Anti-Money Laundering Policy (Kenya)
ANTI-MONEY LAUNDERING POLICY
Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 | Financial Reporting Centre Act No. 11 of 2012
Organisation: [Company Name] (BRS No: [BRS Number])
FRC Registration: [FRC Registration Number]
Registered Office: [Company Address]
Date Adopted: [Policy Date]
Next Review Date: [Next Review Date]
Money Laundering Reporting Officer (MLRO):
[MLRO Name], [MLRO Title] | [MLRO Email] | [MLRO Phone]
1. PURPOSE AND LEGAL FRAMEWORK
1.1 [Company Name] ("the Company") is committed to preventing its products, services, and business relationships from being used to launder money or finance terrorism, in compliance with the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA), the Financial Reporting Centre Act No. 11 of 2012, and the Financial Action Task Force (FATF) 40 Recommendations.
1.2 Money laundering is defined under Section 3 of the POCAMLA as the concealment, disguise, conversion, or transfer of proceeds of crime. Predicate offences include bribery under the Bribery Act No. 47 of 2016, tax evasion under the Income Tax Act (Cap. 470), fraud, drug trafficking under the Narcotic Drugs and Psychotropic Substances Act (Cap. 245), and terrorist financing under the Prevention of Terrorism Act No. 30 of 2012.
1.3 This Policy applies to all directors, employees, agents, and associated persons of the Company. The Company's designated Money Laundering Reporting Officer (MLRO) is [MLRO Name], [MLRO Title], contactable at [MLRO Email].
1.4 The Company is registered with the Financial Reporting Centre (FRC) under FRC Registration Number [FRC Registration Number] and fulfils its reporting obligations through the FRC's goAML portal.
2. CUSTOMER DUE DILIGENCE (CDD)
2.1 The Company shall conduct Customer Due Diligence (CDD) on every customer before establishing a business relationship or conducting a transaction, in accordance with the FRC CDD Guidelines issued under the POCAMLA.
2.2 Standard CDD for individual customers requires: full legal name; Kenya National Identity Card (NIC) number or passport number; KRA PIN; residential address verified by a utility bill, bank statement, or lease agreement dated within 3 months; and a source of funds declaration for transactions above [EDD Threshold].
2.3 Standard CDD for corporate customers requires: company name; Business Registration Service (BRS) registration number; KRA PIN; registered office address; list of directors; and a Beneficial Ownership Declaration identifying all natural persons with more than 10% ownership or control under the Companies (Beneficial Ownership Information) Regulations, 2020 made under Section 93A of the Companies Act No. 17 of 2015.
2.4 Enhanced Due Diligence (EDD) applies to: Politically Exposed Persons (PEPs) as defined under the Proceeds of Crime and Anti-Money Laundering (Amendment) Act No. 8 of 2017; customers from FATF high-risk or non-cooperative jurisdictions; customers whose transactions exceed [EDD Threshold]; and customers whose business profile is inconsistent with their transaction patterns. EDD requires senior management approval before establishing the business relationship.
2.5 The Company shall not establish or continue a business relationship with any person or entity who refuses to provide required CDD information, whose identity cannot be verified, or who appears on the United Nations Security Council sanctions list, the US OFAC list, or the FRC watch-list.
3. SUSPICIOUS TRANSACTION REPORTING (STR)
3.1 Any employee who suspects that a transaction — completed or attempted — involves money laundering, terrorist financing, or proceeds of crime must report their suspicion to the MLRO immediately using the Company's internal suspicious activity report form.
3.2 The MLRO shall review the internal report and determine whether to file an STR with the Financial Reporting Centre (FRC) through the goAML portal within 3 working days of the suspicion arising, as required by Section 12 of the POCAMLA.
3.3 Suspicious indicators include but are not limited to: transactions inconsistent with the customer's known business profile; structuring of transactions to avoid CTR thresholds; use of multiple accounts to layer funds; unexplained large cash deposits; transactions involving FATF high-risk jurisdictions; and reluctance to provide CDD documentation.
