OPINION | Why the Upcoming Kenya Virtual Assets Regulatory Authority (VARA) Has Serious Governance Red Flags

Kenya’s revised Virtual Asset Service Providers (VASP) Bill introduces a dedicated regulatory authority – the Virtual Assets Regulator Authority (VARA). While this is a commendable step forward in structuring oversight for virtual assets, the proposed makeup of VARA’s board raises critical concerns that warrant further scrutiny.

In a detailed and comprehensive article, Muthoni Njogu, a seasoned Kenyan digital assets lawyer, and one of the key players in the industry who’s proposed recommendations were captured and adopted in the latest revision of the Kenya VASP draft bill, takes an objective look at how VARA is constituted and offers recommendations on what can be done to ensure stakeholders and industry players are fairly represented.

Who Makes Up the Board?

The Bill proposes a seven-member board comprising:

• The Chairperson (appointed by the Cabinet Secretary for the National Treasury)
• The Principal Secretary for the National Treasury or their representative
• The Principal Secretary for ICT or their representative
• The Governor of the Central Bank of Kenya or their representative
• The CEO of the Capital Markets Authority (CMA)
• The CEO of the Communications Authority (CA)
• One appointee from a private entity – the Virtual Assets Chamber of Commerce (VACC)

According to Muthoni, on paper, this looks balanced – combining government, regulatory bodies, and private sector representation.

But a deeper dive shows otherwise. According to Muthoni:

“On the surface, this looks like a smart way to ensure the new Authority is plugged into Kenya’s existing financial system. Having the Treasury, CBK, CMA, and NIFCA at the table should, in theory, lead to coordinated policy. But it also creates a potential minefield of competing loyalties.

The Bill’s solution seems to be a compromise: instead of one operational body, it creates a “joint authority” at the board level by putting the heads of these agencies in the same room. My concern is that this could turn the boardroom into a battleground, where each representative fights for their home institution’s interests instead of focusing on the new VARA’s specific goals. This puts a huge amount of pressure on the Chairperson to build consensus among some very powerful players.

The success or failure of the whole enterprise could hinge on that one person’s skill and independence.”

Appointments, Tenure, and Independence

In order to maintain independence, Muthoni argues that a more open and independent selection process, like parliamentary vetting or a dedicated selection panel, is needed over the current proposal where the Preisent picks the Chairperson.

How long board members sit on the board has also been questioned. Instead a 3-year term, Muthoni propoes a 4-5-year term similar to other international regulators to ensure board stability. She also supports the proposed staggering of board appointments to ensure continuity as terms for each board member expires.

Another commendable part of the Bill is its commitment to diversity.

“It explicitly requires the President and Cabinet Secretary to consider gender balance, ethnic and regional diversity, and the inclusion of people with disabilities and young people in their appointments. This sets a high bar for public bodies in Kenya and is something to be proud of,” says Muthoni.

Board Members Qualifications – A Big Problem

When it comes to qualifications, Muthoni argues that the proposed bill is very vague despite being reasonable in other areas.

Clause 8 of the Bill lays out qualifications for the board as follows:

• A university degree
• To meet the integrity standards of the Constitution
• Have a clean criminal and bankruptcy record, and
• Aleast five years knowledge and experience in law, finance or technology” [Clause 8(b)].

“This sounds reasonable, but that last requirement is the single biggest weakness in the whole proposal. It’s dangerously vague. What does “experience in… technology” even mean? Someone could have spent 20 years in traditional bank IT or corporate law and technically qualify, but know absolutely nothing about blockchain, crypto security, smart contracts, or how these new virtual assets actually work.” – says Muthoni

She adds:

“This vagueness creates a huge risk.

The board could be filled with generalists who are “qualified” on paper but can’t provide any real oversight. It opens the door for political appointees who lack the technical depth to challenge the CEO or the industry.

The board might end up in a situation of “capture by complexity,” where they just have to nod along with whatever the CEO or the industry rep says because they don’t understand the details.

This is the exact opposite of good governance.”

According to Muthoni, the qualifications for the CEO in Clause 14(2)(b), which specifically demands’experience in dealing in virtual assets and blockchain-based technologies,’ sets up an imbalance where the executive is guaranteed to know more than the board supposed to be supervising them.

“An effective board has to be able to ask tough, informed questions, and the Bill as written simply doesn’t guarantee that.”

A Look at Global Approaches

In order to understand the pros and cons of the VARA Kenyan proposal, Muthoni looks at how other jurisdictions are handling this while looking at different philosophies around balancing:

• Expertise
• Independence
• Integration

What to do – The Gibraltar Model

Muthoni argues that the Gibraltar case is a good example of what to do.

“Instead of creating a whole new regulator, they just gave the job to their existing, well-respected Financial Services Commission (GFSC). This meant they could use the infrastructure and expertise they already had.

The GFSC’s board is all about deep, apolitical competence. It’s made up of a CEO and seven other members, and the law requires at least two of them to have regulatory experience in another country, which brings in an international perspective. If you look at who is on the board, it’s a who’s who of senior figures from finance, law, and accounting. The CEO has over 30 years in the industry, and the Chairman used to be the CEO of the UK’s Financial Reporting Council. The other members are partners from major law firms, seasoned bank executives, and chartered accountants.”

According to Muthoni,

“The core idea in Gibraltar is that regulating virtual assets is just a specialized part of financial regulation. It should be governed by the same principles and, most importantly, by people who are proven experts in the field, not political appointees.”

What NOT to do – The Malta Model

Malta went the other way and created a new, standalone body called the Malta Digital Innovation Authority (MDIA) to regulate “technological innovation.”

