Special Issue 709

Kenya Gazette Supplement No. 119 1st August, 2014 (Legislative Supplement No. 43) LEGAL NOTICE NO. 109 THE NATIONAL PAYMENT SYSTEM ACT (No. 39 of 2011) THE NATIONAL PAYMENT SYSTEM REGULATIONS, 2014 ARRANGEMENT OF REGULATIONS Regulation PART I—PRELIMINARY 1—Citation. 2—Interpretation. 3—Purpose.

PART II—PAYMENT SERVICE PROVIDERS 4—Authorization of a payment service provider. 5—Application process. 6—Approval of company name. 7—Approval of product name. 8—Criteria for assessing suitability. 9—Renewal of authorization. 10—Revocation and suspension. 11—Capital requirements. 12—Register of Customers. 13—Changes to the electronic retail service or e-money issuance. 14—Agents. 15—Agents and cash merchants. 16—Enlisting of new agents and cash merchants. 17—Appointment of an agent or a cash merchant. 18—Wholesale agents and cash merchants 19—Maintenance of records 20—Due diligence. 21—Interoperability. 22—Payment Service Provider Management Body. 23—Outsourcing. 24—Risk Management. 25—Governance.

26—Contents of Trust Deed. 27—Operational arrangements for payment service providers. 28—Execution of payments. 29—Record keeping and submission of reports. 30—Bank Oversight and Audit. 31—Screening of transactions. 32—Register of payment service providers. 33—Inspection.

34—External Audit. 35—Disclosure.

36—Publication of information. 37—Advertisements. 38—Customer care service. 39—Filing of complaints. 40—Resolution of complaints. 41—Customer service agreements. 42—Confidentiality. 43—Transaction limits. 44—Redemption of E-Money. 45—Prohibition against lending. 46—Registration of small e-money issuers. 47—Certificate of registration. 48—Compliance with registration. 49—Submission of reports. 50—Revocation or suspension of registration. 51—Remedial Actions.

PART III—DESIGNATION OF A PAYMENT SYSTEM OR INSTRUMENT 52—Application process. 53—Notification by the Bank. 54—Changes and enhancements. 55—Revocation and suspension.

PART IV—GENERAL PROVISIONS 56—Non-compliance 57—General Penalty. 58—Payment of monetary penalty. 59—Transitional provisions. 60—Anti- money laundering measures. SCHEDULES

689 The National Payment System Act (No. 39 Of 2011)

IN EXERCISE of the powers conferred by section 31 of the National Payment System Act, 2011, the Cabinet Secretary for the National Treasury makes the following Regulations:—

The National Payment System Regulations, 2014 Part I—Preliminary

1. These Regulations may be cited as the National Payment System Regulations, 2014.

Citation.

2. In these Regulations, unless the context otherwise requires— "Act" means the National Payment System Act, 2011; Interpretation. No. 39 of 2011. Cap. 491.

"agent" means a person who, for a fee, provides limited payment services on behalf of a payment service provider; "aggregate monthly load limit" means the total amount of e-money transferred into an e-money account held by an e-money holder over the period of a calendar month; "Bank" means the Central Bank of Kenya established under section 3(1) of the Central Bank of Kenya Act; "business of an electronic retail provider" means an issuance of emoney against currency of Kenya received or any other currency authorized by the Central Bank of Kenya as well as the redemption of emoney for currency of Kenya or any other currency authorized by the Central Bank of Kenya and includes the transfer of the e-money and provision of closely related ancillary services in respect of the issuance and transfer; "business of an e-money issuer" means an issuance of e-money against currency of Kenya received or any other currency authorized by the Central Bank of Kenya as well as the redemption of e-money for currency of Kenya or any other currency authorized by the Central Bank of Kenya and includes the provision of closely related ancillary services in respect of the issuing of e-money as well as the operational services of the e-money issuer; cash" means bank notes and coins; "cash merchant" means a person who, for a fee, provides cash services on behalf of a payment service provider; "cash services" means the exchange of cash for e-money and emoney for cash; "complaint" means a statement of dissatisfaction against a payment service provider for a service provided; "core capital" means shareholders equity in the form of issued and fully paid-up shares of common stock, plus all disclosed reserves, less goodwill or any other intangible assets;

"customer" means a user of the services of a payment service provider; "Designated Payment Instrument" has the meaning assigned to it under section 2 of the Act; "Designated Payment System" has the meaning assigned to it under section 2 of the Act; "electronic retail transfer" means a payment instruction issued by a payer to a payment service provider to debit a payment account and to credit the payment account of the payee or to make the funds available, directly or through another payment service provider, to the payee where the payee does not hold a payment account, provided that the value being transferred does not exceed the maximum amount as prescribed by the Bank; "electronic retail payment service provider" means a payment service provider providing electronic retail transfer services; "e-money" means monetary value as represented by a claim on its issuer, which is— (a) electronically or magnetically stored; (b) issued against receipt of currency of Kenya or any other currency authorised by the Bank; and (c) accepted as a means of payment by persons other than the issuer; "E-money holder" means a person who has an e-money claim on an e-money issuer or payment service provider for e-money "E-money Issuer" means a payment service provider authorized to issue E-money under these Regulations; "gross value "means the total value of transactions transacted by the payment service provider; "interoperate" means a commercial interconnectivity between providers of different payment systems or payment instruments including the capability of electronic systems to exchange messages and "interoperable" shall be construed accordingly; "the Integrated Population Registration System (IPRS)" means a centralized database holding registration data from various Kenyan government agencies, which is located in the Department of Immigration Services or such other department as the government may determine; "mobile payment service provider" means a telecommunications service provider licensed under the Kenya Information and Communications Act, and authorized by Central Bank of Kenya to offer payment services;

"payee" means a person who is a recipient of funds which are the subject of an electronic retail transfer; "payer" means a person who holds a payment account from which an electronic retail transfer is initiated; "payment account" means an account which is credited or debited with an electronic retail transfer; "payment instruction"means an instruction to a settlement system participant to transfer funds or make a payment; "payment instrument" means an instrument, whether tangible or intangible, which enables a person to obtain money, goods or services, or to otherwise make payment; "payment service" means the retail transfers service offered by a payment service provider; "payment service provider" has the meaning assigned to it under section 2 of the Act; "payment service provider management body" means a body as established by payment service providers to facilitate interoperability; "payment system" has the meaning assigned to it under section 2 of the Act; "point of service" means the location from which a payment service provider provides electronic retail transfers including its head office and branches and all the outlets of its cash merchants and agents, as well as any website that can be accessed to initiate electronic retail transfers; "real time settlement" means- (a) a complete electronic retail transfer where the payment account of the payer is debited and the payment account of the payee is credited instantaneously with no risk of settlement; and (b)the payer and payee receive notification, simultaneous with the completion of the electronic retail transfer, of having sent and received the funds respectively; "small e-money issuer" means a payment service provider registered to issue e-money under regulation 46; "significant shareholder" means a person, other than the government or a public entity who— (a) holds directly or indirectly five percent or more of the share capital of a payment service provider; or

(b) holds directly or indirectly ten percent or more of the share capital of a publicly listed payment service provider; and "significant shareholding" shall be construed accordingly.

3. The purpose of these Regulations is to provide for the authorization and oversight of payment service providers, designation of payment systems, designation of payment instruments and Anti-Money Laundering measures.

PART II—PAYMENT SERVICE PROVIDER REGULATIO 4. (1) A person, other than an institution as defined in the Act, who wishes to be authorized as a payment service provider, shall, before commencing such business, apply to the Bank for authorization.

(2) An application under paragraph (1) shall be made in Form 1 as set out in the First Schedule and shall be accompanied by— (a) documents of registration including certificate of incorporation and the memorandum and articles of association; (b) for a mobile payment service provider— (i) a certified copy of a current license from the communication services regulator ; and (ii) a certified copy of the management agreement where a custodial Trust relationship exists with the mobile payment service provider; (c) the type of services to be offered and the programme of operations to offer these services; (d) information on the public interest that will be served by the provision of the payment service; (e) a business plan including an indicative budget for the first three financial years which demonstrates that the applicant is able to operate efficiently and safely; (f) evidence that the payment service provider holds the initial capital set out in the First Schedule; (g) a description of— (i) the governance arrangements of the applicant and internal control mechanisms, including administrative, risk management and accounting procedures, which demonstrates that these governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate; (ii) the internal control mechanisms which the applicant has established to comply with its anti-money laundering obligations as set out in the Proceeds of Crime and AntiMoney Laundering Act, 2009, the Prevention of Terrorism Act, 2012, and the relevant Regulations and guidelines; Purpose.

Authorisation of a payment service provider. No. 9 of 2009 No. 30 of 2012.

(iii) the structural organization of the applicant including, where applicable, its intended use of agents, cash merchants, branches and outsourcing arrangements, and its participation in a national or international payment system; (h) how the payment service provider is going to settle the payment obligations arising from its provision of electronic retail transfers; (i) the identity of— (i) its directors and persons responsible for the management of the payment service provider; (ii) the custodial trustees holding the cash which is represented in the payment service of the applicant; (iii) persons who, if the activities for which authorization is being sought shall be conducted in a separate division, are responsible for the management of that division; (iv) the "Fit and Proper Form" as set out in the Second Schedule for persons listed in paragraph (i) (i),(ii) and (iii); (j) the address of the head office; (k) terms and conditions that will apply to its customers, agents and cash merchants; (l) current tax compliance certificate from tax authorities; (m) current credit rating report from a credit reference bureau; (n) a letter of no objection from the home regulatory authority where the applicant is a subsidiary of a foreign company, recommending the applicant to establish a payment system in Kenya; (o) for new products, the applicant shall submit to the Bank one or several proposed names for consideration and approval, in order of preference: Provided that the Bank shall reserve the acceptable name with the restriction that the applicant shall not conduct any business under that name until the Bank grants an approval for authorization; and (p) any other document or information as the Bank may require.