3.4 The MLRO shall maintain an internal STR log documenting all reports filed with the FRC and all reports considered but not filed, with documented reasons. The STR log is confidential and not accessible to line management.
3.5 Employees are strictly prohibited from tipping off any customer or third party that an STR has been filed or is under consideration, as required by Section 14 of the POCAMLA. Violation of the tipping-off prohibition is a criminal offence under the POCAMLA.
4. CASH TRANSACTION REPORTING (CTR)
4.1 The Company shall file a Cash Transaction Report (CTR) with the Financial Reporting Centre (FRC) for every cash transaction — or series of related cash transactions — in excess of [CTR Threshold] on a single business day, using the FRC's goAML portal.
4.2 Structuring — the deliberate splitting of transactions to avoid the CTR threshold — is a suspicious activity that must be reported as an STR under Section 12 of the POCAMLA, in addition to filing the CTR.
4.3 CTR reports must be filed within the timeframe prescribed by the FRC Guidelines. The MLRO is responsible for filing all CTRs and maintaining CTR records.
5. RECORD-KEEPING
5.1 The Company shall retain all CDD documents, transaction records, internal STR logs, filed STRs and CTRs, correspondence with the FRC, and staff training records for [Record Retention Period] years from the end of the business relationship or completion of the transaction, as required by Section 16 of the POCAMLA.
5.2 Records must be maintained in a format that is accessible and retrievable within a reasonable time for production to the Financial Reporting Centre (FRC), the Central Bank of Kenya (CBK), the Assets Recovery Agency (ARA), or law enforcement authorities on demand.
5.3 Electronic records must be backed up and protected against unauthorised access, consistent with the Data Protection Act No. 24 of 2019 and the policies of the Office of the Data Protection Commissioner (ODPC).
6. TRAINING, MONITORING AND REVIEW
6.1 All employees must complete mandatory AML training upon joining the Company and annually thereafter. Customer-facing staff, finance officers, and the MLRO must complete additional role-specific training covering identification of suspicious transactions, CDD procedures, and STR filing.
6.2 The MLRO shall conduct an annual AML risk assessment of the Company's business activities, customer base, and geographic exposure, and present the assessment to the Board of Directors or the Audit and Risk Committee.
6.3 This Policy shall be reviewed annually by the Board or the Audit and Risk Committee. The next scheduled review is [Next Review Date]. Updated versions will be communicated to all employees and relevant third parties promptly.
ADOPTED BY THE BOARD OF DIRECTORS OF [Company Name] on [Policy Date].
Director / Authorised Signatory
________________
Signature
Money Laundering Reporting Officer (MLRO)
________________
Signature
What Is a Anti-Money Laundering Policy (Kenya)?
An Anti-Money Laundering Policy in Kenya records the organisation's binding rules on the matter it addresses.
The Financial Reporting Centre (FRC), established under Section 21 of the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 and reinforced by the Financial Reporting Centre Act No. 11 of 2012, is Kenya's primary financial intelligence unit. The FRC collects, analyses, and disseminates financial intelligence from reporting institutions to law enforcement agencies including the Directorate of Criminal Investigations (DCI), the Assets Recovery Agency (ARA), and the Ethics and Anti-Corruption Commission (EACC). The FRC is a member of the Egmont Group of Financial Intelligence Units and coordinates with the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG).
Section 9 of the POCAMLA designates certain entities as reporting institutions — entities that are obligated under Kenyan law to adopt and implement AML compliance programmes. Reporting institutions include: commercial banks and microfinance institutions licensed by the Central Bank of Kenya (CBK) under the Banking Act (Cap. 488); insurance companies regulated by the Insurance Regulatory Authority (IRA) under the Insurance Act (Cap. 487); capital markets intermediaries supervised by the Capital Markets Authority (CMA) under the Capital Markets Act (Cap. 485A); advocates and notaries in the conduct of financial or real estate transactions; accountants and auditors; real estate agents and developers; money remittance and payment service providers; and dealers in high-value goods (precious stones, metals, and luxury vehicles). Non-reporting institution companies that operate in high-risk sectors or that are required by their investors, counterparties, or regulators to maintain AML programmes also adopt AML policies as a matter of commercial practice.
