Contact:

blockchainassociation39@gmail.com kakai@digitalassetspolicy.com

Virtual Assets Service Providers Bill 2024

An Act of Parliament to provide  for the licencing and regulation of virtual asset service providers and token issuers; any offers to it when the public and admission to trading on a trading platform of virtual assets and related activities; for the establishment of the Joint Regulatory Sandbox, to provide for consumer protection frameworks and to prevent market abuse, to prevent and mitigate the risk of money laundering and financing of terrorism and proliferation activities, and for purposes of promotion, development, and regulation of virtual assets in Kenya

ENACTED by the National Assembly as follows––  -

PART I - PRELIMINARY

  1. This Act may be cited as the Virtual Asset Service Providers Act,2024

Short title

  1.  In this Act, unless the context otherwise requires—

“Airdrop” means the distribution of a cryptocurrency or token to multiple wallet addresses, often for free, as part of a promotional or foundational activity within the decentralized digital ecosystem. It serves as a mechanism for wide-scale token distribution and also as an incentive to engage or participate in a specific decentralized application (dApp), platform, or protocol. Recipients of an airdrop typically must meet certain predetermined criteria, which may include holding a specific token or participating in a particular network activity.

Authority” means the Capital Markets Authority established by section 5 of the Capital Markets Act, CAP 485

Asset-referenced tokenmeans a token that represents a claim against the

issuer which –

  1. is intended to represent an asset and is embedded with underlying assets; or
  2.  derives its value by reference to an underlying asset; or
  3. is secured by an underlying asset; or

“Blockchain” means a system of recording information in a shared digital register which is duplicated and distributed across the whole network of computer systems within the business network.

“Cabinet Secretary” means the Cabinet Secretary responsible for matters relating to finance means the Cabinet secretary to whom responsibility for the subject of financial services is assigned.

“Central Bank” means the Bank of Kenya established under Section 3 of the Central Bank of Kenya Act, CAP 491

“Centralized Exchange” - *Definition

"Communications Authority of Kenya" means the Communications Authority of Kenya established under Section 3 of the Kenya Information and Communications Act, 1998.

“Comparable Body” means a body outside Kenya that has functions similar to those of the Capital Markets Authority for the regulation and licensing of a virtual asset business.

“Company” means a company incorporated as such under the Companies Act 2015.

“Competent authority” means any supervisory authority, regulatory body, or investigatory authority that is duly established under the Laws of Kenya.

“Crypto Assets” are cryptographically secured digital representations of value or contractual rights that use some type of distributed ledger technology (DLT) and can be transferred, stored, or traded electronically.

“Custodial Wallet Provider” means the provider of services involving the storage or maintenance of virtual assets or a virtual wallet on behalf of a client.

“Custodial Wallet” means an online virtual asset wallet responsible for storing and holding Virtual Assets on behalf of a Virtual Asset Owner, without granting full control over those Virtual Assets to the Custodial Wallet Provider.

“Cybersecurity incident” means any act or attempt, successful and unsuccessful, to gain unauthorised access to, disrupt or misuse a computer or computer system or information stored on the information system or critical information infrastructure which may have a disruptive effect that significantly impacts the following -

  1. the number of users relying on that service;
  2. the dependency of other sectors critical information infrastructure sectors on the service provided by that entity;
  3. the impact that incidents may have, in terms of degree and duration, on economic and societal activities or public safety;
  4. the market shares of the entity;
  5. the geographic spread regarding the area that may be affected by an incident; and
  6. the importance of the entity in maintaining a sufficient level of the service, taking into account the availability of alternative means for the provision of that service;

“Decentralized Exchange” - *Definition

“distributed ledger technology”  or “DLT”

  1. means a virtual or digital ledger in which data is recorded, consensually shared and synchronised across a network of multiple nodes or sites accessible by multiple persons;
  2. includes a distributed ledger technology platform or software program that operates on a blockchain or similar Technology;

“Financial Reporting Centre” means the Financial Reporting Centre established under section 22 of the Proceeds of Crime and Anti-Money Laundering Act, 2009.

“fiat currency” means currency issued by the relevant body in a country or by a government that is designated as legal tender in its country of issuance. This includes:

  1. means a banknote or coin that is in circulation as a medium of exchange; and
  2. includes a digital currency issued by the central bank or the central bank of a foreign jurisdiction; 

“financial institution” has the meaning assigned to it under the Central Bank of Kenya Act Cap 491.

“Initial token offerings” or “ITO” means an offer for sale to the public of a virtual token in exchange for fiat currency or another virtual asset.

“key personnel” means a person who manages or controls the activities

of a licence holder and includes -

 (a) the chief executive officer, chief financial officer, chief compliance

officer, secretary to the Board, chief internal auditor, or any manager; and

 (b) any person who holds a position or discharges responsibilities of

any person referred to in paragraph (a);

“token issuer” means a person responsible for issuing a virtual asset;

“licence” means a licence issued by the Authority under section 5 and "licensee" and "licensor" shall be construed accordingly.

licence class” means such class of licence as described in the Third  Schedule of this Act;

“licence holder” means a person issued with a licence under section 5 of this Act;

“Nairobi International Financial Centre" means the Nairobi International Financial Centre established under section 4 of the  Nairobi International Financial Centre Act, 2017.

 “non-custodial wallet” means a virtual asset wallet that stores virtual assets and empowers virtual assets  owners with complete control over their Virtual Assets either as a software program or a physical device.

“non-fungible token” or “NFT” means unique digital assets created for specific applications and cannot be divided or exchanged on a one-to-one basis with others. Each NFT is a distinct and irreplaceable digital identifier recorded on a blockchain, providing a secure and transparent way to verify ownership and authenticity of a particular digital asset, such as artwork, music, or other digital content.

“offer” means a document, notice, circular, advertisement, prospectus or whitepaper issued to the public or accessible electronically –

  1.  inviting applications or offers to subscribe for or purchase virtual assets; or
  2.  offering virtual assets for subscription or purchase.

“off-ramp” means the process that enables individuals to convert their virtual assets into traditional fiat currency or other tangible assets. Off-ramps can take various forms, including virtual asset exchanges that facilitate the conversion of virtual assets to fiat currency, over-the-counter (OTC) services, or peer-to-peer transactions.

“on-ramp” means the process that enables individuals to convert their fiat currencies into virtual assets. On-ramps can take various forms, including virtual asset exchanges that facilitate the conversion of virtual assets to fiat currency, over-the-counter (OTC) services, or peer-to-peer transactions.

“over-the-counter trading” or “OTC trading” means the direct exchange of virtual assets between two parties within a closed trading market. In contrast to traditional exchanges, which feature a multitude of publicly listed prices, OTC trading involves a more personalised and private environment. Within this closed market, p*articipants negotiate and agree upon specific terms for their transactions, allowing for a customised approach.

“Peer-To-Peer trading” or “P2P trading” means the direct exchange of digital assets between two individuals without the direct involvement of an intermediary;.

“real world asset” means movable and immovable property of any nature, whether tangible and intangible including but not limited to real estate, securities, commodities, treasury bonds, etc.

“real-world-asset token” or “RWA token” means a digital representation, stored on a blockchain or utilising distributed ledger technology, that signifies an ownership interest, claim, or stake in a tangible or intangible asset existing off-chain in the physical world. The real world asset token may confer rights, obligations, or benefits associated with the underlying real-world asset, which could include but is not limited to property, securities, commodities, or any other item of economic value.

security token” means a token representing transferable securities; money-market instruments; units in collective investment undertakings; options, futures, swaps, and other derivatives linked to securities, currencies, interest rates, emission allowances, or financial indices; derivative contracts linked to commodities, whether settled physically or in cash; derivative contracts tied to commodities traded on regulated markets, financial contracts for differences; derivative instruments for transferring credit risk; derivative contracts involving climatic variables, freight rates, or inflation rates; and emission allowances conforming to the requirements of the Capital Markets Act 2000.

“stablecoin” means a type of virtual asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies.

“tokenization” means the process of converting rights, a unit of a real world asset ownership, debt, or even a physical asset into an asset reference token on a blockchain.

“Utility token” means a type of  virtual-asset that is mainly intended to provide access to a good or a service supplied by its issuer.

