Insurance regulator orders frequent audits on high-risk clients
Business
By
Graham Kajilwa
| Sep 06, 2025
Insurance companies will be required to frequently audit their high-risk customers in line with new guidelines issued by the regulator.
The move aims at strengthening their internal anti-money laundering (AML) measures.
Also to be audited are products, distribution channels and customer identification programmes. A guidance note provided by the Insurance Regulatory Authority (IRA) says insurers should conduct frequent audits of higher-risk areas of their operations prone to money laundering.
The guidance note on independent review of the anti-money laundering (AML) compliance also stipulates who can carry out these audits.
READ MORE
Top names set for fierce battle as autocross action heads to Stoni Athi
Sh400m fraud case: Tycoon's nephew ordered to appear in court 'on crutches or ICU bed'
Why State should not pay families of kin killed by police less than Sh150m each
Harambee Stars striker Ogam to move to Austrian Bundesliga Side Wolfsberger AC
Ruto rallies nation to back Kenya's dream of becoming a sports powerhouse
Nairobi Comesa summit to boost intra-African trade, open up markets
CBE: Lessons from America's Seattle elementary school
IRA says the audit can be either outsourced or done internally. When outsourced, the insurer will still be responsible.
The independent review is meant to audit the underwriter’s regulatory compliance with the relevant laws, measures put in place to detect, deter and report suspicious financial activities, gaps and potential risks, and areas of improvement. IRA states that the note is for guidance purposes only and does not supersede or replace any legal requirement.
It adds that the review is not a financial audit but rather a verification of the adequacy, appropriateness, effectiveness and compliance of the institution’s AML programme.
“The objective of the independent review is to form an opinion of the overall integrity and effectiveness of the AML programme, including policies, procedures, and processes,” says IRA in the guidance note published in September 2025.
The note states that in line with the best practices and recommendations from the Financial Action Task Force (FATF), an intergovernmental global body that develops policies on anti-money laundering, the review should be risk-based.
This should consider the nature, scale, risk profile and complexity of the institution. “Higher risk areas need to be reviewed in every audit, while lower risk areas can be reviewed on some form of rotational basis,” the guidance note reads. “In this context, risk includes both inherent money laundering, terrorism financing, proliferation financing risk, such as high-risk customers, products, distribution channels or geographical locations and compliance risk, such as adequacy and implementation of the customer identification programme.”
If the review is conducted internally, IRA says the staff should be independent from AML counter terrorist financing (CTF) or countering proliferation financing (CPF).
“The institution should ensure that AML, CTF and CPF review is incorporated in the job description of the staff who will conduct the review,” says IRA.