Category: Business Daily

Over the past two years, Kenya has taken significant steps to align policy, skills, and infrastructure with the new trend that has seen modern technologies such as artificial intelligence become more integrated into daily life.

In March this year, the government, through the Ministry of ICT, launched a five-year National Artificial Intelligence Strategy to guide the country’s development into a leader in AI innovation.

Private sector actors have also been playing an integral role in advancing the use of AI by investing in the development of tools that help to streamline work across key sectors such as manufacturing, agriculture, finance, and healthcare. However, while these steps have helped the country edge closer to realising its ambition, gaps in the adoption of locally developed AI and automation solutions threaten to reverse the gains made.

‘When the government needs software for elections, for example, they often outsource, even though local companies are capable of delivering solutions that work, at three-quarters or half the price,’ says Alexander Odhiambo, the CEO of Solutech Limited, a company that develops AI and automation solutions.

Compared to the foreign software providers, Alexander says that local software providers possess a more in-depth understanding of the specific needs, preferences, and operating conditions of the local market.

As a result, they are able to develop solutions that are more relevant and effective in the local market. Their proximity to clients also allows for quicker delivery, faster adjustments, and more responsive technical support for urgent issues.

Ironically, the software developer observes that many people still believe that local technology solutions may not have the same advanced features, scalability, or integration capabilities as international ones.

In addition, because local founders are easily reachable, people tend to expect that their solutions will be cheaper than those developed by international firms, even when the quality is the same or even superior.

‘When we started marketing Solutech after our launch in 2014, one of the questions clients would ask was why they should pay as much for our products, not because of quality, but because they could put a face on our name,’ says Odhiambo.

Rayyidh Bayusuf, a software engineer, observes that since they are designed with the needs of their source markets in mind, quite often, many imported solutions do not speak to the unique needs and challenges of other markets.

For instance, real-time order or logistics management tools developed abroad do not speak to the infrastructural challenges that make it difficult for manufacturing and distribution companies to effectively plan routes and track sales teams in Kenya.

‘We had a good use case of one of the largest sweet manufacturers in Kenya, who was struggling to monitor whether their agents were selling the right products to the right people,’ says Bayusuf.

‘While there were many imported solutions available for use, there was no off-the-shelf local software tailored to the unique needs of the manufacturer, a challenge that many other manufacturing firms also faced,’ he adds.

To grow the local IT industry, Mutie Mule, a computer scientist, recommends the formation and implementation of policies that will encourage both the public and private sectors to adopt solutions developed in the country.

‘We have seen the ‘Buy Kenya Build Kenya’ campaign being amplified on products that are tangible, but we hardly hear the same for technology. A policy on ‘buy Kenya’ in the tech space would be a big boost for local IT companies,’ states Mule.

Brian Amani, a computer scientist, agrees, adding that policy incentives for organisations that adopt local digital solutions could encourage more businesses to integrate local IT solutions deployed by both the public and private sectors into their operations.

‘Two years after the electronic Tax Invoice Management System (eTIMS) was rolled out, many businesses are still reluctant to onboard because they fear the Kenya Revenue Authority will be knocking on their doors the moment they do,’ observes Amani.

If, however, companies felt that by adopting the eTIMS system, they would be able to go about their daily operations without being targeted, then they would be more than willing to onboard.

‘This will be a big boost for companies that help businesses connect their accounting, Point of Sale (POS), and Enterprise Resource Planning (ERP) systems to eTIMS for automated, real-time tax compliance,’ says Amani.

In addition, deploying digital upskilling programmes can help to equip organisations with the foundational knowledge and technical skills required to effectively use and integrate emerging local tech solutions into their operations.

Mark Kiarie, an application programmer, says that, of importance also, would be for stakeholders such as the Office of the Data Protection Commissioner to conduct data privacy sensitisation programmes, to promote a culture of responsible data stewardship, among local tech firms.

‘There has been some effort toward that; however, many businesses still lack clarity on compliance. Conducting thorough sensitisation on the importance of proper data management can enhance compliance,’ says Kiarie.

Hacking attacks rose above 100 million breaches in the nine months to September, as cyber criminals increasingly ride on smart phones to hack into consumer bank accounts.

Cyberthieves are using such so-called malware to steal banking credentials from unsuspecting consumers when they log on to their bank accounts via their mobile phones, according to regulators and cybersecurity specialists.

A cyber security report from the Communication Authority of Kenya (CA) shows that malicious software attacks hit 103 million in the nine months to September from 99 million in the same period a year earlier. It is gaining popularity as criminals look for new and lucrative ways to attack firms, disrupting operations and compromising sensitive data across diverse sectors – from healthcare and financial services to retail and regulatory bodies.

This highlights the growing financial exposure of local firms to data theft, extortion and operational downtime caused by malicious software.

Central Bank of Kenya (CBK) data show that half of the Sh1.59 billion that was stolen from banks by hackers was through mobile banking.

Cyberthieves stole Sh810.68 million last year from Sh182.41 million a year earlier-representing a jump of 344 percent.

The communications regulator said the attacks mainly targeted Internet service providers, cloud platforms, government systems and enterprise networks that hold large volumes of consumer or financial data.