5. (1) A person seeking to be authorised as a payment service provider shall apply to the Bank for an authorization.

Application process.

(2) An application under paragraph (1) shall be made in Form 1 as set out in the First Schedule and shall be accompanied by a nonrefundable application fee as set out in the First Schedule.

(3) The Bank may, within thirty days of receiving an application under paragraph (1), request for additional information from the applicant if the information submitted is not complete or if the Bank considers it necessary.

(4) The Bank shall, in considering an application under this paragraph assess— (a) the ability of the applicant to provide electronic retail transfers services safely and efficiently; (b) if the applicant is engaged in other licensed commercial activities the potential of that activity impairing or otherwise affecting - (i) the safety or the financial soundness of the payment service provider; or (ii) the ability of the Bank to monitor compliance of the payment service provider with this regulation; (c) the history, character and integrity of the applicant's significant shareholders, proposed directors and senior officers; (d) the suitability of its trustees, directors and senior officers as per requirements of these Regulations; and (e) the core capital held by the applicant as required in the First Schedule.

(5) The Bank shall upon receiving a complete application and all information required, and is satisfied that the applicant has met all the application requirements, advise the applicant to pay the prescribed authorization fees as set out in the First Schedule.

(6) Where the Bank approves any payment service provider, the Bank shall, within seven days of receipt of authorization fees, issue an authorization certificate to the applicant.

(7) Where the Bank rejects an application for authorization, the Bank shall communicate the reasons for its decision to the applicant within seven days.

6. (1) A person who makes an application to be a payment service provider shall first apply to the Bank for approval of the proposed name.

Approval of Company name.

(2) For the purposes of paragraph (1), the applicant shall forward three proposed names in order of preference to the Bank for consideration.

(3) The Bank may invite an applicant for a preliminary meeting for the purposes of knowing the applicant's intention of business and to enlighten the applicant on the application requirements.

(4) The applicant shall, once the Bank accepts the proposed name, reserve the name with the Registrar of Companies.

Approval of product name.

(5) An applicant shall not use the name approved under paragraph (1) for any other purpose, unless the Bank grants the applicant an authorisation.

7. (1) A person who makes an application for a new product shall apply to the Bank for an approval of the name of the proposed product subject to any intellectual property rights that may be in existence.

(2) An applicant shall not use the name approved under paragraph (1) for any other purpose.

8. (1) The Bank shall assess and approve trustees, significant shareholders, directors and senior managers in control of a payment service provider.

Criteria for assessing suitability (2) Where the trustee is a corporate entity, the Bank shall assess the directors and senior management of the corporate entity.

(3) The Bank shall, for the purposes of assessing suitability of trustees, directors or senior managers in control of a payment service provider, have regard to the criteria prescribed under the Second Schedule.

(4) The Bank may specify other criteria for assessing suitability under this Regulation as and when necessary.

9. (1) An application for renewal of authorization as a payment service provider shall be made to the Bank at least two months prior to the expiry of the authorization and shall be- Renewal of authorisation.

(a) in Form 2 as set out in the First Schedule; (b) accompanied by any other information as the Bank may require; (c) submitted with annual renewal fees as set out in the First Schedule.

10. (1) The Bank may, by notice to an authorized payment service provider, suspend an authorization for such period as the Bank may specify or revoke an authorization, if the authorized payment service provider— Revocation and suspension.

(a) fails to commence business within six months from the date the authorisation was issued; (b) ceases or fails to continue operations; (c) obtains authorisation on the premise of wrong, false, misleading information or conceals material information which, if known at the time of evaluation of the application

for the authorisation, the payment service provider would not be authorised; (d) applies to the Bank for the revocation or suspension of the authorisation where good cause has been shown; (e) fails to comply with any condition of the authorization or any applicable Law; (f) becomes insolvent or is unable to effectively conduct its operations; (g) through its activities,the public trust is compromised; (h) engages in activities either restricted or not permitted under these Regulations; (i) is unable or fails to protect the confidentiality of data or information it collects; (j) without the consent of the Bank, amalgamates with another entity or sells or otherwise transfers its business of an payment service provider to another entity; (k) has a winding-up order made against it or a resolution for voluntary winding passed against it; (l) fails to pay a monetary penalty imposed by the Bank; (m) fails to comply with the Proceeds of Crime and Anti-Money Laundering Act, 2009, and the Prevention of Terrorism Act, 2012 and the relevant Regulations and Guidelines; (n) fails to manage its agents or cash merchants in a manner consistent with these Regulations; (o) fails to ensure that the trust account is managed in a manner consistent with Trust legislation and this regulation; (p) fails to ensure that the trustees act in the interests of the beneficiaries; or (q) fails to produce books of accounts, records, documents, correspondence, statements or other specified information without any reason after fourteen days' notice has been issued and has not given sufficient cause why the authorisation should not be revoked; (r) where the license from the communication services regulator has been revoked for the case of a mobile payment service provider.

(2) The Bank shall, before revoking or suspending an authorization under paragraph (1), give the payment service provider an opportunity to make representations to the Bank on why the authorisation should not be revoked or suspended.

(3) The Bank shall take into account the representations made by the payment service provider under paragraph (2), in its decision on the matter.

No. 9 of 2009 No. 30 of 2012.

(4) The Bank may require the payment service provider to take such corrective measures as the Bank may specify and may impose such monetary penalty or other sanctions as the Bank may decide.

(5) The Bank shall, upon revoking or suspending an authorisation under this regulation— (a)immediately inform the payment service provider of the revocation or suspension; and (b)take over control of the business of the payment service provider to safeguard and facilitate distribution of the money in the Trust Fund.

(6) A payment service provider shall, where its authorization has been revoked or suspended— (a) hand over the entire database, electronic records in a readable format and other relevant information to the Bank to facilitate the processing of payments to the customers; (b) within seven days from the date of service of the notice of revocation, surrender the authorisation certificate to the Bank; and (c) cease immediately from carrying out electronic retail transfers, e-money issuance or any other activity authorised under these Regulations.

(7) Where the Bank has revoked or suspended an authorization certificate of a payment service provider, the Bank shall— (a)notify the public of the revocation or suspension in at least two newspapers of wide circulation; (b) cease immediately, any further dealings with the payment service provider for the purposes of these Regulations; (c) notify the institution holding the Trust funds to cease forthwith further dealing with the funds until the institution receives directions from the Bank; and (d) notify the communication services regulator. (8) Where the Bank has revoked or suspended an authorisation certificate of a payment service provider, the Bank may appoint any person, including another payment service provider, to distribute the balances held in the Trust Fund of the revoked payment service provider at the time of revocation.

(9) Any shortfall in the Trust Fund shall be recoverable directly from each Trustee.

11. A payment service provider, other than an institution shall at the time of authorization and at all times, hold a core capital as set out in the First Schedule; (2) The Bank may amend the prescribed core capital as set out in the First Schedule, from time to time in consultation with the stakeholders.

12. (1) A payment service provider shall, at all times, maintain a register containing identification details of all customers and the funds outstanding in their e-money accounts of which the details shall include the identity card number or the passport number.

(2) The identity card number or passport of the customer shall be independently verified through the Integrated Population Registration System database or through such other means as the Bank may approve.

(3) A mobile payment service provider shall ensure that the subscriber identity module card and mobile phone number of its customer are registered.

13. (1) A payment service provider who intends to introduce a substantial change or enhancement in the electronic retail payment or emoney issuance service shall notify the Bank, thirty days prior to the commencement of the proposed change or implementation.

(2) For the purposes of paragraph (1), a substantial change or enhancement is the one which expands the scope or changes the nature of the electronic retail payment or e-money issuance service and may include— (a) additional functionality of the electronic retail payment or emoney issuance service such as accessing new electronic channels; (b) changing the payment service providers and other major partners in the business; or (c) any changes to the documentation provided during the application process.

14. (1) A payment service provider may appoint an agent to undertake certain services on its behalf.

(2) A payment service provider may enter into an agreement for the provision of certain services with the agent appointed under paragraph (1).

(3) An agent may, on behalf of the payment service provider— (a) send, receive, store or process payments or provide other services in relation to payment services through any electronic system; (b) own, possess, operate, manage or control a public switched network for the provision of payment services; (c) process or store data on behalf of the payment service providers or users of such payment services; (d) provide cash services; or (e) provide such other services as the payment service provider may specify.

Capital requirements.

Register of customers. Changes to the electronic payment service or e-money issuance.

Agents.

(4) A payment service provider is liable to its customers for the conduct of its agents, performed within the scope of the agency agreement.

(5) An agency agreement entered into under paragraph (2) shall not exclude a payment service provider from liability.

15. (1) A payment service provider may appoint an agent or a cash merchant to perform cash services: Agents and cash merchants.

Provided that the payment service provider can execute electronic retail transfers or e-money issuance that supports the cash services in real time.

