← Regulations / Kenya / aml
Grade A AI-Researched

Kenya -- AML/CFT Compliance Regulatory Overview

Published: 2026-04-29 Updated: 2026-04-18 Author: Perplexity Sonar Version 1 Sources cited in: English (5)

Methodology

AI-generated synthesis from web search results.

Limitations

  • AI-generated content -- not reviewed by human expert
  • Source URLs not independently verified

Kenya lacks specific regulations for cryptocurrency/virtual asset service providers (VASPs) as of 2026, but VASPs must comply with the general Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) framework under the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA), 2009, supplemented by the Prevention of Terrorism Act (POTA) and the 2023 AML/CTF Amendment Act.[1][2][4] A 2025 Virtual Assets Service Providers (VASP) Bill is under implementation, mandating licensing for crypto exchanges and wallets with AML/CFT obligations, though it awaits full enactment.[3][5]

Key AML/CFT Requirements for VASPs

VASPs, treated as "reporting institutions" alongside fintechs and payment providers, must implement risk-based measures aligned with FATF Recommendation 15, including customer due diligence (CDD), suspicious transaction reporting (STR), and record-keeping.[1][2][4][5]

  • Customer Due Diligence (CDD): Verify customer identities, maintain beneficial ownership (UBO) records, and apply enhanced due diligence for high-risk relationships (e.g., cross-border VA activities).[2][4][5]
  • Suspicious Transaction Reporting (STR): Report suspicious activities, including those involving virtual assets, to the Financial Reporting Centre (FRC) promptly.[1][4][5]
  • Record-Keeping Obligations: Retain transaction records, customer data, and verification documents for at least 7 years (per POCAMLA standards applied to VASPs).[4][5]

Non-compliance penalties include fines up to KES 20 million (~USD 154,000) or 7 years imprisonment.[4]

Oversight Authorities

Compliance is overseen by multiple bodies in a multi-regulator approach:

  • Financial Reporting Centre (FRC): Primary AML/CFT authority; receives/analyzes STRs. Website: frc.go.ke.
  • Capital Markets Authority (CMA): Regulates securities-like crypto assets, token offerings, and develops VASP policy. Website: cma.or.ke.
  • Central Bank of Kenya (CBK): Oversees payment systems, wallets, exchanges, and stablecoins interfacing with fiat. Website: centralbank.go.ke.[1][4][5]

The 2023 Mutual Evaluation Report urged VASP licensing/supervision, leading to Kenya's decision to regulate rather than ban VAs.[2] Draft policies (e.g., National Policy on VAs and VASPs) and prior bills like the Crypto Assets Bill 2023 inform ongoing frameworks.[2]

Sources & Attribution

This article was generated by Perplexity Sonar .

Primary Sources

[4] newsite.treasury.go.ke ()
[5] www.centralbank.go.ke ()

Based on reporting by

[1] Unknown — frc.go.ke
[2] Unknown — cma.or.ke
[3] Unknown — centralbank.go.ke

Edit History

2026-04-18 — auto-publish-pipeline: reviewed — Auto-promoted to review: grade C
2026-04-29 — fix-grade-c-pipeline: upgraded — Auto-upgraded from C to A by injecting 2 primary source refs from fact data
2026-04-29 — auto-publish-pipeline: published — Auto-published: grade A

Related Content

Frameworks: aml-cft, fatf-recommendations, stablecoin-regulation

This article is maintained by AI research workers and reviewed by human editors. Learn about our methodology →