“In theory, a specialist authority sounds like a good idea. In practice, Malta is a perfect example of what not to do,” says Muthoni.

The MDIA’s board is appointed by the government minister for short terms of one to three years. When you look at the professional backgrounds of the board members, it’s alarming. While the Chairman has a strong tech background , the rest of the board has included:

• A career sports journalist and TV producer.
• A lawyer who is primarily a career politician and former president of the ruling party.
• Other members whose main experience is in completely unrelated fields, like a government communications coordinator, an academic in corporate communication, a vascular surgeon, a sports medicine physician, the president of a management institute , and even a singer.

Muthoni says:

“The Malta model is a stark warning about the danger of creating a “specialist” authority without locking in strict, legally-required qualifications for its board.

Without those rules, the board can become a place for political favors rather than effective oversight. It shows exactly the risk Kenya is running with the vague qualification criteria in its Bill.”

The American Model Introduces a Safeguard

The Wyoming, U.S. modeal is regarded as a leader in creating laws for digital assets. The hybrid model law ‘explicitly requires the board to have both top government officials and technical experts.’

“The beauty of the Wyoming model is that it formally recognizes that you need both political accountability and deep technical knowledge. The law doesn’t just hope for expertise; it mandates it by setting aside seats specifically for “subject matter experts.” This is a simple, powerful safeguard that is completely missing from the Kenyan Bill.” – says Muthoni.

The European Model Creates a Clear Firewall

The EU’s Markets in Crypto-Assets (MiCA) regulation is a different beast altogether.

MiCA ‘creates a single set of rules for all 27 member states, which are then enforced by the national regulators in each country.’

MiCA requires the two big EU bodies:

• The European Securities and Markets Authority (ESMA) and
• The European Banking Authority (EBA)

to coordinate everything, developing the detailed technical rules to make sure everyone is on the same page.

Muthoni says:

“The way these coordinating bodies are governed is very telling. Their main decision-making boards are made up exclusively of the heads of the national financial regulators from across Europe.

This means the people making the rules are the most senior and experienced regulators on the continent.

But here’s the most important lesson from the EU model: how they handle industry input.

Both ESMA and the EBA have formal Stakeholder Groups with people from the industry, consumer groups, and academia.

These groups give advice and opinions on draft rules.

But this is the crucial part: they are not voting members of the main board.

The EU model creates a clear firewall between consultation and decision-making. The regulator gets the benefit of expert advice without giving the industry a vote on its own regulation. This is a much better approach than the Kenyan proposal, which gives the industry a full voting seat at the table.”

Where the Kenya VARA Board Proposal Stands

While the VARA board proposal has some good points, Muthoni says the weaknesses are serious and could cause major problems down the road.

“To be fair, the drafters of the Bill got a few things right.

First, including the CBK, CMA, Treasury, and NIFCA on the board is a smart strategic move. It ensures coordination with the country’s main financial and economic bodies, which is crucial for stability.

Second, bringing in people from the accountants’ (ICPAK) and lawyers’ (LSK) professional bodies is a good nod to the importance of professional ethics.

And finally, as I mentioned before, the legal requirements for diversity in appointments are excellent and set a progressive standard.”

However, she points out some some critical red flags and foreseeable risks:

“Despite those strengths, I see some critical flaws that could cripple the Authority before it even gets started.”

Here is a breakdown of the 3 critical risks and the proposed fixes:

1.) A serious lack of guaranteed technical expertise. This is the biggest issue. The vague requirement for experience in “law, finance or technology” is simply not good enough.

FIX: Muthoni suggests the law should require that at least a few members are “Technical Experts” with deep knowledge of the technology itself, drawing inspiration from Wyoming and Gibraltar.

2.) A high risk of political influence. Giving the President and the Cabinet Secretary all the appointment power without a more transparent, merit-based process is asking for trouble.

FIX: Muthoni suggests the Bill should create a competitive and public recruitment process for the Chairperson and the expert members in order to shift the focus from political selection to merit and make the whole process more accountable.

3.) A built-in conflict of interest. Giving a full voting seat to a representative of the “Virtual Assets Chamber of Commerce” is a fundamental error that invites regulatory capture.

FIX: The representative from the Virtual Assets Chamber of Commerce should not be a voting member. A much better approach, borrowed from the EU model 51, would be to remove the seat from the board entirely and create a formal “Industry Advisory Panel” instead. This panel would have a legal right to be consulted on all new rules and policies. This keeps the vital channel for industry input open, ensuring that regulations are practical, but it reserves the final decision-making power for the independent board. This is the best way to prevent regulatory capture.

Final Thoughts

While the Virtual Asset Service Providers Bill (VASP) is a crucial piece of legislation in Kenya and establishing a regulator was indeed the right move, the proposed governance structure has critical flaws that could doom the Authority from the start.

These fundamental risks include:

• The lack of guaranteed technical expertise
• The risk of political influence, and
• The built-in conflict of interest with the industry.

According to Muthoni:

“The international examples give us a clear roadmap.

The contrast between the expert-led Gibraltar model and the politicized Malta model shows the two paths Kenya can take. The current Bill leans dangerously toward the latter.

The recommendations I’ve laid out mandating real expertise, removing the conflict of interest, and formalizing cooperation are essential fixes. By making these changes, Parliament can give the new Authority a fighting chance to be a credible, effective regulator that can foster responsible innovation and protect Kenya’s financial system in the new digital age.

Getting the governance right from the start isn’t just important; it’s everything.”

Stay tuned to BitKE for deeper insights into the evolving Kenyan crypto regulatory space.

Join our WhatsApp channel here.

_________________________________