Trends Analysis (2021-2025)
Banks & Finance
We dive into the five-year performance trajectories (2021–2025) of the evaluated companies and entities in the Banks & Finance Sector. By analysing historical trends and core metrics, this section reveals key patterns, competitive advantages, and priority improvement areas providing actionable insights into compliance drivers and hurdles to empower better decision-making and forward-thinking planning.
Trends in performance of assessed companies over time in the Banks & Finance Sector
Performance Trends for Assessed Banks over the Years (2024-2025) in Rwanda
The performance of Bank of Kigali (BK), Access Bank Rwanda, Equity Bank Rwanda, and Ecobank Rwanda reflects varying levels of privacy maturity within Rwanda's banking and financial services sector. Given the highly sensitive nature of financial and identity data processed by these institutions, differences in performance have direct implications for regulatory compliance, customer trust, and systemic risk.
Bank of Kigali shows a modest but positive improvement, increasing from 33% in 2024 to 35% in 2025. This gradual progression suggests incremental strengthening of privacy and data protection controls, potentially through policy refinements or limited enhancements to governance and security practices. However, the overall score remains relatively low for a leading national financial institution, indicating that privacy controls may not yet be fully embedded across all systems and processes. Bank of Kigali remains exposed to moderate compliance risk. To align with regulatory expectations and sector best practices, the bank should prioritise stronger governance oversight, regular privacy risk assessments, and deeper integration of privacy by design into digital banking platforms and operational processes.
Access Bank Rwanda demonstrates steady improvement, rising from 35% in 2024 to 37% in 2025. While the increase is modest, it indicates continued efforts to address gaps in privacy governance and data protection practices. Despite this progress, the bank's overall performance suggests that privacy maturity is still developing and may rely on reactive compliance measures rather than fully institutionalised controls. Access Bank Rwanda should accelerate its privacy maturity by formalising accountability structures, enhancing technical safeguards, and ensuring consistent implementation of data protection requirements across business units.
Equity Bank Rwanda records a significant improvement, increasing sharply from 35% in 2024 to 66% in 2025. This substantial gain suggests a focused and effective effort to strengthen privacy governance, security controls, and compliance mechanisms. The magnitude of improvement indicates that Equity Bank has likely implemented structured governance frameworks, improved transparency and customer rights management, and enhanced technical and organisational safeguards. Equity Bank Rwanda has materially reduced its compliance risk and now demonstrates comparatively strong privacy maturity within the sector. Continued monitoring, periodic audits, and sustained leadership oversight will be essential to maintaining this level of compliance.
Ecobank Rwanda shows consistent improvement, increasing from 42% in 2024 to 47% in 2025. This upward trend reflects ongoing enhancements to privacy and data protection practices, positioning the bank at a moderate level of maturity relative to peers. While progress is evident, the score suggests that further work is needed to fully embed privacy by design and ensure consistent application across all systems and customer touchpoints. Ecobank Rwanda is on a positive trajectory but should continue strengthening governance, technical safeguards, and cross-border data management practices to meet evolving regulatory and operational demands.
Within the Rwanda banking sector, Equity Bank Rwanda emerges as the clear leader in privacy performance, demonstrating rapid advancement toward stronger compliance with data protection laws. Ecobank Rwanda occupies a middle position with steady progress, while Bank of Kigali and Access Bank Rwanda show slower, incremental improvement and remain at earlier stages of privacy maturity. The findings highlight uneven privacy maturity across Rwanda's banking and financial services sector. While significant progress is achievable, as demonstrated by Equity Bank Rwanda, other institutions remain exposed to compliance, operational, and reputational risks due to slower adoption of robust privacy governance. To ensure sustainable compliance with data protection laws, banks must move beyond incremental improvements and embed strong accountability, advanced security controls, and privacy-by-design principles into all digital and operational processes.
Performance Trends for Assessed Banks over the Years (2024-2025) in Tanzania
The performance of NMB Bank, Equity Bank Tanzania, Stanbic Bank Tanzania, and NBC Bank Tanzania demonstrates varying levels of privacy maturity and markedly different trajectories in strengthening compliance with data protection and privacy requirements. Given the sensitivity of financial, identity, and transactional data handled by banks, these trends are significant indicators of regulatory readiness and institutional resilience.
