Veridom Ltd

tolulope@veridom.io

Veridom Ltd

festus@veridom.io

Security CBK NDTCP digital credit Kenya per-decision explainability AI accountability operating model protocol ODPC This document defines the OMP domain profile for digital credit providers (DCPs) operating under the Central Bank of Kenya Digital Credit Providers Regulations 2022 (CBK NDTCP). It specifies the Intent Class configuration, routing threshold ranges, Watchtower definitions, and Audit Trace extensions required to satisfy per-decision explainability and human oversight evidence requirements for AI-assisted credit decisions under the CBK framework. The Central Bank of Kenya AI Banking Sector Survey (July 2025) found that few institutions using AI for credit decisions have mechanisms for per-decision explainability. The CBK AI Guidance Note, in preparation as of March 2026, will define what adequate AI governance evidence means for all 195 licensed DCPs. This profile specifies the technical architecture that satisfies those requirements. This profile REQUIRES implementation of the core OMP protocol as defined in draft-veridom-omp. The full specification is also available at ZENODO-OMP. All terms and base protocol specifications in that document apply to this profile. This document specifies only the domain parameters.

Introduction The Central Bank of Kenya licensed 195 digital credit providers under the NDTCP framework as of January 2026 . The CBK AI Banking Sector Survey [CBK-AI-SURVEY-2025] conducted in March 2025 and published July 3, 2025 found that 50% of regulated institutions have adopted AI tools, of which 65% use AI for credit risk scoring. The survey further found that few institutions using AI have mechanisms for bias detection, algorithm explainability, or customer redress. Ninety-three percent of survey respondents stated that CBK should develop and issue AI Guidance. Matu Mugo, Director of Bank Supervision at CBK, confirmed publicly at the CBK AI Hackathon (November 20, 2025) that the Bank is formulating a Guidance Note on Artificial Intelligence covering governance, risk management frameworks, data integrity, and the necessity of human oversight in automated decision-making. For the purposes of this profile, per-decision explainability means a cryptographically sealed record of: (i) the input data at the moment of the credit decision, (ii) the classification and confidence scores applied, (iii) the policy compliance evaluation, (iv) the routing outcome (AUTONOMOUS, ASSISTED, or ESCALATED), and (v) the identity of any Named Accountable Officer who reviewed the decision. The OMP Audit Trace defined in [I-D.veridom-omp] satisfies all five requirements when configured per this profile. The Kenya Office of the Data Protection Commissioner (ODPC) issued its largest combined fines in history in December 2025 -- KES 9,375,000 in a single decision -- against digital credit providers specifically for the absence of traceable consent and data processing audit trails. This profile addresses those specific evidentiary requirements. Additional background on OMP is available in [ZENODO-OMP].

Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Regulatory Reference Framework The following regulatory instruments govern DCP operations in Kenya. This section maps each instrument's evidentiary requirements to specific OMP NDTCP profile technical responses.

CBK NDTCP Regulation 18:

Requires reasonable assessment of borrower repayment ability. The OMP AUTONOMOUS path with full Audit Trace provides a sealed record of the input data and classification rationale at the moment of the credit decision, satisfying the evidencing requirement for each loan.

CBK AI Guidance Note (in preparation, expected Q2 2026):

Expected to require per-decision explainability of AI credit decisions. The complete OMP Audit Trace -- including Intent Class, Confidence Score components, Watchtower evaluations, and routing rationale -- constitutes the per-decision explainability record. The Proof-Point artifact generates the regulator-ready export on demand.

Kenya Data Protection Act 2019 / ODPC enforcement:

Requires traceable consent and data processing audit trail. Watchtower WT-01 (PII Exposure Shield) prevents PII ingestion to the inference layer. H_s anchors the data state at query time. The Proof-Point generates the consent and processing audit trail on examination demand.

CBK NDTCP Regulation 27:

Consumer complaint handling and response timelines. Watchtower WT-04 (Regulatory Silence Detector) enforces SLA compliance. The Audit Trace records every complaint interaction with timestamps. Proof-Point provides SLA compliance evidence on demand.

Intent Class Configuration The following Intent Classes MUST be defined for NDTCP deployments. Routing thresholds are specified as minimum values; implementations MAY set higher thresholds based on institutional risk assessment.

