Ultimate Guide to AML Compliance in Kenya - All Businesses Need to Know

Anti-Money Laundering (AML) compliance has become a critical focus for businesses worldwide, and Kenya is no exception. As the East African financial hub, Kenya has been taking significant strides to combat money laundering and financial crimes, driven by both international standards and local regulations. It is estimated that Kenya lost more than $10.6 billion in illicit financial flows since 1970, highlighting the pressing need for robust AML measures.

In this comprehensive guide, we discussed the essentials of AML compliance in Kenya, exploring the legal framework, requirements, and best practices that all businesses need to follow. From understanding the key components of Know Your Customer (KYC) procedures to implementing effective transaction monitoring systems, this guide covers everything you need to ensure your business meets the stringent AML regulations.

What is AML Compliance?

Anti-Money Laundering (AML) compliance refers to the laws, regulations, and procedures aimed at preventing criminals from disguising illegally obtained funds as legitimate income. It's crucial because money laundering helps finance illegal activities like terrorism, drug trafficking, and corruption. In Kenya, AML compliance is governed by stringent laws and regulations to protect the economy from these threats.

AML laws and regulations in Kenya include the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) of 2009 and the Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, 2023. These laws set the framework for identifying, tracking, and reporting suspicious financial activities. The Central Bank of Kenya (CBK) oversees compliance in financial institutions like banks and forex bureaus.

Why AML Compliance is Crucial for Businesses in Kenya

Anti-Money Laundering (AML) compliance is not just a legal requirement in Kenya; it is fundamental for the economic stability and reputation of businesses operating within the country. The enforcement of AML regulations plays a vital role in ensuring that the financial system is not exploited by criminals, which in turn supports a healthy economic environment.

Impact of Money Laundering on the Economy

Money laundering has severe repercussions on the economy. It allows illicit funds to enter and circulate within the financial system, leading to market instability and distorted economic data. This illegal activity can result in reduced foreign investment, as investors are cautious about entering markets with high levels of money laundering. Furthermore, money laundering often funds additional criminal activities, thereby increasing overall crime rates. It also involves significant tax evasion, depriving the government of essential revenue needed for public services.

Legal and Financial Repercussions for Non-Compliance

Failing to comply with AML regulations can lead to severe consequences for businesses. Non-compliant businesses face hefty fines and penalties that can reach millions of Kenyan shillings under the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA). Legal actions can also be taken against businesses and their executives, including imprisonment. Additionally, non-compliance can result in operational disruptions, such as the suspension of operations or revocation of business licenses by authorities.

Enhancing Business Reputation and Trust

AML compliance significantly enhances a business's reputation and builds trust with stakeholders. Customers tend to trust and prefer businesses that adhere to ethical practices and comply with legal requirements. This compliance also facilitates the formation of business partnerships with other companies that prioritise legal and ethical standards. Moreover, maintaining a reputation for integrity can elevate a company's standing in the marketplace, giving it a competitive edge.

Ensuring Alignment with Global AML Standards

Aligning with global AML standards is crucial for Kenyan businesses, as it facilitates smoother international trade and access to global markets. Businesses that comply with international AML standards are more likely to be trusted and accepted by foreign partners. Adherence to these standards also reduces the risk of involvement in illegal activities, thereby protecting businesses from potential legal troubles and enhancing their operational stability.

Overview of the Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, 2023

The Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, 2023 came into effect on September 15, 2023. It amends various existing laws to enhance Kenya's ability to combat money laundering and terrorism financing. The Act introduces new definitions and mandates new compliance obligations for companies, branches, limited liability partnerships (LLPs), and foreign LLPs operating in the country.

Businesses across Kenya find themselves at a critical juncture; as the Central Bank cracks down on AML compliance, they must ensure they adhere to the highest safety and compliance standards. While the Central Bank of Kenya released a guideline note in 2013, we wanted to highlight some key requirements Kenyan and foreign businesses operating in Kenya must abide by. 