NMB Bank shows a substantial improvement, increasing sharply from 36% in 2024 to 68% in 2025. This marked progression suggests a deliberate and structured effort to strengthen privacy governance and data protection controls. The scale of improvement indicates that NMB Bank has likely implemented enhanced accountability mechanisms, strengthened security safeguards, and improved management of lawful processing and customer transparency obligations. NMB Bank has significantly reduced its privacy-related compliance risk and now demonstrates comparatively strong alignment with data protection requirements. Sustaining this position will require continued governance oversight, regular audits, and integration of privacy by design into digital banking and system upgrades.
Equity Bank Tanzania also demonstrates strong improvement, rising from 42% in 2024 to 67% in 2025. This trajectory indicates focused investment in privacy and data protection practices, potentially including improved governance structures, clearer privacy notices, and enhanced technical and organisational safeguards. The consistency and scale of improvement suggest that privacy considerations are becoming more embedded in operational and strategic decision-making. Equity Bank Tanzania is approaching a higher level of privacy maturity and is well positioned from a regulatory compliance perspective. Continued attention to cross-border data handling, vendor management, and privacy-by-design implementation will be critical to maintaining this progress.
Stanbic Bank Tanzania shows modest improvement, increasing from 43% in 2024 to 47% in 2025. This incremental change suggests that while foundational privacy controls are in place, progress toward higher maturity is gradual. The relatively moderate score indicates that enhancements may be focused on maintaining baseline compliance rather than advancing toward best practice. Stanbic Bank Tanzania faces moderate compliance risk if progress remains slow. To strengthen its privacy posture, the bank should prioritise stronger governance accountability, regular privacy risk assessments, and deeper integration of privacy controls into operational and digital initiatives.
NBC Bank Tanzania demonstrates minimal improvement, moving marginally from 43% in 2024 to 44% in 2025. This near-static performance suggests challenges in advancing privacy maturity beyond existing controls. While baseline compliance may be maintained, the lack of meaningful progress raises concerns about the bank's ability to adapt to evolving regulatory expectations and technological complexity. NBC Bank Tanzania remains exposed to ongoing compliance and operational risk. Strengthening privacy governance, investing in security enhancements, and embedding privacy by design into system changes will be necessary to avoid stagnation and potential regulatory scrutiny.
NMB Bank and Equity Bank Tanzania emerge as clear leaders, demonstrating significant advancement in privacy and data protection maturity. Stanbic Bank Tanzania occupies a middle position with gradual improvement, while NBC Bank Tanzania shows signs of stagnation that warrant closer attention. The findings highlight divergent levels of privacy maturity across Tanzania's banking sector. While some institutions have demonstrated that rapid and meaningful improvement is achievable, others risk falling behind due to incremental or static progress. Sustainable compliance with data protection laws will require banks to move beyond baseline controls and embed strong governance, robust technical safeguards, and privacy-by-design principles across all systems, products, and customer interactions.
Performance Trends for Assessed Banks over the Years (2023-2025) in Mauritius
The performance of Swanlife, Absa Bank Mauritius, SBM Bank (Mauritius) Limited, and Bank of Baroda reflects differing levels of privacy maturity and varying trajectories in strengthening compliance with data protection laws. Given the sensitivity of personal, financial, and identity data handled by these institutions, the observed trends have direct implications for regulatory exposure, operational resilience, and customer trust.
Swanlife demonstrates overall stability with gradual improvement. After recording 42.71% in 2023 and 42% in 2024, the score increased to 47% in 2025. Last year's analysis correctly observed stability and limited progress between 2023 and 2024. The 2025 improvement indicates that Swanlife has begun to strengthen its privacy and data protection practices beyond a maintenance level. This improvement suggests enhanced governance attention, possible refinement of privacy policies, and incremental strengthening of security and compliance controls. Swanlife has reduced its compliance risk and is transitioning toward moderate privacy maturity. Continued focus on embedding privacy by design, strengthening accountability, and regularly reviewing controls will be necessary to sustain this positive trajectory.
