9. Annexure
Filling Form Instructions 1. This form is for new banking products and services in accordance with the New Banking Products and Services Regulation (second version / Nov 2023). 2. The form must be fully filled out by the bank. 3. The bank must verify the accuracy of the information filled in this form. 4. The form must not be modified in any way. 5. This form and supporting documents such as contracts, terms and conditions should be sent in two formats (Word-PDF) along with the other requirements as shown in annexure (1) to Banking Licensing Division via (PSBanking@sama.gov.sa) Bank name Product or service name Purpose of the application ☐ Notifying SAMA before launching a new product or service.
☐ Obtaining SAMA's no-objection for launching a new product or service according to clause (7.2.1)
☐ Obtaining SAMA's no-objection for launching a new product or service according to clause (7.2.2).
Is it a material change to an existing product or service? ☐ Yes ☐ No Provide date of previous Notification/Non-objection:
Day/Month/Year
Launching date:
Day/Month/Year
New product or service expected launch date:
Day/Month/Year
The rules and regulations that were taken into account in developing this product or service Product or service type
(You can check more than one)☐ Savings ☐ Personal finance ☐ Credit card ☐ Financial Derivatives ☐ Home finance ☐ Prepaid cards ☐ Financial lease ☐ Corporate finance ☐ Banking services ☐ E-service ☐ Treasury product ☐ Other: Annexure (1): Checklist
No. Document Attached Yes No Not Applicable 1 A formal letter signed by the Chief Compliance Officer notifying or requesting SAMA's no-objection to offer new product or service ☐ ☐ 2 Application form for new banking products and services (Annexure 2) ☐ ☐ 3 Statement of compliance (Annexure 3) ☐ ☐ 4 Consumer protection checklist (for retail products and services) signed by the Product or
Service Developer and Chief Compliance Officer (Annexure 4)
☐ ☐ ☐ 5 Copies of supporting documents e.g. terms and conditions, contracts, process workflow (Images), promotional material and any other related documents ☐ ☐ ☐ 6 Contract draft / service level agreement (SLA) / non-disclosure agreement (NDA) if there is a third party in the product and service ☐ ☐ ☐ 7 Risk assessment report which describe the product or service all inherent risks from both the bank's and customer's perspective together with the systems and processes that are in place to mitigate these risks. The following risks need to be considered at minimum:
- Credit Risk
- Market Risk
- Operational Risk
- Strategic Risk
- AML&CFT Risk
- Legal Risk
- Technology Risk
- Cyber Risk
- Fraud Risk
- Business Continuity Risk
- Data Privacy Risk
- Reputational Risk
☐ ☐ ☐ 8 Necessary Shari’ah Committee Approvals for new Shari’ah Compliant Products or Services. ☐ ☐ ☐ I, the undersigned, acknowledge that all the above-mentioned data and information and attached documents are correct, accurate and complete Chief Compliance Officer Date Day/Month/Year Signature Annexure (2): Application Form for New Banking Products or Services
No: 45032226 Date(g): 28/11/2023 | Date(h): 16/5/1445 Status: In-Force A detailed description of the product or service: Product or Service Risk Classification (For example: High, medium, low risk): Did The bank completed the independent evaluation required under clause (7.1) ? ☐Yes ☐No Evaluation date: Day/Month/Year Is the bank complied with the required maturity level in the frameworks mentioned in clause (7.1) ? ☐Yes ☐No Notes: Product or service objectives: Product or service features: Product or service offering journey: Product or service delivery channel(s): ☐ Bank branches ☐ E-Channels ( ☐ Phone Banking, ☐ Mobile Banking, ☐ Bank's Website) ☐ Relationship Mangers ☐ Other: Targeted customers: ☐ Existing bank customers ☐ Non-existing bank customers Targeted segment: ☐ Retail ☐ Small/Medium enterprises ☐ Corporate ☐ Government sector ☐ Non-profit sector ☐ Other: Customer identity verification mechanism: Fees, commissions and any other additional amounts might be incurred by the customer: Product or service launching plan in the local market: Similar products or services offered in the local market (if any): The potential impact on the bank's liquidity ratios (SAMA Liquidity Ratio, CAR, LCR & NSFR) and any other regulatory indicators: Technological requirements, details and the integration method with third parties and other technological systems, including but not limited to Robot, Cloud, Biometrics: System classification by the entity, whether it is a main or secondary system: In case of storing data, clarify the location of the data storage, the storage method and the type of data shall be clarified in detail, with reasons and justifications: In case of contracting with third parties, the details of the third parties shall be provided, including the name, location, duties, responsibilities, and any relevant information. Third-party remote access method (if applicable): In case of contracting with third parties, what are the type of data will be shared, and what