Skip to document content Go to main menu Go to search

Virtual Asset Service Providers Act

Act No. 20 of 2025

Virtual Asset Service Providers Act
Citation
Act No. 20 of 2025
Date
4 November 2025
Language
English
Original enactment
Download original enactment (PDF) (848.4 KB)
Related documents
Skip to document content
LAWS OF KENYA

VIRTUAL ASSET SERVICE PROVIDERS ACT

NO. 20 OF 2025

  • Published in Kenya Gazette on 21 October 2025
  • Assented to on 15 October 2025
  • Commenced on 4 November 2025
AN ACT of Parliament to provide for the legal framework to license and regulate the activities of virtual asset service providers, and for connected purposes

Part I – PRELIMINARY

1. Short title

This Act may be cited as the Virtual Asset Service Providers Act, 2025.

2. Interpretation

In this Act unless, the context otherwise requires—"AML/CFT/CPF" means anti-money laundering and countering the financing of terrorism and countering proliferation financing;"anonymity-enhancing services" means offering, facilitating or executing transactions in digital assets, with the effect or intention of concealing information;"beneficial owner" has the meaning assigned to it under section 2 of the Companies Act (Cap. 486);"Cabinet Secretary" means the Cabinet Secretary for the time being responsible for matters related to the National Treasury;"chief executive officer" means the person appointed or designated as such under section 30(1) of this Act;"closed ecosystem" means an ecosystem where the use of the virtual asset is restricted to a specific platform, application or network;"competent authority" means a public authority other than a self-regulatory body with designated responsibilities for combating money laundering, financing of terrorism and proliferation financing;"custodial wallet" means a wallet in which the private keys to the subject's virtual assets are held and managed by a third party for proof of ownership and facilitation of transactions;"distributed ledger technology" means a decentralized digital system for recording transactions where the data is simultaneously shared, replicated, and synchronized across computer networks;"fiat currency" means currency that is issued by the relevant body in a country or by a government, that is designated as a legal tender in its country of issuance through legislation;"investigating authority" means an authority established by law with criminal or civil investigation functions;"issuer" means a person who is authorised to issue a virtual asset offering under this Act;"licence" means a virtual asset service provider licence granted in section 10 of this Act;"licensee" means a legal person licensed to operate as a virtual asset service provider conducting one or more permissible activities under this Act;"mixer or tumbler services" means cryptographic facilities or services that mix different stream of potentially traceable virtual assets, concealing the origin of funds of a particular virtual asset;"non-fungible token" means a digital representation of unique and non-interchangeable ownership rights or assets that are recorded on a distributed ledger technology, where each token is individually identifiable and cannot be substituted for another token of equivalent value;"promoter" in relation to a virtual asset offering, means any person who causes the preparation or the distribution of an offering document;"relevant regulatory authority" means an entity designated as such under section 5 of this Act;"senior officer" means the chief executive officer or any other person who holds a position of seniority with responsibility to manage key controlling functions in a licensee;"stablecoin" means a virtual asset designed to or that aims to have its value fixed or pegged relative to one or more reserve assets, including fiat currency, commodities, or other virtual assets, for the primary purpose of maintaining a stable value of the stablecoin;"supervisory bodies" has the meaning assigned to it under section 2 of the Proceeds of Crimes and Anti-Money Laundering Act (Cap. 59A)"virtual asset" means a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes and does not include digital representation of fiat currencies, securities and other financial assets;"virtual asset offering" means a method of raising funds whereby an issuer issues virtual assets and offers them in exchange for funds;"virtual asset services" means the virtual asset services or activities listed under the First Schedule to this Act;"virtual asset service provider" means a company licensed under this Act to carry on the business of virtual asset services;"virtual service token" means a digital representation of value which is not transferable or exchangeable with a third party at any time and includes digital tokens whose sole function is to provide access to and application of service or to provide a service or function directly to its owner; and"virtual asset trading platform" means a digital platform —(a)which facilitates the exchange and trading of virtual assets for fiat currency or other virtual assets on behalf of third parties for a fee, commission or other benefit; and(b) which—(i)holds custody or controls virtual assets on behalf of its clients to facilitate an exchange; or(ii)purchases virtual assets from a seller when transactions or bids and offers are matched in order to sell them to a buyer.

3. Object of the Act

The main object of this Act is to provide for the legislative framework to license and regulate the activities of virtual asset service providers in and from Kenya.

4. Application

(1)This Act shall apply to virtual asset service providers offering virtual asset services in Kenya.
(2)This Act shall not apply to—
(a)digital representations of value or rights that operates solely within a closed ecosystem of the issuer, including those that meet the following criteria—
(i)non-transferable outside a closed ecosystem;
(ii)non-exchangeable with real world goods, services, discounts, purchased outside a closed ecosystem;
(iii)non-tradeable onwards and non-saleable on the secondary market outside of the closed ecosystem;
(iv)solely usable for purposes defined by the issuer and non-usable for payment or investment purposes; and
(v)non-exchangeable for fiat currency or virtual assets.
(b)digital representation of fiat currencies, issued by the Central Bank of Kenya or any other jurisdiction;
(c)a non-fungible token which is not used for payment, investment or any other financial purposes;
(d)a non-fungible token which by its nature and function rather than the designation given by its issuer, is not used for payment or investment purposes, and is not a digital representation of any of financial asset; or
(e)any other digital representations of value or rights sought to be expressly excluded by the relevant regulatory authority.
(3)For the purposes of this Act, virtual service tokens are not virtual assets and a person or legal arrangement that provides services that involve virtual service tokens only are not required to have a licence under this Act.

Part II – DESIGNATION OF REGULATORY AUTHORITIES

5. Regulatory authorities

The following entities shall be the relevant regulatory authorities for the purposes of this Act-
(a)the Capital Markets Authority established under section 5 of the Capital Markets Act (Cap. 485A);
(b)the Central Bank of Kenya established under Article 231( 1) of the Constitution; or
(c)any other public body established under a written law that the Cabinet Secretary may, by notice in the Kenya Gazette, designate as such.

