



Network Working Group                                         T. Adebayo
Internet-Draft                                             F. Makanjuola
Intended status: Informational                               Veridom Ltd
Expires: 22 September 2026                                 21 March 2026


OMP Domain Profile: Kenya Deposit-Taking SACCOs -- SASRA Supervision and
                 Cooperative Governance Accountability
                       draft-veridom-omp-sacco-00

Abstract

   This document defines the OMP domain profile for deposit-taking
   SACCOs (Savings and Credit Cooperative Organisations) operating under
   SASRA supervision in Kenya.  It specifies the Intent Class
   configuration, routing threshold ranges, Watchtower definitions, and
   Audit Trace extensions required to satisfy board-level principal
   accountability requirements under the SACCO Societies Act and the
   Cooperatives Bill 2024.

   The PricewaterhouseCoopers forensic audit of KUSCCO [KUSCCO-PWC-2025]
   (Kenya Union of Savings and Credit Co-operatives), presented to the
   Cabinet Secretary for Cooperatives and MSMEs in 2025, identified KES
   13.3 billion in misappropriated funds.  Every specific failure
   identified -- forged auditor signatures, unauthorised executive
   loans, fraudulent commission rate changes, unlicensed operations --
   was undetectable because no evidence trail connected board
   authorisation to operational outcome.  This profile specifies the OMP
   architecture that closes each of those specific failure modes.

   The Cooperatives Bill 2024 [COOPERATIVES-BILL-2024] (Bill No. 7 of
   2024), currently before the Kenyan Senate, introduces criminal
   penalties for SACCO board directors who cannot produce governance
   evidence.  This profile REQUIRES implementation of the core OMP
   protocol as defined in [I-D.veridom-omp].  The full specification is
   also available at [ZENODO-OMP].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.





Adebayo & Makanjuola    Expires 22 September 2026               [Page 1]

Internet-Draft              OMP SACCO Profile                 March 2026


   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 22 September 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Terminology . . . . . . . . . . . . . . . . .   3
   3.  KUSCCO Failure Mode Analysis  . . . . . . . . . . . . . . . .   3
   4.  Regulatory Reference Framework  . . . . . . . . . . . . . . .   4
   5.  Intent Class Configuration  . . . . . . . . . . . . . . . . .   5
   6.  Watchtower Configuration  . . . . . . . . . . . . . . . . . .   6
     6.1.  WT-SACCO-01: Executive Threshold Guardian . . . . . . . .   6
     6.2.  WT-SACCO-02: Audit Engagement Verifier  . . . . . . . . .   6
     6.3.  WT-SACCO-03: Commission Rate Guardian . . . . . . . . . .   7
   7.  Board Delegated Authority Framework . . . . . . . . . . . . .   7
   8.  Audit Trace Extensions  . . . . . . . . . . . . . . . . . . .   7
   9.  Proof-Point Output Format . . . . . . . . . . . . . . . . . .   8
   10. Security Considerations . . . . . . . . . . . . . . . . . . .   9
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     12.1.  Normative References . . . . . . . . . . . . . . . . . .   9
     12.2.  Informative References . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   SASRA [SASRA-DT-RULES-2020] supervises 355 deposit-taking SACCOs in
   Kenya.  The Cooperatives Bill 2024, currently before the Senate with
   passage expected Q2 2026, introduces a Commissioner for Cooperative
   Development with enforcement powers, mandatory quarterly board
   reports, and criminal penalties for board directors who fail to
   produce governance evidence of oversight.




Adebayo & Makanjuola    Expires 22 September 2026               [Page 2]

Internet-Draft              OMP SACCO Profile                 March 2026


   The KUSCCO forensic audit demonstrated that the principal
   accountability gap -- the absence of an evidence trail connecting
   board decisions to operational outcomes -- is not an AI governance
   problem.  It is a structural accountability problem that predates AI
   and is compounded by AI-assisted lending decisions.  The same three-
   state routing invariant that produces per-decision credit
   explainability for CBK DCPs produces board-level principal
   accountability evidence for SASRA-supervised SACCOs.

   SASRA committed to "advancing digitization" at its strategic Board
   and Management retreat held March 12-13, 2026.  Cabinet Secretary
   Oparanya confirmed in 2025 that investigations are ongoing into
   SACCOs beyond KUSCCO.  This profile addresses the governance evidence
   requirements that these enforcement actions and the forthcoming
   Cooperatives Bill will impose.

   This document focuses on the principal-agent evidence gap at two
   levels: board-to-executive (the KUSCCO failure level) and executive-
   to-loan-officer (the daily operational level).  OMP addresses both
   levels through a single consistent evidence architecture.

2.  Conventions and Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] when, and only when, they appear in all capitals, as
   shown here.

