKET PESA
34. SENTI
35. SKYPESA
36. TALA
37. WAKANDA CREDIT/KASHWAY
38. Zash Loan
39. Zenka Digital Limited
40. Zuri Cash

It is important to note that digital credit providers listed above are yet to be found to in breach of data protection laws as the ODPC outlines below.

“During the audit process, the aforementioned DCPs will be required to provide the ODPC with requisite documents by October 18, 2022 failure to which they will be deemed to have failed to cooperate with the office which is an offence under Section 61 of the Data Protection Act [Obstruction of Data Commissioner],” the statement further reads. 

Read Also: Only 10 Digital Lenders Have CBK Approval

The Data Protection (Complaints Handling and Enforcement Procedures) regulations, 2021 took effect in February 2022 paving way for data subjects to file complaints and report data breaches to the Data Commissioner.

Pursuant to Section 58(3) of the Data Protection Act, 2019, any person who, without reasonable excuse, fails to comply with an enforcement notice commits an offence and is liable on conviction to a fine not exceeding five million shillings or to imprisonment for a term not exceeding two years, or to both.

“We want to assure the public that the complaints received will be investigated and concluded accordingly,” Data Commissioner, Immaculate Kassait stated.

This comes at a time when digital lenders have come under the supervision of the Central Bank of Kenya after years of operating unregulated. 

Read Also: New Debt Collection Terms for Digital Lenders - Money Weekly

As of September 17, when the 6-month window to apply for a CBK licence for unlicensed DCPs lapsed, the apex bank had received a total of 288 applications. Only 10 of those had received CBK approval. These are:-

1. Ceres Tech Limited
2. Getcash Capital Limited
3. Giando Africa Limited, trades as Flash Credit Africa
4. Jijenge Credit Limited
5. Kweli Smart Solutions Limited
6. Mwanzo Credit Limited
7. MyWagepay Limited
8. Sevi Innovation Limited
9. Rewot Civo Limited
10. Sokohela Limited

The remaining applications are at different stages in the licensing process with the CBK saying it is awaiting the submission of requisite documents.

“We urge these applicants to submit the pending documentation expeditiously to enable completion of the review of their applications.”

As regards digital lenders who failed to meet the September 17 deadline of applying for a CBK licence, the regulations require them to cease operations.

The push for regulation was hinged on what was seen as abusive practices that some digital lenders stand accused of including aggressive collection practices, debt shaming and predatory interest rates. 

Late 2021 digital lenders were also required to make borrowers aware of interest rates, other loan charges, late payment penalties and rollover fees before issuing out loans.

The Competition Authority of Kenya (CAK) said digital lenders had to adopt the same model used by mobile money operators, where all costs associated with a transaction are displayed before the transaction is confirmed.

Read Also: Digital Lenders to Start Disclosing Hidden Fees - Money Weekly

A study done by CAK found that 73% of Kenyans were not aware of the cost of loans they had borrowed from digital lenders.