On 14 August 2025, the Insurance Regulatory Authority (IRA) issued Circular No. IC & RE 13/2025, directing life insurers and insurance intermediaries to carry out an independent review or audit of their AML/CFT programme and to submit the report with board comments by 31 January every year. This is not just another paper exercise — it’s a statutory requirement under the Insurance Act (Section 196B(2g)) designed to make AML controls real, tested and board-owned.

What the IRA Circular Requires

The IRA now requires all reporting institutions in the life insurance sector to conduct an independent review or audit of their measures against money laundering and terrorist financing. This process, known as the AML Compliance Programme review, aims to evaluate both the adequacy and effectiveness of controls put in place to counter financial crime and ensure strict compliance with the law.

Key Essentials for Compliance.

An independent review or audit:

You must engage a reviewer who can objectively assess your AML framework. That may be an external auditor/consultant or an internal audit function that demonstrates genuine independence (reporting lines, scope and resourcing must prevent conflict of interest).

Why: Independence prevents biased self-assessment and gives the regulator confidence in the results.

Assess both adequacy and effectiveness:

Adequacy — do you have the right policies, procedures, systems and controls (KYC/CDD, EDD, transaction monitoring, sanctions screening, STR reporting, training)?

Effectiveness — do those controls work in practice? This requires evidence-based testing: file samples, transaction sampling, monitoring-rule validation.

Why: Policies on paper are not enough; regulators need proof the controls detect and deter ML/TF risks.

Comprehensive scope:

Reviews should cover governance & board oversight, risk assessment, customer onboarding, intermediated distribution and outsourcing, transaction monitoring, sanctions screening, STR workflows, record-keeping, and training.

Why: Insurance distribution structures and outsourcing are common AML vulnerabilities; the review must examine where real risk sits.

Evidence-based findings & testing:

Findings must be backed by documentation: KYC files, alert logs, STRs, screenshots, sample test results.

Why: Evidence allows prioritised remediation and shows supervisors you aren’t guessing.

Board involvement and sign-off:

The final report must include board comments. Boards must therefore be briefed and take responsibility for remediation.

Why: Embedding accountability at board level reduces the chance of unresolved systemic gaps.

Annual timing requirement:

Submit the review plus board comments by 31 January each year. Schedule your work to meet this deadline.

Why: An annual cadence keeps controls current and responsive to evolving ML/TF risks.

Reviewer competence & independence standards:

Reviewers should have demonstrable AML/CFT expertise and insurance-sector experience. Independence and credentials matter.

Why: Quality reviewers produce usable findings; poor-quality reviews waste time and undermine trust.

Guidance Note:

The IRA has published a comprehensive Guidance Note to assist institutions in carrying out a thorough and credible review, ensuring all AML and Counter Financing of Terrorism (CFT) requirements are met. The note can be accessed at ira.go.ke.

Why the IRA issued a Guidance Note — the purpose behind the note

The IRA’s Guidance Note exists to remove ambiguity and raise the minimum standard of reviews across the sector. Its core purposes are to:

Clarify regulator expectations so firms produce consistent, comparable reviews.

Raise review quality, especially for smaller intermediaries or insurers unfamiliar with rigorous AML testing.

Align practices with international norms (risk-based approach; evidence & testing).

Reduce rework by giving firms a clear blueprint for what the IRA will accept.

In short: the Guidance Note moves the industry from “box-ticking” to demonstrable, repeatable assurance.

How Reel Informatics helps — practical services that close the gap

Reel Informatics specializes in translating regulatory requirements into deliverable, evidence-backed programmes. Our offer for life insurers and intermediaries includes:

Independent AML Reviews & Audits — full-scope, IRA-aligned reviews performed by experienced AML specialists with insurance sector knowledge. Board-ready reports with clear risk ratings and remediation plans.

Risk Assessment & Gap Analysis — map controls to product & distribution risks; quantify impact and prioritize fixes.

Control Effectiveness Testing — file sampling, transaction monitoring validation, sanctions screening tests, and testing of STR workflows.

Board Reporting & Submission Support — we produce concise board packs and help you capture the required board comments for IRA submission.

Practical Training & Capacity Building — role-based training for frontline, compliance teams and board members to embed a sustainable AML culture.