M-Pesa Specialist Permanent Controller Compliance, AML/CFT, HR, Legal & Regulatory

## Role Purpose To provide independent oversight over compliance, AML/CFT, HR, legal and regulatory control framework across the EMI/mobile money ecosystem, ensuring: * Regulatory obligations and internal policies are implemented, monitored, and tested * Key risks (regulatory, financial crime, conduct, employment, legal) are identified, assessed, controlled, and escalated * Weaknesses are captured in structured findings, tracked through remedial action plans and validated at closure * Governance reporting is delivered to management and relevant committees. To perform permanent control testing, challenges control owners, and validate remediation. To independently test and challenge control performance. ## Scope of Coverage This role covers controls across: * Customer lifecycle compliance: onboarding, KYC, upgrades. * AML/CFT: transaction monitoring, sanctions screening, Suspicious Transaction Report (STR)/ Suspicious Activity Report (SAR) process, investigations governance, reporting obligations * Agent and merchant compliance: onboarding, due diligence, monitoring, training, discipline * Consumer protection and conduct: complaints handling compliance, transparency, fair treatment, disclosure obligations * Regulatory compliance: licensing obligations, periodic returns, audits/inspections readiness, compliance attestations * Legal controls: contracts, SLAs, third-party agreements, outsourcing controls, dispute management * HR controls: recruitment integrity, background checks, performance discipline, confidentiality, conflicts of interest, code of conduct, training compliance ## Key Responsibilities 5.1 Compliance Oversight and Permanent Control Testing * Perform control design assessment and operating effectiveness testing across compliance obligations * Monitor compliance KPIs; escalate deviations and recurring breakdowns. * Ensure clear issue documentation in Observation – Risk – Recommendation format with severity rating and agreed timelines. 5.2 AML/CFT (Financial Crime) – Oversight, Challenge & Assurance * Oversee the AML/CFT control framework * Conduct targeted thematic reviews (examples) such as SIM swap/account takeover and AML exposure, etc. * Validate the integrity of AML evidence and audit trail * Monitor AML/CFT remediation actions and validate closure with evidence-based testing. 5.3 Regulatory and Supervisory Compliance * Maintain a regulatory compliance inventory * Review readiness for regulatory examinations * Independently validate * Track regulatory findings and ensure remediation plans are implemented and sustained. 5.4 Legal & Contractual Risk Controls * Oversee the legal control framework * Perform periodic sample-based controls * Escalate legal risks that could materially impact 5.5 HR Controls & Conduct Risk Oversight * Oversee controls related to recruitment integrity and onboarding, disciplinary process governance and consistency, mandatory trainings completion, confidentiality undertakings, ethical code adherence ans segregation of duties in sensitive functions. * Test HR controls periodically * Promote conduct risk culture through risk-based control recommendations. 5.6 Policies, Procedures and Control Culture * Ensure each covered function maintains up-to-date manuals of procedures, policies, and control matrices. * Review policy exceptions process: * Support embedding “compliance-by-design” and “control-by-design” into products/projects ## Required Qualifications & Experience * Degree in Law, Compliance, Risk, Finance, Business, or related discipline. * 5–10+ years’ experience in: * Compliance/AML/legal/regulatory risk, internal control, audit, or risk management * Exposure to fintech / EMI / banking / mobile money strongly preferred * Strong experience in: * control testing methodologies (design & operating effectiveness) * issue management and remediation validation * writing audit-quality reports and governance packs ## Skills & Competencies Technical / Functional * AML/CFT frameworks (CDD/EDD, sanctions screening, monitoring governance) * Regulatory compliance management (obligations inventory, returns, inspections) * Contract and outsourcing risk controls (SLAs, right to audit, data privacy clauses) * HR governance controls and risk principles * Strong documentation and evidence-based testing discipline Behavioral * Independence and professional skepticism (2nd LoD mindset) * Strong stakeholder management and ability to challenge constructively * High integrity and confidentiality * Analytical thinking, attention to detail, and structured reporting