The Communications Authority of Kenya has issued a directive to mobile network operators to review their respective subscriber registration databases and confirm that SIM cards that are unregistered or those with suspicious registration status are immediately switched off or risk facing legal actions.
The directive comes years after the Authority issued an update in 2015 calling for the same operators to ensure that all SIM cards purchased are registered to their respective networks. This was after reports of rampant hawking of SIM cards, which is against the law.
At the time, the Authority directed mobile operators to suspend all SIM cards whose registration status was not in compliance with the SIM card registration Regulations.
Despite the directive, the Authority continued receiving reports that there were still some unregistered SIM cards active on the mobile networks. These reports were contrary to returns from the mobile network operators that claimed total compliance with the SIM card registration obligations.
Following the reports, the Authority subsequently undertook an exercise to verify the extent to which the operators had adhered to the SIM card regulations. This included market surveillance and forensic audit of the operator data.
It was found that several agents do not request for identification documents at the point of purchase of the SIM cards. The forensic audit shows that there is also little or no verification of the identities of SIM card buyers vis a vis the documents they have presented.
Notably, hawking of SIM cards was still rampant and, in some cases, the agents were also charging buyers an additional fee for registration, both of which go against the body’s regulations.
For instance, hawking SIM cards is an offense that attracts a fine of up to 500,000 shillings or 12 months imprisonment or both. In addition, providing incorrect information is an offense that attracts a fine 100,000 shillings or imprisonment for six months or both.
The most recent audit shows that focused primarily on determining whether all the subscribers were properly registered in accordance with the law revealed that while all the MNOs had data access security policies in place, there were several non-conformities with the SIM card registration regulations.
In cases where subscribers used passports as a form of identification anomalies like the numerical length of the Kenyan passports. The Authority affirmed that operators are not in control of the agents as shown by weak controls in the management of SIM sales agents.
Also, the operator’s databases showed that they have records, which appeared to have been populated from other secondary sources. Other SIM cards were found to have multiple registrations with different identity details, with potential use for criminal purposes.
In a nutshell, it was revealed that the data in the subscriber databases of the mobile network operators were incomplete and inaccurate, pointing to the need for a verification system to help enhance the authenticity of the data. Consequently, the Authority reports that the agreements between the operators and agents are purely commercial and do not adhere to the SIM card regulations, which is a dangerous trend that jeopardizes the security of citizens.
Therefore, the Authority has asked the operators to confirm the registration status, verify documents used for registration, and to submit details of their agents and sub-agents. Another audit to confirm the compliance with these directives will be conducted after three months.
“SIM card registration is one of the deterrent measures, which if left unattended poses an enormous risk. I, therefore, call upon all concerned parties including MNOs, their agents and subscribers, to adhere to the SIM card registration requirements,” concluded Francis Wangusi, the Director-General.