measures will be taken to maintain information privacy and security: Has the verification method been clarified for the product/service, e.g. two factor authentication (2FA) using the password and the one-time password (OTP): Has the product/service been added to fraud monitoring systems with the ability to directly add and modify scenarios: Do third parties comply with the cloud computing cybersecurity controls (in the case of using cloud computing technology): In case of technological integration, explain the integration method in detail: The internal bank function responsible for monitoring the product or service: The method of cancelling the product or service by the customer and cancelation fees (if applicable): Information/correspondences with SAMA regarding the above product or service(If any): Additional information: Product or service developer name and contact information (email, mobile phone, landline): Annexure (3): Statement of Compliance
Product/Service name We, the undersigned, acknowledge that the aforementioned product or service has been fully reviewed and does not violate any laws, instructions or professional practices. We also acknowledge that submitting this application (notification or non-objection) to SAMA does not burden it with any responsibility whatsoever and does not indicate that SAMA guarantees the product or service soundness. In addition, we acknowledge that we bear all the risks that may result from launching the product or service. Furthermore, we confirm that failure to comply with this acknowledgment entitles the authorities to take all measures, including inflicting penalties, holding violators accountable, withdrawing the product or service from the market, committing to correcting any adverse results, and compensating customers for any losses that may occur due to default or negligence on the bank's part. Product or Service Developer Head of Customer Care Head of Legal Affairs Head of Data Privacy Head of Financial Fraud Head of Business Continuity Head of Information Security Head of Information Technology Chief Risk Officer Head of Anti-Money Laundering and Counter-Terrorist Financing Chief Compliance Officer Annexure (4): Consumer Protection Checklist
Before or upon concluding a product/service agreement with the customer: No Requirements Cases Yes No Not Applicable 1 Has the bank done a complete study on the product or service suitability to customer needs ☐ ☐ ☐ 2 Were the expected risks to customers from the product or service identified when advertising, and disclosed in the initial disclosure form (before signing the contract) ☐ ☐ ☐ 3 The bank must disclose the discounts and their conditions to customers - if available - and include them in the initial disclosure form (before signing the contract) ☐ ☐ ☐ 4 Ensuring that customer service staff and/or marketers are clearly familiar with the product or service provided helps customers make a decision before entering into a contract ☐ ☐ ☐ 5 The bank must study the customer's financial solvency before granting the product/service and keep it in the customer's file in a way that enables it to:
1. The customer's ability to fulfill the due payments without delay
2. The customer's understanding of the characteristics of the product or service.
3. The product or service meets the customer's need
4. The customer's ability to bear the risks of the product or service
☐ ☐ ☐ 6 The bank must disclose the product/service provider in the initial disclosure form if the product or service provider is a third party ☐ ☐ ☐ 7 Advertising the product or service to customers is appropriate, does not use a seductive or misleading method of marketing, and uses language that is easy to understand and in clear writing, including margins ☐ ☐ ☐ 8 Are the terms and conditions explained in clear language, including fees, and are they fair to customers? A summary of this is provided in the initial disclosure statement, and this is explained to the customer before signing the contract ☐ ☐ ☐ 9 The potential fines and penalties that the customer will bear if the product or service is used on other than the agreed terms must be explained ☐ ☐ ☐ After concluding the product or service agreement with the customer: 1 The product or service must be compatible with SAMA Care's main or sub-classifications of complaints ☐ ☐ ☐ 2 Clarifying the mechanism for submitting a complaint and the contact information with the bank in the product or service contract ☐ ☐ ☐ 3 Providing beneficiaries with a free statement of account (paper or electronic) on a monthly basis showing the payments made and the remaining payments ☐ ☐ ☐ 4 Having specialized staff to provide advice to customers who face financial and technical difficulties during contract periods and providing appropriate solutions for them to overcome these difficulties ☐ ☐ ☐ Product or Service Developer Chief Compliance Officer Date Date Day/Month/Year Day/Month/Year Signature Signature Annexure (5): Annual Report for Banking Products and services
Soft Launch
Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.