The Authority noted that most incidents involved the exploitation of outdated software, default passwords and unsecured system configurations that allowed attackers to gain entry and install backdoors for repeated access.

Read: Cyberattacks against Kenya more than double to 8.6bn in a year

Malware was identified as one of the top threat vectors facing Kenya’s critical information infrastructure alongside system attacks and web application exploits during the three-month review period.

‘Malware attacks mostly targeted systems with known vulnerabilities and those containing sensitive information,’ the report states, adding that the objectives included ‘data encryption or corruption, reputational damage, the deployment of backdoors for persistent access and the exfiltration of confidential data.’ The regulator said the attacks were largely aimed at stealing credentials, encrypting sensitive data or deploying ransomware designed to paralyse operations until payments are made to the perpetrators.

Malware infections often begin when employees click on phishing emails, open infected attachments or visit compromised websites that automatically download malicious code on company networks.

Once inside, the malware spreads across servers and endpoints, harvesting credentials and disabling key systems that support payments, supply chains, or public services.

The growing mobile-phone malware threats represents a new entry point for criminals who typically were used to stealing bank credentials by other means, such as installing skimmers on automatic teller machines or by using scams targeting desktop computer users.

The malware typically gets onto a phone when a user clicks on a text message from an unknown source or taps an advertisement on a website. Once installed, it often lies dormant until the user opens a banking app.

The malware then creates a customized overlay on the authentic banking app. This allows criminals to follow a user’s movements on the phone and eventually grab credentials to the account.

This type of mobile-phone malware is gaining ground as more consumers are using banking apps and financial firms are rolling out a wider array of mobile services.

The share of Kenyans with bank accounts using mobile banking has increased from 25.3 percent in 2019 to 32.6 percent in 2024, CBK data shows.

The rising popularity of mobile-banking malware creates yet another security headache for consumers who are increasingly turning to their mobile phones for everyday tasks from banking to shopping.

‘Cyber risks have increased due to the digitalisation of payments and transfer of money from person to person,’ CBK notes.

It also represents a setback for banks that are pushing customers toward digital channels as a way to reduce costs and improve efficiency. Mobile phones are considered particularly vulnerable to hackers because consumers typically don’t install anti-malware protection onto their devices.

Bank executives say they are trying to thwart the malware by frequently updating and revising their banking applications.

The CA report said the persistence of malware is being driven by the use of artificial intelligence and cybercrime-as-a-service models, which allow criminals to automate attacks and lease malicious tools at minimal cost. ‘The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks,’ reads the report.

These developments, the agency said, have lowered the entry barrier for attackers and increased the frequency of attempted intrusions across both public and private networks.

During the quarter, the National KE-CIRT/CC issued 19.9 million cyber threat advisories, warning organisations to review firewall configurations, update antivirus systems, and strengthen password policies.

Financial institutions have been urged to reinforce monitoring of mobile and online banking platforms, which remain popular entry points for credential theft and fraudulent transactions.

CBK data shows that lenders lost Sh1.59 billion to cyber-criminals last year, with more than half of the amount linked to attacks on mobile banking channels.

The losses underscore the monetary impact of malware and related fraud, which are now being treated by the financial sector as material operational risks. The CBK disclosure shows that the theft of customer deposits has grown four-fold from Sh412 million in 2023 due to fraudulent wire-transfer requests. CBK data showed card fraud cost customers Sh263.29 million, 16.9 times the Sh15.59 million lost in the prior year.

Computer fraud, which includes hacking into systems to steal data, saw bank customers lose Sh203.39 million, a 2.7 times jump from the preceding year, while fraud through identity theft grew six times to Sh199.08 million.

The review period saw online banking fraud rise to Sh111.83 million from Sh106.2 million, while internet scams cost lenders Sh6.07 million up from Sh797,7000 in the prior year.

The CA says weak cyber hygiene, especially in patching and password management, remains the single biggest driver of successful malware infections.

The regulator further warns that firms relying on legacy systems and unsupported software face the highest probability of financial loss from malware-related incidents.

Elsewhere, insurers have begun adjusting cyber cover terms, linking premium rates and deductibles to the maturity of a company’s internal cybersecurity controls.

Underwriters say policyholders with outdated systems or insufficient response plans face limited compensation in the event of a breach.

The CA report shows that financial institutions, government agencies and cloud service providers remain the primary targets of these attacks because of the sensitive data and real-time transactions they handle.

Tech firm IBM’s Cost of a Data Breach 2025 report estimates that the global average cost of a single data breach is about $5 million (around Sh657.5 million), covering response, downtime, customer compensation, and reputational loss.

Such costs can prove catastrophic for medium-sized enterprises and service providers whose operations rely heavily on digital infrastructure.

A prolonged system outage caused by malware can halt revenue collection, disrupt production schedules, and expose firms to penalties under data protection and business continuity regulations.

Sale of salvage motor vehicles by insurance companies is exempt from Value Added Tax (VAT), the High Court in Nairobi has declared, handing insurers a major victory against the taxman.

The court dismissed the Kenya Revenue Authority’s (KRA) appeal, upholding a Tax Appeals Tribunal decision that earlier ruled in favour of ICEA Lion General Insurance Company.

