Entire Section | SAMA Rulebook

Governance and Internal Control

Key Principles of Governance in Financial Institutions
In accordance with chapter 1.3 of the "Key Principles of Governance in Financial Institutions", issued by SAMA circular No (42081293) dated 30/06/2021, these principles shall apply on a mandatory basis for finance companies and real estate refinancing companies.
and subject to the mandatory provisions stipulated in relevant laws and regulations, these principles shall apply as guiding rules to, consumer microfinance companies, finance support companies, financial lease contract registration companies, and debt-based crowdfunding companies. The Central Bank may, at any time, enforce all or some of the provisions of these principles on a mandatory basis.
To read the Key Principles of Governance in Financial Institutions, click here.

Requirements for Appointments to Senior Positions
To read the Requirements for Appointments to Senior Positions, click here.

Corporate Governance

Board of Directors

Senior Management

Major Departments

Audit Committee

Compliance Principles for Finance Companies and Real Estate Refinance Companies
No: 46020562 Date(g): 1/10/2024 | Date(h): 28/3/1446 Status: In-Force
Based on the powers vested to Sama under the Finance Companies Control Law issued by Royal Decree No. (M/51) dated 13/08/1433H, and its Implementing Regulations issued by the Decision of SAMA Governor No. (2/MFC) dated 14/04/1434H,
We would like to inform you of the issuance of the decision of His Excellency the Governor No. (161/MFC) dated 14/02/1446H, which includes the approval of the Compliance Principles for Financing Companies and Real Estate Refinance Companies, according to the attached version. These principles will be implemented (180) days after their publication on the SAMA’s website.
For your information and action accordingly.
SAMA issued these Principles based on the powers vested in SAMA under the Finance Companies Control Law issued by Royal Decree No. (M/51) dated 13/08/1433H and its Implementing Regulations issued by the Decision of SAMA Governor No. (2/MFC) dated 14/04/1434H.

Chapter I: Definitions, General Provisions and Scope of Application

1. Definitions

For the purpose of applying the provisions of these Principles, the following terms and phrases, wherever mentioned herein, shall have the meanings assigned thereto unless the context otherwise requires:

Term	Definition
SAMA	The Saudi Central Bank.
Principles	Compliance Principles for Finance and Real Estate Refinance Companies.
Company	Finance Company and Real Estate Refinance Company licensed by SAMA.
Board	Company's Board of Directors.
Executive Management	Individuals who run the Company's day-to-day business and propose and implement strategic decisions. The Executive Management is considered the senior management.
Unit	The Company's compliance function/department, which reports directly to the Audit Committee.
Compliance Officer	Compliance Unit's officer/manager in the Company.
Unit Staff	All Compliance Unit's staff who perform compliance-related duties and responsibilities.
Laws	The laws that apply to the Company and its Staff.
Instructions	All binding regulations, rules, principles, frameworks, guidelines and circulars issued by SAMA, in exercise of its role as a regulatory and supervisory authority, and other competent entities.
Non-Compliance Risk	Risks that result in the application of penalties or regulatory measures against the Company, or lead to it incurring financial losses or harming its reputation as a result of non-compliance with laws and instructions.

2. General Provisions

a.	These Principles aim to:
	1.	Promote sound practices in the Company, and continuously ensure the effectiveness and implementation of compliance policies.
	2.	Promote a compliance culture that is integral to the Company's culture, taking into account that its scope of integration goes beyond the Unit Staff to include all of the Company's employees.
	3.	Define the responsibilities of the Board, the Audit Committee, the Executive Management, the Compliance Unit, the Company's o employees, and the Internal Audit Department towards compliance.
	4.	Set the minimum requirements to enable the Unit to perform its duties efficiently, professionally and effectively.
b.	These Principles shall not prejudice the requirements imposed on finance and real estate refinance companies under relevant laws and instructions, including but not limited to:
		Finance Companies Control Law and its Implementing Regulations. Real Estate Finance Law and its Implementing Regulations. Anti-Money Laundering Law and its Implementing Regulations. Law of Combating Crimes of Terrorism and its Financing and its Implementing Regulations. The Rules Governing Real Estate Refinance Companies. Rules for Engaging in Debt-Based Crowdfunding. Rules for Regulating Buy-Now-Pay-Later (BNPL) Companies. Anti-Fraud Rules for Finance Companies. Key Principles of Governance in Financial Institutions under the Control and Supervision of the Saudi Central Bank. Code of Conduct and Work Ethics in Financial Institutions Financial Consumer Protection Principles and Rules. The Requirements for Appointments to Senior Positions in Financial Institutions Supervised by SAMA. Debt Collection Regulations and Procedures for Individual Customers Rules for Establishing a Customer Care Department in Finance Companies. The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Guide. Whistle Blowing Policy for Financial Institutions.

3. Scope of Application

a.	The provisions of these Principles shall apply to finance and real estate refinance companies.
b.	These Principles shall serve as a guide to finance support companies and finance lease contract registration companies. SAMA may, at any time, enforce all or some of these Principles.

Chapter II: Duties and Responsibilities of the Board, Audit Committee and Executive Management Towards Compliance

Principle 1: Duties and Responsibilities of the Board Towards Compliance

1.	Subject to its duties and responsibilities contained in relevant laws and regulations and SAMA-issued instructions, the Board shall:
	a.	Buttress and promote the values of honesty and integrity throughout the Company.
	b.	Ensure the existence of a compliance unit that is effective, well-developed and independent. It shall be granted appropriate powers and resources, and its employees provided with specialized training while developing their abilities and skillsets in the field of compliance.
	c.	Approve a written policy for compliance that sets out the powers,tasks and responsibilities of the Compliance Unit , as well as compliance programs and relevant processes.
	d.	Appoint the Compliance Officer based on the Audit Committee’s recommendation after obtaining a no-objection letter from SAMA.
	e.	Accept the Compliance Officer’s resignation based on the Audit Committee’s approval, and notify SAMA thereof.
	f.	Set a clear outline of the responsibility and accountability of the Company; enforce compliance thereof by its employees; and establish complete separation of responsibilities at the level of Executive Management.
	g.	Review the periodic compliance report submitted by the Compliance Officer.

Principle 2: Duties and Responsibilities of the Audit Committee Towards Compliance

1.	Subject to its duties and responsibilities contained in relevant laws and regulations and SAMA-issued instructions, the Audit Committee shall:
	a.	Review the periodic compliance report submitted by the Compliance Officer; document the actions taken regarding to, and decisions resulting from, the report; and submit it to the Board.
	b.	Verify the implementation and evaluate the effectiveness of, update, and propose the necessary amendments to the compliance policy approved by the Board on an annual basis.
	c.	Approve the plan that encompasses the main activities and operations of the Unit, subject to annual update by the Compliance Officer.
	d.	Submit recommendations to the Board for the appointment of the Compliance Officer along with the reasons and justifications.
	e.	Approve the resignation request of the Compliance Officer.
	f.	Assess the Compliance Officer’s performance according to the Company’s approved plan.
	g.	Evaluate the effectiveness and efficiency of compliance policies, procedures, reporting mechanism and the extent of compliance with such policies on an annual basis; and submit recommendations to the Unit for improvement to the policies before their approval by the Board.
	h.	Review and approve the risk-based compliance program implemented by the Unit in their work.
	i.	Review the outcomes of SAMA’s reports, and ensure that the Company has taken the necessary actions in this regard.
	j.	Escalate issues to the Board as needed, and give recommendations on the actions that must be taken.
	k.	Verify the Company’s compliance with relevant laws, regulations, policies and instructions, and take the necessary measures to improve the level of regulatory compliance in the Company.
	l.	Verify that the number of employees in the Unit is sufficient to match the size of the Company’s business and business model.

Principle 3: Duties and Responsibilities of the Executive Management Towards Compliance

1.	Subject to its duties and responsibilities contained in relevant laws and regulations and SAMA-issued instructions, the Executive Management shall:
	a.	Comply with applicable laws and instructions, and take the necessary measures and controls to prevent violations thereof.
	b.	Establish an independent unit for compliance and describe its role to all Company employees.
	c.	Create a work atmosphere built on trust and harmony between the Unit and other departments, and take the necessary measures to achieve that.
	d.	Develop a written policy for compliance approved by the Board that sets out the powers, tasks and responsibilities of the Unit, as well as relevant compliance programs.
	e.	Incorporate into the Company’s internal regulations guarantees of compliance with relevant laws and instructions.
	f.	Develop a written organizational policy that includes work guidelines and procedures, and update it continuously in line with changes. The policy shall be communicated to the concerned employees in the appropriate manner and within a timeframe that allows for compliance. Such policy shall include the rules regulating compliance to the relevant laws and instructions.
	g.	Provide appropriate training to the Company’s employees on an annual basis with periodic follow-ups, with the aim of keeping pace with developments in their respective fields of work and ensuring that they perform their duties and responsibilities effectively to help achieve compliance.
	h.	Support the Unit to undertake its duties, including AML/CTF, by qualifying staff and upgrading technical and information systems, and budget setting in order to effectively implement, manage and monitor the AML/CTF program requirements, in the event that the AML/CTF unit is reporting to the Compliance Unit.

