AML compliance Kenya anti-money laundering requirements are established under the Proceeds of Crime and Anti-Money Laundering Act, 2009 (POCAMLA), which creates a comprehensive framework for detecting, preventing, and reporting money laundering obligations applicable to both financial institutions and a broad range of non-financial businesses in Kenya. While banks and financial institutions have long been subject to AML obligations, many non-financial businesses remain unaware that POCAMLA applies to them too, and the consequences of treating it as a “banks only” statute can include personal criminal exposure for the firm’s own principals, not just regulatory censure.
AML Compliance Kenya Anti-Money Laundering: Who Is a Reporting Institution?
POCAMLA’s scope extends well beyond banks. Reporting institutions include commercial banks, microfinance institutions, and money remittance providers; insurance companies and brokers; securities dealers and investment advisors; real estate agents; motor vehicle dealers above prescribed thresholds; accountants and auditors; trust and company service providers; and, explicitly, advocates, notaries, and other independent legal professionals who are sole practitioners, partners, or employees within professional firms. Law firms are designated non-financial businesses and professions (DNFBPs) under the Act’s own definitions, which means a law firm handling client funds, property transactions, or company formation work is a reporting institution in its own right, with the same monitoring and reporting obligations as a bank handling the equivalent transaction, not a lighter-touch obligation simply because the firm is not a financial institution. The Cabinet Secretary also has power, on the advice of the Financial Reporting Centre, to declare any other business or profession a reporting institution where a money laundering, terrorism financing, or proliferation financing risk is identified, so the list of covered sectors is not permanently fixed at whatever appears in the current schedule.
Customer Due Diligence
Reporting institutions must verify customer identity using reliable, independent documentation, a national ID or passport for individuals, a CR12 for companies, identify the beneficial owner of any legal entity the institution is dealing with, understand the nature and purpose of the business relationship, and conduct ongoing monitoring throughout that relationship rather than only at onboarding. Section 44 requires a reporting institution to monitor, on an ongoing basis, all complex, unusual, suspicious, or large transactions, whether completed or not, and to pay particular attention to unusual patterns of transactions and to insignificant but periodic transactions that have no apparent economic or lawful purpose. Enhanced due diligence, a materially higher standard of scrutiny and documentation, applies to politically exposed persons, transactions or relationships connected to high-risk jurisdictions, and complex or unusually large transactions that do not fit the customer’s known profile.
Record Keeping
POCAMLA requires records of all transactions and customer due diligence information to be maintained for a substantial retention period after the end of the business relationship, widely applied in practice as not less than seven years, and to be made available for inspection by the Financial Reporting Centre on request. A reporting institution should treat this as a genuine operational requirement rather than a theoretical one: records that have been archived, migrated to a new system, or held by a former staff member’s personal files are not actually “available for inspection” in the way the Act requires, and an institution should be able to produce the underlying CDD documentation for any historical client relationship within that retention window without a scramble.
Suspicious Transaction Reporting
If a reporting institution knows, suspects, or has reasonable grounds to suspect that a transaction involves proceeds of crime or relates to money laundering or terrorism financing, it must file a Suspicious Transaction Report (STR) with the Financial Reporting Centre. This obligation applies regardless of the transaction amount; there is no minimum value below which a genuinely suspicious transaction can be ignored. Separately from STR obligations, more recent reforms have adjusted the cash transaction reporting and cross-border currency declaration thresholds under the Act’s schedules, so an institution relying on a remembered threshold figure from several years ago should confirm the currently gazetted figure rather than assume it has stayed constant.
Tipping Off
Under Section 8, a person who knows or ought reasonably to have known that an STR is being prepared, has been sent, or is about to be sent to the Financial Reporting Centre, and who discloses that fact or related information to another person, commits a separate criminal offence, the “tipping off” prohibition. It is a defence to prove the person did not know and had no reasonable grounds to suspect the disclosure was likely to prejudice the report, but the prohibition is broad enough to cover not just direct confirmation to the client but indirect disclosures that would allow the client to infer a report has been or is being made. A reporting institution’s internal STR escalation process should be designed so that knowledge of a filed or pending STR is held only by the staff who genuinely need it, precisely because the tipping off offence attaches personally to whoever makes the prohibited disclosure, not only to the institution.
AML Compliance Kenya Anti-Money Laundering: Internal Compliance Programme
Reporting institutions must establish written AML policies and procedures, appoint a compliance officer, often referred to in practice as a Money Laundering Reporting Officer (MLRO), conduct regular staff training on AML obligations, and maintain an independent audit of the compliance programme’s effectiveness. For a professional firm such as a law practice, the MLRO role carries personal responsibility for the firm’s STR filings and ongoing monitoring obligations, and should be assigned to someone with the standing and authority to actually escalate a suspicious matter internally, including against a more senior colleague or partner if necessary, rather than to whoever happens to have spare capacity. A compliance programme that exists as a written policy but has never been tested against a real internal training session or audit is exactly the kind of gap the Financial Reporting Centre’s own inspections are designed to find.
AML Compliance Kenya Anti-Money Laundering: Penalties and Enforcement
POCAMLA carries significant criminal penalties for both the substantive money laundering offence and for breaches of a reporting institution’s own compliance obligations, including failure to report and the tipping off offence discussed above. Beyond direct criminal liability, a reporting institution found in breach can face regulatory sanctions from its sector regulator in addition to any POCAMLA-specific penalty, meaning a law firm’s compliance failure, for example, can trigger both a Financial Reporting Centre response and a separate disciplinary referral through the Law Society of Kenya’s own regulatory channels. Directors, partners, and compliance officers should treat AML compliance as a standing governance item reviewed periodically, not a one-time policy adopted at the firm’s founding and never revisited as the business, its client base, and the regulatory thresholds themselves change over time.
Our Regulatory & Compliance practice advises on POCAMLA compliance programmes, DNFBP obligations for law firms and other professional service providers, MLRO appointment and training, and STR filing procedures. If your business needs to confirm whether it is a reporting institution, or needs its compliance programme reviewed against current Financial Reporting Centre expectations, we can help you close the gap before an inspection finds it first.
Need help with POCAMLA compliance? Contact Understanding AML compliance Kenya anti-money laundering requirements is critical for every business handling significant cash transactions, client funds, or high-value assets.Clay & Associates Advocates for a consultation. Book a Consultation
Related reading: Data Protection Act 2019 | FinTech Regulation in Kenya
For tailored legal advice on this matter, speak with our regulatory and compliance advisory services team at Clay & Associates Advocates. We advise businesses and individuals across Kenya on Regulatory and Compliance Advisory matters from our offices at Nextgen Mall, Nairobi.