Intent Class	Theta Min	Rationale
CREDIT_SCORE_QUERY	0.88	Routine credit score inquiry. No lending decision. High volume.
LOAN_DECISION	0.92	AI-assisted loan origination. High consequence. Named officer review required above threshold.
REPAYMENT_CAPACITY_ASSESS	0.90	Regulation 18 compliance. MUST log data sources used in assessment.
COMPLAINT_RESOLUTION	0.85	Customer complaint routing. Silence Detector active. 24-hour SLA.
ADVERSE_ACTION_NOTICE	0.95	Credit denial or adverse terms. Named officer MUST review before dispatch.
DATA_RECTIFICATION_REQUEST	0.88	ODPC-governed data correction. Full audit trail mandatory.
CRB_CONSENT_VERIFICATION	0.99	Credit Reference Bureau access. Consent MUST be logged before query.

Watchtower Configuration The following Watchtowers MUST be active in NDTCP deployments. WT-01 and WT-04 from the core registry apply without modification. The following NDTCP-specific Watchtowers are defined for this profile.

WT-NDTCP-01: CRB Consent Verification

Severity:

HARD_BLOCK

Trigger:

CRB query attempted without a logged, timestamped borrower consent record predating the query timestamp.

Action:

Blocks CRB query. Routes interaction to ESCALATED. Logs trigger evidence including attempted query timestamp and absence of consent record.

Regulatory basis:

Kenya Data Protection Act 2019; CBK consumer protection guidelines requiring explicit consent for CRB access.

ODPC enforcement precedent:

Mulla Pride Ltd / KeCredit / Faircash (December 2025): KES 2,975,000 fine specifically for absence of traceable consent records. This Watchtower closes that specific evidence failure mode.

WT-NDTCP-02: Adverse Action Trigger

Severity:

FORCE_ASSISTED

Trigger:

LOAN_DECISION intent where Confidence Score indicates probable denial outcome (implementation-defined threshold, RECOMMENDED: C below 0.40 for the approval outcome class).

Action:

Forces ASSISTED path. Named Accountable Officer MUST review and apply a Resolution Action before denial notice is dispatched.

Regulatory basis:

CBK consumer protection; forthcoming AI Guidance Note requirement for human oversight of adverse AI credit decisions.

WT-NDTCP-03: High-Value Loan Guardrail

Severity:

FORCE_ASSISTED

Trigger:

Loan application above KSh 1,000,000 (configurable; this is the RECOMMENDED default).

Action:

Forces ASSISTED path. Named officer MUST approve before AUTONOMOUS dispatch of any loan decision.

Audit Trace Extensions The following fields extend the base Audit Trace schema for NDTCP deployments. All fields are mandatory unless marked OPTIONAL. cbk_dcp_licence_number MUST be present in every trace for regulator identification. crb_consent_hash MUST be present and non-null for any interaction where a CRB query was made. regulation_18_data_sources MUST be populated for REPAYMENT_CAPACITY_ASSESS intent class.

Proof-Point Output Format When generated for a CBK examination, the Watchtower 6 Proof-Point MUST include the following sections in addition to the base format defined in draft-veridom-omp:

• Credit Decision Evidence: total loan decisions in period with AUTONOMOUS/ASSISTED/ESCALATED split, adverse action count, Named Officer review rate for adverse decisions.
• CRB Consent Compliance: percentage of CRB queries with logged consent. Zero-tolerance metric -- any CRB query without consent logs is a WT-NDTCP-01 violation and MUST be separately itemised.
• ODPC Compliance Indicators: PII exposure events prevented (WT-01 activations). Data rectification requests and resolution status.
• Named Officer Accountability: list of Named Accountable Officers active in the period with resolution action distribution (RA-1 through RA-4 counts).
• Chain Integrity Verification: confirmation that SHA-256 Merkle chain and RFC 3161 timestamps are intact across all traces in the period. Independent verification instructions included.

Security Considerations All security considerations in draft-veridom-omp apply. The following considerations are specific to the NDTCP profile. CRB Consent Sequencing: An institution could attempt to log a fabricated consent record after the CRB query. WT-NDTCP-01 MUST verify that the crb_consent_hash references a consent record whose timestamp predates the CRB query timestamp. Any consent record timestamped after the CRB query timestamp MUST be flagged as a sequencing violation and the interaction MUST be routed to ESCALATED. Adverse Action Suppression: An institution could attempt to route adverse credit decisions through the AUTONOMOUS path by manipulating confidence score inputs. WT-NDTCP-02 triggers on outcome probability, not on the routing confidence score, to prevent this manipulation.

IANA Considerations This document makes no requests of IANA.

References Normative References Informative References Central Bank of Kenya Central Bank of Kenya Republic of Kenya