OMP Domain Profile: Kenya Deposit-Taking SACCOs -- SASRA Supervision and Cooperative Governance Accountability

Introduction SASRA supervises 355 deposit-taking SACCOs in Kenya. The Cooperatives Bill 2024, currently before the Senate with passage expected Q2 2026, introduces a Commissioner for Cooperative Development with enforcement powers, mandatory quarterly board reports, and criminal penalties for board directors who fail to produce governance evidence of oversight. The KUSCCO forensic audit demonstrated that the principal accountability gap -- the absence of an evidence trail connecting board decisions to operational outcomes -- is not an AI governance problem. It is a structural accountability problem that predates AI and is compounded by AI-assisted lending decisions. The same three-state routing invariant that produces per-decision credit explainability for CBK DCPs produces board-level principal accountability evidence for SASRA-supervised SACCOs. SASRA committed to "advancing digitization" at its strategic Board and Management retreat held March 12-13, 2026. Cabinet Secretary Oparanya confirmed in 2025 that investigations are ongoing into SACCOs beyond KUSCCO. This profile addresses the governance evidence requirements that these enforcement actions and the forthcoming Cooperatives Bill will impose. This document focuses on the principal-agent evidence gap at two levels: board-to-executive (the KUSCCO failure level) and executive-to-loan-officer (the daily operational level). OMP addresses both levels through a single consistent evidence architecture.

Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

KUSCCO Failure Mode Analysis The PwC forensic audit identified the following specific governance evidence failures. This section maps each failure to the specific OMP Watchtower that closes it.

Forged auditor signature (Alfred Basweti, deceased):: No governance record of who engaged the auditor, who reviewed the audit output, or who authorised the audit sign-off. Closed by WT-SACCO-02 (Audit Engagement Verifier): requires named auditor identity verification and Named Accountable Officer acceptance before any audit engagement record is created.
Unauthorised KES 50 million loan to Managing Director:: Processed without board authorisation records. Closed by WT-SACCO-01 (Executive Threshold Guardian): any loan or financial action above the configurable KSh threshold MUST be approved by a Named Accountable Officer with logged rationale before execution can proceed.
Commission rate fraudulently raised from 1% to 3%:: No audit trail of rate change authorisation. Closed by WT-SACCO-03 (Commission Rate Guardian): any change to commission rates, fee structures, or member benefit rates MUST have Named Accountable Officer approval and generates a sealed change record that cannot be deleted.
KES 318 million transferred to KUSCCO Housing without oversight documentation:: Closed by WT-SACCO-01 at the INTERCO_TRANSFER intent class: all inter-entity transfers above threshold require Named Accountable Officer approval with logged rationale and documentary reference.
Unlicensed deposit-taking and insurance operations:: No evidence trail of regulatory authorisations or board decisions to operate unlicensed. Closed by REGULATORY_SUBMISSION intent class with theta = 0.99 and mandatory Named Officer attestation: all regulatory submissions and operational authorisations generate sealed, immutable records.

Regulatory Reference Framework

SACCO Societies Act Cap 490B:: Board accountability for executive operations. OMP ASSISTED path with Named Accountable Officer logging provides interaction-level evidence of supervision for every executive action above defined thresholds.
SASRA DT SACCO Rules 2020:: Annual audited financials, AML compliance, fit-and-proper governance requirements. Watchtower 6 Proof-Point generates the board-ready governance evidence artifact. Chain integrity verification demonstrates financial records have not been altered since creation.
Cooperatives Bill 2024 (Bill No. 7 of 2024, before Senate):: Criminal penalties for board directors who cannot produce governance evidence. The OMP Proof-Point is the governance evidence artifact. Every board decision, every executive action above threshold, and every governance exception generates a sealed, independently verifiable record.
Financial Reporting Centre (FRC) requirements:: AML compliance and suspicious transaction reporting. OMP Watchtower-class detection of unusual transaction patterns with ESCALATED routing to Named Accountable Officer for AML review.
Kenya Data Protection Act 2019:: Member data processing audit trail. WT-01 (PII Exposure Shield) and H_s anchoring of member consent records at time of processing.

Intent Class Configuration

Intent Class	Theta Min	Rationale
LOAN_OFFICER_DECISION	0.88	Loan officer credit decision within delegated authority. Fully logged. Board can audit any decision.
EXECUTIVE_THRESHOLD_ACTION	0.95	Executive action above board-delegated threshold. MUST route ASSISTED. Named board-delegated officer MUST approve before execution.
BOARD_RESOLUTION_RECORD	0.99	Board resolution or board-delegated decision. Always ASSISTED or ESCALATED. Named board officer signature mandatory.
MEMBER_COMPLAINT	0.85	Member complaint or dispute. Regulatory Silence Detector active. 5-day SASRA response deadline enforced.
AUDIT_ENGAGEMENT	0.99	External auditor engagement or audit report acceptance. Named board officer mandatory. Prevents forged auditor signatures.
INTERCO_TRANSFER	0.95	Transfer to subsidiary or affiliated entity. Hard block above KSh 10M without board-delegated officer approval and documented rationale.
REGULATORY_SUBMISSION	0.99	Submission to SASRA, FRC, or ODPC. Named officer MUST attest before dispatch. Creates immutable record that submission was reviewed.
RATE_CHANGE	0.99	Change to commission rates, fee structures, or member benefit rates. Named officer MUST approve. Immutable change record generated.