Kenya was placed under enhanced follow-up by the Financial Action Task Force (FATF) — the international AML standard-setter — in October 2022, following its Mutual Evaluation Report which identified significant weaknesses in Kenya's AML/CFT framework. As a condition of being removed from enhanced follow-up, Kenya committed to: increasing the number of reporting institutions with effective AML programmes; improving the quality of Suspicious Transaction Reports (STRs) filed with the FRC; and strengthening beneficial ownership transparency through the Business Registration Service (BRS). These commitments directly increase the regulatory pressure on Kenyan businesses to adopt formal AML policies.
The Proceeds of Crime and Anti-Money Laundering (Amendment) Act No. 8 of 2017 significantly expanded the POCAMLA's scope — extending the definition of reporting institution, strengthening the FRC's supervisory powers, and increasing penalties for non-compliance. The Prevention of Terrorism Act No. 30 of 2012 and the Prevention of Organised Crimes Act No. 6 of 2010 add further obligations on organisations to detect and report terrorist financing and organised crime proceeds, both of which are treated as AML predicate offences under POCAMLA.
The Kenya Revenue Authority (KRA) is active in the AML ecosystem: tax evasion is a predicate offence under POCAMLA, and the KRA's intelligence unit shares information with the FRC under a Memorandum of Understanding. Companies that receive large unexplained cash deposits, engage in unusual cross-border transactions, or deal with counterparties in high-risk jurisdictions (as listed by the FATF or the FRC's own watch-list) face elevated AML scrutiny from both the FRC and the KRA.
When Do You Need a Anti-Money Laundering Policy (Kenya)?
An Anti-Money Laundering Policy in Kenya is required — or strongly advisable — in the following specific circumstances.
An Anti-Money Laundering Policy is required by law for every entity designated as a reporting institution under Section 9 of the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA). Reporting institutions must register with the Financial Reporting Centre (FRC) via the FRC's online portal, appoint a Money Laundering Reporting Officer (MLRO), and maintain a written AML programme that covers Customer Due Diligence (CDD), Suspicious Transaction Reporting (STR), record-keeping, and staff training. Failure to maintain a compliant AML programme is an offence under Section 17 of the POCAMLA, attracting fines of up to KES 5,000,000 for individuals and up to KES 25,000,000 for corporate bodies.
An Anti-Money Laundering Policy is needed for any company that deals in cash transactions above prescribed thresholds. Under the POCAMLA and FRC guidelines, reporting institutions must file Cash Transaction Reports (CTRs) with the FRC for all cash transactions above KES 1,000,000 (or equivalent in foreign currency) in a single day. Companies that routinely accept large cash payments — such as real estate developers, luxury goods dealers, car dealers, and hospitality businesses — must have AML policies documenting how they identify and report high-value cash transactions.
An Anti-Money Laundering Policy is required when a company raises funding from development finance institutions, multilateral lenders, or international private equity funds. All major development finance institutions — the IFC, AfDB, and British International Investment — require their investee companies to maintain AML policies consistent with FATF recommendations and local law as a condition of the investment agreement.
An Anti-Money Laundering Policy is needed for any Kenyan company that engages in cross-border transactions with counterparties in jurisdictions identified on the FATF grey list or black list, the United Nations Security Council sanctions list, or the US Office of Foreign Assets Control (OFAC) sanctions list. Commercial banks licensed by the Central Bank of Kenya (CBK) will require AML assurances from corporate clients before processing large cross-border payments.
An Anti-Money Laundering Policy is required for any company that is subject to Know Your Customer (KYC) obligations under CBK Prudential Guidelines or FRC Sector Guidelines — including real estate agents conducting property transactions above KES 5,000,000, advocates handling client funds in conveyancing or M&A transactions, and accountants preparing financial statements for high-risk clients.
