KYC (Know Your Customer) compliance in Kenya is governed by the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) 2009, CBK Prudential Guidelines, and the AML/CTF Amendment Act 2025. It requires banks, fintechs, SACCOs, and all regulated businesses to verify customer identity, conduct ongoing due diligence, and report suspicious transactions to the Financial Reporting Centre (FRC). Non-compliance carries criminal penalties of up to KES 30 million.

 

KYC Requirements and POCAMLA Compliance in Kenya

 

KYC requirements in Kenya are set by POCAMLA (Proceeds of Crime and Anti-Money Laundering Act, 2009), supplemented by the Proceeds of Crime and Anti-Money Laundering Regulations 2013, the AML/CTF Amendment Act 2025, and sector-specific guidelines from the Central Bank of Kenya (CBK), the Capital Markets Authority (CMA), and other supervisors.

 

Under POCAMLA, every reporting institution must implement a risk-based KYC programme covering four pillars: customer identification, customer due diligence, ongoing monitoring, and suspicious activity reporting. These are not optional controls, they are legal obligations with criminal liability attached.

 

What Is POCAMLA and Why Does It Matter for KYC Compliance in Kenya?

 

POCAMLA stands for the Proceeds of Crime and Anti-Money Laundering Act. It is Kenya’s primary law for combating money laundering, terrorist financing, and other financial crimes.

Enacted in 2009, POCAMLA provides the legal framework that requires financial institutions and businesses to identify customers, monitor transactions, and report suspicious activities.

 

 What POCAMLA Requires

 

Under POCAMLA, regulated entities (like banks, fintechs, and other reporting institutions) must:

 

  • Conduct Customer Due Diligence (CDD) before onboarding customers
  • Verify customer identities using reliable and independent sources
  • Maintain accurate records of customer data and transactions
  • Monitor transactions continuously to detect unusual patterns
  • Report suspicious transactions to the Financial Reporting Centre

 

Why POCAMLA Is Important for KYC Compliance

 

1. It Makes KYC Mandatory

POCAMLA legally requires businesses to implement KYC processes. This means you cannot onboard customers without verifying who they are and assessing their risk level.

 

2. It Defines Risk-Based Compliance

POCAMLA promotes a risk-based approach, where businesses must:

  • Apply standard checks for low-risk customers
  • Conduct enhanced due diligence for high-risk individuals (e.g., politically exposed persons)

This ensures resources are focused where risk is highest.

 

3. It Protects Businesses from Legal and Financial Penalties

Non-compliance with POCAMLA can lead to:

  • Heavy fines
  • License restrictions or revocation
  • Reputational damage

Strong KYC processes help businesses stay compliant and avoid these risks.

 

4. It Strengthens Fraud and AML Controls

By enforcing identity verification and transaction monitoring, POCAMLA helps businesses:

  • Detect fraudulent identities
  • Prevent money laundering schemes
  • Identify suspicious transaction patterns early

 

5. It Aligns Kenya with Global Standards

POCAMLA aligns Kenya’s financial system with international AML standards set by the Financial Action Task Force (FATF).

This improves trust in Kenya’s financial ecosystem and supports cross-border business operations.

 

Who Must Comply With POCAMLA?

 

POCAMLA divides reporting institutions into two categories: Financial Institutions and Designated Non-Financial Businesses and Professions (DNFBPs).

 

1. Financial Institutions

 

All of the following must implement KYC and AML programmes under POCAMLA:

 

Institution TypeSupervising Regulator
Commercial banks and mortgage finance companiesCentral Bank of Kenya (CBK)
Microfinance institutionsCBK
Forex bureaus and money remittance providersCBK
Digital credit providersCBK
Payment service providers and mobile walletsCBK
Deposit-taking SACCOsSASRA
Non-withdrawable deposit SACCOsSASRA
Insurance companies and intermediariesInsurance Regulatory Authority (IRA)
Stockbrokers, investment banks, fund managersCapital Markets Authority (CMA)
Retirement benefits schemesRetirement Benefits Authority (RBA)
Virtual Asset Service Providers (VASPs)CBK / CMA (dual regulation)

 

2. Designated Non-Financial Businesses and Professions (DNFBPs)

 

The 2025 Amendment Act expanded DNFBP obligations significantly. DNFBPs now include:

 

  • Real estate agencies (with the Estate Agents Registration Board now empowered for AML oversight)
  • Dealers in precious metals and stones
  • Casinos and gambling companies
  • Legal professionals handling client money
  • Accountants and auditors
  • Non-profit organisations (NPOs), subject to risk-based oversight

 

Does POCAMLA Apply to Foreign Branches Operating in Kenya?

