Regulatory Compliance & Certifications
Last Updated: May 6, 2026
EDJAM Limited is committed to maintaining the highest standards of regulatory compliance and security. We operate in accordance with international best practices and local regulations to ensure the safety and integrity of our clients' financial operations.
1. Regulatory Compliance
1.1 Kenya Financial Regulations
Our operations comply with all applicable Kenyan financial services regulations:
- Central Bank of Kenya (CBK): Licensed financial technology provider operating under CBK prudential guidelines and directives
- National Payment Systems Act, 2011: Full compliance with payment system regulations and oversight
- Banking Act (Cap. 488): Adherence to banking service provider requirements
- Kenya Information and Communications Act: Compliance with ICT and electronic transactions regulations
- Microfinance Act, 2006: Support for microfinance institutions with regulatory-compliant systems
1.2 Data Protection
We strictly adhere to data protection regulations:
- Kenya Data Protection Act, 2019: Full compliance with all data protection requirements, registered with the Office of the Data Protection Commissioner
- GDPR Readiness: For clients serving European customers, our systems support GDPR compliance requirements
- Cross-Border Data Transfers: Appropriate safeguards in place for international data transfers
1.3 Anti-Money Laundering (AML)
Robust AML compliance framework:
- Proceeds of Crime and Anti-Money Laundering Act (POCAMLA), 2009: Comprehensive AML controls and reporting mechanisms
- Customer Due Diligence: Enhanced KYC procedures and identity verification
- Transaction Monitoring: Real-time surveillance and suspicious activity detection
- Sanctions Screening: Automated screening against global sanctions lists
- STR/SAR Filing: Suspicious Transaction Report capabilities with Financial Reporting Centre (FRC)
1.4 Consumer Protection
Commitment to fair treatment of customers:
- Consumer Protection Act, 2012: Fair business practices and consumer rights protection
- Transparent Pricing: Clear disclosure of fees, charges, and terms
- Dispute Resolution: Established mechanisms for handling customer complaints
- Financial Literacy: Support for client financial education initiatives
2. International Standards & Certifications
ISO 27001
PCI DSS Level 1
SOC 2 Type II
ISO 9001
2.1 ISO 27001:2013 - Information Security Management
Certification Body: British Standards Institution (BSI)
Scope: Design, development, and delivery of financial technology solutions
Last Audit: March 2026 | Next Audit: March 2027
Our ISO 27001 certification demonstrates our commitment to:
- Systematic approach to managing sensitive information
- Risk assessment and treatment processes
- Continuous improvement of security controls
- Regular management reviews and audits
2.2 PCI DSS Level 1 Compliance
Assessment Type: Report on Compliance (ROC)
QSA Firm: Trustwave
Compliance Date: February 2026 | Valid Until: February 2027
As a Level 1 PCI DSS compliant service provider, we:
- Process over 6 million card transactions annually
- Maintain secure cardholder data environment (CDE)
- Conduct quarterly network scans by Approved Scanning Vendor (ASV)
- Perform annual penetration testing
- Maintain comprehensive security policies and procedures
2.3 SOC 2 Type II Report
Service Auditor: Deloitte Kenya
Report Period: January 1, 2025 - December 31, 2025
Trust Services Criteria: Security, Availability, Confidentiality
Our SOC 2 Type II attestation covers:
- Description of our systems and controls
- Independent auditor testing of control effectiveness
- 12-month observation period
- Assurance on security, availability, and confidentiality
2.4 ISO 9001:2015 - Quality Management
Quality management system certification ensuring:
- Consistent delivery of high-quality services
- Customer satisfaction focus
- Process-based approach
- Continual improvement methodology
3. Industry-Specific Compliance
3.1 Mobile Money Integration
Certified integration partner for:
- M-Pesa (Safaricom): Certified Business Partner with full API access
- Airtel Money: Approved SuperAgent and API partner
- T-Kash (Telkom Kenya): Registered integration partner
3.2 Banking System Integration
Approved technology provider for:
- RTGS (Real-Time Gross Settlement) integration
- EFT (Electronic Funds Transfer) processing
- KenSwitch network connectivity
- SWIFT messaging (correspondent banking)
4. Security Frameworks & Best Practices
4.1 NIST Cybersecurity Framework
Alignment with NIST CSF core functions:
- Identify: Asset management, business environment, governance
- Protect: Access control, data security, protective technology
- Detect: Continuous monitoring, detection processes
- Respond: Incident response planning and communications
- Recover: Recovery planning and improvements
4.2 OWASP Top 10
Protection against OWASP's most critical web application security risks through secure development practices, regular vulnerability assessments, and penetration testing.
5. Audit & Assessment Schedule
| Audit/Assessment |
Frequency |
Last Conducted |
| ISO 27001 Surveillance Audit |
Annual |
March 2026 |
| PCI DSS Assessment |
Annual |
February 2026 |
| SOC 2 Type II Audit |
Annual |
December 2025 |
| Penetration Testing |
Annual |
January 2026 |
| Vulnerability Scanning |
Quarterly |
April 2026 |
| Business Continuity Test |
Semi-Annual |
April 2026 |
6. Compliance Documentation
For enterprise clients, we provide:
- ISO 27001 certificate and Statement of Applicability (SoA)
- PCI DSS Attestation of Compliance (AoC)
- SOC 2 Type II report (under NDA)
- Security white papers and architecture documentation
- Data processing agreements (DPA)
- Business Associate Agreements (BAA)
Request compliance documentation: compliance@edjam.co.ke
7. Regulatory Changes & Updates
We maintain a dedicated compliance team that:
- Monitors regulatory developments across all operating jurisdictions
- Assesses impact of new regulations on our services
- Implements necessary changes to maintain compliance
- Communicates relevant updates to clients
- Provides regulatory guidance and support
8. Contact Compliance Team
For compliance inquiries, audit requests, or certification verification:
EDJAM Limited - Compliance Department
Kijabe Street, Nairobi, Kenya
Email: compliance@edjam.co.ke
Phone: +254 721 680 973
Chief Compliance Officer: Available for enterprise client consultations