An Anti-Money Laundering Policy is needed for companies bidding for contracts funded by the World Bank, the African Development Bank, or other multilateral development banks, as these institutions impose AML compliance requirements on implementing agencies and contractors through their procurement regulations and loan agreements.
What to Include in Your Anti-Money Laundering Policy (Kenya)
A Kenya Anti-Money Laundering Policy under the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 and the Financial Reporting Centre Act No. 11 of 2012 must include the following essential elements to constitute a compliant AML programme.
Scope and Designation: A statement that the policy applies to all employees, directors, agents, and associated persons of the company, and identifies whether the company is a reporting institution under Section 9 of the POCAMLA. The policy must identify the company's FRC registration number and the name and contact details of the appointed Money Laundering Reporting Officer (MLRO) — who must be a senior officer of the company with sufficient authority to implement compliance measures and file Suspicious Transaction Reports (STRs) with the FRC.
Customer Due Diligence (CDD): Procedures for identifying and verifying the identity of every customer before establishing a business relationship or conducting a transaction, in accordance with the FRC's Customer Due Diligence Guidelines. CDD for individual customers requires: full legal name; Kenya National Identity Card number (for Kenyan citizens) or passport number (for foreign nationals); KRA PIN; residential address; and source of funds declaration. CDD for corporate customers requires: BRS registration number; registered office address; KRA PIN; list of directors; and Beneficial Ownership Declaration consistent with the Companies (Beneficial Ownership Information) Regulations, 2020 under Section 93A of the Companies Act No. 17 of 2015.
Enhanced Due Diligence (EDD): Additional verification procedures for high-risk customers — including Politically Exposed Persons (PEPs) as defined under the Proceeds of Crime and Anti-Money Laundering (Amendment) Act No. 8 of 2017; customers from FATF high-risk jurisdictions; customers involved in high-risk business activities; and customers whose transactions are inconsistent with their stated business profile. EDD requires senior management approval before establishing the business relationship.
Suspicious Transaction Reporting (STR): Procedures for identifying transactions that may involve money laundering or terrorist financing and reporting them to the FRC within 3 working days of the suspicious activity being identified — as required by Section 12 of the POCAMLA and FRC Suspicious Transaction Reporting Guidelines. The MLRO must maintain an internal STR log documenting all reports filed and all reports that were considered but not filed, with reasons. STR reports are filed electronically through the FRC's goAML portal.
Cash Transaction Reporting (CTR): Procedures for identifying and filing Cash Transaction Reports with the FRC for all cash transactions above KES 1,000,000 in a single day, whether received in a single transaction or in a series of related transactions. The policy must address structuring — the splitting of transactions to avoid CTR thresholds — as a suspicious activity that must be reported.
Record-Keeping: Requirements to retain all CDD documents, transaction records, STR logs, and staff training records for a minimum of 7 years from the end of the business relationship or completion of the transaction, in accordance with Section 16 of the POCAMLA and the Tax Procedures Act No. 29 of 2015. Records must be maintained in a format accessible to the FRC, the Central Bank of Kenya (CBK), and law enforcement on demand.
Staff Training: Annual mandatory AML training for all employees, with role-specific training for customer-facing staff, finance officers, and the MLRO. Training records must be documented and available for FRC inspection during supervisory visits.
Tipping-Off Prohibition: A clear statement that employees are prohibited from tipping off a customer or third party that an STR has been filed or is being considered, or that a law enforcement investigation is underway — a violation of Section 14 of the POCAMLA that carries criminal penalties.
The forms-legal.com Anti-Money Laundering Policy template covers all elements required by the FRC's AML Programme Guidelines and the POCAMLA. Companies with complex ownership structures should also complete a Beneficial Ownership Declaration Form and review the Anti-Bribery and Corruption Policy for coordinated compliance.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Anti-Money Laundering Policy (Kenya) (Kenya) [Legal document template]. Forms Legal. https://forms-legal.com/kenya/business/policies/anti-money-laundering-policy-kenya
"Anti-Money Laundering Policy (Kenya) (Kenya)." Forms Legal, 2026, https://forms-legal.com/kenya/business/policies/anti-money-laundering-policy-kenya.
