East Africa is one of the fastest-growing business regions in the world. Kenya pulled in $638 million in tech startup funding in 2024 – close to 30% of the continent’s total funding. The East African Community’s combined investment that year hit $725 million. Ethiopia opened its first stock exchange in January 2025, decades in the making. The commercial momentum is real, and the international money following it is too.
And yet, for compliance teams trying to verify businesses in the region, the infrastructure tells a different story.
The kind of API lookup that returns structured company data in seconds for a UK or US entity doesn’t exist across most of East Africa. What’s there is patchy, inconsistently digitized, and often requires someone to show up in person or send a direct request to a government office – then wait weeks.
For fintech platforms, trade finance providers, B2B marketplaces, and any institution that needs to verify a business counterparty in Kenya, Tanzania, Uganda, Ethiopia, or Rwanda before committing to a commercial relationship, that’s not a minor inconvenience. It’s a real compliance problem.
That gap is where OSINT-based KYB comes in.
Who this is for – and what it’s not. For compliance officers, fintech, trade finance, and B2B marketplace teams who need to verify business counterparties in Kenya, Tanzania, Uganda, Ethiopia, or Rwanda – specifically those who’ve hit a dead end waiting on a registry API that doesn’t exist.
Not a vendor comparison or a pitch for a specific KYB tool. For that, see Know Your Business Solution; this article is the verification methodology when automated registry data isn’t available.
Why the Registry Problem Is Harder Than It Looks
The fundamental challenge isn’t that East African governments haven’t built company registries. They have. Kenya has the Business Registration Service (BRS). Tanzania operates the Business Registrations and Licensing Agency (BRELA). Uganda has the Uganda Registration Services Bureau (URSB). Rwanda’s registration sits under the Rwanda Development Board. Ethiopia is building out its commercial registry in parallel with its new capital markets infrastructure.
The problem is accessibility, data quality, and API coverage.
Most of these registries are partially digitized at best. Some have basic online search portals that allow name lookups. Few return machine-readable structured data. Almost none offer API access that a compliance platform could plug into an automated workflow. Kenya applies a 10% beneficial ownership disclosure threshold – lower than FATF’s recommended 25%. But having a threshold and actually enforcing it are different things. So is having data on file and making it accessible to third-party verifiers.
Kenya enacted sweeping Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) amendments across multiple statutes in 2025, aimed at clarifying the roles and responsibilities of regulatory bodies. The legal framework is improving. The data infrastructure hasn’t kept pace.
What this means for compliance teams is that the standard playbook – query a registry API, receive entity data, cross-reference against beneficial ownership records, run sanctions screening – doesn’t work here. You need a different approach.

Verify businesses, not just people
Automate company verification, UBO checks, and business due diligence with iDenfy KYB.
Explore KYB SolutionWhat OSINT Means in a KYB Context
Open Source Intelligence (OSINT) is the structured collection, verification, and analysis of publicly available information. In a KYB context, it means building a picture of a business using every legally accessible public source – not just formal registries.
This isn’t a workaround or a second-best option. For East African markets, it’s often the only viable path to defensible verification. And when done rigorously, it produces a more complete picture of a business than a clean registry lookup alone.
The KYB process for East African entities using OSINT typically draws on several distinct source layers:
Government and regulatory sources
Even where APIs don’t exist, some registry data is publicly accessible through web portals. The BRS in Kenya allows basic company searches. The BRELA portal in Tanzania provides limited entity data. Revenue authority registration numbers, sector-specific licenses (Central Bank of Kenya PSP licenses, Uganda Communications Commission registrations), and regulatory announcements can all be found through official channels. These require manual lookup rather than automated query, but they’re authoritative and worth the effort.
Tax and financial registration
KRA PIN certificates in Kenya, TIN numbers in Tanzania, and equivalent identifiers in other markets establish that a business has engaged with the formal economy at a basic level. Verification of these identifiers with the issuing authority – through direct inquiry when an online lookup isn’t available – provides a meaningful data point.
Court and legal records
Judicial records in East Africa vary in accessibility, but Kenya’s e-judiciary portal and Tanzania’s law reporting infrastructure provide some access to litigation history. A business with a significant history of legal disputes – particularly involving fraud, unpaid creditors, or regulatory enforcement – will often appear in court records accessible to a diligent researcher.
Company websites, domain registration, and digital footprint
WHOIS lookups on business domains, combined with an analysis of when the domain was registered, who registered it, and how consistent the business’s digital presence is with its claimed history, can surface red flags that formal registries miss entirely. A company claiming a decade of trading history, whose domain was registered six months ago, warrants further investigation.
