Financial Crime World

CBK’s New Regulations: Kenyan Companies Brace for Tighter Know Your Customer (KYC) Compliance

As the cryptocurrency market in Kenya thrives, local authorities have grown increasingly concerned about money laundering and terrorist financing risks in the finance sector. The Central Bank of Kenya (CBK) has introduced new regulatory updates to combat these threats.

New Regulations for Kenyan and Foreign Businesses

CBK Governor Kamau Thugge has called for stronger international regulations and urged local businesses to exercise caution 1. Simultaneously, the Central Bank has introduced new regulatory changes under the Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, effective from September 29th, 2023.

  • Private firms with a paid-up capital below KES 5,000,000 must now appoint a local director who is a resident of Kenya.
  • All Kenyan and foreign businesses operating in the country must adhere to the highest safety and compliance standards regarding Anti-Money Laundering and Counter-Terrorism Financing (AML-CTF) requirements 2.

Institutions Under CBK’s Jurisdiction

The Central Bank of Kenya supervises and enforces compliance with the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA). Institutions under its jurisdiction include:

  • Commercial Banks
  • Mortgage Finance Companies
  • Microfinance Banks
  • Money Remittance Providers
  • Foreign Exchange Bureaus
  • Digital Credit Providers
  • Payments Service Providers
  • Mortgage refinance companies

Risk Assessment Framework

A crucial component of POCAMLA requirements is the AML risk assessment—a written document identifying potential risks associated with money laundering and terrorism financing and proposing strategies to manage those risks. Updates to this document are mandatory every two years or when guidelines change.

Steps for a Robust Risk Assessment Framework

  1. Identify and assess the money laundering and terrorism financing risks associated with the institution’s products, services, customers, geographic locations, and delivery channels.
  2. Conduct a detailed analysis of all available data to evaluate the risk level in each category.
  3. Determine whether the organization’s current AML compliance programme is sufficient to mitigate identified risks.

Reporting Results

Upon completion of a risk assessment, financial institutions must share the results with their senior management, the board, all business units, and control functions. An annual report detailing the most recent risk assessment findings and recommended actions must also be provided to the Central Bank of Kenya.

Employee Roles

The Central Bank of Kenya’s Guidance Note on AML/CTF Risk Assessment outlines several roles and responsibilities for employees and stakeholders within an organization regarding ensuring AML/CTF compliance.

  • AML/CFT Compliance Officer (MLRO)
  • Senior management
  • Board of Directors

AML/CFT Compliance Officer

The primary point of contact for anti-money laundering and counter-terrorism financing matters coordinates the risk assessment process, evaluates data, determines residual risks, and prepares reports for senior management and the board.

Senior Management

They ensure the institution aligns with the board-approved strategy, risk tolerance, and policies and oversee the implementation of the risk assessment framework. They also improve data collection and analysis and provide regular reports based on the risk assessment.

Board of Directors

The Board oversees management of money laundering and terrorist financing risks based on severity and has key responsibilities during the risk assessment process, such as developing a documented framework for the risk assessment, reviewing results, understanding the risk profile, and approving strategic decisions made by management.

KYC/KYB Verification

Know Your Customer (KYC) or Know Your Business (KYB) verification is necessary to comply with most AML policies, including those in Kenya. The following documents are typically required for KYC verification of an individual customer:

  • Acceptable proof of identity (National identification card, passport, driver’s license)

Meanwhile, the following documents are necessary for KYB verification of a business identity in Kenya:

  • Acceptable proof of identity (Certificate of incorporation, memorandum and articles of association, registration with relevant authorities, proof of address)

An automated KYC solution such as Smile ID can simplify the verification process by combining KYC, KYB, and AML checks on a single platform.

  1. Kenya’s Central Bank Warns Over Crypto Risks (BBC News, 2023) ↩︎

  2. Central Bank of Kenya Imposes Stricter Compliance Obligations on Local Businesses (Capital FM, 2023) ↩︎