Skip to content
Log InGet Started
AML22 Nov 2023

The Central Bank of Kenya Guidelines on Anti-Money Laundering and How to Meet Them

Megan Keirstead

Product Marketing Manager

Against the backdrop of Kenya's growing cryptocurrency market, many Kenyan officials have noted increased risk of money laundering and terrorism financing across its finance sector. Central Bank Governor Kamau Thugge has called for international regulations to address these emerging threats and urges the local business community to be cautious.

Concurrently, the CBK has released recent regulatory updates to combat money laundering and terrorist financing. The Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, 2023, implemented on September 29th, has heightened compliance obligations. Notably, private companies with a paid-up capital below KES 5,000,000 must now appoint a local director who is a resident of Kenya.

Businesses across Kenya find themselves at a critical juncture; as the Central Bank cracks down on AML compliance, they must ensure they adhere to the highest safety and compliance standards. While the Central Bank of Kenya released a guideline note in 2013, we wanted to highlight some key requirements Kenyan and foreign businesses operating in Kenya must abide by.  

Which Kenyan companies are required to comply with POCAMLA?

The Central Bank of Kenya supervises and enforces compliance with the POCAMLA. Under its purview, the Kenyan institutions tasked with ensuring compliance include:

  • Commercial Banks
  • Mortgage Finance Companies
  • Microfinance Banks
  • Money Remittance Providers
  • Foreign Exchange Bureaus
  • Digital Credit Providers
  • Payments Service Providers
  • Mortgage refinance companies

The cornerstone of CBK AML-compliance: Risk assessment

A key pillar of the POCAMLA requirements is conducting an AML risk assessment. This formal written assessment identifies all possible risks associated with money laundering and potential ways to manage these risks. This document must be updated every two years or when changes are made to the guidelines.

According to CBK/PG/08 Clause 5.15, the development of an AML risk assessment framework must involve the following steps:

  • First, identify and assess the money laundering and terrorism financing risks that may be associated with your institution’s unique combination of products and services, customers, geographic locations, and delivery channels.
  • Conduct a detailed analysis of all available data to assess the level of risk within each high-risk category.
  • Determine whether your organisation’s AML compliance programme is adequate and provides the necessary controls to mitigate identified risks.  

Building an effective AML/CFT compliance programme is key to a seamless risk assessment process, as all the shortfalls found will need to be addressed to remain compliant. 

Reporting your risk assessment results 

The Central Bank of Kenya requires banks and financial institutions to share the risk assessment results with senior management, the board, all business units, and the control functions within the organisation. The report should also clearly outline recommended actions for the institution.
CBK also mandates organisations, on an annual basis, to provide a report detailing their most recent risk assessment results. These updates are due by December 31st of each year. 

The roles that each member of your organisation plays in preventing money laundering

According to the Guidance Note on AML/CTF Risk Assessment published by the Central Bank of Kenya, there are different roles employees and stakeholders across your organisation must play to ensure compliance.

Your AML Compliance Officer’s job:
According to the Central Bank of Kenya, financial institutions must appoint a Money Laundering Reporting Officer (MLRO), the main point of contact with the CBK for anti-money laundering and counter-terrorism financing purposes.

The MLRO's responsibilities for the risk assessment process include:

  1. Coordinating the risk assessment process
  2. Collecting and verifying other departments' input, data, and comments.
  3. Analysing data to understand identified risks
  4. Determining residual risks for different categories
  5. Establishing the organisation’s overall money laundering and terrorism financing risk profile
  6. Preparing reports for senior management and the board

Your senior management’s job:
Senior management ensures that the organisation’s everyday activities align with the board-approved strategy, risk tolerance, and policies.

To do this effectively, the CBK recommends that they:

  1. Identify risks related to products, services, clients, geography, etc.
  2. Implement the board-approved risk assessment framework.
  3. Continuously improve data collection and analysis for the assessment.
  4. Provide regular reports based on the risk assessment.
  5. Take actions to address identified gaps or deficiencies.
  6. Clearly define duties and responsibilities for employees participating in the risk assessment process.
  7. Share the results with relevant parties, including forwarding a copy of the risk assessment to the CBK.

Your Board of Directors job:

While your board members may not participate in day-to-day activities, they must understand the money laundering risks and vulnerabilities the organisation faces. They oversee to ensure that the organisation manages these risks based on severity.

The board also has some key responsibilities during the risk assessment process, including:

  1. Developing a documented framework for the risk assessment
  2. Reviewing the results of the risk assessment process
  3. Understanding the institution's money laundering and terrorism financing risk profile
  4. Allocating sufficient resources for the risk assessment process
  5. Approving strategic decisions made by the management after the assessment

What documents are needed for KYC/KYB verification?

Know your customer (KYC) or know your business (KYB) verification is a required practice to comply with most AML policies, and the CBK is no different. These checks typically require specific documents to verify the identity of individuals or entities involved in financial transactions in Kenya. 

Note that the documents needed may vary depending on the customer type and the transaction's nature. 

Required KYC documents for verification of an individual customer’s identity 

Information to be VerifiedAcceptable Verification Documents 
Proof of Identity for Individual
  • National Identification Card (ID)
  • Passport
  • Driver's License

Required KYB documents for verification of a business identity 

Information to be VerifiedAcceptable Verification Documents
Proof of Identity for Legal Entities (Companies, Partnerships, etc.)
  • Certificate of Incorporation
  • Memorandum and Articles of Association
  • Registration with relevant regulatory authorities (e.g., Companies Registry)
Proof of Address
  • Utility bills (e.g., electricity, water, or gas bills) in the individual's or entity's name
  • Bank statements
  • Rental agreements or lease contracts
Tax Identification Number (TIN)Personal or company TIN certificate
Business Registration
  • Business registration documents/certificate
  • Business licences and permits
Source of Funds or Wealth Documentation
  • Bank statements to demonstrate the source of funds
  • Documentation of business income


NOTE: Additional documents may be required depending on the circumstances and risk assessment. These could include explanations of the transaction's nature, the funds' origin, and other relevant information.

An automated KYC solution can help you easily meet the CBK’s requirements 

Combine automated KYC, KYB, and AML checks to meet the Central Bank of Kenya requirements on a single platform. With a Smile ID integration, you can verify the required identity document and screen users against over 1100 global and African sanctions, PEP, and adverse media watchlists in a few simple steps.

Step 1: Collect identification details - You will need an ID number and the user's nationality to complete the KYC and AML checks. You only need a business registration to look up businesses on the official government registry for business verification.

Step 2: Capture images of required documents - Our image capture guides users to take clear photos even with older devices. Support a seamless flow on software versions as low as Android 4.4.

Step 3: Get real-time results - Our systems return identity verification results in an average of 2 seconds, so you will immediately get an idea of the risk profile of the user onboarding and make decisions on how to proceed. 

Smile ID solutions are designed to provide you with comprehensive AML and KYC coverage in 54+ countries across Africa. Our APIs and SDKs are designed for easy integration with and interaction with your existing infrastructure. Book a free demo today to learn more.


Ready to get started?

We are equipped to help you level up your KYC/AML compliance stack. Our team is ready to understand your needs, answer questions, and set up your account.