Chapter III: Features, Duties and Responsibilities of the Unit

Principle 4: Key Features of the Unit

Autonomy
1.	Autonomy is inclusive of the following:
	a.	The Unit shall have an official status in the company.
	b.	The Unit shall functionally report to the Audit Committee and administratively to the Executive Management.
	c.	The Compliance Officer and Unit Staff shall perform the tasks assigned to them with autonomy, and they may not perform any other administrative tasks.
	d.	The Compliance Officer and Unit staff shall have the authority to access all information and documents, and communicate with any of the Company staff to the extent necessary to discharge their responsibilities.
	e.	Other departments shall not interfere with the Unit’s work, without prejudice to the Unit’s cooperation with other departments in a manner that serves the compliance.
Compliance Officer
2.	Compliance Officer selection and nomination is subject to the Requirements for Appointment to Senior Positions issued by SAMA and any relevant SAMA instructions issued at a later date.
3.	The Compliance Officer shall have the necessary knowledge and skills to perform the Unit’s duties and maintain its effectiveness. To this end, the Compliance Officer shall:
	a.	Obtain Compliance for Financing Companies Sector Professional Certificate, excluding any incumbents assigned to the position.
	b.	Have broad expertise in the finance sector and understanding of all laws and instructions related to various finance operations and other relevant regulations.
4.	Submit periodic compliance reporting to the Audit Committee. The report shall identify the main non-compliance risks facing the Company, and key observations reached as a result of reviewing the work of the departments during the reporting period; analyze existing processes and procedures related to compliance and assess their effectiveness; and suggest any amendments or changes relevant to these functions.
5.	Have the authority to hold periodic meetings with the Executive Management and directors of other departments and units to discuss compliance implementation in accordance with the relevant regulations and instructions.
6.	Meet with the Audit Committee during the submission period of periodic compliance reporting to assess the extent of the company’s ability and effectiveness in managing its non-compliance risks.
7.	Verify any possibility of non-compliance, and may request support from specialists within the Company (such as the internal auditor), or involve an external specialist to carry out the task if necessary. Have the authority to directly contact concerned officials, whether in the Board, the Executive Management or the Audit Committee, in the event of any observation or violation.
Unit Staff
8.	The number of employees in the Unit shall be sufficient and consistent with the Company’s business model and size. Unit employees shall report solely to the Compliance Officer.
9.	Unit employees shall have the appropriate qualifications and expertise to perform their job duties and keep abreast of developments in their field of work.
10.	Unit employees shall have full understanding of the instructions and their impact on the Company's business.

Principle 5: Duties and Responsibilities of the Unit

1.	The Unit shall, without limitation:
	a.	Cooperate and communicate with control and supervisory authorities effectively, taking into account their reported observations to identify shortcomings periodically, and coordinate with other departments to address and resolve them.
	b.	List, communicate and explain the relevant laws and instructions to other departments and units immediately upon receiving them from the supervisory authorities, and ensure that they are incorporated into the work policies and procedures of each department and unit according to their competencies; and implemented within the specified period.
	c.	Cooperate with the Company staff and provide them with support and advice in their compliance-related daily work.
	d.	Identify and address all risks of non-compliance and ways to avoid them, provide advice on them, and monitor their developments.
	e.	Analyze new policies, procedures and processes and suggest necessary recommendations to address non-compliance risks therewith.
	f.	Adopt a risk-based compliance program and include its findings in the periodic compliance report.
	g.	Collect compliance-related complaints and formulate written guidance to staff, where necessary.
	h.	Draft internal policies and procedures to combat financial crimes, such as money laundering, terrorism and combating fraud, and test their effectiveness in line with developments and recent changes.
	i.	Monitor compliance with AML/CTF laws, regulations, and rules.
	j.	Promote awareness of compliance issues and provide training to staff on compliance-related matters through periodic programs, and clarify the risks of non-compliance with laws and instructions.
	k.	Report to SAMA and the Audit Committee upon the identification of any irregularities or violations resulting from non-compliance.
	l.	Review the work of the customer care department semiannually at least to ensure the soundness of its workflow, with the exception of real estate refinance companies.
	m.	Review the work of the department concerned with collection procedures and/or the third party to which the collection task was assigned on an annual basis – at least – to ensure the soundness of the procedures and their compliance with Debt Collection Regulations and Procedures for Individual Customers and the relevant instructions, taking into account that the review of such department and/or third party’s work does not include real estate refinance companies.
	n.	Develop methods to measure the risks of non-compliance quantitatively and qualitatively, and use these measures to support the assessment, management and addressing of non-compliance risks. Technology can be used as a means of developing risk indicators by aggregating or filtering data that may be indicative of potential non-compliance risks; for example, but not limited to, increased customer complaints, fraud cases, reports, penalties and sanctions imposed, with determination being made as to the extent to which additional measures are needed to address them.
	o.	Create a database for all instructions, classify them according to the work of each department or unit, update them continuously, and enable all Company employees to access and benefit from such database continuously.
	p.	Recommend approval of contracting with external service providers and verify their compliance with relevant instructions.

Principle 6: Responsibilities of Company Staff Towards Compliance

1.	Company employees shall be responsible for compliance with and implementation of the policies, procedures and controls issued by the relevant control and supervisory authorities.
2.	Company employees shall refer regulation- and supervision-related inquiries received from the competent authorities to the Unit. Moreover, no employee shall have the right to respond to any such inquiry or provide such authorities with the requested information except through the Unit or unless otherwise authorized to do so. Company employees shall cooperate in providing documents that support the Unit to respond to such inquiries.
3.	Before applying for SAMA’s no-objection, the approval of the Unit, in addition to the approval of other relevant departments, for the offering of products and services to be provided by the Company to its individual clients or beneficiaries of microfinance shall be obtained, with documentation of the Unit’s verification that the product or service does not violate the relevant laws and instructions.

Principle 7: Responsibilities of Internal Audit Department Towards Compliance

1.	Subject to its duties and responsibilities contained in relevant laws and regulations and SAMA-issued instructions, the Internal Audit Department shall:
	a.	Assess the internal control system to ensure that the Company and its employees comply with relevant laws and instructions as well as the Company's policies and procedures, whether the management of operations is carried out internally or outsourced.
	b.	Review the main activities and operations of the Unit at least annually in accordance with the plan approved by the Audit Committee, and update this plan annually.
	c.	Conduct regular assessment to verify the effectiveness of Company policies and procedures, provided that procedures undertaken are properly documented, and such information is included in the Internal Audit Department’s report prescribed in the Implementing Regulations of the Finance Companies Control Law.

Chapter IV: Concluding Provisions
1. These Principles shall enter into force (180) days as of the date of its publication on SAMA’s official website.

Internal Audit Principles for Finance Companies and Real Estate Refinance Companies
No: 46020559 Date(g): 1/10/2024 | Date(h): 28/3/1446 Status: In-Force
The Saudi Central Bank (SAMA) issued these Principles based on the powers vested in SAMA under the Finance Companies Control Law issued by Royal Decree No. (M/51) dated 13/08/1433H and its Implementing Regulations issued by the Decision of SAMA Governor No. (2/MFC) dated 04/14/1434H.
We would like to inform you of the issuance of His Excellency the Governor's Decision No. (160/MFC) dated 14/02/1446 H, which includes the adoption of the internal audit principles for finance companies and real estate refinance companies in the attached format. These principles will come into effect 180 days from the date of their publication on SAMA's website
SAMA issued these principles based on the powers vested in SAMA under the Finance Companies Control Law issued by Royal Decree No. (M/51) dated 13/08/1433H and its Implementing Regulations issued by the Decision of SAMA Governer No. (2/MFC) dated 04/14/1434H.

Section One: Definitions, General Provisions and Scope of Application

1. Definitions

For the purpose of applying the provisions of these Principles, the following terms and phrases, wherever mentioned in this document, shall have the meanings assigned to them unless the context otherwise requires.

Term	Definition
SAMA	The Saudi Central Bank.
Principles	The Internal Audit Principles for Finance Companies and Real Estate Refinance Companies.
Law	The Finance Companies Control Law.
Regulations	The Implementing Regulation of the Finance Companies Control Law.
Company	The finance companies and the real estate refinance companies licensed by SAMA.
Board	The Company’s board of directors.
Executive Management	Individuals who run the Company’s daily business, propose and implement strategic decisions, and are considered senior management.
Department	The internal audit department whose director and employees assume internal audit duties and responsibilities in the Company.
Department Director	The person in charge of the internal audit department in the Company.
Internal Auditors	The employees in the Department who are primarily in charge of internal auditing.
Internal Audit Functions	An independent function that provides assurance and objective consulting on the quality, adequacy and effectiveness of the Company’s internal control system. This is achieved by following a systematic and disciplined approach to review the accounting, financial and operational processes, among others, and evaluate and improve the effectiveness of governance, risk management and control processes.
Internal Audit Policy	A formal document prepared by the Department Director and approved by the Board. It contains the items mentioned in Principle 7.
Independance	The freedom from conditions that threaten the ability of the Department to carry out its duties and responsibilities in a professional, objective and unbiased manner.
Objectivity	The unbiased, fact-based professional attitude that allows Internal Auditors to perform their duties in such a manner that they believe in their work product. Additionally, the freedom from material interference or influence from outside the Department or from one’s ideology and personal feelings.
Conflict of Interest	The situation(s) in which the Department Director/Internal Auditor directly or indirectly has an interest or relation in a subject under consideration where they have to make a decision. Such interest or relation may affect the objectivity, independence or impartiality of their decision.
First Line	Business units in charge of identifying, assessing and managing their activity risks in early stages and on an ongoing basis, and take such risks within permissible limits.
Second Line	control and support units, such as risk management, compliance, legal and Sharia (if any), financial and IT departments related to business units that are responsible for comprehensively and systematically ensuring that the business units in the First Line have identified and are effectively managing their business risks.
Third Line	The internal audit department that is responsible for providing independent and objective assurance and advice on the adequacy and effectiveness of governance, risk management, oversight, controls, policies and procedures implemented by the First and Second Lines and boosting confidence in them as well as providing the Audit Committee with reasonable assurance that the policies and procedures are in line with established expectations.
Stakeholders	Anyone who has a direct or indirect interest in the Department, in particular: the Board, Audit Committee, Executive Management, business units, external auditors, external consultants, shareholders, investors and customers.
Laws	The laws that apply to the Company and its employees.
Instructions	All binding regulations, rules, principles, frameworks, guidelines and circulars issued by SAMA, in exercise of its role as a regulatory and supervisory authority, and other competent entities.