6. Functions of the relevant regulatory authorities

(1)The relevant regulatory authorities shall, in relation to virtual asset service providers, have the following functions—
(a)to license virtual asset service providers in accordance with the services listed in the First Schedule to this Act;
(b)to regulate, supervise and monitor promoters of a virtual asset offering;
(c)to issue directions, directives and take such enforcement actions, as may be deemed necessary, for non-compliance with this Act;
(d)to issue and publish notices, guidelines, guidance notes and any other similar instrument regarding the implementation of this Act, regulations or code issued under this Act;
(e)to ensure financial soundness and stability of the financial system in respect of matters falling under this Act;
(f)to advise the Cabinet Secretary on all matters relating to virtual asset services in their respective sectors;
(g)to cooperate with supervisory bodies, competent authorities and investigating authorities on sharing and exchange of relevant information; and
(h)to do or perform such other function necessary for the proper performance of its respective mandate under this Act.
(2)The relevant regulatory authority may engage the services of or appoint any expert or other competent person for the purposes of performing any of its functions under this Act.

7. Guiding principles of the relevant regulatory authorities

The relevant regulatory authorities shall, in exercising their powers and in performing their functions under this Act, be guided by the following principles—
(a)to ensure financial stability in Kenya;
(b)to ensure market integrity in Kenya;
(c)to foster innovation and maintain fairness, transparency and efficiency in the virtual assets sector in Kenya; and
(d)to prevent, detect and restrain conduct that causes or may cause damage to the financial reputation of Kenya.

Part III – LICENSING REQUIREMENT

8. Eligibility

(1)A person is eligible to apply for a licence to offer one or more of the permissible activities under this Act, if it is a company limited by shares registered under the Companies Act or a foreign company limited by shares and registered under the Companies Act (Cap. 486).
(2)A person shall not carry on, or purport to carry on, the business of virtual asset services, or hold itself out as carrying on that business in or from Kenya, unless that person is licensed to do so by the relevant regulatory authority under this Act.
(3)A person who contravenes subsection (1) or (2) of this section commits an offence and is liable, upon conviction, to a fine or imprisonment, or to both, as specified under section 40(3) to this Act.

9. Permissible activities

(1)The permissible activities under this Act are as set out in the First Schedule to this Act.
(2)The Cabinet Secretary may, in consultation with the relevant regulatory authority, issue guidelines with respect to the virtual asset activities listed in the First Schedule to this Act.

10. Application for a licence

(1)An eligible person may make an application for a licence to offer one or more of the permissible activities to the relevant regulatory authority.
(2)An application shall be in the manner and shall be accompanied by such fee as may be prescribed by the Cabinet Secretary.
(3)The relevant regulatory authority may, in relation to an application received under subsection (1), either—
(a)grant a licence with or without conditions; or
(b)reject an application where an applicant fails to meet the applicable licensing requirements.
(4)Where a relevant regulatory authority rejects an application under subsection (3)(b), that regulatory authority shall, in writing, inform the applicant of its decision and the reasons for the rejection.
(5)An application under this section shall include such other information as may be prescribed in the Regulations.
(6)In determining whether to approve the application from a person in subsection (1), the relevant regulatory authority shall consider matters set out in section 11, and whether the applicant—
(a)is an eligible person as specified under section 8;
(b)has personnel with the necessary skills, knowledge and experience;
(c)satisfies the relevant regulatory authority that it is able to meet the requirements specified in this Act;
(d)satisfies the relevant regulatory authority that it is capable of complying with consumer protection and data protection requirements as provided for in the relevant laws;
(e)satisfies the relevant regulatory authority that, if licensed, it is capable of complying with any financial obligations, inclusive of insurance, capital and solvency requirements;
(f)satisfies the relevant regulatory authority that its directors, senior officers and any other person are fit and proper in accordance with section 18 of this Act;
(g)meets the prescribed cyber security measures as provided for under the Computer Misuse and Cybercrimes Act (Cap. 79C);
(h)has specified physical premises or data solutions that the relevant regulatory authority has deemed suitable for accessing and retaining records and other documents;
(i)satisfies the relevant regulatory authority that an approval is in the public interest having regard to the size, scope and complexity of the applicant; and
(j)has complied with any other requirements provided under this Act or any Regulations made thereunder.
(7)Where the relevant regulatory authority has granted a licence under this section, it shall, within thirty days from the date of grant, publish a notification of such grant in the Kenya Gazette.
(8)An applicant for a licence in this section shall notify the relevant regulatory authority within fourteen days of any changes to the information provided.
(9)A person who, in connection with a licence application, supplies the relevant regulatory authority with information he or she knows is misleading or false or should reasonably know is false or misleading, commits an offence and is liable, upon conviction, to a fine or imprisonment, or to both, as is specified under section 40(2).

11. Considerations for grant of licence

In making a decision to grant a virtual asset service provider licence, the relevant regulatory authority shall consider the following-
(a)the size, scope and complexity of the virtual asset service, underlying technology, method of delivery of the service and virtual asset utilisation;
(b)the knowledge, expertise and experience of the applicant;
(c)the procedures that the applicant has in place to combat money laundering, terrorist financing and proliferation financing;
(d)the internal safeguards and data protection systems being utilised by the applicant;
(e)the risks that the virtual asset service may pose to clients, other licensees or to the financial systems in Kenya;
(f)the net worth, source of funds, capital reserves and financial stability of the applicant;
(g)the impact that the virtual asset service may have on the financial services in Kenya;
(h)the likelihood that the service shall promote innovation, competition and benefits to consumers;
(i)if the applicant's directors, senior officers are fit and proper persons to hold the respective positions;
(j)if the applicant's beneficial owners are fit and proper persons to have such ownership or control;
(k)if the applicant is already operating in a regulated sector, a no-objection shall be required from the relevant regulator; and
(l)any other consideration that the relevant regulatory authority may require.

12. Conditions attaching to a licence

(1)The relevant regulatory authority may impose-
(a)regulatory requirements on a virtual asset service provider as the relevant regulatory authority considers necessary based on-
(i)its assessment of the virtual asset service provided by the licensee;
(ii)the nature of supervision required for the virtual asset service;
(iii)the safety and soundness of the method by which the virtual asset service is offered to the public;
(iv)where applicable, any licence held under another regulatory law; and
(b)further restrictions or prohibitions on the use of technology or practices that, in the opinion of the relevant regulatory authority, may disrupt or prejudice-
(i)the financial services in Kenya;
(ii)the functions of the relevant regulatory authority; or
(iii)the interests of the public.
(2)A licensee shall, at all times, keep its licence on display at its principal place of business and the licence shall include the following—
(a)the date upon which the licence was issued;
(b)the associated licence number;
(c)any other business or trade name by which the licensee is known;
(d)the conditions attached to the licence;
(e)the activities for which the licence has been issued;
(f)the address of its principal place of business in Kenya.
(3)Notwithstanding subsection (1), it shall be deemed to be a condition of every licence that the licensee bears the obligation-
(a)not to modify the activity listed in its licence without prior notice to and approval of the relevant regulatory authority; and
(b)to cooperate actively with the relevant regulatory authority—
(i)by providing any relevant information requested by the relevant regulatory authority, or that to the licensee's knowledge, ought to be disclosed to the relevant regulatory authority; and
(ii)by furnishing necessary and reasonable facilities to enable the relevant regulatory authority to carry out its regulatory functions and to take any corrective action required by the relevant regulatory authority.
(4)The relevant regulatory authority may, by written notice to the holder of the licence, amend or revoke any of the conditions imposed based on subsection (1) or attach new conditions:Provided that the relevant regulatory authority shall not impose such conditions without first giving the licensee an opportunity to be heard.
(5)Any person who contravenes the provisions of subsection (2) or (3) shall be liable to the administrative penalty specified under section 39(2)(f).

