THE VIRTUAL ASSETS SERVICE PROVIDERS BILL 2024

An Act of Parliament to provide for the Promotion, development and regulation of virtual assets in Kenya.

CLAUSE NO. CONTENTS OF THE CLAUSEOUR COMMENTS

Clause 2

Interpretation

“Airdrop” means the distribution of a cryptocurrency or token to multiple wallet addresses, often for free, as part of a promotional or foundational activity within the decentralized digital ecosystem. It serves as a mechanism for wide-scale token distribution and also as an incentive to engage or participate in a specific decentralized application (“dApp”), platform, or protocol. Recipients of an airdrop typically must meet certain predetermined criteria, which may include holding a specific token or participating in a particular network activity.

The pros of using an airdrop are as follows:

a. airdrops facilitate the widespread distribution of tokens or cryptocurrencies to a large number of users, helping to increase the token's liquidity and user base; and
b. airdrops can serve as effective promotional tools, raising awareness about a new cryptocurrency or token project. This can attract attention of new users and investors.


“Authority” means the Capital Markets Authority established by section 5 of the Capital Markets Act, CAP 485.

The Authority has been included in the Bill since it promotes, regulates and facilitates the development of an orderly, fair and efficient capital market in Kenya.




“Asset-referenced token” means a token that represents a claim against the issuer which:

a. is intended to represent an asset and is embedded with underlying assets;
b. derives its value by reference to an underlying asset; or
c. is secured by an underlying asset.

Asset-referenced tokens often offer stability in value since they are backed by tangible assets. This stability provides confidence to investors and users, especially in volatile cryptocurrency markets.



“Blockchain” means a system of recording information in a shared digital register which is duplicated and distributed across the whole network of computer systems within the business network.

Once data is recorded on a blockchain, it becomes nearly impossible to alter or delete. This immutability ensures the integrity of the data, making blockchains highly secure and transparent. Users can trust that the information stored on the blockchain is accurate and tamper-proof.

“Comparable body” means a body outside Kenya that has functions similar to those of the Capital Markets Authority for the regulation and licensing of a virtual asset business.

A comparable body may have already developed best practices, regulations and guidelines for regulating virtual asset transactions. By adopting these best practices, Kenya can benefit from established frameworks that promote investor protection, market integrity and financial stability of virtual assets.

“Crypto assets” are cryptographically secured digital representations of value or contractual rights that use some type of distributed ledger technology (“DLT”) and can be transferred, stored or traded electronically.

Crypto assets enable users to access financial services and participate in global markets without traditional barriers such as geographical restrictions, minimum investment requirements or account eligibility criteria. Anyone with an internet connection and a digital wallet can transact with crypto assets.


"Custodial Wallet Provider” means the provider of services involving the storage or maintenance of virtual assets or a virtual wallet on behalf of a client.
Custodial wallet providers handle the technical aspects of storing and managing virtual assets, making it easier for users to access and transact with their cryptocurrencies. Users don't need to worry about managing private keys or securing their wallets.

Secondly, reputable custodial wallet providers often implement robust security measures to protect users' assets, such as encryption and multi-factor authentication. This can provide users with greater confidence in the safety of their funds compared to managing their own wallets.

Thirdly, custodial wallet providers typically offer customer support services to assist users with any issues or inquiries related to their wallets. This can be especially beneficial for novice users who may encounter technical difficulties or have questions about managing their virtual assets.

“Custodial Wallet” means an online virtual asset wallet responsible for storing and holding Virtual Assets on behalf of a Virtual Asset Owner, without granting full control over those Virtual Assets to the Custodial Wallet Provider.

Custodial wallets enable users to access their virtual assets from any device with an internet connection, making it convenient to manage their virtual assets on the go. Users can easily initiate transactions, monitor their balances and view transaction history without the need for specialized hardware or software.

“Cybersecurity incident” means any act or attempt, successful and unsuccessful, to gain unauthorised access to, disrupt or misuse a computer or computer system or information stored on the information system or critical information infrastructure which may have a disruptive effect that significantly impacts the following:

a. the number of users relying on that service;
b. the dependency of other sectors critical information infrastructure sectors on the service provided by that entity;
c. the impact that incidents may have, in terms of degree and duration, on economic and societal activities or public safety;
d. the market shares of the entity;
e. the geographic spread regarding the area that may be affected by an incident; and
f. the importance of the entity in maintaining a sufficient level of the service, taking into account the availability of alternative means for the provision of that service.


Cybersecurity incidents can raise awareness about potential vulnerabilities and weaknesses in systems, prompting organizations to prioritize cybersecurity measures and invest in improving their security features.

On the other hand, cybersecurity incidents can result in significant financial losses for organizations, including legal expenses, regulatory fines and reputational damage. These financial impacts can be particularly severe for entities that experience prolonged downtime or loss of customer trust.
“Decentralized Exchange” - *Definition
We propose that the definition of this term is included in this clause. This proposal enhances clarity by removing the omission present in this clause.
“distributed ledger technology” or “DLT” means:

a.a virtual or digital ledger in which data is recorded, consensually shared and synchronised across a network of multiple nodes or sites accessible by multiple persons; or
b.a distributed ledger technology platform or software program that operates on a blockchain or similar technology.

A DLT operates on a distributed network of nodes, eliminating the need for a central authority or intermediary to validate and record transactions. This decentralization enhances transparency, reduces the risk of single points of failure and promotes trust among participants.

Secondly, a DLT provides a transparent and verifiable record of transactions, which is accessible to all participants in the network. This transparency fosters trust and accountability, as participants can independently verify the validity of transactions.

“fiat currency” means a currency issued by the relevant body in a country or by a government that is designated as legal tender in its country of issuance. This includes:

a. a banknote or coin that is in circulation as a medium of exchange; and
b. a digital currency issued by the central bank or the central bank of a foreign jurisdiction;

Fiat currencies are typically backed by the central bank of a country. This provides stability and confidence in their value. The Central Bank can actively manage fiat currencies to control inflation, stabilize prices and support economic growth, which helps maintain their purchasing power over time.

Secondly, fiat currencies have legal tender status, meaning they will be used to pay debts and taxes in the issuing country. This legal backing ensures the widespread acceptance and circulation of a fiat currency, enhancing its liquidity and utility in the economy.

“Initial token offerings” or “ITO” means an offer for sale to the public of a virtual token in exchange for fiat currency or another virtual asset.
ITOs have the potential to reach a global audience of investors, allowing token issuers to attract funding from diverse geographic regions. This global reach enhances the liquidity and accessibility of token offerings, enabling projects to scale and grow more rapidly.

“token issuer” means a person responsible for issuing a virtual asset.

We propose that this term is moved to appear after the definition of “stablecoin” in this clause. This proposal ensures that defined terms are arranged alphabetically in this clause.

“licence” means a licence issued by the Authority under section 5 and "licensee" and "licensor" shall be construed accordingly.

A licence issued under this Bill will allow a licence holder to offer virtual asset services in Kenya.

“licence holder” means a person issued with a licence under section 5 of the Act.

This defined term ensures that only virtual asset service providers that have been approved by the Authority can offer virtual asset services in Kenya.

“Nairobi International Financial Centre" means the Nairobi International Financial Centre established under section 4 of the Nairobi International Financial Centre Act, 2017.

The Nairobi International Financial Centre was established to create a more efficient and predictable environment in order to attract finance, invesntment, as well as support green growth and innovation in Nairobi.

“non-custodial wallet” means a virtual asset wallet that stores virtual assets and empowers virtual assets owners with complete control over their virtual assets either as a software program or a physical device.

Non-custodial wallets provide users with full control over their virtual assets, including the private keys used to access and manage their funds. This ensures that users are not dependent on third-party custodians and have the autonomy to transact and manage their assets independently.

“non-fungible token” or “NFT” means unique digital assets created for specific applications and cannot be divided or exchanged on a one-to-one basis with others. Each NFT is a distinct and irreplaceable digital identifier recorded on a blockchain, providing a secure and transparent way to verify ownership and authenticity of a particular digital asset, such as artwork, music, or other digital content.

NFTs represent unique and indivisible digital assets, providing a clear and verifiable record of ownership on the blockchain. This uniqueness ensures that each NFT is distinct and irreplaceable, allowing creators and collectors to establish ownership and authenticity of the NFT with certainty.

“offer” means a document, notice, circular, advertisement, prospectus or whitepaper issued to the public or accessible electronically:
a. inviting applications or offers to subscribe for or purchase virtual assets; or
b. offering virtual assets for subscription or purchase.

Inviting offers to purchase virtual assets allows the token issuer to raise capital from a wide pool of investors. This crowdfunding model enables issuers to access funding without relying solely on traditional sources such as venture capital firms or banks, providing greater flexibility and autonomy in financing their operations and growth.

Secondly, inviting offers to purchase virtual assets provides an opportunity for token issuers to gauge market interest and validate demand for their offerings. By soliciting feedback, inquiries and expressions of interest from prospective investors, issuers can assess the attractiveness of their offering, refine their marketing strategy and tailor their value proposition to better meet investor preferences.

“off-ramp” means the process that enables individuals to convert their virtual assets into traditional fiat currency or other tangible assets. Off-ramps can take various forms, including virtual asset exchanges that facilitate the conversion of virtual assets to fiat currency, over-the-counter (OTC) services, or peer-to-peer transactions.

Virtual assets are often subject to price volatility, which can lead to uncertainty and risk for holders. Off-ramps offer a way to mitigate volatility risk by providing a mechanism to convert digital assets into stable fiat currency with relatively stable values, reducing exposure to price fluctuations.

“on-ramp” means the process that enables individuals to convert their fiat currencies into virtual assets. On-ramps can take various forms, including virtual asset exchanges that facilitate the conversion of virtual assets to fiat currency, over-the-counter (OTC) services, or peer-to-peer transactions.

On-ramps provide individuals with the ability to acquire virtual assets, using fiat currency. This accessibility allows users to participate in the virtual asset economy, diversify their investment portfolios and explore opportunities in emerging technologies and markets.



“over-the-counter trading” or “OTC trading” means the direct exchange of virtual assets between two parties within a closed trading market. In contrast to traditional exchanges, which feature a multitude of publicly listed prices, OTC trading involves a more personalised and private environment. Within this closed market, p*articipants negotiate and agree upon specific terms for their transactions, allowing for a customised approach.

OTC trading allows participants to negotiate and agree upon specific terms for their transactions, providing a customized approach tailored to their needs and preferences. This flexibility enables participants to execute large trades without significantly impacting market prices and to structure transactions to meet their unique requirements.

Secondly, OTC trading occurs within a closed market, offering participants a more private and confidential environment compared to traditional exchanges. Participants can conduct transactions discreetly, without disclosing sensitive information or impacting market sentiment, preserving confidentiality and minimizing market manipulation risks.

“Peer-To-Peer trading” or “P2P trading” means the direct exchange of digital assets between two individuals without the direct involvement of an intermediary.

P2P trading offers greater flexibility in terms of payment methods and transaction terms compared to traditional exchanges. Participants can negotiate and agree upon specific terms for their transactions, including pricing, payment options and settlement timelines, providing a customized trading experience tailored to their preferences.

“real world asset” means movable and immovable property of any nature, whether tangible and intangible including but not limited to real estate, securities, commodities, treasury bonds, etc.

