Skip to main content

Guidance Notes

To register, please follow the steps here >> [Click here to view registration steps]

Have in place an Anti-Money Laundering (AML) Program

What is an AML Program?

This is a set of regulations and procedures that accountable persons (persons and reporting entities) follow to prevent and detect money laundering or terrorist financing activities.

What are the elements of a compliance program?

A compliance program has the following elements;

  • A system of internal policies, procedures and controls of money laundering and terrorism financing
  •  A designated compliance function with a compliance officer
  • Ongoing employee training program
  • An independent audit function to test overall effectiveness.

What is an AML Policy?

The law requires that all accountable persons should have anti AML policy in place. The policy comprises of procedures, controls to detect and prevent money laundering risks. It elaborates the steps taken to meet the regulatory requirements for compliance (procedures

Examples of these procedures/ controls that should be designed to detect, prevent money laundering include how the institution will

  • Identify high risk operations (products, services, delivery channel, customers and geographical locations). High risk products are determined by indicators such as the level of cash involved (the more the business is cash intensive the higher the risk) Secondly the clients who purchase such products whether they are from high risk countries can be determined by referring to the FATF (Financial Action Task Force) list. Thirdly the taking note of the geographical location of customers means referring to the FATF list of high-risk countries and the sanction list and take precautions during transactions or engagements with customers. 
  • Inform the senior management and the Board of known compliance deficiencies, suspicious transactions reports filled and corrective action taken.
  • Assign clear accountability to people for performance of duties under the AML/CFT program
  • Provide for continuity of program despite the change in management or employee composition (stating who will take on the responsibilities incase an employee is away)
  • Provide for segregation of duties.
  • Provide for periodic reviews as well as timely updates of the policy
  • Comply with all record keeping requirements in the law (keep records for a period of 10 years and ensure that the records are up to date. This requires a regular review of the KYC documents, transaction records and correspondences to ensure that they are accurate and up to date.
  • Implement risk based CDD policies and procedures(the enhanced measures should be adopted in case of high risks and simplified due diligence measures for low risks).Enhanced due diligence measures like obtaining the purpose and source of funds, ongoing monitoring, obtaining further information that may assist in establishing the identity of the person or entity, applying extra measures to verify any documents supplied and obtaining senior management approval for the new business relationship or transaction sought by the person or customer;
  • Comply with training requirements (to ensure that the employees understand the procedures to be followed and their relevance to mitigating the risks in their departments.
  • Suspicious transaction reporting, describing how to report and escalate suspicious transactions both internally and to FIA.
  • Provide for Screening programs to ensure high standards when hiring employees, and disciplinary action for employees who consistently fail to performing accordance with the AML/CFT framework.
  • Conduct AML Audits to assess the effectiveness of the AML/CFT program.
  •  Continuously review transaction monitoring rules and have in place an efficient and effective automated transaction monitoring system. There should be real time reporting of transactions.

How often should an AML policy be reviewed?

An AML Policy should be reviewed regularly

How should an AML policy look like?

It should have the controls to mitigate the identified risks and take into account the applicable laws and Regulations and the changes there in.

Who approves the AML policy and how often should it be updated?

It should and approved by the executive management and the Board.

Should an AML Policy be shared with the FIU?

In compliance with the law, all accountable persons should submit their AML policies to FIA whose function is to provide feedback and guidance on compliance

This is the role of the compliance officer who is also appointed as a money laundering control officer.

Who is in charge of drafting an AML Policy?

This is the role of the compliance officer who is also appointed as a money laundering control officer.

3. Customer Due Diligence (CDD) and Know Your Customer (KYC)

Undertake CDD and KYC measures simply means identifying and verifying your customer. A risk-based approach should be adopted, where for high risks enhanced due diligence measures are required. This calls for intense scrutiny of customers for example obtaining additional information on identity of customers and extra measures to identify and verify customers, obtain the purpose and source of funds and continuously monitor transactions. On the other hand, low risks demand the of simplified measures of due diligence that is reasonable measures.

4. Asses risks, conduct regular risk assessments (assess customers, products and geographical location of business) to identify high risks and adopt appropriate measures to mitigate the risks such as enhanced due diligence or on going monitoring of transactions for high risks.

5. Put in place adequate controls to mitigate the identified risks.

6. Adhere to the record keeping requirements (keep records for a period of 10 years (ensure that they are up to date and well kept)

7. Reporting requirements (Timely submission of the AML Policy, Risk assessment reports, AML compliance report, product risk assessment reports, Suspicious transaction reports and AML Audit reports)

8. Conduct regular AML trainings to ensure that the staff and the senior management are knowledgeable on matters of money laundering and terrorism financing as well as the developments in the law.

9. Conduct AML audits to assess the efficiency of the compliance program in place.


Guidance notes for dealers in precious metals and stones
Guidance notes for NGOs
Guidance notes for Real Estates/Agents sector
Guidance Notes for Legal Professionals
Updated Guidelines for High Risk Countries