13. Duration of a licence

A licence issued under this Act shall be valid from the date it is issued and shall expire on the 31st December of the year it is issued.

14. Assignment and transfer of licence

(1)A licence granted under this Act shall not be transferred or assigned without prior written approval of the relevant regulatory authority.
(2)Any person who contravenes the provisions of subsection (1) shall be liable to the administrative penalty specified under section 39(2)(f).

15. Suspension, variation or revocation of licence

(1)The relevant regulatory authority may suspend, vary or revoke a licence where it is of the opinion that—
(a)the licensee has failed to comply with an obligation imposed on it by this Act;
(b)the licensee is carrying on business in a manner that is not permitted by the licence;
(c)the relevant regulatory authority has been provided with false, misleading or inaccurate information by or on behalf of the licensee;
(d)the virtual asset service or product is being marketed or advertised in a manner that is fraudulent or misleading;
(e)the interests of the clients or potential clients of the licensee are threatened.
(2)The relevant regulatory authority shall, before suspending, varying or revoking the licence, give written notice to the licensee providing the grounds upon which it intends to suspend, vary or revoke the licence.
(3)Where the relevant regulatory authority suspends, varies or revokes a licence, that relevant regulatory authority shall publish in the Kenya Gazette and on its website—
(a)the name of the licensee;
(b)the effective date of the suspension or revocation;
(c)in the case of a suspension, the period of the suspension.
(4)Without prejudice to subsection (1), the relevant regulatory authority may for the purposes of varying a licence—
(a)remove or impose additional licence conditions; or
(b)extend or reduce the permitted activities under the licence.

16. Surrender of licence

(1)A licensee may surrender its licence by giving a prior notice for surrender accompanied by the following information—
(a)the board resolution legitimizing the decision;
(b)a plan depicting the winding up process, if any;
(c)the arrangement to be made in respect of clients' assets;
(d)the notification to be sent to clients as to the surrender;
(e)declaration as to all liabilities having been discharged; and
(f)such other information as the relevant regulatory authority may deem necessary.
(2)Upon approval of the request to surrender a licence under this section, the relevant regulatory authority—
(a)shall supervise the execution of the surrender; and
(b)may give directions to the licensee to protect the interest of the customers or members of the public.

17. Register of licences

(1)Each relevant regulatory authority shall keep and maintain a register of licences it has issued, which shall contain—
(a)the name and address of the licensee;
(b)the type of virtual asset services authorised;
(c)the date of issuance of the licence;
(d)the status of the licence; and
(e)any other relevant information.
(2)The relevant regulatory authority shall publish an updated copy of the register referred to in subsection (1) on its website.

Part IV – GENERAL OBLIGATIONS FOR VIRTUAL ASSET SERVICE PROVIDERS

18. Fit and proper

(1)A licensee shall not appoint a director, senior officer or such other person or allow any of them to continue to act in such capacity unless that person is fit and proper as determined by the relevant regulatory authority.
(2)In determining whether a person is fit and proper under subsection (1), the relevant regulatory authority shall take into consideration the following—
(a)the person's probity, competence, experience and soundness of judgment for fulfilling the responsibilities of the relevant position;
(b)the diligence with which the person is fulfilling or is likely to fulfil the responsibilities of the relevant position;
(c)the person's educational and professional qualifications and membership of professional or other relevant bodies as applicable, or such other equivalent as may be relevant;
(d)the person's knowledge and understanding of the legal and professional obligations to be assumed or undertaken;
(e)any evidence that the person has committed any offence involving dishonesty or fraud or has contravened any law designed to protect members of the public arising from dishonesty, incompetence, malpractice, misconduct or conduct of discharged or undischarged bankrupts or otherwise insolvent persons;
(f)any evidence that the person has contravened any law with respect to virtual assets;
(g)the person's financial standing integrity; and
(h)any other consideration that the relevant regulatory authority may apply.
(3)Where the relevant regulatory authority determines that a person is not fit and proper, it shall inform the applicant or licensee, in writing, of such determination stating the reasons for the determination.
(4)Where—
(a)a licensee has not complied with subsection (1); or
(b)the relevant regulatory authority determines that a licensee has appointed any person who is no longer fit and proper,the relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 of this Act.

19. Registered office and activities of virtual asset service provider

A virtual asset service provider shall maintain a physical office in Kenya where its business activities are carried out.

20. Business to be conducted in prudent manner

(1)Subject to section 18, the business and affairs of a licensee shall be managed by at least three directors of the board of whom at least three shall be natural persons;Provided that a director shall not serve in more than two boards of a licensee under this Act.
(2)A licensee shall conduct its business in a prudent manner.
(3)In determining whether a licensee is conducting its business in a prudent manner, the relevant regulatory authority shall take into account whether the licensee—
(a)complies with the provisions of this Act or any other relevant law;
(b)complies with the any regulations, codes or guidelines issued by the relevant regulatory authority;
(c)maintains the minimum net assets in such other amount as the relevant regulatory authority may direct in writing, taking into consideration the nature, size and complexity of the licensee's business;
(d)maintains the adequate accounting and other records of its business and adequate systems of control and records, and has developed policies and procedures pertaining to its obligations under this Act or any other relevant law; or
(e)has effected a policy of insurance to cover risks inherent in the operation of its business of an amount commensurate with the nature and scale of its virtual asset services.
(4)Any person who contravenes the provisions of this section shall be liable to the administrative penalty specified under section 39(2)(f) of this Act.

21. Business to be conducted with integrity

(1)A virtual asset service provider shall, within or from Kenya, conduct its business with integrity at all times, and in particular, shall-
(a)not undertake mixer or tumbler services or anonymity-enhancing services; or
(b)not mislead clients as to the service being provided and the duties and obligations of the licensee; or
(c)act with due care, skill and diligence, having regard to the nature and scale of its business activities.
(2)A person who contravenes the provisions of this section commits an offence and is liable, upon conviction, to a fine or imprisonment, or to both, as specified in section 40(3) to this Act.

