CBK tightens oversight on e-payment systems to strengthen governance, mitigate risk

The Central Bank of Kuwait (CBK) has issued a new directive reinforcing strict controls on the use of the electronic payment gateway system by payment service providers, electronic money companies, and payment system operators.

This move is part of CBK’s ongoing efforts to enhance governance, ensure compliance, and reduce operational and financial risks associated with digital financial services.

The circular reaffirms CBK’s commitment to safeguard the integrity of Kuwait’s electronic payments infrastructure, especially amid the rapid growth of digital financial transactions.
The Central Bank made it clear that service providers are fully legally responsible for the accuracy and validity of all documents and data uploaded through the gateway. Violations may result in legal consequences under Article 85 of Law No. 32 of 1968 concerning currency and banking regulations.

Companies are required to submit documents through their legal representatives or officially authorized employees, with prior notification to the CBK regarding the identity and authorization of these personnel. In the event of any user’s resignation, the bank must be notified immediately, and a request must be submitted to revoke that individual’s system access without delay.

The circular also mandates companies to retain original copies of all critical documents, including those from government authorities, such as certificates from the criminal enforcement prosecution related to shareholders and leadership candidates, to be submitted upon CBK’s request.

According to the circular, service providers must:

• Guarantee the integrity of all uploaded documents, ensuring full legal accountability;
• Submit documents only through officially designated company representatives or authorized staff, with advance notice to the CBK;
• Immediately inform the CBK if an authorized user resigns and initiate revocation of system access accordingly.

This directive strengthens CBK’s digital oversight, ensuring proper system usage and clear legal accountability. For companies, it enhances internal governance, reduces exposure to risks from unauthorized employee actions, and minimizes operational vulnerabilities.

For customers, it boosts trust in Kuwait’s national e-payment infrastructure by ensuring only verified individuals manage their data and transactions.

In a related context, the CBK referred service providers to key articles of the “Instructions for Regulating Electronic Payment Business” issued on May 14, 2023. Article 33 requires governance-related policies and procedures, while Article 27 mandates compliance with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations outlined in Law No. 106 of 2013 and international FATF standards.

Additionally, CBK reminded companies of requirements related to leadership appointments set forth in its circular dated July 5, 2023, and document submission protocols established on October 20, 2024. It also directed providers to conduct annual reviews to assess the solvency, integrity, and technical qualifications of board members and key personnel. Any changes must be reported to CBK immediately, with proper documentation proving compliance.

With these comprehensive measures, CBK aims to reinforce a secure, transparent, and well-governed electronic financial environment in Kuwait.