Real world assets have inherent tangible value which provides stability and security, making them attractive investment options for individuals seeking to preserve wealth and mitigate risk.

“real-world-asset token” or “RWA token” means a digital representation, stored on a blockchain or utilising distributed ledger technology, that signifies an ownership interest, claim, or stake in a tangible or intangible asset existing off-chain in the physical world. The real world asset token may confer rights, obligations, or benefits associated with the underlying real-world asset, which could include but is not limited to property, securities, commodities, or any other item of economic value.

Real-world asset tokens enable fractional ownership of high-value assets, allowing investors to purchase and trade smaller units or shares of an asset. This fractionalization lowers the barrier to entry for investors who may not have the capital to purchase an entire asset outright.

“security token” means a token representing transferable securities; money-market instruments; units in collective investment undertakings; options, futures, swaps, and other derivatives linked to securities, currencies, interest rates, emission allowances, or financial indices; derivative contracts linked to commodities, whether settled physically or in cash; derivative contracts tied to commodities traded on regulated markets, financial contracts for differences; derivative instruments for transferring credit risk; derivative contracts involving climatic variables, freight rates, or inflation rates; and emission allowances conforming to the requirements of the Capital Markets Act 2000.

Security tokens enable fractional ownership and facilitate trading on digital asset exchanges, enhancing liquidity compared to traditional securities. Investors can buy, sell, and trade security tokens more easily and efficiently, reducing liquidity constraints and unlocking value for asset owners.

Secondly, security tokens enable investors to access global markets and diversify their portfolios across different geographic regions and asset classes. With digital asset exchanges operating 24/7 and accessible from anywhere in the world, investors can participate in cross-border transactions and capitalize on investment opportunities worldwide.

“stablecoin” means a type of virtual asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies.

The primary benefit of stablecoins is their ability to maintain a stable value. This stability reduces volatility compared to other cryptocurrencies like Bitcoin or Ethereum, making stablecoins more suitable for everyday transactions and financial planning.

“Utility token” means a type of virtual asset that is mainly intended to provide access to a good or a service supplied by its issuer.

The primary benefit of utility tokens is their ability to provide access to goods or services offered by the service provider.

For example, this can be used by service providers in offering subscription plans or usage fees, which in turn creates new revenue streams and business models which attract new users.

“virtual asset” means:

a. a cryptographically secured digital representation of value that;

i. may be digitally traded or transferred, and may be used for payment or investment purposes, or
ii. is distributed through a distributed ledger technology where value is embedded or in which there is a contractual right of use;

b. Includes:

I. Asset-referenced tokens;
II. Crypto assets;
III. Non-fungible tokens (NFT);
IV. Real world asset tokens
V. Stablecoins;
VI. Security tokens;
VII. And any other token generated through distributed ledger technology for purposes of investment, buying, selling, trading and/or speculation.

c. Excludes:

I. a digital representation of legal tender as provided for under the CBK Act, and
II. securities and other financial assets that are regulated under the Capital Markets Authority Act;
III. Decentralised Autonomous Organizations (DAOs), Decentralized Exchanges and Non-custodial wallets.

Virtual assets facilitate cross-border transactions, allowing users to send and receive funds quickly and cost-effectively across different geographic regions. Virtual assets transcend national borders and traditional banking hours, enabling seamless peer-to-peer transactions on a global scale.

“virtual asset service” includes all services provided by a virtual assets service provider which include but are not limited to (list the services)

We propose that the services offered by virtual asset service providers are listed in this clause. This proposal enhances clarity by removing the omission present in this clause.

“virtual asset service provider” or “VASP” includes a trade or business that:

a. provides services related to a virtual assets exchange including platforms which facilitates the:

I. issuing, listing, buying and selling of virtual assets;
II. exchange between one or more forms of virtual assets;
III. trading including peer-to-peer trading of virtual assets.

b. provides virtual assets custodial services;
c. operates as an on-ramp or off-ramp service provider facilitating exchange or conversation from virtual assets to fiat currency and vice-versa;
d. operates as a virtual assets payment service provider or transfer of assets utilising virtual assets;
e. provides custodial wallet services;
f. operates as an issuer of token offerings(initial Coin offering);
g. operates as a virtual assets broker dealer
h. that participates in and provides advisory services related to an issuer’s offer or sale of a virtual asset as may be prescribed;
i. does not include - services provided in a fully decentralised manner without any intermediary.

VASPs serve as on-ramp and off-ramp service providers, facilitating the conversion between virtual assets and fiat currency. They enable users to deposit fiat currency to purchase virtual assets and withdraw virtual assets to convert into fiat currency, bridging the gap between traditional and digital finance.

“virtual asset competency requirements” in so far as it relates to a virtual asset supervised representative, means the:

a. experience requirement;
b. virtual asset academic credential requirement; and
c. regulatory examination requirement.

We propose that the term “virtual asset supervised representative” is defined in clause 2 of the Bill. The term has not been defined anywhere in the Bill. This proposal enhances clarity by removing the ambiguity present in this clause.

“virtual asset marketplace” means a centralised platform, whether in Kenya or in another jurisdiction:

a. which facilitates the trading and exchange of virtual assets for fiat currency or other virtual assets on behalf of third parties for a fee, a commission, a spread or other benefit;
b. issuing, listing, buying and selling of virtual assets,
c. exchange between one or more forms of virtual assets,
d. trading including peer-to-peer trading of virtual assets, and
e. which:

I. holds custody, or controls virtual asset, on behalf of its clients to facilitate an exchange;
II. purchases virtual assets from a seller when transactions or bids and offers are matched in order to sell them to a buyer, and includes its owner or operator but does not include a platform that only provides a forum where sellers and buyers may post bids and offers and a forum where the parties trade in a separate platform or in a peer-to-peer manner.

A virtual asset marketplace provides transparent and real-time pricing information for virtual assets, enabling users to make informed trading decisions.

Secondly, a virtual asset marketplace offers a wide selection of virtual assets which allows for portfolio diversification and risk management.

“virtual asset wallet providers” means providers, who offer storage for virtual assets include custodial and non-custodial wallets.

Virtual asset wallet providers offer convenient storage solutions for virtual assets, allowing users to access their funds anytime, anywhere. Users can manage their virtual assets through user-friendly interfaces, mobile applications and web-based platforms, making it easy to send, receive and store virtual assets.

“white paper” means an informational document, issued by a company to promote or highlight the features of a solution, product or service.

White papers serve as powerful marketing tools for promoting products and services of a company. They can be used to attract new customers who will purchase the company’s goods or services.

Clause 3

Objects of the Act

The objects of this Act are to:

a. make provision for the licencing and regulation of virtual asset service providers and token issuers;
b. ensuring consumer protection and preventing market abuse;
c. facilitate the prevention, detection, investigation of risk of money laundering and financing of terrorism and proliferation activities; and
d. facilitate international cooperation on matters covered under this Act

Objects outline the goals or aims that the Bill seeks to achieve. By clearly stating the objects of the Bill, it helps in interpreting and understanding its provisions. To conclude, objects ensure that the Bill is effectively implemented, applied consistently, and aligned with its intended purposes.

By establishing a framework for licensing and regulating virtual asset service providers and token issuers, the Bill promotes transparency, accountability and compliance within the virtual asset industry. Licensing requirements ensure that only qualified and reputable token issuers and virtual asset service providers operate in the market, enhancing investor protection and market integrity.

Thirdly, by preventing money laundering and terrorism activities. The Bill enhances financial transparency and integrity, mitigating the risk of illicit financial flows and illicit activities in the virtual asset sector.

Clause 4

Scope and application of the Act

This Act shall apply to:

a. any virtual asset service provider, and to any token issuer, that carries out its business activities in Kenya or offers service to kenyan consumers-
b. any person who as an organiser, issuer, founder, purchaser or investor participates in the formation, promotion, maintenance, organisation, sale or redemption of an initial token offering; and
c. any person carrying on and providing virtual asset services to Kenyans irrespective of the physical location from which the activity is carried out.

This Act shall not apply to:

a. securities and other financial assets that are regulated under the Capital Markets Authority Act;;
b. digital currencies issued by the central bank or the central bank of a foreign jurisdiction;
c. a person who, by virtue of his acting in a professional capacity on behalf of persons engaged in the participation and provision of financial services related to a virtual asset service provider and token issuance;
d. and a person who provides ancillary services or products, as specified in the Fourth Schedule, to a virtual asset service provider.


This clause provides a scope of the activities that will be governed and regulated by the Bill.

PART II – REGULATORY AND SUPERVISORY AUTHORITY

Clause 5

Designation of Licensing Authority


The authority conferred by this Act to licence virtual asset services is vested in the Capital Markets Authority (CMA), hereby designated as the Licensing Authority.

The Authority shall, in the execution of its powers and functions, engage in seamless collaboration with the joint regulatory sandbox as established under the provisions of this Act.
The Authority typically possesses expertise and experience in regulating financial markets and intermediaries. Leveraging its existing knowledge base and regulatory framework, the Authority can effectively oversee and license virtual asset services, ensuring regulatory compliance, market integrity and investor protection.

For sub-clause (1), we propose the deletion of the words "Capital Markets Authority (CMA)" and replacing it with the words "the Authority". The rationale for this proposal is that the term "Authority" has been defined in clause 2 to refer to the Capital Markets Authority.

Clause 6

Functions and powers of the Authority

In fulfilling its regulatory and supervisory obligations as stipulated in this Act, the Authority, in conjunction with the joint regulatory sandbox, shall:

a. register and licence virtual asset service providers,
b. register token issuers in accordance with the established framework;
c. effectively regulate, monitor and supervise virtual assets service providers and token issuers;
d. provide directives to licence holders and take necessary enforcement actions when warranted;
e. undertake any other actions and initiatives deemed essential for the effective implementation and enforcement of the provisions outlined in this Act.

The Authority may make such rules and regulations as it thinks fit for the purposes of this Act, the rules and regulations made under this sub-section may provide for:

a. the taking of fees and levying of charges;
b. prudential standards in respect of:

i. disclosures and representation to consumers and users;
ii. risk management;
iii. custody of client assets;
iv. cybersecurity;
v. financial reporting;
vi. statutory returns; and
vii. a virtual asset register for any person who holds a virtal asset;

b. any other matter falling under the purview of tis Act.

Any rules and regulations under sub-section (1) shall require the approval of the Sandbox and shall be published in the Gazette.

For sub-clause (2):

a. the taking of fees and levying of charges will generate revenue for the National Government; and
b. risk management practices can identify, assess, mitigate and monitor risks effectively, enhancing the safety and stability of the market. This protects investors, consumers and the integrity of the financial system; and
c. prudential standards related to cybersecurity aim to safeguard virtual asset infrastructure, systems and data from access by unauthorized persons. By implementing cybersecurity measures, virtual asset service providers can mitigate the risk of cyber incidents, data breaches, and theft of virtual assets. Secondly, this clause is silent on the functions and membership of the joint regulatory sandbox. We propose that the inclusion of these omissions as it will enhance clarity

Clause 7

Request for information
The Authority may, by notice in writing, require a person to furnish to the Authority, at such time and place and in such form as may be prescribed, information and documentation, with respect to a virtual assert service.

A person in sub-section (1) may include:

a. any person who is, was or appears to be or to have been, a licence holder;
b. an agent of a licence holder;
c. an intermediary involved in a virtual asset service; or
d. a person who issues, or appears to have issued a virtual token.

