MNL ADVOCATES LLP (MN LEGAL)

Banking & Finance

Banking & Finance

  • Mauritius – An Emerging Hub for Fintech & Payment Solutions in Africa

    Mauritius – An Emerging Hub for Fintech & Payment Solutions in Africa

    Mauritius – An Emerging Hub for Fintech & Payment Solutions in Africa

    In the past decade, Mauritius has emerged as a strategic location for a variety of financial services in Africa. Under the guidance of the Mauritius Financial Services Commission (FSC), a robust framework now exists for the regulation of derivatives activities, payment & banking services, as well as digital asset / virtual currency projects. 

    Payment Services for Africa & The Globe

    Starting off with payment services, Mauritius offers two distinct licenses: Payment Intermediary Services (PIS) and Payment Service Provider (PSP). There are major differences between these licenses which are worth delving into greater detail. 

    The major distinction between the PIS and PSP license is that the former is overseen by the Mauritius FSC while the Bank of Mauritius issues all PSP licenses. From our professional experience, the PIS license is more attractive due to lower capital requirements (2,000,000 MUR), a speedier license approval period as well as lower substance requirements. Furthermore, the PIS license is a better fit for cross-border payment services with the PSP license being issued primarily for local business in Mauritius itself. Finally, the Payment Intermediary Services license focuses primarily on card issuance services. Experience has shown that higher demand exists for card and mobile payment services throughout Africa, making the PIS license a better fit for the majority of new payment projects.  

    Derivatives & Virtual Currency

    Moving on to exchange traded products, Mauritius has two distinct regulatory paths for brokers and digital asset providers / crypto exchanges. On the brokerage side, the FSC has a unique license class for brokerage services, known as an Investment Dealer. This license allows one to offer brokerage services in derivatives, stocks, and futures which can be used to target a global audience. An additional benefit of the Investment Dealer license is the underwriting permission. By upgrading the Investment Dealer license to this permission set, licensed brokerage firms in Mauritius will have the ability to initiate stock listings on the Mauritius public stock exchange. 

    In addition to derivatives regulation, Mauritius also for the establishment of fully regulated digital asset firms. VAITOS 2021, which is the regulatory framework for crypto licensing in Mauritius, sets the standard for Virtual Asset Service Provider (VASP) regulation. Licensed activities include: exchange permissions, wallet services, custodian of tokens, and exchange services. 

    Investment Banking Activities

    Finally, the Mauritius FSC also provides a clear pathway for the establishment of an Investment Banking license. A key advantage is flexibility as a variety of financial activities are permitted under this license. Examples of permitted activities include: merger & acquisition advisory, asset management, securities dealing, the underwriting of securities, as well as corporate finance. It is important to highlight that receiving deposits and other types of banking activities do require separate authorisation from the Bank of Mauritius, making a clear distinction between investment and commercial banking activities. 

    In addition to this level of flexibility, Mauritius offers two major incentives to firms looking to establish a presence on the island. First, Mauritius currently has 46 Double Tax Agreements with a variety of countries around the world, examples include China, South Africa, UK and France. Additionally, any new investment bank will enjoy a 5 year tax holiday from the standard 15% corporate tax rate. 

    Discover the Benefits of Mauritius Regulation Today!

    As interest in mobile payment services and digital assets continues to grow throughout Africa and the world, Mauritius will remain the ideal jurisdiction for the quick and efficient regulation of these emerging financial services. We hope this brief overview was useful in providing a basic introduction to Mauritius.

    For many businesses, it strikes the right balance between innovation and compliance.

    At MNL Advocates LLP, we work closely with fintech companies, financial institutions, and investors to navigate complex regulatory landscapes across Africa and offshore jurisdictions such as Mauritius.

    Our support includes:

    • Advising on the most suitable licensing structures (PIS, PSP, VASP, Investment Dealer, Investment Banking)
    • Managing end-to-end license applications and regulatory engagement
    • Structuring cross-border operations and corporate entities
    • Drafting compliance frameworks and internal policies
    • Providing ongoing legal and regulatory support
    • Acquisition of a fully licensed Investment Dealer or VASP firm.