The judgement has also prevented the increase in the the cost of salvaged cars by 16 percent.

Citing The First Schedule of the VAT Act on exemption for ‘insurance and reinsurance services”, the court explained that sale of salvage vehicles is aimed at mitigating the loss incurred from paying the claim and cannot be deemed as income.

Salvaged cars are vehicles declared total loss due to accidents or vandalism and whose repair costs exceed or a near their market value.

They can be repaired or dismantled for parts.

“When an insured’s motor vehicle is written off and the insurer pays the agreed value, the insurer acquires a right to the salvage. This is not a commercial purchase. No separate consideration is paid for th”Sale of the motor vehicles salvages is part of insurance compensation,” the tribunal ruled.

In the appeal, the KRA’s Commissioner of Domestic Taxes argued that the tribunal failed to appreciate that the VAT Act 2013 does not list the sale of motor vehicle salvages as an exempt or zero-rated supply.

“The tribunal erred in law and in fact in failing to appreciate that the proceeds collected from the sale of motor vehicle salvages is to be treated as income and not compensation,” argued the Commissioner.

Another argument was that it was wrong for the tribunal to conclude that disposal of salvages is part of insurance industry business and does not attract any VAT liability.

However, the High Court’s decision to dismiss the appeal was hinged on three critical legal principles, including the insurance indemnity and subrogation doctrine.

The court affirmed that when an insurer compensates a policyholder for a total loss vehicle, it acquires salvage rights under the principle of subrogation, where the insurer steps into the shoes of the insured.

“The disposal of salvage is not a commercial sale but a recovery mechanism to mitigate losses,” the court ruled. “The transaction is one of recoupment, not of trade,” it added.

The court declined KRA’s argument that salvage sales were distinct taxable transactions. The court adopted European VAT jurisprudence to hold that salvage disposal is incidental to insurance services and cannot be artificially separated for taxation.

“The European Union VAT jurisprudence, which heavily influences Kenyan VAT structure, dictates that where two or more elements supplied to the customer are so closely linked that they form, objectively, a single indivisible economic supply, they must not be artificially separated,” said the court.

Further, the court embraced the principle of harmonious interpretation of tax laws.

The judge rejected KRA’s strict reading of the VAT Act, instead interpreting it alongside the Insurance Act, which defines insurance business broadly to include “any business incidental to insurance.”

“To read the VAT Act in isolation would ignore legislative intent,” the court stated, emphasising that tax exemptions should be resolved in favour of taxpayers where ambiguity exists.

The ruling provides much-needed clarity for insurers, who routinely sell salvaged vehicles recovered from claims.

Had KRA succeeded, insurers would have faced additional VAT burdens, potentially increasing premiums for policyholders.e wreck. The acquisition of the salvage is a legal consequence of the contract of indemnity,” affirmed the court in a judgment that sets a precedent that may influence similar disputes involving financial services and VAT exemptions.

The case stemmed from a Sh88.8 million VAT assessment imposed by the KRA on ICEA Lion for the sale of salvage motor vehicles between 2015 and 2018.

KRA had initially demanded Sh122.1 million in corporation tax and Sh88.8 million in VAT from ICEA Lion following an audit.

While the corporation tax dispute was settled through alternative dispute resolution, the VAT issue remained unresolved, leading to litigation.

The Tax Appeals Tribunal ruled in May 2023 that salvage disposal was an integral part of insurance services, which are VAT-exempt, prompting KRA to challenge the decision in the High Court.

The tribunal found that income from sale of salvaged vehicles is part of VAT exemption for insurance services.

Hacking attacks rose above 100 million breaches in the nine months to September, as cyber criminals increasingly ride on smart phones to hack into consumer bank accounts.

Cyberthieves are using such so-called malware to steal banking credentials from unsuspecting consumers when they log on to their bank accounts via their mobile phones, according to regulators and cybersecurity specialists.

A cyber security report from the Communication Authority of Kenya (CA) shows that malicious software attacks hit 103 million in the nine months to September from 99 million in the same period a year earlier. It is gaining popularity as criminals look for new and lucrative ways to attack firms, disrupting operations and compromising sensitive data across diverse sectors – from healthcare and financial services to retail and regulatory bodies.

This highlights the growing financial exposure of local firms to data theft, extortion and operational downtime caused by malicious software.

Central Bank of Kenya (CBK) data show that half of the Sh1.59 billion that was stolen from banks by hackers was through mobile banking.

Cyberthieves stole Sh810.68 million last year from Sh182.41 million a year earlier-representing a jump of 344 percent.

The communications regulator said the attacks mainly targeted Internet service providers, cloud platforms, government systems and enterprise networks that hold large volumes of consumer or financial data.

The Authority noted that most incidents involved the exploitation of outdated software, default passwords and unsecured system configurations that allowed attackers to gain entry and install backdoors for repeated access.

Read: Cyberattacks against Kenya more than double to 8.6bn in a year

Malware was identified as one of the top threat vectors facing Kenya’s critical information infrastructure alongside system attacks and web application exploits during the three-month review period.