“virtual asset”

  1.  means a cryptographically secured digital representation of value that –
  1. may be digitally traded or transferred, and may be used for payment or investment purposes, or
  2. is distributed through a distributed ledger technology where value is embedded or in which there is a contractual right of use;

  1.  Includes-
  1. Asset-referenced tokens;
  2. Crypto assets;
  3. Non-fungible tokens (NFT);
  4. Real world asset tokens
  5. Stablecoins;
  6. Security tokens;
  7. And any other token generated through distributed ledger technology for purposes of investment, buying, selling, trading and/or speculation.
  1. excludes –
  1. a digital representation of legal tender as provided for under the CBK Act, and
  2. securities and other financial assets that are regulated under the Capital Markets Authority Act;
  3. Decentralised Autonomous Organizations (DAOs), Decentralized Exchanges and Non-custodial wallets.

“virtual asset service” includes all services provided by a virtual assets service provider which include but are not limited to (list the services)

“virtual asset service provider” or “VASP”  includes a trade or business that –

  1. provides services related to a virtual assets exchange including platforms which facilitates the –
  1. issuing, listing, buying and selling of virtual assets,
  2. exchange between one or more forms of virtual assets,
  3. trading including peer-to-peer trading of virtual assets.
  1. provides virtual assets custodial services;
  2. operates as an on-ramp or off-ramp service provider facilitating exchange or conversation from virtual assets to fiat currency and vice-versa;
  3. operates as a virtual assets payment service provider or transfer of assets utilising virtual assets;
  4. provides custodial wallet services;
  5. operates as an issuer of token offerings(initial Coin offering);
  6. operates as a virtual assets broker dealer
  7. that participates in and provides advisory services related to an issuer’s offer or sale of a virtual asset as may be prescribed;
  8. does not include - services provided in a fully decentralised manner without any intermediary.

“virtual asset competency requirements”  in so far as it relates to a virtual asset supervised representative, means the:

  1. experience requirement,
  2. virtual asset academic credential requirement,
  3. regulatory examination requirement

“virtual asset marketplace” means

 a centralised platform, whether in Kenya or in another jurisdiction –

  1. which facilitates the trading and exchange of virtual assets for fiat currency or other virtual assets on behalf of third parties for a fee, a commission, a spread or other benefit;
  2. issuing, listing, buying and selling of virtual assets,
  3. exchange between one or more forms of virtual assets,
  4. trading including peer-to-peer trading of virtual assets, and
  5. which –

(i) holds custody, or controls virtual asset, on behalf of its clients to facilitate an exchange;

(ii) purchases virtual assets from a seller when transactions or bids and offers are matched in order to sell them to a buyer, and includes its owner or operator but does not include a platform that only provides a forum where sellers and buyers may post bids and offers and a forum where the parties trade in a separate platform or in a peer-to-peer manner;

“virtual asset wallet providers” means providers, who offer storage for virtual assets  include custodial, and non custodial wallets.

“white paper means an informational document, issued by a company to promote or highlight the features of a solution, product, or service.

Interpretations

  1. The objects of this Act are to -
  1. make provision for the licencing and regulation of virtual asset service providers and token issuers;
  2. ensuring consumer protection and preventing market abuse;
  3. facilitate the prevention, detection, investigation of risk of money laundering and financing of terrorism and proliferation activities;
  4. facilitate international cooperation on matters covered under this Act.

Objects of the Act.

4. Scope of the Act

This Act shall apply to -

  1. any virtual asset service provider, and to any token issuer, that carries out its business activities in Kenya or offers service to kenyan consumers-
  2. any person who as an organiser, issuer, founder, purchaser or investor participates in the formation, promotion, maintenance, organisation, sale or redemption of an initial token offering; and
  3. any person carrying on and providing virtual asset services to Kenyans irrespective of the physical location from which the activity is carried out.

 (3) This Act shall not apply to –

  1. securities and other financial assets that are regulated under the Capital Markets Authority Act;;
  2. digital currencies issued by the central bank or the central bank of a foreign jurisdiction; 
  3. a person who, by virtue of his acting in a professional capacity on behalf of persons engaged in the participation and provision of financial services related to a virtual asset service provider and token issuance; 
  4. and a person who provides ancillary services or products, as specified in the Fourth Schedule, to a virtual asset service provider.

Scope and Application of Act

PART II – REGULATORY AND SUPERVISORY AUTHORITY

5. (1) The authority conferred by this Act to licence virtual asset services is vested in the Capital Markets Authority (CMA), hereby designated as the Licensing Authority.

(2) The Authority shall, in the execution of its powers and functions, engage in seamless collaboration with the joint regulatory sandbox as established under the provisions of this Act.

Designation of Licensing Authority

6. (1) In fulfilling its regulatory and supervisory obligations as stipulated in this Act, the Authority, in conjunction with the joint regulatory sandbox, shall -

  1. register and licence virtual asset service providers,
  2. register token issuers in accordance with the established framework.
  3. effectively regulate, monitor, and supervise virtual assets service providers and token issuers.
  4. provide directives to licence holders and take necessary enforcement actions when warranted.
  5. undertake any other actions and initiatives deemed essential for the effective implementation and enforcement of the provisions outlined in this Act.

Functions and Powers of the Authority

(2) The Authority may make such Rules and Regulations as it thinks fit for the purposes of this Act. The Rules and Regulations  made under this subsection (may provide for –

  1. the taking of fees and levying of charges;
  2.  prudential standards in respect of –

(i) disclosures and representations  to consumers and users;

(ii) risk management;

(iii) custody of client assets;

(iv) cybersecurity;

(v) financial reporting;

(vi) statutory returns; and

(vii) a virtual asset register for any person who holds a virtual asset;

(c) any other matter falling under the purview of this Act.

(3) Any Rules and Regulations made under subsection (1) shall require the approval of the Sandbox  and shall be published in the Gazette.

Subsidiary legislation

7. The Authority may, by notice in writing, require a person to furnish to the Authority, at such time and place and in such form as may be prescribed, information and documentation, with respect to a virtual asset service.

8. A person in section 7 may include –

  1. any person who is, was or appears to be or to have been, a licence holder;
  2. an agent of a licence holder;
  3. an intermediary involved in a virtual asset service; or
  4. a person who issues, or appears to have issued a virtual token.

9. The Authority may request a licence holder to appear before the Authority or a person appointed by the Authority, at such time and place as it may specify, to answer questions and provide information and documentation with respect to a virtual asset service or token offering or an offer issued by the virtual asset service provider.

Request for information

PART III – JOINT VIRTUAL ASSETS REGULATORY SANDBOX

10. Establishment of the Sandbox -

  1. There is established the Joint Virtual Assets Regulatory Sandbox.
  2. The Sandbox shall be an operating framework managed by the Authority in order to facilitate and support the development of an efficient and globally competitive virtual assets sector in Kenya.

Establishment of the Joint Virtual Assets Regulatory Sandbox

11. Objectives of the Sandbox

The Sandbox shall pursue the following objectives:

  1. Running a one-stop shop that manages and oversees all regulatory concerns and queries raised with respect to virtual assets across  government agencies.
  2. Encouraging cooperation and collaboration with all relevant authorities in mutually beneficial areas, including but not limited to information sharing, legal and policy issues, regulation and supervision approaches/frameworks, fostering financial stability surveillance, assessment, and analysis, communications and public relations, investigation and enforcement, and capacity building.
  3. Establishing and sustaining an efficient operational framework conducive to the deployment of diverse innovative virtual asset services and business models. This involves a continuous review and adaptation of regulatory requirements that might inadvertently impede investor-friendly innovations or render them non-viable within existing regulations.
  4. Facilitating the deployment and testing of innovative virtual assets-related products, solutions, and services in a live environment before their introduction to the broader market. Such activities shall be conducted within specified parameters and timeframes.
  5. Accelerating the government's comprehension of virtual assets and endorsing evidence-based approaches to regulation that advance the objectives of consumer empowerment, protection, ease of doing business, and the creation of an investor-friendly and innovations-friendly ecosystem.