(2) A contract for the provision of retail cash services entered into between a payment service provider and an agent or a cash merchant shall not be exclusive.

(3) An agent or cash merchant may provide services to multiple payment service providers or institutions: Provided that the agent or the cash merchant - (a) has a separate contract with each institution for the provision of such services; and (b) has the capacity to manage the transactions for the different institutions.

16. (1) A payment service provider who intends to enlist a new agent or cash merchant, shall at least fourteen days prior to commencement of such agency, notify the Bank.

Enlisting of new agents and cash merchants.

(2) A notification under paragraph (1) shall be accompanied by— (a) the procedure for recruiting agents or cash merchants; (b) a copy of the proposed agreement with the agent or cash merchant, which shall provide, amongst others, that the agent or cash merchant is under an obligation, when requested to do so by the Bank, to provide information and access to their premises, systems and records; (c) the policies and procedures approved by the payment service provider for the provision of cash services through agents or cash merchants, including compliance with the Proceeds of Crime and Anti-Money Laundering Act, 2009, and the Prevention of Terrorism Act, 2012, and associated Regulations and guidelines; No. 9 of 2009.

No. 30 of 2012.

(d) description of the technology to be used by the agent or cash merchant to deliver cash services;

(e) a risk assessment report of the provision of cash services through agents or cash merchants including the control measures applied to mitigate the risks; (f) the proposed security measures to be adopted for the premises of agents or cash merchants; (g) the agent or cash merchant manual and any materials used for training agents or cash merchants; and (h) such other information as the Bank may require the payment service provider to submit.

17. (1) A payment service provider may appoint, through an agreement, a person as an agent or a cash merchant if that person— Appointment of an agent or a cash merchant.

(a) possesses such registration, business license, or permit as may be required for the performance of its commercial activities; (b) can lawfully provide the proposed services; and (c) holds a payment account with a bank, financial institution or payment service provider.

(2) Where, for the purposes of paragraph (1) (c), the proposed agent or cash merchant is not an institution, that agent or merchant- (a) is financially sound and has provided the payment service provider with adequate documents; and (b) has provided evidence to the payment service provider indicating that its management has the necessary experience and competence to perform the agency or cash services.

18. A payment service provider may, subject to regulation 17, appoint a wholesale agent or a wholesale cash merchant to distribute emoney to agents or cash agents.

Wholesale agents and cash merchants.

19. (1) A payment service provider who uses the services of an agent or cash merchant to perform cash services shall maintain records containing— Maintenance of records.

(a) the name, physical address, postal address and telephone numbers of the agents or cash merchants; (b) the physical address and telephone numbers of each of the outlets of the agent or cash merchant where it provides cash services; (c) the identity of the persons responsible for the management of the agent or cash merchant; and the Bank may insert this information in a public electronic register of agents or cash merchants; and

(d) a register of agents and cash merchants whose services have been suspended or terminated and the reasons for such suspension or termination.

(2) A payment service provider shall avail the records and information maintained under paragraph (1) to the Bank upon request.

(3) A payment service provider who uses the services of an agent or cash merchant to perform cash services shall– (a) provide adequate training and support to its agent or cash merchants, including an agent or cash merchant manual containing the policies, rules and operational guidelines needed to ensure safe and efficient provision of services to customers; (b) maintain effective oversight over the activities of its agents and cash merchants; and Due diligence.

(c) maintain records of the number, volumes and values of transactions carried out by each agent or cash merchant.

20. A payment service provider shall, in identifying, selecting and contracting agents and or cash merchants— (a) exercise due diligence; and (b) carry out suitability assessment of the agents or cash merchants.

Interoperability.

21. (1) A payment service provider shall use systems capable of becoming interoperable with other payment systems in the country and internationally.

Payment Service Provider Management Body.

(2) A payment service provider may amongst other arrangement, enter into interoperable arrangements.

22. (1) A payment service provider may, for the purposes of facilitating interoperability, participate in a payment service provider management body.

(2) A payment service provider management body shall, at minimum, provide the Bank with— (a) details of the ownership and governance of the management body formed to operate the Payment System; (b) membership rules that are adequate to the operations of the system; (c) clear, fair and non-discriminatory access procedures;

(d) policies and procedures in place for evaluating the financial soundness of operators and participants to identify, monitor and control any risks associated with the working of the system to ensure finality of payment and settlement; (e) details of internal audit function including scope, reporting lines and the frequency of reporting; (f) evidence of adequate human resources to ensure adequate resources to the operation of the system, well trained staff, competent and knowledgeable in respect of the business requirements, operational and risk management.

(3) A payment service provider management body shall manage and regulate, in relation to its members, all matters affecting payment instructions, and in connection with those objects, shall— (a) act as a channel for communication by its members with the Government, the Bank, any financial or other exchange, other public bodies, authorities and officials, the news media, the general public and other private associations and institutions; and (b) deal with and promote any other matter of interest to its members and foster co-operation among them.

(4) The rules of a payment service provider management body shall, in addition to any other provisions, empower that body— (a) to admit members and to regulate, control and with the approval of the Bank, terminate membership; (b) to constitute, establish or dissolve anybody, committee or forum consisting of its members and which has an impact on, interacts with, has access to or makes use of any payment, clearing or settlement systems or operations.

23. (1) A payment service provider may enter into an agreement to outsource its operational functions of provision of payment services.

Outsourcing.

(2) A payment service provider who intends to outsource its functions under paragraph (1) shall notify the Bank at least thirty days before such outsourcing agreement is implemented.

(3) For the purposes of this regulation, a payment service provider shall not outsource its material operational function in such a way as to impair— (a) the quality of internal control of the payments service provider; and

(b) the ability of the Bank to monitor compliance of the payment service provider with the Act and these Regulations.

(4) For the purpose of paragraph (3), an operational function shall be regarded as material if a defect or failure in its performance would materially impair– (a) the continuing compliance of the payment service provider with the requirements of its authorisation under these Regulations, (b) its financial performance; or (c) the soundness or the continuity of its payment services.

(5) Where a payment service provider outsources a material operational function under this regulation, the payment service provider shall ensure that— (a) the outsourcing does not result in the delegation by senior management of its responsibilities; (b) the relationship and obligations of the payment service provider to its customers under this regulation is not altered; (c) the outsourcing contract provides that the Bank can exercise its oversight and supervisory powers under this regulation in respect of the third parties to who functions are outsourced; and (d) the requirements which the payment service provider is required to comply in order to be authorised and remain so, including any conditions imposed by the Bank, are not undermined.

24. For the purposes of risk management, a payment service provider shall comply with— (a) any technical standards that may be issued by the Bank from time to time and; (b) any other international standards as set out in the Third Schedule of these Regulations and risk management guidelines which may be required by the Bank from time to time.

25. (1) A payment service provider engaged in electronic retail transfers, e-money issuance as well as other commercial activities shall establish effective, transparent and adequate governance arrangements to ensure continued integrity of its service.

(2) The governance arrangements established under paragraph (1) shall include— (a) a broad-based board of trustees which consists of people with calibre, credibility, integrity, and fulfill the fit and proper criteria as set out in the Second Schedule.

Risk management.

Governance.

(b) clearly defined and documented organisational arrangements, such as ownership and management structure; (c) segregation of duties and internal control arrangements to reduce the chances of mismanagement and fraud; and (d) the separation of payment services by the payment service provider in a separate business unit from its other business units, including maintaining a separate management structure and keeping separate books of account for its payment services division.

(3) A payment service provider shall— (a) establish a Trust; (b) ensure all monies received are held in a Trust Fund; (c) ensure the balances in the Trust Fund shall not at any time be less than what is owed to customers; (d) not transfer the funds to its own account used for normal business operations; (e) not commingle the funds with the funds of any person other than payers and payees on whose behalf the funds are held; and (f) employ appropriate risk mitigation strategies to ensure that the funds held in the Trust Fund are sufficiently diversified and placed in commercial banks licensed under the Banking Act or Government of Kenya securities.

(4) A payment service provider shall ensure that the funds held in Trust Fund under paragraph (3) (f) complies with the limits provided for under the Fourth Schedule of these Regulations or as advised by the Bank from time to time.

(5) Any income generated from placement of these trust funds shall be— (a) used in accordance with Trust legislation and in consultation with the Bank.

(b) donated to a public charitable organisation for use for public charitable purposes.

26. (1) For the trust established under paragraph 25(3)(a) shall at minimum contain— Contents of the trust deed.

(a) principal characteristics of the service provided pursuant to the Trust; (b) details of how the fund shall be held and invested;

(c) procedures for nomination of the Trustees; (d) the duties, responsibilities and the extent of liability of Trustees; (e) provisions on discontinuation or termination of the Trust and subsequent handling of the Trust Fund; (f) procedure of handling of dormant accounts; (g) procedure of handling accounts of deceased persons; (h) rights of system participants and beneficiaries; (i) applicable law and mode of resolution of disputes; (j) where the trustee is a company, duties of the management company and key particulars of the management arrangement; and (k) use of income generated from the trust fund.

(2) A person who proposes to introduce changes to the Trust deed shall submit the proposed changes to the Bank for approval.

27. (1) A payment service provider shall establish adequate operational arrangements for its payment services.

