From Warning to Wake-Up: Inside Kenya’s FATF Greylisting and the Fight to Protect Integrity

The wake-up call: FATF greylisting in 2024

In February 2024, the Financial Action Task Force (FATF) placed Kenya on its grey list, a public notice that Kenya had “strategic deficiencies” in fighting money laundering and terrorism financing.

For financial institutions, this meant tighter scrutiny from international partners, more questions from correspondent banks, and a heavier compliance burden here at home.

In response to that, Kenya now has a clear roadmap to fix what went wrong, and every reporting institution has a role to play in getting us off that list.

FATF World Map

Why Kenya was greylisted

FATF and ESAAMLG identified long-standing weaknesses in Kenya’s anti–money laundering framework. In simple terms, the laws were there, but enforcement lagged behind. Key findings included:

  • No successful prosecutions for standalone money laundering cases, despite clear predicate crimes like corruption and fraud.
  • Weak oversight of non-bank sectors, such as real estate, casinos, and professional services (lawyers, accountants).
  • Gaps in beneficial ownership transparency, where shell companies masked the true owners of assets.
  • Limited Enhanced Due Diligence (EDD) for Politically Exposed Persons (PEPs) — many institutions collected names but not source of wealth evidence.
  • Inconsistent implementation of UN sanctions, with institutions failing to freeze assets “without delay.”

These findings reflected not just technical lapses but a cultural one, treating AML/CFT as a checkbox rather than an operational discipline.

What’s changing after the greylisting: 2024–2025 reforms in motion

Since the greylisting, Kenya has launched an intensive reform campaign. Here’s what’s already changed:

  • New AML/CFT Laws (2025):
    The Anti-Money Laundering and Combating of Terrorism Financing Laws (Amendment) Act, 2025 expanded POCAMLA to include Countering Proliferation Financing (CPF). It broadened the scope of “reporting institutions,” raised penalties, and introduced stricter internal control obligations.
  • Beneficial Ownership Enforcement:
    Companies must file and update beneficial ownership registers within 14 days of any change. Non-compliant firms risk being struck off the registry
  • FRC Tightening Oversight:
    The Financial Reporting Centre (FRC) now requires all reporting institutions; banks, SACCOs, real estate firms, to register, submit annual AML compliance reports, and integrate national risk assessment findings into their policies.
  • New CBK Guidance (2025):
    The Central Bank’s Guidance on Politically Exposed Persons (PEPs) sets detailed steps for identifying, verifying, and monitoring PEPs. Foreign PEPs must always be treated as high-risk, with mandatory EDD and senior-management approval.
  • SASRA Compliance for SACCOs:
    From June 2024, all regulated SACCOs must register with the FRC and file Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs). Boards are personally accountable for compliance performance.
  • Data Protection Alignment:
    The Data Protection Act, 2019 now ties directly into KYC workflows, institutions must ensure privacy-by-design in eKYC systems, secure data storage in Kenya, and 72-hour breach notifications

These changes move Kenya closer to FATF standards. But compliance is only as strong as its implementation.

Where institutions still fall short

Despite progress, gaps remain in day-to-day execution. Based on regulatory findings and on-the-ground assessments, here’s where most banks and SACCOs struggle and how to fix it:

FATF Greylisting common mistakes

What “good” looks like: your next-quarter action list

Here’s a concise plan to help your institution move from compliance lag to leadership:

  1. Re-score all customers using your risk matrix to align with the 2023 National Risk Assessment focus on corruption and fraud.
  2. Refresh your PEP inventory — apply EDD and management sign-off where missing.
  3. Conduct a beneficial ownership sweep across all corporate clients.
  4. Automate sanctions screening updates — “without delay” now means within 24 hours.
  5. Test your STR escalation path — simulate a suspicious transaction and measure response time.
  6. Schedule a board-level AML briefing — FATF will look for tone-from-the-top evidence.
  7. Review data security in your KYC system to meet both POCAMLA and DPA requirements.

These are tangible steps that any institution can complete within a quarter — and they demonstrate effectiveness, not just compliance.

Making compliance operational: the role of automation

Kenyan banks and SACCOs are now adopting local RegTech tools to meet these standards faster.

For example, Peleza’s verification platform supports real-time KYC/KYB by connecting directly to trusted government and financial data sources, including ID, KRA PIN, and business registries

This allows compliance teams to:

  • Verify identities instantly.
  • Screen for PEPs and sanctions during onboarding.
  • Maintain audit trails for every check.
  • Generate STR-ready reports.

It’s not about technology for its own sake. It’s about speed, accuracy, and accountability — the same things regulators now measure.

What’s next: effectiveness over paperwork

Kenya’s regulators, FRC, CBK, SASRA, have largely addressed technical compliance. The next FATF evaluation will focus on effectiveness: Are institutions detecting and reporting actual suspicious activity? Are funds really being frozen? Are prosecutions increasing?

That shift means every compliance officer’s work directly affects the national outcome.

If you work in compliance, risk, or operations, your documentation, your monitoring rules, your escalation discipline, all contribute to whether Kenya exits the grey list.

Key Takeaway to Kenya FATF Greylisting

The greylisting wasn’t a failure, it was a signal.
Kenya is rebuilding its financial integrity framework in real time, and financial institutions are at the heart of that change.

Stay proactive, stay evidence-based, and stay compliant.

Every institution can help Kenya move off the grey list — and protect its own stability in the process.

Speak to Peleza about a KYC compliance workflow your team can deploy; fast, secure, and fully aligned regulator expectations.