3.  KUSCCO Failure Mode Analysis

   The PwC forensic audit identified the following specific governance
   evidence failures.  This section maps each failure to the specific
   OMP Watchtower that closes it.

   Forged auditor signature (Alfred Basweti, deceased):  No governance
      record of who engaged the auditor, who reviewed the audit output,
      or who authorised the audit sign-off.  Closed by WT-SACCO-02
      (Audit Engagement Verifier): requires named auditor identity
      verification and Named Accountable Officer acceptance before any
      audit engagement record is created.

   Unauthorised KES 50 million loan to Managing Director:  Processed
      without board authorisation records.  Closed by WT-SACCO-01
      (Executive Threshold Guardian): any loan or financial action above
      the configurable KSh threshold MUST be approved by a Named
      Accountable Officer with logged rationale before execution can
      proceed.



Adebayo & Makanjuola    Expires 22 September 2026               [Page 3]

Internet-Draft              OMP SACCO Profile                 March 2026


   Commission rate fraudulently raised from 1% to 3%:  No audit trail of
      rate change authorisation.  Closed by WT-SACCO-03 (Commission Rate
      Guardian): any change to commission rates, fee structures, or
      member benefit rates MUST have Named Accountable Officer approval
      and generates a sealed change record that cannot be deleted.

   KES 318 million transferred to KUSCCO Housing without oversight
   documentation:  Closed by WT-SACCO-01 at the INTERCO_TRANSFER intent
      class: all inter-entity transfers above threshold require Named
      Accountable Officer approval with logged rationale and documentary
      reference.

   Unlicensed deposit-taking and insurance operations:  No evidence
      trail of regulatory authorisations or board decisions to operate
      unlicensed.  Closed by REGULATORY_SUBMISSION intent class with
      theta = 0.99 and mandatory Named Officer attestation: all
      regulatory submissions and operational authorisations generate
      sealed, immutable records.

4.  Regulatory Reference Framework

   SACCO Societies Act Cap 490B:  Board accountability for executive
      operations.  OMP ASSISTED path with Named Accountable Officer
      logging provides interaction-level evidence of supervision for
      every executive action above defined thresholds.

   SASRA DT SACCO Rules 2020:  Annual audited financials, AML
      compliance, fit-and-proper governance requirements.  Watchtower 6
      Proof-Point generates the board-ready governance evidence
      artifact.  Chain integrity verification demonstrates financial
      records have not been altered since creation.

   Cooperatives Bill 2024 (Bill No. 7 of 2024, before Senate):  Criminal
      penalties for board directors who cannot produce governance
      evidence.  The OMP Proof-Point is the governance evidence
      artifact.  Every board decision, every executive action above
      threshold, and every governance exception generates a sealed,
      independently verifiable record.

   Financial Reporting Centre (FRC) requirements:  AML compliance and
      suspicious transaction reporting.  OMP Watchtower-class detection
      of unusual transaction patterns with ESCALATED routing to Named
      Accountable Officer for AML review.

   Kenya Data Protection Act 2019:  Member data processing audit trail.
      WT-01 (PII Exposure Shield) and H_s anchoring of member consent
      records at time of processing.




Adebayo & Makanjuola    Expires 22 September 2026               [Page 4]

Internet-Draft              OMP SACCO Profile                 March 2026


5.  Intent Class Configuration

   +============================+=======+==============================+
   | Intent Class               | Theta | Rationale                    |
   |                            | Min   |                              |
   +============================+=======+==============================+
   | LOAN_OFFICER_DECISION      | 0.88  | Loan officer credit          |
   |                            |       | decision within delegated    |
   |                            |       | authority.  Fully logged.    |
   |                            |       | Board can audit any          |
   |                            |       | decision.                    |
   +----------------------------+-------+------------------------------+
   | EXECUTIVE_THRESHOLD_ACTION | 0.95  | Executive action above       |
   |                            |       | board-delegated              |
   |                            |       | threshold.  MUST route       |
   |                            |       | ASSISTED.  Named board-      |
   |                            |       | delegated officer MUST       |
   |                            |       | approve before execution.    |
   +----------------------------+-------+------------------------------+
   | BOARD_RESOLUTION_RECORD    | 0.99  | Board resolution or          |
   |                            |       | board-delegated decision.    |
   |                            |       | Always ASSISTED or           |
   |                            |       | ESCALATED.  Named board      |
   |                            |       | officer signature            |
   |                            |       | mandatory.                   |
   +----------------------------+-------+------------------------------+
   | MEMBER_COMPLAINT           | 0.85  | Member complaint or          |
   |                            |       | dispute.  Regulatory         |
   |                            |       | Silence Detector active.     |
   |                            |       | 5-day SASRA response         |
   |                            |       | deadline enforced.           |
   +----------------------------+-------+------------------------------+
   | AUDIT_ENGAGEMENT           | 0.99  | External auditor             |
   |                            |       | engagement or audit          |
   |                            |       | report acceptance.  Named    |
   |                            |       | board officer mandatory.     |
   |                            |       | Prevents forged auditor      |
   |                            |       | signatures.                  |
   +----------------------------+-------+------------------------------+
   | INTERCO_TRANSFER           | 0.95  | Transfer to subsidiary or    |
   |                            |       | affiliated entity.  Hard     |
   |                            |       | block above KSh 10M          |
   |                            |       | without board-delegated      |
   |                            |       | officer approval and         |
   |                            |       | documented rationale.        |
   +----------------------------+-------+------------------------------+
   | REGULATORY_SUBMISSION      | 0.99  | Submission to SASRA, FRC,    |
   |                            |       | or ODPC.  Named officer      |