Objectives of the sandbox

12. Functions of the Sandbox-

The Sandbox shall pursue the following functions -

Functions of the sandbox

  1. Collaborative Regulatory Oversight: The Sandbox shall collaborate with the Authority to review applications for the registration and licensing of virtual asset service providers. This ensures a comprehensive regulatory assessment that balances innovation with adherence to established standards.
  2. The Sandbox shall provide the eligibility, application, safeguard, and testing requirements for firms interested in live testing of innovative products, solutions or service with the Sandbox.
  3. Inter-Agency Cooperation: The Sandbox shall foster collaboration with relevant  authorities on various fronts, including information sharing, legal and policy considerations, regulation and supervision approaches, financial stability surveillance, communications, public relations, investigation, enforcement, and capacity building. This cooperative approach ensures a holistic and well-informed regulatory landscape.
  4. Operational Framework Management: The Sandbox shall establish and maintain an efficient operating framework designed to attract and retain firms within the Sandbox. This involves continuous evaluation and adjustment to meet the evolving needs of innovative market participants while maintaining regulatory integrity.
  5. Strategic Recommendations: The Sandbox shall work in conjunction with relevant agencies to develop and recommend strategies and incentive structures that align with national objectives. This collaborative effort aims to attract firms to the Sandbox, fostering an environment conducive to financial innovation.
  6. The Sandbox shall facilitate the deployment and testing of innovative virtual assets-related products, solutions, and services in a live environment before their introduction to the broader market. Such activities shall be conducted within specified parameters and timeframes.
  7. Advise the national government on all matters relating to virtual assets and endorse evidence-based approaches to regulation that advance the objectives of consumer empowerment, protection, ease of doing business, and the creation of an investor-friendly and innovations-friendly ecosystem.
  8. Promote investor education and other conditions that facilitate innovation and development of virtual asset businesses within Kenya.

13.  (1) The Sandbox shall have powers to -

  1. develop rules, guidance and codes of practice in connection with the conduct of virtual asset business and initial token offerings;
  2. issue and publish notices, guidelines, guidance notes, any other similar instrument and provide feedback to virtual asset service providers and issuers of initial token offerings to assist them in detecting and reporting suspicious transactions and application of measures to combat money laundering and financing of terrorism and proliferation

(i) in connection with the conduct of virtual asset service providers and issuers of initial token offerings;

(ii) regarding the interpretation, application and enforcement of this Act;

(iii) regarding any regulations or rules made under this Act;

  1. In collaboration with the CBK, ensure the financial soundness and stability of the financial system in Kenya in respect of virtual assets in respect of matters falling under the purview of this Act;
  2. The Sandbox shall in consultation with the Cabinet Secretary, establish such technical committees and  as may be necessary for the better carrying of its functions.

(2) If, at any time, the Sandbox has reason to believe that the business of a licence holder  is being conducted in:

  1. a manner contrary to the requirements of the Act, this Act or regulations and guidelines issued by the Sandbox or in any manner detrimental to or not in the best interests of its customers or members of the public; or
  2. a licence holder or any of its officers is engaged in any practice likely to occasion a contravention of any of the provisions of the Act, or any Regulations or guidelines thereunder,the Sandbox may -
  1. give advice and make recommendations to the licence holder with regard to the conduct of its business;
  2. issue directions regarding measures to be taken to improve the management or business methods of the licence holder or to secure or improve compliance with the requirements of the Act, the Regulations or guidelines issued or any other written law or regulations; or
  3. in any case to which paragraph (b) applies, issue directions to the licence holder, officer or other person to cease and desist from such practice.

(3) The Sandbox may, before issuing any directions under this Act, serve upon the licence holder, officer or other person, a notice of such intent specifying the reasons therefore and requiring the licence holder, officer or other persons, within such period as may be specified in the notice, to show cause why such direction should not be issued.

(4) A licence holder which receives any directions under the provisions of this Act shall comply with the directions within- such period as may be specified in the direction and, if so required, produce evidence of compliance.

(5) The Sandbox may issue directions to licence holders generally for the better carrying out of its functions and in particular, with respect to—

  1. the standards to be adhered to by a licence holder in the conduct of its business; and
  2. guidelines to be adhered to by licence holders in order to maintain a stable and efficient financial system.

Powers of the sandbox

14. Joint Agency Composition:

The Regulatory Sandbox shall comprise relevant entities, ensuring a holistic and well-informed regulatory approach. They shall include:

  1. Capital Markets Authority (CMA): As the primary regulatory body overseeing capital markets, CMA provides valuable insights and regulatory expertise to ensure the Sandbox aligns with broader market dynamics.
  2. Central Bank of Kenya (CBK): The CBK, being the nation's central monetary authority, contributes to the committee with a focus on monetary policy considerations, financial stability, and regulatory coordination on any intersection with the payments and banking industry.
  3. Financial Reporting Centre (FRC): FRC, specialising in anti-money laundering and counter-terrorism financing efforts, brings a crucial perspective to the committee to address and mitigate financial integrity risks within the sandbox.
  4. Ministry of ICT: Representing the government's information and communication technology arm, the Ministry of ICT contributes to the committee with expertise in technology policy and its implications on financial innovation.
  5. Nairobi International Financial Centre (NIFC): NIFC plays a pivotal role in positioning Kenya as an international financial hub, contributing strategic insights to foster an environment conducive to global financial competitiveness.
  6. Two Representatives of the Virtual Assets and Virtual Asset Service Provider industry to ensure that the committee is well-informed about the specific needs and challenges faced by blockchain-related businesses within the Sandbox.

Composition of the sandbox

15. Regulatory Sandbox Oversight Committee:

  1. The management of the Sandbox shall vest in an oversight committee which shall be comprised of the following committee members -
  1. a chairperson appointed by the Authority;
  2. a committee member representing CBK  who shall represent CBK’s regulatory interests in the virtual assets space and shall be responsible for matters relating to the intersection between virtual assets and banking industry, payments industry as well as monetary policy;
  3. a committee member representing FRC specialising in anti-money laundering and counter-terrorism financing efforts, brings a crucial perspective to the committee to address and mitigate financial integrity risks within the sandbox.
  4. a committee member representing NIFC who shall make contributions on strategic insights to foster an environment conducive to global financial competitiveness.
  5. a committee member representing the ODPC who shall be   responsible for matters relating to data protection  and privacy rights;
  6. a committee member representing the ministry of ICT responsible for innovation;
  7. a committee member appointed by the association responsible for matters relating to representing business interests of virtual assets service providers, token issuers and consumers of virtual asset services;
  1. The members of the oversight committee: shall work collectively to guide the Sandbox's policies, ensuring they remain responsive to market developments, supportive of innovation, and aligned with national regulatory objectives.

Regulatory Sandbox Oversight Committee:

  1. A person qualifies to be appointed as the chairperson under subsection (1)(a) if the person -
  1. holds a degree from a university recognized in Kenya;
  2. has at least fifteen years' experience at a senior management level in -
  1. finance, economics, banking, insurance or capital markets;
  2. corporate or financial services law; or
  3. any other field that is relevant to the functions of the Authority; and
  1. meets the requirements of Chapter Six of the Constitution of Kenya.

(4) A person qualifies to be appointed as a committee member under subsection (1)(b) to (g) if the person -

  1. holds a degree from a university recognized in Kenya;
  2. has a demonstrable level of knowledge and experience in—
  1. virtual asset services industry;
  2. finance, economics, banking, insurance or capital markets;
  3. corporate or financial services law; or
  4. any other field that is relevant to the functions of the Sandbox; and
  1. meets the requirements of Chapter Six of the Constitution of Kenya.

Qualifications of the chairperson

PART IV– LICENSING AND REGISTRATION

16. (1) No person shall carry out the business activities of a virtual asset service provider in or from Kenya unless such person is the holder of a virtual asset service provider’s licence issued under this Act.

(2) Any person who contravenes subsection (1) shall commit an offence and shall, on conviction, be liable to a fine not exceeding 20 million Kenyan Shillings or and to imprisonment for a term not exceeding five (5) years.

(3) For purposes of this Act, a person carries on business as a virtual asset service provider if —

  1. irrespective of their physical location, whether in or outside Kenya, the person offers a virtual asset service to persons resident in Kenya; or
  2. the person is registered or incorporated under the laws of Kenya and offers a virtual asset service to persons in or outside Kenya.

Requirement to be licensed

17. Licencing Classes

A person shall be eligible to carry out  business activities of a virtual asset service provider in or from Kenya if they obtain and hold either of the licences as stipulated in the Third Schedule:

  1. Class A: Virtual assets exchanges
  1. persons who provide services related to a virtual assets exchange including platforms which facilitates the –
  • issuing listing, buying and selling of virtual assets,
  • exchange between one or more forms of virtual assets,
  • trading including peer-to-peer trading of virtual assets.

