Appendix A – Defined Terms
| No: 000044021528 | Date(g): 11/10/2022 | Date(h): 16/3/1444 | Status: In-Force |
The following are considered defined terms for the purpose of this Framework.
| Defined Term | Definition |
| Access Management | The process of granting authorised users the right to use a service, while preventing access to non-authorised users. |
| Anomalous Session | Log-in sessions to mobile or online services that have different log-in parameters to those previously used by the customer, e.g., Device ID or location; or when the IP address is flagged as a risk. |
| Anomaly Detection | Finding patterns in data that depart significantly from the expected behaviour. Fraud anomaly detection can be implemented as an intelligence tool using unsupervised Machine Learning algorithms. |
| Artificial Intelligence | The use of computer systems to perform tasks typically requiring human knowledge and logical capabilities, often in problem solving scenarios. |
| Black Box System | A complex system where the internal rules and mechanisms are not visible to or understood by the system owner. |
| Blacklist | A list of untrustworthy or high risk individuals or entities that should be excluded and avoided. Also known as block-list. |
| Case Management System | A system used to manage alerts and fraud incidents from an initial report, through investigation, resolution and remediation where required. |
| Code of Conduct | A defined set of expectations which outline principles, values, and behaviours that an organisation considers important to its operations and success. |
| Contractor | An individual or organisation under contract for the provision of services to an organisation. |
| Counter-Fraud Culture | The shared values, beliefs, knowledge, attitudes and understanding about fraud risk within an organisation. In a strong Counter-Fraud culture people proactively identify, discuss, and take responsibility for fraud risks. |
| Counter-Fraud Governance | A set of responsibilities and practices exercised by the Board, Executive and Senior Management with the goal of providing strategic direction for countering fraud, ensuring that Counter-Fraud objectives are achieved, ascertaining that fraud risks are managed appropriately and verifying that the enterprise's resources are used responsibly. |
| Counter-Fraud Governance Committee (CFGC) | An established group of individuals tasked with providing oversight and direction, and ensuring that the organisation’s combined Counter-Fraud capabilities are functioning appropriately and efficiently. |
| Counter-Fraud Maturity | The extent to which an organisation’s resources are effectively implemented for the purpose of countering fraud in comparison to global accepted standards and best practice. |
| Counter-Fraud Policy | A set of criteria for the provision of Counter-Fraud activities. It sets the commitment and objectives for Counter-Fraud and documents responsibilities. |
| Counter-Fraud Programme | A collection of policies, processes, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that are used to protect the Member Organisation and its customers against internal and external fraud threats. |
| Counter-Fraud Strategy | A high-level plan, consisting of projects and initiatives, to mitigate fraud risks while complying with legal, statutory, contractual, and internally prescribed requirements. |
| Counter-Fraud Department | A dedicated department or team established for the purpose of managing the implementation of the organisation’s Counter-Fraud objectives. |
| Critical services | Services provided by a third party where a failure or disruption in the provision of services could leave the Member Organisation unable to serve its customers or meet its regulatory obligations. |
| Cyber Security | Cyber security is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the Member Organisation's information assets against internal and external threats. |
| Due Diligence | The investigation of an employee, customer or third party to confirm facts and that it is as presented. |
| Emergency Stop | A self-service capability for customers to immediately freeze their account and block further transactions if they suspect their account has been compromised |
| Employee | Employees encompass members of the Board of Directors and its committees, Executives, permanent and contract employees, consultants, and employees working through a third party |
| Entity Resolution | A process to identify data records in a single data source or across multiple data sources that refer to the same real-world entity and to link the records together. |
| External Fraud | A fraudulent event conducted by any persons on the ‘outside’ of the organisation i.e., not employed by the organisation. |
| Financial Crime | Criminal activities to provide economic benefit including money laundering; terrorist financing; bribery and corruption; and market abuse and insider dealing. |
| Fraud | Any act that aims to obtain an unlawful benefit or cause loss to another party. This can be caused by exploiting technical or documentary means, relationships or social means, using functional powers, or deliberately neglecting or exploiting weaknesses in systems or standards, directly or indirectly. |
| Fraud case | An individual occurrence of fraud recognised by an organisation. |
| Fraud Landscape/Threat Landscape | Fraud threats, trends, and developments in the political, economic, social, technological, or legal environment. |
| Fraud Response Plan | A plan which details the actions to be undertaken when a fraud is suspected or has been detected. This will include reporting protocols, team responsibilities and information logging. |
| Fraud Risk Appetite | The level of fraud risk that an organisation is willing to accept or tolerate in pursuit of its objectives. |
| Fraud Risk Assessment | A process aimed at addressing the organisation’s vulnerability to fraud. This will include identification of fraud risks, assessment of the likelihood that fraud risks will occur and the resulting impact, determination of the appropriate response, and review of the control framework. |