Absa Bank Mauritius shows static performance, maintaining a score of 41% in both 2024 and 2025. While this consistency suggests the presence of baseline privacy and data protection controls, it also indicates limited progress in advancing privacy maturity. The lack of improvement may reflect a focus on maintaining minimum compliance rather than proactively strengthening governance and security frameworks. Absa Bank Mauritius remains exposed to moderate compliance risk. To improve alignment with evolving data protection requirements, the bank should prioritise enhanced governance oversight, periodic privacy risk assessments, and deeper integration of privacy considerations into digital transformation initiatives.
SBM Bank demonstrates a significant improvement, increasing from 44% in 2024 to 60% in 2025. This substantial gain indicates a focused and effective effort to address gaps in privacy governance, security controls, and compliance mechanisms. The scale of improvement suggests stronger accountability structures, improved transparency, and enhanced technical and organisational safeguards. SBM Bank has materially strengthened its compliance posture and now demonstrates comparatively high privacy maturity within the sector. Sustaining this position will require continuous monitoring, staff awareness, and ongoing alignment with regulatory developments.
Bank of Baroda shows slight regression, decreasing marginally from 32% in 2024 to 31% in 2025. While the change is small, it suggests challenges in maintaining or evolving existing privacy controls. The persistently low score indicates that privacy practices remain underdeveloped relative to sector peers. Bank of Baroda faces elevated compliance and operational risk. Targeted intervention is needed to strengthen governance, improve security measures, and formalise privacy management processes to achieve baseline compliance and reduce exposure.
Last year's analysis focused on Swanlife's stable performance and limited improvement between 2023 and 2024. The 2025 data confirms this assessment while also demonstrating that Swanlife has since made measurable progress. The inclusion of other institutions highlights a broader sectoral picture, with SBM Bank showing that significant advancement is achievable, while Absa Bank Mauritius and Bank of Baroda illustrate the risks of stagnation or regression.
The Mauritius financial services sector exhibits uneven privacy maturity, ranging from strong improvement to stagnation and slight decline. SBM Bank (Mauritius) Limited emerges as the sector leader in advancing compliance with data protection laws, while Swanlife shows positive momentum. Absa Bank Mauritius and Bank of Baroda face ongoing compliance risks due to static or declining performance. To ensure sustainable compliance and maintain customer trust, financial institutions must move beyond maintaining baseline controls and embed robust governance, advanced security safeguards, and privacy-by-design principles across all operations.
Performance Trends for Assessed Banks over the Years (2023-2025) in Zimbabwe
The performance of CBZ Bank, Empower Bank, and Stanbic Bank Zimbabwe over the assessment period highlights differing levels of privacy maturity and varying trajectories in strengthening compliance with data protection and privacy requirements. Given the sensitivity of financial and identity data processed by banks, these trends are strong indicators of regulatory readiness and operational resilience.
CBZ Bank demonstrates sustained and significant improvement across the period. After recording a low baseline of 14.51% in 2023, the bank increased sharply to 55% in 2024 and further improved to 57% in 2025. Last year's analysis correctly identified the 2024 result as a substantial leap in privacy and data protection maturity. The 2025 data confirms that these gains have been maintained and marginally strengthened. This trajectory suggests that CBZ Bank has moved beyond one-off remediation and is beginning to embed privacy governance, accountability mechanisms, and stronger security controls into its operations. CBZ Bank has materially reduced its compliance risk and now demonstrates moderate to strong alignment with data protection laws. Continued investment in governance oversight, privacy by design, and regular compliance assurance will be necessary to sustain and further enhance this position.
Empower Bank shows mixed performance. The bank improved significantly from 6.41% in 2023 to 34% in 2024, reflecting initial efforts to address major privacy and compliance gaps. However, the score declined slightly to 32% in 2025, indicating challenges in sustaining momentum or institutionalising controls. Last year's analysis noted progress but emphasised the bank's low overall maturity. The 2025 results reinforce this assessment, suggesting that improvements may have been reactive rather than fully embedded. Empower Bank remains exposed to elevated compliance and operational risk. To progress meaningfully, the bank must strengthen governance structures, formalise accountability, and invest in consistent application and monitoring of privacy and security controls across its operations.
