Section Home

Home	Hidden
Home	2

Name

Global FinTech Guide

Country _ Name

Kenya

SectionTitle

KYC requirements

Body

The know your customer or know your client (KYC) guidelines and regulations for financial services require that professionals try to verify the identity, suitability, and risks involved with maintaining a business relationship.

Legal affairs

National regulatory framework regarding AML and effective date of the regulations

Kenya’s national regulatory framework for Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements is governed by the Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, 2023, which was assented to on September 1, 2023, and came into effect on September 15, 2023. This Act introduced significant enhancements, including expanded beneficial ownership disclosure requirements for all companies and limited liability partnerships, with compliance deadlines set for November 15, 2023. It also strengthened customer due diligence obligations, mandating thorough verification of client identities and business relationships. Additionally, entities must maintain financial transaction records for at least ten years. The law imposes stricter penalties for non-compliance, aligning Kenya’s AML and KYC standards with international best practices to improve transparency and combat illicit financial activities.

National regulator or relevant authority for AML controls

Kenya's national regulatory framework for Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance is primarily overseen by the Financial Reporting Centre (FRC), established under the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) of 2009. The FRC serves as the country's Financial Intelligence Unit, responsible for receiving, analyzing, and disseminating financial intelligence to combat money laundering and terrorist financing. Additionally, the Central Bank of Kenya (CBK) plays a crucial role in regulating and supervising financial institutions, ensuring they adhere to AML and KYC regulations. Other sector-specific regulators include the **Capital Markets Authority (CMA) for the securities market and the Insurance Regulatory Authority (IRA) for the insurance sector. These agencies collaborate to enforce compliance and maintain the integrity of Kenya's financial system.

Customer Due Diligence

Conduct of a typical KYC identification process

In Kenya, the typical Know Your Customer (KYC) identification process involves several key steps designed to verify the identity and assess the risk profile of clients. Initially, financial institutions or service providers collect basic personal information such as full name, date of birth, nationality, and physical address. This is followed by verification using valid government-issued identification documents like the national ID card, passport, or driving license. For individuals, biometric data such as fingerprints or facial recognition may also be captured, especially with advancements in digital onboarding.

Institutions then conduct risk assessments based on the client’s background, source of funds, and nature of the business relationship. Enhanced due diligence applies for high-risk customers, such as politically exposed persons (PEPs) or those from high-risk jurisdictions. The process includes ongoing monitoring of transactions to detect suspicious activities. Throughout, compliance with Kenya’s AML laws and the Data Protection Act ensures client data is securely handled and privacy is maintained.

Possibility to meet customer due diligence requirements by relying on third parties who are obliged by law themselves to comply with AML regulations

In Kenya, financial institutions and FinTechs can meet customer due diligence (CDD) requirements by relying on third parties, provided those third parties are legally obligated to comply with AML regulations themselves. This means that if a trusted intermediary—such as a regulated bank, insurance company, or licensed financial service provider—has already conducted proper KYC and AML checks, another institution may rely on their verification to satisfy its own CDD obligations. However, the relying institution remains ultimately responsible for ensuring the third party’s compliance and must conduct ongoing monitoring. This approach helps reduce duplication, improve efficiency, and align with international AML best practices.

Possibility to outsource customer due diligence by contract to other third parties who are not obliged by law to meet AML regulations and rely on these (e.g., WebID, IDnow, PostIdent)

Outsourcing customer due diligence (CDD) to third parties not legally obligated to comply with AML regulations, such as identity verification service providers like WebID, IDnow, or PostIdent, is a nuanced issue in Kenya. While these vendors offer advanced technological solutions for KYC processes, financial institutions remain fully responsible for regulatory compliance under Kenyan AML laws. Therefore, outsourcing is permitted only if the outsourcing institution performs thorough due diligence on the service provider, ensures contractual obligations for AML compliance, and maintains oversight of the process. Institutions must verify that these providers meet Kenya’s legal standards, implement robust data protection measures, and allow for audit and monitoring to mitigate compliance risks effectively. Ultimately, regulatory authorities expect the primary institution to retain full accountability regardless of outsourcing arrangements.

Presence of a license or registration requirement for the third party in case of outsourcing customer due diligence

In Kenya, when a financial institution (referred to as a "reporting institution") considers outsourcing customer due diligence (CDD) functions to third parties, the Proceeds of Crime and Anti-Money Laundering Regulations, 2023, stipulate specific conditions. These regulations permit such outsourcing only if the third party is regulated, supervised, or monitored by a competent authority and has established measures for compliance with CDD and record-keeping requirements in line with the Act and these Regulations. Therefore, while the third party does not necessarily need to be licensed in Kenya, they must be subject to equivalent regulatory oversight in their jurisdiction. The ultimate responsibility for ensuring compliance with CDD measures remains with the reporting institution, even when outsourcing these functions.

Further questions

Entities that could be relied on specifically by law as a third party to comply with AML regulations (regardless of outsourcing)

	credit institutions
	financial institutions
	auditors, external accountants, and tax advisors
	notaries and other independent legal professionals
	other trust or company service providers
	estate agents
	other persons trading high-value goods
	providers of gambling services

BackToCountry	Hidden	Hidden
Back to country	Kenya	2

Switch country

Global overview

Authors

Name	Organisation	Email	Hidden	Hidden
Virginiah Gichuhi	Wamae & Allen LLP	[email protected]	0	4288

Choose country

	Hidden	Hidden
Albania	167	2
Argentina	512	2
Australia	182	2
Austria	677	2
Bolivia	1012	2
Bosnia and Herzegovina	197	2
Bulgaria	980	2
Canada	152	2
Chile	242	2
China	257	2
Colombia	272	2
Costa Rica	287	2
Croatia	302	2
Czech Republic	812	2
Dominican Republic	824	2
Finland	921	2
France	722	2
Germany	137	2
Hong Kong	737	2
Hungary	347	2
Ireland	692	2
Italy	332	2
Japan	850	2
Kenya	998	2
Korea, Republic of	362	2
Malaysia	662	2
Mexico	632	2
Montenegro	377	2
New Zealand	392	2
Nigeria	904	2
North Macedonia	437	2
Peru	422	2
Philippines	407	2
Poland	482	2
Portugal	497	2
Romania	797	2
Russia	912	2
Saudi Arabia	881	2
Serbia	467	2
Singapore	945	2
Slovenia	527	2
Spain	542	2
Switzerland	707	2
Thailand	557	2
Turkey	752	2
United Kingdom	782	2
United Rep of Tanzania	767	2
United States	587	2
Vietnam	962	2