(2) The operational arrangements established under paragraph (1) shall include— (a) rules and procedures setting out the rights and liabilities of the payment service provider and the user; (b) the risks the user may incur; (c) measures to ensure prudent management of the funds collected from users, including measures to ensure that such funds are available at all times for repayment to users; (d) measures to ensure safety, security and operational reliability of the service including contingency arrangements; and (e) the maintenance of separate records and accounts for its emoney activities from other business activities.

28. (1) A payer may not revoke an electronic retail transfer instruction once it has been received by the payment service provider of the payee unless the payment service provider has sufficient grounds to reverse the transaction in line with dispute resolution mechanisms the payment service provider has in place.

(2) A payment service provider involved in an electronic retail transfer shall— (a) transfer the full amount of the payment transaction; and (b) not deduct charges from the amount transferred, other than charges— (i) expressly agreed to by the customer in advance; or (ii) which the customer has received notice of in terms of paragraph 35(1)(c).

Operational arrangements for the payment service provider. Execution of payments.

(3) A payment service provider shall not be liable to the payer where— (a) the electronic retail transfer requires transmission to a second payment service provider (the payee's payment service provider; and (b) the payment service provider of the payer can prove correct or proper transmission of the electronic retail transfer to the second payment service provider.

(4) A payment service provider shall, where it is liable under this Regulation for non-execution or defective execution of an electronic retail transfer, without undue delay, restore the debited payment account to the state in which it would have been had the defective transaction not taken place, including a refund of the charges imposed.

(5) A payment service provider shall be liable for payment transactions performed without the knowledge of the customer: Provided that such liability may be contractually excluded in circumstances where the payment service provider— (a) proves an element of fault on the side of the customer in the use of the service; or (b) demonstrates at first glance that the payment instruction was carried out by the legitimate customer.

29. (1) A payment service provider shall— (a) use systems which are able to provide an accurate and fully accessible audit trail of all transactions from the origin of the electronic transfer payments to its finality; and (b) keep records of every electronic transfer the payment service provider processes for a period of at least seven years.

(2) A payment service provider shall, within ten days of the end of every calendar month, submit to the Bank in the form as set out in the Fifth Schedule, information regarding— Record keeping and submission of reports.

(a) the volumes, values and geographic distribution of each electronic retail transfer payment instrument offered by it; (b) incidents of fraud, theft or robbery; (c) material service interruptions and major security breaches; and (d) complaints reported, including remedial measures taken, those resolved and those outstanding.

(3) A payment service provider shall, within three months of the 31st December of every year, submit to the Bank— (a) audited financial statements covering its activities in Kenya together with a copy of the auditor's report;

(b) separate audited financial statements for the payment service provider and the Trust accounts; (c) a system security audit report by a reputable independent audit firm on its payment services; and (d) any other information required by the Bank with respect to its payment services.

30. The Bank shall exercise oversight and supervisory powers over a payment service provider, its agents, or cash merchants.

31. A payment service provider shall use systems capable of screening transactions for the purposes of complying with Proceeds of Crime and Anti-Money Laundering Act, 2009, Prevention of Terrorism Act, 2012, and related legislation.

32. (1) The Bank shall establish a register of all authorised payment service providers with details of their head office.

(2) The register established under paragraph (1) shall be accessible to the public.

33. (1) The Bank may— (a) conduct on-site inspections at the premises of a payment service provider and its agents and cash merchants; (b) inspect the books of accounts and other documents of a payment service provider, its agents and the Trust Fund, at any time, in order to ensure compliance with the relevant Laws of Kenya, authorisation terms and conditions, operating instructions and guidelines, and may- (i) institute an audit of an payment service provider;or (ii) call for an investigation of the payment service provider; (c) require an officer of the payment service provider to produce or furnish to the Bank officer making an examination, within a reasonable time - (i) such books of accounts and any other documents in the custody or power of the payment service provider; or (ii) statements or information relating to the affairs of the payment service provider as may be required by the examining officer; (d) by notice, require a payment service provider to provide information to the Bank, in such manner and form as the Bank may specify for the purposes of assessing compliance with these Regulations; (e) at any time, enter any premises where a payment service provider is carrying on business, or any premises where the Bank reasonably suspects that any business is carried out in contravention of these Regulations; and Bank Oversight and audit.

Screening of transactions No. 9 of 2009. No. 30 of 2012. Register of payment service providers.

Inspection.

(f) require a payment service provider to put in place remedial measures as the Bank may consider necessary after an inspection or investigation under this regulation.

(2) The Bank shall, where a payment service provider fails to produce books of accounts, records, documents, correspondence, statements or other specified information without any reason, issue the payment service provider with a fourteen days' notice to show cause why the authorisation to carry on payment services under these Regulations should not be revoked.

34. (1) A payment service provider shall, at its own expense, appoint an external auditor who is a member of good standing of the Institute of Certified Public Accountants of Kenya to carry out an audit of the transactions in its business.

External Audit.

(2) The Bank may require an auditor appointed under paragraph (1) to— (a) submit to the Bank such information or report as the Bank may require in relation to the audit carried out by the auditor; (b) extend the scope of an audit of the business and affairs of the business of the payment service provider and to submit a report to the Bank; and (c) carry out any examination or establish any procedure in any particular case.

(3) The payment service provider shall be responsible for the remuneration of the auditor for the audit services including the functions carried out by the auditor under paragraph (2).

35. (1) A payment service provider shall provide— Disclosure.

(a) a clear and understandable description of the services which it offers and the rates, terms, conditions and charges for such services and shall publish such information and display it prominently at all points of service; (b) clear terms to its customers, agents and cash merchants; and (c) notification to customers, as well as the Bank, of any material changes in the rates, terms, conditions and charges at which it offers its services and shall do so at least seven days before the changes take effect.

(2) A payment service provider shall provide its customers at the point of service with— (a) the name of the payment service provider; and

(b) a telephone number or such other contact medium which provides access to its customer care system.

(3) A payment service provider of the payer shall, without undue delay after the amount to be transferred through an electronic retail transfer is debited to the payer's payment account, provide the payer with— (a) a reference enabling the payer to identify each payment transaction; (b) the details of the payee and its payment account details, if any; (c) the amount of the e-money; and (d) the date of debit. (4) A payment service provider of the payee, if any, shall, without undue delay after the amount transferred through an electronic retail transfer is credited to the payee's payment account or paid to the payee, provide the payee with— (a) the reference enabling the payee to identify the payment transaction; (b) the name of the payer and any information transferred with the payment transaction; (c) the amount of the electronic retail transfer; and (d) the date of credit, where applicable.

(5) All electronic retail transactions shall be executed in real time— Provided that where an electronic retail transaction cannot be completed in real time, the payment service provider shall notify: (a) the payer of the delay of the execution; and (b) the customer of the period within which the transaction shall be completed or cancelled.

(6) A payment service provider may not charge the customer for fulfillment of its disclosure and information obligations under these Regulations.

(7) A payment service provider shall put in place a provision to issue a statement to a customer upon request.

36. (1) The Bank may, from time to time, publish any information the Bank considers useful to customers.

Publication of information.

(2) Information published by the Bank under paragraph (1) may include, but not be limited to, tariffs, quality of service and statistical information.

37. A payment service provider shall ensure that its advertisements— Advertisements.

(a) are precise and easily understood; (b) are not misleading to consumers; and (c) are comprehensive enough to properly inform consumers of the main features and conditions of the product.

38. A payment service provider shall— (a) within a period of six months after commencing the provision of payment services, establish a customer care system within which its customers can make inquiries and complaints concerning its services; (b) prior to establishing a customer care system under paragraph (a)— (i) provide adequate means for customers to file complaints; and (ii) address such complaints within a reasonable period from receipt of the complaint; (c) put in place a clear mechanism to address consumer complaints due to loss of funds through fraudulent means; and (d) provide, at all points of service, easily understood information about their complaint handling procedure.

39. (1) A customer who has a complaint against the services of a payment service provider shall file such complaints with the payment service provider within a period of fifteen days from the date of occurrence.

Filing of complaints (2) A payment service provider shall acknowledge all complaints filed with it.

(3) A payment service provider shall advise the complainant- (a) of the expected actions and timing for investigation and resolution of the complaint; and (b) if the payment service provider regards the complaint as frivolous or vexatious.

Customer care service.

(4) If a customer is dissatisfied with the advice given under paragraph (3), the customer shall have further recourse in accordance with these Regulations and the Consumer Protection Act, 2012.

No. 46 of 2012.

(5) A payment service provider shall provide reasonable assistance where a customer specifically requests assistance when filing a complaint.

(6) A payment service provider shall make adequate provision to ensure that people with disabilities— (a) are able to access their complaint handling processes; and (b) ensure that such customers are easily represented by their authorised representatives in making a complaint.

(7) A payment service provider shall provide the complaint handling processes for free.

40. (1) A payment service provider shall resolve all complaints within thirty days of being filed.

Resolution of complaints.

(2) A payment service provider shall put in place processes to provide a customer with sufficient information and the means to inquire on the progress of the complaint.

(3) The processes under paragraph (2) may include a complaint reference number or any other identifier in order to facilitate timely and accurate responses to subsequent inquiries by the customer.

(4) A payment service provider shall advise a customer of the outcome of the investigation of the customer's complaint and any resulting decision.

(5) Where a customer is not satisfied with the decision of the payment service provider regarding a complaint, the customer may appeal to the Bank.

41. (1) A payment service provider shall— Customer service agreements.