‘Malware attacks mostly targeted systems with known vulnerabilities and those containing sensitive information,’ the report states, adding that the objectives included ‘data encryption or corruption, reputational damage, the deployment of backdoors for persistent access and the exfiltration of confidential data.’ The regulator said the attacks were largely aimed at stealing credentials, encrypting sensitive data or deploying ransomware designed to paralyse operations until payments are made to the perpetrators.

Malware infections often begin when employees click on phishing emails, open infected attachments or visit compromised websites that automatically download malicious code on company networks.

Once inside, the malware spreads across servers and endpoints, harvesting credentials and disabling key systems that support payments, supply chains, or public services.

The growing mobile-phone malware threats represents a new entry point for criminals who typically were used to stealing bank credentials by other means, such as installing skimmers on automatic teller machines or by using scams targeting desktop computer users.

The malware typically gets onto a phone when a user clicks on a text message from an unknown source or taps an advertisement on a website. Once installed, it often lies dormant until the user opens a banking app.

The malware then creates a customized overlay on the authentic banking app. This allows criminals to follow a user’s movements on the phone and eventually grab credentials to the account.

This type of mobile-phone malware is gaining ground as more consumers are using banking apps and financial firms are rolling out a wider array of mobile services.

The share of Kenyans with bank accounts using mobile banking has increased from 25.3 percent in 2019 to 32.6 percent in 2024, CBK data shows.

The rising popularity of mobile-banking malware creates yet another security headache for consumers who are increasingly turning to their mobile phones for everyday tasks from banking to shopping.

‘Cyber risks have increased due to the digitalisation of payments and transfer of money from person to person,’ CBK notes.

It also represents a setback for banks that are pushing customers toward digital channels as a way to reduce costs and improve efficiency. Mobile phones are considered particularly vulnerable to hackers because consumers typically don’t install anti-malware protection onto their devices.

Bank executives say they are trying to thwart the malware by frequently updating and revising their banking applications.

The CA report said the persistence of malware is being driven by the use of artificial intelligence and cybercrime-as-a-service models, which allow criminals to automate attacks and lease malicious tools at minimal cost. ‘The detected cyber threats can be attributed to several factors, including inadequate system patching, limited user awareness of threat vectors such as phishing and other social engineering techniques, as well as the growing adoption of AI-driven attacks,’ reads the report.

These developments, the agency said, have lowered the entry barrier for attackers and increased the frequency of attempted intrusions across both public and private networks.

During the quarter, the National KE-CIRT/CC issued 19.9 million cyber threat advisories, warning organisations to review firewall configurations, update antivirus systems, and strengthen password policies.

Financial institutions have been urged to reinforce monitoring of mobile and online banking platforms, which remain popular entry points for credential theft and fraudulent transactions.

CBK data shows that lenders lost Sh1.59 billion to cyber-criminals last year, with more than half of the amount linked to attacks on mobile banking channels.

The losses underscore the monetary impact of malware and related fraud, which are now being treated by the financial sector as material operational risks. The CBK disclosure shows that the theft of customer deposits has grown four-fold from Sh412 million in 2023 due to fraudulent wire-transfer requests. CBK data showed card fraud cost customers Sh263.29 million, 16.9 times the Sh15.59 million lost in the prior year.

Computer fraud, which includes hacking into systems to steal data, saw bank customers lose Sh203.39 million, a 2.7 times jump from the preceding year, while fraud through identity theft grew six times to Sh199.08 million.

The review period saw online banking fraud rise to Sh111.83 million from Sh106.2 million, while internet scams cost lenders Sh6.07 million up from Sh797,7000 in the prior year.

The CA says weak cyber hygiene, especially in patching and password management, remains the single biggest driver of successful malware infections.

The regulator further warns that firms relying on legacy systems and unsupported software face the highest probability of financial loss from malware-related incidents.

Elsewhere, insurers have begun adjusting cyber cover terms, linking premium rates and deductibles to the maturity of a company’s internal cybersecurity controls.

Underwriters say policyholders with outdated systems or insufficient response plans face limited compensation in the event of a breach.

The CA report shows that financial institutions, government agencies and cloud service providers remain the primary targets of these attacks because of the sensitive data and real-time transactions they handle.

Tech firm IBM’s Cost of a Data Breach 2025 report estimates that the global average cost of a single data breach is about $5 million (around Sh657.5 million), covering response, downtime, customer compensation, and reputational loss.

Such costs can prove catastrophic for medium-sized enterprises and service providers whose operations rely heavily on digital infrastructure.

A prolonged system outage caused by malware can halt revenue collection, disrupt production schedules, and expose firms to penalties under data protection and business continuity regulations.

Mobile phones have emerged as the most frequently under-declared items arriving at Eldoret International Airport, which has become a key gateway for consolidated cargo brought in by small-scale traders largely importing goods from Dubai and China.

Undeclared imported goods mean items that have not been properly reported or declared to customs agencies upon import. They may include items that are completely hidden or simply have incorrect information, such as a lower value, in an effort to avoid paying duties or taxes.

The Kenya Revenue Authority (KRA) has reported repeat cases of traders attempting to disguise new mobile phones as refurbished ones in a bid to reduce the declared value and lower payable taxes.