Key Changes Introduced by the New Law

a. Beneficial Ownership Disclosures: 

The Act mandates comprehensive disclosure of beneficial ownership for all local and foreign companies and LLPs. This ensures that the actual individuals who control or benefit from these entities are known and accountable.

Businesses must now:

• Maintain Registers: Keep registers of beneficial owners, nominee directors (for companies), and nominee partners (for LLPs).
• Lodge Copies with Registrar: Submit these registers to the Registrar as part of preregistration documentation.
• Update Information: Report any changes to the Registrar within 14 days. Maintain records of former beneficial owners for at least 10 years.

Failure to comply with these disclosure requirements can lead to the company or LLP being struck off the register by the Registrar and expose entities to administrative penalties.

b. Local Representation: 

Companies with a paid-up capital of less than KES 5,000,000 must appoint a resident director or company secretary, or designate a contact person with permanent residence in Kenya.

For enhanced oversight, the Act requires:

• Appointment of Local Representatives: Companies with less than KES 5,000,000 in paid-up capital must appoint a company secretary, resident director, or contact person.
• Existing Companies' Compliance: Existing companies must submit a notice of appointment within 60 days of the Act's enactment (by November 15, 2023).

Non-compliance may result in operational disruptions or legal consequences.

c. Foreign LLP Registration: 

Foreign LLPs must register under the Limited Liability Partnerships Act and establish a local registered office in Kenya. They must also appoint at least one local representative who resides permanently in Kenya or is a Kenyan citizen.

Foreign LLPs looking to operate in Kenya need to:

• Register Under Local Law: Register under the Limited Liability Partnerships Act.
• Establish Local Office: Set up a local registered office in Kenya.
• Appoint Local Representatives: Designate at least one local representative who resides permanently in Kenya or is a Kenyan citizen.

These obligations ensure that foreign LLPs are accountable and transparent in their operations within Kenya. 

Which Kenyan companies are required to comply with POCAMLA?

The Central Bank of Kenya supervises and enforces compliance with the POCAMLA. Under its purview, the Kenyan institutions tasked with ensuring compliance include:

• Commercial Banks
• Mortgage Finance Companies
• Microfinance Banks
• Money Remittance Providers
• Foreign Exchange Bureaus
• Digital Credit Providers
• Payments Service Providers
• Mortgage refinance companies

The cornerstone of CBK AML-compliance: Risk assessment

A key pillar of the POCAMLA requirements is conducting an AML risk assessment. This formal written assessment identifies all possible risks associated with money laundering and potential ways to manage these risks. This document must be updated every two years or when changes are made to the guidelines.

According to CBK/PG/08 Clause 5.15, the development of an AML risk assessment framework must involve the following steps:

• First, identify and assess the money laundering and terrorism financing risks that may be associated with your institution’s unique combination of products and services, customers, geographic locations, and delivery channels.
• Conduct a detailed analysis of all available data to assess the level of risk within each high-risk category.
• Determine whether your organisation’s AML compliance programme is adequate and provides the necessary controls to mitigate identified risks.  

Building an effective AML/CFT compliance programme is key to a seamless risk assessment process, as all the shortfalls found will need to be addressed to remain compliant. 

Reporting your risk assessment results 

The Central Bank of Kenya requires banks and financial institutions to share the risk assessment results with senior management, the board, all business units, and the control functions within the organisation. The report should also clearly outline recommended actions for the institution.
CBK also mandates organisations, on an annual basis, to provide a report detailing their most recent risk assessment results. These updates are due by December 31st of each year. 

The roles that each member of your organisation plays in preventing money laundering

According to the Guidance Note on AML/CTF Risk Assessment published by the Central Bank of Kenya, there are different roles employees and stakeholders across your organisation must play to ensure compliance.

Your AML Compliance Officer’s job:
According to the Central Bank of Kenya, financial institutions must appoint a Money Laundering Reporting Officer (MLRO), the main point of contact with the CBK for anti-money laundering and counter-terrorism financing purposes.