22. Capital, solvency and insurance requirements

(1)A virtual asset service provider shall at all times maintain its business in a financially sound condition by complying with such capital, solvency and insurance requirements as may be prescribed.
(2)Where a person has contravened the provisions of this section, the relevant regulatory authority shall take such enforcement action as it deems necessary under section 39 of this Act.

23 Conflict of interest

(1)A virtual asset service provider shall ensure that it has in place policies and procedures, satisfactory to the relevant regulatory authority, as applicable, to avoid, mitigate and deal with conflicts of interest between—
(a)the licensee and its clients;
(b)the licensee and its service providers or other third parties;
(c)the licensee's clients.
(2)Where a person has contravened the provisions of this section, the relevant regulatory authority shall take such enforcement action as it deems necessary under section 39 of this Act.

24 Additional requirements

Every virtual asset service provider shall at all times—
(a)provide services honestly and fairly;
(b)maintain and hold the prescribed capital requirements;
(c)manage any actual and potential conflicts of interest related to its services;
(d)have adequate technological, financial and human resources to discharge its services;
(e)comply with the full range of the AML/CFT/CPF preventive measures, including targeted financial sanctions obligations;
(f)have its annual financial statement audited;
(g)have adequate measures in place to ensure the safekeeping and protection of the virtual assets of the customer;
(h)open and operate a bank account in Kenya for the purposes of this Act;
(i)ensure that recording, storing, protecting and transmission of the data processed by it is in accordance with laws in Kenya;
(j)ensure that all advertisement, marketing and promotional materials are fair, accurate, identifiable, transparent and not misleading;
(k)plan for business continuity and disaster recovery in the event of an incident or a disaster;
(l)have in place a mechanism for handling customer complaints;
(m)have in place a mechanism for protecting whistle blowers;
(n)take reasonable steps to prevent market abuse and ensure the integrity and transparency of the financial market;
(o)take reasonable steps and measures to maintain an effective consumer education program for the virtual asset in which it deals;
(p)take reasonable steps to ensure that employees and persons acting on its behalf comply with the provisions of this Act or any other relevant law;
(q)maintain competence to provide the virtual asset services;
(r)if offering for sale a virtual asset, conduct due diligence on the virtual asset and its issuer, taking into account the requirements of this Act and any other relevant law;
(s)take reasonable steps to ensure that a person employed, contracted or associated with, the virtual asset service provider -
(i)is fit and proper;
(ii)complies with this Act and all applicable laws in Kenya;
(iii)complies with the code of conduct of virtual asset service providers set out by the relevant regulatory authority;
(iv)complies with the conditions of licence issued by the relevant regulatory authority; and
(v)is competent to provide the virtual assets services.

25 Ongoing notifications

(1)The chief executive officer, appointed or designated under section 30(1) of this Act, shall in writing, notify the relevant regulatory authority where that chief executive officer becomes aware or has reason to believe that—
(a)the licensee has become insolvent or there is a likelihood of it becoming insolvent;
(b)the licensee has failed to comply with a provision of this Act or such other relevant and applicable laws or a condition imposed upon it by the relevant regulatory authority;
(c)the licensee has failed to comply with a modified provision, or with a condition, being a provision or condition specified in a direction given to it by the relevant regulatory authority;
(d)the licensee has become involved in any criminal proceedings whether in or outside Kenya;
(e)where the licensee is an international business company, the registered agent of the licensee has notified the licensee of its intention to resign as registered agent;
(f)there is a material change to the business, including change to banking arrangements;
(g)the licensee has or is likely to change ownership in shares or trusts;
(h)one or more civil suits are pending against the licensee;
(i)the licensee has ceased to carry on business for which it was licensed and authorised;
(j)the directors or senior officers have resigned or ceased to be fit and proper; or
(k)a cyber-security incident has occurred.
(2)Within seven working days of providing notification under subsection (1), the licensee shall furnish the relevant regulatory authority with a written report setting out the particulars of the situation and indicate such mitigating measures to be undertaken by the licensee.
(3)Where a person contravenes the provisions of this section, the relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 of this Act.

26 Material changes to business

(1)A licensee shall not effect or permit a material change within the meaning of subsection (2), unless—
(a)it has served on the relevant regulatory authority a notice, in writing, stating that the licensee intends to effect such a material change; and
(b)the relevant regulatory authority has notified the licensee, in writing, that it has no objection to the licensee effecting the material change.
(2)For the purposes of subsection (1), the following changes are material—
(a)a change to the business activity for which the licence was first issued;
(b)a change to the most recent business plan submitted to the relevant regulatory authority;
(c)a merger with or acquisition of another legal person;
(d)the sale of a subsidiary;
(e)the acquisition of a controlling interest in another company or other entity;
(f)the outsourcing of the functions of the virtual asset services;
(g)where the licensee is an international business company, a change of registered agent of the licensee;
(h)a change of principal place of business;
(i)a change in directorship or senior officers;
(j)a change of business or trade name or such other marks used by the licensee;
(k)a change of domain name; or
(l)a change in the target market.
(3)A notice under subsection (1) shall be in such form and shall contain such information and be accompanied by such documents as the relevant regulatory authority may require.
(4)Upon receipt of the notice under subsection (1), the relevant regulatory authority may, by notice in writing, require the licensee to provide such additional information or documents, within thirty working days from the date of such notice or within such time as the relevant regulatory authority may reasonably require to assess the considerations outlined in subsection (5).
(5)After receipt of a notice under subsection (1), the relevant regulatory authority may approve or object if it has reason, among others, to believe that—
(a)the interests of any clients of the licensee would be threatened by the material change;
(b)the manner in which the business is operated would reasonably be compromised;
(c)the requirements of this Act would not continue to be complied with; or
(d)the financial reputation of Kenya is likely to be threatened by the material change.
(6)Where the relevant regulatory authority objects to the material change, it shall provide the reasons, in writing, for such objections.
(7)Where a person contravenes subsection (1), the relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 of this Act.