2. General Provisions

2.1	These Principles are aimed to:
	a.	Enhancing internal control and improving the Company's operations and business, taking into account that the methods by which these Principles are applied depend on many factors, including the Company’s size, type, and nature and complexity of business.
	b.	Setting the minimum requirements to enable the Department to perform its tasks efficiently and optimally.
2.2	These Principles shall not prejudice the requirements imposed on the Company under relevant laws, regulations and instructions, including but not limited to the following:
		The Finance Companies Control Law and its Implementing Regulations. The Real Estate Finance Law and its Implementing Regulations. The Rules on Outsourcing for Finance Companies. The Anti-Fraud Rules for Finance Companies. The Rules Governing Real Estate Refinance Companies. The Rules for Engaging in Debt-Based Crowdfunding. The Rules for Regulating Buy-Now-Pay-Later (BNPL) Companies. The Key Principles of Governance in Financial Institutions under the Control and Supervision of SAMA. The Code of Conduct and Work Ethics in Financial Institutions. The Requirements for Appointments to Senior Positions in Financial Institutions Supervised by SAMA. The Cyber Security Framework. The Information Technology Governance Framework. The Whistle Blowing Policy for Financial Institutions.
2.3	Best local and international internal audit standards issued by relevant entities must be followed in a manner that does not contradict these Principles and the instructions issued by SAMA.

3. Scope of Application

3.1	The provisions of these Principles shall apply to finance companies and real estate refinance companies.
3.1	The Provisions of these Principles shall serve as a guide to finance support companies and financial lease contract registration companies. SAMA may, at any time, require applying all or some of these Principles.

Section Two: Duties and Responsibilities of the Board, Audit Committee and Executive Management toward Internal Audit

Principle 1: Duties and Responsibilities of the Board toward Internal Audit Function

1.	Taking into account the Board’s duties and responsibilities contained in SAMA’s instructions and the relevant laws and regulations, the Board shall be responsible for the following:
	a.	Following up on any developments in SAMA’s internal audit laws, regulations and instructions.
	b.	Ensuring the independence of the internal and external auditors and the accuracy and integrity of the information and data to be disclosed in line with disclosure and transparency requirements.
2.	Without prejudice to the Audit Committee's independence in performing its work separately from the Board’s work, the Board shall be responsible for the effective supervision of the Audit Committee and the follow-up on its work and duties.
3.	In relation to the duties and responsibilities of the Executive Management toward internal audit, the Board shall be responsible for the following:
	a.	Ensuring that the Executive Management has established and maintained an appropriate, efficient and effective internal control framework that is able to identify, measure, monitor and manage all risks to which the company is exposed.
	b.	Reviewing the effectiveness and efficiency of the internal controls based on the information provided by the Audit Committee and Executive Management.
4.	Taking into account the Board’s duties and responsibilities contained in SAMA’ instructions and other relevant instructions, the Board’s responsibilities toward the Department include ensuring the following on an ongoing basis:
	a.	All necessary measures are taken to ensure the independence and effectiveness of the Department and that its policy is regularly updated.
	b.	The Department’s human and financial resources are adequate and proportionate to the size and nature of the Company’s business based on the recommendation of the Audit Committee.

Principle 2: Duties and Responsibilities of the Audit Committee toward Internal Audit Function

1.	Taking into account its duties and responsibilities contained in the relevant laws and instructions, the Audit Committee shall be responsible for the following:
	a.	Making recommendations to the Board on approving the Department’s organizational structure and reviewing it regularly as needed.
	b.	Making recommendations to the Board on the appointment, reappointment or dismissal of the Department Director and proposing their remuneration.
	c.	Following up on the implementation of the Department Director’s plan to attract human resources and evaluate its suitability, and ensuring the Department is appropriately staffed in terms of numbers, qualifications and skills according to the plan, taking into account that all employees of the Department as a whole have the necessary competencies to perform its tasks.
	d.	Reviewing and approving the internal audit plan prepared by the Department Director or the outsourced service provider, if any, including the scope of the plan and the allocated budget.
	e.	Reviewing internal and external audit reports and submitting recommendations in their regard to the Board.
	f.	Reviewing the Department's performance to verify its ability to perform its responsibilities independently and objectively.
	g.	Adopting KPIs for the Department Director and evaluating their performance.
	h.	Ensuring the Department Director’s integrity; ability to perform duties honestly, diligently, and responsibly; adherence to the laws, regulations, and instructions; and freedom from conviction of crimes that impinge on honor or integrity, unless they have been rehabilitated.
	i.	Ensuring that the Executive Management takes the necessary corrective measures in a timely and appropriate manner to address weaknesses in control and issues of compliance with policies, laws, instructions, and other violations, observations, and shortcomings that the Department identifies and makes recommendations on.

Principle 3: Duties and Responsibilities of the Executive Management toward Internal Audit Function

1.	Taking into account its duties and responsibilities contained in the relevant laws and instructions, the Executive Management shall be responsible for the following:
	a.	Implementing internal control and risk management systems, including the conflict of interest policy, in addition to ensuring the effectiveness and efficiency of such systems and compliance with the risk level approved by the Board.
	b.	Granting the Department complete and exclusive authority to access records, reach individuals and systems, and be provided with information, data and clarifications necessary to perform its tasks timely and appropriately as described in the Internal Audit Policy.
	c.	Informing the Department of any developments, initiatives, projects, products, new operational changes, and any amendments to the Company's policies and procedures.
	d.	Ensuring that all relevant risks (known or expected) are identified and reported to the Department at an early stage.
	e.	Sharing its assessment of various risks with the Department to allow it to plan the audit according to the risk-based approach.
	f.	Taking appropriate measures and corrective actions in a timely and appropriate manner regarding all findings and recommendations received from the Department.
	g.	Encouraging the invitation of the Department representatives to attend the meetings of various administrative committees as a standing invitee without having the right to vote on decisions.
	h.	Adding an indicator to the performance indicators of the Executive Management that reflects its interaction with the Department’s feedback in the appropriate time and manner.

Section Three: Department Features, Duties and Responsibilities

Principle 4: Key Department Features

Professional Competence
1.	The Department Director and the Internal Auditors shall have the necessary knowledge and skills to perform the Department’s duties and maintain its effectiveness. To this end, they shall:
	a.	Obtain academic certificates in accounting, auditing, business administration, or other areas related to internal audit, and preferably internal audit or accounting professional certificates, including but not limited to: CPA, CIA, SOCPA.
	b.	Have sufficient internal audit experience and the necessary skills to fulfill their responsibilities.
	c.	Receive adequate and necessary training on an ongoing basis to meet the technical requirements of the Company's activities.
Independence and Objectivity
2.	The Department shall report directly to the Audit Committee, and the Department Director and Internal Auditors shall be fully independent and objective in performing their work. To this end, they shall:
	a.	Have the freedom to directly discuss the Department’s views, findings, evaluations and conclusions with the Audit Committee and the Board.
	b.	Examine documents available to the Executive Management or other business units in the Company.
	c.	Reject any tasks not related to the internal audit function.
	d.	Perform their duties in all business areas and units of the Company without any restrictions from the Executive Management or any unit other than the Department.
	e.	Have the right to summon a meeting with the Audit Committee at any time, whenever needed, to discuss any topic the Department wishes to address.
Professional Ethics
3.	Taking into account the Code of Conduct and Work Ethics in Financial Institutions issued by SAMA and other relevant instructions, the Department Director and the Internal Auditors, when carrying out the Department tasks, shall:
	a.	Be professional, honest, and trustworthy.
	b.	Maintain the confidentiality of information obtained while performing their tasks and not misuse it for personal purposes or carry out harmful activities, even after leaving the Company.
	c.	Avoid conflicts of interest when performing tasks, clearly and explicitly disclose conflicts of interest (if any), and deal with them according to the policy approved by the Company’s Board for dealing with conflicts of interest.

Principle 5: Duties and Responsibilities of the Department Director

1.	The scope of duties and responsibilities of the Department Director must include the following, as a minimum:
	a.	Completing the necessary procedures for the audit plan to be approved by the Audit Committee.
	b.	Developing an internal audit policy and completing the procedures necessary for its approval by the Board upon the recommendation of the Audit Committee.
	c.	Recruiting human resources with appropriate qualifications and skills based on the actual needs of the business, developing a plan to provide such competent human resources, and sharing it formally with the Audit Committee to follow up on its implementation and assess its suitability.
	d.	Nationalizing jobs in the Department according to the relevant laws and instructions.
	e.	Monitoring, evaluating, and developing the performance of the Department employees continuously and encouraging them to obtain professional certificates related to internal audit.
	f.	Holding meetings with the Audit Committee individually as needed.
	g.	Monitoring the work of outsourced service providers when assigned to perform certain internal audit tasks, and ensuring their compliance with the relevant laws, regulations, and instructions, including these Principles and the internal audit policy adopted by the Company.