(b) In addition to the Class A services, such person wishes to provide some or all other services listed under classes B,C, D and E

(2) Class B: Custodial services and Wallets

  1. Issued to providers of -
  1. virtual assets custodial services;
  2. provides custodial wallet services;
  1. In addition to the Class C services, such person wishes to provide some or all other services listed under classes D and E

(3) Class C: Payment Orchestration / On-Ramps and Off-Ramps

  1. Persons who operate as an on-ramp or off-ramp service provider facilitating exchange or conversion from virtual assets to fiat currency and vice-versa;
  2. Operators of a virtual assets payment service provider or transfer of assets utilising virtual assets;
  3. In addition to the Class B services, such person wishes to provide some or all other services listed under classes C, D and E

(4) Class D - Token Issuers

  1. Persons who operate as issuers of tokens;
  2. participates in and provides advisory services related to an issuer’s offer or sale of a virtual asset as may be prescribed;

(5) Pilot Programs

  1. Before engaging in a comprehensive and widespread implementation of virtual asset services, any individual or entity desiring to undertake a restricted, closely monitored, and temporary initiative aimed at evaluating the feasibility, performance, and effectiveness of virtual asset-related concepts, approaches, technologies, or services may acquire a pilot program licence.
  2. The pilot program licence, granted under this provision, shall have the following characteristics:
  1. It is a temporary permit valid for a specified period, not exceeding 4 calendar months.
  2. It is restricted to a maximum of 10,000 product users.
  3. Any other guidelines as may be prescribed by the sandbox.

Tiered-licencing model

18. (1) A person who wishes to carry out or participate in a virtual asset services shall apply for a virtual asset service provider licence or issuer of initial token offerings licence as provided for under Section 17 of this Act.

(2) An application for licensing and registration shall be made to the joint regulatory sandbox in the prescribed form.

(3) An application in subsection (1) shall – be accompanied by –

  1. certified copy of the certificate of incorporation of the applicant;
  2. a certified copy of the Memorandum and Articles of Association of the applicant;
  3. notification of the applicant’s registered address;
  4. a certified copy of the Memorandum and Articles of Association of any corporate body that has a significant shareholding in the applicant;
  5. a description of the distributed ledger technology system to be used in the applicant’s operations and an independent assurance on the systems;
  6. a description of delivery channels or platforms to be deployed by the applicant;
  7. a description of, and terms and conditions of virtual assets products and services which the applicant intends to provide;
  8. policies and measures to be adopted by the applicant to meet its obligations under this Act,the Proceeds of Crime and Anti- Money Laundering Act, 2009 and the United Nations (Financial Prohibition, Arms Embargo and Travel Ban) Act 2019 relating to anti-money laundering and combating the financing of terrorism and proliferation;
  9. the applicant’s data protection policies and procedures;
  10. the applicant’s consumer redress, mechanisms policies and procedures;
  11. a description and evidence of sources of funds to be invested in the applicant;
  12. the names and addresses of the shareholders in the prescribed form;
  13.  duly filled fit and proper forms for the directors, chief executive officer and senior officers and significant shareholders in the prescribed form,
  14. the applicant’s corporate governance policy;
  15. certificate of good conduct, tax compliance certificate and credit reference bureau report for each of the applicant’s individual significant shareholders, directors, chief executive officer and senior officers;
  16. a sworn declaration signed by every officer as specified in the prescribed form; and
  17. any other information as may be required by the authority.
  18. a business plan or feasibility study setting out, amongst others, the nature and scale of the business activities proposed to be carried out;
  19. particulars of the applicant’s arrangements for the management of its business activities;
  20. a non-refundable application fee set out in the Second Schedule;

(4) The sandbox may require an applicant to –

  1. give such other information, document or report in connection with the application upon giving the applicant 14 days’ written notice; and
  2. have any information submitted in support of the application verified at the cost of the applicant.

(5) The sandbox shall not be bound to deal further with the application until the requirements under this section are satisfied.

18. An applicant may withdraw an application by giving seven days’ written notice, including the reasons thereof, to the Authority at any time before the determination of the application.

Application for licence

19. Every virtual assets service provider shall, in writing, designate in writing a compliance officer to coordinate all compliance matters with the Authority.

Designation of compliance officer

20.(1) Subject to this Act and to the applicable Acts, the Sandbox shall review all such information, documents and reports as the relevant authorities may require in order to reject or grant the application.

(2) Upon approval by the Sandbox, the Authority shall  grant the relevant licence to the applicant.

(3) The Authority shall not grant an application unless it is satisfied that –

  1. the application complies with this Act;
  2. the criteria set out for the grant of the licence are met;
  3. the applicant has adequate resources, infrastructure, staff with the appropriate competence, experience and proficiency to carry out the business activities of a virtual asset service provider;
  4. the applicant has adequate arrangements for proper supervision of everything done under the licence so as to ensure compliance with this Act, the applicable Acts and the conditions of the licence;
  5. the applicant and each of its controllers, beneficial owners, their associates and officers are fit and proper persons to carry out the business activities to which the licence is sought;
  6. the applicant, once licensed, will satisfy criteria or standards, including prudential standards, issued by the Authority; and
  7. no prejudice would be caused or would ensue to the financial services industry or any part thereof, if the application is granted.

(4). The Authority may, in addition to section 20, take into account –

(a) the virtual asset business activities proposed to be carried out by the applicant;

(b) the capacity of the applicant to carry out the business activities;

(c) any inte6rnational standard relating to a virtual asset business;

(d) any information obtained from a competent authority or comparable body; and

(e) whether the granting of a licence to the applicant may pose a risk to purchasers, investors or the public.

 Determination of Application

21. (1) The Authority shall, upon approval by the sandbox and satisfied that the applicant meets the requirements of this Act, grant a licence to the applicant, within sixty days of submission of a complete application.

Issuance of the licence.

22. (1) The duration of each licence shall be the period of 18 calendar  months.

(2) An application for the renewal of a licence shall be submitted to the Authority  in Form 1 set out in the Third Schedule.

(3) The application shall be submitted together with -

  1. the fees set out in the Second Schedule;
  2. Annual Reports as prescribed under this Act

Duration and Renewal

23. Fast-Track Licensing:

In instances where an applicant has already satisfied all requirements and holds a valid licence in countries listed in First Schedule , the applicant, upon submission and verification of their registration, shall be expediently granted automatic licensing upon payment of the applicable licensing fees.

Fast-Track Licensing

24. An application to vary or remove any limitation imposed on the scope of a licence, including the period of validity of the licence, shall be made in such form and manner as the Authority may approve and shall be accompanied by such –

(a) information and documents as the Authority may require; and

(b) fee as prescribed in the Schedule of the Act.

Variation of licence

25. No virtual asset service provider shall, without the prior written approval of the Authority -

  1. modify the scope of its licensed virtual assets services and business activities;
  2. reorganise its legal structure;
  3. merge with another entity;
  4. change its name.;

Material change to licensed virtual assets service business activities

26.  (1) A licence holder may, in such form and manner as may be prescribed, make a request to cease activities or operations as a licence holder.

(2) A licence holder under subsection (1) shall, within seven days of submitting the request,submit a written plan to the Authority setting out the steps the licence holder will follow to cease the virtual asset business.

(3) The plan in subsection (2) shall state –

(a) the full names and registered address of the person who will manage the licence holder’s cessation of the virtual asset business;

(b) the period required to cease the business operations;

(c) the manner in which customer files or accounts will be closed and secured;

(d) customer notification procedures;

(e) customer transfer procedures, if applicable.

(4) The Authority shall, upon receipt of the plan under subsection (2), supervise and monitor the execution of the plan.

(5) The Authority may, in the public interest and for purposes of this section, give directions to the licence holder and the licence holder shall comply with such directions.

 Request to cease virtual asset business

PART V - CORE CAPITAL REQUIREMENTS

27. A licence holder that has custody of one or more virtual assets for a customer shall —

  1. maintain, in its custody, a sufficient amount of each type of virtual asset as prescribed under Third Schedule, in order to meet the licence holder’s obligations to the customer; and
  2. meet all financial requirements, as may be prescribed.
  3. meet the core  capital requirements as prescribed in the Third Schedule.

28 (1) A licence shall not be granted to a virtual asset service provider unless the institution meets the minimum capital requirements specified in the Third Schedule.

(2) The Authority may, by order published in the Gazette, amend the

Third Schedule.

PART VI - FIT AND PROPER REQUIREMENTS.

29. The Authority may, on application made above, issue a licence under this Act where -

  1. in the case of a natural person, the applicant is  a fit proper person as defined under under seventh schedule of this Act and resident in Kenya;
  2. in the case of a legal person, the applicant, its beneficial owners, their associates and officers are fit and proper persons as defined under Fourth schedule of this Act  to carry out virtual asset business activities for which the licence is sought; and
  3. the applicant has adequate resources, infrastructure,staff with the appropriate competence, experience and proficiency to carry out the business activities of a licence holder.