‘We have encountered several cases where traders classify both new and refurbished mobile phones under the same category. We can easily tell the difference because new phones cannot be treated as refurbished ones. The valuation is different, and that determines the correct taxes to be paid,’ Abdi Malik Hussein, KRA’s Chief Manager for Customs and Border Control in the Rift Valley and North Rift region, said.

‘Some mobile phone consignments arrive with unfamiliar brand names. Even after taxes are paid, agencies such as the Kenya Bureau of Standards (Kebs) and the Anti-Counterfeit Authority must verify that the products meet national requirements.’

The KRA bases its taxation on the customs value of imported goods, meaning that a new device attracts a higher duty than a used one because of the higher unit price. While tax rates remain constant, the total payable amount varies with declared value.

Importers of mobile phones into Kenya pay a duty of 25 percent, an excise tax of 10 percent on the customs value, and a 16 percent Value Added Tax (VAT) applied on the total of the customs value plus the import and excise duties. ‘We have encountered several cases where traders classify both new and refurbished mobile phones under the same category. We can easily tell the difference because new phones cannot be treated as refurbished ones. The valuation is different, and that determines the correct taxes to be paid,’ Abdi Malik Hussein, KRA’s Chief Manager for Customs and Border Control in the Rift Valley and North Rift region, said.

‘Some mobile phone consignments arrive with unfamiliar brand names. Even after taxes are paid, agencies such as the Kenya Bureau of Standards (Kebs) and the Anti-Counterfeit Authority must verify that the products meet national requirements.’

The KRA bases its taxation on the customs value of imported goods, meaning that a new device attracts a higher duty than a used one because of the higher unit price. While tax rates remain constant, the total payable amount varies with declared value.

Importers of mobile phones into Kenya pay a duty of 25 percent, an excise tax of 10 percent on the customs value, and a 16 percent Value Added Tax (VAT) applied on the total of the customs value plus the import and excise duties.

Tata Chemicals Magadi Limited has won a long-running dispute with Kajiado County after the Court of Appeal quashed a Sh17.4 billion demand for payment of land rates and royalties for exploiting soda ash.

A bench of three judges of the appellate court quashed the demand for payment, saying the Kajiado County Finance Act, 2014, which the devolved unit was using to demand the money, offended the Mining Act and Article 62(1) and (3) of the Constitution.

The court further said the revenue-raising conduct of the county government contravened Article 209(5) insofar as the operations of the company, formerly Magadi Soda, were paralysed to force it to pay the amount in question.

‘We have looked at the Colonial Lease and the Further Lease of 7th December 2004. They were between the appellant, Tata Chemicals and the Government of Kenya. The lease was extended to 2053. In both leases, the respondent (Kajiado) was not a contracting party. The land rates and royalties were reserved and payable to the Government of Kenya,’ said the court.

The county government demanded the amount from accrued land rates arrears since 2013, for the 224,000 acres of land, used to exploit soda ash.

The county government later enacted the Kajiado Finance Bills 2013/2014, 2015/2016, 2016/2017, and 2017/2018, levying and increasing land rates to Sh11,000 per acre and Sh14,000 per acre, for the railway line, respectively. The company complained about the exponential increase, which it said was going to paralyse its operations.

This was because it was operating with negative net worth and had been kept going by a line of credit from the parent company.

The county went ahead and enacted the Kajiado County Finance Bill 2018/2019, which prescribed land rates at Sh2,000 per acre, but the company contested the Bill, saying they had not been gazetted in the Kenya Gazette.

The court said even assuming that all the premises leased from the national government by the company were not public land, and were rateable properties, the determination of the land rates payable was under the repealed Rating Act and the Valuation for Rating Act.

The court pointed out that the Acts mandated a formal process for valuing properties, including the creation and maintenance of a valuation roll, which was essential for determining fair rates based on the property’s value.

The appellate court said the legislation ensured legal compliance, fairness, and transparency in land rating, as the laws provided a uniform framework for valuation, public participation, and establishment of valuation rolls.

‘They allowed landowners to object to valuations and ensure their interests were considered. Lastly, the Acts prevented arbitrary taxation and ensured accountability in revenue collection for public service,’ said the court.

The court said there was no indication that when the county government asked for the payment of land rates from the company, it was as a result of a determination under the Rating Act and the Valuation for Rating Act.

According to the court, without the rates having been determined under the Rating Act and the Valuation for Rating Act, the demand made to the county government was arbitrary and illegal.

This was because the county government did not put in place an open and accountable framework for determining the payable land rates, and the company, as a landowner, was not provided with an open and objective framework that allowed it the opportunity to challenge whatever rates were being proposed, in breach of the constitution.

‘In conclusion, we determine that the appellant was not obliged to pay the Sh. 17,448,485,646/= as demanded by the respondent because the land rates had not been determined in compliance with the Rating Act, the Valuation of Rating Act Articles 201 and 209(3) and (5) of the Constitution,’ said the court.

IFRS S2-‘Climate-related Disclosure’, is the IFRS sustainability disclosure standard requiring organisations to reveal information about climate-related risks and opportunities that could reasonably be expected to affect the organisation’s cash flows, its access to finance or cost of capital over the short, medium or long term as defined by the International Sustainability Standards Board (ISSB).

