Open Banking and the New Compliance Landscape
CBK guidelines, PSD2-equivalents, and consent frameworks heading into 2027.
The Central Bank of Kenya's draft Open Banking Standard, released in 2025, is the most consequential regulatory shift since prudential guideline CBK/PG/05. Banks that treat it as a compliance project will lose. Banks that treat it as a distribution opportunity will gain a decade of customer growth.
What changed
- Consent durability — customers now retain explicit, revocable, scope-limited grants over their data.
- API uptime SLA — 99.5% on production endpoints, with breach reporting to CBK within 4 hours.
- Third-party provider (TPP) onboarding — every bank must support a sandbox-to-production flow for licensed PSPs and AISPs.
Phase 1 (account information) is mandatory from Jan 2027. Phase 2 (payment initiation) follows in Jul 2027.
All Tier 1 and Tier 2 banks operating in Kenya. Tier 3 institutions get a 12-month grace period.
EAC harmonisation under discussion. Expect alignment with Tanzania and Uganda within 24 months of Kenyan rollout.
Talk to our compliance team
Schedule a discovery call to map your readiness.