    Whether you are launching a fintech startup or expanding an existing operation, our team is well-positioned to guide you through every stage of the process.

    Have questions or exploring Mauritius as your next hub? Get in touch with MNL ADVOCATES LLP to start the conversation.

  • Guide to Licensing Payments in Kenya: A Strategic Approach

    Guide to Licensing Payments in Kenya: A Strategic Approach

    PSP and e-money pathways, VASP developments, and compliance as a commercial asset for fintechs operating in Kenya.

    Kenya’s payments market is often described in the language of speed: faster checkout, instant transfers, real-time settlement, embedded finance. That narrative is accurate but incomplete. Payments innovation at scale is not only a product story. It is a regulatory perimeter story, and increasingly a governance and resilience story.

    When a business operates in payments in Kenya, whether through a gateway, a digital wallet, merchant acquiring, or a platform layered onto mobile money rails, the question that matters is not simply whether the product works. It is whether the product is operating inside a licensing framework that regulators, counterparties, and sophisticated customers can recognise as safe.

    Key insight: Licensing is not merely an approval step. It is an operating standard testing capital, governance, AML/CFT readiness, cybersecurity, reporting capability, and data governance.

    Contents

    1. The core shift: licensing as operational readiness
    2. Who regulates payment services in Kenya
    3. The payments licensing perimeter
    4. PSP licensing pathways: why “PSP” is not one licence
    5. Virtual assets: what the VASP Act signals
    6. When payments drifts into banking-style regulation
    7. Compliance as a commercial asset
    8. Timelines and capital: planning realistically
    9. FAQ

    1. The Core Shift: Licensing as Operational Readiness

    Early-stage teams sometimes treat licensing as a binary hurdle: licensed or not licensed. In practice, regulators treat licensing as a continuous assurance framework. It requires firms to demonstrate, before launch and throughout operations, that they can manage financial risk, conduct and consumer risk, financial crime risk, technology and operational risk, and data governance.

    This changes how founders should plan. If licensing is treated as a late-stage filing exercise, it often collides with reality: incomplete governance, unclear control ownership, weak documentation, and vendor arrangements that do not match the regulatory story the firm wants to tell.

    2. Who Regulates Payment Services in Kenya

    For most payment service providers and payment systems, the Central Bank of Kenya (CBK) is the anchor regulator under the National Payment System framework. CBK’s focus is pragmatic: safeguarding the integrity and stability of the payment ecosystem and protecting users.

    Depending on the business model, other authorities may also be relevant:

    • Capital Markets Authority (CMA) where virtual assets or investment-adjacent features appear.
    • Communications Authority where telecom rails or authorisations are integral to the model.
    • Financial Reporting Centre (FRC) for AML/CFT reporting obligations.
    • Office of the Data Protection Commissioner (ODPC) for data protection compliance.
    • Kenya Revenue Authority (KRA) for tax compliance.

    3. The Payments Licensing Perimeter: Substance Over Labels

    The fastest way to understand licensing is to describe the product functionally rather than in marketing terms. Regulators are generally less interested in whether a product is called a “platform” or a “technology provider,” and more interested in what it controls:

    • Transaction initiation and processing.
    • Issuance of stored value.
    • Operation of a payment instrument or payment system.
    • Control over settlement flows.
    • The integrity of communications to users.

    In practical terms, licensing outcomes often turn on where the business sits in the value chain: whether it is processing payments, operating payment rails, issuing e-money, or touching customer funds even briefly.

    4. PSP Licensing Pathways: Why “PSP” Is Not One Licence

    “PSP licence” is commonly used as shorthand, but in practice there are distinct categories that reflect different risk profiles, particularly the distinction between facilitating payments and issuing stored value.

    Electronic Retail Payments and Transfer Services (Without E-Money)

    This category generally captures providers facilitating electronic retail payment transactions such as gateways, acquiring and processing, and bill payments, without issuing stored value.

    Small E-Money Issuer (SEMI)

    SEMI structures recognise that some wallet products are low-value or limited in scope. While thresholds may differ, the underlying supervisory expectations remain meaningful: governance, AML/CFT controls, cybersecurity posture, and reporting capability must be credible.