27. Ownership changes

(1)No shares in a licensee shall be issued and no issued shares shall be voluntarily transferred or disposed of, without the approval of the relevant regulatory authority.
(2)Notwithstanding subsection (1), the relevant regulatory authority may exempt from the provisions of this section a licensee whose shares or interests are publicly traded on securities exchange licensed in Kenya or a recognised overseas exchange and any such exemption shall be subject to—
(a)a condition that the licensee shall as soon as reasonably practicable, notify the relevant regulatory authorities of—
(i)any change in control of the licensee;
(ii)the acquisition by any person or group of person of shares representing more than ten percent of the licensee's issued share capital or total voting rights; or
(iii)the acquisition by any person or group of persons of shares representing more than ten percent of the issued share capital or total voting rights of the licensee's parent company;
(b)a condition that the licensee shall, as soon as reasonably practicable, provide such information to the relevant regulatory authority, and within such period of time, as the relevant regulatory authority may require for the purpose of enabling an assessment as to whether persons acquiring control or ownership of the licensee in the circumstances set out in paragraph (a) are of satisfactory repute to have such control or ownership; and
(c)such other terms and conditions as the relevant regulatory authority may deem necessary.
(3)For purposes of subsection (1), the reference to shares or interests being transferred or disposed of includes the transfer or disposal of the legal or the beneficial interest in the shares or interests.
(4)In the event of shares in a licensee vesting involuntarily or through process of law in a person, the licensee, as soon as it becomes aware of such vesting, shall inform the relevant regulatory authority of the number of shares and the identity of the person in whom they have vested, and the licensee and the person in whom they have vested shall comply with any instructions as to the licence or the business of the licensee as may be given by the relevant regulatory authority.
(5)A person who contravenes the provisions of subsection (1) or (4) of this section commits an offence and is liable, upon conviction, to a fine or imprisonment, or to both, as specified in section 40(1).

28. Cyber security measures

(1)A licensee shall have appropriate and effective cyber security measures as prescribed or as provided for under the Computer Misuse and Cybercrimes Act (Cap. 79C).
(2)Where a person has acted in contravention of subsection (1), the relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 of this Act.

29. Duty to prepare annual audited financial statements

(1)Every licensee shall cause to be prepared annual audited financial statements in respect of all transactions and balances relating to its business.
(2)A licensee's financial statements shall be audited by an approved auditor in accordance with recognised audit standards and the approved auditor shall be required to provide an auditor's report in respect of the audit.
(3)Every licensee shall submit a copy of its audited financial statements to the relevant regulatory authority within three months from its financial year end.
(4)The relevant regulatory authority may at any time instruct a licensee to have its accounts audited and to submit them to the relevant regulatory authority within such time as may be specified.
(5)Where a licensee has acted in contravention of subsections (1), (2) or (3), the relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 of this Act.

30. Appointment of chief executive officer

(1)A virtual asset service provider shall appoint or designate a person as a chief executive officer, who shall be responsible for the day-to-day management of the virtual asset service provider in Kenya.
(2)virtual asset service provider shall ensure the chief executive officer is fit and proper person.
(3)A virtual asset service provider who intends to appoint or designate a person as a chief executive officer, shall apply to the relevant regulatory authority for its approval.
(4)The relevant regulatory authority may from time to time prescribe the eligibility criteria for the person applying or being designated to become a chief executive officer.

31. Duty to protect customer assets

A virtual asset service provider shall—
(a)maintain, in its custody, a sufficient amount of each type of virtual asset in order to meet the licence holder's obligations to the customer;
(b)meet the prescribed financial requirements relating to the virtual asset;
(c)segregate holdings of virtual assets on behalf of their clients from their own holdings or property, and from any other non-client virtual assets;
(d)not subject the virtual asset to the claim of creditors of the licence holder.

Part V – PREVENTION OF MONEY LAUNDERING, TERRORISM FINANCING AND PROLIFERATION FINANCING BY VIRTUAL ASSET SERVICE PROVIDERS

32. Powers of relevant regulatory authority for AML/CFT/CPF purposes

(1)Pursuant to sections 2A, 36A, 36B and 36C of the Proceeds of Crime and Anti-Money Laundering Act (Cap. 59A) and section 42A of the Prevention of Terrorism Act (Cap. 59B), the relevant regulatory authority shall regulate, supervise and enforce compliance for AML/CFT/CPF purposes by all virtual asset service providers.
(2)In undertaking its mandate under subsection (1), the relevant regulatory authority shall—
(a)vet significant shareholders, beneficial owners, directors, senior officers of a virtual asset service provider;
(b)conduct onsite inspection;
(c)conduct offsite surveillance;
(d)undertake consolidated supervision of an institution and its group;
(e)provide feedback to virtual asset service providers to assist them in detecting and reporting suspicious activities, preventing tipping off and application of AML/CFT/CPF measures in connection with the conduct of virtual asset services and promotion of virtual asset offerings;
(f)compel the production of any document or information the relevant regulatory authority may require for the purpose of discharging its supervisory mandate under the Proceeds of Crime and Anti-Money Laundering Act (Cap. 59A) and the Prevention of Terrorism Act (Cap. 59B);
(g)impose monetary, civil or administrative sanctions for violations related to AML/CFT/CPF purposes;
(h)issue regulations, guidelines, directions, rules or instructions for AML/CFT/CPF purposes;
(i)co-operate and share information for AML/CFT/CPF purposes; and
(j)take such action as is necessary to supervise and enforce compliance by a virtual asset service provider in line with the provisions of the Proceeds of Crime and Anti-Money Laundering Act (Cap. 59A), the Prevention of Terrorism Act (Cap. 59B) and any regulations, guidelines, rules, instruction or direction made or issued thereunder.

33. Penalties relating to AML/CFT/CPF violations

(1)No director, officer, employer, agent or any other person in a virtual asset service provider shall violate or fail to comply with the regulations, guidelines, directions, rules or instructions issued for AML/CFT/CPF purposes.
(2)A person who violates or fails to comply with the provisions of subsection (1) commits an offence and shall be liable, upon conviction, to imprisonment or a fine, or to both, as specified under section 40(3) of this Act.