30. The Authority shall, in addition to the other relevant requirements, when determining whether a person is fit and proper as per section 22 above, have regard to the

  1. financial status or solvency of the person;
  2. competency of directors, shareholders, senior management or any other officer which shall include academic credentials, education or other qualifications and experience of key personnel, taking into account the nature of the role or functions that the person will perform;
  3. adequate resources, infrastructure,staff with the appropriate competence, experience and proficiency to carry out the business activities of a licence holder.
  4. experience in the virtual assets industry and demonstrated ability of the person to carry on the virtual asset business competently, honestly and fairly;
  5. ability of the person to ensure a satisfactory standard of governance and operational conduct; and
  6. reputation and character –
  1. where the person is a natural person, of the natural person, or
  2. where the person is a legal person, of the legal person, its directors, shareholders, senior management or any other officer.

PART VII - SUSPENSION AND SURRENDER OF LICENCE AND REGISTRATION

31 (1) The Authority may suspend or revoke a licence of a virtual assets service provider licence, if the licence holder -

  1. is not a fit and proper person to provide a virtual asset service or issue initial token offering in terms of this Act;
  2. does not fulfil the requirements of, or has contravened, any of the provisions of this Act, or has failed to satisfy or comply with any obligation or condition to which the licence is subject to;
  3. furnished, the Authority with information which is false, inaccurate or misleading;
  4. has obtained the licence by making false statements or by any other irregular means;
  5. has not commenced the virtual asset business that the licence holder is authorised to provide within 12 months, from the date of issue of the licence, or has ceased to provide the virtual asset service;
  6. makes a request for the suspension or revocation of the licence; or
  7. does not meet or has contravened any of the licensing conditions;
  8. fails to pay annual fees or a monetary penalty that is imposed by the Authority;
  9. ceases to carry on the business of a virtual assets service provider;
  10. goes into liquidation or an order is issued for its winding up;
  11. violates anti-money laundering laws or combating the financing of terrorism laws;

(2) The Authority shall cause the names of the licence holders

whose licences have been suspended or revoked to be published in the

Gazette within thirty days of the suspension or revocation.

(3) Where a licence has been revoked, the Authority may, by notice in

writing permit the licence holder, subject to such conditions

as the Authority may specify in the notice, to carry on business

operations for the purpose of closing down the business

connected with the revocation.

Suspension or revocation of licence and registration

34 (1) Where the Authority makes a decision to -

(a) vary any condition to which the licence is subject or to impose a condition thereon; or

(b) suspend or revoke a licence, the Authority shall give the licence holder 21 days’ written notice of its intention to do so, setting out the reasons for the decision it proposes to take.

(2) A licence holder may, within 14 days after receipt of the notice given under subsection (1), make written representations to the Authority, stating reasons why the proposed decision should not be taken, and the Authority shall consider any representation so made before arriving at a final decision.

(3) The Authority may, where it is satisfied that the licence holder fulfils the requirements of this Act, lift the suspension on such conditions as it may consider necessary, including varying any condition to which the licence is subject or imposing further conditions thereon.

(4) The suspension of the licence of a virtual asset service provider or registration of a token issuer shall operate as the suspension of the licence or registration or similar permission granted to the agent or representative of the licence holder, as may be applicable.

 

(5) Where the licence of a licence holder is suspended, the licence holder shall cease to carry out the business activities authorised by the licence or registration, but shall remain subject to the obligations under this Act and to the directions of the Authority until the suspension of the licence or registration is cancelled.

Notice of intention to suspend or revoke licence

35(1) The Authority may -

(a) suspend a licence, without notice, where the  Authority considers that an immediate suspension is necessary to protect the public;

(b) revoke a licence, without suspension, where the licence holder has made a request for the revocation; or

(c) immediately revoke a licence, without suspension, where the Authority considers it necessary to do so in the public interest.

Suspension or revocation of licence without notice

36. (1) A virtual asset service provider or an issuer of initial token offerings may voluntarily surrender its licence or registration, as the case may be, by giving written notice to the Authority, and such surrender shall be irrevocable.

Surrender of Licence and Registration

(2) Where the licence of a virtual asset service provider or registration of an issuer of initial token offerings is voluntarily surrendered, the licence holder shall, where so requested by the Authority, not later than 7 days after submitting its written notice of surrender, prepare and submit a written plan to the Authority setting out the steps it will follow to cease its business activities.

(3) The plan required under subsection (2) shall contain the following information –

(a) the person who will manage the cessation of business activities of the virtual asset

service provider or issuer of initial token offerings;

(b) the length of time required to cease business activities;

(c) the manner in which client files will be closed and secured;

(d) client notification procedures;

(e) client transfer procedures, where applicable; and

(f) such other information as the Authority may, in the circumstances, require.

(4) Upon the Authority’s approval of a plan submitted by the licence holder, the Authority –

(a) shall supervise the execution of the plan; and

(b) may give directions to the licence holder to protect the interest of investors or purchasers, which the licence holder shall comply with.

Process following surrender of licence and registration

37. The licence granted under this Act shall not be transferred, assigned or encumbered in any way without prior written approval of the Authority.

Assignment and transfer of licence or beneficial ownership

38. (1) The Authority shall establish and maintain a register of Virtual Asset Service Providers which shall be published on its website open for inspection to any member of the public.

(2) Without limiting the generality of subsection (1), the register shall state –

(a) the full names and registered  address of the licence holder, including the address of the virtual asset business, if different;

(b) the licence class, in respect of the virtual asset business, held by a licence holder, including any licence issued, or registration, by a comparable body with respect to the virtual asset business;

(c) virtual asset services provided by the licence holder;

(d) the date on which the licence was issued;

(d) the expiry date of the licence, as may be applicable;

(e) the names of the principal contact person of the licence holder; and

(e) any conditions imposed by the Authority on the virtual asset business or licence; and

(f) any other information as the Authority may consider necessary.

(3) A licence holder to which an entry in the register relates, shall as soon as practicable after the licence holder becomes aware of any error in the entry or any change in circumstances that is likely to have a bearing on the accuracy of the entry, give notice in writing to the Authority of the error or change in circumstances, as the case may be.

Register of virtual asset Service providers and issuers of virtual token offerings Register 

39. Appeals from action by Authority

  1. any person aggrieved by any direction given by the Authority to such

person or by a decision of the Sandbox -

  1. refusing to grant a licence;
  2. imposing limitations or restrictions on a licence;
  3. suspending or revoking a licence;
  4. refusing to approve an application by a token issuer
  5. refusing to grant compensation to an investor who has suffered pecuniary loss resulting from failure of a licence holder, to meet his contractual obligations,

may appeal to the Capital Markets Tribunal against such directions, refusal,

limitations or restrictions, cancellations, suspension or removal, as the case may

be, within fifteen days from the date on which the decision was communicated to such person.

(2) The Capital Markets Tribunal may require the Authority or the Sandbox to show cause for its action or decision, and may affirm or, after affording the Authority or the Board an opportunity to be heard, set aside such action or decision.

Appeals against decisions of Authority

PART VIII - OBLIGATIONS OF LICENCE HOLDERS

40. A licence holder shall establish systems and controls in the virtual asset business that are adequate and appropriate for the scale and nature of the business activities, including systems and controls which adequately and appropriately address the -

  1. recording, storing, protection and transmission of information;
  2. effecting and monitoring of transactions;
  3. operation of the measures taken for securing the timely discharge, whether by performance, compromise or otherwise, of the rights and liabilities of the parties to the transaction;
  4. safeguarding and administration of virtual assets belonging to customers; and
  5. business continuity and planning, in the event of a disruption of a virtual asset service.

41. A licence holder shall, in carrying out a virtual asset business -

(a) act honestly and fairly;

(b) act with due care, skill and diligence;

(c) observe and maintain a high standard of professional conduct;

(d) ensure that appropriate measures are put into place for the protection

of customer’s virtual assets; and

(e) have effective corporate governance arrangements consistent with this Act.

Professional conduct of licence holder

PART IX - TOKENS

42. (1) A licence holder who offers a token or a virtual asset shall provide, in the offer -

  1. information that is accurate and not misleading;
  2. information that is consistent with the information contained in the white paper published in, or with the information required to be in the white paper;
  3. a statement that a whitepaper has been or will be published in and the addresses and times at which copies of the whitepaper are or will be available to the public; and
  4. information concerning the token offering or the admission to trading on a virtual asset exchange which shall be consistent with the information contained in the white paper.