The MLRO's responsibilities for the risk assessment process include:

1. Coordinating the risk assessment process
2. Collecting and verifying other departments' input, data, and comments.
3. Analysing data to understand identified risks
4. Determining residual risks for different categories
5. Establishing the organisation’s overall money laundering and terrorism financing risk profile
6. Preparing reports for senior management and the board

Your senior management’s job:
Senior management ensures that the organisation’s everyday activities align with the board-approved strategy, risk tolerance, and policies.

To do this effectively, the CBK recommends that they:

1. Identify risks related to products, services, clients, geography, etc.
2. Implement the board-approved risk assessment framework.
3. Continuously improve data collection and analysis for the assessment.
4. Provide regular reports based on the risk assessment.
5. Take actions to address identified gaps or deficiencies.
6. Clearly define duties and responsibilities for employees participating in the risk assessment process.
7. Share the results with relevant parties, including forwarding a copy of the risk assessment to the CBK.

Your Board of Directors job:

While your board members may not participate in day-to-day activities, they must understand the money laundering risks and vulnerabilities the organisation faces. They oversee to ensure that the organisation manages these risks based on severity.

The board also has some key responsibilities during the risk assessment process, including:

1. Developing a documented framework for the risk assessment
2. Reviewing the results of the risk assessment process
3. Understanding the institution's money laundering and terrorism financing risk profile
4. Allocating sufficient resources for the risk assessment process
5. Approving strategic decisions made by the management after the assessment

What documents are needed for KYC/KYB verification?

Know your customer (KYC) or know your business (KYB) verification is a required practice to comply with most AML policies, and the CBK is no different. These checks typically require specific documents to verify the identity of individuals or entities involved in financial transactions in Kenya. 

Note that the documents needed may vary depending on the customer type and the transaction's nature. 
 

Required KYC documents for verification of an individual customer’s identity 
 

Required KYB documents for verification of a business identity 
 

NOTE: Additional documents may be required depending on the circumstances and risk assessment. These could include explanations of the transaction's nature, the funds' origin, and other relevant information.

How to Implement an Effective AML Compliance Program

To ensure your business complies with the new AML laws in Kenya, developing a comprehensive AML compliance program is crucial. Here’s how to do it effectively:

1. Assess Risks 

Begin by identifying and assessing the money laundering and terrorism financing risks specific to your business. This step involves understanding your customer base, the types of transactions you handle, and the geographical areas in which you operate.

2. Develop Policies and Procedures: 

Create detailed policies and procedures tailored to your identified risks. These should cover customer due diligence (CDD), transaction monitoring, and reporting suspicious activities.

3. Implement Internal Controls: 

Establish internal controls to ensure compliance with your AML policies. This includes regular audits, checks, and balances to detect and prevent money laundering activities.

4. Designate a Compliance Officer: 

Appoint a dedicated AML compliance officer responsible for overseeing the program, ensuring adherence to laws, and acting as a point of contact for regulatory bodies.

5. Regular Reviews and Updates: 

Continuously review and update your AML program to address new risks and comply with changing regulations.

An automated KYC solution can help you easily meet the CBK’s requirements 

Combine automated KYC, KYB, and AML checks to meet the Central Bank of Kenya requirements on a single platform. With a Smile ID integration, you can verify the required identity document and screen users against over 1100 global and African sanctions, PEP, and adverse media watchlists in a few simple steps.

Step 1: Collect identification details - You will need an ID number and the user's nationality to complete the KYC and AML checks. You only need a business registration to look up businesses on the official government registry for business verification.

Step 2: Capture images of required documents - Our image capture guides users to take clear photos even with older devices. Support a seamless flow on software versions as low as Android 4.4.

Step 3: Get real-time results - Our systems return identity verification results in an average of 2 seconds, so you will immediately get an idea of the risk profile of the user onboarding and make decisions on how to proceed. 

Smile ID solutions are designed to provide you with comprehensive AML and KYC coverage in 54+ countries across Africa. Our APIs and SDKs are designed for easy integration with and interaction with your existing infrastructure. Book a free demo today to learn more.