Why Due Diligence Matters in Kenya
Kenya's B2B services market is one of the fastest-growing in sub-Saharan Africa, with over 700,000 registered businesses as of 2024. But with growth comes risk: the Kenya Revenue Authority estimates that fewer than 35% of registered companies file tax returns consistently, and sector regulators report thousands of unlicensed operators annually.
For procurement professionals and business owners, the consequences of hiring an unverified provider can be severe: delayed projects, compromised data, tax exposure (where your supplier is non-compliant), and outright fraud. A 2023 survey by the Kenya Private Sector Alliance found that 1 in 4 Kenyan SMEs had experienced a significant B2B dispute in the prior 12 months - and fewer than half were resolved.
Tax Exposure Risk
Paying a non-KRA-compliant supplier can attract joint liability in PAYE and VAT audits.
Unlicensed Operators
Sectors like construction (NCA), media (CAK), and accounting (ICPAK) require active licences. Many operate without them.
Payment Fraud
Advance-fee fraud targeting procurement is common. Escrow and milestone payments reduce exposure.
The 6-Step Hiring Process
Define Your Requirements
Before opening ProvenGrid, document your scope of work. Include: deliverables, timeline, budget range (KES), required certifications, and success criteria. Vague briefs produce vague proposals and costly scope-creep.
Use a one-page Project Brief template. Attach it to every RFQ you send.
Search & Filter on ProvenGrid
Use ProvenGrid Directory's search filters to narrow by service category, county, verification level, ProvenGrid Trust Score, and price range. Sort by 'Most Reviewed' or 'Highest Score' for shortlisting.
Filter for KRA Verified + ProvenGrid Score ≥70 as a minimum baseline for high-value contracts.
Independent Compliance Check
Even for ProvenGrid-verified companies, run your own checks for high-value engagements. Verify the KRA PIN on iTax, confirm business registration on eCitizen BRS, and call the relevant sector regulator for licence confirmation.
KRA certificates expire every 12 months. Always check the issue date.
Send Structured RFQs
Use ProvenGrid's built-in RFQ builder to send standardised quotation requests to 3–5 shortlisted companies simultaneously. This ensures apples-to-apples comparison and creates a paper trail.
Give suppliers at least 5 business days to respond. Rushed RFQs produce lazy quotes.
Evaluate and Negotiate
Score each response against a weighted matrix: price (30%), technical approach (30%), timeline (20%), references (20%). Request a discovery call with your top 2 candidates before awarding.
Never award purely on price. The cheapest quote often becomes the most expensive project.
Sign Contract & Use Escrow
Issue a formal Letter of Award, sign a service agreement (use our template below), and fund ProvenGrid Escrow for the first milestone. Funds are held securely and released only upon milestone sign-off.
Break contracts into milestones of no more than KES 500,000. This limits exposure at any point.
How to Verify a Company in Kenya
Kenya has multiple regulatory bodies, each responsible for a specific sector. Depending on the type of service provider you're hiring, you should check one or more of the following:
KRA - Kenya Revenue Authority
ALL sectorsDocument: Tax Compliance Certificate (TCC)
Visit itax.kra.go.ke → Verify TCC. Enter the company's PIN and certificate serial number. Valid certificates are issued quarterly and expire in 12 months.
BRS - Business Registration Service
ALL sectorsDocument: Certificate of Incorporation / Business Name
Visit ecitizen.go.ke → BRS Search. Verify the company name, registration number, and directors. Confirms the company is legally registered and not struck off.
NCA - National Construction Authority
Construction & EngineeringDocument: NCA Contractor Registration Certificate
Visit nca.go.ke → Contractor Register. Search by company name or registration number. Required for all construction, engineering, and renovation work.
CAK - Communications Authority of Kenya
ICT, Telecom & MediaDocument: ICT Service Provider / Frequency Licence
Visit ca.go.ke → Licensed Operators. Required for ISPs, telcos, media companies, and broadcast equipment suppliers.
ICPAK - Institute of Certified Public Accountants
Accounting & AuditDocument: Practising Certificate
Visit icpak.com → Members Directory. All audit, tax advisory, and accounting firms must have practising members. Verify the individual partner assigned to your account.
LSK - Law Society of Kenya
Legal ServicesDocument: Advocate Practising Certificate
Visit lsk.or.ke → Advocate Search. All legal practitioners must hold a valid annual practising certificate. Firms must be registered with LSK.
ProvenGrid does this for you
Companies with a KRA Verified or CAK Licensed badge on ProvenGrid have had their certificates checked directly with the relevant authority by the ProvenGrid compliance team. The badge includes a last-verified date. Look for it before shortlisting.
Understanding the ProvenGrid Trust Score
Every company on ProvenGrid has a Trust Score from 0–100. It's not a simple star rating - it's a composite metric built from six independent data signals:
Verification Level
KRA, CAK, NCA, BRS checks. The most heavily weighted factor.