The Authority may request a licence holder to appear before the Authority or a person appointed by the Authority, at such time and place as it may specify, to answer questions and provide information and documentation with respect to a virtual asset service or token offering or an offer issued by the virtual asset service provider.


For sub-clause (1), this provision strengthens regulatory oversight of virtual asset services. The Authority can assess the operations, activities and risks associated with virtual asset service providers, ensuring compliance with regulatory requirements.

For sub-clause (3), the ability to request license holders to appear is an effective information gathering tool of the Authority. The Authority can directly question license holders and obtain clarifications. This enables the Authority to make informed decisions and take appropriate regulatory actions to address any deficiencies or risks identified.
"



PART III – JOINT VIRTUAL ASSETS REGULATORY SANDBOX

Clause 8

Establishment of the Joint Virtual Assets Regulatory Sandbox

There is established the Joint Virtual Assets Regulatory Sandbox.

The Sandbox shall be an operating framework managed by the Authority in order to facilitate and support the development of an efficient and globally competitive virtual assets sector in Kenya.
The Bill proposes the establishment of the Sandbox that would manage the operational framework and to oversee all regulatory concerns with respect to virtual assets.

The Sandbox would thereafter be managed by the Authority who would have oversight over the Sandbox, including being responsible for the issuance of licenses once the Sandbox approves an application. The regulatory sandbox was originally an initiative that allowed innovative platforms/technology to operate in a controlled environment and supervised by the Authority, so as to assess and/or analyze the risks.

Clause 9

Objectives of the Sandbox

The Sandbox shall pursue the following objectives:
a. running a one-stop shop that manages and oversees all regulatory concerns and queries raised with respect to virtual assets across government agencies;
b. encouraging cooperation and collaboration with all relevant authorities in mutually beneficial areas, including but not limited to information sharing, legal and policy issues, regulation and supervision approaches/frameworks, fostering financial stability surveillance, assessment, and analysis, communications and public relations, investigation and enforcement, and capacity building;
c. establishing and sustaining an efficient operational framework conducive to the deployment of diverse innovative virtual asset services and business models. This involves a continuous review and adaptation of regulatory requirements that might inadvertently impede investor-friendly innovations or render them non-viable within existing regulations;
d. facilitating the deployment and testing of innovative virtual assets-related products, solutions, and services in a live environment before their introduction to the broader market. Such activities shall be conducted within specified parameters and timeframes; and
e. accelerating the government's comprehension of virtual assets and endorsing evidence-based approaches to regulation that advance the objectives of consumer empowerment, protection, ease of doing business, and the creation of an investor-friendly and innovations-friendly ecosystem.

The Sandbox provides a structured approach for assessing and mitigating risks associated with emerging virtual asset technologies and services. The Authority can closely monitor sandbox participants, identify potential risks and implement appropriate risk management measures to safeguard users and investors.


Clause 10

Functions of the sandbox

The Sandbox shall pursue the following functions:

a. Collaborative Regulatory Oversight: The Sandbox shall collaborate with the Authority to review applications for the registration and licensing of virtual asset service providers. This ensures a comprehensive regulatory assessment that balances innovation with adherence to established standards.
b. The Sandbox shall provide the eligibility, application, safeguard, and testing requirements for firms interested in live testing of innovative products, solutions or service with the Sandbox.
c. Inter-Agency Cooperation: The Sandbox shall foster collaboration with relevant authorities on various fronts, including information sharing, legal and policy considerations, regulation and supervision approaches, financial stability surveillance, communications, public relations, investigation, enforcement, and capacity building. This cooperative approach ensures a holistic and well-informed regulatory landscape.
d. Operational Framework Management: The Sandbox shall establish and maintain an efficient operating framework designed to attract and retain firms within the Sandbox. This involves continuous evaluation and adjustment to meet the evolving needs of innovative market participants while maintaining regulatory integrity.
e. Strategic Recommendations: The Sandbox shall work in conjunction with relevant agencies to develop and recommend strategies and incentive structures that align with national objectives. This collaborative effort aims to attract firms to the Sandbox, fostering an environment conducive to financial innovation.
f. The Sandbox shall facilitate the deployment and testing of innovative virtual assets-related products, solutions, and services in a live environment before their introduction to the broader market. Such activities shall be conducted within specified parameters and timeframes.
g. Advise the national government on all matters relating to virtual assets and endorse evidence-based approaches to regulation that advance the objectives of consumer empowerment, protection, ease of doing business, and the creation of an investor-friendly and innovations-friendly ecosystem.
h. Promote investor education and other conditions that facilitate innovation and development of virtual asset businesses within Kenya.


For paragraph (b), by providing clear eligibility criteria and application requirements, the Sandbox offers transparency to firms interested in participating. This clarity enables firms to understand the prerequisites for entry and ensures a fair and standardized application process.

For paragraph (c), collaboration with relevant authorities ensures that regulatory efforts are coordinated and aligned across different areas. This holistic approach addresses emerging challenges and opportunities comprehensively, resulting in a more effective and coherent regulatory framework.

For paragraph (d), an efficient operating framework attracts innovative firms to participate in the sandbox. By providing clear guidelines, streamlined processes and supportive infrastructure, the Sandbox becomes an attractive environment for firms looking to test new products, services and business models.

For paragraph (f), testing innovative products, solutions and services in a controlled environment within the Sandbox allows firms to identify and mitigate potential risks before introducing them to the broader market. This helps minimize the impact of any unforeseen issues on consumers and investors.

For paragraph (h), investor education equips individuals with the knowledge and skills to make informed decisions about virtual asset investments. By promoting understanding of virtual assets, their risks and potential rewards, investors can better assess investment opportunities and protect themselves from potential scams or frauds.

Clause 11

Powers of the sandbox

The Sandbox shall have powers to:

a. develop rules, guidance and codes of practice in connection with the conduct of virtual asset business and initial token offerings;
b. issue and publish notices, guidelines, guidance notes, any other similar instrument and provide feedback to virtual asset service providers and issuers of initial token offerings to assist them in detecting and reporting suspicious transactions and application of measures to combat money laundering and financing of terrorism and proliferation:

i. in connection with the conduct of virtual asset service providers and issuers of initial token offerings;
(ii) regarding the interpretation, application and enforcement of this Act;
(iii) regarding any regulations or rules made under this Act;

c. In collaboration with the CBK, ensure the financial soundness and stability of the financial system in Kenya in respect of virtual assets in respect of matters falling under the purview of this Act;
d. The Sandbox shall in consultation with the Cabinet Secretary, establish such technical committees and as may be necessary for the better carrying of its functions.

If, at any time, the Sandbox has reason to believe that the business of a licence holder is being conducted in:

a. a manner contrary to the requirements of the Act, this Act or regulations and guidelines issued by the Sandbox or in any manner detrimental to or not in the best interests of its customers or members of the public; or
b. a licence holder or any of its officers is engaged in any practice likely to occasion a contravention of any of the provisions of the Act, or any Regulations or guidelines thereunder,the Sandbox may:

(i) give advice and make recommendations to the licence holder with regard to the conduct of its business;
(ii) issue directions regarding measures to be taken to improve the management or business methods of the licence holder or to secure or improve compliance with the requirements of the Act, the Regulations or guidelines issued or any other written law or regulations; or
(iii) in any case to which paragraph (b) applies, issue directions to the licence holder, officer or other person to cease and desist from such practice.

The Sandbox may, before issuing any directions under this Act, serve upon the licence holder, officer or other person, a notice of such intent specifying the reasons therefore and requiring the licence holder, officer or other persons, within such period as may be specified in the notice, to show cause why such direction should not be issued.

A licence holder which receives any directions under the provisions of this Act shall comply with the directions within- such period as may be specified in the direction and, if so required, produce evidence of compliance.

The Sandbox may issue directions to licence holders generally for the better carrying out of its functions and in particular, with respect to:

a. the standards to be adhered to by a licence holder in the conduct of its business; and
b. guidelines to be adhered to by licence holders in order to maintain a stable and efficient financial system.
Sub-clause (1)(b) provides that the Authority shall establish prudential guidelines and standards that a licence holder must adhere to. However, these are yet to be published. As the Bill already provides for an operational framework for undertaking virtual asset business, the proposed prudential guidelines should first ensure that it is not in conflict with the Bill, and secondly that they do not over-regulate virtual asset businesses. The Authority should ensure that the proposed prudential guidelines should not impose stringent requirements that virtual asset service providers are unable to meet/comply with. This would ultimately be restrictive to the industry as a whole.

Clause 12

Composition of the Sandbox

The Regulatory Sandbox shall comprise of relevant entities, ensuring a holistic and well-informed regulatory approach. They shall include:

a. Capital Markets Authority: As the primary regulatory body overseeing capital markets, CMA provides valuable insights and regulatory expertise to ensure the Sandbox aligns with broader market dynamics.
b. Central Bank of Kenya("CBK"): The CBK, being the nation's central monetary authority, contributes to the committee with a focus on monetary policy considerations, financial stability, and regulatory coordination on any intersection with the payments and banking industry.
c. Financial Reporting Centre ("FRC"): FRC, specialising in anti-money laundering and counter-terrorism financing efforts, brings a crucial perspective to the committee to address and mitigate financial integrity risks within the sandbox.
d. Ministry of ICT: Representing the government's information and communication technology arm, the Ministry of ICT contributes to the committee with expertise in technology policy and its implications on financial innovation.
e. Nairobi International Financial Centre ("NIFC"): NIFC plays a pivotal role in positioning Kenya as an international financial hub, contributing strategic insights to foster an environment conducive to global financial competitiveness.
f. Two Representatives of the Virtual Assets and Virtual Asset Service Provider industry to ensure that the committee is well-informed about the specific needs and challenges faced by blockchain-related businesses within the Sandbox.
By including representatives from diverse entities, the Sandbox benefits from a wide range of expertise. This ensures that all relevant aspects, including regulatory, monetary, financial integrity, technology policy and industry-specific considerations, are adequately addressed.

For paragraph (a), we propose the deletion of the word "CMA" and replacing it with the words "the Authority" The rationale foe this proposal is that the term "Authority" has been defined in clause 2 of the Bill to refer to the Capital Markets Authority.

Clause 13

Regulatory Sandbox Oversight Committee

The management of the Sandbox shall vest in an oversight committee which shall be comprised of the following committee members:

a. a chairperson appointed by the Authority;
b. a committee member representing CBK who shall represent CBK’s regulatory interests in the virtual assets space and shall be responsible for matters relating to the intersection between virtual assets and banking industry, payments industry as well as monetary policy;
c. a committee member representing FRC specialising in anti-money laundering and counter-terrorism financing efforts, brings a crucial perspective to the committee to address and mitigate financial integrity risks within the sandbox.
d. a committee member representing NIFC who shall make contributions on strategic insights to foster an environment conducive to global financial competitiveness.
e. a committee member representing the ODPC who shall be responsible for matters relating to data protection and privacy rights;
f. a committee member representing the ministry of ICT responsible for innovation;
g. a committee member appointed by the association responsible for matters relating to representing business interests of virtual assets service providers, token issuers and consumers of virtual asset services;

The members of the oversight committee: shall work collectively to guide the Sandbox's policies, ensuring they remain responsive to market developments, supportive of innovation, and aligned with national regulatory objectives.

