As an SME owner in Kenya, keeping accurate and compliant records is no longer just an administrative task—it is a core component of corporate governance, risk management, and regulatory compliance. From tax audits to employment disputes and data protection obligations, the Kenyan legal framework now demands robust record-keeping practices across every aspect of your business.
Here’s a comprehensive guide to help you navigate corporate, fiscal, employment, and sector-specific record-keeping requirements, and avoid costly fines, penalties, or operational disruptions.
1. Corporate Governance and Ownership Transparency
Under the Companies Act 2015, your company must maintain accounting records that accurately reflect financial transactions and your financial position, particularly for the most recent three-month trading period.
You are also required to maintain statutory registers, which must be accessible for inspection by regulators and, in some cases, the public. Key registers include:
| Statutory Record | Required Details | Statutory Basis |
|---|---|---|
| Register of Members | Names, addresses, shareholding | Section 93 |
| Register of Directors | Names, addresses, corporate directors | Section 134 |
| Minutes of Directors’ Meetings | Narrative of proceedings | Section 210 |
| Beneficial Ownership Register | Natural persons with ≥10% control | Section 93A |
Tip: Keep minutes of directors’ meetings for at least 7 years. Failure to maintain these records can result in fines of KES 500,000 per director and potential criminal liability.
2. Beneficial Ownership Disclosure
Since 2019, all companies must identify beneficial owners—individuals who ultimately control or benefit from the company. Compliance deadlines are strict, and failure to update the BRS E-Register can result in fines and eventual deregistration.
- Initial filing: within 30 days of register preparation.
- Amendments: within 14 days of changes.
- Penalty for non-compliance: KES 500,000 + KES 50,000 per day.
Action: Audit your shareholder and director structures to ensure that all beneficial owners are correctly recorded and submitted.
3. Fiscal Administration and Tax Records
The Tax Procedures Act 2015 standardizes record-keeping for Income Tax, VAT, Excise Duty, and customs records.
Key retention periods:
- Tax records: 5 years, except Income Tax, which may require 10 years.
- Audited financial statements: 7 years.
- Fraud or gross negligence: indefinite retention.
Mandatory documents for audits:
- All invoices, receipts, and payment records.
- Bank statements and reconciliations.
- Filed tax returns (VAT, PAYE, Corporate Tax) and KRA receipts.
- Supplier/customer contracts and WHT certificates.
Tip: Perform monthly reconciliations to reduce discrepancies that trigger KRA audits.
4. Employment and Payroll Documentation
The Employment Act 2007 requires employers to maintain a detailed Employment Register including:
- Employee particulars: name, age, nationality, education.
- Contracts for employees working over 2 months.
- Payroll records covering PAYE, NSSF, SHIF, AHL, and NITA levies.
Important: Keep payslips and deduction records for verification in labor audits. Expatriate employees require additional travel and permit records.
Resource: For guidance on payroll compliance and SME accounting, visit SME Accounting Resources.
5. Data Protection and Privacy
The Data Protection Act 2019 mandates proper documentation of all processing activities, including:
- Registration with the ODPC.
- Data inventory and mapping.
- Lawful basis documentation (consent, contract, or legal obligation).
- Data Protection Impact Assessments (DPIAs).
- Breach notification logs.
Tip: Balance statutory retention requirements with the “right to be forgotten” by implementing secure deletion or anonymization protocols once legal retention periods expire.
6. Sector-Specific Standards
Banking and Insurance
- Maintain KYC, CDD, EDD, and transactional records for at least 7 years.
- Non-compliance can lead to fines up to KES 20M and removal of “fit & proper” certification.
Digital Health and Medical Records
- Minimum retention: 20 years for digital patient records.
- Ensure informed written consent for processing sensitive data.
7. Evidentiary Standards and Electronic Records
Digital records are legally valid if they meet Evidence Act Section 106B standards.
- Must be generated by a properly operating computer system.
- Accompanied by a certificate of authenticity from a responsible official.
- Advanced electronic signatures are recognized for contracts, land, and stamp duty documents.
8. Public Archives and Record Disposal
- Follow Public Archives and Documentation Service Act and Records Disposal Act for statutory disposal.
- Disposal requires consultation, notification, authorization, and witnessed execution.
9. Risks and Penalties
Failure to maintain proper records can result in:
| Violation | Penalty | Consequences |
|---|---|---|
| Beneficial ownership non-filing | KES 500,000 + 50,000/day | Deregistration |
| Tax record default | KES 200,000 or 2 yrs jail | 75% tax shortfall penalty |
| False employment register | KES 100,000 | 6 months imprisonment |
| Data breach | Up to KES 5M or 1% turnover | Business suspension/lawsuits |
Tip: Treat records as a strategic asset to reduce operational risk, ensure audit readiness, and improve efficiency.
10. Strategic Recommendations for Your SME
- Implement a Digital Record System: Integrate corporate, tax, payroll, and data protection records.
- Set Retention Policies: Align with Companies Act (7 years), Income Tax Act (10 years), and Digital Health Act (20 years).
- Perform Regular Compliance Audits: Internal reviews prevent fines and identify gaps.
- Train Staff: Ensure all employees handling records understand legal requirements.
- Maintain Audit-Ready Files: Keep statutory registers, invoices, contracts, and digital backups accessible.
By proactively managing your records, your SME will not only avoid stiff penalties but also gain operational clarity, strengthen corporate governance, and demonstrate credibility to regulators, investors, and partners.
