Due diligence
Registry checks vs risk screening in Kenya
Confirming a company exists is step one. It does not tell you whether litigation, debarment, or adverse media should pause the deal.
Most Kenyan onboarding workflows start the same way: search the business register, confirm the legal name, note the directors, file the printout. That step answers does this entity exist? It does not answer should we do business with them today?
The gap matters because risk signals live in different places — courts, official gazette notices, public procurement registers, sector regulators, and press coverage. None of those are returned in a standard registry lookup. Teams that stop at the register often discover problems only after money has moved.
What a registry check is good for
Registry verification remains essential. You need a canonical legal name, registration status, and director list for KYC files and contract parties. Regulators and auditors expect that baseline. Skipping it is not an option.
Treat the registry as identity, not risk. Identity answers who you are contracting with. Risk answers what has happened to that entity in public record since registration.
What it does not show
- Litigation — active or recent court matters where the company is a party.
- Procurement debarment — exclusion from public contracts even when the register shows “active.”
- Regulatory gaps — operating in a licensed sector without current authorisation.
- Official gazette actions — wind-ups, strike-offs, and other published steps.
- Adverse media — material press coverage that did not appear on the register.
Each category has its own publication rhythm. A company can look clean on the register on Monday and appear in a gazette notice or court cause list the same week.
Why teams patch it together manually
Without tooling, analysts run separate searches — a court portal here, a news search there, a memo in Word. That works for one high-stakes deal. It breaks at volume: merchant onboarding, supplier panels, or quarterly borrower reviews. Quality varies by analyst, and six months later nobody can reproduce exactly what was checked.
Risk screening (as distinct from registry lookup) means assembling those public-record categories into one cited view per company — same checklist every time, with links back to the primary source behind each flag.
A practical split for compliance teams
- Registry check → legal identity and directors.
- Risk screen → litigation, procurement, gazette, regulators, media, director network.
- Human review → interpret material flags; escalate to legal where needed.
Credit committees and procurement panels rarely need more complexity — they need a file they can defend. The registry printout plus a cited risk report beats a narrative email that says “we Google’d them and it looked fine.”
When “no flags” still needs context
A clean screen is not a guarantee. Coverage depends on which source families were checked, how confidently the name matched, and when the score was calculated. Good reports expose that metadata so reviewers know what “clean” means — and what was out of scope.
Material decisions should always be verified against the cited primary record. Screening intelligence narrows the search; it does not replace judgment on the deal.