A person qualifies to be appointed as the chairperson under subsection (1)(a) if the person:
a. holds a degree from a university recognized in Kenya;
b. has at least fifteen years' experience at a senior management level in:

(i) finance, economics, banking, insurance or capital markets;
(ii) corporate or financial services law; or
(iii) any other field that is relevant to the functions of the Authority; and

c. meets the requirements of Chapter Six of the Constitution of Kenya.

A person qualifies to be appointed as a committee member under subsection (1)(b) to (g) if the person:

a. holds a degree from a university recognized in Kenya;
b. has a demonstrable level of knowledge and experience in:

(i) virtual asset services industry;
(ii) finance, economics, banking, insurance or capital markets;
(iii) corporate or financial services law; or
(iv) any other field that is relevant to the functions of the Sandbox; and

c. meets the requirements of Chapter Six of the Constitution of Kenya.

For sub-clause (1)(a), we propose that the chairperson is appointed through a fair, transparent and competitive process. This proposal has the following benefits:

a. a fair, transparent and competitive appointment process ensures that candidates are evaluated based on their qualifications, skills and experience. This helps to attract and select the most suitable individual, contributing to the overall effectiveness and efficiency of the Committee; and
b. this proposal ensures that appointments are done in a fair and transparent manner in accordance with the values and principles set out in the Constitution.

For sub-clause (1), the Committee has an odd number of members. This is a good proposal. When there’s an even number of members who can vote, there’s a greater risk of deadlocks. This makes it difficult for the Committee to make decisions, resolve conflicts or move forward with its agenda. An odd number ensures that there will always be a majority decision.

For sub-clauses (3) and (4), specifying qualifications in the Bill provides clear and standardized criteria for eligibility in a particular position. This clarity helps both applicants and decision makers understand the minimum requirements for the role.

The addition of sub-clauses (3)(c) and (4)(c) is a good proposal. Leadership and integrity principles ensure that persons appointed to government positions possess a strong commitment to ethical conduct.


PART IV – LICENSING AND REGISTRATION

Clause 14

Requirement to be licensed

No person shall carry out the business activities of a virtual asset service provider in or from Kenya unless such person is the holder of a virtual asset service provider’s licence issued under this Act.

Any person who contravenes subsection (1) shall commit an offence and shall, on conviction, be liable to a fine not exceeding 20 million Kenyan Shillings or and to imprisonment for a term not exceeding five (5) years.

For purposes of this Act, a person carries on business as a virtual asset service provider if:

a. irrespective of their physical location, whether in or outside Kenya, the person offers a virtual asset service to persons resident in Kenya; or
b. the person is registered or incorporated under the laws of Kenya and offers a virtual asset service to persons in or outside Kenya.
Application of the Bill to persons outside Kenya – The Bill is intended to apply to persons offering virtual asset services to Kenyans irrespective of the physical location the activity is undertaken. However, enforcement of the Bill would be difficult where such services are provided from persons outside Kenya. We therefore recommend that this scope be amended to only apply to virtual asset providers based in Kenya.

Clause 15

Tiered-licencing model

A person shall be eligible to carry out business activities of a virtual asset service provider in or from Kenya if they obtain and hold either of the licences as stipulated in the Third Schedule:

(1) Class A: Virtual assets exchanges

(a) persons who provide services related to a virtual assets exchange including platforms which facilitates the:

i. issuing listing, buying and selling of virtual assets,
ii. exchange between one or more forms of virtual assets,
iii. trading including peer-to-peer trading of virtual assets.

(b) In addition to the Class A services, such person wishes to provide some or all other services listed under classes B,C, D and E

(2) Class B: Custodial services and Wallets

a. Issued to providers of:

(i) virtual assets custodial services;
(ii) provides custodial wallet services;

b. In addition to the Class C services, such person wishes to provide some or all other services listed under classes D and E

(3) Class C: Payment Orchestration / On-Ramps and Off-Ramps

(a) Persons who operate as an on-ramp or off-ramp service provider facilitating exchange or conversion from virtual assets to fiat currency and vice-versa;
(b) Operators of a virtual assets payment service provider or transfer of assets utilising virtual assets;
(c) In addition to the Class B services, such person wishes to provide some or all other services listed under classes C, D and E

(4) Class D - Token Issuers

(a) Persons who operate as issuers of tokens;
(b) participates in and provides advisory services related to an issuer’s offer or sale of a virtual asset as may be prescribed;

(5) Pilot Programs

(a) Before engaging in a comprehensive and widespread implementation of virtual asset services, any individual or entity desiring to undertake a restricted, closely monitored, and temporary initiative aimed at evaluating the feasibility, performance, and effectiveness of virtual asset-related concepts, approaches, technologies, or services may acquire a pilot program licence.
(b) The pilot program licence, granted under this provision, shall have the following characteristics:

(i) It is a temporary permit valid for a specified period, not exceeding 4 calendar months.
(ii) It is restricted to a maximum of 10,000 product users.
Any other guidelines as may be prescribed by the sandbox.
The Bill provides for various classes of licensing, including a licence for a pilot program to undertake a restricted, closely monitored, and temporary initiative aimed at evaluating the feasibility, performance, and effectiveness of virtual asset-related service. This may stifle innovation as the requirements for applying for a licence under the Bill may be restrictive to persons launching a pilot program for purposes of assessing a virtual asset-related service.

Clause 16

Application for licence

A person who wishes to carry out or participate in a virtual asset services shall apply for a virtual asset service provider licence or issuer of initial token offerings licence as provided for under Section 17 of this Act.

An application for licensing and registration shall be made to the joint regulatory sandbox in the prescribed form.

An application in subsection (1) shall be accompanied by:

a. certified copy of the certificate of incorporation of the applicant;
b. a certified copy of the Memorandum and Articles of Association of the applicant;
c. notification of the applicant’s registered address;
d. a certified copy of the Memorandum and Articles of Association of any corporate body that has a significant shareholding in the applicant;
e. a description of the distributed ledger technology system to be used in the applicant’s operations and an independent assurance on the systems;
f. a description of delivery channels or platforms to be deployed by the applicant;
g. a description of, and terms and conditions of virtual assets products and services which the applicant intends to provide;
h. policies and measures to be adopted by the applicant to meet its obligations under this Act,the Proceeds of Crime and Anti- Money Laundering Act, 2009 and the United Nations (Financial Prohibition, Arms Embargo and Travel Ban) Act 2019 relating to anti-money laundering and combating the financing of terrorism and proliferation;
i. the applicant’s data protection policies and procedures;
j. the applicant’s consumer redress, mechanisms policies and procedures;
k. a description and evidence of sources of funds to be invested in the applicant;
l. the names and addresses of the shareholders in the prescribed form;
m. duly filled fit and proper forms for the directors, chief executive officer and senior officers and significant shareholders in the prescribed form,
n. the applicant’s corporate governance policy;
o. certificate of good conduct, tax compliance certificate and credit reference bureau report for each of the applicant’s individual significant shareholders, directors, chief executive officer and senior officers;
p. a sworn declaration signed by every officer as specified in the prescribed form; and
q. any other information as may be required by the authority.
r. a business plan or feasibility study setting out, amongst others, the nature and scale of the business activities proposed to be carried out;
s. particulars of the applicant’s arrangements for the management of its business activities;
t. a non-refundable application fee set out in the Second Schedule;

The sandbox may require an applicant to:

a. give such other information, document or report in connection with the application upon giving the applicant 14 days’ written notice; and
b. have any information submitted in support of the application verified at the cost of the applicant.

The sandbox shall not be bound to deal further with the application until the requirements under this section are satisfied.

We propose the addition of timelines in this clause. This proposal ensures that the application form is reviewed by the joint regulatory sandbox within a prescribed period without delays.


Clause 17
Withdrawal of an application for a licence

An applicant may withdraw an application by giving seven days’ written notice, including the reasons thereof, to the Authority at any time before the determination of the application.

Granting an applicant the option to withdraw their application provides them with flexibility in managing their business operations and regulatory compliance. This flexibility allows applicants to reassess their readiness or strategic considerations without being bound by the licensing process.

Clause 18

Designation of compliance officer

Every virtual assets service provider shall, in writing, designate in writing a compliance officer to coordinate all compliance matters with the Authority.

We propose the deletion of the words “in writing” appearing after the words “designate”. This proposal seeks to correct the error present in this clause.
Clause 19

Determination of application

Subject to this Act and to the applicable Acts, the Sandbox shall review all such information, documents and reports as the relevant authorities may require in order to reject or grant the application.

Upon approval by the Sandbox, the Authority shall grant the relevant licence to the applicant.

The Authority shall not grant an application unless it is satisfied that:

a. the application complies with this Act;
b. the criteria set out for the grant of the licence are met;
c. the applicant has adequate resources, infrastructure, staff with the appropriate competence, experience and proficiency to carry out the business activities of a virtual asset service provider;
d. the applicant has adequate arrangements for proper supervision of everything done under the licence so as to ensure compliance with this Act, the applicable Acts and the conditions of the licence;
e. the applicant and each of its controllers, beneficial owners, their associates and officers are fit and proper persons to carry out the business activities to which the licence is sought;
f. the applicant, once licensed, will satisfy criteria or standards, including prudential standards, issued by the Authority; and
g. no prejudice would be caused or would ensue to the financial services industry or any part thereof, if the application is granted.

The Authority may, in addition to section 20, take into account:

a. the virtual asset business activities proposed to be carried out by the applicant;
b. the capacity of the applicant to carry out the business activities;
c. any inte6rnational standard relating to a virtual asset business;
d. any information obtained from a competent authority or comparable body; and
e. whether the granting of a licence to the applicant may pose a risk to purchasers, investors or the public.

For sub-clause (3), we propose the deletion of the words “an application” and replacing it with the words “a licence”. The rationale for this is that sub-clause (2) has clearly staated that a licence will be issued by the Authority to the applicant upon approval by the Sandbox.
For sub-clauses (1) and (2), we propose the addition of the words "joint regulatory" appearing before the word "sandbox". Clause 6(1)(a) of the Bill states that a virtual asset service provider shall be registered and licenced by the Authority, in conjunction with the joint regulatory sandbox.

Clause 20

Issuance of the licence

The Authority shall, upon approval by the sandbox and satisfied that the applicant meets the requirements of this Act, grant a licence to the applicant, within sixty days of submission of a complete application.
The addition of timelines in this clause is a good proposal as it ensures that a licence is issued by the Authority to the applicant within a prescribed period without delays.

Secondly, we propose the addition of the words "joint regulatory" appearing before the word "sandbox". Clause 6(1)(a) of the Bill states that a virtual asset service provider shall be registered and licenced by the Authority, in conjunction with the joint regulatory sandbox.

Clause 21

Duration and Renewal

The duration of each licence shall be the period of 18 calendar months.

An application for the renewal of a licence shall be submitted to the Authority in Form 1 set out in the Third Schedule.

The application shall be submitted together with:

a. the fees set out in the Second Schedule; and
b. annual Reports as prescribed under this Act.

For sub-clause (1), renewing a licence after 18 calendar months provides an opportunity for both the Authority and licence holder to review the licence holder’s compliance with regulations and ethical standards.