(2) For purposes of subsection (1), “information” shall include the name of any person endorsing the licence holder’s white paper.

Offer of tokens and virtual assets

(3) A token issuer shall, in its white paper, provide full and accurate disclosure of information which would allow potential purchasers to make an informed decision.

(4) A token issuer shall publish its white paper by –

  1. posting a copy on a website operated and maintained by it, or by a third party for and on its behalf, which shall be readily accessible to, and downloadable by, potential purchasers for the duration of the offer period and for not less than 14 days after the offer period ends; or
  2. requiring a signature by every member of the governing body of the licence holder.

(5) A token issuer shall, after it has published a white paper and becomes aware of any information which could affect the interests of purchasers before the close of the offer period, within seven days, give written notice to the Authority and disclose that information by a supplement to the white paper.

(6) A licence holder who fails to comply with subsection (5) commits an offence and is liable to a fine not exceeding kes 300 000 and to imprisonment for a term not exceeding two years, or to both.

 Issuance of white paper

43.

  1. Virtual Assets Exchanges and other service providers that list virtual assets on their platforms  shall bear primary responsibility for the governance of the admission of  the Virtual Assets  trading on their platforms.
  2. Licence holders shall establish and maintain a clear policy outlining the criteria and procedures for deciding which virtual assets to list on their platforms.
  3. Self-Certification Mechanism: Prior to admitting a new token to trading, the virtual assets exchange shall:
  1. engage in self-certification and certify to the Authority  that the virtual asset  intended for listing falls within the relevant definition as per regulatory guidelines.
  2. the exchange shall further certify that the listed virtual asset complies with the platform's predefined requirements for listing.

Listing of Tokens

PART X - CONSUMER PROTECTION

44. (1) A virtual asset service provider shall generate and issue a receipt or any other acknowledgement of transactions carried out by or with a customer, through electronic means or any other acceptable medium.

(2) A virtual asset service provider shall upon request by the customer generate and issue the customer with a comprehensive statement of transactions carried out by or with the customer.

Transaction receipts

45. (1) A virtual asset service provider shall establish a complaints redress mechanism, including a dedicated channel for communicating customer complaints, and ensure proper communication of this mechanism to its customers.

(2) A customer complaint shall be resolved promptly, and where immediate resolution is not possible, within thirty days of a customer reporting a complaint to a virtual assets service provider. 

(3) A virtual asset service provider shall keep a record of all complaints lodged by customers and the outcome of their resolution.

(4) A virtual asset service provider who fails to comply with this Act shall be liable to assessment of penalties and other administrative sanctions as provided under subsidiary regulations.

Customer complaints resolution.

46. (1) A licence holder shall at all times provide safeguards to ensure customer protection to such standards as the Regulatory Authority may determine.

(2) without derogating from the generality of subsection (1), a licence holder shall have business rules, procedures and an effective surveillance programme that ensure that a virtual asset business conducted on in an orderly manner to provide proper protection to customers, including monitoring for conduct which may amount to market abuse, financial crime or money laundering.

(3) in relation to the protection of personal data relative to the customer, data protection measures consistent with the Data Protection Act and as may be prescribed.

Safeguards on consumer protection

47. (1) A licence holder, shall be obligated to implement and maintain an effective consumer education program regarding the risks associated with virtual assets.

(2) The consumer education program shall, at a minimum, include:

  1. Comprehensive Information: Providing consumers with clear and comprehensive information on the nature and characteristics of virtual assets, including their volatility, potential for price fluctuations, and inherent risks.
  2. Security Measures: Educating consumers on best practices for securing and safeguarding their virtual assets, including the use of secure wallets, two-factor authentication, and other relevant security measures.
  3. Regulatory Compliance: Informing consumers about relevant legal and regulatory frameworks governing virtual assets, ensuring they are aware of their rights and obligations within the scope of applicable laws.
  4. Fraud and Scam Awareness: Alerting consumers to common types of fraud, scams, and deceptive practices within the virtual asset ecosystem, and providing guidance on how to identify and avoid such threats.
  5. Investment Risks: Clearly communicating the risks associated with investing in virtual assets, including but not limited to market risks, liquidity risks, and the potential for loss of investment.

(3) The consumer education program shall be regularly updated to reflect changes in the virtual asset landscape, emerging risks, and advancements in technology.

(5) Licence holders shall employ accessible and user-friendly means of communication to disseminate consumer education materials, utilising online platforms, printed materials, or other channels deemed appropriate.

(6) The Authority may in collaboration with the Sandbox, issue consumer protection guidelines or standards to further specify the content and implementation of the consumer education program required under this section.

(7) Failure by a licence holder to fulfil the obligations outlined in this section may result in regulatory sanctions, including but not limited to fines, suspension, or revocation of the licence, as determined by the Authority.

Consumer Education

48. A virtual asset service provider shall -

(a) prepare and maintain key information document that informs

the customer of the fundamental benefits, risks and terms of

the product or service, in a summarised form;

(b) ensure that any information given to a customer on among

other things benefits, prices, risks and the terms and

conditions; whether in writing, electronically or orally is fair,

clear and transparent;

(c) ensure that information on its products and services is

updated and current and easily available at its branches,

websites and any other communication channels which it

uses;

(d) ensure that it discloses at its branches, websites,

advertisements, promotional materials and any other

communication channels which it uses that it is regulated by

the Authority ;

(e) disclose its identity in the correspondence, documents and

other written instruments that the digital credit provider

issues in the course of its business generally or while dealing

or contracting with a consumer; and

(f) educate its customers on its services and products, and in

particular, make its customers aware of the need to keep their

personal details and information such as their private keys and  Personal

Identification Numbers (PIN) secure.

Representations and  information provided to consumer

49. (1) A virtual asset service provider shall ensure that any

advertisement that it publishes or authorises to be published does not

include any false, misleading or deceptive representation, or is

otherwise misleading or deceptive.

(2) Without prejudice to the generality of paragraph (1) a false,

misleading or deceptive representation includes -

(a) a representation that the credit facility has benefits or

qualities that it does not in fact have;

(b) a representation that the virtual asset service provider has an

approval, status, affiliation or connection that it does not in

fact have;

False advertisements

50. Establishment of the Consumer Compensation Fund

  1. There shall be established a Fund to be known as the Consumer Compensation Fund for the purposes of granting compensation to consumers and investors  who suffer pecuniary loss resulting from the failure of a licensed virtual assets service provider providing custodial services to meet its contractual obligations.
  2. Consumers whose virtual assets deposits are lost due to an act or omission of the custodial service providers shall be entitled to a compensation and the consumer compensation fund.
  3. The Compensation Fund shall consist of -
  1. such moneys as are required to be paid as security deposits by custodial service providers into the Compensation Fund by licensed holders;
  2. such sums of money as are paid under this Act as fines or penalties as ill-gotten gains where those harmed are not specifically identifiable;
  3. such sums of money as accrue from interest and profits from investing Compensation Fund moneys;
  4. such sums of money recovered by or on behalf of the Authority from entities whose failure to meet their obligations to investors result in payments from the Compensation Fund;
  5. unclaimed virtual assets outstanding and held by custodial service providers at the expiry of the applicable statutory limitation period;

Establishment of the Consumer Compensation Fund

PART XI - RESPONSIBILITIES OF PERSONS TRADING IN VIRTUAL ASSETS

51. A person who trades in virtual assets shall,

  1. keep the records of virtual assets transactions, including purchases and sales
  2. pay taxes on any gains that are made from transactions in virtual assets in accordance with the applicable law,

PART XII - REPORTING REQUIREMENTS AND OVERSIGHT

53. (1) A licence holder shall, every year not later than three months after the close of its financial year, file with the Authority an audited financial statement, in respect of all transactions related to the licence holder’s virtual asset business activities.

(2) For the purposes of this section, “financial year” means in respect of –

(a) the licence holder’s first financial year, a period not exceeding 18

months from the date of incorporation or issue of a licence; and

(b) every subsequent financial year, a period not exceeding 12 months.

Audited financial statements

54. (1) A licence holder  shall be subject to the Authority’s onsite and off-site inspection, audit and monitoring and shall make such periodic reports and returns as may be specified by the Authority.

(2) The Authority may require a licence holder to furnish it, at

such time and in such manner as it may direct, with such information as

the Authority may reasonably require for the proper discharge of its

functions under this Act.

(3) A licence holder  shall make its premises, systems,

books and records readily available to the Authority, or its officers or any

person appointed by the Authority for inspection, audit and other

supervisory purposes.