Stanbic Bank Zimbabwe demonstrates strong and consistent improvement, increasing from 39% in 2024 to 51% in 2025 (with no 2023 data available). The upward trend suggests focused efforts to enhance privacy governance, security safeguards, and compliance practices. The scale of improvement indicates movement toward a more mature and structured privacy framework, though further advancement is needed to reach higher benchmarks. Stanbic Bank Zimbabwe has reduced its compliance risk and is progressing toward stronger privacy maturity. Continued emphasis on privacy by design, staff awareness, and ongoing compliance monitoring will be essential to sustain this positive trajectory.
Last year's analysis highlighted CBZ Bank's dramatic improvement and Empower Bank's initial progress from a very low baseline. The 2025 data confirms CBZ Bank's continued upward trajectory and reveals sustainability challenges for Empower Bank. The inclusion of Stanbic Bank Zimbabwe provides additional context, demonstrating that consistent and structured improvement is achievable within the sector. Overall, the trends show meaningful but uneven progress in compliance with data protection laws and privacy practices. CBZ Bank emerges as the strongest performer with sustained improvement, while Stanbic Bank Zimbabwe shows solid upward momentum. Empower Bank, despite initial gains, remains at an early stage of privacy maturity and faces continued compliance risk. To ensure sustainable compliance and maintain customer trust, banks must move beyond reactive remediation and embed strong governance, robust security controls, and privacy-by-design principles across all operations.
Performance Trends for Assessed Banks over the Years (2022-2025) in Kenya
The performance of KCB Bank, Equity Bank, Stima Sacco, and Absa Kenya over the past few years demonstrates a mix of improvement, recovery, and short-term fluctuations, reflecting differing levels of maturity in data protection practices and compliance with privacy regulations.
KCB Bank's score improved to 55% in 2025, up from 44% in 2024 and 49% in 2022, reflecting a significant recovery from the slight dip observed in 2024. Last year's analysis highlighted a minor decline and the need for stronger consistency in privacy measures. The 2025 results show that the bank has strengthened its data protection frameworks, implemented more robust controls, and responded effectively to regulatory and operational gaps. KCB Bank is demonstrating a clear commitment to safeguarding customer data and aligning with data protection laws. To maintain this momentum, the bank should continue enhancing governance, monitoring compliance, and integrating privacy-by-design into digital services.
Equity Bank scored 47% in 2025, a decrease from 52% in 2024, but still above 35.5% in 2023, indicating that while the bank has faced a slight short-term decline, it remains on an upward trajectory compared to historical performance. Last year, the bank was recognized for significant improvement in privacy practices. Equity Bank's slight dip may reflect transitional challenges in implementing new privacy frameworks or addressing emerging regulatory requirements. The bank should focus on consolidating gains, reinforcing compliance protocols, and ensuring continuous monitoring of data protection practices to prevent future declines.
Stima Sacco recorded 50% in 2025, improving from 46% in 2024 and 28% in 2023. This reflects a sustained upward trend in enhancing privacy compliance. Last year's analysis highlighted meaningful improvements, and the current data confirms continued progress. Stima Sacco's consistent improvement demonstrates a growing institutional commitment to data protection. Continued investments in staff training, security infrastructure, and regular privacy audits will be critical for sustaining and further advancing its compliance maturity.
Absa Kenya shows a strong upward trend, moving from 46% in 2024 to 57% in 2025, recovering from historical fluctuations and aligning closely with top-performing peers. This is the first year Absa Kenya is included in this dataset, providing a benchmark for privacy maturity in the sector. The notable improvement indicates that Absa Kenya has made significant strides in addressing gaps in its privacy frameworks, implementing stronger security measures, and complying with regulatory requirements. Maintaining this trajectory will require ongoing monitoring, governance, and integration of data protection into business processes.
Overall, the data shows that all four institutions are improving or recovering from previous declines, with varying rates of progress. KCB Bank demonstrates strong recovery and increasing compliance maturity. Equity Bank shows a slight short-term decline but overall better performance than historical results. Stima Sacco reflects sustained and steady improvement. Absa Kenya demonstrates rapid and significant improvement, showing strong commitment to privacy practices.