| Fraud Risk Management | The ongoing process of identifying, analysing, monitoring, and responding to fraud risks to which the organisation and its customers are exposed. |
| Fraud Scenario Analysis | The testing of devised fraud scenarios for the purpose of assessing the current capability of fraud systems within the organisation. |
| Fraud Threat | Any circumstance or event with the potential to result in a fraud event occurring. |
| Fraud Typology | A categorisation of a fraud event based on its methodology and common themes with other fraud events. |
| Geofencing | Restricting access to online or mobile services based upon the user's geographical location. |
| Incident | A fraud case or series of associated cases. |
| Inherent Risk | The fraud risks posed to the organisation’s business operations or its customers if there were no controls present. |
| Intelligence Monitoring | The process of continually reviewing and gathering intelligence on new and emerging fraud threats and typologies from a comprehensive range of sources. |
| Internal Fraud | Fraud committed by or with the assistance of people employed by the organisation. |
| Key Risk Indicators (KRIs) | A measure used to indicate the probability an activity or organisation will exceed its defined risk appetite. KRIs are used by organisations to provide an early signal of increasing risk exposures in various areas of the enterprise. |
| Keyword Analysis | Codifying rules to match key words on a look-up table to those within key fields of a fraud case record. Complexity can be added to rules such as requiring the words to be in a particular order or high-risk terms that have often indicated fraud. |
| Machine Learning | The use of computer systems that have the capability to learn and adapt without explicit instruction through the use of algorithms or models to analyse and build on patterns and trends in data. |
| Management Information | Information collated and then presented, often in the form of a report or statement, to management or decision makers for the purpose of identifying trends, solving issues and/or forecasting the future. |
| Member Organisation | All financial institutions or financial services providers regulated by SAMA. |
| Model Validation | Analysis to assess whether the outputs of a system are performing as expected. |
| Mule accounts | Accounts set-up (often via remote or online channels) to receive fraudulently obtained funds and launder the proceeds of crime. |
| Multi-Factor Authentication | Authentication using two or more factors to achieve authentication. Factors include something you know (e.g., password/PIN), something you have (e.g., cryptographic identification device, token), or something you are (e.g., biometric). |
| Near Misses | Potential fraud incidents that are detected and remediated prior to the fraud incident resulting in a monetary loss. |
| Policy Breach | The failure to comply with or disregard of policy requirements. |
| Precision and Recall Testing | Metrics to evaluate the effectiveness of models. Precision: The ability of a classification model to identify only the relevant data points. Recall: The ability of a model to find all the relevant cases within a data set. |
| Predictive Analytics | The use of statistics and modelling techniques to determine future outcomes or performance. |
| RACI Matrix | Illustrates who is Responsible, Accountable, Consulted and Informed within an organisational framework. |
| Residual Risk | The remaining risk after management has implemented a risk response. |
| Risk | A measure of the extent to which an organisation is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. |
| Risk Factors | Different categories of risk that organisations must consider considered when performing a Fraud Risk Assessment |
| Rules | Rules used in fraud prevention and detection systems use correlation, statistics, and logical comparison of data to identify a pattern based on insights gained from previous known fraud incidents. |
| Scams | Where an individual is tricked into making or authorising a payment to a criminal’s account. Scammers typically use social engineering and can impersonate banks, investment opportunities, utility companies and government bodies using emails, phone calls and SMS that appear genuine. |
| Sectorial Anti-Fraud Committee | A committee governed by SAMA to combat fraud involving Member Organisations operating in the Kingdom (e.g., Banking Anti-Fraud Committee). |
| Senior Management | The highest level of management in an organisation (the level below the Board) and their direct reports. |
| Service Level Agreement (SLA) | The specific responsibilities for delivery, typically an agreement on timeliness or quality, for example relating to management of fraud alerts. |
| Static Data | Data with low change frequency (e.g., name, email address, mobile phone number, signatory rights, specimen signatures, power-of-attorney). |
| The Cyber Security Framework | SAMA's Cyber Security Framework. |
| Third Party | A separate unrelated entity that provides an organisation with a service. This may include suppliers, technology providers (e.g., Absher, Nafath), outsourcers, intermediaries, brokers, introducers, and agents. |
| Threat Intelligence | Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. |
| Trend Analysis | The process of collecting and reviewing information to identify patterns and predict future trends. |
| Trusted Device | A trusted device is a device that the customer owns, controls access to, and uses often. |
| Violation | Any act, or concealment of acts, of fraud, corruption, collusion, coercion, unlawful conduct, misconduct, financial mismanagement, accounting irregularities, conflict of interest, wrongful conduct, illegal or unethical practices or other violations of any applicable laws and instructions. |
| Whistle Blowing Policy | SAMA Whistle Blowing Policy for Financial Institutions. |
| Wholesale Payment Endpoint Security | Measures taken with respect to endpoint hardware, software, physical access, logical access, organisation and processes at a point in place and time at which payment instruction information is exchanged between two parties in the ecosystem. |