 

Yes. Under POCAMLA, anti-money laundering measures apply to the foreign subsidiaries and branches of Kenyan reporting institutions. Where host-country requirements are less strict than Kenya's, the institution must apply Kenya's standards to the extent the host country's law permits.

 

What are the Consequences of Non-Compliance with KYC Compliance in Kenya?

 

Non-compliance with POCAMLA and Kenya's KYC framework carries serious legal and operational consequences. The 2025 Amendment Act increased penalties substantially.

 

1. Criminal and Financial Penalties

OffenceMaximum Penalty
Failure to implement KYC proceduresKES 30,000,000 fine
Failure to report suspicious transactionsKES 30,000,000 fine + imprisonment
Tipping off (alerting a suspect to an STR)Criminal prosecution
Wilful non-compliance with FRC ordersImprisonment
Money laundering convictionFine + up to 14 years imprisonment
Acquisition or use of proceeds of crimeCriminal prosecution

 

 

 

 

 

 

 




The CBK is separately empowered under the Banking Act to impose sanctions on banks for AML non-compliance, including licence suspension or revocation.

 

2. Operational and Reputational Consequences

 

Beyond fines, non-compliant institutions face:

 

  • Account freezing and asset seizure by the Asset Recovery Agency (ARA)
  • Loss of correspondent banking relationships:  international banks apply heightened due diligence to institutions with weak AML controls
  • Reputational damage: public enforcement actions by the FRC or CBK
  • Exclusion from financial markets: non-compliant investment firms risk CMA licence withdrawal

 

The practical message for compliance teams: with Kenya still on the FATF grey list, regulators are under international pressure to demonstrate enforcement effectiveness. The tolerance for weak documentation and delayed reporting is lower than ever.

 

What Are the Requirements for KYC in Kenya and Accepted Documents?

 

Identity Verification Requirements Under POCAMLA

 

At minimum, every reporting institution in Kenya must collect and verify the following for individual customers:

 

RequirementWhat Is Needed
Full legal nameAs appears on government-issued ID
Date of birthVerified against identity document
National ID or passport numberCross-referenced against IPRS or government database
Physical address or residential detailsUtility bill, rental agreement, or bank statement
KRA PINMandatory for financial account holders per CBK directive
Source of funds (risk-based)For high-risk or high-value transactions
Biometric verificationRequired for digital onboarding and eKYC

 

For corporate clients, additional documents are required:

 

  • Certificate of incorporation / business registration
  • Company KRA PIN
  • Board resolution authorising the account
  • Identity documents for directors and shareholders
  • Ultimate Beneficial Owner (UBO) disclosure, now mandatory under the 2025 Amendment Act
  • CIPC-equivalent: companies must disclose at the Business Registration Service (BRS)

 

1. Accepted KYC Documents in Kenya

 

Kenya accepts the following government-issued documents for identity verification:

 

Primary Identity Documents:

 

  • Kenyan National ID Card: Primary document for citizens 18+, managed by the National Registration Bureau (NRB). Verifiable against the Integrated Population Registration System (IPRS)
  • Maisha Card: Kenya's new digital national ID, part of the Maisha Namba ecosystem launched in 2024. Lifecycle-based (assigned at birth), designed for cross-system interoperability
  • Kenyan Passport:  issued by the Ministry of Interior; includes biometric chip for ePassport verification via NFC
  • Driver's Licence:  issued by the National Transport and Safety Authority (NTSA); verifiable via NTSA database
  • Alien ID Card:  issued to foreign nationals by the Directorate of Immigration Services
  • Refugee ID:  issued by the Department of Refugee Affairs

 

Supporting Documents (Address & Tax Verification):

 

  • KRA PIN certificate (mandatory for bank account holders)
  • Recent utility bill (not older than 3 months)
  • Rental or lease agreement
  • Bank or building society statement
  • County council tax bill or government institution statement

 

For Foreign Nationals:

 

  • Valid passport with unexpired visa or residence permit
  • Alien Card or Residency Permit issued by the Directorate of Immigration Services

 

2. Enhanced Due Diligence (EDD) Triggers

 

Standard KYC is sufficient for low-risk customers. The following triggers require EDD under POCAMLA and the 2025 Amendment Act:

 

  • Politically Exposed Persons (PEPs) and their close associates
  • Customers in high-risk jurisdictions (FATF grey or black-listed countries)
  • High-value transactions (cash transactions above KES 1,000,000 for banks; USD 15,000 for other reporting institutions)
  • Customers with complex or opaque ownership structures
  • Non-resident customers and cross-border transactions
  • Customers in high-risk sectors: precious metals, real estate, casinos

 

EDD requires senior management approval, additional documentation, and more frequent transaction monitoring.