(4) A licence holder who fails to comply with these requirements  shall be liable to assessment of penalties and other administrative sanctions as provided for in subsequent regulations.

Reporting

requirements, on-site

and off-site

monitoring

PART XIII - ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM

55. A virtual assets service provider shall provide to the Authority with the evidence and sources of funds invested or proposed to be invested in the digital credit business and demonstrate that the funds are not proceeds of crime.

Source of funds

56. A virtual assets service provider shall take reasonable measures to

satisfy itself as to the identity of its customers while performing

transactions with them.

KYC and Customer identity.

57. (1) A virtual assets service provider shall comply with the Proceeds

of Crime and Anti-Money Laundering Act, 2009, and the Prevention of

Terrorism Act, 2012 and the relevant Regulations and Guidelines

issued thereunder;

(2) A virtual assets service who fails to comply with the

Proceeds of Crime and Anti-Money Laundering Act, 2009, and the

Prevention of Terrorism Act, 2012 and the relevant Regulations and

Guidelines issued thereunder shall be liable to assessment of penalties

and other sanctions as provided for under these Regulations.

58. (1) Authority shall, in fulfilling its obligation to effectively monitor reporting persons, use a risk-based approach.

(2) The Authority shall, in applying a risk-based approach to supervision, ensure that it –

  1. has a clear understanding of the risks of money laundering, terrorist financing and proliferation financing at national level;
  2. has an on-site and off-site access to all relevant information on the specific domestic and international risks associated with customers, products and services of the relevant reporting person it supervises;
  3. bases the frequency and intensity of on-site and off-site supervision on –

(i) the money laundering, terrorist financing and proliferation financing risks, and the policies internal controls and procedures associated with the business activities of a reporting person, as identified by the supervisory authority’s assessment of its risk profile;

(ii) the risks of money laundering, terrorist financing and proliferation financing in Kenya as identified within any information that is made available to the supervisory authority;

(iii) the characteristics of the reporting person, in particular the diversity and number of such institutions and the degree of discretion allowed to a reporting person under the risk-based approach.

(3) The assessment by a supervisory authority of the money laundering, terrorist financing and proliferation financing risk profile of a reporting person, including the risks of non-compliance, shall be reviewed both periodically and when there are major events or developments in their management and operations.

Compliance with laws

on anti-money

laundering and

combating the

financing of terrorism.

PART XIV - RISK BASED APPROACH

59. (1) A virtual asset service provider must have in place sound, effective and comprehensive strategies, processes and risk management systems to assess and maintain, on an ongoing basis, the amounts, types and distribution of financial resources, non-financial resources, own funds and unimpaired capital that it considers adequate to cover:

  1. the nature and level of the risks to which it is, or might be, exposed, such that there is no significant risk that its liabilities cannot be met as they fall due, and that in the event of a winding up, its business can be wound up in an orderly manner, minimising harm to consumers, market integrity or to other market participants.
  2. the risk that the virtual asset service provider might not be able to meet the obligations under the Act in the future; and
  3. the need for liquid assets adequate to cover its liabilities as they fall due.

(2) A virtual asset service provider must document how it has met the general prudential requirement. A virtual asset service provider should review annually how it is meeting the general prudential requirement, and this review should be completed within 4 months after the close of the financial year.

The general requirements

60. (1) Virtual asset service providers, in identifying and managing the major sources of risks to which they may be exposed, shall consider the following categories of risks as relevant to the virtual asset service provider, given the nature and scale of its business, including but not limited to:

  1. credit and counterparty risk;
  2. liquidity risk, being the risk that a virtual asset service provider, although solvent, either does not have available sufficient financial resources to enable it to meet its obligations as they fall due, or can secure such resources only at excessive cost;
  3. operational risks;
  4. market risk, being the risks that arise from fluctuations in values of, or income from, virtual assets or in interest or exchange rates;
  5.  interest rate risk, including:

(i) risks related to the mismatch of repricing of assets and liabilities and off balance sheet short- and long-term positions (“repricing risk”);

(ii) risks arising from hedging exposure to one interest rate with exposure to a rate which re-prices under slightly different conditions;

(iii) risk related to the uncertainties of occurrence of transactions, for example, when expected future transactions do not equal the actual transactions; and

(iv) risks arising from consumers redeeming fixed rate products when market rates change.

  1. the risk that their own funds held by the virtual asset service provider are inadequate having regard to the economic substance of the transactions the virtual asset service provider is involved in;
  2. risks arising from changes in the virtual asset service provider’s business, including: the acute risk to earnings posed by falling or volatile income; the broader risk of a virtual asset service provider's business model or strategy proving inappropriate due to macro-economic, geopolitical, industry, regulatory or other factors; and the risk that a virtual asset service provider may not be able to carry out its business plan and desired strategy.
  3. the remuneration policy in place at the virtual asset service provider;
  4. risk of excessive leverage;
  5. the risk to the virtual asset service provider caused by its contractual or other liabilities to, or with respect to, any pension scheme (whether established for its employees or those of a related company or otherwise), including the risk that the virtual asset service provider will make payments or other contribution to, or with respect to, a pension scheme because of a moral obligation or because the virtual asset service provider considers that it needs to do so for some other reason;
  6. the risk that the virtual asset service provider’s financial position may be adversely affected by its relationships (financial or non-financial) with other entities in the same group or by risks which may affect the financial position of the whole group (e.g. reputational contagion);
  7. concentration risk, being the risk that a combination of risks exposures will cause a loss large enough to threaten the solvency or the financial position in general of the virtual asset service provider; and
  8. the risk that the risk mitigation techniques used by the virtual asset service provider prove less effective than expected.

(2) Virtual asset service providers must document their assessment of the major sources of risks to which they may be exposed and how they are managing those risks.

Types of risk

61. (1) In meeting the general requirements, a virtual asset service provider may make use of an insurance policy covering the relevant services to mitigate its risks.

(2) When considering utilising insurance, a virtual asset service provider should consider:

  1. the type of cover provided by that insurance;
  2. the time taken for the insurer to pay claims (including the potential time taken in disputing cover) and the virtual asset service provider's funding of operations whilst awaiting payment of claims;
  3. the financial strength of the insurer, which may determine its ability to pay claims, particularly where large or numerous small claims are made at the same time; and
  4. the effect of any limiting conditions and exclusion clauses or excesses that may restrict cover to a small or limited number of specific losses and may exclude larger or hard to quantify indirect losses (such as lost business or reputational costs).

Use of insurance

PART XV - WINDING UP, DISSOLUTION OR VOLUNTARY LIQUIDATION

62. Where the Authority revokes a licence or registration, it may apply to the Court for the licence holder to be wound up or dissolved, as the case may be in accordance with section 33 E of the Capital Markets Act.

Winding up or dissolution by Authority

63. (1) A licence holder may, with the approval of the

Authority, voluntarily liquidate itself if it is able to meet all its liabilities.

Voluntary liquidation.

(2) An application for the Authority’s approval for the purposes of

paragraph (1) shall be in such form as may be prescribed.

(3) The Authority may, upon receipt of an application under

paragraph (2), approve the application if satisfied as to the solvency of

the licence holder.

(4) Where the Authority approves an application by a licence holder under this Act, such licence holder shall forthwith cease all its operations except such activities as are incidental to the orderly realisation, conservation and preservation of its assets and settlement of its obligations.

(5) The Authority shall upon approval of a voluntary liquidation,

follow up with the licence holder to ensure smooth execution of

the liquidation process.

(6) The Authority shall provide such subsidiary legislation necessary for regulation winding up of licence holders

Voluntary liquidation

PART XVI - DISCIPLINARY PROCEEDINGS AND ADMINISTRATIVE SANCTION

64. (1) The Authority may impose any or all of the following administrative sanctions with regard to a licence holder that fails to comply with the Act, or any  Regulations or its directives under the Act -

  1. monetary penalty on a licence holder in such amounts not exceeding five hundred thousand shillings;
  2. additional penalties not exceeding ten thousand shillings in each case for each day or part thereof during which the violation or non-compliance continues;
  3. suspension from office of the non-compliant licence holders’s director or officer disqualify a significant shareholder, director or officer from holding any position or office in any licensed or financial institution in Kenya;
  4. undertake more frequent inspections of that licence holder;
  5. order the licence holder to submit to the Authority, within forty-five days, a plan to resolve all deficiencies to the satisfaction of the Authority;
  6. suspension or revocation of the licence; and
  7. any other action as the Authority may consider appropriate.

Enforcement and

administrative

sanctions.