The standard is mandatorily applicable in Kenya for public interest entities from January 1, 2027, with other categories to follow in subsequent years.

The disclosure of climate-related targets is intended to provide information on an organisation’s performance towards its targets, including progress towards any legal or regulatory targets. While IFRS S2 does not require organisations to set climate-related targets, including greenhouse gas (GHG) emissions, it provides guidance on the disclosures that are necessary for organisations that do.

Therefore, where an organisation has set one or more climate-related targets, it should ensure that the following accompanying disclosures complement those targets. Some of the information to be provided includes the following.

Organisations are required to disclose the objective of each specific climate-related target they adopt and how this relates to the overall strategic objective of managing the organisation’s climate-related risks and opportunities.

There is also a requirement in IFRS S2 to disclose the part of an organisation to which the climate-related target applies, such as whether it applies to the entire organisation, a segment, a location or a region.

In addition, organisations should provide disclosures on the period over which the target is applicable, the base period from which progress is measured for that target and any milestones and interim targets.

For quantitative targets, organisations should provide information on the use of any absolute or intensity targets applied, including the effect of recent global or local commitments that have informed the climate-related target.

Additionally, organisations should disclose the metrics related to targets, including their approach to setting and reviewing targets, and how they monitor progress against each target.

Organisations should also note the specific GHG emissions targets and related disclosures in IFRS S2, including gross or net GHG emissions targets and the additional disclosures that apply.

Understanding the disclosure requirements of climate-related targets will ensure that organisations provide decision-useful information to their stakeholders.

Over the past two years, Kenya has taken significant steps to align policy, skills, and infrastructure with the new trend that has seen modern technologies such as artificial intelligence become more integrated into daily life.

In March this year, the government, through the Ministry of ICT, launched a five-year National Artificial Intelligence Strategy to guide the country’s development into a leader in AI innovation.

Private sector actors have also been playing an integral role in advancing the use of AI by investing in the development of tools that help to streamline work across key sectors such as manufacturing, agriculture, finance, and healthcare. However, while these steps have helped the country edge closer to realising its ambition, gaps in the adoption of locally developed AI and automation solutions threaten to reverse the gains made.

‘When the government needs software for elections, for example, they often outsource, even though local companies are capable of delivering solutions that work, at three-quarters or half the price,’ says Alexander Odhiambo, the CEO of Solutech Limited, a company that develops AI and automation solutions.

Compared to the foreign software providers, Alexander says that local software providers possess a more in-depth understanding of the specific needs, preferences, and operating conditions of the local market.

As a result, they are able to develop solutions that are more relevant and effective in the local market. Their proximity to clients also allows for quicker delivery, faster adjustments, and more responsive technical support for urgent issues.

Ironically, the software developer observes that many people still believe that local technology solutions may not have the same advanced features, scalability, or integration capabilities as international ones.

In addition, because local founders are easily reachable, people tend to expect that their solutions will be cheaper than those developed by international firms, even when the quality is the same or even superior.

‘When we started marketing Solutech after our launch in 2014, one of the questions clients would ask was why they should pay as much for our products, not because of quality, but because they could put a face on our name,’ says Odhiambo.

Rayyidh Bayusuf, a software engineer, observes that since they are designed with the needs of their source markets in mind, quite often, many imported solutions do not speak to the unique needs and challenges of other markets.

For instance, real-time order or logistics management tools developed abroad do not speak to the infrastructural challenges that make it difficult for manufacturing and distribution companies to effectively plan routes and track sales teams in Kenya.

‘We had a good use case of one of the largest sweet manufacturers in Kenya, who was struggling to monitor whether their agents were selling the right products to the right people,’ says Bayusuf.

‘While there were many imported solutions available for use, there was no off-the-shelf local software tailored to the unique needs of the manufacturer, a challenge that many other manufacturing firms also faced,’ he adds.

To grow the local IT industry, Mutie Mule, a computer scientist, recommends the formation and implementation of policies that will encourage both the public and private sectors to adopt solutions developed in the country.

‘We have seen the ‘Buy Kenya Build Kenya’ campaign being amplified on products that are tangible, but we hardly hear the same for technology. A policy on ‘buy Kenya’ in the tech space would be a big boost for local IT companies,’ states Mule.

Brian Amani, a computer scientist, agrees, adding that policy incentives for organisations that adopt local digital solutions could encourage more businesses to integrate local IT solutions deployed by both the public and private sectors into their operations.

‘Two years after the electronic Tax Invoice Management System (eTIMS) was rolled out, many businesses are still reluctant to onboard because they fear the Kenya Revenue Authority will be knocking on their doors the moment they do,’ observes Amani.

If, however, companies felt that by adopting the eTIMS system, they would be able to go about their daily operations without being targeted, then they would be more than willing to onboard.

‘This will be a big boost for companies that help businesses connect their accounting, Point of Sale (POS), and Enterprise Resource Planning (ERP) systems to eTIMS for automated, real-time tax compliance,’ says Amani.

