Reporting Obligations under POCAMLA and PTA in Kenya: Proceeds of Crime and Anti-Money Laundering Act and Prevention of Terrorism Act in Kenya
- Muhoro & Gitonga Associates
- Feb 16, 2024
- 10 min read
Updated: Oct 7
Table of Contents
Overview of POCAMLA and PTA: Purpose and Structure
Reporting Obligations Under POCAMLA
3.1. Suspicious Transaction Reports (STRs)
3.2. Cash Transaction Reports (CTRs)
3.3. Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
3.4. Record Keeping Requirements
3.5. Cross-Border Reporting & Correspondent Banking
Reporting & Compliance under the Prevention of Terrorism Act (PTA / POTA)
4.1. Reporting Suspicious Activities Linked to Terrorism
4.2. Freezing, Seizure & Reporting of Terrorist Assets
4.3. Reporting Terrorist Property
4.4. Compliance with Asset Freezing Orders
4.5. Enhanced Due Diligence under PTA
Recent Legislative & Regulatory Developments (2023–2025)
5.1. AML/CTF Amendment Act 2025: Key Changes to POCAMLA & PTA
5.2. FATF / ESAAMLG Follow-up & EU “High-Risk” Listing
5.3. National Risk Assessments, Beneficial Ownership & Virtual Assets
6.1. High Court Rulings on Civil Forfeiture under POCAMLA
6.2. Use of PTA in Protest-Related and Political Cases
Key Institutions & Oversight Bodies
Penalties, Risks & Reputational Consequences
Best Practices for Compliance & Internal Policies
1. Introduction
Kenya is confronting heightened scrutiny of its anti-money laundering (AML) and counter-terrorism financing (CTF) regimes due to external pressure (e.g. FATF grey listing, EU high-risk listing) and internal enforcement gaps.
Reporting obligations under both the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and the Prevention of Terrorism Act (PTA / POTA) are central tools to detect, disrupt, and investigate illicit financial flows.
This article sets out those obligations in detail, updates you on the 2025 reforms and enforcement trends, and gives practical compliance guidance.
2. Overview of POCAMLA and PTA: Purpose and Structure
POCAMLA was enacted to prevent money laundering and financing of terrorism, establish the Financial Reporting Centre (FRC), regulate reporting institutions, and provide for confiscation and forfeiture of illicit funds.
Under POCAMLA, “reporting institutions” include banks, insurers, capital markets players, money remitters, real estate agents, dealers in precious metals, lawyers, accountants, etc.
2.2 Prevention of Terrorism Act (POTA / PTA, Cap. 59B, as amended)
The PTA provides legal mechanisms to prevent, prosecute and suppress terrorism and terrorist financing.
It has been amended multiple times, most recently via the Anti-Money Laundering and Combating of Terrorism Financing Laws Amendment Act 2025.
It mandates identification, freezing, seizure, reporting, and monitoring of property, funds or assets suspected to be used for terrorism purposes.
2.3 Interplay between POCAMLA & PTA
The AML / CTF regime is now increasingly integrated; the 2025 amendments align POCAMLA and PTA obligations, reduce duplications, and bolster FRC oversight.
Real-world enforcement often involves collaboration between AML authorities, security agencies, and prosecutorial arms.
3. Reporting Obligations Under POCAMLA
3.1 Suspicious Transaction Reports (STRs)
3.1.1 When to Report
Reporting institutions must file an STR with the FRC if they know, suspect, or have reasonable grounds to suspect that a transaction or attempted transaction involves proceeds of crime or is connected to money laundering or terrorist financing.
This reporting obligation is immediate once suspicion arises.
3.1.2 Contents & Process
The STR must include details of the transaction, parties involved, nature of suspicion, identity information (if known), and any supporting information.
The FRC analyses the STR for further dissemination (e.g. to law enforcement) or feedback to the reporting institution.