Principle 6: Duties and Responsibilities of the Department

1.	Subject to the relevant laws, regulations, and instructions, the Department's activity must include evaluating the Company’s governance, risk management, and compliance processes annually and submitting appropriate recommendations according to the approved internal audit plan.
2.	The Department shall evaluate the effectiveness of governance processes and make recommendations to the Audit Committee based on studying the following aspects:
	a.	The effectiveness of the Company’s strategic and operational decisions.
	b.	The Company’s compliance with the governance regulations approved by the Board.
	c.	The effectiveness of communication between the Board and internal or external auditors.
	d.	The effectiveness of IT governance in the Company in supporting its strategies and objectives.
3.	The Department shall evaluate the effectiveness of the Company’s risk management processes and contribute to their improvement. It shall also make recommendations in this regard to the Audit Committee, which in turn discusses them with the risk and credit management committee (as needed) based on studying the following aspects:
	a.	The ability of the risk management function or department to identify and evaluate risks.
	b.	The suitability of the risk response mechanism with the Company's level of risk appetite.
	c.	The ability of the risk management function or department to deliver risk-related information on a timely manner that enables the Board, Executive Management, and relevant departments to carry out their responsibilities.
4.	The Department shall investigate cases of fraud during the performance of its duties and conduct a regular assessment to verify the effectiveness of and compliance with anti-fraud policies and procedures approved by the Board. It shall also ensure appropriate and timely handling of suspicious cases of fraud, proper documentation of actions taken, and inclusion of such information in the Department’s report mentioned in Principle (9) of these Principles.
5.	The Department shall provide the Company with the necessary support to achieve the required level of compliance by evaluating the effectiveness and adequacy of the Company's compliance department procedures to avoid the risk of non-compliance.

Principle 7: Internal Audit Policy

1.	The Department Director shall prepare an internal audit policy and update it periodically, provided that it is approved by the Board upon the recommendation of the Audit Committee. This policy must include, as a minimum, the following:
	a.	The purpose of establishing the Department and the scope and methodology of its work.
	b.	The Department’s organizational structure in the Company as well as its powers, responsibilities, and relationship with other units in the Company.
	c.	The Department’s main characteristics described in Principle (4) of these Principles.
	d.	The Department's right to communicate directly with any of the Company's employees and to examine the activity of other departments.
	e.	The Department's right to access any records, files, data, or tangible property of the Company, in a manner consistent with the relevant instructions of SAMA.
	f.	The Department's right to obtain copies of the records and documents supporting audit work and activities, including the right to access administrative information systems, records, and minutes of all consultants in the Company and decision makers.
	g.	The Department's right to escalate to the Audit Committee without any restrictions whenever the need arises.
	h.	The Department's responsibility before the Audit Committee for all matters related to the performance of its duties and obligations.
	i.	The Department Director responsibility, including, as a minimum, the tasks and responsibilities mentioned in Principle (5) of these Principles.
	j.	The terms and conditions for outsourcing all or some of the internal audit tasks, taking into account the instructions of SAMA issued in this regard.
2.	The Company may refer to the Internal Audit Charter of the Institute of Internal Auditors to use it as a guide when preparing the Company’s internal audit policy.
3.	The internal audit policy must be clearly available to all Stakeholders in the Company for perusal.

Principle 8: Internal Audit Plan

1.	The Department Director shall develop a risk-based internal audit plan and the timetable for its implementation. The plan must be approved by the Audit Committee and updated annually, provided that it includes the following, as a minimum:
	a.	It provides risk assessment and identifies the resources needed to implement the plan.
	b.	It takes into account the inputs of the Executive Management and what is received from the Board during the development of the plan.
	c.	It considers the expectations of the Executive Management, the Board, and Stakeholders in the Company relating to internal audit functions.
	d.	It provides a list of business units and activities that are subject to audit during the year, which must include as a minimum: the risk management, compliance, collection, and credit departments (at least annually) and the customer care department (semi-annually), taking into account that the audit of the customer care department and the collection department does not apply to real estate refinance companies.
	e.	It accepts advice aimed at improving risk management and operational processes in the Company, and it reflects the advice taken.

Principle 9: Department Reports

1.	The Department shall prepare periodic reports on its audits and submit these reports to the Audit Committee. These reports must be divided into:
	a.	Quarterly reports: They include an evaluation of the internal control system of the audited departments, the results and recommendations related to their audits, and the actions taken by each department regarding these results and recommendations. They also indicate the status of the results that were not handled by the Company’s business units and the reasons for not handling them.
	b.	Annual reports: They include a comprehensive evaluation of the Company's internal control system and the audit activities carried out during the fiscal year as compared to the approved plan. They also indicate the reasons for any deficiency or deviation from the plan (if any) during the quarter following the end of the fiscal year.

Principle 10: Department Policies and Work Procedures

The Department Director shall develop policies and procedures for the Department’s work that include the mechanism for performing the tasks entrusted to it as well as the objective, scope, timeline, and resources required for each task separately. The Company's strategic objectives and the risks associated with implementing each task must be taken into account. Moreover, these policies and procedures must be updated periodically as needed.

Taking into consideration the instructions issued by SAMA and other regulatory bodies regarding information sharing, the Department shall keep and periodically update the documents related to its completed tasks.

Principle 11: External Evaluation of the Department

1.	An external evaluation of the internal audit work in the Company must be conducted at least once every five years. The Audit Committee shall recommend to the Board the appointment of candidates to conduct the evaluation after verifying their necessary qualifications and independence to carry out the tasks entrusted to them.
2.	The Department Director shall provide the necessary support for performing the external evaluation, and the Audit Committee shall submit the results of the evaluation and the corrective action plan for the observations made (if any) to the Board.
3.	The Board shall be responsible for ensuring that the Audit Committee has properly conducted the external evaluation.

Principle 12: Documentation of Documents and Reports

1.	The Department shall establish a database for its work and update it regularly.
2.	All internal audit reports, results, recommendations, corrective action plans, and supporting documents in addition to documents related to the work of external auditors must be kept in electronic records for at least (10) years from the date of their attachment to the Department database.

Principle 13: Department Relationship with First and Second Line Units

The Department represents the Third Line, which is the last one among the three line units. It shall be directly and constantly responsible before the Audit Committee for evaluating and confirming the adequacy and effectiveness of governance, risk management, regulatory controls, policies and procedures implemented by the First and Second Line units. The Second Line units shall be subjected to an independent audit by the Department.

Taking into account the relevant laws and instructions, the Company may combine the roles of the First and Second Lines into one line by following the best recognized international standards in this regard.

Section Four: Concluding Provisions

1.	Taking into consideration the Rules on Outsourcing for Finance Companies, if some or all tasks related to the internal audit function are assigned, it is the Company's responsibility to ensure that the outsourced service provider complies with the provisions of these Principles.
2.	These Principles shall enter into force (180) days after the date of its publication on SAMA’s website.

Shariah Governance Instructions for Finance Companies
No: 42071901 Date(g): 26/5/2021 | Date(h): 15/10/1442 Status: In-Force
Translated Document

Based on the powers vested in SAMA under its Law issued by Royal Decree No. (M/36) dated 11/4/1442 H, and the Finance Companies Control Law issued by Royal Decree No. (M/51) dated 13/8/1433 H, and in line with SAMA's desire to enhance Shariah governance procedures in finance companies, contributing to the development of Islamic finance in the Kingdom.
Attached are the Shariah Governance Instructions for Finance Companies, which aim to establish a minimum standard for Shariah governance practices in finance companies and to enhance the environment of compliance with Shariah principles and rules. These instructions also define the roles and responsibilities of the Board of Directors, senior management, the Shariah committee, as well as the principles of independence and confidentiality of information.
Please take note and act accordingly starting from 01/01/2022 G.

Chapter One: Preliminary Provisions

Article One: Introduction
1. SAMA has issued these instructions based on the powers vested to it under the Finance Companies Control Law, issued by Royal Decree No. (M/51) dated 13/8/1433 H, and its Implementing Regulations issued by the decision of the Governor No. (2/BSI) dated 14/4/1434 H.
2. The commitment of finance companies to conduct their financing activities in compliance with Islamic Shariah is one of the requirements of the Finance Companies Control Law, Article (3) of the Finance Companies Control Law, issued by Royal Decree No. (M/51) dated 31/8/1433 H, states that "Finance companies – licensed pursuant to this Law-shall engage in finance activities in a manner not conflicting with principles of Sharia as defined by Sharia committees, whose members are selected by these companies, without prejudice to the integrity of the financial system and equity of transactions."
3. These instructions aim to strengthen the role of Shariah committees in finance companies supervised by SAMA and ensure that financing activities align with the rules and principles of Shariah. To achieve this, it is expected that the Board of Directors and senior management of finance companies have a reasonable understanding of Shariah principles and their broad application in Islamic finance. It is also expected that the Shariah committee has sufficient knowledge of financial matters in general, and Islamic finance in particular, to enable them to understand the Shariah issues presented to them.

Article Two: Definitions

A.	The terms and expressions mentioned in these instructions shall have the meanings assigned to them in the Finance Companies Control Law and its Implementing Regulations
B.	For the purposes of applying these instructions, the following terms and expressions - wherever they appear in these instructions - shall have the meanings specified next to each of them, unless the context requires otherwise:

Central Bank: The Saudi Central Bank.

Instructions: The Shariah Governance Instructions for Finance Companies.

