Introduction
Banking and finance law in Kenya provides the legal framework that governs the relationship between financial institutions, their customers, and the regulatory environment within which banks operate. At the centre of this framework are due diligence obligations, prudential compliance, and institutional accountability in the banker–customer relationship. While banking relationships are fundamentally contractual, Kenyan courts have consistently affirmed that banks owe elevated duties of care arising from the trust reposed in them and their control over financial systems. Recent judicial decisions have underscored that failures in internal controls, mandate verification, or transaction monitoring may expose banks to liability, even where fraud is sophisticated or concealed. This article examines the legal foundations of banking and finance law in Kenya, with a focus on due diligence, bank liability, and emerging judicial guidance on how risk is allocated between banks and customers.
The Legal Foundations of Banking and Finance Law
The regulatory framework governing banks in Kenya includes the Banking Act, the Central Bank of Kenya Act, the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA), and the CBK Prudential Guidelines. Together, these instruments impose obligations relating to licensing, capital adequacy, risk management, internal controls, and consumer protection.
Beyond statute, banking law is shaped by common law principles, particularly in relation to contract, tort, agency, and restitution. Courts have consistently held that banks are expected to act with a high degree of professionalism due to the nature of their business and the public trust reposed in them.
Duties of Banks in the Banker Customer Relationship
While the banker-customer relationship is fundamentally contractual, courts have recognized that banks owe customers additional duties arising from the nature of their operations. These duties include:
- Duty to exercise reasonable care and skill in executing customer instructions;
- Duty to act in good faith, honestly, and without conflict of interest;
- Duty to safeguard customer funds against unauthorized access or misuse;
- Duty to comply with regulatory and prudential standards; and
- Duty to maintain effective internal controls to prevent fraud and error.
Importantly, banks are not expected to act as insurers against all loss. However, where loss arises from procedural failures, internal collusion, or negligent execution of mandates, liability may attach notwithstanding the existence of contractual disclaimers.
Due Diligence as a Core Banking Obligation
Due diligence is a foundational pillar of modern banking practice. It is not confined to customer onboarding but extends throughout the lifecycle of the banking relationship. For financial institutions, due diligence operates at several levels:
- Customer Due Diligence (CDD)
Banks are required to verify customer identity, beneficial ownership, source of funds, and risk profile. This obligation is reinforced by AML/CFT laws and is critical in preventing fraud, money laundering, and terrorist financing.
- Transactional Due Diligence
Banks must monitor transactions for consistency with account mandates and customer profiles. High-value or unusual transactions demand enhanced scrutiny, including call-backs, dual authorization, and escalation where necessary.
- Institutional Due Diligence
Banks must implement robust internal governance structures, including segregation of duties, audit trails, staff supervision, and compliance monitoring. Weaknesses at this level expose institutions to operational and reputational risk.
Courts have increasingly treated failure of due diligence not as a mere regulatory lapse but as a legal breach capable of grounding liability. Justice A. Mabeya in Lim & another v Diamond Trust Bank Kenya Limited & 7 others [2025] KEHC illustrated the consequences of deficient due diligence. In that case, the bank processed premature liquidation of fixed deposits and transfererd to third parties without proper authority. Evidence revealed failures in mandate verification, call-back procedures, and internal oversight, coupled with collusion by bank staff.
The court held that the bank breached both its contractual and fiduciary like duties to the customer. Significantly, it rejected the argument that reliance on apparently regular instructions absolved the bank from liability. Instead, the court emphasized that due diligence requires active verification and vigilance, especially where large sums and fixed deposit instruments are involved. The judgment confirms that banks bear primary responsibility for losses arising from internal breakdowns, even where fraud is sophisticated or concealed.
A key contribution of the Lim decision is its clarification of risk allocation. The court affirmed that customers are entitled to assume that banks will adhere to their own safeguards and industry standards. Once a customer demonstrates lack of authority and resultant loss, the burden shifts to the bank to justify the impugned transactions.
This approach reflects a broader policy objective: placing risk on the party best positioned to prevent harm. In banking transactions, that party is ordinarily the bank, given its control over systems, staff, and compliance mechanisms.
The court also applied restitutionary principles to order recovery of funds from third parties who could not demonstrate bona fide receipt for value. While this offers banks a secondary avenue of recovery, it does not dilute the bank’s primary obligation to restore the customer’s funds.
The decision thus reinforces the principle that unjust enrichment has no place in banking transactions tainted by fraud or procedural failure.
Implications for Financial Institutions
The Lim case underscores the need for financial institutions to treat due diligence as a substantive legal obligation rather than a box-ticking exercise. Banks must continuously review and strengthen internal controls, staff accountability, and transaction monitoring systems.
For legal practitioners and compliance officers, the case provides authoritative support for claims grounded in breach of duty, negligence, and restitution, and signals heightened judicial scrutiny of banking practices.
Conclusion
Banking and finance law in Kenya continues to evolve in response to increasing commercial complexity, technological change, and heightened regulatory scrutiny. The courts have made it clear that the duties owed by banks extend beyond the mechanical execution of customer instructions to encompass due diligence, vigilance, and institutional responsibility. For regulators, these decisions reinforce the importance of robust compliance and internal governance. For banks, they underscore the legal and financial consequences of procedural lapses and system failures. For customers and businesses, they affirm the right to rely on the integrity of banking systems and the availability of effective legal remedies where that trust is breached. As Kenyan jurisprudence continues to develop, a proactive approach to compliance, risk management, and dispute resolution remains essential to maintaining confidence in the banking system.
ESK Advocates LLP advises banks, financial institutions, and businesses on all aspects of banking and finance law in Kenya, with particular focus on due diligence, regulatory compliance, and banking disputes. Whether addressing potential liability exposure, responding to suspected fraud, or enforcing customer rights, ESK Advocates LLP delivers strategic legal advice grounded in Kenyan law, regulatory expectations, and emerging judicial trends.
Add a Comment