What does a compliance gap assessment include?

We review your obligation inventory, policies, control evidence, and reporting against applicable regulators and standards. You receive a gap register with severity, owners, and recommended remediation sequenced for impact.

Can you support us through a live CBK or SASRA examination?

Yes. We help prepare evidence packs, clarify control narratives, and coordinate responses so your team is not rebuilding documentation during the inspection window.

GRC Consulting

Regulatory Compliance Advisory

Translate the obligations of your regulators into a working compliance program, with gap assessments and examination readiness.

Compliance teams are under pressure to prove every obligation has an owner, evidence, and a remediation path—not just a spreadsheet updated before an inspection.

We help you build a compliance program that maps regulator and donor requirements to actionable controls, testing, and board reporting. That includes CBK, SASRA, IRA, CMA, Kenya Data Protection Act, and AML/CFT where applicable.

Board and governance advisory—charters, committees, meetings, minutes, and elections—keeps supervisory governance visible alongside the obligation register and policy lifecycle.

Our gap assessments produce prioritised remediation plans your management can approve and your auditors can follow—reducing fire-drill preparation before examinations.

Who this is for

Banks, SACCOs, and microfinance institutions under prudential supervision
Insurers and capital markets participants
NGOs and corporates with donor or sector-specific compliance obligations

Typical deliverables

Obligation mapping for CBK, SASRA, IRA, CMA, and donor frameworks
Board & governance advisory—charters, committees, meetings, and minutes
Kenya Data Protection Act and AML/CFT program reviews
Compliance gap assessments and remediation plans
Examination and inspection readiness support

Outcome: Fewer surprises at examination and clearer accountability for every obligation.

How we work

01
Assess
We map your current governance structures, obligations, risks, and controls against the regulators and frameworks that apply to you, then surface the gaps that matter most.
02
Design
We define the operating model: governance roles, risk appetite, policy architecture, control libraries, and reporting lines, sequenced into a practical roadmap.
03
Implement
We help you stand up the frameworks, write the policies, build the registers, and configure Trigarc so the model runs in real tooling rather than spreadsheets.
04
Sustain
We embed the rhythm: train your teams, set review cadences, and prepare your board and regulator reporting so the program keeps working after we step back.

Frequently asked questions

What does a compliance gap assessment include?: We review your obligation inventory, policies, control evidence, and reporting against applicable regulators and standards. You receive a gap register with severity, owners, and recommended remediation sequenced for impact.
Can you support us through a live CBK or SASRA examination?: Yes. We help prepare evidence packs, clarify control narratives, and coordinate responses so your team is not rebuilding documentation during the inspection window.

Discuss this engagement

Book a discovery session to scope compliance advisory for your institution and agree the first phase of work.

Book a discovery session All consulting services