Adebayo & Makanjuola    Expires 22 September 2026               [Page 5]

Internet-Draft              OMP SACCO Profile                 March 2026


   |                            |       | MUST attest before           |
   |                            |       | dispatch.  Creates           |
   |                            |       | immutable record that        |
   |                            |       | submission was reviewed.     |
   +----------------------------+-------+------------------------------+
   | RATE_CHANGE                | 0.99  | Change to commission         |
   |                            |       | rates, fee structures, or    |
   |                            |       | member benefit rates.        |
   |                            |       | Named officer MUST           |
   |                            |       | approve.  Immutable          |
   |                            |       | change record generated.     |
   +----------------------------+-------+------------------------------+

                                  Table 1

6.  Watchtower Configuration

6.1.  WT-SACCO-01: Executive Threshold Guardian

   Severity:  HARD_BLOCK

   Trigger:  Any EXECUTIVE_THRESHOLD_ACTION or INTERCO_TRANSFER above
      the configurable KSh threshold (RECOMMENDED default: KSh
      10,000,000).

   Action:  Blocks execution.  Routes to ASSISTED.  Named Accountable
      Officer MUST approve with logged rationale before any execution
      proceeds.  The rationale field is mandatory and MUST reference a
      board resolution or delegated authority document.

   KUSCCO failure mode closed:  Unauthorised KES 50 million loan to
      Managing Director.  KES 318 million transfer to Housing
      subsidiary.

6.2.  WT-SACCO-02: Audit Engagement Verifier

   Severity:  HARD_BLOCK

   Trigger:  Any AUDIT_ENGAGEMENT intent class interaction.

   Action:  Requires before execution: (i) named auditor identity
      logged, (ii) auditor licence verification query with H_s anchor,
      (iii) Named Accountable Officer acceptance with timestamp.  No
      audit engagement record can be created without all three elements
      sealed in the Audit Trace.

   KUSCCO failure mode closed:  Forged signature of deceased auditor




Adebayo & Makanjuola    Expires 22 September 2026               [Page 6]

Internet-Draft              OMP SACCO Profile                 March 2026


      Alfred Basweti.  With this Watchtower active, any audit engagement
      requires a live, timestamped, sealed record of auditor identity
      verification.  A deceased auditor's licence cannot pass the
      verification query.

6.3.  WT-SACCO-03: Commission Rate Guardian

   Severity:  FORCE_ASSISTED

   Trigger:  Any RATE_CHANGE intent class interaction, or any
      configuration change to commission rates, fee structures, or
      member benefit rates.

   Action:  Forces ASSISTED path.  Named Accountable Officer MUST
      approve.  Generates a sealed change record in the Audit Trace that
      cannot be deleted and is included in every subsequent Proof-Point
      for the deployment lifetime.

   KUSCCO failure mode closed:  Commission rate fraudulently raised from
      1% to 3% without board approval.  With this Watchtower active,
      every rate change generates an immutable, board-officer-approved,
      cryptographically sealed record.

7.  Board Delegated Authority Framework

   The SACCO profile introduces a board_delegated_authority_level field
   in the Audit Trace to record the authority level of the Named
   Accountable Officer for each ASSISTED path decision.  This field
   enables boards to review the authority structure under which each
   decision was made.

   board_delegated_authority_level: enum {
     FULL_BOARD,           // resolution of the full board
     DELEGATED_COMMITTEE,  // board-delegated committee decision
     CEO,                  // CEO within board-delegated authority
     LOANS_MANAGER,        // Loans Manager within delegated limits
     LOAN_OFFICER          // Loan Officer within delegated limits
   }

   Any EXECUTIVE_THRESHOLD_ACTION MUST carry authority level FULL_BOARD
   or DELEGATED_COMMITTEE.  Any lower authority level on this intent
   class MUST be flagged as an authority mismatch and routed to
   ESCALATED.

