Digital lenders are emerging as the most exposed to financial crime in Kenya, with a new Central Bank of Kenya (CBK) report revealing that many are ill-equipped to detect or prevent money laundering and terrorism financing activities.

The CBK's Preventive Measures Survey, conducted in December 2024, shows that Digital Credit Providers (DCPs) have glaring weaknesses in staff training, poor understanding of global financial sanctions, and fail to conduct necessary checks to flag suspicious customers and transactions.

The regulator carried out the survey to assess how financial institutions are implementing safeguards against money laundering, terrorism financing and the funding of weapons proliferation.

The report points out that DCPs are falling behind other financial institutions in applying Targeted Financial Sanctions (TFS), a global framework meant to block criminals and sanctioned entities from accessing the financial system.

“DCPs display mixed results. Around 78 percent of staff are at least somewhat familiar with TFS regulations, yet 22 percent have no familiarity at all, underscoring a pressing need for improved training and awareness,” the CBK survey stated.

Targeted Financial Sanctions (TFS) require financial institutions to carry out key measures such as customer due diligence (CDD), enhanced due diligence (EDD), flagging of suspicious transactions, regular staff training, and frequent screening of customer names against updated global sanctions lists.

But the survey found that many DCPs either conduct these checks irregularly or lack the systems to support them.

The findings reveal that although 71 percent of DCPs screen their customers against sanctioned individuals or organisations, only 47.5 percent regularly update the sanction lists they rely on, and 8.5 percent of the institutions have no sanctions screening systems at all. The report warns that this exposes them to “presenting significant compliance risks.”

Only 35 percent of the digital lenders are carrying out enhanced due diligence, a critical process for identifying risky customers and transactions.

The survey also found that “screening is often irregular, with over half doing so only ‘as needed’.”

It adds that many DCPs do not use technology to help with these tasks, and nearly half 48 percent did not recommend any tools to improve their compliance systems, raising concerns over their ability to meet the standards set by CBK.

In contrast, the report notes that commercial banks have made strides in strengthening their systems. Most use automated screening tools, regularly update global sanctions lists, and follow standardised compliance procedures.

Microfinance banks also showed better performance, with all institutions carrying out sanctions screening and three-quarters using automated tools.

The CBK says that strengthening the compliance capacities of all players in the financial sector, especially digital lenders, is critical in the country’s efforts to stop dirty money and protect Kenya’s financial systems from abuse by criminal networks.