Board: The Board of Directors of the finance company.

Committee: A specialized Shariah committee responsible for supervising the compliance with Shariah principles and their applications in the financing activities conducted by the finance company.

Committee Members: A group of specialists whose academic backgrounds are not limited to Shariah knowledge but also include an understanding and expertise in contemporary financial transactions that are employed in the form of Shariah rulings directed to the finance company.

Independent Committee Member: A person who has a complete independence in their position and decisions, is able to carry out their duties, express opinions, and vote on Shariah decisions objectively and impartially, and is not subject to any conflicts of interest as specified in these instructions.

Shariah Compliance Supervision: Monitoring and ensuring that the financing activities of the finance company comply with Islamic Shariah principles.

Other words or expressions mentioned in these instructions carry the meanings specified in the Finance Companies Control Law, its Implementing Regulations, and related instructions.

Article Three: Scope
First: These instructions apply to finance company licensed to conduct one or more of the following types of financing activities:
1. Real estate financing
2. Financing of productive assets
3. Financing for small and medium enterprises (SMEs)
4. Finance leasing
5. Credit card financing
6. Consumer financing
Second: These instructions are considered as guidance for other financing activities licensed under the Finance Companies Control Law and its implementing regulations, except for provisions stated in relevant laws and instructions as mandatory. SAMA reserves the right to adhere the application of some or all the requirements of these instructions at any time.

Article Four: General Provisions
1. The finance company must establish policies and procedures that govern the work of the Shariah committee and provide a copy to SAMA. This includes specifying how meetings are held, the decision-making and documentation process, and the process for preparing and submitting reports.
2. The finance company must ensure that the committee's reports are submitted effectively and in a timely manner to the Board of Directors.
3. The Board must carry out its responsibilities and duties effectively, ensure the independence of the committee, verify the qualifications of its members, and ensure the effectiveness of Shariah compliance supervision.
4. The finance company must disclose the resumes of all committee members on the company's website so that stakeholders can assess their competence and ability to perform their duties effectively.

Chapter Two: Responsibilities of the Board of Directors and Senior Management

Article Five: Responsibilities of the Board of Directors

1.	The Board of Directors is primarily responsible for the financing activities conducted by the finance company and ensuring that these activities comply with the principles and rulings of Islamic Shariah in accordance with the committee's decisions. Specifically, it is responsible for the following:
		A.	Overseeing the finance company's adherence to and implementation of the Shariah rulings issued by the committee.
		B.	Ensuring the existence of an effective communication policy and mechanism between the key units of the finance company, enabling these units to communicate with senior management on matters related to the compliance of financing activities with the principles and rulings of Islamic Shariah in accordance with the committee's decisions.
		C.	Establishing appropriate compensation and remuneration for the members of the committee based on the recommendation of the Nomination and Remuneration Committee in accordance with the scope of their duties and responsibilities.
		D.	Evaluating the performance of the committee members based on their competence, knowledge, contribution, and effectiveness.
2.	The committee is directly linked to the Board of Directors.
3.	The Board approves on all policies and procedures governing the work of the committee and oversees their implementation.

Article Six: Responsibilities of Senior Management
1. Identify Shariah-related issues and refer them to the committee for a decision, providing the necessary information and disclosures in a timely manner.
2. Follow up on and implement the Shariah decisions issued by the committee.
3. Provide continuous education and training programs for key internal stakeholders, including the Board, the committee, and employees involved in Shariah and financial matters¹.
4. Ensure that financing activities comply with the principles and rulings of Islamic Shariah as outlined in the committee's decisions and recommendations.
5. Inform the Board and the committee about products suspected of not complying with Shariah principles through official reports, and immediately halt any products found to be non-compliant with Shariah principles.
6. Promote and instill a culture of compliance with Shariah principles within the finance company and familiarize relevant employees with Shariah-compliant financing products.
7. Develop financing products that align with Shariah principles and rulings.
¹The paragraph is for guidance purposes.

Chapter Three: Shariah Compliance Supervision

Article Seven: Shariah Compliance Supervision Activities
First: Shariah Compliance
1. The Shariah compliance task involves the regular assessment of the financing activities conducted by the finance company to ensure their alignment with Islamic Shariah principles and rulings.
2. The person responsible for Shariah compliance must ensure the level of adherence by the finance company to Shariah principles and rulings, and implement corrective procedures to address any non-compliance issues.
3. This task may be assigned to the compliance department or carried out by qualified Shariah experts within the finance company to perform Shariah compliance duties.
4. The finance company may engage an external specialized entity to perform Shariah compliance duties after notifying SAMA.
Second: Shariah Audit
1. The Shariah audit task involves an independent review process to provide objective assurance that enhances the level of compliance of the finance company's activities with Islamic Shariah principles and rulings.
2. The person responsible for the Shariah audit must conduct the audit at least once a year.
3. This task may be assigned to the internal audit department or carried out by qualified Shariah experts within the finance company to perform the Shariah audit.
4. The finance company may engage an external specialized entity to perform Shariah audit duties after notifying SAMA.
5. The results and observations of the Shariah audit must be submitted to both the audit committee and the Shariah committee at least once a year.

Chapter Four: Regulations for the Work of the Shariah Committee

Article Eight: Selection of Committee Members and Membership Requirements2

Members of the committee and its chairperson are selected and appointed by a decision of the Board of Directors—based on the recommendation of the Remuneration and Nomination Committee after obtaining the no-objection letter from SAMA. The finance company may seek approval from the General Assembly to appoint committee members if its internal policy includes such a provision. The committee is to be formed as follows:

1.	The number of committee members must be proportionate to the size and nature of the finance company’s business, with no fewer than three and no more than five members
2.	The chairperson of the committee must be an independent member. Independence is not fulfilled in the following cases
		A.	If the chairperson owns five percent or more of the shares of the finance company or its subsidiaries.
		B.	If the chairperson represents a person with legal status that owns five percent or more of the shares of the finance company or its subsidiaries.
		C.	If the chairperson has a direct or indirect interest in the transactions and contracts made on behalf of the finance company.
		D.	If the chairperson receives financial compensation from the finance company other than their salary or membership compensation for serving on the committee.
3.	The committee members must be qualified to carry out the tasks assigned to them, have a clear understanding of their roles and responsibilities, and possess the ability to exercise sound judgment objectively. Collectively, the members must have a range of professional, practical, and administrative skills, as well as appropriate Shariah and financial expertise, particularly honesty, commitment, and a high level of reputation, competence, and responsibility. The effectiveness of the committee depends on the experience of the members and their ability to make comprehensive judgments. The member’s qualifications should include the following:
▪	Competence: Reflected by the level of education, training, and skills, and having at least three years of experience in relevant fields.
▪	Shariah and Financial Knowledge: Members should possess appropriate Shariah knowledge as well as the ability to read and understand financial data and reports.
4.	A member of the Shariah committee of a finance company is not allowed to serve more than five Shariah committees of other finance companies³.
5.	The finance company must include a clause on confidentiality in the contract or terms of appointment for committee members to ensure the confidentiality and privacy of the finance company’s information.
6.	The finance company must notify SAMA in writing within five (5) working days if any member’s membership is terminated or if a member resigns for any reason. The termination of a committee member’s membership before the end of their term is only allowed with a valid justification. A resigning member must submit their resignation with the reasons to the Board of Directors.

⁽²⁾This article is for guidance purposes and will be mandatory starting from 01/01/2023G.

⁽³⁾If a finance company contracts with a Shariah consultancy firm, the individual providing Shariah consultancy services on behalf of the firm will be treated as a single committee member.

Article Nine: Responsibilities of the Committee⁴
The committee is responsible for all of its decisions regarding Shariah matters. The Board of Directors must rely on the committee for issuing Shariah rulings related to the finance company's operations. The committee must undertake the following tasks:
1-Meet regularly and as needed, with a minimum of one meeting every six months.
2- Issue timely rulings on the Shariah matters referred to it, ensuring that the finance company's operations are not adversely affected due to delays in obtaining the committee’s decisions.
3- Ensure that the Shariah policies and procedures developed by the finance company comply with Islamic Shariah principles.
4-Ensure that the financing products comply with Islamic Shariah principles. The committee must approve the terms and conditions in the product manual, models, contracts, agreements, and other legal documents used in executing transactions.
5- To ensure the quality and consistency of Shariah rulings, the committee must adopt an organized procedure for making, documenting, approving, and maintaining Shariah decisions to ensure the reliability of the decision-making process and to protect the committee from any potential undue influences.
6- Notify the Board and recommend appropriate measures if it is determined that the finance company has engaged in activities that do not comply with Islamic Shariah principles.
7-Prepare an annual report on the compliance of the finance company's operations with Islamic Shariah principles and submit it to the Board.
8-Inform SAMA if non-compliant activities are not effectively or adequately addressed, or if the finance company fails to take corrective actions regarding such activities.

⁴ This article is for guidance purposes and will become mandatory starting from 01/01/2023 G.

Chapter Five: Independence and Confidentiality of Information

Article Ten: Independence
The independence of the committee must always be maintained in the performance of its duties to issue objective and reliable Shariah rulings, as follows:
1. The Board of Directors must acknowledge the independence of the committee and ensure that it is not subjected to any influence that may hinder its ability to issue objective Shariah rulings when reviewing matters presented to it.
2. Shariah rulings issued by the committee may not be altered or ignored without the committee’s approval.
3. The committee must receive accurate and complete information from senior management, and it has the right to request additional information from senior management if the information provided is insufficient.
4. If the committee is not provided with the required information, the matter must be reported to the Board, which must take appropriate action to correct the situation.

