The latest findings by Kenyan Police in their investigations into the 15 January 2019 terrorist attack in Nairobi, Kenya highlights the increased need for the implementation of proper anti-money laundering (AML) procedures by financial institutions.

As the focus of the investigation shifts towards determining how the attack was funded, media reports in local dailies indicate that a bank and its employee are already in court for having facilitated terrorist financing through negligence or disregard of the AML reporting requirements.

Terrorist financing is the process by which terrorists fund their operations by exploiting weaknesses in the financial system.

Financial institutions, through the various regulatory requirements around AML, are expected to have in place processes and procedures for deterring, detecting and reporting terrorist financing. This is the most effective way to combat terrorist financing and stop the flow of funds that would result in supporting a terrorist attack.

Financial institutions may, therefore, have to review the adequacy of their financial crime procedures specifically AML procedures and combating the financing of terrorism (CFT).

AML/CFT procedures focus on deterrence (using the Know Your Customer (KYC) process) and detection (transaction monitoring).

Figure 1: Illustration of the place of AML/CFT in the financial institution/customer relationship


Focus here should be on enhancing background checks on potentially high-risk customers. The risk-based profiling system should capture red flags on known terrorists; check publicly available information to identify other pertinent information, e.g. social media postings that glorify extremism; and verify high value transactions.

In many cases, a lot of customer information is collected solely to meet documentary requirements without having a follow up stage of verifying the records, e.g. sale agreements.

Transaction Monitoring

Transaction monitoring can be improved by using systems based on machine learning rather than setting direct rules to evaluate the thousands of transactions considered.

Red flags noted from KYC procedures could be validated by transactions that are not in sync with expected cash-flows for the specific customer, e.g. unusual spikes in deposits or withdrawals.

In terms of overall governance and compliance, the AML/CFT system should be aimed at preventing and detecting criminal activity rather than merely preventing regulatory punishment for non-compliance.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.