Introduction

Kenya's SACCO sector is one of the largest cooperative financial systems in Africa  over 22,000 registered cooperatives mobilise an estimated KES 1.2 trillion in assets, with SASRA-regulated Deposit-Taking SACCOs accounting for the majority of savings and loan activity. For years, the sector operated in a compliance grey zone. Community-based, membership-driven, and relatively low-profile compared to commercial banks, SACCOs attracted less regulatory scrutiny even as their transaction volumes grew to rival those of mid-tier lenders.

 

That era ended in 2023. SASRA's AML/CTF Guidelines codified obligations that mirror those imposed on banks. In 2026, SASRA is not asking whether an AML policy exists on paper  it is examining whether controls actually function and whether STRs are being filed on genuine suspicious activity. SACCOs that have not yet built structured, evidence-based AML programmes are operating with significant regulatory and financial exposure.


 

Why Kenyan SACCOs Are Now a Priority AML Risk

FATF's 2022 Mutual Evaluation Report on Kenya identified the cooperative sector as an underregulated entry point for money laundering. The report noted that SACCOs' membership-based structure  which relies on social trust and community relationships rather than documentary verification  creates vulnerabilities that criminal networks exploit to layer illicit funds through member loan accounts and Fosa transactions.

 

In response, the FRC issued Circular FRC/01/2023 directing all SACCOs to complete goAML registration by 31 December 2023. SASRA followed with enhanced supervisory scrutiny from Q1 2024, including on-site AML inspections that resulted in 14 formal sanctions notices issued to non-compliant DT-SACCOs in FY 2024/2025. By January 2026, SASRA had gazetted 176 fully licensed DT-SACCOs  all required to demonstrate active AML/CTF programmes as a condition of licensing.

The compliance baseline has been raised permanently.


 

The Regulatory Framework Governing SACCO AML Compliance in 2026

AML compliance for Kenyan SACCOs sits at the intersection of four regulatory instruments:

Instrument

Issuing Authority

Key Obligations

POCAMLA Cap. 59BParliament of KenyaStatutory AML framework; defines ML offences and penalties
POCAMLA AML/CFT Regulations 2023Treasury and FRCRisk-based AML programme requirements, CDD standards, STR/CTR rules
SASRA AML/CTF Guidelines 2023SACCO Societies Regulatory AuthoritySector-specific guidance: governance, MLRO, member CDD, Fosa controls
CBK AML/CFT Guideline 2023Central Bank of KenyaBaseline standards informing SASRA's approach for Fosa-licensed SACCOs

SACCOs regulated by the Capital Markets Authority (CMA) for investment products are additionally subject to the CMA's AML Guidelines under the Capital Markets (Anti-Money Laundering and Combating Financing of Terrorism) Regulations.

Interesting readKYC & POCAMLA Compliance in Kenya: Requirements

 

 

Core AML Compliance Requirements for Kenyan SACCOs in 2026

1. FRC goAML Registration

Every SACCO classified as a reporting institution under POCAMLA must register on the goAML platform and maintain an active account for STR and Cash Transaction Report filing. Failure to register is a criminal offence under Section 9A of POCAMLA, carrying a fine of up to KES 3 million for the institution and KES 1 million for responsible officers individually. Non-registration also triggers automatic classification as High-risk in SASRA's supervisory assessment  attracting mandatory on-site inspection.

 

2. Appointing a Money Laundering Reporting Officer

Each SACCO must designate a senior officer as MLRO with direct reporting access to the Board of Directors. The MLRO is responsible for receiving internal disclosures from staff, evaluating whether to file STRs with the FRC, maintaining AML records, and ensuring annual AML training is conducted and documented. SASRA's Fit and Proper Requirements (2024) require the MLRO appointment to be disclosed and vetted during the board and senior management approval process.

The MLRO must have sufficient seniority, independence, and resources to fulfil the role effectively. An MLRO who is simultaneously head of operations or credit  with inherent conflicts of interest in reporting suspicious loan activity  will not satisfy SASRA's independence expectations.

 

3. Member Due Diligence: The SACCO Version of CDD

SACCO member due diligence requires National ID or passport verification, proof of income or employment, and a completed membership declaration for standard-risk members. Enhanced MDD applies for PEPs, non-resident members, and investment club accounts  requiring source of funds verification, beneficial ownership disclosure, and senior management approval before the account is activated.