In addition, deploying digital upskilling programmes can help to equip organisations with the foundational knowledge and technical skills required to effectively use and integrate emerging local tech solutions into their operations.

Mark Kiarie, an application programmer, says that, of importance also, would be for stakeholders such as the Office of the Data Protection Commissioner to conduct data privacy sensitisation programmes, to promote a culture of responsible data stewardship, among local tech firms.

‘There has been some effort toward that; however, many businesses still lack clarity on compliance. Conducting thorough sensitisation on the importance of proper data management can enhance compliance,’ says Kiarie.

Two State documents have provided differing amounts as the compensation offered to a consortium of French contractors who were ousted from a mega highway expansion project, with the figures diverging by Sh1.1 billion.

Disclosures by the Treasury’s Public Private Partnership (PPP) Directorate shows that Kenya paid Sh7.315 billion to the firms that had been awarded the deal to build the 233-kilometre highway.

A separate parliamentary document indicates that Kenya paid the consortium, comprising Vinci Highways SAS, Meridian Infrastructure Africa Fund, and Vinci Concessions SAS, Sh6.2 billion in January.

This has raised questions on the veracity of the payments given that the Controller of Budget-who has legal mandate to authorise withdrawal of public funds – said she signed off Sh6.2 billion.

The compensation to the consortium was made under an emergency payment and required belated approval from Parliament amid fears the French firms would sue Kenya at the London Court of International Arbitration and block handing the deal to Chinese contractors.

‘I am not in possession of this information (Sh7.315 billion). However, I am aware of the Sh6.2 billion as it was paid from the Consolidated Fund,’ Margaret Nyakang’o, the Controller of Budget, said.

The Treasury must get approval from the Controller of Budget before withdrawing cash from the Consolidated Fund-the primary bank account for the national government.

The Director-General of the PPP Directorate, Kefa Seda, linked the differences to the exchange rate and tax equalisation while quoting another figure of Sh6.8 billion.

‘KeNHA (Kenya National Highways Agency) paid Sh6.8 billion which was inclusive of tax equalisation,’ Mr Seda told the Business Daily through a text message.

Tax equalisation is a policy where employers ensure employees working abroad pay the same taxes they would have paid in their home country.

The employer reimburses the excess payment if the tax in the overseas country is greater than what would have been paid in the home country.

It is not clear whether the French contractors had stationed staff in Kenya to cover the additional multi-million shilling tax burden.

The consortium led by France’s Vinci SA Highway had inked the Sh190 billion deal, but construction for the project had not yet begun.

Kenya’s exchange rate has also remained little changed against the dollar and Euro this year. The shilling oscillated between 129.23 units and 129.29 units to the dollar between January and June this year.

While the local currency traded at between Sh130 and Sh130 to euro in the period under review.

‘The number we have when converted to Ksh [Kenya shillings] as of the date of settlement is Sh6.8 billion,’ Mr Seda said.

A consortium of the National Social Security Fund (NSSF) and China Road and Bridge Corporation (CRBC) were last week awarded the deal to build the 175-kilometre highway under PPP and will recoup its investments from toll charges over 30 years.

Kenya terminated the highway expansion deal with the French consortium, citing, among other things, high toll fees.

The highway deal was one of the projects that President William Ruto sought to close in his first visit to China as president.

The termination of the project, which was to be funded from various sources like the Vinci Group, loans from the African Development Bank (AfDB), and guarantees from the World Bank, risked exposing Kenya to litigation and a diplomatic spat with France that backed its firms for the deal.

The push to have the Chinese contractor settle the multi-billion shilling compensation bill and inherit works done by the French contractor, like the feasibility fees, was dropped during President Ruto’s April visit to China. The three French firms, which won the tender procured by KeNHA in 2018, indicated they were ready to break ground on the project, having obtained the financial backing of the AfDB and the World Bank’s International Finance Corporation (IFC).

The consortium was expected to recoup its investments in 30 years by charging toll fees on the road.

The Treasury said the proposed toll fees were a put-off in the Nairobi-Nakuru-Mau Summit road project, which was aimed at decongesting the main artery from Nairobi to western Kenya and the neighbouring countries of Uganda, Rwanda and the Democratic Republic of the Congo.

The Treasury said it pursued an out-of-court settlement to avoid a costly and protracted suit at the London Court of International Arbitration.

Kenya was also fretful that the French would block attempts to transfer the Sh190 billion expansion of the Nairobi-Nakuru-Mau Summit Toll Road to Chinese contractors and mar President Ruto’s visit to Beijing on April 24.

The NSSF consortium expects to earn an operating profit of about $2.63 billion (Sh339.8 billion) over the 30-year concession by charging motorists a minimum toll of Sh8 per kilometre to use the upgraded corridor.

A project summary shows the consortium) projects total revenues of $4.88 billion (Sh630.3 billion) against total costs of $2.25 billion (Sh290.5 billion), yielding a project-level surplus before financing expenses and tax of roughly Sh11.3 billion a year.

The totals cover both the 175-kilometre Nairobi-Nakuru-Mau Summit (A8) section and the 56-kilometre Nairobi-Mai Mahiu-Naivasha (A8 South) link.

Kenya’s private sector is expanding its workforce again, but in the rush to hire, it risks letting a costly and preventable threat slip through the cracks.

