Financial Crime World

Kenya’s Financial Institutions Must Stay Compliant with Regulatory Requirements when Using Cloud Services

Financial institutions in Kenya that use cloud services must ensure they comply with applicable legal and regulatory requirements to avoid potential risks and penalties. In this article, we will explore the necessary steps financial institutions can take to stay compliant.

Regulatory Framework for Financial Institutions in Kenya

The Central Bank of Kenya permits financial institutions to use cloud services provided they meet the necessary regulatory requirements. The Insurance Regulatory Authority regulates the insurance sector while the Capital Markets Authority supervises market intermediaries including the stock exchange and central depository and settlement system.

Key Legislation and Guidelines

Financial institutions in Kenya may be subject to various legal and regulatory requirements when using cloud services. Key legislation and guidelines issued by the Central Bank of Kenya, along with the Capital Markets Authority, provide a framework for financial institutions planning to use cloud services or offshore data.

  • Guidance Note on Cybersecurity (2017)
    • Covers contractual and operational areas including due diligence, risk management, business continuity, and monitoring and oversight.
  • Prudential Guidelines on Outsourcing (2013)
    • Provides guidance on outsourcing material activities, including obtaining approval from the Central Bank of Kenya.

Steps to Ensure Compliance

Financial institutions using or planning to use cloud services can take the following steps to ensure compliance:

  • Consider the purpose of the workload(s) under consideration and the relevant categories of data in order to anticipate which legal and regulatory requirements may apply.
  • Assess the materiality or criticality of the relevant workload(s) in light of local requirements. For example, financial institutions subject to the Prudential Guidelines (2013) must obtain approval from the Central Bank of Kenya to outsource material activities.
  • Review the AWS Shared Responsibility Model and map AWS responsibilities and customer responsibilities according to each AWS service that will be used.

Additional Resources

Financial institutions using or planning to use AWS services are encouraged to:

  • Consult with their account representative or contact AWS for further information.
  • Review the AWS Compliance Quick Reference Guide and Using AWS in the Context of Common Privacy and Data Protection Considerations whitepaper for more information on how to stay compliant with regulatory requirements.

Note

This article is intended as a general overview and should not be taken as legal advice. Financial institutions should consult relevant laws and regulations and seek professional guidance to ensure compliance with regulatory requirements.