Part VI – VIRTUAL ASSET OFFERING

34. Issuers of virtual asset offering

(1)A person shall not issue or purport to issue a virtual asset offering, in or from Kenya, or seek an admission of such asset to trading on a virtual asset trading platform unless that issuance is approved under this Act or any other relevant law.
(2)A natural person shall not be eligible to promote or issue a virtual asset offering in or from Kenya.
(3)A person desiring to issue or promote a virtual asset offering, in or from Kenya, or trading on a virtual asset trading platform shall be in compliance with such requirements as may be prescribed by the relevant regulatory authority.
(4)A person shall not issue or promote a virtual asset offering, in or from Kenya, or trading on a virtual asset trading platform unless it has submitted to the relevant regulatory authority an application in compliance with subsection (3) and the relevant regulatory authority has notified the person, in writing, that it has no objection to the issuance.
(5)Notwithstanding subsection (4), the relevant regulatory authority may object, in writing, and require that such measures or actions be taken after issuance has commenced, where—
(a)the manner in which the issuance is advertised is not consistent with the information provided in the application;
(b)the description, nature or characteristics of the virtual asset offering material deviates from the description provided in the application;
(c)issuer is a person that was not disclosed in the application;
(d)the target investor base is different from that disclosed in the application;
(e)relevant regulatory authority has reason to believe that the issuer is misselling the virtual assets offering; or
(f)the issuance is undertaken in a manner detrimental to the public interest.
(6)A person who, in connection with the application, supplies the relevant regulatory authority with information he or she knows or should reasonably know is false or misleading commits an offence and is liable, upon conviction, to imprisonment or a fine, or to both, as specified under section 40(2) of this Act.
(7)A person who contravenes the provisions of subsection (1), (2), (3) or (4) commits an offence and is liable, upon conviction, to imprisonment, fine or to both fine and imprisonment, as specified in section 40(3).

Part VII – INVESTIGATION AND EXAMINATION

35. Compliance, inspection and investigation

(1)The relevant regulatory authority shall undertake compliance inspections and investigations in accordance with the powers conferred under this Act and any other Act of Parliament.
(2)Subject to subsection (1), any person acting as a virtual asset service provider or issuer of a virtual asset offering shall cooperate with the relevant regulatory authority during any investigation or examination.

36. Appointment or designation of examiner

A relevant regulatory authority may appoint or designate examiners and empower such examiners with the necessary powers to undertake such examinations in accordance with the powers under this Act and any other written law.

37. Powers to access information

(1)A relevant regulatory authority shall require the production of information, including specified information or documents, in accordance with the powers conferred to it under this Act, or any other written law.
(2)Notwithstanding the provisions of subsection (1), a relevant regulatory authority may require the production of information or documents from any person or company which is or has at any relevant time been—
(a)a parent company, subsidiary company or other associate of the licensee;
(b)a subsidiary company of a parent company of the licensee;
(c)a parent company of a subsidiary company of the licensee;
(d)an agent or any other person appointed by the company; or
(e)a company in the case of which a significant owner of the licensee, either alone or with any associate or associates, holds 10 percent or more of the shares or is entitled to exercise, or control the exercise of, more than 10 percent of the voting power at a general meeting.
(3)The relevant regulatory authority may, by notice writing served on any person who is or is to be a controller or officer of a licensee require him or her to provide the relevant regulatory authority, within such time as may be specified in the notice, with such information or documents as the relevant regulatory authority may reasonably require for determining whether he or she is a fit and proper person to hold the particular position which he or she holds or is to hold.
(4)The powers conferred by subsection (1), (2) or (3) may be exercised in relation to a former licensee but only in relation to—
(a)business carried on at any time when the licensee was licensed under this Act; or
(b)the ownership or control of a licensee at any time when it was licensed under this Act.
(5)Any person who, in connection with a request made under this section, supplies the relevant regulatory authority with information he or she knows or should reasonably know is false or misleading, commits an offence and is liable, upon conviction, to imprisonment, fine or to both, as specified under section 40(2) of this Act.
(6)The relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 where a person who, without reasonable excuse, fails to comply with a requirement imposed on him or her by the relevant regulatory authority in connection with the exercise of the relevant regulatory authority's powers under this section.

38. Additional powers

(1)The relevant regulatory authority may by notice in writing require a person who is the subject of an investigation in terms of this Act or any other written law or any person connected with the person under investigation—
(a)to provide, at such place and in such form as may be specified in the notice and either forthwith or at such time as may be so specified, such information as the relevant regulatory authority may reasonably require for the purpose of the investigation;
(b)to produce; at such place as may be specified in the notice and either forthwith or at such time as may be so specified, such documents, or documents of such description, as may be specified, being documents the production of which may be reasonably required for the investigation;
(c)to attend at such place and time as may be specified in the notice and answer questions relevant to the enquiry as the relevant regulatory authority may require.
(2)The relevant regulatory authority may, by notice in writing, require every person who is or was a senior officer, director, shareholder, beneficial owner, officer, employee or agent of a licensee which is under investigation by virtue of subsection (1)
(a)to produce to the relevant regulatory authority within such time and at such place as the relevant regulatory authority may require, such documents, or documents of such description, as may be specified, being documents the production of which may be reasonably required for the investigation, which are in his or her custody or power to obtain;
(b)to attend before the relevant regulatory authority at such time and place as the relevant regulatory authority may require and answer questions relevant to the investigation as the relevant regulatory authority may require; and
(c)to take such actions as the relevant regulatory authority may direct in connection with the investigation.
(3)The relevant regulatory authority or a duly authorised officer, employee or agent of the relevant regulatory authority may take copies of or extracts from any documents produced under this section.
(4)Any officer, employee or agent of the relevant regulatory authority may, on producing if required evidence of his or her authority, enter any premises occupied by a person on whom a notice has been served under subsection for the purpose of obtaining information or documents required by the notice, putting the questions referred to in subsection (l)(c) or exercising the power conferred by subsection (3).
(5)For the purposes of this section, a person is connected with the person under investigation if such person is or has at any relevant time been-
(a)a member of a group to which the person under investigation belongs;
(b)a controller or significant owner of the person under investigation;
(c)a partner of a partnership of which the person under investigation is a member.
(6)Any person who, in connection with the exercise of the relevant regulatory authority's powers under this section, supplies the relevant regulatory authority with information he or she knows or should reasonably know is false or misleading commits an offence and is liable upon conviction to such penalties as specified under section 40(2) in this Act.
(7)The relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 where a person who, without reasonable excuse, fails to comply with a requirement imposed on him or her by the relevant regnlatory authority in connection with the exercise of the relevant regulatory authority's powers under this section.