(a) enter into a customer service agreement with every customer to which it renders services; (b) submit to the Bank a copy of the standard customer service agreement applicable to each service offered to the public; (c) in the event of handling a dormant account comply with the provisions of Unclaimed Financial Assets Act, 2012; and (d) in the case of a deceased persons' account, comply with the Succession Act.

(2) A customer service agreement under paragraph (1)(a) shall, at a minimum include—

(a) a detailed description of the services offered; (b) registration requirements for account opening; (c) procedures for maintaining a customer account; (d) the privacy policy of the electronic retail service provider; (e) customer account use and access responsibility; (f) conditions and procedures for loading, transferring, receiving and withdrawing funds; (g) suspension, termination and freezing of accounts; (h) dispute resolution and the governing law; (i) warranties and liability; (j) indemnity; (k) exclusions or limitations of the service; (l) disclosure and data retention; (m) force majeure; (n) details on how dormant accounts are handled; and (o) details on how accounts of deceased persons are handled.

42. (1) A payment service provider, its agents and cash merchants shall keep the information in respect of services provided to any customer confidential in accordance with the Act.

Confidentiality.

(2) Despite paragraph (1), a payment service provider, its agents and cash merchants shall disclose customer information in respect of services provided by the payment service provider only— (a) to the customer concerned; (b) to the Bank; (c) when authorised, in writing, by the customer concerned; (d) as legislated by an Act of Parliament; or (e) as ordered by a court of law.

(3) A payment service provider, agent or cash merchant who fails to comply with the requirements of this regulation is liable to a monetary penalty of not more than one million shillings.

Transaction Limits 43. (1) E-money issued shall be subject to an individual transaction limit that shall not exceed seventy thousand shillings and an aggregate monthly load limit of one million shillings, provided that the Bank may approve higher limits for specific categories of e-money issuers.

(2) The limits may be amended by the Bank from time to time. 44. (1) E-money shall be redeemed at par value subject to terms and conditions of the customer service agreement.

Redemption of EMoney.

(2) An e-money issuer shall not earn interest or any other financial return from the E-Money holder or customer.

45. An e-money issuer, other than an Institution, shall not engage in any lending or investment activity other than that required under these Regulations.

Prohibition against lending 46. (1) A person who issues e-money on a limited scale shall apply to the Bank for registration as a small e-money issuer.

Registration of small e-money issuers.

(2) A small e-money issuer may be exempted from complying with Regulations 4, 5, 8, 9, 10, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43 and 44 of these Regulations.

(3) A persons who– (a) intends to conduct business as small e-money issuers; or (b) is directed to do so by the Bank, shall apply to the Bank to be registered as such.

(4) An application under paragraph (3) shall be submitted in form as set out in the First Schedule accompanied by information and fees prescribed therein.

47. The Bank may register a person as a small e-money issuer if that person— (a) is a company incorporated in Kenya; Certificate of registration.

(b) does not issue e-money accounts with an individual transaction limit that exceeds twenty thousand shillings or as may be amended by the Bank from time to time; (c) does not and shall not have total liabilities with respect to issuing e-money which exceeds one hundred million shillings; and (d) issues e-money which is accepted as a means of payment only by—

(i) subsidiaries of the e-money issuer which perform operational or other ancillary functions related to emoney issued or distributed by that e-money issuer; or (ii) other members of the same group as the e-money issuer, other than subsidiaries of that e-money issuer.

48. (1) The Bank may, where an applicant complies with the registration requirements set out in these Regulations, issue a certificate of registration to a small e-money issuer.

Compliance with registration.

(2) A certificate of registration issued under paragraph (1) shall remain in force until suspended or revoked under these Regulations.

49. A small e-money issuer shall, within ten working days at the end of every calendar month, submit to the Bank in the form as set out in the Fifth Schedule, information regarding— Submission of reports.

(a) the total amount of e-money issued by the small e-money issuer outstanding as at the end of each month; (b) the number of e-money accounts held by the small e-money issuer; (c) the volumes and values of the e-money transactions of the small e-money issuer; and (d) any incidents of fraud.

50. (1) The Bank may revoke or suspend the certificate of registration of a small e-money issuer for such period as the Bank may specify, if the registered small e-money issuer— Revocation or suspension of registration.

(a) ceases to carry on business or goes into liquidation or is wound up, or is otherwise dissolved; or (b) fails to comply with the provisions of this regulation.

(2) The Bank shall, before revoking or suspending a registration under paragraph (1), give a registered small e-money issuer not less than fourteen days' notice, to make any representations to the Bank.

(3) The Bank shall take into consideration the representations made under this regulation in its decision on the matter.

51. (1) The Bank may, in addition to the remedial actions provided under the Act— Remedial actions.

(a) prohibit payment service providers from offering payment services;

(b) terminate the employment services of an officer or employee of a payment service provider; (c) remove a trustee; (d) prohibit a payment service provider from investing the Trust Fund; (e) prohibit a payment service provider from establishing new branches, appointing new agents or cash merchants or introduction of new products; (f) prohibit a payment service provider from engaging in new activities or from expanding existing activities; (g) limit the range of activities under paragraph(1)(f) and the locations in which such activities may be conducted; (h) prohibit or suspend a payment service provider from any other activity which the Bank perceives to be contributing to violation of these Regulations (2) The Bank shall, before imposing a penalty on any payment service provider under these Regulations, give the payment service provider not less than seven days' notice, requiring the payment service provider to show cause as to why the penalty prescribed should not be imposed.

Part Iii—Designation Of A Payment System Or A Payment Instrument

52. (1) The Bank shall determine whether a payment system or a payment instrument qualifies to be designated in accordance with the Act.

Application process.

(2) A person who operates a payment system or issues a payment instrument that qualifies to be designated as such shall upon notification by the Bank apply for designation.

(3) An application under paragraph (2) shall be in Form I, and shall be accompanied by a non-refundable fee, as set out in the First Schedule to these Regulations.

(4) The application under this regulation shall further be accompanied by— (a) for new operators, a three year projected financial statements including statement of financial position, statement of comprehensive income and cash flow statement, after start of operations;

(b) the organisation structure of the applicant if the applicant is a corporate body and declarations signed by every officer as specified in the application form to establish adequate governance arrangements which are effective, accountable and transparent to ensure the continued integrity of such designated payment system or instrument; (c) documents detailing the following operational arrangements— (i) rules and procedures setting out the rights and liabilities of the issuer and the user of the designated payment system or payment instrument and the risks the user may incur; (ii) the name and a detailed description of the designated payment system or payment instrument, including payment flow and settlement arrangements; (iii) measures to ensure prudent management of funds collected from a user of the designated payment system or payment instrument, including measures to ensure that such funds are available for repayment to a user; (iv) measures to ensure safety, security and operational reliability of the designated payment system or payment instrument including contingency arrangements; (v) fees and charges imposed by the payment service provider; and (vi) outsourcing arrangements, if any; (d) where the applicant is already in operation, the value and volumes of transaction in the six months to the date of application; and (e) confirmation of the payment fee as set out in the First Schedule.

53. (1) The Bank shall, by way of a gazette notice, designate a payment system or payment instrument in accordance with the Act.

(2) The Bank shall ensure that a payment system or payment instrument complies with the Act and any conditions given in the designation notice.

(3) The Bank shall give notice of designation of a payment system or a payment instrument in accordance with the Act.

Notification by the Bank.

54. (1) A payment service provider shall, where it intends to introduce a substantial change or enhancement in the designated payment system or payment instrument, seek approval of the Bank, thirty days prior to the proposed implementation of the change or enhancement.

(2) For the purposes of this regulation, a substantial change or enhancement is the one which expands the scope or changes the nature of the designated payment system or payment instrument and may include— (a) additional functionality of the designated payment system or instrument such as accessing new electronic channels; (b) changing the payment service providers and other major partners in the business; and (c) any changes to the documentation outlined in regulation 52(4).

55. (1) The Bank may suspend a designation under this regulation for such period as the Bank may specify or revoke the designation, if the payment service provider— (a) ceases operations; (b) applies to the Bank for revocation by showing a good cause for revocation; (c) ceases to meet the designation and operation requirements as prescribed in this Regulation; (d) fails to comply with any condition of the designation; (e) violates the provisions of any applicable law or this regulation; (f) becomes insolvent or fails to effectively conduct its operations; (g) through its activities the public trust has been compromised; (h) fails to comply with any material obligation imposed on it by or under this regulation; (i) engages in activities which are either restricted or prohibited under this regulation; (j) is unable or fails to protect confidentiality of data or information it collects; (k) without the consent of the Bank, amalgamates with another entity or sells, or otherwise transfers its designated payment instrument business to another entity; (l) has a winding-up order made against it or a resolution for voluntary winding passed against it; (m) fails to pay the annual renewal fee within ninety days after the anniversary date; (n) fails to pay monetary penalty imposed by the Bank; (o) fails to comply with the Proceeds of Crime Act and AntiMoney Laundering Act, 2009, and The Prevention of Changes and enhancements.

Revocation and suspension.

No. 9 of 2009 No. 30 of 2012.

Terrorism Act, 2012, and associated Regulations and guidelines; or (p) fails to manage its agents or cash merchants in a manner consistent with the Act and these Regulations.

(2) The Bank shall, before revoking or suspending a designation under paragraph (1), give the payment system provide an opportunity to make representations to the Bank why the designation should not be revoked or suspended.

(3) The Bank shall take into consideration the representations made under paragraph (2), in its decision on the matter.

