The financial services sector in Kenya is navigating a rapidly changing regulatory landscape, requiring service providers to continuously evolve and adjust their systems to meet evolving data privacy requirements.
Financial institutions are therefore required to embrace advanced technologies and adequately equip and prepare their workforce to handle regulatory shifts while safeguarding customer data.
These are among issues that Christopher Saul who is the Territory Sales Lead for East Africa at Red Hat elaborates in the following interview.
- How are regulatory changes in Kenya’s financial services sector likely to impact data privacy by service providers and other stakeholders?
The regulatory conditions of Kenya’s financial services sector are constantly changing and evolving, and so service providers need to maintain a high level of agility. Today’s IT and automation platforms enable organisations to modify and reconfigure their systems quickly to meet new regulatory requirements.
That said, organisations must ensure they have the skills and human resources necessary to deploy and manage those platforms. Organisations also need to work with their third-party partners and IT vendors they can trust, especially where data handling and privacy are concerned.
They also need to remain cognisant of public cloud providers and their service-level agreements (SLAs), as well as their adherence to data privacy and sovereignty rules in the region.
- What are the key factors that financial services players in Kenya should consider when balancing between regulatory compliance and protection of customer data?
A key factor to consider is the human factor. It may not have to do with the technology solutions that players are using, but their employees and IT professionals need to be prepared for any regulatory changes that may eventually be enacted, particularly those that centre on the gathering, handling, and storage of customer data.
- In your view, how can financial service providers in Kenya maintain the trust of their customers while adhering to data privacy regulations?
Communication with their customers is the key to maintaining trust. Adhering to all regulatory rules and putting rigid tech safeguards in place are just the first essential steps.
The next step is offering platforms and establishing channels where service providers can clearly communicate any announcements, policy changes, or other notifications to their customers.
This is also very important as financial service organisations begin to offer AI-enabled products and applications, and organisations need to be able to translate technical jargon and concepts so that customers are fully aware and understand the impact of any new integrations.
- How can technology help financial institutions in Kenya comply with data privacy?
For many institutions, it begins with having a cloud mindset. The cloud is an investment in an organisation’s agility, flexibility, and automation, and not just about moving all your IT workloads into a public cloud environment.
Using cloud-based platforms, organisations can develop applications, services, and systems in a way that lets them remain extremely agile. In the case of data privacy, cloud computing lets organisations maintain a clear overview of what’s going on while also leveraging an environment that lets them build applications and securely handle data.
- What are some of the best practices that Kenyan banks can learn from elsewhere when navigating similar regulatory tensions about data privacy?
A very good practice for banks is to engage with their IT and platform vendors on how they can comply with all regulatory mandates in a sufficient and cost-effective way. Many major vendors will have extensive experience in working with financial institutions overseas and are therefore well-positioned to guide local ones.
East Africa has a significant advantage with this as by doing so, they bypass any pitfalls or obstacles that international players had along the way in terms of implementation and can go straight to making changes that result in immediate compliance.
Kenyan banks can also learn more about other best practices from their vendors, and they should not be afraid to put them on the spot when it comes to clarifying their recommendations and explaining their solutions.
- With the deepening uptake of mobile money and digital banking in Kenya, how can institutions foster innovation while complying with evolving data privacy laws?
It’s all about the platforms they use to innovate. Just recently, Red Hat announced that Safaricom, one of Kenya’s leading providers of converged communications solutions, has deployed Red Hat OpenShift as a common cloud platform for its applications, including the M-PESA mobile payments service.
OpenShift enables a high level of agility for institutions to keep up with consumer expectations and product offerings.
The same goes for data privacy, as OpenShift enables institutions to make changes and align with regulatory changes rapidly. That is the benefit of a flexible application environment, and it opens the door to further innovation.
- How then should financial service providers in Kenya approach the use of customer data for business analytics?
Many providers are already sitting on a gold mine of customer data, whether they realise it or not. The question is, can they access it and use it in an impactful and ethical way and one that adheres to local regulations? For many providers, the answer lies with what their priorities for that data are and the tools they are using to create applications and services.
Providers should engage with their vendors to unlock international expertise and learn how to extract actionable insights from their data. The end goal is to take that gold mine and transform it into real business value and use it to fuel projects that generate value.
- How is the regulatory landscape regarding data privacy and customer protection likely to evolve in the short term in Kenya?
This is a difficult question to answer as the regulatory landscape is always shifting, especially as it is subject to new socioeconomic influences and technological trends. In the short term, Kenyan financial players should build systems and architectures that let them respond and align themselves with any regulatory changes or policies.
Kenya is a continental leader in financial services thanks to its drive to innovate and ability to respond quickly and decisively to greater market and industry developments, and local players need to work to reflect that.
- With the deepening use of Artificial Intelligence and other new technologies, how can Kenyan banks cyber-secure their systems?
Cybersecurity should never be an afterthought when it comes to enterprise IT. It is a fundamental component of any technology initiative regardless of whether we’re talking about running a website or an AI-powered chatbot. Security needs to sit at the heart of the development of any new business application.
Organisations achieve that by setting up a development environment where organisations can easily test application functionality and identify and solve any security issues.
A deepening use of AI needs to involve companies having the ability to develop their own applications using open source libraries and tools. By doing so, companies build AI applications and services that are distinctly theirs and that benefit from a security-first mindset.
- What are your closing remarks on how financial service providers in Kenya are likely to maintain strong data privacy protections?
Based on my experience working with some of Kenya’s leading financial institutions, they are guided by strong visions and benefit from well-run IT departments. More and more organisations are using Red Hat technology as the basis for their infrastructure and applications.
They are security-focused and are taking steps to upskill and train their teams to be more security-minded. Backed by a cloud mindset, the sector as a whole is working to create an environment in which they can react to market changes, customer trends, and data privacy regulations with agility and certainty.