3.1.3 No Tipping-Off
Institutions must not disclose to the subject of suspicion that a report has been filed (tipping-off) unless authorized by FRC or a court.
3.2 Cash Transaction Reports (CTRs)
3.2.1 Thresholds & Mandate
3.2.2 Rationale
CTRs help detect suspicious large cash flows that may mask illicit funds or layering activities.
3.3 Customer Due Diligence (CDD) & Enhanced Due Diligence (EDD)
3.3.1 Standard CDD
Before commencing a business relationship, institutions must verify the identity of clients, beneficial ownership, address, purpose of transaction, and assess risk.
If a legal entity is involved, the institution must obtain information on beneficial owners, controlling persons, and nature of ownership.
3.3.2 Enhanced Due Diligence (EDD)
Higher risk clients (e.g. politically exposed persons, non-residents, high-value cross-border transactions) require EDD: additional identity verification, source of funds, higher scrutiny, senior management approval, and closer monitoring.
The 2025 AML amendment increases the requirements around EDD, particularly for large cash transactions and PEPs.
3.4 Record Keeping Requirements
Reporting institutions must keep customer identification records, transactional data, correspondence, and internal documents for at least five years after the business relationship or last transaction.
Records must be available for inspection or audit by regulatory or enforcement authorities.
3.5 Cross-Border Reporting & Correspondent Banking
Institutions engaged in cross-border or correspondent banking must assess AML risk, monitor correspondent relationships, and report cross-border transfers in accordance with applicable regulations.
Where a wire transfer involves funds from or to foreign jurisdictions, additional due diligence and reporting may be required (beneficial ownership, origin, destination).
4. Reporting & Compliance under the Prevention of Terrorism Act (PTA / POTA)
4.1 Reporting Suspicious Activities Linked to Terrorism
Under PTA, institutions must report any transaction or behavior suspected to relate to terrorism financing. These suspicions may arise from irregular payments, repeated small transfers, or linkages to known terrorist networks.
Such reports often flow to FRC (or designated authority) for onward action under PTA.
4.2 Freezing, Seizure & Reporting of Terrorist Assets
PTA empowers competent authorities (e.g. Director of Public Prosecutions, security agencies) to issue freezing orders on assets believed to belong to terrorists or organizations.
Reporting institutions must comply immediately with freezing orders and report compliance or breaches.
4.3 Reporting Terrorist Property
If an institution comes into possession or control of property (funds, assets) that it suspects is owned or controlled by a terrorist or organization, it must report this to competent authority or FRC.
4.4 Compliance with Asset Freezing Orders
Institutions must put holds on suspected funds, block further transactions, notify internal compliance units, and report action and outcome to authorities.
4.5 Enhanced Due Diligence (EDD) under PTA
5. Recent Legislative & Regulatory Developments (2023–2025)
5.1 AML / CTF Amendment Act 2025: Key Changes
On 14 June 2025, President Ruto assented to the Anti-Money Laundering and Combating of Terrorism Financing and Proliferation Financing (Amendment) Act 2025.
It amends POCAMLA, PTA (POTA), and relevant sectoral laws to enhance oversight, strengthen penalties, and align with global standards.
Key enhancements include:
• Stronger FRC oversight and authority over reporting institutions
• Tighter rules on beneficial ownership disclosure and corporate transparency
• More frequent reporting obligations and stricter duties on high-risk transactions
• Enhanced penalties and expanded criminal liability for non-compliance
• Extension of AML/CTF obligations to virtual assets and service providers
5.2 FATF / ESAAMLG Follow-Up & EU “High-Risk” Listing
In August 2024, the ESAAMLG follow-up report assessed Kenya’s progress but noted gaps in enforcement effectiveness.
Kenya remains on enhanced monitoring by FATF, with a push to exit the “grey list.”
On 10 June 2025, the European Commission formally placed Kenya on its list of “high-risk third countries” for AML / CTF deficiencies.
These designations create reputational and transaction-cost pressures on financial institutions and signal urgency for enforcement.