(4) The Bank may require the payment service provider to take corrective measures within such time as the Bank may specify and may, in addition, impose such monetary penalty or other sanctions as the Bank deems fit.

(5) The Bank shall, upon revoking or suspending a designation under this regulation, immediately inform the payment service provider of the revocation or suspension.

(6) The Bank shall, where the Bank has revoked a designation, as soon as possible— (a) give notice to the payment service provider; and (b) publish a notice of the revocation in the Gazette.

(7) A payment service provider whose certificate of designation has been revoked shall surrender the designation certificate to the Bank.

PART IV—GENERAL PROVISIONS

56. Where the Bank has proven that a payment service provider has contravened or failed to comply with any provision of these Regulations, it shall forthwith notify the payment service provider and require the payment service provider to remedy the violation.

Non-compliance 57. The Bank may, where there is no specific penalty prescribed under these Regulations, impose monetary fines not exceed one million shillings on an payment service provider, a trustee, an agent or a cash merchant for failure to comply with these Regulations.

General penalty.

58. (1) Where a monetary penalty is prescribed under these Regulations, the penalty shall be paid to the Bank within ten days of imposition of that penalty unless otherwise stated.

Payment of monetary penalty (2) The Bank may, where a payment service provider fails to pay a penalty, take such other action or make such decision as is permitted under the Act or these Regulations.

59. (1) Any payment system operated by the Bank that qualifies to be designated will be deemed to be designated and will be gazetted in accordance with regulation 53.

Transitional provisions.

(2) Any payment service provider who commenced delivery of electronic retail transfer or e-money issuance before the commencement date of these Regulations shall comply with these Regulations within six months from the commencement date.

60. A payment service provider and its agents, cash merchants and wholesale cash merchants shall comply with the Proceeds of Crime and Anti-Money Laundering Act, 2009, and the Prevention of Terrorism Act, 2012, and the associated Regulations and Guidelines.

Anti-money Laundering measures.

No. 9 of 2009 No. 30 of 2012.

FIRST SCHEDULE (rr. 4(2), 4(2)(f), 5(2),(4)(e),(5), 9(1)(a)&(c), 11(1)&(2), 46(4), 52(3)&(4)(e)) Table A: FEE AND CAPITAL REQUIREMENTS

Application Fee		Authorisation Fee	Core Capital
(Kes)		(Kes)	(Kes)
Electronic retail payment	5,000	100,000	5,000,000.00
service provider Designated payment	n/a	5,000,000	50,000,000.00
instrument issuer E-money Issuer	5,000	1,000,000	20,000,000.00
Small E-Money Issuer	5,000	100,000	1,000,000.00

Threshold (per annum in Kes)	Annual Renewal Fees (Kes)
Gross value≤ 1 billion	20,000.00
Gross value1 billion - 10 billion	100,000.00
Gross value11 billion - 50 billion	500,000.00
Gross value51 billion - 1	1,000,000.00
00 billion Gross value101 billion - 500 billion	5,000,000.00
Gross value501 billion to 1000 billion	10,000,000.00
Gross value≥ 1000 billion	15,000,000.00

Table B: Annual Renewal Fees for Payment Service Providers

721 Form 1: Application For Authorisation

PURSUANT to section 6 and section 20 of the National Payment System Act, kindly provide the following information to facilitate authorisation under the NPS Regulations 2014.

1. MANDATORY REQUIREMENTS FOR AN APPLICANT A: This application should be completed in English B: The application should be addressed to the Governor (see address below) with a covering letter summarising the profile of the applicant and the authorisation applied for, C: The application should be accompanied by a sworn affidavit submitting the documents listed therein in line with the template attached as Annex 1 herein and a detailed Business plan in line with Annex 2.

2. Authorisation Applied For

Use this form for application for any of the following categories:

(a)	Provision of Electronic retail transfers
(b)	Small Money Issuer
(c)	E Money Issuer
(d)	Designation of Payment Instrument
(e)	Designation of Payment System

3. Name Of Applicant

(In bold capital letters in the order the names appear on Registration Certificate etc) Application for (specify category of applicant)____________________________________ 4. APPLICANT'S CONTACTS

Town__________________________	Street/Road______________________
LR No________________________ Floor_____________ Room____	____

4.1. Physical Address_____________________________________________________

Name of Building _______________________________________

4.2. Postal Address: P. O. Box _________________________ Postal Code______________________ Post Office Town ____________________

4.3. Phone and Fax Contact: Tel. No. _________________________ Fax. No._____________________________ Mobile_________________________ Other Tel. Nos._________________________

4.4. Email Address:_________________________________________________________

5. Other Information About The Applicant

5.1. State whether any of the partners/ directors/ shareholders is undischarged bankrupt.

(If so indicate give details) 5.2. State whether any of the partners/ directors/ shareholders have a beneficial interest in any other business licensed to provide payment services 5.3. Has any previous application by you been rejected or cancelled under the Act?

(If so give details)

6. Referees

The following details should be completed by two different referees who have known the entity/person in a professional capacity.

1st Referee_________________________________ I certify that the information given in this form is true and correct to the best of my knowledge Full Name: ___________________________________________________ (Block letters as the names appear on the ID/Passport) Postal Address: P.O. Box: ___________________________ Postal Code: __________________________ Post Office Town: __________________________________________________________ Phone and Fax Contact: Tel. No.________________________ Fax No. _________________________________ Mobile No.__________________________ Alternative Tel. No. ____________________ Email Address: _________________________________________________________ Occupation:Signature:__________ 2nd Referee________________________________________________________________ I certify that the information given in this form is true and correct to the best of my knowledge

Full Name: _____________________________________________________ (Block letters as the names appear on the ID/Passport) Postal Address: P.O. Box: ___________________________ Postal Code: __________________________ Post Office Town: ___________________________________________________________ Phone and Fax Contact: Tel. No._________________________ Fax No. _____________________________ Mobile No.__________________________ Alternative Tel.._______________________ Email Address: __________________________________________________________ Occupation: Signature:___ 7. DECLARATION I/We hereby certify the information we have provided in this application is true and correct to the best of my/ our knowledge. I/We also understand that it is an offence under the Penal Code to give false information in support of any application. Name…………………………………………………………………… Designation……………………………………………………………… Signature………………………………………………………………… Date……………………………………………………………………… 8. COMPLETED APPLICATION FORMS SHOULD BE RETURNED TO: Central Bank of Kenya Haile Selassie Avenue P. O. Box 60000- 00200 NAIROBI Tel: 254-20-2860000 Fax: 254-20- 4242430 FOR OFFICIAL USE ONLY The applicant MEETS/ DOES NOT MEET the Bank's requirements and is hereby RECOMMENDED/NOT RECOMMENDED for: ……………………………………………………………………………………….. Name……………………………………………… Designation…………… Signature………………… Application..…………………… Date………………...........

ANNEX 1: TEMPLATE OF THE AFFIDAVIT TO BE SUBMITTED REPUBLIC OF KENYA IN THE MATTER OF OATHS AND STATUTORY DECLARATIONS ACT CHAPTER 15, LAWS OF KENYA AND IN THE MATTER OF AN APPLICATION FOR AUTHORISATION FROM THE CENTRAL BANK OF KENYA AFFIDAVIT I, of P.O. Box (Town)________ (Postcode) _______________________ do hereby make oath and state as follows:

1. THAT I am an adult of sound mind and _(position/ status in the applicant entity) of(name of the applicant) and hence competent to swear this Affidavit.

2. THAT I am a citizen of the______________________and holder of National Identity Card No. (or Passport No.)______________________________

3. THAT______________________(name of the applicant) has resolved to make an application to the Bank for a _______________________((name of the authorisation in accordance with the NPS Act) authorisation.

4. THAT I have submitted the following copies of our documents in support of the said application: 4.1. Registration and ownership status: 4.1.1. For an applicant registered under the Companies Act (Cap 486): 4.1.1.1. Copy of Certificate of Incorporation 4.1.1.2. An original letter from the Registrar of Companies listing Names of Shareholders, their addresses, their nationalities, shares held by each, names of directors and whether directors are nominees or not or whether non shareholder directors- Original Form CR/12 4.1.1.3. Attached original CR/12 for other companies which are shareholder of the Applicant until all shares are attributed to individuals.

4.1.2. A copy of Business Name/ Registration Certificate , or 4.1.4. If the company is listed in a stock exchange in Kenya, copy of Certificate from Capital Markets Authority (CMA).

4.1.5. For any foreign company which is a shareholder of the Applicant attach copies certified by a Notary Public of:

4.1.5.1. Certificate of Incorporation of the foreign company/ies and 4.1.5.2. Share Certificate of the foreign company/ies providing details as in 4.1.1.2 above 4.1.6. Copies of Kenyan National Identity Cards (ID) or Kenyan/Foreign passports for all Significant Shareholders, Custodial Trustees, Directors and Senior Managersof the Applicant: 4.1.6.1. Both sides of the ID should be copied onto the same side of an A4 size paper, and 4.1.6.2. Passport copies should include pages showing the nationality, date of issue and expiry, name and photograph of holder. Please note that all foreign passport copies should be notarized.

4.2. Compliance with Kenya Revenue Authority rules: 4.2.1. Copy of Personal Identification Number (PIN) card, and 4.2.2. Copy of Valid Tax Compliance Certificate. 4.3. A business plan in line with the guideline at Annex 2 below.