Article Eleven: Confidentiality of Information
1. Committee members are obligated to maintain the confidentiality of internal information obtained during the performance of their duties and must not misuse it. Confidential or sensitive information acquired by any committee member during their work must not be used in any way that may harm the finance company.
2. Without prejudice to the above, the committee’s disclosure of information to SAMA for the purpose of informing it of any violations by the finance company of Shariah principles and rulings is not considered a breach of the principle of confidentiality.

Chapter Six: Final Provisions

Article Twelve
The finance company must review and amend its approved policies and procedures to ensure they do not conflict with these instructions.

Article Thirteen
These instructions shall be effective from 01/01/2022 G.

Article Fourteen
SAMA may exempt a finance company from applying any of the provisions stated in these instructions, provided that it does not conflict with the law.

Article Fifteen
SAMA is responsible for verifying the implementation of the provisions in these instructions. In the event of non-compliance, the finance company will be penalized in accordance with the relevant laws and regulations.

The General Committee of General Managers in Financing Companies
No: 381000003528 Date(g): 10/10/2016 | Date(h): 9/1/1438
Translated Document
Referring to the powers granted to the Central Bank* pursuant to The Finance Companies Control Law issued by Royal Decree No. (M/51) dated 13/8/1433 H. and based on" Article One Hundred From the Implementing Regulations of the Finance Companies Control Law issued by the Governor's Decision No. (2/BSI) dated 14/4/1434 H. Which stipulates that "A committee, or more, shall be formed by a decision of the governor, concerned with providing necessary proposals and recommendations for the development of the finance sector."
Accordingly, we inform you of the issuance of the decision by His Excellency the Governor, No. 56/BSI, dated 29/11/1437 H, which includes the formation of a general committee for general managers in financing companies in accordance with the terms of reference attached to this circular.

* The "Saudi Arabian Monetary Agency" was replaced By the "Saudi Central Bank" in accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding to 26/11/2020G.

1. Introduction

Based on the provisions of Article 21 of the Finance Companies Control Law issued by Royal Decree No. M/51 dated 13/8/1433H, which states that "The Central Bank supervises the activities of finance companies and exercises its powers pursuant to the provisions of this law and its regulation," and based on the Implementing Regulation of the same law issued by His Excellency the Governor’s Decision No. 2/BSI dated 14/4/1434H corresponding 24/2/2013G, which specifies in Article 2 that "The Central Bank shall organize the financing sector and supervise the business of the finance companies in accordance with the law and regulation...", and in continuation of the Central Bank’s role in supervising and monitoring the financing sector, and based on the authority granted under Article 100 which states that "A committee or more will be formed by a decision of the Governor to be responsible for presenting the proposals and recommendations necessary to develop the finance sector," and with theCentral Bank’s efforts to organize the regulatory frameworks for supervisory and monitoring activities in the finance companies sector, these terms of reference for finance companies’ committees have been issued to contribute to the sector’s growth, stability, and fairness of transactions.

2. Definitions
SAMA: Saudi Saudi Central Bank*
Permanent Committee: A committee whose activities are characterized by continuity and permanence.
Temporary Committee: A committee formed to address a specific task and ceases to exist upon the completion of that task. It is established whenever needed and should not exceed a duration of one year unless otherwise stated in the formation decision.
Committee Chairman: The member appointed to lead the committee and manage its activities.
Deputy Chairman: The member appointed to replace the Chairman in case of their absence, departure, or removal.
‏Committee Members: The members appointed to work on the committee, responsible for attending meetings and contributing to them.
‏Secretary: The person appointed to perform support, coordination, and other additional tasks for the committee. The Secretary attends meetings but does not have the right to vote.
Deputy Secretary: The person appointed to replace the Secretary in case of their absence, departure, or removal.
Expert: Any person invited or called to committee meetings for the purpose of providing expertise on a specific matter or consultation. The expert does not have the right to vote in any of the meetings they attend.
Agenda: A list of topics to be presented and discussed at the meeting, including the order and sequence of the workflow.
Meeting Minutes: An accurate record of what was discussed in the meetings, serving as the official reference for proposals, reports, and member opinions.
Quorum: The minimum number of members required to be present for the meeting to be considered valid and for the decisions to be effective. It is represented by two-thirds of the members.
Voting: The right granted to members present at a meeting with a quorum to express their opinion on a specific decision. Voting is categorized into several scenarios as follows:
- Unanimous Voting: All votes are in one direction.
- Abstaining from Voting: Choosing not to vote on any decision, either in approval or rejection.
- Majority Voting: Agreement by more than half of the members present on a decision after excluding the number of abstentions, in a valid meeting with a quorum.
* The "Saudi Arabian Monetary Agency" was replaced by the "Saudi Central Bank" in accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding to 26/11/2020G.

3. Organizational Structure of the Financing Companies Committees

4. Committees

4.1. The General Committee

4.1.1. Formation of the Committee
1. The General Committee is composed of the following:
- A Chairman and a Deputy Chairman, selected by the committee members themselves every two years.
- Members who are General Managers or Executive Managers of financing companies in the Kingdom of Saudi Arabia.
- A Secretary and a Deputy Secretary.

4.1.2. Nomination and Dismissal
1. Financing companies shall appoint a representative from their General Managers or Executive Managers to be members of the General Committee.
2. The Chairman and Deputy Chairman of the General Committee are appointed by the committee members through a majority vote every two years.
3. The Chairman of the General Committee appoints the Secretary and Deputy Secretary every two years.
4. A new Chairman for the General Committee must be nominated at the last meeting held at the end of the statutory term (two years) through a majority vote.
5. The Chairman or Deputy Chairman of the committee cannot be nominated for the same position for two consecutive terms.
6. The roles of Chairman of the General Committee and the Executive Committee cannot be held concurrently.
7. The member representing a company shall be relieved of their duties as soon as their employment with the company ends, and the company they represent must nominate another member to replace them.

4.1.3. Meetings and Quorum
1. The General Committee shall hold meetings at least once a year. The meetings may also be convened if the Chairman deems it necessary or if nine (9) members of the General Committee request it in writing.
2. The General Committee shall hold meetings at the Financial Institute or at a location agreed upon by the majority of the members.
3. A meeting of the General Committee is considered valid if attended by at least two-thirds of the members.
4. All members are required to attend General Committee meetings. A member may delegate a representative from the company to attend and vote at the meetings, provided that the representative is appointed by the company’s senior management.
5. General Committee members cannot delegate other representatives for two consecutive meetings.
6. The General Committee must adhere to the meeting agenda as scheduled.
7. The General Committee makes its decisions in meetings through majority voting.
8. In the event of a tie vote, the Chairman’s vote is decisive. Members who disagree should record their objections in the meeting minutes.
9. Members may abstain from voting on any decisions made in the meetings, and the reasons for abstention should be recorded in the meeting minutes.
10. The General Committee may invite any expert to participate in the meetings with the Chairman’s approval, without the right to vote.
11. Discussions should be conducted with high professionalism and in an organized manner, and should not include topics not listed in the meeting agenda.
12. All members must maintain the confidentiality of information discussed during the meetings.
13. The Chairman must ensure that members adhere to the rules and guidelines governing the committee meetings, which all members are required to follow.

4.1.4. Agenda, Meeting Minutes, and Reports

1.Members should inform the Committee Chairman of the topics they believe will contribute to achieving the desired goals of the meetings. The Chairman should consider the proposed topics when approving the agenda.
2. The agenda should be prepared by the Secretary or their Deputy, including all the topics to be discussed in the meeting, and then approved by the Committee Chairman.
3. The Secretary or their Deputy must send the agenda along with the documents to be discussed in the meeting to all Committee members and a copy to the Central Bank representative at least ten (10) working days before the meeting via email.
4. The Secretary must prepare meeting minutes after each Committee meeting, recording the names of attendees, all topics discussed, decisions voted on, objections, and cases of abstention, including reasons if any.
5. The Secretary or their Deputy must send the meeting minutes to all Committee members and the Central Bank representative within ten (10) working days after the meeting via email, before being approved and signed by the Committee Chairman and the Secretary. The Secretary should be provided with any comments and feedback within five (5) working days from receiving the meeting minutes.
6. The Secretary must keep all reports and minutes in a manner that allows for easy retrieval. When the Chairman's committee, upon the expiration of their term, provide the Central Bank representative with all documents through a handover report. The Central Bank representative will then pass the documents to the new Committee Chairman.