5.3 National Risk Assessments, Beneficial Ownership & Virtual Assets
Kenya’s National AML / CTF Strategy 2021–2026 has been updated; the 2023/2024 National Risk Assessment (NRA) now includes virtual assets, non-profit organisations (NPOs), and legal persons / legal arrangements as risk sectors.
Beneficial ownership reporting regimes are being strengthened under the 2025 amendments.
Regulatory attention is now extending to Virtual Asset Service Providers (VASPs) to capture crypto / token-based flows.
6. Case Law & Enforcement Trends
6.1 High Court Rulings on Civil Forfeiture under POCAMLA
Recent High Court decisions have underscored that civil forfeiture under POCAMLA must align with due process, strict proof, and full opportunity for affected parties.
Some rulings have criticized weak internal compliance or poor KYC as opening doors for challenge.
6.2 Use of PTA in Protest-Related and Political Cases
The PTA is increasingly cited in politically sensitive prosecutions. In 2025, activist Boniface Mwangi was charged with possession of ammunition, with authorities referencing terrorism/arson in the raid; raising concern of misuse of PTA powers
Reports indicate that U.S.-funded anti-terrorism courts are now being used to prosecute youth protesters under PTA provisions, leading to criticism from civil society of misuse.
7. Key Institutions & Oversight Bodies
Financial Reporting Centre (FRC) – central authority receiving STRs, analyses intelligence, issues guidelines, disseminates to enforcement.
Central Bank of Kenya (CBK) – supervises banks, payment providers, issues AML guidance, enforces compliance among regulated institutions.
Directorate of Criminal Investigations (DCI) – investigates money laundering and terrorism financing crimes.
Office of the Director of Public Prosecutions (ODPP) – prosecutes AML / terrorism financing offenses.
Asset Recovery Agency (ARA) – forfeiture and asset recovery under POCAMLA.
The Public Benefit Organizations Regulatory Authority – monitors Public Benefit Organizations for abuse in terrorism financing channels.
Data Protection Commissioner / ODPC – ensures personal data rights and resolves conflicts with AML demands.
8. Penalties, Risks & Reputational Consequences
8.1 Criminal Sanctions
Individuals may face fines or imprisonment for non-compliance, obstruction, tipping-off, or failure to report.
The 2025 amendments expand criminal liability and stiffen penalties.
8.2 Civil & Administrative Penalties
Regulatory fines, suspension, revocation of licenses, or disciplinary actions by oversight bodies are possible.
8.3 Forfeiture & Asset Seizure
8.4 Reputational, Commercial & Transaction Costs
Institutions with AML/CTF deficiencies risk loss of correspondent relationships, de-risking by foreign banks, increased compliance costs, and reputational damage.
Being domiciled in a “high-risk” jurisdiction (e.g. EU designation) raises due diligence burdens for counterparties.
9. Best Practices for Compliance & Internal Policies
9.1 Risk-Based Approach
Adopt a risk-based AML / CTF program: profile clients, sectors, products, geographies to allocate resources appropriately.
Use risk rating models to trigger EDD where needed.
9.2 Robust Internal Controls & Governance
Appoint a dedicated compliance officer or team with clear oversight.
Establish policies, procedures, escalation protocols, periodic independent audit.
Incorporate checks for conflicts (e.g. privilege vs. reporting).
9.3 Staff Training & Awareness
Regular training for front-line, middle, and senior staff to spot red flags, follow reporting protocols, understand new legal changes (e.g. 2025 amendment).
9.4 Technology & Monitoring Tools
Use transaction monitoring systems, exception reporting, pattern detection, real-time alerts.
Leverage analytics to detect unusual behavior or unusual counterparties.
9.5 Due Diligence & KYC Review
Verify identity, beneficial ownership, source of funds. Continuously review relationships, especially PEPs, cross-border accounts.
Refresh KYC periodically or upon changes.