Part VIII – ENFORCEMENT ACTIONS

39. Administrative enforcement action

(1)The relevant regulatory authority may take administrative enforcement action against any person who violates any relevant provision of this Act.
(2)In exercising the powers provided for under subsection (1), the relevant regulatory authority may take the following administrative enforcement action—
(a)issue a formal written warning to the licensee for the cessation of the non-compliance and require the specific action for rectification is undertaken;
(b)issue a direction to the licensee to take remedial action or to make specific arrangements to remedy the noncompliance within such timeframe as may be specified;
(c)issue a directive to the licensee imposing a prohibition, restriction or limitation, including—
(i)issuing enforcement notices requiring noncompliance to be rectified within a specified period of time;
(ii)restriction from entering into any new business contracts;
(iii)requiring that any director, senior officer or person having functions in relation to the licensee, be removed and replaced by a person acceptable to the relevant regulatory authority;
(iv)requiring such action as the relevant regulatory authority may consider necessary to protect customers, creditors or potential customers and creditors;
(d)suspend or revoke—
(i)a licence issued under section 10 of this Act;
(ii)a virtual asset offering approved under section 34 of this Act; or
(e)initiate such investigation as may be necessary to ensure compliance with this Act;
(f)impose an administrative penalty to a person who contravenes the provisions provided for under section 12(5), 14(2) or 20(4) of this Act—
(i)in the case of an individual, of a fine not exceeding three million shillings; or
(ii)in the case of a company, of a fine not exceeding ten million shillings;
(g)taking any other administrative enforcement action determined by the relevant regulatory authority under this Act or any other relevant Act of Parliament.
(3)When determining the appropriate administrative enforcement action, the relevant regulatory authority shall consider the following factors—
(a)the nature, seriousness and impact of the violation;
(b)the conduct of the individual or company after the violation and throughout any investigation or examination by the relevant regulatory authority;
(c)the previous disciplinary record and compliance history of the individual or company;
(d)the interpretation and application of the relevant regulatory authority published materials, including guidance, industry codes and such materials as may be published from time to time; and
(e)any action taken by the relevant regulatory authority or by other domestic or international regulatory bodies in similar cases.

40. Criminal offences and penalties

(1)A person who commits an offence under section 27(5) is liable, upon conviction—
(a)in the case of an individual, to a fine not exceeding three million shillings or to imprisonment for a term not exceeding three years, or to both;
(b)in the case of a company, to a fine not exceeding five million shillings.
(2)A person who commits an offence under section 10(9), 34(6), 37(5) or 38(6) is liable, upon conviction—
(a)in the case of an individual, to a fine not exceeding seven million shillings or to imprisonment for a term not exceeding three years, or to both;
(b)in the case of a company, to a fine not exceeding twenty million shillings.
(3)A person who commits an offence under section 8(3), 21(2), 33(2) or 34(7) is liable, upon conviction—
(a)in the case of an individual, to a fine not exceeding ten million shillings or to imprisonment for a term not exceeding five years, or to both;
(b)in the case of a company, to a fine not exceeding twenty-five million shillings.

41. Liability of individuals

Where any offence or contravention against this Act is committed by a licensee, a director, partner or any senior officer of the licensee who knowingly authorised, permitted or aided in the commission of the offence that individual also commits the contravention or offence and; is liable for any criminal, civil or administrative penalty to which the licensee is liable under this Act.

Part IX – MISCELLANEOUS PROVISIONS

42. Confidentiality

(1)Subject to subsection (2), neither the relevant regulatory authority nor any agent of the relevant regulatory authority shall disclose to any third party any information or documents acquired in the performance of its duties under this Act, including in respect of any licensees.
(2)Subsection (1) shall not apply to any disclosure—
(a)lawfully required by any court of competent jurisdiction in Kenya;
(b)in respect of the affairs of any licensee or other person, with the consent of such person, as the case may be, which consent has been voluntarily given;
(c)where the information disclosed is in statistical form or is otherwise disclosed in such a manner that does not enable the identity of any licensee or other person to which the information relates to be ascertained; or
(d)in terms of any lawful disclosure required under the Mutual Legal Assistance Act (Cap. 76A), the Proceeds of Crime and Anti-Money Laundering Act (Cap. 59A), Prevention of Terrorism Act (Cap. 59B) or any other relevant law, bilateral or multilateral agreements.

43. Appeals

(1)A person who is aggrieved by any of the following decisions of the relevant regulatory authority may appeal against that decision to the relevant body—
(a)refusal to approve an application for a licence in terms of this Act;
(b)refusal to approve any other application or appointment made in terms of this Act;
(c)the decision to amend, revoke or suspend a licence or a decision to amend a condition of a licence in terms of this Act; or
(d)an enforcement action taken by the authority.
(2)In determining an appeal, the relevant body may—
(a)confirm, vary or revoke the decision of the relevant regulatory authority; and
(b)make further orders as it considers appropriate.
(3)For the purposes of this section, a "relevant body" means a court of law, a tribunal or a committee established by a written law of competent jurisdiction in Kenya.

44. Access to and maintenance of client transaction records

(1)A licensee shall, where the relevant regulatory authority so requires, provide the relevant regulatory authority with online or automated real time read-only access to both its client's and its own virtual asset transaction records.
(2)A licensee shall maintain a record of both its client and its own transactions at its principal place of business for a period of not less than seven years beginning from the date the transaction occurred.
(3)Where a person has acted in contravention of subsection (1) or (2), the relevant regulatory authority shall take such enforcement action as it deems necessary, in terms of section 39 of this Act.

45. Protection from liability

No action, prosecution or other proceedings shall be brought against the relevant regulatory authority, an employee or agent of the relevant regulatory authority or other person appointed under this Act in respect of any acts done or omitted to be done in good faith in the proper discharge of functions or duties conferred by this Act.

46. Compliance to the Data Protection Act (Cap. 411C)

Any person processing personal data under this Act shall comply with the Data Protection Act (Cap. 411C).

47. Transitional and saving provisions

Upon the commencement of this Act, any person providing virtual asset services shall, within one year of the commencement, comply with the provisions of this Act.

48. Consequential amendments

The Act specified in the Second Schedule is amended in the manner specified in that Schedule.