 

How KYC Works in Kenya: Step-by-Step Guide

 

The Kenya KYC process follows a standard five-stage workflow for regulated institutions. Each stage is a regulatory obligation, not a best-practice suggestion.

 

Step 1: Customer Identification

 

Collect the customer's full legal name, date of birth, ID number, and physical address. For entities, collect company registration details and request UBO disclosure. This information forms the foundation of the KYC file.

 

Step 2: Document Collection and Verification

 

Request and verify government-issued identity documents. Verification involves two checks:

 

  • Document authenticity check: Is the document genuine? For digital onboarding, OCR (Optical Character Recognition) reads the MRZ (Machine-Readable Zone) and compares it to government standard templates
  • Government database check: Does the document match live IPRS/e-Citizen/BRS records? Cross-referencing against Kenya's Integrated Population Registration System (IPRS) confirms whether the ID is valid, active, and belongs to the individual presenting it

 

Step 3: Biometric Verification and Liveness Detection

 

For digital and eKYC onboarding, biometric verification confirms the person presenting the document is physically present. This involves:

  • Facial recognition matched to the photo on the identity document
  • Liveness detection to prevent spoofing with static images or pre-recorded video
  • For high-assurance scenarios: fingerprint matching against IPRS biometric records

 

The CBK and FRC require biometric-grade verification for digital account opening. Institutions that skip this step create identity fraud risk and regulatory exposure.

 

Step 4: Risk Assessment and Customer Risk Scoring: (Customer Due Diligence or Enhanced Due Diligence)

 

After verifying identity, assign a risk score: low, medium, or high. Risk scoring considers:

 

  • Customer profile (PEP, high-risk occupation, non-resident)
  • Source of funds and expected transaction patterns
  • Jurisdiction of origin (heightened risk for FATF grey-listed countries)
  • Business type (for corporate customers)
  • Adverse media and sanctions screening results

 

High-risk customers require EDD before onboarding proceeds. Low and medium-risk customers undergo standard CDD.

 

Step 5: Ongoing Monitoring and Reporting

 

KYC is not a one-time event. POCAMLA requires continuous monitoring of customer behaviour:

 

  • Transaction monitoring: flag deviations from the customer's established pattern
  • Periodic KYC refresh: update customer files when information changes or triggers a re-review
  • STR filing: file a Suspicious Transaction Report with the FRC within the prescribed timeframe when suspicious activity is detected. Under the 2025 Amendment Act, reporting must happen promptly — delays are treated as non-compliance
  • Cash Transaction Reports (CTRs): automatically report cash transactions above USD 15,000 (or KES 1,000,000 for banks) to the FRC
  • Record keeping: maintain all KYC files and transaction records for a minimum of seven years per POCAMLA

 

Digital/eKYC Trends in Kenya

 

Kenya is one of Africa's most advanced digital financial ecosystems, with over 70% of its population using mobile money services. This digital-first reality is reshaping how KYC works for banks, fintechs, and regulated businesses.

 

Maisha Namba: Kenya's Digital Identity Reset

 

The most consequential identity development for compliance teams in 2026 is the Maisha Namba ecosystem. Unlike the traditional National ID, issued at age 18 and siloed from other systems, Maisha Namba is:

 

  • Lifecycle-based: assigned at birth and embedded into the physical Maisha Card at age 18
  • Interoperable: designed to work across banking platforms, public records, and digital services
  • IPRS-linked: all identity data connects to the Integrated Population Registration System
  • Fraud-resistant: consolidates previously fragmented identifiers (National ID, Huduma Namba, birth certificate) into a single verifiable reference point

 

For KYC compliance teams, Maisha Namba eliminates identity duplication, reduces impersonation risk, and enables more reliable automated verification. Banks and fintechs that integrate early with Maisha Namba's API infrastructure will have a significant compliance and onboarding efficiency advantage.

 

eKYC and Remote Onboarding

 

The CBK now mandates that all account holders, including mobile wallet users, be verified. eKYC enables compliance without requiring physical branch visits:

 

  • Customers submit their National ID or Maisha Card via a mobile app or web platform
  • OCR reads and validates the document
  • Government database check confirms authenticity in real time
  • Liveness detection confirms physical presence
  • Risk screening (PEP/sanctions/adverse media) runs simultaneously in the background

 

For Kenya's large unbanked population, many of whom access financial services via mobile agents, the eKYC process must work on low-bandwidth connections and older devices. Agent network KYC presents its own compliance challenges: institutions are responsible for their agents' verification quality.

