Kenya’s migration from Bank Specific Base Lending rates to KESONIA

The Central Bank of Kenya (CBK), acting under the Central Bank of Kenya Act (Cap 491) and the Banking Act (Cap 488), has restructured the legal architecture for the pricing. Introducing the Kenya Shilling Overnight Interbank Average (KESONIA) as a transaction-based common reference rate. This article examines the compliance posture financial institutions and counterparties must now adopt.

The reform represents the regulator's third significant intervention in interest-rate governance within a decade following the legislative interest-rate caps introduced by the Banking (Amendment) Act, 2016, and their subsequent repeal in 2019, after which the Risk-Based Credit Pricing Model was intended to discipline pricing through supervisory rather than statutory means. The 2019 model failed to deliver the transparency and convergence the CBK anticipated; bank-specific internal base rates persisted, comparability across institutions was poor, and monetary-policy transmission remained sluggish. KESONIA is the regulator's response.

The KESONIA framework is built on this same prudential and supervisory architecture, augmented by reference to international benchmark-reform standards. The principal external reference point is the IOSCO Principles for Financial Benchmarks (July 2013).

The CBK's supervisory expectations under the new regime can be reconstructed from the reform's design. Banks must (i) reference KESONIA in all in-scope new and migrated facilities; (ii) maintain a documented methodology for determining the K factor that withstands supervisory inspection; (iii) publish on the Total Cost of Credit platform their applicable lending rates and components; and (iv) include in loan documentation a fall-back to the Central Bank Rate where KESONIA is unavailable.

Enforcement consequences arise principally under section 33 of the Banking Act and in egregious cases, suspend or revoke licences. The Banking (Penalties) Regulations, 2013 prescribe administrative penalties for prescribed infractions, augmented by daily penalties for continuing breaches. Misreporting of K-factor components, or inconsistent application of the borrower-risk premium across customers, may also implicate sections of the Competition Act, 2010 if patterns of coordination among banks are discernible.

Three supervisory pressure points are foreseeable. First, the CBK is likely to scrutinise the decomposition of K — particularly whether operating-cost and shareholder-return components are reasonable and verifiable rather than residual profit-maximising add-ons. Second, expect intensified examination of the borrower-risk premium, including whether credit-risk scoring is consistent with the lender's internal models and the Credit Reference Bureau Regulations, 2020. Third, the Total Cost of Credit platform will function as a continuous, public-facing supervisory tool, generating reputational pressure on outlier institutions. 6.5 Governance, Risk, and Data-Protection Considerations

The reform reconfigures bank governance obligations in material respects. The pricing of credit ceases to be a purely commercial decision and becomes a regulated activity subject to documented governance. Boards and Asset and Liability Committees must approve and periodically review K-factor methodologies; internal audit must verify their implementation; and risk committees must monitor concentration of higher-K exposures, which may signal under-priced risk or, conversely, regulatory-arbitrage incentives.

The borrower-risk component of K relies on processing personal data, including credit history, repayment behaviour, and financial position. This engages the Data Protection Act, 2019, particularly sections 25 (data-processing principles), 26 (rights of data subjects), and 35 (automated decision-making). Where risk scoring is wholly or substantially automated, borrowers acquire enhanced rights, including the right to meaningful information about the logic involved and to contest decisions. The Office of the Data Protection Commissioner has signalled growing interest in algorithmic credit decisioning; banks operating opaque scoring systems face regulatory and reputational exposure.

Operational risks include legacy IT-system constraints. Litigation risk is concentrated in three domains: (i) borrower challenges to the lawfulness or reasonableness of K; (ii) class-style complaints alleging inconsistent application across customers; and (iii) disputes over the construction of fall-back provisions if KESONIA is materially disrupted. 6.6 Policy Analysis and International Alignment KESONIA represents Kenya's participation in the global benchmark-reform movement.

Two policy considerations merit attention. First, the reform's effectiveness depends critically on the depth and liquidity of the overnight interbank market. The CBK's data indicate volumes of up to KES 60 billion per night, sufficient for robustness in normal conditions but potentially vulnerable in periods of market stress. Mature markets have addressed this through transaction thresholds and waterfall methodologies; the CBK will need to develop analogous contingency rules. Second, the reform's monetary-policy-transmission objective will be tested over the coming cycles. If lending rates fail to track CBR movements through KESONIA with the anticipated sensitivity, further regulatory intervention is foreseeable.

The KESONIA reform is among the most consequential adjustments to Kenyan banking law in the post-2016 cycle. It substitutes a transparent, transaction-based benchmark for opaque internal base rates; it embeds risk-based pricing into the regulatory perimeter; and it aligns Kenya with the international migration from IBORs to risk-free rates. The reform's success will be measured not by the elegance of its design but by the quality of supervisory enforcement, the rigour of K-factor governance, and the development of jurisprudence on contractual variation, consumer protection, and data-protection compliance. Further regulator activity — particularly codification of K-factor methodology and formalisation of benchmark administration — is likely within the next 12 to 24 months.