By requiring renewal every 18 months, the Authority can maintain closer oversight of license holders. This allows the Authority to promptly identify any emerging risks or compliance issues and take appropriate actions to address them, thereby safeguarding consumers and maintaining market integrity.

Clause 22

Fast-Track Licensing

In instances where an applicant has already satisfied all requirements and holds a valid licence in countries listed in First Schedule, the applicant, upon submission and verification of their registration, shall be expediently granted automatic licensing upon payment of the applicable licensing fees.

We propose the deletion of the word “First” appearing before the word “Schedule” and replacing it with the word “Second.”. The fast-track licensing countries have been listed in the Second Schedule of this Bill.

Clause 23

Variation of licence

An application to vary or remove any limitation imposed on the scope of a licence, including the period of validity of the licence, shall be made in such form and manner as the Authority may approve and shall be accompanied by such:

a. information and documents as the Authority may require; and
b. fee as prescribed in the Schedule of the Act.

We propose the addition of timelines in this clause. This proposal ensures that the application for variation of a licence is reviewed by the Authority within a prescribed period without delays.

Clause 24

Material change to licensed virtual assets service business activities

No virtual asset service provider shall, without the prior written approval of the Authority:

a. modify the scope of its licensed virtual assets services and business activities;
b. reorganise its legal structure;
c. merge with another entity; or
d. change its name.

This clause allows the Authority to maintain close oversight of virtual asset service providers. By reviewing and approving changes, the Authority can ensure that virtual asset service providers continue to operate within the boundaries of their license and comply with regulatory requirements.

Secondly, the approval process allows the Authority to assess potential risks associated with the proposed changes. This will assist in risk mitigation as the Authority will not accept changes that will have a detrimental effect on the virtual asset sector in Kenya.

Clause 25

Request to cease virtual asset business

A licence holder may, in such form and manner as may be prescribed, make a request to cease activities or operations as a licence holder.

A licence holder under subsection (1) shall, within seven days of submitting the request, submit a written plan to the Authority setting out the steps the licence holder will follow to cease the virtual asset business.

The plan in subsection (2) shall state:

a. the full names and registered address of the person who will manage the licence holder’s cessation of the virtual asset business;
b. the period required to cease the business operations;
c. the manner in which customer files or accounts will be closed and secured;
d. customer notification procedures; and
e. customer transfer procedures, if applicable.

The Authority shall, upon receipt of the plan under subsection (2), supervise and monitor the execution of the plan.

The Authority may, in the public interest and for purposes of this section, give directions to the licence holder and the licence holder shall comply with such directions.
The Bill proposes a procedure for cessation of operations of a virtual assets service provider, including making a request to the Authority to cease its operations and submitting a written plan setting out the steps a licence holder will follow to cease the virtual assets business. This requirement is also restrictive to virtual assets businesses as it would increase costs and requirements in the event a provider intends to cease business.
PART V – CORE CAPITAL REQUIREMENTS

Clause 26


A licence holder that has custody of one or more virtual assets for a customer shall:

a. maintain, in its custody, a sufficient amount of each type of virtual asset as prescribed under the Third Schedule, in order to meet the licence holder’s obligations to the customer;
b. meet all financial requirements, as may be prescribed; and
c. meet the core capital requirements as prescribed in the Third Schedule.

By mandating license holders to maintain sufficient virtual assets in custody to meet their obligations to customers, this proposal ensures that customers' virtual assets are adequately safeguarded. It reduces the risk of insolvency or default by the license holder, thereby enhancing customer protection and trust in the licence holder.

Secondly, we propose that the heading of this paragraph is included. This proposal enhances uniformity throughout the Bill as each clause in the Bill will have a heading.

Clause 27

A licence shall not be granted to a virtual asset service provider unless the institution meets the minimum capital requirements specified in the Third Schedule.

The Authority may, by order published in the Gazette, amend the Third Schedule.

The Bill provides for core capital requirements for licence holders under the Third Schedule. However, the core capital requirement varies from the minimum core capital requirement with respect to Class C, Class D and Pilot Program licences, such that the core capital requirement is less than the minimum core capital requirement. We propose that these are aligned to avoid contradiction.

Secondly, we propose that the heading of this paragraph is included. This proposal enhances uniformity throughout the Bill as each clause in the Bill will have a heading.
PART VI – FIT AND PROPER REQUIREMENTS

Clause 28

The Authority may, on application made above, issue a licence under this Act where:

a. in the case of a natural person, the applicant is a fit proper person as defined under the seventh schedule of this Act and resident in Kenya;
b. in the case of a legal person, the applicant, its beneficial owners, their associates and officers are fit and proper persons as defined under Fourth Schedule of this Act to carry out virtual asset business activities for which the licence is sought; and
c. the applicant has adequate resources, infrastructure, staff with the appropriate competence, experience and proficiency to carry out the business activities of a licence holder.

For paragraph (a), we propose the addition of the word “and” immediately after the word “fit”. This proposal seeks to remedy the omission present in this paragraph.

For paragraph (a), we propose the deletion of the word “seventh” appearing before the word “schedule” and replacing it with the word “fourth”. The Fourth Schedule of the Bill contains provisions on the fitness and propriety requirements of a licence holder.

Thirdly, we propose that the heading of this clause is included. This proposal enhances uniformity throughout the Bill as each clause in the Bill will have a heading.

Clause 29

The Authority shall, in addition to the other relevant requirements, when determining whether a person is fit and proper as per section 22 above, have regard to the:

a. financial status or solvency of the person;
b. competency of directors, shareholders, senior management or any other officer which shall include academic credentials, education or other qualifications and experience of key personnel, taking into account the nature of the role or functions that the person will perform;
c. adequate resources, infrastructure, staff with the appropriate competence, experience and proficiency to carry out the business activities of a licence holder.
d. experience in the virtual assets industry and demonstrated ability of the person to carry on the virtual asset business competently, honestly and fairly;
e. ability of the person to ensure a satisfactory standard of governance and operational conduct; and
f. reputation and character:

i. where the person is a natural person, of the natural person, or
ii. where the person is a legal person, of the legal person, its directors, shareholders, senior management or any other officer.

For sub-clause (1), we propose the deletion of the words “section 22” and replacing it with the words “section 28”. The rationale for this proposal is that clause 22 of the Bill contains provisions on fast-track licensing.

Secondly, we propose that the heading of this clause is included. This proposal enhances uniformity throughout the Bill as each clause in the Bill will have a heading.

PART VII - SUSPENSION AND SURRENDER OF LICENCE AND REGISTRATION

Clause 30

Suspension or revocation of licence and registration

The Authority may suspend or revoke a licence of a virtual assets service provider licence, if the licence holder:

a. is not a fit and proper person to provide a virtual asset service or issue initial token offering in terms of this Act;
b. does not fulfil the requirements of, or has contravened, any of the provisions of this Act, or has failed to satisfy or comply with any obligation or condition to which the licence is subject to;
c. furnished, the Authority with information which is false, inaccurate or misleading;
d. has obtained the licence by making false statements or by any other irregular means;
e. has not commenced the virtual asset business that the licence holder is authorised to provide within 12 months, from the date of issue of the licence, or has ceased to provide the virtual asset service;
f. makes a request for the suspension or revocation of the licence; or
g. does not meet or has contravened any of the licensing conditions;
h. fails to pay annual fees or a monetary penalty that is imposed by the Authority;
i. ceases to carry on the business of a virtual assets service provider;
j. goes into liquidation or an order is issued for its winding up;
k. violates anti-money laundering laws or combating the financing of terrorism laws;

The Authority shall cause the names of the licence holders whose licences have been suspended or revoked to be published in the
Gazette within thirty days of the suspension or revocation.

Where a licence has been revoked, the Authority may, by notice in writing permit the licence holder, subject to such conditions
as the Authority may specify in the notice, to carry on business operations for the purpose of closing down the business connected with the revocation.

For sub-clause (1), revoking or suspending the license of a virtual asset service provider protects consumers from potential harm or exploitation. It prevents unscrupulous operators from continuing to engage in fraudulent or deceptive practices that could lead to financial losses for consumers.

For sub-clause (2), publishing the names of license holders whose licences have been suspended or revoked in the Gazette serves as a deterrent to other virtual asset service providers. It underscores the consequences of non-compliance with the provisions of the Bill to avoid facing similar sanctions.


Clause 31

Notice of intention to suspend or revoke licence

Where the Authority makes a decision to:

a. vary any condition to which the licence is subject or to impose a condition thereon; or
b. suspend or revoke a licence, the Authority shall give the licence holder 21 days’ written notice of its intention to do so, setting out the reasons for the decision it proposes to take.

A licence holder may, within 14 days after receipt of the notice given under subsection (1), make written representations to the Authority, stating reasons why the proposed decision should not be taken, and the Authority shall consider any representation so made before arriving at a final decision.

The Authority may, where it is satisfied that the licence holder fulfils the requirements of this Act, lift the suspension on such conditions as it may consider necessary, including varying any condition to which the licence is subject or imposing further conditions thereon.

The suspension of the licence of a virtual asset service provider or registration of a token issuer shall operate as the suspension of the licence or registration or similar permission granted to the agent or representative of the licence holder, as may be applicable.

Where the licence of a licence holder is suspended, the licence holder shall cease to carry out the business activities authorised by the licence or registration, but shall remain subject to the obligations under this Act and to the directions of the Authority until the suspension of the licence or registration is cancelled.

For sub-clause (2), providing the virtual asset service provider with an opportunity to make written representations ensures fairness and due process. It allows the virtual asset service provider to present its side of the story, address any misunderstandings and provide context on mitigating factors that the Authority may not have been aware of previously.


Clause 32

Suspension or revocation of licence without notice


The Authority may:

a. suspend a licence, without notice, where the Authority considers that an immediate suspension is necessary to protect the public;
b. revoke a licence, without suspension, where the licence holder has made a request for the revocation; or
c. immediately revoke a licence, without suspension, where the Authority considers it necessary to do so in the public interest.

We propose the deletion of this clause. Suspending or revoking a licence without prior notice deprives the licence holder of the opportunity to defend itself or address any concerns raised by the Authority, This violates the principles of due process and procedural fairness.

Clause 33

Surrender of Licence and Registration

A virtual asset service provider or an issuer of initial token offerings may voluntarily surrender its licence or registration, as the case may be, by giving written notice to the Authority, and such surrender shall be irrevocable.

Where the licence of a virtual asset service provider or registration of an issuer of initial token offerings is voluntarily surrendered, the licence holder shall, where so requested by the Authority, not later than 7 days after submitting its written notice of surrender, prepare and submit a written plan to the Authority setting out the steps it will follow to cease its business activities.

The plan required under subsection (2) shall contain the following information:

a. the person who will manage the cessation of business activities of the virtual asset service provider or issuer of initial token offerings;
b. the length of time required to cease business activities;
c. the manner in which client files will be closed and secured;
d. client notification procedures;
e. client transfer procedures, where applicable; and
f. such other information as the Authority may, in the circumstances, require.

Upon the Authority’s approval of a plan submitted by the licence holder, the Authority:

a. shall supervise the execution of the plan; and
b. may give directions to the licence holder to protect the interest of investors or purchasers, which the licence holder shall comply with.

Surrendering the licence voluntarily allows the virtual asset service provider to avoid potential enforcement actions or penalties by the Authority. It provides an opportunity to exit the market in a controlled manner without facing legal repercussions.