Part X – PROVISIONS ON DELEGATED POWERS

49. Regulation

(1)The Cabinet Secretary may, on the advice of the relevant regulatory authority, make Regulations for the purpose of carrying out and giving effect to the provisions of this Act.
(2)Without prejudice to the generality of subsection (1), the Regulations made under this Act may prescribe—
(a)the form of application;
(b)information or documentation to be submitted in support of an application under this Act;
(c)fees payable under this Act;
(d)the conditions for acquisition or holding of shares, legal interest or beneficial ownership in the licence holder;
(e)conditions for assignment and transfer of a licence;
(f)standards to be maintained by licensees in the conduct of business;
(g)the standards, policies and procedures for business management and continuity;
(h)contents of advertisements and promotions of virtual asset services and products;
(i)prudential standards in respect of—
(i)disclosure to clients;
(ii)safekeeping of client's virtual assets;
(iii)cybersecurity measures and cyber security audit report;
(iv)financial reporting;
(v)statutory returns;
(vi)capital, solvency, and liquidity requirements for the various types of virtual asset business;
(j)the insurance requirements for the various types of virtual asset business;
(k)requirements for third party transactions and relationships;
(l)conditions for freezing and seizure orders;
(m)requirements for offer of initial coin offerings;
(n)requirements for listing of tokenized assets in the securities exchange;
(o)requirements for tokenization of real-world assets;
(p)requirements for virtual asset investment managers;
(q)requirements for issuance and use of stablecoins; and
(r)requirements for periodic returns.
(3)The Regulations made under this subsection may provide for the imposition of penalties not exceeding ten million shillings or imprisonment for a term not exceeding five years for contravention of the Regulations.
(4)For the purposes of Article 94 (6) of the Constitution—
(a)the purpose and objective of the delegation under this section is to enable the Cabinet Secretary to make regulations for better carrying into effect the provisions of this Act;
(b)the authority of the Cabinet Secretary to make regulations under this Act will be limited to bringing into effect the provisions of this Act and fulfilment of the objectives specified under this section.

FIRST SCHEDULE {ss. 2; 6(l)(a); 9(1) & (2))

VIRTUAL ASSET ACTIVITIES

The list below shall constitute the types of virtual asset activities, their functions and description of activities.
TypesFunctionsDescriptionResponsible Relevant Regulatory Authority
Virtual Asset Wallet ProviderCustodial wallet/ services (corporate and retail)Services provided by a third party, in which the private keys to the subject's virtual assets are held and managed by the third party for proof of ownership and facilitation of transactions.Central Bank of Kenya
Virtual Asset ExchangeTransfer and conversion services of Virtual AssetsProviding a digital online platform facilitating virtual asset transfers and exchanges. Exchanges may occur between one or more forms of virtual assets, or between virtual assets and fiat currency.Capital Markets Authority.
Trading, clearing and settlement platforms.A platform providing for the facilitation of the sale, trading, or exchange of virtual assets for fiat currencies or for other virtual assets.Capital Markets Authority
Virtual Asset Payment ProcessorPayment gatewayArranging transactions involving virtual assets and fiat currency, or between virtual assets.Central Bank of Kenya
Virtual Asset BrokerBrokerage servicesFacilitate the exchange between one or more forms of virtual assets through a virtual asset exchange and virtual asset wallet providers for and on behalf of clients, which may include retail, institutional investors, or funds.Capital Markets Authority
Virtual Assets Investment AdvisorInvestment advisory servicesProvision of investment advice on virtual assets, initial virtual asset offering and non-fungible tokens for and on behalf of clients, which may include individuals or institutional investors.Capital Markets Authority
Virtual Asset ManagerVirtual Asset managementManaging portfolios in accordance with mandates given by clients on a discretionary basis where such portfolios include one; or more virtual assets.Capital Markets Authority
Virtual Asset Offering ProviderInitial Coin OfferingIssuing and selling virtual assets to the public. May involve participating in and providing financial services relating to the initial coin offering.Capital Markets Authority
Virtual Asset TokenizationThe process of converting real-world assets (like real estate, art, or, commodities) into digital token on a blockchain.Capital Markets Authority
Token Issuance PlatformProvision of tokenization platform for issuance and secondary trading of tokens of real-world assets.Capital Markets Authority
Stablecoin IssuanceThe process of creating and managing approved stablecoins.Central Bank of Kenya

SECOND SCHEDULE (s. 48)

CONSEQUENTIAL AMENDMENTS

Written lawprovisionAmendment
The Proceeds of Crime and Anti-Money Laundering Act (Cap. 59A)s2(1) By deleting the definition of “reporting institution” and substituting therefor the following definition—
 “reporting institution means a financial institution, designated non-financial business and profession or a virtual asset service provider;
 (2) By inserting the following new definition in proper alphabetical sequence—
 "virtual asset service provider” has the meaning assigned to it under section 2 of the Virtual Asset Service Providers Act
44(4)By deleting the words “financial institution” and substituting therefor the words “reporting institution”.
45A(1) In subsection (1), by inserting the words “or virtual asset service providers” immediately after the words “legal arrangements”
 (2) In subsection (3)(c), by inserting the words “or virtual asset service providers” immediately after the words financial institutions”.
 (3) In subsection (3)(d), by inserting the words “or virtual asset service providers” immediately after the words financial institutions” appearing after the words “offices of”.
The Capital Markets Act (Cap. 485A)s2(2) By inserting the following new definitions in proper alphabetical sequence—
 “Virtual asset service provider”has the meaning assigned to it under section 2 of the Virtual Asset Service Providers Act
s.11(3)By inserting the following paragraph immediately after paragraph (fa)
 (fb) regulate virtual asset service providers in accordance with the Virtual Asset Service Providers Act;
The Central Bank of Kenya Act (Cap. 491)s.2By inserting the following new definition in proper alphabetical sequence—
 “virtual asset service provider” has the meaning assigned to it under section 2 of the Virtual Asset Service Providers Act;
s.4AIn subsection (1)—
 (a) by inserting the following new paragraph immediately after paragraph (db)—
 (dc) license and supervise virtual asset service providers;
 (b) in paragraph (h)—
 
(i) in the opening sentence, by inserting the words “and section 6 of the Virtual Asset Service Providers Act”immediately after the expression “Cap. 59A”; and
 (ii) by inserting the following subparagraph after new immediately subparagraph (vii)—
 (viia) virtual asset service providers
The National Payment System Act (Cap. 491A)s. 2By inserting the following new definition in proper alphabetical sequence—
 "reporting institution" has the meaning assigned to it under section 2 of the Proceeds of Crime and Anti-Money Laundering Act (Cap. 59A).
s.17AIn subsection (1), by inserting the words "and section 6 of the Virtual Asset Service Providers Act" immediately after the expression "Cap. 59A" appearing in the first sentence.
▲ To the top

History of this document

04 November 2025 this version
Commenced
21 October 2025
15 October 2025
Assented to

Cited documents 9

Act 9
1. Companies Act 2127 citations
2. Proceeds of Crime and Anti-Money Laundering Act 432 citations
3. Data Protection Act 163 citations
4. Prevention of Terrorism Act 157 citations
5. Capital Markets Act 116 citations
6. Central Bank of Kenya Act 89 citations
7. Computer Misuse and Cybercrimes 49 citations
8. Mutual Legal Assistance Act 28 citations
9. National Payment System Act 23 citations

Documents citing this one 3

Act 3
1. Capital Markets Act 116 citations
2. Central Bank of Kenya Act 89 citations
3. National Payment System Act 23 citations