    E-Money Issuer

    Where a platform issues, stores, and redeems e-money, particularly where it is usable with third parties, the regulatory intensity typically rises. At this level, safeguarding structures, reconciliations, consumer risk, and operational resilience become central.

    Payment Instruments and Payment Systems

    Where a business owns or operates payment instruments or systems, including switching or settlement-adjacent infrastructure, the authorisation posture can shift again, particularly where scale raises systemic considerations.

    5. Virtual Assets: What the VASP Act Signals for Kenya Fintechs

    Kenya’s Virtual Asset Service Providers Act, 2025 signals a formal shift toward licensing and supervision of digital asset activity. While implementing regulations and guidelines are awaited, the strategic implication for product teams is immediate: classify activities honestly (custody, exchange, issuance, advisory) and build for licensing readiness in governance, AML/CFT maturity, cybersecurity controls, and defensible disclosures.

    6. When Payments Drifts Into Banking-Style Regulation

    A common strategic risk is designing a payments product that quietly begins to resemble deposit-taking or bank-like services. Where a model involves deposit-like accounts, savings behaviour, or lending structures, the licensing framework can shift into a materially stricter regime under the Banking Act.

    Product design should therefore be treated as regulatory design, particularly where the roadmap includes credit, savings, or account-like features.

    7. Compliance as a Commercial Asset for Kenya Fintechs

    For growth-stage fintechs, licensing and compliance are often viewed as cost centres. In reality, they are frequently deal accelerators. Sophisticated counterparties increasingly ask for evidence: who owns AML/CFT controls, what cybersecurity standards are implemented, how personal data is handled, what incident response looks like, and whether vendor relationships allocate responsibilities clearly.

    Firms that can answer these questions with coherent documentation, including governance papers, policies, logs, and enforceable contracts, move faster in negotiations and inspire confidence in partners and investors.

    8. Timelines and Capital: Planning Realistically

    Licensing is a project, not a form. A realistic plan allows time for pre-application engagement, application review, regulator queries, and final issuance steps. Depending on the model and readiness, timelines can extend over several months and, in some cases, closer to a year.

    Minimum capital requirements vary by category. Examples commonly referenced for certain PSP categories include:

    • Small E-Money Issuer (SEMI): KES 1,000,000
    • Electronic retail payments services: KES 5,000,000
    • E-Money Issuer: KES 20,000,000
    • Designated payment instrument issuer: KES 50,000,000

    Capital, however, is rarely the only determinant of speed. Governance and operational controls are often what determine momentum through the licensing process.

    MN Legal supports clients across the lifecycle of payment and digital finance businesses, from early model structuring to licensing submissions and ongoing compliance posture. This includes mapping transaction flows to the right authorisation pathway, preparing governance and compliance documentation, aligning AML/CFT and operational resilience expectations, advising on data protection governance, and structuring partner and vendor contracts so the operating model matches the regulatory position.

    Make an enquiry  |  Explore Practice Areas

    Frequently Asked Questions

    What licence does a payment service provider need in Kenya?

    It depends on the model. The CBK regulates most PSP activity under the National Payment System framework. The right category depends on whether the business is processing payments, issuing e-money, operating payment instruments, or touching settlement flows. There is no single “PSP licence.”

    How long does payment licensing take in Kenya?

    Realistically, several months from pre-application engagement to issuance, and in some cases closer to a year. Governance and operational controls readiness often determines pace more than capital alone.

    What does the VASP Act mean for digital asset businesses in Kenya?

    The Virtual Asset Service Providers Act, 2025 introduces a formal licensing and supervision framework for digital asset activity. Businesses should classify their activities honestly and begin building for licensing readiness now, ahead of implementing regulations.

    Can a payments product drift into banking regulation?

    Yes. Where a model begins to resemble deposit-taking, savings, or lending, the applicable framework can shift toward the Banking Act, which carries significantly stricter requirements. Product design should be treated as regulatory design from the outset.

    Why does licensing matter commercially, not just regulatorily?

    Sophisticated partners, investors, and enterprise customers increasingly ask for evidence of governance, AML/CFT controls, cybersecurity posture, and data protection compliance. Firms with coherent documentation move faster in commercial negotiations and due diligence processes.