@misc{formslegal-anti-money-laundering-policy-kenya,
author = {{Forms Legal}},
title = {Anti-Money Laundering Policy (Kenya) (Kenya)},
year = {2026},
howpublished = {\url{https://forms-legal.com/kenya/business/policies/anti-money-laundering-policy-kenya}},
note = {Free legal document template}
}Also available for these jurisdictions:
Frequently Asked Questions
Entities designated as reporting institutions under Section 9 of the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA) must register with the Financial Reporting Centre (FRC). The POCAMLA and the Proceeds of Crime and Anti-Money Laundering (Amendment) Act No. 8 of 2017 list the following categories: all commercial banks, microfinance banks, and mortgage finance companies licensed by the Central Bank of Kenya (CBK) under the Banking Act (Cap. 488); insurance companies and brokers regulated by the Insurance Regulatory Authority (IRA); capital markets intermediaries regulated by the Capital Markets Authority (CMA); advocates in the conduct of real estate, company formation, and financial transactions; certified public accountants and auditors in the conduct of client financial management; real estate agents and property developers; money remittance providers and payment service providers; casinos and gaming operators; dealers in precious metals, stones, and luxury goods; and non-profit organisations handling funds above prescribed thresholds. Registration is done through the FRC's online portal at frc.go.ke. Unregistered reporting institutions face fines under the POCAMLA.
A Suspicious Transaction Report (STR) is a mandatory report that a reporting institution must file with the Financial Reporting Centre (FRC) when it identifies a transaction — completed or attempted — that it suspects involves money laundering, terrorist financing, or proceeds of crime, under Section 12 of the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA). Suspicious indicators include: transactions inconsistent with the customer's known business profile; unusually large cash deposits or withdrawals; structuring of transactions below reporting thresholds; transactions involving high-risk jurisdictions on the FATF grey list; use of multiple bank accounts to move funds; and reluctance by customers to provide identity or source of funds documentation. STRs must be filed within 3 working days of the suspicion arising, using the FRC's goAML portal — Kenya's dedicated financial intelligence platform. The MLRO completes the online STR form with details of the customer, transaction, amount, and nature of the suspicion. Filing an STR does not prevent the institution from continuing the business relationship unless a court order restrains the transaction. Employees are criminally prohibited from tipping off the customer that an STR has been filed, under Section 14 of the POCAMLA.
Money laundering penalties in Kenya under the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA) are among the most severe in East Africa. For conviction of the primary money laundering offence under Section 3 of the POCAMLA — concealing, disguising, or converting proceeds of crime — an individual faces imprisonment for up to 14 years, a fine of up to KES 5,000,000, or both. A corporate body convicted of money laundering faces a fine of up to KES 25,000,000 under the POCAMLA. Additionally, the Assets Recovery Agency (ARA), established under the Proceeds of Crime and Anti-Money Laundering Act, may apply to the High Court of Kenya for a freezing order to restrain any assets connected to the money laundering, and for a forfeiture order to permanently confiscate those assets — including bank accounts, real estate registered with the Land Registry, vehicles registered with NTSA, and business assets. Reporting institutions that fail to maintain AML programmes, fail to file STRs, or fail to conduct CDD face civil penalties of up to KES 25,000,000 per violation, imposed by the Financial Reporting Centre (FRC) under the FRC Act No. 11 of 2012. Directors and senior officers of non-compliant reporting institutions may be held personally liable.
