PrivPay, a Kenyan fintech startup that allowed users to conduct M-PESA transactions while keeping their personal details private, ceased operations in May 2023. This shutdown followed Safaricom’s decision to revoke PrivPay’s access to its M-PESA APIs due to compliance concerns, according to sources with direct knowledge of the situation.
Launched in 2022, PrivPay aimed to address a growing concern among Kenyan consumers: the widespread sharing of personal information, such as names and phone numbers, with merchants during M-PESA transactions. These details are often used for marketing purposes, and PrivPay’s solution offered a way for users to maintain their privacy. The startup’s platform was built on Daraja, M-PESA’s free payment APIs, which facilitated seamless transactions without revealing user identities.
Before its launch, PrivPay claimed to have engaged in discussions with Safaricom about its business model and received initial support from the telecom giant. However, the situation took a turn when PrivPay started gaining media attention. In May 2023, Safaricom informed PrivPay via a letter that its business model was not permitted, citing violations of M-PESA’s policies, including the prohibition of third-party transactions. Safaricom further suspended PrivPay’s pay bill account, a crucial component that allowed the startup to process transactions through M-PESA.
The suspension came amid Safaricom’s concerns that PrivPay’s operations could potentially contravene Kenya’s Anti-Money Laundering (AML) regulations. Safaricom advised the fintech to obtain a payment service provider (PSP) license from the Central Bank of Kenya (CBK) as a prerequisite for continuing its operations. However, the process of acquiring such a license, which could take up to six months, was deemed too resource-intensive for the fledgling startup.
In response to Safaricom’s actions, PrivPay argued that it maintained rigorous transaction records and adhered to data storage standards that could identify suspicious patterns, thus complying with AML requirements. Despite these assurances, Safaricom maintained that only a PSP license or a letter of no objection from the CBK would suffice for PrivPay to continue its operations.
A former executive of PrivPay mentioned that the company had not initially explored the PSP license due to the significant resources required and the time-consuming nature of the process. Although the startup harbored hopes of staging a comeback, the executive acknowledged that mere good intentions were insufficient to meet the stringent regulatory requirements imposed by Safaricom and the CBK.
PrivPay’s shutdown highlights the challenges fintech companies face in navigating complex regulatory landscapes, especially when introducing innovative solutions that challenge traditional business models. As PrivPay contemplates a return, it will need to ensure full compliance with all regulatory frameworks to avoid similar pitfalls in the future.