9.6 Document & Audit Trail
Maintain clear logs of decisions (why EDD, why no STR), internal approvals, escalation paths.
Preserve evidence in case of audit or litigation.
9.7 Coordination with Authorities & Peer Networking
9.8 Legal Review & Privilege Safeguards
Review reporting obligations against client confidentiality / legal privilege. Where possible, structure internal walls, seek legal guidance.
Build a framework to manage conflicts between data protection and AML demands.
9.9 Periodic Review & Updates
Update policies after legislative or case-law changes (like the 2025 amendment).
Run mock audits, stress tests, scenario reviews.
10. Conclusion
Reporting Obligations under POCAMLA and PTA in Kenya. Reporting obligations under POCAMLA and the Prevention of Terrorism Act are keystones of Kenya’s AML / CTF architecture. The recent 2025 reforms, external pressure from FATF/EU, and increased enforcement underscore that mere formal compliance is no longer sufficient; institutions must maintain agile, risk-based, well-documented, and technology-assisted compliance programs.
For law firms, financial institutions, real estate, legal and accounting professionals, staying ahead requires continuous legal monitoring, internal training, and robust systems. Correct reporting, freezing, and due diligence not only mitigate regulatory risk but also strengthen the integrity and credibility of Kenya’s financial system.
If you would like assistance tailoring these reporting obligations or reviewing your internal policies under POCAMLA / PTA, we are available to help.
11. Frequently Asked Questions (FAQ)
Q1. What is the difference between POCAMLA and the Prevention of Terrorism Act in reporting obligations?
A1. POCAMLA primarily focuses on money laundering and the tracing of illicit proceeds, requiring STRs, CTRs, CDD, record-keeping, and forfeiture. The PTA targets the funding of terrorism, adding obligations for identifying, freezing, seizing, and reporting property tied to terrorist individuals or organizations. The 2025 reforms bring greater harmonization between the two.
Q2. What is the deadline to file a Suspicious Transaction Report (STR)?
A2. There is no fixed statutory number of days; rather, the reporting institution must file as soon as the suspicion arises, without undue delay.
Q3. What threshold triggers a Cash Transaction Report (CTR)?
A3. The specific threshold is prescribed in regulations or FRC guidelines (which may be revised). Institutions must monitor regulatory updates for the current threshold.
Q4. Can a client refuse to provide documents, and what should be done then?
A4. If a client refuses to cooperate with valid KYC/EDD requests, the institution may decline or terminate the business relationship, and may file an STR depending on suspicion.
Q5. How long must AML/CTF records be retained?
A5. At least five years after the business relationship ends or last transaction, unless otherwise directed by statute or regulation.
Q6. What happens if I “tip off” a client about an STR?
A6. Tipping-off (disclosing that a report has been made) is prohibited, and is itself an offense unless authorized. It can lead to penalties or criminal liability.
Q7. Does the 2025 amendment impose new obligations I need to worry about?
A7. Yes: increased reporting frequency, stricter beneficial ownership requirement, broader powers for FRC oversight, stronger penalties, and expansion to virtual assets and crypto-related entities.
Q8. How does Kenya’s EU “high-risk” listing affect my institution?
A8. It means counterparties, especially in EU jurisdictions, may impose stricter due diligence, limit correspondent banking, or refuse business, increasing compliance and commercial risk.
Q9. What is the interplay between AML obligations and data protection laws in Kenya?
A9. There can be tension. For example, demanding excessive financial statements (without risk trigger) may violate data minimization and privacy rights. AML policies must be balanced with data protection principles.
Q10. Can I challenge an asset freezing order under PTA or POCAMLA?
A10. Yes, affected persons can seek judicial review or constitutional relief; courts will scrutinize due process, procedural fairness, evidence, and proportionality in forfeiture or freezing orders.
To explore this further, see the Proceeds of Crime and Anti-Money Laundering Act and the Prevention of Terrorism Act.