5. THAT I swear that the documents listed in 4 above are authentic copies of the original documents issued by the relevant authorities to the applicant.

6. THAT this Affidavit is sworn in support of _______________(Applicant's name) application for authorisation.

7. THAT what is deponed to herein above is true and within my own knowledge. SWORN at by the said ) (Deponent) This_______day of________in the year ) BEFORE ME ) COMMISSIONER FOR OATHS ) Drawn by: _____________________________________________________________ (law firm) ________________________________________________________ (physical address) P. O. Box__________________(postal code) _______________________________ __________________________ (town) ) )

726 Annex 2: Business Plan Guideline

Please provide separately a Business Plan ensuring that the following details are included in the sequence provided below. Any additional information is encouraged.

1. Executive Summary:

Briefly describe your organisation and the business concept.

2. Technical Information Provide the proposed system configuration with block diagrams, proposed technology interface with other licensees, network and terminal equipments and/or customer premise equipment (CPE) and the standards they conform to etc.

3. Market Information 3.1. Indicate envisioned rollout plan for the first three years: Year /Number of Customers/Value/Volume/ Year 1 Year 2 Year 3 3.2. Provide a description of each proposed service and how the service is to be accessed by the public.

3.3. Demonstrate knowledge of the market segment by discussing the competition issueswhat products and companies are likely to compete on the provision of the same or similar products/services.

4. Billing Information

4.1. Describe the billing system you intend to deploy (and where applicable details of the software/hardware), 4.2. Describe how customers will be billed indicating whether billing shall be per transaction or according to value of transaction 4.3 Provide information on the proposed tariff for each service 5. Financial Information Provide at least three-year financial projections including Income Statements, Balance sheet and Cash Flow statement projections as per International Accounting Standards (IAS) Note that the income statements should be derived from the product of rollout plan (part 3.1 above) and billing information (part 4 above) 5. Quality of Service Assurance Describe how you will ensure provision of high quality services and how quality services will be maintained.

6. Funds Management Give details on the mechanisms you have put in place to protect users' funds in the eventuality of system failure, revocation/suspension of your authorisation and/or insolvency of your entity.

727 8. Application Acceptance Section - For Official Use Only

No.	Application Requirements	Receiving	Checking
		Officer	Officer
6	Copy of Certificate of Incorporation enclosed?
7	Is/are original CR/12(s) provided indicating names of shareholders, their addresses, their nationalities, shares held by each, names of directors and whether directors are nominees or not or whether non shareholder directors?
8	Copy of Certificate from CMA for listed companies
9	Notarized Copy of Certificate of Incorporation for a foreign applicant or shareholder of an applicant
10	Notarized Copy of Share Certificate or equivalent of a foreign applicant or a shareholder of an applicant
11	Copy of Personal Identification Number (PIN) card
12	Copy of Valid Tax Compliance Certificate
13	Copies of ID/passport for directors and shareholders
14	Memorandum and Articles of Association of the Company;

No.	Application Requirements	Receiving	Checking
	Officer	Officer
1	Is a covering letter on applicant letterhead included?
2	Is the application duly completed?
3	Is the application signed, giving applicant's name and designation?
4	Is the authorisation applied for within the NPS Act?
5	Is the business plan for the applied authorisation enclosed?

Are the following documents listed on an affidavit sworn by one of the Directors?

The Receiving and Checking Officers MUST tick ALL the boxes above before accepting and Filing an application. Receiving Officer's Comments: …………………………….…………………………. Receiving Officer's Name: …………………………………….………………………… Signature: ……………………………………. Date: …………………………………… Checking Officer's Comments: …………………………….…………………………. Checking Officer's Name: …………………………………….………………………… Signature: ……………………………………. Date: ……………………………………

728 Form 2:Application For Renewal Of Authorisation 1. Authorisation Applied For 3. Declaration

Provision of Electronic retail transfers Small Money Issuer E Money Issuer Designation of Payment Instrument

Please tick the categories of authorisation for renewal. More information on licensing under the National Payment System Act, 2011 is available on the CBK website www.centralbank.go.ke 2. NAME OF APPLICANT (In bold capital letters in the order the names appear on Registration Certificate etc) Application for (specify category of applicant)____________________________________ 2. APPLICANT'S CONTACTS 2.1. Physical Address_____________________________________________________ Town__________________________ Street/Road____________________ Name of Building _______________________________________ 2.2. Postal Address: P. O. Box _________________________ Postal Code______________________ Post Office Town ____________________ 2.3. Phone and Fax Contact: Tel. No. ________________________ Fax. No._____________________________ Mobile________________________ Other Tel. Nos.__________________________ 2.4. Email Address:_____________________________________________________ I/We hereby certify the information we have provided in this application is true and correct to the best of my/ our knowledge. I/We also understand that it is an offence under the Penal Code to give false information in support of any application. Name…………………………………………………………………… Designation……………………………………………………………… Signature………………………………………………………………… Date……………………………………………………………………… LR No__________________________ Floor_____________ Room________

4. COMPLETED RENEWAL FORMS SHOULD BE RETURNED TO: Central Bank of Kenya Haile Selassie Avenue P. O. Box 60000 NAIROBI - 00200 Tel: 254-20-2860000 Fax: 254-20- 4242430 FOR OFFICIAL USE ONLY The applicant MEETS/ DOES NOT MEET the Bank's requirements and is hereby RECOMMENDED/NOT RECOMMENDED for: ………………………………………………………………………………………..

Name……………………… ……………………	…
Designation…… ………	Signature…………………
Application..…………… ………Date………… …	…

Annex 1: Supporting Documents To Be Submitted

1. For a mobile payment service provider, a certified copy of a valid license from the Communication Services Regulator.

2. Evidence that the payment service provider holds the initial capital set out in Table A.

3. Details Of Changes In:

(a)the applicant's governance arrangements and internal control mechanisms, including administrative, risk management and accounting procedures, which demonstrates that these governance arrangements, control mechanisms and procedures are proportionate, appropriate, sound and adequate; (b)the internal control mechanisms which the applicant has established to comply with its anti-money laundering obligations as set out in the Proceeds of Crime and AntiMoney Laundering Act (Act No. 9 of 2009), the Prevention of Terrorism Act (Act No. 30 of 2012) and the relevant Regulations and guidelines; (c)the applicant's structural organisation including, where applicable, its intended use of agents, cash merchants, branches and outsourcing arrangements, and its participation in a national and or international payment system; 4. Details of changes in the identity of: (a)its owners; (b)its directors and persons responsible for the management of the payment service provider;

(c)the custodial trustees holding the cash which is represented in the applicant's payment service; 5. List of volumes and value of transactions for the last 12 months.

1. THAT I swear that the documents listed above are authentic copies of the original documents issued by the relevant authorities to the applicant.

2. THAT what is deponed to herein above is true and within my own knowledge.

SWORN at ______________ by the said ) (Deponent) This_______day of________in the year_________ ) ) BEFORE ME ) ) COMMISSIONER FOR OATHS) Drawn by: ___________________________________________________ (law firm)

---

(physical address) P. O. Box_____________(postal code) ____________ (town)__________ 6. Funds Management Give details on any changes in the mechanisms you have put in place to protect users' funds in the eventuality of system failure, revocation/suspension of your authorisation and/or insolvency of your entity.

APPLICATION ACCEPTANCE SECTION - FOR OFFICIAL USE ONLY

No.	Application Requirements	Receiving	Checking
		Officer	Officer
1	Is a covering letter on applicant letterhead included?
2	Is the application duly completed?
3	Is the application signed, giving applicant's name and designation?
4	Is the authorisation applied for within the NPS Act?

The Receiving and Checking Officers MUST tick ALL the boxes above before accepting and Filing an application. Receiving Officer's Comments: …………………………….………………………….

Receiving Officer's Name: …………………………………….…………………………

Signature: …………………..…………………. Date: ……………………………………

Checking Officer's Comments: …………………………….………… ………………	.
Checking Officer's Name: …………………………………….…………………………
Signature: ……………..………………………. Date: …………………………………	…

Second Schedule

(rr. 4(2)(i)&(iv), 8(3), 9(1)(a), 25(2)(a) CRITERIA FOR ASSESSING SUITABILITY OF SIGNIFICANT SHAREHOLDERS, TRUSTEES, DIRECTORS AND MANAGERS IN CONTROL OF PAYMENT SERVICE PROVIDERS NOTE: (a) Read the declaration on Section 6 below before completing this form.

(b) In case the space provided is inadequate, use additional paper.

Significant trustees, directors and management in control of a payment service provider will be assessed against the following criteria- (a) possession of adequate professional credentials or experience or both for the position for which it is proposed; (b) probity, diligence, competence and soundness of judgment; (c) reputation, character, integrity and honesty; (d) history of any offence involving fraud, dishonesty or violence; (e) whether that person has engaged in deceitful, oppressive or improper business practices or any practices which would discredit that person; (f) whether that person has engaged, associated or conducted himself in a manner which may cast doubt on the fitness, competence and soundness of judgment of that person; (g) whether that person has contravened any provision made by or under any law designed to protect members of the public against financial loss due to dishonesty, incompetence or malpractice; and (h) whether that person has been declared bankrupt.

1. The Applicant Details

(a) Name........................................................................................................................

(b) Type.........................................................................................................................