    How can MN Legal help with Kenya payments licensing?

    MN Legal advises on model structuring, licensing pathway selection, governance and compliance documentation, AML/CFT readiness, data protection governance, and vendor and partner contracting for payment and digital finance businesses operating in Kenya.

    Disclaimer: This article is for general information only and does not constitute legal advice. Licensing requirements vary by jurisdiction and specific facts. For advice on your specific model, contact MN Legal.

  • How Capital Markets Licensing Affects Legal Tech Providing Investment, Crowdfunding or Securities Solutions

    How Capital Markets Licensing Affects Legal Tech Providing Investment, Crowdfunding or Securities Solutions

    How Capital Markets Licensing Affects Legal Tech Providing Investment, Crowdfunding or Securities Solutions

    The most commercially successful legal-tech products in capital markets are often the least dramatic: tools that help licensed
    intermediaries keep clean records, onboard investors efficiently, deliver disclosures with audit trails, and demonstrate compliance
    during due diligence.

    Yet licensing questions arise precisely because these products sit close to the regulatory frontier. A platform may be built as
    “workflow software” and still be treated as a regulated service if, in substance, it gives investment recommendations, arranges
    transactions, holds client money, or functions as part of the public offering machinery.

    Abstract capital markets licensing and legal-tech compliance graphic (no logos)
    Licensing risk is rarely about labels. Regulators look at function, control, and investor impact.

    Executive summary: Capital markets regulators tend to apply a functional approach. If your platform performs, controls,
    or materially influences regulated activity, licensing or a licensed partner model may be required, regardless of how the product is marketed.

    The licensing perimeter: the standard regulators apply

    Across most capital markets regimes, licensing is not triggered by a company’s branding (“we are a technology company”) but by what
    the company does. This is sometimes described as a substance-over-form or functional approach.

    In practical terms, the perimeter tends to tighten around four activities:
    (i) giving investment advice or making personalised recommendations,
    (ii) arranging, placing, routing, or executing transactions,
    (iii) handling client money, securities, or custody-like flows, and
    (iv) facilitating public offering communications in a way that creates mis-selling or disclosure risk.

    Legal-tech tools can sit safely outside the perimeter when they operate as internal compliance infrastructure for a licensed intermediary
    and remain subject to clear boundaries: the tool supports, records, and evidences; the licensed entity decides, approves, and executes.

    Where legal-tech products typically trigger perimeter concerns

    Licensing risk most often appears not in a single feature, but in the way features combine into a workflow. Products designed for
    investor onboarding, digital disclosures, and transactional workflow can become “front office” infrastructure very quickly.

    Where licensing risk appears in legal-tech products (onboarding, disclosures, transaction flow, custody)

    Onboarding, disclosures, order flow, and custody-adjacent design are the most common perimeter pressure points.

    Investor onboarding and eligibility

    KYC and onboarding tooling is generally defensible when it remains a controlled workflow with clear oversight. Risk escalates when
    the platform begins to make final determinations (who may invest, what products are suitable) without the licensed intermediary’s
    meaningful review, or where the “profiling” output becomes a de facto recommendation.

    Digital disclosures and investor communications

    Digital disclosure tools are often low-risk, and highly valuable, when they solve the evidence problem: document versioning,
    distribution logs, acknowledgements, and audit trails. Concerns arise where communications drift into promotion of an offer to the
    public without adequate controls, or where disclosures are delivered without traceable evidence of what the investor received and when.

    Order and transaction workflows

    Interfaces that display information are one thing; workflows that route orders, “match” investors to opportunities, or control
    execution logic may look like arranging or execution activity depending on the jurisdiction and the facts.

    Custody, payments, and settlement-adjacent flows

    Products that touch client funds directly or through accounts the platform controls require particular care. Even where a third-party
    payment provider is involved, the question regulators ask is who controls the flow and who bears responsibility for safekeeping.

    A practical perimeter test for founders and buyers

    The most efficient way to avoid late-stage licensing surprises is to run an early perimeter test and write down the conclusion.
    Think of it as a short internal legal memo that you can update at every major release.

    Regulatory perimeter test flowchart for legal-tech serving capital markets
    A simple test helps teams classify risk before product scope drifts.