4.1.5. Responsibilities

General Committee
1.Formation of an Executive Committee from among its members under the name "Executive Committee," nominate its members, and also nominate three reserve members for the Executive Committee.
2. Provide general guidance and direction to the Executive Committee regarding common issues faced by the finance sector in the Kingdom of Saudi Arabia.
3. Monitor the activities of the Executive Committee for General Managers and evaluate its performance to ensure its effectiveness and achievement of the desired goals.
4. Propose and make necessary amendments to this document and develop it as needed, by majority vote, provided that the Central Bank does not object to these amendments before final approval.
Chairman of the Committee
5. Ensure the effectiveness and success of the General Committee, in addition to the ongoing follow-up of all tasks assigned to the General Committee.
6. Develop the General Committee's plans to contribute to the accomplishment and development of the Committee's work.
7. Manage discussions and debates in General Committee meetings and provide a conducive environment in meetings to help achieve the benefits of exchanging views and perspectives efficiently.
8. Communicate with the Executive Committee to ensure tasks and projects assigned to it are progressing as required.
9. Provide the Central Bank's representative with all documents through a handover report at the end of their term, so the representative can then hand over the documents to the new Committee Chairman.
10. Sign with the Secretary and approve the final version of the meeting report.
11. Deliver to the Central Bank an updated copy of this document at the beginning of each calendar year, including the desired objectives of any changes made, if applicable.
Deputy Chairman of the Committee
12. If the Chairman of the General Committee is replaced, leaves, or is relieved before the end of their term, the Deputy Chairman will take their place and assume all their responsibilities.
‏Secretary
13. Prepare all arrangements for meetings, including the meeting venue; organize and coordinate the proposed topics in the agenda and have it approved by the Committee Chairman. Responsible for sending the agenda along with the documents to be discussed in the meeting to all Committee members and a copy to the Central Bank representative via email at least ten (10) working days before the meeting.
14. Prepare meeting minutes after each Committee meeting, recording the names of attendees, all topics discussed, decisions voted on, objections, and cases of abstention, including reasons if any.
15. Send the meeting minutes to all Committee members and the Central Bank representative within ten (10) working days after the meeting via email, before they are approved and signed by the Committee Chairman and the Secretary. Comments and feedback should be provided to the Secretary within five (5) working days from receiving the report.
16. Sign with the Chairman on the final version of the meeting report.
17. Keep all reports and minutes in a manner that allows for easy retrieval.
Deputy Secretary
18. If the Secretary of the General Committee is absent, leaves, or is relieved before the end of their term, the Deputy Secretary will take their place and assume all their responsibilities.
Committee Members
19. Participate in the issues, risks, and challenges facing them that impact the finance sector.
20. Stay informed about all developments in the finance sector, including new regulations and changes to existing rules, whether from the Central Bank or other relevant regulatory bodies, in addition to keeping up with international developments.
21. Adhere to high professionalism by actively participating in the discussions during Committee meetings.

4.2. Executive Committee

4.2.1. Formation of the Committee
1. The General Committee shall form the Executive Committee once every two years.
2. The Executive Committee shall be composed of the following:
- A Chairman and a Deputy Chairman, who are elected by the Committee members every two years, subject to the Central Bank's approval.
- A Secretary and a Deputy Secretary.

4.2.2. Nomination and Exemption
1. The members of the Executive Committee and the reserve members shall be nominated every two years by the General Committee members through a majority vote. The Executive Committee shall have no fewer than seven (7) members and no more than nine (9) members, and there shall be no fewer than three (3) reserve members.
2. The Chairman and Deputy Chairman of the Executive Committee shall be appointed by the Executive Committee members through a majority vote every two years, following approval from the Central Bank.
3. The Chairman of the Executive Committee shall appoint a Secretary and a Deputy Secretary every two years.
4. If any member leaves before the end of their current term, the Executive Committee shall appoint a replacement from the reserve members designated by the General Committee. The replacement member will assume the position of the resigning member until the end of the current term. The Executive Committee must notify the General Committee of the replacement member.
5. Any member of the Executive Committee shall be exempted if they leave, are relieved, or resign from the company they represent.

4.2.3. Meetings and Quorum
1. The Executive Committee shall hold its meetings at least four times a year. It may also convene if the Chairman deems it necessary or if two (2) members of the Executive Committee request it in writing.
2. The Executive Committee shall hold its meetings at the Financial Institute or at a location agreed upon by the majority of members.
3. A meeting of the committee is valid if attended by at least two-thirds of the members.
4. Members of the Executive Committee are not allowed to delegate others to attend meetings or vote on decisions.
5. Members of the Executive Committee must adhere to the planned meetings.
6. Decisions of the Executive Committee are made by majority vote during meetings.
7. In the event of a tie vote, the Chairman’s vote will be decisive. Members who oppose a decision should record their comments in the meeting minutes.
8. A member may abstain from voting on any decisions made in the meetings, and the reasons for abstention should be recorded in the meeting minutes.
9. The Executive Committee may invite any expert to participate in meetings with the Chairman’s approval, although they will not have voting rights.
10. Discussions should be conducted with high professionalism and in an organized manner, ensuring that they do not include topics not listed in the agenda.
11. All members must maintain the confidentiality of information shared within the meeting.
12. The Chairman must ensure that members adhere to the rules and regulations governing committee meetings, which all members must follow.

4.2.4. Agenda, Meeting Minutes, and Reports
1. Members should inform the Committee Chairman of topics they believe will contribute to achieving the desired goals of the meetings. The Chairman should consider the proposed topics when approving the agenda.
2. The agenda should be prepared by the Secretary or their Deputy, including all topics to be discussed in the meeting, and then approved by the Committee Chairman.
3. The Secretary or their Deputy must send the agenda along with the documents to be discussed in the meeting to all Committee members and a copy to the Central Bank's representative at least ten (10) working days before the meeting via email.
4. The Secretary must prepare meeting minutes for all meetings, which should include at a minimum the names of attendees, all topics discussed, decisions voted on, objections, and cases of abstention, including reasons if any.
5. The Secretary or their Deputy must send the meeting minutes to all Committee members and the Central Bank's representative within ten (10) working days after the meeting via email, before they are approved and signed by the Chairman and the members. Comments and feedback should be provided to the Secretary within five (5) working days from receiving the minutes.
6. The Executive Committee must prepare a charter when establishing any sub-committee. The charter should include at a minimum the committee’s name, purpose, objectives, role, responsibilities, authority, composition, the process for nominating, appointing, and relieving members, whether the committee is permanent or temporary (with duration if temporary), meeting procedures, required reports, and their submission process. The charter must be approved by the Chairman of the Executive Committee and must receive the Central Bank's approval for each sub-committee charter.
7. When nominating members for sub-committees, there should be fair representation of licensed finance companies, ensuring no more than one representative per company on the same committee.
8. The Executive Committee must prepare an annual comprehensive report, accompanied by all charters and necessary documents, and provide it to the General Committee and the Central Bank. The report should include at a minimum the key decisions made by the committee, the number of meetings held during the period, the names of attendees, and the names, status, and major achievements of sub-committees throughout the year.
9. The committee must ensure clarity and accuracy in the reports it prepares.
10. The Secretary must keep all reports, minutes, and documents in a manner that allows for easy retrieval. At the end of their term, the Chairman must provide all documents to the Central Bank's representative through a handover report, so the representative can then pass the documents to the new Chairman.

4.2.5. Responsibilities

Executive Committee
1. Study and implement all tasks assigned to it by the General Committee.
2. Establish temporary or permanent sub-committees, including preparing a charter that, at a minimum, covers the name of the sub-committee, its purpose and goals, its role and responsibilities, its composition, the process for appointing and relieving members, whether the committee is permanent or temporary (with duration specified if temporary), meeting procedures, required reports, and their submission process.
3. Ensure that sub-committees comply with all applicable regulations, rules, guidelines, and instructions.
4. The Executive Committee has the right to reconstitute any of the permanent or temporary sub-committees and to dissolve them before their term ends through a decision made by a majority vote.
5. Evaluate and monitor the performance of existing sub-committees periodically to ensure their effectiveness.
6. Prepare a comprehensive report, accompanied by all charters and necessary documents, and provide it to the General Committee and the Central Bank. This report should include, at a minimum, key decisions made by the committee, the number of meetings held during the period, the names of attendees, as well as the names, status, and major achievements of sub-committees throughout the year.
7. Focus on contributing to the development of the finance sector in the Kingdom of Saudi Arabia by adhering to best practices and international standards that benefit the sector in general and its stakeholders in particular.
8. Take necessary actions to stay updated on all developments in the finance sector, particularly those related to international standards and guidelines issued by local and international bodies that work on enhancing corporate governance practices and regulations.
Chairman of the Committee
9. Ensure the effectiveness and success of the committee, as well as continuously follow up on all tasks assigned to the committee.
10. Develop plans for the Executive Committee that will contribute to the accomplishment and advancement of the committee’s work.
11. Manage discussions and debates during Executive Committee meetings, providing a conducive environment for meetings that facilitates achieving the desired benefits from exchanging opinions and viewpoints efficiently.
12. Approve the charter for establishing any sub-committees.
13. Define strategies and priorities for implementing committee decisions and seek new ideas to improve and develop the committee's role.
14. Provide the Central Bank's representative with all documents through a handover report at the end of their term so the representative can then transfer the documents to the new Chairman.
15. Communicate and follow up with the Central Bank regarding pending issues, performance improvement, and achieving the committee's objectives.
Deputy Chairman of the Committee
16. If the Chairman of the Executive Committee is absent, leaves, or is relieved before the end of their term, the Deputy Chairman will assume their responsibilities.
Secretary
17. Prepare all arrangements for meetings, including the meeting venue.
18. Prepare the agenda, including all topics to be discussed in the meeting, and obtain approval from the Chairman.
19. Send the agenda along with the documents to be discussed in the meeting to all committee members and a copy to the Central Bank's representative at least ten (10) working days before the meeting via email.
20. Prepare meeting minutes for all meetings, which should include at a minimum the names of attendees, all topics discussed, decisions voted on, objections, and cases of abstention, including reasons if any.
21. Send the meeting minutes to all committee members and the Central Bank's representative within five (5) working days after the meeting via email, before they are approved and signed by the Chairman and the members. Comments and feedback should be provided to the Secretary within five (5) working days from receiving the minutes.
22. Keep all reports, minutes, and documents in a manner that allows for easy retrieval.
Deputy Secretary
23. If the Secretary of the Executive Committee is absent, leaves, or is relieved before the end of their term, the Deputy Secretary will assume their responsibilities.
Committee Members
24. Discuss all financial, operational, and regulatory issues, as well as all risks, opportunities, and key challenges they face, with the aim of exchanging expertise and achieving mutual benefits.
25. Stay informed about all developments in the finance sector, including new rules and changes to existing rules, whether issued by the Central Bank or other relevant regulatory bodies, as well as international developments.
26. Members must maintain high professionalism by actively participating in discussions during committee meetings.