The overall trend in the sector suggests growing awareness of data protection obligations and an increasing alignment with privacy regulations. Institutions that maintain and enhance governance frameworks, invest in security infrastructure, and adopt privacy-by-design principles will likely see continued improvements, reducing regulatory risk and increasing customer trust.
Performance Trends for Assessed Banks over the Years (2022-2025) in Uganda
The performance of Stanbic Bank, Absa Bank, Pride Microfinance, and Centenary Bank from Uganda over the assessment period reflects varying levels of privacy maturity and differing abilities to sustain compliance with data protection laws. The data shows a mix of long-term improvement, short-term volatility, and stabilisation at moderate levels of maturity, with direct implications for regulatory exposure and customer trust.
Stanbic Bank demonstrates a clear and sustained upward trajectory. After recording 41.56% in 2023, the bank improved to 53% in 2024 and further to 58% in 2025. Although performance declined from 50% in 2022 to 41.56% in 2023, the subsequent recovery confirms that the bank has taken deliberate steps to strengthen its privacy and data protection practices. Last year's analysis identified Stanbic Bank as improving but still consolidating its gains. The 2025 results confirm that these improvements have been sustained and further embedded. Stanbic Bank has significantly reduced its compliance risk and is approaching a mature level of alignment with data protection requirements. Continued governance oversight, regular privacy risk assessments, and integration of privacy by design into digital banking initiatives will be critical to maintaining this trajectory.
Absa Bank's performance reflects long-term decline followed by stabilisation. After strong results in 2021 (60%) and 2022 (55.70%), the score declined to 46% in 2024 and further to 44% in 2025. Last year's analysis highlighted a drop from earlier high performance while noting that Absa Bank remained at a moderate level of compliance. The 2025 results confirm that while the decline has slowed, the bank has not yet regained its earlier level of privacy maturity. Absa Bank faces moderate compliance risk due to performance erosion over time. To reverse this trend, the bank should focus on refreshing governance frameworks, strengthening accountability, and ensuring that privacy controls evolve alongside digital transformation and regulatory change.
Pride Microfinance shows consistent improvement, rising from 32% in 2023 to 42% in 2024 and further to 53% in 2025. Last year's analysis correctly identified early progress, and the 2025 data confirms that this improvement has continued rather than plateaued. The steady upward trend suggests increasing institutional commitment to privacy governance and improved implementation of security and compliance measures. Pride Microfinance has materially reduced its compliance risk and is transitioning toward moderate-to-strong privacy maturity. Sustaining this progress will require continued investment in governance, staff awareness, and privacy-by-design practices, particularly as digital services expand.
Centenary Bank demonstrates high performance and stability. After a dramatic improvement from 0% in 2021 to 57% in 2024, the bank maintained this level in 2025. Last year's analysis highlighted Centenary Bank as the strongest improver, and the 2025 results confirm that these gains have been sustained. The ability to maintain performance at this level suggests that privacy and data protection controls are increasingly embedded into governance and operational processes. Centenary Bank currently demonstrates relatively strong alignment with data protection laws. Ongoing assurance, periodic reviews, and adaptation to regulatory developments will be essential to maintaining this position and avoiding regression.
Last year's analysis highlighted Centenary Bank's dramatic improvement, Stanbic Bank's upward momentum, Pride Microfinance's emerging progress, and Absa Bank's decline from earlier highs. The 2025 data validates these conclusions, showing that Centenary Bank has sustained its gains, Stanbic Bank has continued to improve, Pride Microfinance has strengthened its position, and Absa Bank has stabilised but not yet recovered its former performance. Overall, the banking and finance sector shows meaningful but uneven progress in compliance with data protection laws and privacy practices. Centenary Bank and Stanbic Bank demonstrate relatively strong and sustained performance, while Pride Microfinance shows encouraging upward momentum. Absa Bank, although still at a moderate level, faces a risk of long-term erosion if improvements are not prioritised. To ensure sustainable compliance and maintain customer trust, all institutions must continue embedding robust governance, strong security safeguards, and privacy-by-design principles across their operations.