Customer Due Diligence (CDD) in Kenya is the process by which a reporting institution identifies and verifies the identity of its customers and assesses the risk that those customers may be involved in money laundering or terrorist financing, as required by the Financial Reporting Centre (FRC) CDD Guidelines under the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA). Standard CDD for individual customers requires: collection and verification of full legal name; Kenya National Identity Card (NIC) number or passport number; KRA PIN; residential address (confirmed by a utility bill or lease agreement); and a declaration of the source of funds or wealth where transactions exceed prescribed thresholds. CDD for corporate customers additionally requires the company's BRS registration number, registered office address, list of directors, and a Beneficial Ownership Declaration under the Companies (Beneficial Ownership Information) Regulations, 2020 identifying all natural persons with more than 10% ownership or control under Section 93A of the Companies Act No. 17 of 2015. Enhanced Due Diligence (EDD) applies to Politically Exposed Persons (PEPs), customers from FATF high-risk jurisdictions, and transactions above KES 1,000,000. CDD documents must be retained for 7 years under Section 16 of the POCAMLA.
The Money Laundering Reporting Officer (MLRO) is the senior officer designated by a reporting institution under the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA) and FRC Guidelines to manage the institution's AML compliance programme. The MLRO's responsibilities include: receiving and reviewing internal suspicious activity reports from staff; deciding whether to file Suspicious Transaction Reports (STRs) with the Financial Reporting Centre (FRC) through the goAML portal; maintaining the internal STR log; overseeing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures; conducting annual AML risk assessments; delivering or coordinating mandatory AML training for all staff; liaising with the FRC during supervisory visits and regulatory inquiries; and reporting to senior management and the board on AML compliance status. The MLRO must be a senior officer with sufficient seniority and independence to make decisions on STR filing without interference from business line management. Reporting institutions must notify the FRC of the identity and contact details of the MLRO at the time of FRC registration and whenever the MLRO changes. Failure to designate a qualified MLRO is an offence under the POCAMLA.
Kenya's Anti-Money Laundering framework is built on the Financial Action Task Force (FATF) 40 Recommendations, which set the global standard for AML/CFT compliance. Kenya is a member of the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG), which conducts mutual evaluation reviews of member states' AML/CFT systems against FATF standards. Kenya's 2022 FATF Mutual Evaluation Report identified deficiencies in the effectiveness of Kenya's AML framework — particularly in the quality of Suspicious Transaction Reports, the coverage of non-financial reporting institutions, and beneficial ownership transparency — leading to Kenya being placed under FATF enhanced follow-up. As a result, the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA), the Financial Reporting Centre Act No. 11 of 2012, and the Companies (Beneficial Ownership Information) Regulations, 2020 have all been strengthened to align with FATF Recommendations 1, 10, 24, and 25 covering risk-based approaches, CDD, and beneficial ownership. Kenyan businesses that deal with international financial institutions, EU-regulated entities, or US-regulated entities must demonstrate FATF-aligned AML compliance, as their counterparties are required by their own regulators to conduct AML due diligence on Kenyan business partners.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Anti-Bribery and Corruption Policy (Kenya)
A Kenya Anti-Bribery and Corruption Policy for companies, compliant with the Bribery Act No. 47 of 2016 s.7, the Anti-Corruption and Economic Crimes Act No. 3 of 2003, and the Public Officer Ethics Act No. 4 of 2003, covering gifts, hospitality, facilitation payments, and whistleblowing.
Beneficial Ownership Declaration Form (Kenya)
A Kenya Beneficial Ownership Declaration Form for companies to register their beneficial owners with the Business Registration Service (BRS), compliant with the Companies Act No. 17 of 2015 s.93A and the Beneficial Ownership Regulations 2020.
Conflict of Interest Policy (Kenya)
A Kenya Conflict of Interest Policy governing directors, employees, and officers of Kenyan companies and organisations, compliant with the Companies Act No. 17 of 2015, Public Officer Ethics Act No. 4 of 2003, and the Leadership and Integrity Act No. 19 of 2012.
Data Processing Agreement (Kenya)
A Kenya Data Processing Agreement between a data controller and data processor, compliant with the Data Protection Act No. 24 of 2019 s.45 and the Data Protection (General) Regulations 2021.
Corporate Governance Policy (Kenya)
A Kenya Corporate Governance Policy establishing board structure, director duties, audit, risk, and ethics frameworks for companies under the Companies Act No. 17 of 2015 and Capital Markets Authority guidelines.