Secondly, voluntary surrender of the licence provides the virtual asset service provider with an orderly exit strategy from the virtual asset business. It allows the virtual asset service provider to wind down operations in an organized manner, minimizing disruption to customers and stakeholders.

Clause 34

Assignment and transfer of licence or beneficial ownership

The licence granted under this Act shall not be transferred, assigned or encumbered in any way without prior written approval of the Authority.

By requiring approval for any transfer or assignment of a license, the Authority ensures that consumers are protected from potential risks associated with changes in ownership. It allows the Authority to assess the suitability and qualifications of new owners, which safeguards the interests of consumers.

Clause 35

Register of virtual asset service providers and issuers of virtual token offerings register

The Authority shall establish and maintain a register of virtual asset service providers which shall be published on its website open for inspection to any member of the public.

Without limiting the generality of subsection (1), the register shall state:

a. the full names and registered address of the licence holder, including the address of the virtual asset business, if different;
b. the licence class, in respect of the virtual asset business, held by a licence holder, including any licence issued, or registration, by a comparable body with respect to the virtual asset business;
c. virtual asset services provided by the licence holder;
d. the date on which the licence was issued;
e. the expiry date of the licence, as may be applicable;
f. the names of the principal contact person of the licence holder;
g. any conditions imposed by the Authority on the virtual asset business or licence; and
h. any other information as the Authority may consider necessary.

A licence holder to which an entry in the register relates, shall as soon as practicable after the licence holder becomes aware of any error in the entry or any change in circumstances that is likely to have a bearing on the accuracy of the entry, give notice in writing to the Authority of the error or change in circumstances, as the case may be.

By making information about licensed service providers readily accessible to the public, the register enables consumers to verify the legitimacy of entities offering virtual asset services. This helps to protect consumers from fraudulent or unlicensed operators and reduces the risk of financial harm.

Clause 36

Appeals against decisions of the Authority

Any person aggrieved by any direction given by the Authority to such person or by a decision of the Sandbox for:

a. refusing to grant a licence;
b. imposing limitations or restrictions on a licence;
c. suspending or revoking a licence;
d. refusing to approve an application by a token issuer; or
e. refusing to grant compensation to an investor who has suffered pecuniary loss resulting from failure of a licence holder, to meet his contractual obligations,

may appeal to the Capital Markets Tribunal (“the Tribunal”) against such directions, refusal,
limitations or restrictions, cancellations, suspension or removal, as the case may
be, within fifteen days from the date on which the decision was communicated to such person.

The Capital Markets Tribunal may require the Authority or the Sandbox to show cause for its action or decision, and may affirm or, after affording the Authority or the Board an opportunity to be heard, set aside such action or decision.

We propose that a person who is dissatisfied with the Tribunal’s decision may appeal to the High Court, with a further appeal allowed to the Court of Appeal. This proposal provides legal redress to a person who is dissatisfied with a decision of the Tribunal.

For sub-clause (1), we propose the addition of the words "joint regulatory" before the word "sandbox". Clause 6 of the Bill indicates that licensing and registration of virtual asset service providers will be done by the Authority, in conjunction with the joint regulatory sandbox.

PART VIII - OBLIGATIONS OF LICENCE HOLDERS

Clause 37


A licence holder shall establish systems and controls in the virtual asset business that are adequate and appropriate for the scale and nature of the business activities, including systems and controls which adequately and appropriately address the:

a. recording, storing, protection and transmission of information;
b. effecting and monitoring of transactions;
c. operation of the measures taken for securing the timely discharge, whether by performance, compromise or otherwise, of the rights and liabilities of the parties to the transaction;
d. safeguarding and administration of virtual assets belonging to customers; and
e. business continuity and planning, in the event of a disruption of a virtual asset service.

Mandating appropriate measures for protecting customers' virtual assets safeguards them from loss, theft or unauthorized access. This enhances consumer confidence in the security of their investments and reduces the risk of financial harm.

Secondly, establishing systems for effecting and monitoring transactions enables virtual asset service providers to track and supervise virtual asset transactions effectively. This helps detect and prevent fraudulent activities, money laundering and other illicit transactions.

Thirdly, we propose that the heading of this clause is included. This proposal enhances uniformity throughout the Bill as each clause will have a heading.

Clause 38

Professional conduct of a licence holder

A licence holder shall, in carrying out a virtual asset business:

a. act honestly and fairly;
b. act with due care, skill and diligence;
c. observe and maintain a high standard of professional conduct;
d. ensure that appropriate measures are put into place for the protection of customer’s virtual assets; and
e. have effective corporate governance arrangements consistent with this Act.

Requiring virtual asset service providers to act with due care and skill helps mitigate risks associated with virtual asset transactions. Virtual asset service providers are more likely to implement robust risk management practices and adhere to regulatory standards, reducing the likelihood of errors or misconduct that could harm consumers.

Secondly, mandating appropriate measures for protecting customer assets safeguards clients' virtual assets from loss, theft or unauthorized access. This enhances consumer confidence in the security of their investments and reduces the risk of financial harm.

PART IX – TOKENS

Clause 39

Offer of tokens and virtual assets

A licence holder who offers a token or a virtual asset shall provide, in the offer:

a. information that is accurate and not misleading;
b. information that is consistent with the information contained in the white paper published in, or with the information required to be in the white paper;
c. a statement that a whitepaper has been or will be published in and the addresses and times at which copies of the whitepaper are or will be available to the public; and
d. information concerning the token offering or the admission to trading on a virtual asset exchange which shall be consistent with the information contained in the white paper.

For purposes of subsection (1), “information” shall include the name of any person endorsing the licence holder’s white paper.

A token issuer shall, in its white paper, provide full and accurate disclosure of information which would allow potential purchasers to make an informed decision.

A token issuer shall publish its white paper by:

a. posting a copy on a website operated and maintained by it, or by a third party for and on its behalf, which shall be readily accessible to, and downloadable by, potential purchasers for the duration of the offer period and for not less than 14 days after the offer period ends; or
b. requiring a signature by every member of the governing body of the licence holder.

A token issuer shall, after it has published a white paper and becomes aware of any information which could affect the interests of purchasers before the close of the offer period, within seven days, give written notice to the Authority and disclose that information by a supplement to the white paper.

A licence holder who fails to comply with subsection (5) commits an offence and is liable to a fine not exceeding kes 300 000 and to imprisonment for a term not exceeding two years, or to both.

Requiring accurate and non-misleading information in token offerings protects investors from fraudulent or deceptive practices. By ensuring that the information provided is consistent and reliable, investors can make more informed decisions about participating in token offerings, reducing the risk of financial loss.

Secondly, consistent and accurate information in token offerings promotes market integrity by preventing market manipulation or unfair practices. When all participants have access to reliable information, it fosters fair and transparent markets, enhancing trust and confidence in the virtual asset industry.

For sub-clause (3), full and accurate disclosure of information enables potential purchasers to make informed investment decisions. By providing comprehensive information about the token, its features, risks and potential rewards, investors can assess the investment opportunity more accurately, reducing the risk of investing in fraudulent or high-risk projects.

The addition od sub-clause (6) is a good proposal as it acts as a deterrence in ensuring that the provisions of this clause are complied with.


Clause 40

Listing of tokens

Virtual assets exchanges and other service providers that list virtual assets on their platforms shall bear primary responsibility for the governance of the admission of the virtual assets trading on their platforms.

Licence holders shall establish and maintain a clear policy outlining the criteria and procedures for deciding which virtual assets to list on their platforms.

Prior to admitting a new token to trading, the virtual assets exchange shall:

a. engage in self-certification and certify to the Authority that the virtual asset intended for listing falls within the relevant definition as per regulatory guidelines; and
b. the exchange shall further certify that the listed virtual asset complies with the platform's predefined requirements for listing.

By bearing primary responsibility for the governance of the admission of virtual assets on their platforms, virtual asset exchanges and other service providers can implement robust standards and criteria for listing virtual assets. This helps ensure that only legitimate and compliant virtual assets are admitted to trading. This enhances market integrity and reduces the risk of fraudulent or low-quality tokens from entering the market.



PART X - CONSUMER PROTECTION

Clause 41

Transaction receipts

A virtual asset service provider shall generate and issue a receipt, or any other acknowledgement of transactions carried out by or with a customer, through electronic means or any other acceptable medium.

A virtual asset service provider shall upon request by the customer generate and issue the customer with a comprehensive statement of transactions carried out by or with the customer.

Providing receipts or statements of transactions enhances transparency for customers, allowing them to track and verify their virtual assets transaction history accurately. This transparency fosters trust between customers and virtual asset service providers. This reduces the risk of disputes or misunderstandings.

Secondly, receipts and statements of transactions serve as essential records for both customers and virtual asset service providers. These records are invaluable for auditing, reconciliation and dispute resolution purposes, helping to ensure accurate financial reporting and regulatory compliance.

Clause 42

Customer complaints resolution

A virtual asset service provider shall establish a complaints redress mechanism, including a dedicated channel for communicating customer complaints, and ensure proper communication of this mechanism to its customers.

A customer complaint shall be resolved promptly, and where immediate resolution is not possible, within thirty days of a customer reporting a complaint to a virtual assets service provider.

A virtual asset service provider shall keep a record of all complaints lodged by customers and the outcome of their resolution.

A virtual asset service provider who fails to comply with this Act shall be liable to assessment of penalties and other administrative sanctions as provided under subsidiary regulations.

For sub-clause (1), a robust complaints redress mechanism reflects positively on the reputation of the virtual asset service provider. Customers are more likely to view the provider favorably if they perceive that their complaints are taken seriously and resolved satisfactorily. This positive reputation can attract new customers and help retain existing ones.

We propose the addition of timelines in sub-clause (2). This proposal ensures that complaints are resolved by the virtual assets service provider within a prescribed period without delays.

For sub-clause (3), by documenting customer complaints and their resolutions, virtual asset service providers demonstrate accountability and transparency in their operations. This record provides a clear trail of how complaints are addressed, ensuring that customers' concerns are taken seriously and resolved appropriately.

Clause 43

Safeguards on consumer protection

A licence holder shall at all times provide safeguards to ensure customer protection to such standards as the Regulatory Authority may determine.

Without derogating from the generality of subsection (1), a licence holder shall have business rules, procedures and an effective surveillance programme that ensure that a virtual asset business is conducted in an orderly manner to provide proper protection to customers, including monitoring for conduct which may amount to market abuse, financial crime or money laundering.

In relation to the protection of personal data relative to the customer, data protection measures consistent with the Data Protection Act and as may be prescribed.

Implementing robust customer protection measures helps mitigate operational risks associated with cyber threats, data breaches and system vulnerabilities. By safeguarding customer data and virtual assets, virtual asset service providers minimize the risk of operational disruptions and financial losses resulting from security incidents.

Clause 44

Consumer education

A licence holder shall be obligated to implement and maintain an effective consumer education program regarding the risks associated with virtual assets.

