Ideas & Debate

Data protection law gets Kenya ready for open banking

Habil Olaka
Kenya Bankers Association chief executive Habil Olaka (left) and Central Bank of Kenya Governor Patrick Njoroge during a banking safety awareness campaign launch in Nairobi in May 2019. PHOTO | DIANA NGILA 

According to Imran Gulamhuseinwala, an implementation trustee for Open Banking Limited in the UK, “Open Banking really does feel like the best kept secret in the financial services”.

That may seem somewhat counter intuitive since the very thing that is good about it is openness, and that is conceptually diametrically opposite to secrecy. Yet, it may indeed still feel like a secret, since one may wonder why there isn’t as yet, a greater clamour for it.

Open banking leverages the benefits of the information age to advance the conduct of financial services. At the heart of it is the fact that banks and other financial service providers hold a lot of personal data, and that the value of this personal data is monumental. Critically, this personal data held belongs to the customers, and not the financial service providers.

The customer therefore has the authority, in principle, to determine how their data is used. The financial services are merely data controllers and in some cases, data processors; a conduit through which this data flows. But they are strategically primed to make excellent use of their interconnectivity and the networks that exist to literally open up banking and financial services.

Open banking has the effect of increasing access to financial services and lowering barriers to innovation, through rethinking old models and forming new partnerships with third parties. What would this entail?


McKinsey & Company in its July 2017 Data Sharing & Open Banking report articulated it thus: open banking is a collaborative model in which banking data is shared through Application Programming Interfaces, between two or more unaffiliated parties to deliver enhanced capabilities to the marketplace.

How can Kenya take advantage of this? Now that the Kenya has localised data protection and privacy laws through the Data Protection Act (2019), time is opportune for banks and other financial service providers to take us into this new frontier, for the benefit of all stakeholders.

Other regions have commenced developing policy in line with this new frontier. For instance, the European Union, through the second Payment Services Directive that came into force in January 2018, seeks to regulate payments across the bloc by ensuring that data shared and stored by banks is secure and also aims to create a banking ecosystem that enhances innovation. Partnership with third parties who are able to utilise bank data enables the processing of data and innovation of better products for customers.

Primarily, the benefit that is heralded can be appreciated by recognising that inaccurate and misleading information results in bad decisions that can result in negative consequences on both a micro and macro level.

High quality information, however, is a prized asset of any individual, association or society.

Costly mistakes pertaining to mortgages, insurance policies, and other financial products have been made in the past, and indeed some of these mistakes brought the world to its knees in the Global Financial Crisis of 2007-200. Even now, penance is still being paid for those sins.

In terms of free market economics, open banking will result in healthier and more beneficial competition, which will result in benefits for the economy and consumers, while avoiding some of the challenges of legislative intervention, as the free market will result in better pricing due to the higher quality of information that will be available.

From a policy and regulatory perspective, the key stakeholders will be the central bank, who remains the primary regulator for the business of banking, alongside the non-bank financial services regulators, or the Financial Services Authority once it is established.

Secondly, the Data Protection Commissioner will be instrumental in ensuring that there are no data breaches, and that the banks are protecting consumers’ personal data, which keeps service providers accountable for the data they process or control.

Thirdly, the competition authority will be instrumental in ensuring, for instance, the avoidance of collusion which would otherwise negate the benefits that stand to be gained, and also that tier one banks do not take unfair advantage of the commonly shared data.

Karanja is a data protection compliance & commercial law practitioner. [email protected]