8.  Audit Trace Extensions






Adebayo & Makanjuola    Expires 22 September 2026               [Page 7]

Internet-Draft              OMP SACCO Profile                 March 2026


   {
     "sasra_sacco_registration_number": "string",
     "board_delegated_authority_level": "enum (see Section 6)",
     "delegation_resolution_reference": "string | null",
     "interco_counterparty_id":         "string | null",
     "auditor_licence_hash":            "sha256 | null",
     "rate_change_previous_value":      "string | null",
     "rate_change_new_value":           "string | null",
     "rate_change_board_reference":     "string | null",
     "sacco_schema_version":            "SACCO-PROFILE-v1.0"
   }

   sasra_sacco_registration_number MUST be present in every trace.
   delegation_resolution_reference MUST be present and non-null for all
   EXECUTIVE_THRESHOLD_ACTION interactions.  auditor_licence_hash MUST
   be present and non-null for all AUDIT_ENGAGEMENT interactions.
   rate_change_board_reference MUST be present for all RATE_CHANGE
   interactions.

9.  Proof-Point Output Format

   The SACCO Proof-Point, generated quarterly by default and on-demand
   for SASRA inspections or forensic audit requests, MUST include:

   *  Board Governance Summary: actions taken in period by authority
      level.  Percentage requiring board-delegated approval.  Threshold
      exceptions with Named Officer identities.

   *  Executive Action Register: all EXECUTIVE_THRESHOLD_ACTION
      decisions with Named Officer approvals, rationales, and
      timestamps.  Every executive action above threshold reviewable
      from the Proof-Point alone.

   *  Audit Engagement Record: all AUDIT_ENGAGEMENT events with auditor
      identity, licence verification status, and Named Officer
      acceptance timestamps.

   *  Commission and Fee Change Log: all WT-SACCO-03 activations with
      Named Officer approvals and before/after values.  Immutable record
      of every rate change authorisation.

   *  Member Complaint Status: all MEMBER_COMPLAINT interactions with
      SASRA SLA compliance rate.  Any SLA breach itemised separately.

   *  Chain Integrity Verification: SHA-256 Merkle chain and RFC 3161
      timestamp integrity confirmation across the full period with
      independent verification instructions.




Adebayo & Makanjuola    Expires 22 September 2026               [Page 8]

Internet-Draft              OMP SACCO Profile                 March 2026


10.  Security Considerations

   All security considerations in draft-veridom-omp apply.

   Authority Level Spoofing: the board_delegated_authority_level field
   is set at deployment configuration time, not at runtime.  Changing it
   requires a Threshold Change Record sealed with SHA-256 per the core
   protocol Change Control process.  Any modification creates an
   immutable record of the authority level change.

   Threshold Manipulation: the KSh threshold for WT-SACCO-01 is a
   deployment configuration parameter subject to Change Control.  The
   configuration hash (config_hash field in VerticalConfig) detects any
   unauthorised threshold change at verification time.

   Retroactive Document Insertion: an institution could attempt to
   fabricate a board resolution reference after the fact to satisfy
   delegation_resolution_reference requirements.  The H_s anchor on the
   referenced document and the RFC 3161 timestamp on the Audit Trace
   together establish whether the referenced document predated the
   executive action.  Any reference document timestamped after the
   executive action timestamp MUST be flagged as a sequencing violation.

11.  IANA Considerations

   This document makes no requests of IANA.

12.  References

12.1.  Normative References

   [I-D.veridom-omp]
              Adebayo, T., "Operating Model Protocol (OMP)", Work in
              Progress, Internet-Draft, draft-veridom-omp-00, 21 March
              2026, <https://datatracker.ietf.org/doc/html/draft-
              veridom-omp-00>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

12.2.  Informative References

   [KUSCCO-PWC-2025]
              PricewaterhouseCoopers, "Forensic Audit Report: Kenya
              Union of Savings and Credit Co-operatives", 2025.





Adebayo & Makanjuola    Expires 22 September 2026               [Page 9]

Internet-Draft              OMP SACCO Profile                 March 2026


   [COOPERATIVES-BILL-2024]
              Parliament of Kenya, "Cooperatives Bill 2024 (Bill No. 7
              of 2024)", 2024.

   [SASRA-DT-RULES-2020]
              SACCO Societies Regulatory Authority, "SACCO Societies
              (Deposit-Taking SACCO Business) Regulations 2010 and DT
              SACCO Rules 2020", 2020.

   [ZENODO-OMP]
              Adebayo, T., "OMP - Operating Model Protocol: A
              Deterministic Routing Invariant for Tamper-Evident AI
              Decision Accountability in Regulated Industries",
              Zenodo 10.5281/zenodo.19140948, 21 March 2026.

Authors' Addresses

   Tolulope Adebayo
   Veridom Ltd
   Email: tolulope@veridom.io


   Festus Makanjuola
   Veridom Ltd
   Email: festus@veridom.io


























Adebayo & Makanjuola    Expires 22 September 2026              [Page 10]