The consumer education program shall, at a minimum, include:

a. Comprehensive Information: Providing consumers with clear and comprehensive information on the nature and characteristics of virtual assets, including their volatility, potential for price fluctuations, and inherent risks.
b. Security Measures: Educating consumers on best practices for securing and safeguarding their virtual assets, including the use of secure wallets, two-factor authentication, and other relevant security measures.
c. Regulatory Compliance: Informing consumers about relevant legal and regulatory frameworks governing virtual assets, ensuring they are aware of their rights and obligations within the scope of applicable laws.
d. Fraud and Scam Awareness: Alerting consumers to common types of fraud, scams, and deceptive practices within the virtual asset ecosystem, and providing guidance on how to identify and avoid such threats.
e. Investment Risks: Clearly communicating the risks associated with investing in virtual assets, including but not limited to market risks, liquidity risks, and the potential for loss of investment.

The consumer education program shall be regularly updated to reflect changes in the virtual asset landscape, emerging risks, and advancements in technology.

Licence holders shall employ accessible and user-friendly means of communication to disseminate consumer education materials, utilising online platforms, printed materials, or other channels deemed appropriate.

The Authority may in collaboration with the Sandbox, issue consumer protection guidelines or standards to further specify the content and implementation of the consumer education program required under this section.

Failure by a licence holder to fulfil the obligations outlined in this section may result in regulatory sanctions, including but not limited to fines, suspension, or revocation of the licence, as determined by the Authority.

By providing consumers with comprehensive information about the nature and characteristics of virtual assets, including their inherent risks, consumer education enables individuals to make more informed decisions regarding their participation in the virtual asset market. This empowers consumers to assess the risks and benefits of virtual asset investments and make decisions aligned with their financial goals and risk tolerance.

Secondly, educating consumers about security measures, regulatory compliance, fraud awareness and investment risks helps mitigate the likelihood of financial losses and adverse outcomes associated with virtual asset transactions. Consumers who are aware of potential risks are better equipped to protect themselves from scams, fraud and other malicious activities in the virtual asset ecosystem.

The addition of sub-clause (3) is a good proposal. By keeping the consumer education program up-to-date, virtual asset service providers ensure that information provided to consumers remains relevant and accurate. This enables consumers to stay informed about evolving trends, risks and best practices in the virtual asset market, empowering them to make informed decisions based on the latest information available.

The addition of sub-clause (4) is a good proposal. By employing accessible means of communication, virtual asset service providers cater to consumers with varying levels of digital literacy and accessibility needs. This inclusivity ensures that consumer education materials are accessible to individuals with disabilities, language barriers or limited access to technology, enabling them to benefit from valuable information about the risks and best practices of virtual assets.

Clause 45

Representations and information provided to consumer

A virtual asset service provider shall:

a. prepare and maintain key information document that informs the customer of the fundamental benefits, risks and terms of the product or service, in a summarised form;
b. ensure that any information given to a customer on among other things benefits, prices, risks and the terms and conditions; whether in writing, electronically or orally is fair, clear and transparent;
c. ensure that information on its products and services is updated and current and easily available at its branches, websites and any other communication channels which it uses;
d. ensure that it discloses at its branches, websites, advertisements, promotional materials and any other communication channels which it uses that it is regulated by the Authority;
e. disclose its identity in the correspondence, documents and other written instruments that the digital credit provider issues in the course of its business generally or while dealing or contracting with a consumer; and
f. educate its customers on its services and products, and in particular, make its customers aware of the need to keep their personal details and information such as their private keys and Personal Identification Numbers (PIN) secure.

Ensuring that all information provided to customers, including details on benefits, prices, risks, and terms and conditions, is fair, clear, and transparent promotes fair treatment of consumers. This prevents misleading or deceptive practices and fosters trust between the service provider and its customers.

Secondly, requiring virtual asset service providers to keep information on their products and services updated and easily accessible enhances transparency and customer convenience. Customers can access relevant information through various channels, such as branches, websites, and other communication channels, enabling them to stay informed about available offerings.

Clause 46

False advertisements

A virtual asset service provider shall ensure that any advertisement that it publishes or authorises to be published does not include any false, misleading or deceptive representation, or is otherwise misleading or deceptive.

Without prejudice to the generality of paragraph (1) a false, misleading or deceptive representation includes:

a. a representation that the credit facility has benefits or qualities that it does not in fact have; and
b. a representation that the virtual asset service provider has an approval, status, affiliation or connection that it does not in fact have.

By prohibiting false, misleading or deceptive representations in advertisements, consumers are protected from potentially harmful or misleading information. This helps prevent consumers from making decisions based on inaccurate or incomplete information, reducing the risk of financial loss or other adverse outcomes.

Clause 47

Establishment of the Consumer Compensation Fund

There shall be established a Fund to be known as the Consumer Compensation Fund (“the Compensation Fund”) for the purposes of granting compensation to consumers and investors who suffer pecuniary loss resulting from the failure of a licensed virtual assets service provider providing custodial services to meet its contractual obligations.

Consumers whose virtual assets deposits are lost due to an act or omission of the custodial service providers shall be entitled to a compensation and the consumer compensation fund.

The Compensation Fund shall consist of:

a. such moneys as are required to be paid as security deposits by custodial service providers into the Compensation Fund by licensed holders;
b. such sums of money as are paid under this Act as fines or penalties as ill-gotten gains where those harmed are not specifically identifiable;
c. such sums of money as accrue from interest and profits from investing Compensation Fund moneys;
d. such sums of money recovered by or on behalf of the Authority from entities whose failure to meet their obligations to investors result in payments from the Compensation Fund; and
e. unclaimed virtual assets outstanding and held by custodial service providers at the expiry of the applicable statutory limitation period.

The clause is silent on the entity that will be responsible for managing the Compensation Fund. We propose that the Compensation Fund is managed by the Authority. However, this proposal will only apply if clause 6 of the Bill is amended.

The addition of sub-clause (3)(a) is a good proposal. The presence of security deposits ensures that there are sufficient funds available to compensate consumers in the event of a loss. This financial security provides peace of mind to consumers engaging in virtual asset transactions, knowing that their investments are protected.

Thirdly, sub-clause (2) is silent on the entity that will pay compensation to consumers whose virtual assets are lost. We propose that the compensation is paid by the virtual asset service provider. This ensures that consumers receive adequate compensation for their losses.

PART XI - RESPONSIBILITIES OF PERSONS TRADING IN VIRTUAL ASSETS

Clause 48

A person who trades in virtual assets shall:

a. keep the records of virtual assets transactions, including purchases and sales; and
b. pay taxes on any gains that are made from transactions in virtual assets in accordance with the applicable law.

Taxation on gains from virtual asset transactions will generate revenue for the national government. The taxes collected can be used for public services, infrastructure development and other societal needs.

Secondly, we propose that the heading of this clause is included. This proposal enhances uniformity throughout the Bill as each clause will have a heading.

PART XII - REPORTING REQUIREMENTS AND OVERSIGHT

Clause 49

Audited financial statements

A licence holder shall, every year not later than three months after the close of its financial year, file with the Authority an audited financial statement, in respect of all transactions related to the licence holder’s virtual asset business activities.

For the purposes of this section, “financial year” means in respect of:

a. the licence holder’s first financial year, a period not exceeding 18 months from the date of incorporation or issue of a licence; and
b. every subsequent financial year, a period not exceeding 12 months.

Audited financial statements provide an accurate and reliable snapshot of the licence holder's financial health, including its assets, liabilities, revenues and expenses. The Authority can use this information to assess the financial stability and solvency of licence holders, ensuring they have the capacity to fulfill their obligations to customers and investors.

Secondly, audited financial statements facilitate risk assessment by highlighting potential financial risks and vulnerabilities within the virtual asset business. The Authority can identify areas of concern, such as liquidity issues, inadequate capital reserves, or financial mismanagement and take appropriate measures to mitigate risks and protect stakeholders.

Clause 50

Reporting
requirements, on-site
and off-site
monitoring

A licence holder shall be subject to the Authority’s onsite and off-site inspection, audit and monitoring and shall make such periodic reports and returns as may be specified by the Authority.

The Authority may require a licence holder to furnish it, at such time and in such manner as it may direct, with such information as
the Authority may reasonably require for the proper discharge of its functions under this Act.

A licence holder shall make its premises, systems, books and records readily available to the Authority, or its officers or any person appointed by the Authority for inspection, audit and other supervisory purposes.

A licence holder who fails to comply with these requirements shall be liable to assessment of penalties and other administrative sanctions as provided for in subsequent regulations.

Inspections and audits enable the Authority to identify potential risks and vulnerabilities within the operations of a virtual asset service provider. This allows the virtual asset service provider to take appropriate measures to mitigate risks, thereby safeguarding the virtual assets of consumers.

PART XIII - ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM

Clause 51

Source of Funds

A virtual assets service provider shall provide to the Authority with the evidence and sources of funds invested or proposed to be invested in the digital credit business and demonstrate that the funds are not proceeds of crime.

This requirement ensures that funds invested into virtual assets are legitimate and sourced from lawful activities, thereby reducing the potential for illicit financial transactions.

Clause 52

KYC and Customer identity.

A virtual assets service provider shall take reasonable measures to satisfy itself as to the identity of its customers while performing
transactions with them.

We propose that a definition of the term “KYC” is included in tis clause. This proposal enhances clarity by removing the ambiguity present in this clause.

By verifying the identity of customers, virtual asset service providers can mitigate the risk of fraudulent activities, such as identity theft, money laundering and terrorist financing. Ensuring that customers are who they claim to be safeguards the integrity of the financial system and protects against illicit activities in the virtual asset sector.

Clause 53

Compliance with laws
on anti-money
laundering and
combating the
financing of terrorism

A virtual assets service provider shall comply with the Proceeds of Crime and Anti-Money Laundering Act, 2009, the Prevention of
Terrorism Act, 2012 and the relevant regulations and guidelines issued thereunder.

A virtual assets service who fails to comply with the Proceeds of Crime and Anti-Money Laundering Act, 2009, and the Prevention of Terrorism Act, 2012 and the relevant Regulations and Guidelines issued thereunder shall be liable to assessment of penalties and other sanctions as provided for under these regulations.

Compliance with these statutes ensures that money laundering and terrorist financing activities are not carrie dout in the virtual asset sector. By implementing robust anti-money laundering and counter-terrorist financing measures, virtual asset service providers can detect suspicious transactions.

PART XIV - RISK BASED APPROACH

Clause 54

The general requirements

A virtual asset service provider must have in place sound, effective and comprehensive strategies, processes and risk management systems to assess and maintain, on an ongoing basis, the amounts, types and distribution of financial resources, non-financial resources, own funds and unimpaired capital that it considers adequate to cover:
a. the nature and level of the risks to which it is, or might be, exposed, such that there is no significant risk that its liabilities cannot be met as they fall due, and that in the event of a winding up, its business can be wound up in an orderly manner, minimising harm to consumers, market integrity or to other market participants.
b. the risk that the virtual asset service provider might not be able to meet the obligations under the Act in the future; and
c. the need for liquid assets adequate to cover its liabilities as they fall due.

A virtual asset service provider must document how it has met the general prudential requirement. A virtual asset service provider should review annually how it is meeting the general prudential requirement, and this review should be completed within 4 months after the close of the financial year.

A robust risk management system helps identify, assess and mitigate various risks, such as market volatility, operational failures, and cybersecurity threats. By implementing effective risk controls, virtual asset service providers can minimize the likelihood of financial losses and protect their virtual assets.