    The test is deliberately plain. It asks: what service is the product enabling; who is the client; who touches money; who influences
    decisions; who executes; and who controls the communications. If the honest answers point toward advice, arranging/execution, custody-like
    flows, or public offer facilitation, then the product should be structured around a licensed entity either by obtaining the relevant
    permissions or by partnering with a licensed intermediary and allocating responsibilities clearly.

    Designing for compliance: standards that travel across jurisdictions

    Legal-tech teams operating internationally need principles that work across regimes even where definitions differ. The following
    standards tend to be robust:

    Build vs partner vs avoid matrix for licensing-sensitive product features
    A product decision matrix keeps commercial teams, engineers, and compliance aligned.

    First, keep regulated functions with the licensed entity where required. Second, build systems that generate evidence: approvals,
    versioning, acknowledgements, exception handling, and user action logs. Third, ensure that governance is not merely documented,
    but operational meaning there are named owners, review points, and the ability to demonstrate what happened in a specific investor journey.

    The strategic benefit is commercial as much as legal. Strong evidence and clearly bounded operating models reduce friction in procurement,
    accelerate partner onboarding, and make regulatory discussions more orderly.

    A realistic scenario: when “crowdfunding software” becomes a regulated service

    Consider a platform built initially to support issuers with document workflows: issuer onboarding, disclosure templates, and investor
    acknowledgements. The tool performs well and demand grows. Then the roadmap adds convenience features: investor “matching,” automated
    eligibility approval, and in-platform collection of funds “to simplify settlement.”

    Each feature looks incremental. Collectively, the platform may now resemble the machinery of a public offer and transaction facilitation.
    At that point, the perimeter question becomes unavoidable: is the platform merely enabling a licensed intermediary, or is it effectively
    arranging participation, influencing investment decisions, and controlling flows that look custody-adjacent?

    The fix is usually not a full rebuild. It is a structural decision: allocate regulated steps to a licensed partner (or obtain the
    necessary permissions), revise workflows to ensure meaningful oversight, and strengthen disclosures and records so the investor journey
    is defensible.

    Governance and documentation: what sophisticated partners will ask for

    Intermediaries, institutional partners, and sophisticated clients increasingly require evidence of regulatory thinking. A premium posture
    is to maintain a living file that includes: a perimeter memo, a feature risk register, an operating model diagram, vendor allocations,
    and a compliance evidence map (what logs exist, who reviews them, and how exceptions are handled).

    This is where legal-tech has an advantage. Unlike traditional paper processes, well-designed systems can produce reliable logs and
    demonstrate accountability. The goal is not to generate paperwork; it is to make compliance auditable.

    How MN Legal helps

    Perimeter advice, partner models, and defensible product workflows

    MN Legal advises legal-tech founders and capital markets intermediaries on regulatory perimeter mapping, licensing and partnering
    structures, disclosure and onboarding workflow design, and the contractual allocation of responsibilities between platforms and
    licensed entities. Where appropriate, we also support incident readiness and records strategy so your compliance posture is
    evidenced not assumed.

    Make an enquiry

    External reference points that inform global standards include
    IOSCO (securities regulation principles),
    FATF (AML/KYC expectations),
    and market regulators such as
    ESMA and the
    FCA.

    FAQ

    Does every investment or crowdfunding tool require licensing?

    No. Many tools remain outside the perimeter when they are genuinely internal compliance or recordkeeping infrastructure for a licensed
    intermediary. Risk depends on function and control particularly advice, arranging/execution, custody-like flows, and public communications.

    What features most often create licensing pressure?

    Personalised recommendations, investor matching/placement functions, order routing or execution logic, custody-adjacent payment flows,
    and public offer communications without robust controls.

    How should international legal-tech teams manage multi-jurisdiction uncertainty?

    Start with consistent standards: a perimeter memo, a feature risk register, a partner model where regulated steps are performed by
    licensed entities, and strong evidence (audit trails, disclosure versioning, acknowledgements, exception workflows).

    Disclaimer: This article is general information and not legal advice. Licensing requirements vary by jurisdiction and facts. For advice on your specific model, contact MN Legal.