As businesses prepare for year-end demand and competition for talent intensifies, many firms may unwittingly recruit the very people who will defraud them.

The solution is not to slow hiring but to raise the bar: to pair urgency with vigilance, and ambition with accountability. Companies that fail to do so may find that their biggest threat this quarter does not come from the market, but from within.

Recent data show that business activity is rebounding. The Stanbic Bank Purchasing Managers’ Index rose to 51.9 in September, its first expansion since April, signalling renewed optimism and the fastest job creation since May 2023.

Across Kenya, companies are staffing up for the busy final quarter. Yet optimism should not breed complacency. When firms expand rapidly, background checks loosen, oversight thins, and controls are stretched. That is when insider fraud thrives.

Globally, occupational fraud is not an anomaly; it is a structural weakness. The Association of Certified Fraud Examiners estimates that organisations lose about five percent of annual revenue to fraud each year. The median loss per case is roughly $145,000, and many schemes persist undetected for months before discovery.

Contrary to popular belief, most frauds are not exposed by data analytics or forensic audits but by people-whistleblowers account for 43 per cent of detections.

The pattern is depressingly familiar: weak processes, unchecked access, and misplaced trust. More than half of all reported cases stem from poor or absent internal controls.

The most common form of occupational fraud is asset misappropriation-ghost workers, inflated claims, doctored expense reports, and fictitious suppliers. Though often smaller in scale than cooked books or procurement collusion, these acts collectively cost billions.

Procurement fraud remains one of the three most disruptive economic crimes globally, behind only cybercrime and corruption.

In Africa, the impact is particularly heavy, eroding productivity, distorting markets, and undermining investor confidence. Kenya is no stranger to this problem. Government audits continue to unearth ‘ghost workers’ and irregular payrolls-red flags that should alarm any private-sector leader.

The Public Service ministry recently concluded a national payroll audit, identifying rogue employees whose names may soon be made public. Meanwhile, the Ethics and Anti-Corruption Commission is pursuing asset recovery cases worth an estimated Sh49.5 billion, with billions more tied up in civil suits.

These figures are not abstract. They reflect a culture of internal manipulation that costs the economy jobs, investment, and credibility.

Kenya’s score of 32 out of 100 on Transparency International’s Corruption Perceptions Index, ranking 121st globally, reinforces the scale of the challenge.

Regionally, the African Union estimates that corruption drains about $148 billion from the continent each year-roughly one quarter of Africa’s total gross domestic product growth potential.

At the same time, the cyber-security agency KE-CIRT continues to list phishing and social engineering among the top forms of attack in Kenya. Many such breaches originate inside organisations, where trusted employees exploit system weaknesses or override safeguards.

Yet even in this landscape, the solution is within reach. Kenyan firms have successfully embedded ‘Know Your Customer’ protocols into their dealings with clients and suppliers.

The next step is to apply the same discipline internally through ‘Know Your Employee’ principles.

In practice, this means treating every new hire, transfer, and promotion as both a talent opportunity and a risk decision. Proper screening must become non-negotiable. Verification of identification documents, academic and professional qualifications, and previous employment history should be standard practice. For sensitive roles, lawful criminal and credit checks are essential.

As Kenya rolls out its Maisha Namba digital identity system, employers have a chance to streamline these checks, provided they adhere to data protection rules and ethical standards. Identity assurance should be viewed as a core business function, not an administrative burden. Beyond hiring, companies must design out opportunities for fraud.

Duties around procurement, payroll, and payments should be separated so that no one individual controls an entire process. Changes to supplier bank details or new vendor approvals should require dual authorisation. Staff in high-risk departments should be rotated periodically, and access rights limited to the bare minimum.

Studies by the ACFE show that strong internal controls not only reduce losses but also speed up detection.

By contrast, frauds that exploit control overrides or loopholes tend to inflict the greatest financial damage. Continuous monitoring is another critical line of defence. Payroll and vendor records should be analysed regularly to flag suspicious activity-duplicate bank accounts, round-number invoices, weekend approvals, or newly created vendors receiving instant payments.

Procurement, both in the public and private sectors, remains the single largest avenue of leakage, and it demands constant oversight rather than occasional audits. Whistleblower systems also deserve greater investment. Nearly half of all fraud cases are exposed through employee tips, yet many organisations still lack anonymous reporting channels or clear protection for those who speak up.

Building a culture of openness-where staff are encouraged to report anomalies without fear-can be a company’s most powerful safeguard.

Finally, firms must anticipate where regulation is heading. Kenya’s data protection and cybercrime laws are tightening, and authorities are ramping up enforcement. Insider lapses that once attracted mild sanctions now carry real financial and reputational costs.

Boards should view compliance not as a checklist but as a strategic pillar of corporate resilience. Kenya’s fourth quarter will bring thousands of new faces into workplaces nationwide.

Most will be genuine contributors; a few will test the seams. Businesses that pair fast hiring with rigorous verification, that balance trust with control, and that invest in integrity as seriously as they invest in growth will emerge stronger. Those that do not risk learning, once again, that the costliest fraud is not the one that happened-but the one they hired.