SASRA's 2023 guidelines define three levels of member due diligence for DT-SACCOs:

Standard MDD requires National ID or passport verification, proof of employment or income source, and a completed membership declaration form. This applies to the majority of individual members presenting standard risk profiles.

Enhanced MDD applies to members who are Politically Exposed Persons under FATF Recommendation 12, non-resident members, members operating in FATF-listed high-risk jurisdictions, board members or management officers of other regulated entities, and members whose transaction patterns are inconsistent with declared income.

Simplified MDD is permitted for low-value Fosa accounts with monthly transaction caps of KES 50,000, where real-time identity verification against the Kenya Integrated Population Registration System (IPRS) is conducted at onboarding.

SASRA's 2026 inspections have specifically tested whether SACCOs collect beneficial ownership information for member companies and investment clubs  a gap identified in nearly half of inspected institutions during 2024 audits.

Read alsoTransaction Monitoring for Kenyan Banks and Fintechs

 

 

Transaction Monitoring for Fosa Accounts

Fosa accounts  the savings and current accounts operated by DT-SACCOs through their Front Office Service Activities  process high volumes of mobile money transfers, salary credits, and micro-loan disbursements. SASRA requires all DT-SACCOs with Fosa operations to implement structured transaction monitoring covering three areas.

Threshold-based monitoring requires Cash Transaction Reports to be filed for cash transactions exceeding KES 1 million per day per member, or equivalent amounts in aggregate across multiple transactions by the same member on the same day.

Pattern detection must identify structuring indicators  multiple transactions clustering just below KES 1 million  alongside unusual salary-to-loan ratios, and rapid cycling of funds between Fosa accounts and mobile wallets. These patterns are consistently highlighted in FRC annual reporting as Fosa-specific money laundering typologies.

Loan account monitoring must flag loan disbursements repaid immediately with external funds, and loans taken out by members immediately following large unusual deposits. The FRC's 2024 Annual Report identified this as a confirmed layering typology in the DT-SACCO sector.

SACCOs processing over KES 500 million in annual Fosa transactions are expected by SASRA to deploy dedicated AML transaction monitoring software rather than relying on manual reviews or basic core banking system alerts.


 

STR Filing: What Kenyan SACCOs Are Required to Report

Under POCAMLA Section 12, a SACCO must file an STR with the FRC within three working days of forming a suspicion about a transaction or attempted transaction. STRs are submitted through the FRC's goAML portal in XML format. The MLRO is responsible for evaluation and filing. Staff are prohibited from disclosing STR filing to the member concerned.

Kenyan SACCOs must file STRs for transactions where the source of funds cannot be satisfactorily explained by the member, members requesting large loan disbursements without plausible repayment capacity, third-party deposits from unconnected individuals into member accounts, and investment club accounts exhibiting rapid high-value inflows with no corresponding documented investment activity.

The tipping-off prohibition under POCAMLA is absolute  staff who disclose to a member that an STR has been filed, or that one is being considered, commit a criminal offence. SASRA's inspections examine whether SACCOs have documented tipping-off prevention procedures and staff training on this obligation.

Record-keeping for all STR filings must be maintained for a minimum of seven years from the date of the transaction or the end of the business relationship, whichever is later.


 

Real-World Scenario: Investment Club Accounts and AML Risk

A mid-size DT-SACCO in Nairobi opened an investment club account for a group of fifteen named members. The account received large fortnightly deposits, described by the club as "member contributions for a real estate investment fund." Within three months, all inflows were transferred out to a single external account and the investment club ceased activity. The pattern repeated with a differently named club six months later.

The SACCO's transaction monitoring system had no investment club-specific rules  it monitored individual member accounts against personal income baselines, not group accounts against stated collective investment purposes. The pattern went unreported for over a year.

A SASRA on-site inspection identified the gap and cited the SACCO for failure to file STRs on known suspicious activity and for inadequate TM coverage of corporate and group member accounts. The SACCO received a formal warning and a 90-day remediation notice.

The lesson: SACCOs must monitor group and corporate member accounts against their declared investment or business purposes  not just against generic account-level velocity rules.


 

CMA Obligations for Investment-Linked Cooperatives

SACCOs offering regulated investment products  including money market fund contributions channelled through cooperative structures  fall under CMA oversight for those product lines under the Capital Markets (Anti-Money Laundering and Combating Financing of Terrorism) Regulations.