	Kenya Subsidiary Legislation, 2014	732
2. PERSONAL INFORMATION
(a) Surname .
Other Names .
b) Previous Names (if any) by which you have been known:
---
(c) Year and Place of birth:
---
(d) Nationality and how acquired:
---
(e) Personal Identification Number
---
(f) Identification Card number and date of issue.
---
(g) Postal Address: .
---
(h) Previous Postal Addresses (if any)
………
(i) Physical Address
(j) Educational Qualifications
(k) Professional Qualifications and years obtained.
---
(l) Name(s) of your bankers during the last 5 years
---
---
---
………

Period	Name of Employer/Business and address	Positions held and dates	Responsibilities	Reasons for leaving (where applicable
1.	DESCRIPTION OF YOUR PAST AND CURRENT ACTIVITIES IN KENYA

1. DESCRIPTION OF YOUR PAST AND CURRENT ACTIVITIES IN KENYA

AND ABROAD

3. Employment/ Business Record

Company's	Date of	Amount of	% of	Past	Remarks
Name	incorporation	shareholding	shareholding	shareholding A B

1.1. SHAREHOLDING (DIRECTLY OWNED OR THROUGH NOMINEES) A: Refers to date of sell, transfer, closure or surrender of shares

	Past	Remarks
	Directorship
Company's	Date of	Executive
Name	incorporation	or Non Executive	Position held in case of Executive	C	D

B: Refers to reasons for sell, transfer, closure or surrender

1.2. Directorship

C: Refers to date of retirement / cessation D: Refers to reasons for retirement / cessation

734 1.3. Professional Associations

Name of	Membership No.	Position Held	Past	Remarks
body	(if any)	Directorship E F

E: Refers to date of retirement / termination of membership.

Name of	Name of	Type	Date	Terms	Security	Value of	Current	Rem
borrower	lending	of	of	of	offered	security	Outstanding	arks
*	institution	facility	offer	offer	balance

F: Refers to reasons for retirement or termination of membership

1.4. Borrowings

• Borrower to indicate individual/personal as well as the private Company shareholdings in excess of 5%.

2. Questionnaire

2.1. Have you or any entity with which you are associated as director, shareholder or manager, ever held or applied for a license or equivalent authorisation to carry on any business activity in any country? If so, give particulars. If any such application was rejected or withdrawn after it was made or any authorisation revoked, give particulars.………...........................................................………… ….............................................………………………………………………… ………………………………………………………….................…………… …

2.2. Have you at any time been convicted of any criminal offence in any jurisdiction?

If so, give particulars of the court in which you were convicted, the offence, the penalty imposed and the date of conviction .………………………………………………………………………………… …………………………………………………………………………………… …………………………………………………………………………………… 2.3. Have you, or any entity with which you have been involved, been censured, disciplined, warned as to future conduct, or publicly criticized by any regulatory authority or any professional body in any country? If so, give particulars ...............................................…………................................................................. ................................................................................................................................

2.4. Have you, or has any entity with which you are, or have been associated as a director, shareholder or manager, been the subject of an investigation, in any country, by a government department or agency, professional association or other regulatory body? If so, give particulars …………………………………………………………………………………… …………………………………………………………………………………… …………………………………………………………………………………… 2.5. Have you, in any country, ever been dismissed from any office or employment, been subject to disciplinary proceedings by your employer or barred from entry of any profession or occupation? If so, give particulars.

……………………………………...........................…......................................... ................................................................................................................................

2.6. Have you been diagnosed with any mental disability?

…………………………………………………………………………………… …………………………………………………………………………………… …………………………………………………………………………………… 2.7. Have you failed to satisfy debt adjudged due and payable by you on order of court, in any country, or have you made any compromise arrangement with your creditors within the last 10 years? If so, give particulars …………………………………………………………………………………… ………….................................................................................................................

2.8. Have you ever been declared bankrupt by a court in any country or has a Bankruptcy petition ever been served on you? If so, give particulars

…………………………………………………………………………………… …………………………………………………………………………………… …………………………………………………………………………………… 2.9. Have you ever been held liable by a court, in any country, for any fraud or other misconduct? If so, give particulars …………………………………………………………………..……………… ………………………………………………………………………………..

2.10. Has any entity with which you were associated as a director, shareholder or manager in any country made any compromise or arrangement with its creditors, been wound up or otherwise ceased business either while you were associated with it or within one year after you ceased to be associated with it? If so, give particulars……………………………………….……………………… …..……………………………………………………………………………… Are you presently, or do you, other than in a professional capacity, expect to be engaged in any litigation in any country? If so, give particulars…………………………………………................................................…… …….................................................................................................................................. 2.11. Indicate the names, postal and e-mail addresses, telephone numbers and positions of three individuals of good standing who would be able to provide a reference on your personal and financial integrity and honesty. The referees must not be related to you, and should have known you for at least five years.

Name of	Postal	E-mail	Tel	Position
Referee	Address	address	no.s	(where applicable)	Relationship with applicant.
1 2 3

2.12. Is there any additional information which you consider relevant for the consideration of your suitability or otherwise to own share capital of an institution? The omission of material facts may represent the provision of misleading information…………………………..................................................

...............................................................................................................................

3. Declaration 737

I am aware that it is an offence to knowingly or recklessly provide any information, which is false or misleading. I am also aware that provision of false information in this regard may result in rejection of this application by the Bank.

I certify that the information given above is complete and accurate to the best of my knowledge, and that there are no other facts relevant to this application of which the Bank should be aware.

I also certify that the capital to be invested is not from proceeds of crime. I undertake to inform the Bank of any changes material to the applications which arise while the application is under consideration.

NAME: …………………….................................................................. DATED AT:.…………..…THIS…………….…DAY OF……....…… 20………….

WITNESSED BEFORE ME: SIGNED …………………………........ (Applicant) COMMISSIONER FOR OATHS/MAGISTRATE Name …………………......................................................................................................... Signature: ……………..........................................................................................................

Address: …………………………………………………………………………………… …………………………………………………………………………………………… NB: This form should be accompanied by: (i) Detailed Curriculum Vitae; (ii) Any other document as may be required by the Bank.

---

Third Schedule (R. 24 (B))

Standard Setting Body
1	B.I.S (Bank of	The Committee on Payment and Settlement
International Settlements)	Systems (CPSS) working under BIS contributes to strengthening the financial market infrastructure through promoting sound and efficient payment, clearing and settlement systems. The CPSS is a standard setting body for payment, clearing and securities settlement systems.

738

	Standard Setting Body	The commonly used standards are compliance with Principles for Financial Market Infrastructure (PFMI) It also serves as a forum for central banks to monitor and analyse developments in domestic payment, clearing and settlement systems as well as in cross-border and multicurrency settlement schemes.
2	ISO (International	This is a network of national standards bodies
	Organisation of Standards)	tasked with developing International Standards. International Standards give state of the art specifications for products, services and good practice, helping to make industry more efficient and effective. Examples of ISO standards applicable to payment systems are ISO 20022 and ISO 8583
3	FATF (Financial Action	It is an inter-governmental body formed to set
	Task Force)	standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. The FATF has developed a series of Recommendations that are recognised as the international standard for combating of money laundering and the financing of terrorism and proliferation of weapons of mass destruction

Amount in Trust Account	Percentage Holding per	No. of banks for
	Bank	diversification
1	Below Kes 100 Million	N/a	Strong rated bank
2	Above Kes 100 Million	Max. 25 per cent of Total amount in trust account	Min. 2 strong rated banks

Fourth Schedule (R. 25(4)) Fifth Schedule (Rr. 29(2)& 49) Oversight Data Requirement (To Be Submitted Monthly)

PURSUANT to section 16 and section 20 of the National Payment System Act, 2011, kindly provide the following information to facilitate oversight of your payment service.

(Additional information is provided in the attachments).

PART A: Payment Service Provider Details 1. Name of the Payment Service Provider……………………………………………. 2. Description of the payment service provided (please provide more details on a separate documentation) ……………………………………………………………………………………… 3. Please provide the following information about your Payment System / Instrument.

(i) Physical address ……………………………………………..….…….…… (ii) Postal address …………..…………………………….…………………….. (iii) Telephone ………………………………………….……..…………………. (iv) Registered head office: ………………………………..….…………………..

PART B: Operational Details 1. How many outlets / Agents operate under your establishment ……………… (Provide detailed geographic distribution) 2. What is the volume and value of your operations during last month?

Aggregate Value …………………………….. Aggregate Volume …………………………… 3. What is the value of the trust account operated on behalf of your customers?

Kes. …………………………………….

4. What is the distribution amount and percentage per bank? (provide a table) 5. Have you experienced incidents of fraud, theft or robbery?

a) No b) Yes (Provide geographical distribution details)?

6. Have you experienced material service interruptions and major security breaches?

a) No b) Yes (Provide geographical distribution details) 7. What security measures have you put in place to prevent service interruptions?

........................................................................................................................................ ......................................................................................................................................

8. Have you received complaints and how have they been resolved?

a) No b) Yes (Provide geographical distribution details and resolving mechanisms can be provided in a separate sheet) PART C: Declaration I/We declare that the information provided is true to the best of our knowledge. Name………………………….. Name …………………………… Designation ……………………. Designation ……………………... Date …………………………… Date ……………………………….

Made on the 25th July, 2014.

HENRY K. ROTICH,

Cabinet Secretary for the National Treasury PRINTED AND PUBLISHED BY THE GOVERNMENT PRINTER, NAIROBI