Client Review Score
Average of verified client reviews weighted by recency.
Response Rate
Percentage of RFQs responded to within 24 hours.
Escrow Track Record
Number of successfully closed escrow milestones with no disputes.
Profile Completeness
Full media, services, locations, references, and compliance data.
Longevity on ProvenGrid
Consistent presence and no moderation actions over 12+ months.
Score interpretation guide
How to Write a Winning RFQ
A well-written Request for Quotation (RFQ) sets the tone for the entire engagement. It filters out unsuitable suppliers, attracts serious proposals, and gives you legal protection if disputes arise. Here is the ProvenGrid-recommended RFQ structure:
Company & Project Overview
Your company name, industry, and a 2–3 sentence project summary. What problem are you solving?
Scope of Work
Detailed list of deliverables. Be specific: not 'website' but '5-page company website with contact form, mobile-responsive, CMS-editable, hosted on Kenyan server'.
Timeline
Desired start date, key milestones, and hard deadline. State whether the deadline is fixed (e.g., event-driven) or flexible.
Budget Range
Always include a budget range. Hiding it wastes both parties' time. State 'KES 150,000 – 250,000' rather than 'competitive pricing required'.
Required Certifications
List sector-specific licences needed (NCA, CAK, etc.) and any compliance requirements (ISO, data protection registration).
Evaluation Criteria
Tell suppliers how you'll choose. E.g., 'We will select based on: price 30%, technical approach 30%, relevant experience 25%, references 15%'.
Submission Format
Specify format (PDF), maximum pages (8), required attachments (company profile, sample work, KRA certificate), and submission deadline.
Contact & Q&A Window
Provide an email for clarifying questions. Set a Q&A deadline 2 days before proposal submission to give yourself time to circulate answers to all bidders.
Use ProvenGrid RFQ Builder
ProvenGrid's built-in RFQ tool lets you send structured quotation requests to multiple verified suppliers at once. Responses arrive in a standardised format for easy comparison. Available on all paid plans.
Evaluating Proposals
Once proposals arrive, resist the temptation to go straight to the price page. Use a weighted scoring matrixto evaluate objectively. Here's a recommended framework:
| Criterion | Weight | What to Look For |
|---|---|---|
| Technical Approach | 30% | Does the proposal show genuine understanding of your problem? Are the methods specific to your context, not copy-pasted? |
| Pricing & Value | 25% | Is pricing itemised? Does the total make commercial sense relative to market rates? Watch for suspiciously low bids - they usually mean cut corners or scope disputes later. |
| Relevant Experience | 20% | Have they done similar projects in Kenya? In your industry? Ask for 2–3 case studies with measurable outcomes. |
| Timeline Realism | 15% | Is the proposed schedule achievable? Does it include buffer for Kenyan public holidays (there are 11+), approval cycles, and procurement delays? |
| Team Credentials | 10% | Who will actually do the work? Verify the assigned team's qualifications, not just the firm's general capabilities. |
The Final 10%: Gut Check
After scoring, hold brief discovery calls with your top 2 candidates. Kenyan business culture values relationship-building, and how a supplier communicates during the bidding stage is predictive of how they'll behave during delivery. Slow replies, vague answers, or evasive pricing discussions at this stage will only worsen once the contract is signed.
Red Flags to Watch For
These warning signs are based on reports from ProvenGrid users and Kenya's PABK (Procurement and Asset Buyers of Kenya) community. If you encounter more than two of these in a single supplier, walk away.
Refuses to share KRA PIN
Every registered Kenyan business has a KRA PIN. Refusal to share it for TCC verification is a serious red flag.
No physical address or verifiable office
Legitimate companies have a Google Maps-verifiable office. 'We work remotely' is fine for freelancers; not for a 'company' claiming 50 staff.
100% upfront payment demanded
Standard practice is 30–50% on signing, remainder on completion or by milestone. Full upfront is unusual and risky.
Personal M-Pesa for business payments
Business payments should go to a Paybill or business bank account. Personal till numbers suggest informal or fraudulent operation.
No written contract offered
Professional service firms always provide a service agreement. Reluctance to document terms protects only the supplier, not you.
References unavailable or evasive
3+ verifiable client references is a minimum for any significant engagement. If references won't answer calls or give vague answers, investigate further.
Website created in the last 3 months
Cross-check domain registration age on whois.domaintools.com. A brand-new website on a company claiming 10+ years of experience is suspicious.
Extremely low bid (>30% below average)
ProvenGrid category benchmarks show typical pricing ranges. Bids 30% below usually mean the provider will either cut corners or raise prices via change orders.
Pressure to decide immediately
Artificial urgency ('offer valid only today') is a manipulation tactic. Legitimate suppliers understand procurement cycles.
