The Complete Guide to AML Compliance in Kenya's Mobile Money Ecosystem

The Regulatory Framework

Proceeds of Crime and Anti-Money Laundering Act (POCAMLA)

Kenya's primary AML legislation is the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA, 2009, as amended). POCAMLA establishes the legal framework for preventing and detecting money laundering, defines reporting obligations, and creates the Financial Reporting Centre (FRC) as Kenya's financial intelligence unit.

POCAMLA applies to "reporting institutions," a broad category that includes banks, insurance companies, securities dealers, and — critically — money service providers, including mobile money operators. Any entity that provides money transfer, payment, or currency exchange services falls within scope.

Central Bank of Kenya (CBK) Supervision

The CBK supervises financial institutions and payment service providers, including mobile money operators, for compliance with AML/CFT obligations. The CBK has issued guidance specific to mobile money that adapts traditional AML requirements to the realities of mobile-based financial services — including tiered KYC that allows simplified verification for lower-risk, lower-value accounts.

The CBK's supervisory approach is risk-based. Operators that process higher volumes, serve higher-risk customer segments, or facilitate cross-border transactions face more intensive scrutiny and more detailed reporting obligations.

Virtual Asset Service Provider Bill (2025)

Kenya's Virtual Asset Service Provider Bill, passed in 2025, created a legal framework for digital asset services. For mobile money operators that interface with crypto services — whether through direct integration or through customers moving funds between mobile money and crypto platforms — the bill introduces additional compliance obligations including enhanced due diligence for crypto-related transactions.

Tiered KYC for Mobile Money

Kenya's tiered KYC system is the foundational framework that enables financial inclusion while maintaining AML compliance. The system calibrates verification requirements to the risk level of the account.

Tier 1 — Basic Account

Tier 1 requires the minimum identity information needed to open a mobile money account: full name, national ID number or passport number, date of birth, and a registered phone number (through SIM registration). No physical document presentation is required for the lowest-value accounts.

Transaction limits are tightly restricted: daily transaction limits typically cap at KES 150,000 (approximately $1,150) and monthly limits at KES 300,000. These limits are designed to prevent large-value money laundering while allowing everyday payments, bill payment, and person-to-person transfers.

Tier 2 — Standard Account

Tier 2 requires presentation and verification of a government-issued identity document. For Kenyan citizens, this means the national ID card (Huduma Namba) or passport. For non-citizens, a valid passport with a Kenya visa or residence permit.

Transaction limits increase substantially at Tier 2, and additional services become available: larger transfers, merchant payments, and in some cases, savings and micro-loan products.

Tier 3 — Enhanced Account

Tier 3 requires full enhanced due diligence including all Tier 2 documentation plus proof of address, source of income documentation, and in some cases, employer verification. Tier 3 accounts have the highest transaction limits and access to the full range of mobile money services including cross-border transfers.

The tiered system means that AML monitoring must be calibrated to the tier. Tier 1 accounts, with their low value limits, represent lower individual risk but higher aggregate risk — because their sheer volume makes pattern detection challenging. Tier 3 accounts represent higher individual risk per transaction but lower aggregate volume.

The Micro-Transaction Monitoring Challenge

The fundamental AML challenge in Kenya's mobile money ecosystem is volume. Sixty-one million daily transactions is not a number that human compliance teams can review, even at a summary level. The monitoring must be automated, intelligent, and calibrated to the specific patterns of mobile money usage.

What "Suspicious" Looks Like in Mobile Money

Suspicious activity in mobile money differs from suspicious activity in banking. In banking, a large unexpected transfer is a red flag. In mobile money, the baseline transaction size is small — most transactions are under $10. The suspicious patterns are different: rapid successive transfers to multiple recipients just below reporting thresholds (structuring), systematic movement of funds from multiple accounts to a single account (aggregation), sudden increases in transaction frequency or value for an established account (velocity anomalies), and geographic patterns inconsistent with the account holder's profile.

Money laundering through mobile money often involves "smurfing" — distributing illegal funds across hundreds or thousands of small transactions that individually fall below any reporting threshold. Detecting this requires analyzing patterns across the entire network, not just evaluating individual transactions.

AI-Powered Monitoring

The volume problem is a machine learning problem. Human analysts cannot review 61 million transactions daily. Rule-based systems generate overwhelming false positive volumes when applied to micro-transaction data. The solution is AI-powered monitoring that learns the baseline patterns for each user and each transaction type, then flags deviations that exceed risk thresholds.

Effective monitoring for mobile money requires account-level behavioral baselines (what is normal for this user?), network analysis (are funds flowing through this account from unusual sources or to unusual destinations?), temporal pattern detection (is this activity consistent with the user's historical patterns?), and cross-platform correlation (is this user's mobile money activity consistent with their activity on other financial platforms?).

The monitoring must produce prioritized alerts — not a firehose of low-confidence flags that buries genuine risk signals under noise. The compliance team should see the highest-risk anomalies first, with supporting context that explains why each alert was generated.

Agent Network Compliance

Kenya's mobile money ecosystem operates through extensive agent networks — physical locations (shops, kiosks, market stalls) where users deposit cash, withdraw cash, and conduct transactions. These agents are the physical interface between the cash economy and the digital money system.

Agent networks introduce specific AML risks. Agents handle cash, which is inherently harder to trace than digital transactions. Agents may be targeted by money launderers who use them to convert illicit cash into mobile money (placement). And agents themselves may be complicit in money laundering schemes, either knowingly or through negligence.

Mobile money operators are responsible for the AML compliance of their agent networks. This includes agent due diligence at onboarding, ongoing monitoring of agent transaction patterns, training agents on AML obligations and red flag indicators, and maintaining records of all agent-facilitated transactions.

The monitoring challenge is that agent-facilitated transactions must be evaluated both at the customer level (is this customer's activity suspicious?) and at the agent level (is this agent facilitating an unusual volume or pattern of transactions?).

Cross-Border Mobile Money and AML

Kenya's mobile money ecosystem does not stop at national borders. M-Pesa operates across multiple East African countries, and cross-border mobile money transfers are a growing segment of the market. These cross-border flows introduce additional AML complexity because they involve multiple jurisdictions with different regulatory frameworks, different currency controls, and different enforcement capacities.

The East African Community's efforts toward harmonized financial regulation provide a framework for cross-border AML cooperation, but implementation varies by country. Kenya's FRC participates in Egmont Group information sharing, enabling cross-border intelligence exchange for AML investigations.

For operators facilitating cross-border mobile money transfers, the compliance obligations include verifying the identity of both the originator and the beneficiary, applying the more stringent AML requirements of either jurisdiction, and monitoring cross-border transaction patterns for structuring, geographic anomalies, and corridor-specific risk indicators.