AML Regulations

VukaPay AML Compliance Policy

Last Updated: May 2026

Introduction and Purpose

VukaPay is committed to maintaining the highest standards of Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT), and Countering Proliferation Financing (CPF) compliance across all its financial services.

This policy establishes VukaPay’s framework for preventing the misuse of its platform for illicit financial activities and ensures compliance with:

  • Financial Action Task Force (FATF) Recommendations

  • Applicable African regulatory frameworks (including Central Bank of Kenya and other jurisdictions of operation)

  • International sanctions regimes (United Nations, OFAC, European Union)

VukaPay adopts a risk-based approach, ensuring controls are proportionate to identified risks, consistent with global best practices.

Governance and Oversight Structure

Board and Senior Management Oversight

The Board of Directors holds ultimate responsibility for VukaPay’s AML/CFT/CPF program. Senior management ensures:

  • Adequate resourcing of compliance functions

  • Implementation of this policy across all operations

  • Regular reporting of compliance risks and performance

Compliance Function and MLRO

VukaPay maintains an independent Compliance function led by a Money Laundering Reporting Officer (MLRO) responsible for:

  • Oversight of AML/CFT program

  • Regulatory reporting and FIU engagement

  • Monitoring high-risk cases

  • Ensuring adherence to regulatory obligations

Internal Controls and Committees

A cross-functional Risk & Compliance Committee oversees:

  • Risk assessments

  • Suspicious activity trends

  • Policy enforcement

Independent audits are conducted periodically to ensure effectiveness of controls.

Risk-Based Approach to AML/CFT/CPF

VukaPay applies a Risk-Based Approach (RBA) to allocate controls efficiently based on exposure to financial crime risk.

Key risk factors include:

  • Customer profile (individual, SME, enterprise, financial institution)

  • Geographic exposure (high-risk jurisdictions)

  • Product type (cross-border, digital assets, high-value transactions)

  • Delivery channels (API, mobile, partner integrations)

Risk assessments are conducted:

  • At onboarding

  • Periodically during customer lifecycle

  • When introducing new products or markets

This ensures enhanced controls for higher-risk scenarios and simplified measures for low-risk customers.

Customer Due Diligence (CDD) and KYC

Customer Identification and Verification

VukaPay conducts KYC/KYB before onboarding:

  • Government-issued identification (individuals)

  • Business registration documents (entities)

  • Identification of Ultimate Beneficial Owners (≥25%)

  • Verification through reliable independent sources

Anonymous or fictitious accounts are strictly prohibited.

Risk Profiling and Customer Acceptance

Customers are risk-rated at onboarding based on:

  • Geography

  • Transaction profile

  • Industry

  • Ownership structure

High-risk customers are subject to additional scrutiny or may be declined.

Enhanced Due Diligence (EDD)

EDD is applied to:

  • Politically Exposed Persons (PEPs)

  • High-risk jurisdictions

  • High-volume or complex transaction patterns

Measures include:

  • Source of funds and wealth verification

  • Additional documentation

  • Increased monitoring frequency

Ongoing Monitoring

Customer profiles are continuously reviewed and updated to reflect behavior and risk changes.

Transaction Monitoring and Suspicious Activity Detection

VukaPay employs automated and manual systems to detect suspicious activities across all services.

Monitoring includes:

  • Unusual transaction volumes or frequency

  • Structuring or smurfing patterns

  • Rapid fund movement across accounts

  • Transactions involving high-risk jurisdictions

Advanced analytics and rule-based systems are used to detect anomalies in real time.

All alerts are reviewed through a structured case management process.

Record-Keeping and Audit Trail

VukaPay maintains comprehensive records to support compliance and investigations:

  • Customer identification records

  • Transaction data

  • Monitoring and investigation logs

  • Regulatory reports

Records are retained for a minimum of 5–7 years or as required by applicable law.

All records are:

  • Securely stored

  • Accessible for regulatory review

  • Protected under data privacy laws

Internal Reporting and Suspicious Activity Reporting (SAR)

Internal Reporting

Employees must report suspicious activity to the Compliance team immediately.

External Reporting

Where suspicion is confirmed:

  • Reports are filed with relevant Financial Intelligence Units (FIUs)

  • Reporting timelines comply with local regulations

  • Confidentiality is strictly maintained

“Tipping off” customers is strictly prohibited.

Sanctions Screening and PEP Handling

VukaPay screens all customers and transactions against:

  • United Nations sanctions lists

  • OFAC sanctions lists

  • European Union sanctions lists

  • Local regulatory watchlists

Ongoing Screening

Customers are continuously re-screened as lists are updated.