No mention of NSSF/SHIF compliance
Employers are legally required to contribute. Suppliers that ignore this have staff welfare and regulatory issues that will eventually become your problem on joint projects.
Contracts & Payments in Kenya
Essential Contract Clauses
Kenyan contract law is governed by the Law of Contract Act (Cap. 23) and is largely common-law based. For service agreements, ensure your contract includes:
Payment Methods & Tax Obligations
RTGS / SWIFT Bank Transfer
Risk: LowBest for: Contracts above KES 500,000
Tax note: Withholding tax 5% on service fees (non-resident: 15–20%). Deduct and remit to KRA via iTax.
ProvenGrid Escrow
Risk: Very LowBest for: All contracts with milestone payments
Tax note: ProvenGrid issues receipts. WHT obligations remain with the buyer.
M-Pesa Paybill
Risk: MediumBest for: Contracts below KES 100,000
Tax note: Confirm Paybill is in the company name. Request official receipt and ETR (Electronic Tax Register) receipt.
Cheque
Risk: MediumBest for: Rarely used; some government suppliers still require it
Tax note: Normal WHT applies.
Sector-Specific Procurement Tips
Information Technology
Browse →Pro tip: Always insist on a source code escrow clause. If the developer abandons the project, you own the code.
Construction & Real Estate
Browse →Pro tip: Confirm NCA grade matches your project value. Grade 1 can handle any value; Grade 7 is limited to KES 3M.
Legal & Compliance
Browse →Pro tip: Request a separate retainer letter specifying fee basis (hourly vs. fixed vs. contingency) before signing anything.
Finance & Accounting
Browse →Pro tip: Statutory audits must be conducted by a registered audit firm (not just any accountant). Verify ICPAK audit registration separately.
Marketing & Creative
Browse →Pro tip: Insist on owning all creative assets (logos, copy, ad accounts). Agencies that retain asset ownership create expensive lock-in.
Facilities & Support
Browse →Pro tip: Security firms must be licensed by PSRA. Ask for the licence number and verify at psra.go.ke before any deployment.
Frequently Asked Questions
How do I verify a company is legitimate in Kenya?
Check their KRA Tax Compliance Certificate on the KRA iTax portal, confirm business registration via eCitizen BRS, and confirm any sector-specific licences (CAK, NCA, LSK, ICPAK). ProvenGrid Directory cross-checks all of these and displays a verified badge on confirmed profiles.
What is the ProvenGrid Trust Score?
The ProvenGrid Trust Score (0–100) is a composite metric combining KRA/CAK/NCA verification status (25%), client review scores (20%), response rate (20%), escrow track record (15%), profile completeness (10%), and platform longevity (10%). A score above 75 indicates a highly trustworthy provider.
What should an RFQ include when hiring a Kenyan service provider?
Your RFQ should include: project scope and deliverables, expected start and end dates, budget range in KES, payment terms (milestone vs. lump sum), required compliance certificates, penalty clauses for delays, evaluation criteria, and a submission format/deadline.
Is M-Pesa safe for B2B payments in Kenya?
M-Pesa Paybill is acceptable for smaller transactions (under KES 100,000), but for larger B2B contracts, use ProvenGrid Escrow or RTGS bank transfer. Escrow protects buyers by releasing funds only when milestones are confirmed complete by both parties.
What red flags should I watch for when hiring a service provider in Kenya?
Key red flags: no KRA PIN or expired TCC, refusal to sign a formal contract, requests for 100% upfront payment, no physical verifiable office, absence of client references, requests to pay via personal M-Pesa rather than business accounts, and suspicious urgency to sign quickly.
Does withholding tax apply when I pay a Kenyan service provider?
Yes. Under Kenya's Income Tax Act, buyers must deduct and remit Withholding Tax (5% for residents, 15–20% for non-residents) on most service payments. This is remitted directly to KRA via iTax by the 20th of the following month. Failure to withhold makes the buyer liable for the unpaid WHT.
How many quotes should I get before awarding a contract?
Best practice (and public procurement rules) require a minimum of 3 comparable quotes for any contract above KES 50,000. For contracts above KES 500,000, run a formal RFQ process with at least 5 shortlisted suppliers and document your evaluation scoring.
What is the NCA registration requirement for construction companies in Kenya?
The National Construction Authority (NCA) registers contractors in categories 1–8 based on project value capacity. Category 1 can handle unlimited project values; Category 8 is limited to projects under KES 3 million. Always verify the contractor's NCA grade matches your project value at nca.go.ke.
Ready to Hire with Confidence?
Browse 4,200+ verified service providers across all 47 counties. Filter by KRA status, ProvenGrid Trust Score, and client reviews - then send an RFQ in under 2 minutes.
Find providers by county