 

Virtual Asset Service Providers (VASPs)

 

The Virtual Asset Service Providers Act 2025, passed by Kenya's Parliament on 7 October 2025, creates a regulatory framework for crypto exchanges and digital asset platforms. VASPs are required to implement digital KYC, transaction monitoring, and periodic risk assessments, and are subject to both on-site and off-site regulatory inspections by the CBK and CMA. This is a significant expansion of KYC obligations into Kenya's growing crypto sector.

 

Common Challenges with KYC Compliance in Kenya

 

From rising compliance costs to delayed onboarding, Kenyan businesses face several hurdles when implementing effective KYC processes:

 

1. Fraudulent or Stolen Documents


Many organizations continue to battle with forged documents and stolen identities. Fraudsters now deploy sophisticated tactics, including high-quality forgeries and deepfake technology, to bypass verification systems. In early 2023, around 26% of ID verification attempts in Kenya were flagged as fake or stolen, the highest rate in East Africa.

 

2. Limited Internet Access and Device Constraints


While mobile phone usage is widespread, consistent internet connectivity remains a challenge, particularly in rural regions. Additionally, some devices lack the capability to support advanced verification methods like biometrics. As a result, businesses often rely on a mix of manual and digital processes, which slows operations.

 

3. Evolving and Complex Regulations


Businesses must navigate multiple regulatory frameworks, including AML requirements from the Central Bank, reporting obligations to the FRC, and data protection rules from the Data Commissioner. For fintechs and cross-sector operators, managing these overlapping requirements can be resource-intensive and time-consuming.

 

4. Lengthy Onboarding Processes


Manual verification steps and system inefficiencies can significantly delay customer onboarding. On average, 68% of users abandon onboarding when the process is too lengthy or requires excessive documentation, impacting both conversion rates and customer trust.

 

5. Infrastructure Gaps and Trust Issues


Challenges such as unreliable power supply and low trust in digital systems, especially in remote areas, continue to hinder adoption. Many individuals still prefer face-to-face interactions, making it harder for businesses to fully transition to digital KYC solutions.

 

How Youverify Simplifies KYC Compliance in Kenya

 

Youverify offers an instant AML and KYC compliance solution for Kenyan banks, fintechs, SACCOs, and all POCAMLA-regulated institutions, combining identity verification, AML screening, and transaction monitoring into a single, API-driven platform that works from the first customer interaction to ongoing risk management.

 

Compliance teams in Kenya face a common operational challenge: fragmented tools that create verification gaps. A separate KYC system, disconnected AML screening, and manual STR processes leave institutions exposed to the very risks POCAMLA is designed to prevent. Youverify eliminates this fragmentation.

 

Here is what Youverify delivers for Kenyan institutions:

 

  • Kenya Government KYC Checks: Direct API access to IPRS, eCitizen, and BRS, verifying National ID, Maisha Card, Passport, Driver's Licence, Alien ID, and KRA PIN in real time, with 36M+ Kenyan ID records covered
  • Biometric Liveness Detection: Confirm the customer submitting documentation is physically present, preventing impersonation and deepfake fraud
  • AI-Powered Transaction Monitoring: 100+ pre-built rules aligned to Kenya's risk typologies, with customisable thresholds and intelligent case prioritisation that reduces false positives by more than 50%
  • PEP & Sanctions Screening: Real-time screening against global PEP lists, OFAC, UN sanctions, and adverse media, updated continuously, not just at onboarding
  • KYB with UBO Verification: Automatically surface the beneficial ownership structures of corporate clients and flag hidden risks, critical for the 2025 Amendment Act's UBO requirements
  • Automated STR/CTR Workflows: Generate compliant case documentation and file reports with the FRC within POCAMLA's required timeframes without manual intervention
  • eKYC for Mobile and Agent Networks: Optimised for Kenya's low-bandwidth mobile environment, enabling compliant remote onboarding through banking apps and agent networks alike
  • Adverse Media Screening: Continuous monitoring of news and open-source intelligence for negative mentions linked to your customer base

 

Youverify clients report a 60%+ reduction in fraud losses, 90%+ faster onboarding, and 50%+ fewer false positives, while maintaining full POCAMLA, FRC, and CBK compliance.

 

Book a demo with our compliance experts

 

About the Author:

 

Temitope Lawal has spent five years writing for fintech companies and financial institutions across Nigeria and international markets, with a research focus on AML compliance, fraud prevention, and financial crime regulation. Her work covers regulatory developments from the FCA, NCA and FATF, and is informed by ongoing engagement with primary compliance sources and industry research.