Clause 55

Types of risk

Virtual asset service providers, in identifying and managing the major sources of risks to which they may be exposed, shall consider the following categories of risks as relevant to the virtual asset service provider, given the nature and scale of its business, including but not limited to:

a. credit and counterparty risk;
b. liquidity risk, being the risk that a virtual asset service provider, although solvent, either does not have available sufficient financial resources to enable it to meet its obligations as they fall due, or can secure such resources only at excessive cost;
c. operational risks;
d. market risk, being the risks that arise from fluctuations in values of, or income from, virtual assets or in interest or exchange rates;
e. interest rate risk, including:

i. risks related to the mismatch of repricing of assets and liabilities and off balance sheet short- and long-term positions (“repricing risk”);
ii. risks arising from hedging exposure to one interest rate with exposure to a rate which re-prices under slightly different conditions;
iii. risk related to the uncertainties of occurrence of transactions, for example, when expected future transactions do not equal the actual transactions; and
iv. risks arising from consumers redeeming fixed rate products when market rates change.

f. the risk that their own funds held by the virtual asset service provider are inadequate having regard to the economic substance of the transactions the virtual asset service provider is involved in;
g. risks arising from changes in the virtual asset service provider’s business, including: the acute risk to earnings posed by falling or volatile income; the broader risk of a virtual asset service provider's business model or strategy proving inappropriate due to macro-economic, geopolitical, industry, regulatory or other factors; and the risk that a virtual asset service provider may not be able to carry out its business plan and desired strategy.
h. the remuneration policy in place at the virtual asset service provider;
i. risk of excessive leverage;
j. the risk to the virtual asset service provider caused by its contractual or other liabilities to, or with respect to, any pension scheme (whether established for its employees or those of a related company or otherwise), including the risk that the virtual asset service provider will make payments or other contribution to, or with respect to, a pension scheme because of a moral obligation or because the virtual asset service provider considers that it needs to do so for some other reason;
k. the risk that the virtual asset service provider’s financial position may be adversely affected by its relationships (financial or non-financial) with other entities in the same group or by risks which may affect the financial position of the whole group (e.g. reputational contagion);
l. concentration risk, being the risk that a combination of risks exposures will cause a loss large enough to threaten the solvency or the financial position in general of the virtual asset service provider; and
m. the risk that the risk mitigation techniques used by the virtual asset service provider prove less effective than expected.

Virtual asset service providers must document their assessment of the major sources of risks to which they may be exposed and how they are managing those risks.

By systematically categorizing and documenting various types of risks, virtual asset service providers gain a deeper understanding of the potential threats to their business operations. This heightened awareness enables them to proactively address and mitigate these risks before they escalate into significant issues.

Secondly, through comprehensive risk assessment and management processes, virtual asset service providers can develop strategies and controls to mitigate identified risks effectively. This proactive approach reduces the likelihood of adverse events and minimizes the impact of potential losses on the consumers.

Clause 56

Use of insurance

In meeting the general requirements, a virtual asset service provider may make use of an insurance policy covering the relevant services to mitigate its risks.

When considering utilising insurance, a virtual asset service provider should consider:

a. the type of cover provided by that insurance;
b. the time taken for the insurer to pay claims (including the potential time taken in disputing cover) and the virtual asset service provider's funding of operations whilst awaiting payment of claims;
c. the financial strength of the insurer, which may determine its ability to pay claims, particularly where large or numerous small claims are made at the same time; and
d. the effect of any limiting conditions and exclusion clauses or excesses that may restrict cover to a small or limited number of specific losses and may exclude larger or hard to quantify indirect losses (such as lost business or reputational costs).

In the event of a covered loss or liability, an insurance policy provides financial protection to the virtual asset service provider. This can include reimbursement for financial losses, legal expenses and other costs incurred as a result of covered incidents.

PART XV - WINDING UP, DISSOLUTION OR VOLUNTARY LIQUIDATION

Clause 57

Winding up or dissolution by the Authority

Where the Authority revokes a licence or registration, it may apply to the Court for the licence holder to be wound up or dissolved, as the case may be in accordance with section 33E of the Capital Markets Act.

Revoking a license and subsequently winding up or dissolving a non-compliant virtual asset service provider removes it from the market, preventing it from continuing to operate unlawfully or engage in activities that may pose risks to consumers.



Clause 58

Voluntary liquidation

A licence holder may, with the approval of the
Authority, voluntarily liquidate itself if it is able to meet all its liabilities.

An application for the Authority’s approval for the purposes of paragraph (1) shall be in such form as may be prescribed.

The Authority may, upon receipt of an application under paragraph (2), approve the application if satisfied as to the solvency of the licence holder.

Where the Authority approves an application by a licence holder under this Act, such licence holder shall forthwith cease all its operations except such activities as are incidental to the orderly realisation, conservation and preservation of its assets and settlement of its obligations.

The Authority shall upon approval of a voluntary liquidation, follow up with the licence holder to ensure smooth execution of the liquidation process.

The Authority shall provide such subsidiary legislation necessary for regulation winding up of licence holders.

Voluntary liquidation can facilitate the timely resolution of a virtual asset service provider's affairs, particularly if the entity is facing financial difficulties or other operational challenges. It allows for an orderly wind-down process, potentially minimizing disruptions to customers.



PART XVI - DISCIPLINARY PROCEEDINGS AND ADMINISTRATIVE SANCTION

Clause 59

Enforcement and
administrative
sanctions

The Authority may impose any or all of the following administrative sanctions with regard to a licence holder that fails to comply with the Act, or any Regulations or its directives under the Act:

a. monetary penalty on a licence holder in such amounts not exceeding five hundred thousand shillings;
b. additional penalties not exceeding ten thousand shillings in each case for each day or part thereof during which the violation or non-compliance continues;
c. suspension from office of the non-compliant licence holders’s director or officer disqualify a significant shareholder, director or officer from holding any position or office in any licensed or financial institution in Kenya;
d. undertake more frequent inspections of that licence holder;
e. order the licence holder to submit to the Authority, within forty-five days, a plan to resolve all deficiencies to the satisfaction of the Authority;
f. suspension or revocation of the licence; and
g. any other action as the Authority may consider appropriate.

By imposing sanctions, the Authority can enforce compliance with the Bill’s provisions and deter virtual asset service providers from engaging in misconduct for non-compliance.

Clause 60

Factors to consider in
determining an
administrative
sanction

In assessing and determining the administrative sanction to apply in respect of a particular violation or non-compliance, the Authority may consider the following factors:

a. whether the person to be sanctioned or penalised is a natural person or corporate body;
b. the nature of the legal or regulatory requirement, direction, order or condition which has been violated or not complied with;
c. the nature and severity of the violation;
d. the impact of the violation on the licence holder, its customer or other person;
e. the benefits that could be or may have been derived from the violation;
f. the amount of financial loss or other losses suffered or likely to be suffered by the licence holder, its customer or other person;
g. the circumstances under which the violation occurred;
h. the financial condition of the licence holder or any other person at fault including in terms of size, assets, capital, annual turnover and any other relevant financial condition;
i. the frequency of violation of the same law, other laws, direction, order or condition;
j. general level of compliance with the law by the licence holder or any other person as demonstrated over a period of time;
k. the public interest affected by the violation;
l. the identity, rank, job description of the officer of the licence holder, or any other person involved;
m. whether the violation has been rectified or remedied or can easily be rectified or remedied; and
n. such other relevant factors as the Authority may consider.

Assessing financial losses suffered or likely to be suffered by stakeholders helps determine the magnitude of the violation and the appropriate level of sanctions.

Secondly, considering the financial condition of the licence holder ensures that sanctions are proportionate and do not unduly burden the virtual asset service provider, taking into account its ability to pay.

PART XVII - OFFENCES AND COMPOUNDING OF OFFENCES

Clause 61

Offences

A Licence Holder that contravenes this Act shall commit an offence and shall, on conviction, be liable, where no specific penalty is provided, to a fine not exceeding ten (10) million Kenyan Shillings and to imprisonment for a term not exceeding ten (10) years.

Any person who:

a. wilfully makes any misrepresentation in any document required to be filed or submitted under this Act;
b. wilfully makes any statement or gives any information required for the purposes of this Act which he knows to be materially false or misleading; or
c. knowingly fails to disclose any fact or information required to be disclosed for the purposes of this Act,’

shall commit an offence and shall, on conviction, be liable to a fine not exceeding two million shillings or to imprisonment for a term not exceeding 5 years.

Any person who destroys, falsifies, conceals or disposes of, or causes or permits the destruction, falsification, concealment or disposal of, any document, information stored on a computer or other device or other thing that the person knows or ought reasonably to know is relevant to the Authority, shall commit an offence and shall, on conviction, be liable to a fine not exceeding 1 million kshs or to imprisonment for a term not exceeding 10 years.

Any person who otherwise contravenes this Act shall commit an offence and shall, on conviction, be liable to a fine not exceeding 1 million kes or to imprisonment for a term not exceeding 10 years.

This proposal acts as a deterrence as it ensures that a virtual asset service provider complies with the provisions of this Bill.

Clause 62

Compounding of offences

The Authority may, with the consent of the Director of Public Prosecutions, compound any offence committed by a person where the person agrees, in writing, to pay such an amount not exceeding the maximum penalty specified for the offence as may be acceptable to the Authority.

An agreement under subsection (1) shall be in writing and signed on behalf of the Authority and by the person agreeing to the compounding.

Every agreement to compound an offence shall be final and conclusive and on payment of the agreed amount, no further action shall be taken, with respect to the offence compounded, against the person who agreed to the compounding.

Where the Director of Public Prosecutions does not give his consent to compound an offence or a person does not agree to compound an offence, the Authority may, with the consent of the Director of Public Prosecutions, refer the case to the Police for legal proceedings.

The Authority may cause to be published, in such form and manner as it deems appropriate, a public notice specifying the particulars of the amount agreed upon under subsection (1).

Compounding offenses allows for a swift resolution of legal matters without the need for lengthy court proceedings, saving time and resources for both the Authority and the virtual asset service provider.

Secondly, it provides a flexible enforcement mechanism that allows the Authority to address minor violations or first-time offenses more leniently, focusing on education and compliance rather than punitive measures.

Thirdly, we propose the deletion of sub-clause (4) as it's impracyical for the police to handle legal proceedings of the case.

PART XVIII - TRANSITIONAL PROVISIONS

Clause 63

Transiitonal provisions

Where, on the commencement of this Act, a person is carrying on a virtual asset business, the person shall make an application in such a manner as may be prescribed, not later than 18 months after the commencement of this Act, to be licensed as a licence holder.

Where, on the commencement of this Act, a person is carrying out the business activities of a virtual asset service provider or of issuing initial token offerings, they shall make an application, not later than 18 months after the commencement of this Act, to be licensed as a virtual asset service provider or for registration as an issuer of initial token offerings, as the case may be, under this Act.

Where, on the commencement of this Act, a person is carrying out the business activities of a virtual asset service provider or of issuing initial token offerings under a Regulatory Sandbox Licence issued under the Capital Markets Authority Act, they shall, notwithstanding the Capital Markets Authority, make an application, not later than 18 months after the commencement of this Act, to be licensed as a virtual asset service provider or for registration as an issuer of initial token offerings, as the case may be, under this Act.

Transitional provisions facilitate the smooth implementation of legislative changes by providing a framework for transitioning from the old legal regime to the new one, ensuring a seamless transition for affected individuals.
Search