PEP Management

PEPs are subject to:

  • Enhanced Due Diligence

  • Senior management approval

  • Increased transaction monitoring

Policies for Specific Services and Products

Cross-Border Payments and Remittances

  • Enhanced KYC for senders and beneficiaries

  • Transaction limits based on risk profile

  • Compliance with international transfer regulations

Merchant Payments

  • Full KYB checks for merchants

  • Monitoring of merchant transaction behavior

  • Restrictions on high-risk industries

Wallet Funding and Withdrawals

  • Same-name funding requirements

  • Limits based on KYC level

  • Monitoring for unusual inflows/outflows

Digital Asset / Stablecoin Transactions (If Applicable)

  • Blockchain transaction monitoring

  • Travel Rule compliance

  • Enhanced due diligence for digital asset flows

Employee Training and Awareness

VukaPay maintains a structured AML training program:

  • Mandatory onboarding training for all employees

  • Role-specific training for high-risk functions

  • Annual refresher training

  • Continuous updates on emerging risks

Training records are maintained for audit purposes.

Cooperation with Regulatory Authorities

VukaPay cooperates fully with:

  • Regulators

  • Financial Intelligence Units

  • Law enforcement agencies

This includes:

  • Timely reporting

  • Responding to regulatory inquiries

  • Providing required documentation

Responsibilities Across the Organization

  • Board & Management: Oversight and strategic direction

  • Compliance Team: Program execution and monitoring

  • Product & Engineering: Embed compliance into systems

  • Operations & Support: Frontline monitoring and reporting

Compliance is a shared responsibility across all teams.

Periodic Review and Policy Updates

This policy is reviewed:

  • At least annually

  • Upon regulatory changes

  • After internal audits or incidents

Updates ensure alignment with evolving regulatory requirements and industry standards.

Zero-Tolerance Statement

VukaPay maintains a strict zero-tolerance policy toward:

  • Money laundering

  • Terrorist financing

  • Financial crime

Violations may result in:

  • Account suspension or termination

  • Reporting to authorities

  • Legal action

Contact Information

For AML/CFT inquiries:

Email: support@vukapay.com
Address: Nairobi, Kenya


Privacy Policy ›

Kenya

Vukapay Limited

3rd Floor, The Oval, Westlands

P.O. Box 63084 - 00200, Nairobi

Uganda

Vukapay Limited Uganda

2nd Floor, Kirabo Complex, Plot 2101, Bukoto-Kisasi Rd,

P.O Box 187100, Kampala

Canada

Wirpaid Limited

MSB No. C100000762

1025 King Street East, Cambridge Ontario, N3H3P5 Canada

Wirpaid Limited is also a recognized member of the

Canadian Money Services Business Association (CMSBA).

Company

About Us

Mobile Money

Card Payments

Remittance

Resources

Blog

Shop Demo

API Docs

FAQs

Admin Login

Legal

Privacy Policy

Terms & Conditions

AML Regulations

Contact Us

Support

LinkedIn

Facebook

© 2026 – Vukapay Ltd.

Privacy Policy

Terms & Conditions

We are VukaPay, a payment service provider enabling businesses across Africa to process payments seamlessly. We offer checkout, payment links, and secure transaction solutions to simplify payments and reduce risk for both businesses and customers. Serving 17 countries, we empower growth through reliable and efficient payment services.

Kenya

Vukapay Limited

3rd Floor, The Oval, Westlands

P.O. Box 63084 - 00200, Nairobi

Uganda

Vukapay Limited Uganda

2nd Floor, Kirabo Complex,

Plot 2101, Bukoto-Kisasi Rd,

P.O Box 187100, Kampala

Canada

Wirpaid Limited

MSB No. C100000762

1025 King Street East, Cambridge Ontario,

N3H3P5 Canada

Wirpaid Limited is also a recognized member of the

Canadian Money Services Business Association (CMSBA).

Company

About Us

Mobile Money

Card Payments

Remittance

Resources

Blog

Shop Demo

API Docs

FAQs

Admin Login

Legal

Privacy Policy

Terms & Conditions

AML Regulations

Contact Us

Support

LinkedIn

Facebook

© 2026 – Vukapay Ltd.

Privacy Policy

Terms & Conditions

We are VukaPay, a payment service provider enabling businesses across Africa to process payments seamlessly. We offer checkout, payment links, and secure transaction solutions to simplify payments and reduce risk for both businesses and customers. Serving 17 countries, we empower growth through reliable and efficient payment services.