Job Ref. No: JAML071

Role Purpose:

• The Compliance & Data Protection Officer will ensure Jubilee Asset Management Limited complies with the Capital Markets Act, Kenya Data Protection Act, AML/CFT/CPF laws, and other applicable regulatory requirements. The role holder will lead the implementation of a robust Compliance and Data Protection Framework, drive a strong culture of governance and ethics, monitor regulatory adherence, mitigate compliance risks, and serve as the primary liaison with relevant regulators and data protection authorities.

Main Responsibilities:

Strategy

• Develop, implement, and maintain compliance and data protection policies, procedures, and controls to meet regulatory obligations and minimize compliance risks.
• Conduct horizon scanning to identify emerging compliance and data privacy risks and recommend appropriate mitigation measures.
• Keep abreast of regulatory developments in the asset management sector and advise senior management on their impact on business operations.
• Conduct Data Privacy Impact Assessments (DPIAs) for new products, services, systems, or processes involving personal data.
• Develop and enforce data retention policies to ensure alignment with legal and regulatory requirements.
• Support executive and senior leadership in communicating compliance strategies and aligning them with organizational objectives.
• Collaborate with internal stakeholders to drive continuous improvement initiatives, leveraging process optimization and technology.

Operational

• Establish and implement the Data Protection governance and regulatory framework, including all required statements, notices, and policies.
• Guide departments and support functions on compliance with the Data Protection Act 2019 and company-wide risk and compliance requirements.
• Provide regular training to internal staff and third parties involved in data collection or processing; conduct specialised training where required.
• Conduct compliance and data protection audits to ensure adherence and proactively address gaps.
• Create and maintain an up-to-date register of all data processing activities, ensuring transparency and accessibility when required.
• Provide advice and guidance on the interpretation and application of the Data Protection Act and any other related laws.
• Handle internal and external queries or complaints relating to data confidentiality, breaches, or misuse.
• Provide management with monthly updates on compliance and data protection matters and escalate urgent breaches immediately
• Develop and implement data protection policies, guidelines, and operational processes in collaboration with business and support functions.
• Support the creation of data protection knowledge repositories and awareness materials for staff and partners.
• Build and maintain effective working relationships with data controllers and processors while promoting the benefits of compliance.
• Support development of privacy statements, consent mechanisms, and disclosures for digital platforms, forms, websites, and communication channels.
• Prepare and submit an annual Data Protection work plan and implement it upon approval.
• Network with other Data Protection Officers, track industry trends, and recommend improvements to JAML’s compliance posture.

People Leadership and Culture

• Promote a culture of ethics, compliance, and responsible data management across the organization.
• Collaborate with cross-functional teams to drive initiatives that strengthen compliance awareness and improve company culture.
• Provide transformational leadership to ensure alignment with stakeholder expectations.
• Set performance objectives, monitor progress, and ensure timely execution of compliance-related activities.
• Facilitate regular knowledge-sharing sessions, workshops, and team capability development.

Risk Management, Compliance, and Corporate Governance

• Provide regular reports on exceptions, trends, breaches, and corrective actions to EXCO, MRCC, and the Board.
• Conduct weekly reviews of regulatory ratios and compliance metrics, recommending timely remedial actions.
• Monitor daily customer and transaction activities for suspicious indicators and escalate appropriately.
• Implement the annual compliance work plan, including reviews, regulatory submissions, and staff training.
• Review and update Compliance, AML/CFT/CPF, and advise on Customer Acceptance policies to reflect regulatory changes.
• Oversee the implementation of audit and regulatory inspection recommendations.
• Maintain and share best practices on AML/CFT/CPF and KYC compliance.
• Support staff in understanding and applying AML/CFT/ CPF and Data Protection laws, ensuring timely updates on new legislation.
• Maintain updated compliance and data protection resources on the company intranet.
• Ensure accurate capture, safeguarding, and processing of customer data in line with regulatory standards.
• Ensure adherence to all statutory and regulatory requirements applicable to asset management and data protection.
• Conduct periodic compliance assessments to identify vulnerabilities and recommend appropriate mitigation measures.
• Develop and implement effective internal controls to manage regulatory, financial, operational, and data-related risks.
• Promote adherence to company policies, ethical standards, and governance frameworks.

Key Competencies:

• Strong knowledge of asset management regulations, CMA guidelines, and financial services compliance.
• Deep understanding of AML/CFT/CPF, KYC requirements, and Data Protection principles.
• Excellent analytical, investigative, and problem-solving skills.
• Strong communication skills with the ability to educate, advise, and influence diverse stakeholders.
• Highly collaborative with strong interpersonal skills.
• Exceptional attention to detail and organizational capability.
• Ability to anticipate regulatory trends and adapt proactively.
• Strong leadership and influencing ability to promote compliance initiatives.

Academic Background & Relevant Qualifications:

• Bachelor’s Degree in Law, Business, Finance, Compliance, or related field (LLB preferred).
• Para-Legal Diploma from the Kenya School of Law (added advantage).
• Professional Data Privacy Certifications (IAPP – CIPP, CIPP/IT) highly desirable.
• Additional compliance or AML certifications will be an added advantage.
• Minimum of 2 years’ experience working in a compliance/audits environment, coupled with proven experience in Regulatory
• Compliance, AML, compliance assurance and reporting within the financial services industry