65. (1) In assessing and determining the administrative sanction

to apply in respect of a particular violation or non-compliance, the

Authority may consider the following factor -

  1. whether the person to be sanctioned or penalised is a natural person or corporate body;
  2. the nature of the legal or regulatory requirement, direction, order or condition which has been violated or not complied with;
  3. the nature and severity of the violation;
  4. the impact of the violation on the licence holder, its customer or other person;
  5. the benefits that could be or may have been derived from the violation;
  6. the amount of financial loss or other losses suffered or likely to be suffered by the licence holder, its  customer or other person;
  7. the circumstances under which the violation occurred;
  8. the financial condition of the licence holder or any other person at fault including in terms of size, assets, capital,  annual turnover and any other relevant financial condition;
  9. the frequency of violation of the same law, other laws, direction, order or condition;
  10. general level of compliance with the law by the licence holder or any other person as demonstrated over a period of time;
  11. the public interest affected by the violation;
  12. the identity, rank, job description of the officer of the licence holder, or any other person involved;
  13. whether the violation has been rectified or remedied or can easily be rectified or remedied; and
  14. such other relevant factors as the Authority may consider.

Factors to consider in

determining an

administrative

sanction.

PART XVII - OFFENCES AND COMPOUNDING OF OFFENCES

66. (1) A Licence Holder that contravenes this Act shall commit an offence and shall, on conviction, be liable, where no specific penalty is provided, to a fine not exceeding 10 Million Kenyan Shillings and to imprisonment for a term not exceeding 10 years.

(2) Any person who –

  1. wilfully makes any misrepresentation in any document required to be filed or submitted under this Act;
  2. wilfully makes any statement or gives any information required for the purposes of this Act which he knows to be materially false or misleading; or
  3. knowingly fails to disclose any fact or information required to be disclosed for the purposes of this Act,

shall commit an offence and shall, on conviction, be liable to a fine not exceeding two million shillings or to imprisonment for a term not exceeding 5 years.

(3) Any person who destroys, falsifies, conceals or disposes of, or causes or permits the destruction, falsification, concealment or disposal of, any document, information stored on a computer or other device or other thing that the person knows or ought reasonably to know is relevant to the Authority,  shall commit an offence and shall, on conviction, be liable to a fine not exceeding 1 million kshs or to imprisonment for a term not exceeding 10 years.

(4) Any person who otherwise contravenes this Act shall commit an offence and shall, on conviction, be liable to a fine not exceeding 1 million kes or to imprisonment for a term not exceeding 10 years.

 Offences

67(1) The Authority may, with the consent of the Director of Public Prosecutions, compound any offence committed by a person where the person agrees, in writing, to pay such an amount not exceeding the maximum penalty specified for the offence as may be acceptable to the Authority.

(2) An agreement under subsection (1) shall be in writing and signed on behalf of the Authority and by the person agreeing to the compounding.

(3) Every agreement to compound an offence shall be final and conclusive and on payment of the agreed amount, no further action shall be taken, with respect to the offence compounded, against the person who agreed to the compounding.

(4) Where the Director of Public Prosecutions does not give his consent to compound an offence or a person does not agree to compound an offence, the Authority may, with the consent of the Director of Public Prosecutions, refer the case to the Police for legal proceedings.

(5) The Authority may cause to be published, in such form and manner as it deems appropriate, a public notice specifying the particulars of the amount agreed upon under subsection (1).

Compounding of offences

PART XVIII  - TRANSITIONAL PROVISIONS

68.

  1. Where, on the commencement of this Act, a person is carrying on a virtual asset business, the person shall make an application in such a manner as may be prescribed, not later than 18 months after the commencement of this Act, to be licensed as a licence holder.
  2. Where, on the commencement of this Act, a person is carrying out the business activities of a virtual asset service provider or of issuing initial token offerings, they shall make an application, not later than 18 months after the commencement of this Act, to be licensed as a virtual asset service provider or for registration as an issuer of initial token offerings, as the case may be, under this Act.
  3. Where, on the commencement of thisAct, a person is carrying out the business activities of a virtual asset service provider or of issuing initial token offerings under a Regulatory Sandbox Licence issued under the Capital Markets Authority Act, they shall, notwithstanding the Capital Markets Authority, make an application, not later than 18 months after the commencement of this Act, to be licensed as a virtual asset service provider or for registration as an issuer of initial token offerings, as the case may be, under this Act.

Transitional provisions

FIRST SCHEDULE - VIRTUAL ASSET SERVICES

  1. Any one or more of the following activities or services are regarded as virtual asset services -
  1. providing services related to a virtual assets exchange including platforms which facilitates the –
  1. issuing listing, buying and selling of virtual assets,
  2. exchange between one or more forms of virtual assets,
  3. trading including peer-to-peer trading of virtual assets.
  1. providing virtual assets custodial services;
  2. operating as an on-ramp or off-ramp service provider facilitating exchange or conversation from virtual assets to fiat currency and vice-versa;
  3. operating as a virtual assets payment service provider or transfer of assets utilising virtual assets;
  4. providing custodial wallet services;
  5. operating as an issuer of token offerings;
  6. participating in and providing advisory services related to an issuer’s offer or sale of a virtual asset as may be prescribed;
  7. does not include - services provided in a fully decentralised manner without any intermediary.

SECOND SCHEDULE - FAST-TRACK LICENSING COUNTRIES

  1. Singapore
  2. Switzerland
  3. France
  4. Dubai
  5. Japan
  6. South Africa

THIRD SCHEDULE - LICENSING FEES & CORE CAPITAL REQUIREMENTS

1. The licensing fees under this Act shall be as follows:

Licence Class

Registration Fees (One off)

Annual Licensing Renewal Fees

Class A Licence

3,000,000 kes ($18,500)

750,000 kes

Class B Licence

2,200,000 kes  ($13,000)

350,000 kes

Class C Licence

1,300,000 kes ($8,000)

200,000 kes

Class D Licence

1,300,000 kes ($8,000)

200,000 kes

Pilot Program

50,000 kes ($300)

N/A

 

2. Every licence holder  shall, at all times, maintain core capital as defined  below:-

Licence Category

Core Capital

Class A Licence holder: Virtual assets exchanges

A core capital of not less than 12 per cent of total virtual assets held in the custody of the platform on behalf of users;

Class B Licence holder: Custodial services and Wallets

A core capital of not less than 12 per cent of total virtual assets held in the custody of the platform on behalf of users;

Class C: Payment Orchestration / On-Ramps and Off-Ramps

a core capital of at least 5,000,000 kes

Class D - Token Issuers

a core capital of at least 5,000,000 kes

Pilot Program

a core capital of at least 5,000,000 kes

3. Provided that the provisions of paragraph 2 shall apply in accordance with the following minimum core capital requirements:-

Licence Category

Minimum Core Capital

Class A Licence holder: Virtual assets exchanges

30,000,000 kes

Class B Licence holder: Custodial services and Wallets

16,000,000 kes

Class C: Payment Orchestration / On-Ramps and Off-Ramps

8,000,000 kes

Class D: Token Issuers

8,000,000 kes

Pilot Program

a core capital of at least 8,000,000 kes

(2) Intangible assets, including goodwill, cannot be used as part of calculating capital and shall be deducted prior to determining whether there is sufficient capital for the purposes of paragraph (1).

(3) The Authority shall establish prudential guidelines that licence holders must adhere to for the purpose of safeguarding the integrity, stability, and security of the virtual asset ecosystem.

FOURTH SCHEDULE - FITNESS AND PROPRIETY REQUIREMENTS

  1. In determining whether a person is, for the purposes of this Act, a fit and proper person, the Authority may have regard –

(a) in respect of the person and, where the person is a company, the officers and beneficial owners of the company, to –

(i) his possession of adequate professional credentials or experience or both for the position for which he is proposed;

his ability to recommend sound practices gleaned from other situations;

the financial standing;

(ii) the relevant education, qualifications and experience;

(iii) the ability to discharge the relevant functions properly, efficiently, honestly and fairly;

(iv) the reputation, character, financial integrity and reliability;

his ability to avoid conflicts of interest in his activities and commitments with other organisations; and

(v) any relevant criminal record;

(b) to any matter relating to –

(i) any person who is or is to be employed by, or associated with, the person;

(ii) any agent or representative of the person;

(c) where the person is a company –

(i) any officer and shareholder of the company;

(ii) any related company of the company and any officer of any related company;

(d) to any matter specified in the applicable Acts as relating to the fit and proper person

requirement; and

(e) any other information or any other matter as it deems necessary.

 

s