CMA requirements for investment-linked cooperatives include:

1. Source of funds verification for all investments exceeding KES 500,000.

2. Senior management-level PEP approval before accepting member investments from politically exposed individuals.

3. Beneficial ownership disclosure for corporate or trust members investing through the cooperative structure.

4. Quarterly AML compliance reports submitted to the CMA for SACCOs managing collective investment schemes.

SACCOs operating at the intersection of cooperative savings and regulated investment products must build compliance programmes that satisfy both SASRA and CMA requirements. These frameworks are compatible but not identical  the compliance programme must demonstrate awareness of both sets of obligations and implementation across both product lines.


 

SASRA's Risk-Based Supervisory Framework in 2026

SASRA assigns each DT-SACCO an AML risk rating  Low, Medium, or High  based on five dimensions of the institution's risk profile:

1. Membership composition, including the proportion of PEPs, non-resident members, and large corporate or investment club members.

2. Annual Fosa transaction volume and value.

3. Geographic reach, with SACCOs operating in border counties  Mombasa, Kisumu, and Nairobi  receiving elevated scrutiny due to cross-border remittance exposure.

4. Historical STR filing rates and overall goAML activity levels.

5. Governance quality, including board engagement with AML oversight and MLRO seniority and independence.

SACCOs rated Medium or High receive on-site AML inspections annually. Low-rated SACCOs undergo desk-based reviews every 18 months. Non-compliance triggers a graduated sanctions ladder: advisory notice, formal warning, civil monetary penalty, licence suspension, and ultimately licence revocation.

In FY 2025, SASRA issued KES 42 million in aggregate AML-related civil penalties against eleven DT-SACCOs, primarily for goAML non-registration, inadequate MDD documentation, and failure to file STRs on known suspicious activity identified within the institution.


 

Building a Practical AML Programme for Kenyan SACCOs in 2026

A proportionate, evidence-based AML programme for a DT-SACCO in 2026 requires six building blocks:

1. Governance framework: A Board-approved AML Policy reviewed annually, documented MLRO terms of reference with clear reporting lines to the Board, and AML as a standing item on the Board's risk oversight agenda.

2. Annual ML/TF risk assessment: A documented assessment covering membership profile risk, product and service risk (Fosa, loans, investment club accounts), geographic risk, and delivery channel risk, reviewed and approved by the Board annually.

3. Technology deployment: For mid-to-large DT-SACCOs with Fosa assets above KES 2 billion, a dedicated AML transaction monitoring system connected to the core banking infrastructure and generating rule-based alerts for MLRO review.

4. Annual staff training: AML awareness training for all staff, with role-specific training for Fosa staff, loan officers, and the MLRO. Training completion records must be retained for SASRA inspection.

5. Documented STR workflow: A formal internal disclosure process documenting how staff raise suspicions, how the MLRO evaluates and decides whether to file STRs, and how each case is documented and closed regardless of filing decision.

6. Record retention system: A system for retaining all AML records  CDD documents, transaction records, STR filings, internal disclosures, training logs  for the required minimum of seven years.

Learn how Youverify's AML compliance platform supports Kenyan SACCOs in building proportionate, SASRA-ready compliance programmes.


 

Conclusion

AML compliance for Kenyan SACCOs has moved from optional to operationally essential. SASRA's risk-based supervisory framework is active, its inspection programme is expanding, and the civil penalties it has issued since 2024 demonstrate that non-compliance has direct financial consequences  not just reputational ones.

 

SACCOs that invest in structured AML programmes  with goAML registration completed, an independent MLRO in place, member due diligence documented, and transaction monitoring calibrated to Fosa and investment club account typologies  will satisfy SASRA's 2026 expectations. Those that continue to rely on policy documents without operational controls will face examination findings, remediation costs, and licensing risk.

 

Youverify's AML compliance platform supports Kenyan DT-SACCOs and investment cooperatives with automated member due diligence, real-time identity verification against the IPRS, PEP and sanctions screening, and goAML-compatible STR data generation  enabling SACCOs to move from manual, policy-driven compliance to automated, evidence-based programmes built for SASRA's inspection standards.

To get started, Book a free demo today



 

About The Author

Victoria Okere is a compliance and financial crime specialist with expertise in African regulatory frameworks. She covers AML, KYC, and RegTech developments across Sub-Saharan Africa for Youverify's content team, with particular focus on the East African cooperative and fintech sectors.