Watchtower Configuration

WT-SACCO-01: Executive Threshold Guardian

Severity:: HARD_BLOCK
Trigger:: Any EXECUTIVE_THRESHOLD_ACTION or INTERCO_TRANSFER above the configurable KSh threshold (RECOMMENDED default: KSh 10,000,000).
Action:: Blocks execution. Routes to ASSISTED. Named Accountable Officer MUST approve with logged rationale before any execution proceeds. The rationale field is mandatory and MUST reference a board resolution or delegated authority document.
KUSCCO failure mode closed:: Unauthorised KES 50 million loan to Managing Director. KES 318 million transfer to Housing subsidiary.

WT-SACCO-02: Audit Engagement Verifier

Severity:: HARD_BLOCK
Trigger:: Any AUDIT_ENGAGEMENT intent class interaction.
Action:: Requires before execution: (i) named auditor identity logged, (ii) auditor licence verification query with H_s anchor, (iii) Named Accountable Officer acceptance with timestamp. No audit engagement record can be created without all three elements sealed in the Audit Trace.
KUSCCO failure mode closed:: Forged signature of deceased auditor Alfred Basweti. With this Watchtower active, any audit engagement requires a live, timestamped, sealed record of auditor identity verification. A deceased auditor's licence cannot pass the verification query.

WT-SACCO-03: Commission Rate Guardian

Severity:: FORCE_ASSISTED
Trigger:: Any RATE_CHANGE intent class interaction, or any configuration change to commission rates, fee structures, or member benefit rates.
Action:: Forces ASSISTED path. Named Accountable Officer MUST approve. Generates a sealed change record in the Audit Trace that cannot be deleted and is included in every subsequent Proof-Point for the deployment lifetime.
KUSCCO failure mode closed:: Commission rate fraudulently raised from 1% to 3% without board approval. With this Watchtower active, every rate change generates an immutable, board-officer-approved, cryptographically sealed record.

Board Delegated Authority Framework The SACCO profile introduces a board_delegated_authority_level field in the Audit Trace to record the authority level of the Named Accountable Officer for each ASSISTED path decision. This field enables boards to review the authority structure under which each decision was made. Any EXECUTIVE_THRESHOLD_ACTION MUST carry authority level FULL_BOARD or DELEGATED_COMMITTEE. Any lower authority level on this intent class MUST be flagged as an authority mismatch and routed to ESCALATED.

Audit Trace Extensions sasra_sacco_registration_number MUST be present in every trace. delegation_resolution_reference MUST be present and non-null for all EXECUTIVE_THRESHOLD_ACTION interactions. auditor_licence_hash MUST be present and non-null for all AUDIT_ENGAGEMENT interactions. rate_change_board_reference MUST be present for all RATE_CHANGE interactions.

Proof-Point Output Format The SACCO Proof-Point, generated quarterly by default and on-demand for SASRA inspections or forensic audit requests, MUST include:

Board Governance Summary: actions taken in period by authority level. Percentage requiring board-delegated approval. Threshold exceptions with Named Officer identities.
Executive Action Register: all EXECUTIVE_THRESHOLD_ACTION decisions with Named Officer approvals, rationales, and timestamps. Every executive action above threshold reviewable from the Proof-Point alone.
Audit Engagement Record: all AUDIT_ENGAGEMENT events with auditor identity, licence verification status, and Named Officer acceptance timestamps.
Commission and Fee Change Log: all WT-SACCO-03 activations with Named Officer approvals and before/after values. Immutable record of every rate change authorisation.
Member Complaint Status: all MEMBER_COMPLAINT interactions with SASRA SLA compliance rate. Any SLA breach itemised separately.
Chain Integrity Verification: SHA-256 Merkle chain and RFC 3161 timestamp integrity confirmation across the full period with independent verification instructions.

Security Considerations All security considerations in draft-veridom-omp apply. Authority Level Spoofing: the board_delegated_authority_level field is set at deployment configuration time, not at runtime. Changing it requires a Threshold Change Record sealed with SHA-256 per the core protocol Change Control process. Any modification creates an immutable record of the authority level change. Threshold Manipulation: the KSh threshold for WT-SACCO-01 is a deployment configuration parameter subject to Change Control. The configuration hash (config_hash field in VerticalConfig) detects any unauthorised threshold change at verification time. Retroactive Document Insertion: an institution could attempt to fabricate a board resolution reference after the fact to satisfy delegation_resolution_reference requirements. The H_s anchor on the referenced document and the RFC 3161 timestamp on the Audit Trace together establish whether the referenced document predated the executive action. Any reference document timestamped after the executive action timestamp MUST be flagged as a sequencing violation.

IANA Considerations This document makes no requests of IANA.