LinkedIn and professional networks
Director and beneficial owner profiles on LinkedIn – cross-referenced with the names provided during onboarding – provide useful corroboration and occasionally surface connections to other entities or jurisdictions not disclosed in formal documents. OSINT tools can be used to trace the digital footprints of company directors and shareholders, uncovering hidden affiliations that registry data simply can’t match.
Local news and media
East African business journalism has improved significantly. The Nation Media Group, Business Daily Africa, The East African, and similar publications provide a searchable archive of commercial reporting that can surface adverse media – fraud allegations, regulatory actions, disputed contracts – that won’t appear in any registry.
Social media and community sources
Particularly for SMEs and informal-sector businesses, social media presence can be cross-checked against the claimed business profile. Active trading businesses typically have a traceable history on commercial social media. Businesses with no digital footprint relative to their claimed size and history warrant additional scrutiny.
The Beneficial Ownership Challenge
Across East Africa, beneficial ownership transparency is improving but remains inconsistent. Kenya, Tanzania, and Zambia show progress, but conflict-affected states remain challenging. Even the best registers rely on self-declaration – companies report their own beneficial owners, and verification ranges from none to cross-referencing with other databases.
This means that even where beneficial ownership data exists, it can’t be trusted without cross-referencing. An OSINT-based KYB approach should treat declared beneficial ownership as a starting point, not a conclusion. Cross-checking director names against:
- Local court records for directorship disputes or insolvency proceedings
- Stock exchange disclosures (where the company or related entities are listed)
- Regulatory enforcement announcements from Central Bank publications
- Adverse media searches in both English and local language sources
…will surface inconsistencies that a simple registry lookup would never catch.
The ESAAMLG – the Eastern and Southern Africa Anti-Money Laundering Group – evaluates member countries against FATF standards and publishes mutual evaluation reports that are genuinely useful to compliance teams. These reports outline exactly where each country’s beneficial ownership framework is strong and where it has documented gaps. Reading the relevant evaluation before onboarding a business from a new East African market is worth the time.
Building a Defensible OSINT-Based KYB Process
The goal of any KYB process isn’t just to gather information – it’s to produce a documented, auditable decision that can be defended if challenged. OSINT-based KYB for East African businesses meets that standard when the process is systematic and transparent about its limitations.
A defensible process documents:
- Which sources were queried, in what sequence, and what was returned
- Where searches returned no result (which is itself a finding – not a clean bill of health)
- How inconsistencies between sources were resolved
- The basis on which a risk decision was made, including what enhanced due diligence was applied and why
The absence of API-returned registry data doesn’t weaken a KYB file. What weakens a KYB file is the absence of documented inquiry. A compliance team that shows it queried every available source, recorded what it found, and made a reasoned risk decision based on the available evidence is in a far stronger position than one that simply noted “registry API unavailable” and moved on.
What to Automate and What to Do Manually
Even in East African markets, some automation is possible and appropriate.
Sanctions screening – against OFAC, UN, EU, and relevant national lists – can and should run automatically on every entity and individual associated with a business. PEP screening applies equally here; politically connected individuals are, if anything, more common among business owners in high-growth East African markets than in more established economies.
Adverse media scanning using AI-powered OSINT platforms that cover non-English language sources – Swahili, Amharic, Somali – is increasingly viable and adds meaningful coverage beyond English-language searches alone.
What can’t be automated, for now, is the registry verification layer that would be automated in a Western European or North American context. That part requires a human analyst, a documented process, and enough time to do it properly. For higher-risk engagements – significant transaction values, complex ownership structures, clients from conflict-adjacent jurisdictions – that manual layer isn’t a limitation to apologize for. It’s appropriate.
Conclusion
East Africa’s regulatory environment is developing quickly. Uganda overhauled capital markets conduct, governance, licensing, and offering regimes. Rwanda adopted new capital market governance standards. Beneficial ownership frameworks are being strengthened across the region, with implementation deadlines running from 2025 to 2027.
The businesses entering these markets and seeking to verify counterparties can’t wait for the infrastructure to catch up. OSINT-based KYB isn’t a permanent workaround – it’s the current reality. And for compliance teams willing to build the process properly, it’s entirely sufficient to meet the due diligence standard that the risk actually requires.
The risk isn’t the absence of an API. The risk is treating that absence as an excuse not to verify at all.