4/3. Sub-Committees

4/3/1. Formation of Committees
1. The Executive Committee shall form permanent and temporary sub-committees as needed.
2. The Executive Committee must, at a minimum, establish permanent sub-committees to address the following topics:
- Matters related to real estate financing.
- Matters related to leasing financing.
- Matters related to awareness and media.
- Matters related to risk management.
- Matters related to compliance, anti-money laundering, and counter-terrorism financing.
- Matters related to financial issues.
- Matters related to the protection of customers.
3. Each sub-committee is composed of a Chairman and a Deputy Chairman, who are elected by the Executive Committee members every two years.
4. Each sub-committee also includes a Secretary and a Deputy Secretary.

4/3/2. Nomination and Exemption
1. The Chairman and Deputy Chairman of the sub-committee are elected by a majority vote of the Executive Committee members every two years.
2. The Chairman of the sub-committee appoints a Secretary and a Deputy Secretary every two years.
3. The Executive Committee has the right to exempt any member of the subcommittee with the approval of the Central Bank, based on a decision made by a majority vote.
4. Any member of the subcommittee is exempted if they leave, are exempted from, or resign from the company they represent.

4.3.3. Meetings and Quorum
1. The subcommittee shall hold its meetings at least six times a year, and it may convene if the Chairperson deems it necessary.
2. The subcommittee shall hold meetings at the Financial Institute or at a location determined by the Chairperson in Riyadh or any other place agreed upon by the majority of the members.
3. The charter establishing the committee must include all regulations concerning meetings, including quorum and decision-making procedures.
4. The subcommittee must adhere to the scheduled meetings as planned.
5. The subcommittee may invite any expert to participate in meetings with the Chairperson's approval, but without voting rights.
6. Discussions must be conducted with high professionalism, in an organized manner, and should not include topics not on the agenda.
7. All members of the committee must maintain the confidentiality of the information exchanged during the meeting.
8. The Chairperson must ensure that members adhere to the rules and instructions governing the committee meetings, which all members must follow.

4.3.4. Agenda, Meeting Minutes, and Reports
1. Members should inform the Chairman of any topics they believe will contribute to achieving the objectives of the meetings. The Chairman should consider these suggested topics when approving the agenda.
2. The agenda should be prepared by the Secretary or their Deputy, and must include all the topics to be discussed in the meeting. It should then be approved by the Chairman.
3. The Secretary or their Deputy must send the agenda along with the documents to be discussed to all committee members and a copy to the Central Bank representative at least ten working days before the meeting via email.
4. The Secretary must prepare minutes for all meetings, which should at a minimum include the names of attendees, all topics discussed, decisions made, any objections or abstentions with reasons if applicable.
5. The Secretary or their Deputy must send the meeting minutes to all committee members and the Central Bank representative within no more than five working days after the meeting via email, before they are approved and signed by the Chairman and members. The Secretary should receive comments and feedback within five working days of receiving the minutes.
6. The subcommittee must prepare an annual comprehensive report, accompanied by all necessary documents, to be provided to the Executive Committee and the Central Bank. This report should, at a minimum, include the key decisions of the committee, significant achievements, difficulties encountered, suggestions, as well as the number of meetings held during the period and the names of attendees.
7. The committee should ensure clarity and accuracy in the minutes and reports it prepares.
8. The Secretary must archive all reports, minutes, and documents for easy retrieval. Upon the expiration of their term, the Chairman should provide all documents to the Central Bank representative through a handover report, allowing the Central Bank representative to transfer the documents to the new Chairman.
9.The charter establishing the committees will govern any additional documents that the committee deems necessary to include.

4.3.5. Responsibilities
Subcommittees
1. Discuss all topics and related issues, and provide recommendations to the Executive Committee for review and final decisions.
2. Carry out all tasks assigned by the Executive Committee and regularly report on the progress of these tasks to the Executive Committee.
3. Subcommittees are responsible for all tasks deemed to fall under their purview by the Executive Committee.
4. Prepare an annual comprehensive report, accompanied by all necessary documents, to be provided to the Executive Committee and the Central Bank. This report should include at a minimum the key decisions made by the subcommittee, major achievements, difficulties encountered, suggestions, the number of meetings held during the period, and the names of attendees.
Chairman
5. Ensure the effectiveness and success of the subcommittee; it is also their responsibility to continuously monitor all tasks assigned to the subcommittee.
6. Manage discussions and debates during meetings, and create a conducive environment that facilitates professional and efficient exchange of opinions and viewpoints.
7. Communicate with the Executive Committee and follow up on tasks with them, and provide them with all recommendations, reports, and other relevant information.
8. Hand over all documents to the Central Bank representative through a handover report upon the expiration of their term, so that the Central Bank representative can then transfer the documents to the new Chairman.
Deputy Chairman
9. In the absence, departure, or early exemption of the Chairman, the Deputy Chairman will assume their responsibilities and duties.
Secretary
10. Prepare all arrangements for meetings, including the meeting location.
11. Prepare the agenda, ensuring it includes all topics to be discussed in the meeting, and obtain approval from the Chairman.
12. Send the agenda along with the documents to be discussed to all committee members and a copy to the Central Bank representative at least ten working days before the meeting via email.
13. Prepare minutes for all meetings, which should at a minimum include the names of attendees, all topics discussed, decisions made, any objections or abstentions with reasons if applicable.
14 .Send the meeting minutes to all committee members and the Central Bank representative within no more than five working days after the meeting via email, before they are approved and signed by the Chairman and members. The Secretary should receive feedback within five working days of receiving the minutes.
15. Archive all reports, minutes, and documents for easy retrieval.
Deputy Secretary
16. In the absence, departure, or early exemption of the Secretary, the Deputy Secretary will assume their responsibilities and duties.

5. Saudi Central Bank

5.1. Role of the Central Bank
1. The Central Bank performs its supervisory and regulatory role in committee meetings by appointing one or more qualified individuals to attend all committee meetings as "observers."
2. Committee meetings are held with the Central Bank’s knowledge and approval; the institution's representative must be provided with meeting schedules and minutes. The Central Bank has the right to propose amendments or additions to the minutes.
3. The Central Bank reviews proposals submitted by the executive committee on supervisory and regulatory matters, as well as other topics.

5.2. Role of the Central Bank Representative(s)
1. The representative of the central bank attends committee meetings as an "observer," and their role is limited to supervision and oversight. They do not have the right to vote on any decisions or proposals.
2. The representative of the central bank ensures that financing companies are aware of all central bank instructions and directives, to ensure the committee operates efficiently and effectively.
3. During meetings, the central bank representative provides committee members with documents related to the committee’s work.
4. The central bank representative acts as the liaison between the central bank and the committees.

5.3. Proposals Submitted by the Committees
1. All proposals issued by various sub-committees must be submitted to the executive committee for review and evaluation. The executive committee will then study the proposals.
2. Opinions and proposals submitted to the central bank must have been thoroughly discussed by the executive committee.
3. The executive committee should conduct research and analysis and review best practices and local and international standards to ensure the effectiveness of the proposal before submitting it to the central bank.
4. The proposal submitted to the central bank should clearly outline the nature of the issues being addressed, current practices both locally and internationally in dealing with such issues, and analyze the advantages and disadvantages of the current situation along with the proposed changes.
5. The proposal submitted to the central bank must include the following minimum information:
- The main topic in a specific and clear manner.
- Key problems and current and potential risks.
- Available alternatives.
- Sector practices related to the proposed topic, including references to best practices.
- Recommendations.
- Identification of necessary resources and methods for securing them.

Governance and Internal Control

Key Principles of Governance in Financial Institutions

Requirements for Appointments to Senior Positions

Corporate Governance

Board of Directors

Senior Management

Major Departments

Audit Committee

Compliance Principles for Finance Companies and Real Estate Refinance Companies

Chapter I: Definitions, General Provisions and Scope of Application

1. Definitions

2. General Provisions

3. Scope of Application

Chapter II: Duties and Responsibilities of the Board, Audit Committee and Executive Management Towards Compliance

Principle 1: Duties and Responsibilities of the Board Towards Compliance

Principle 2: Duties and Responsibilities of the Audit Committee Towards Compliance

Principle 3: Duties and Responsibilities of the Executive Management Towards Compliance

Chapter III: Features, Duties and Responsibilities of the Unit

Principle 4: Key Features of the Unit

Principle 5: Duties and Responsibilities of the Unit

Principle 6: Responsibilities of Company Staff Towards Compliance

Principle 7: Responsibilities of Internal Audit Department Towards Compliance

Chapter IV: Concluding Provisions

Internal Audit Principles for Finance Companies and Real Estate Refinance Companies

Section One: Definitions, General Provisions and Scope of Application

1. Definitions

2. General Provisions

3. Scope of Application

Section Two: Duties and Responsibilities of the Board, Audit Committee and Executive Management toward Internal Audit

Principle 1: Duties and Responsibilities of the Board toward Internal Audit Function

Principle 2: Duties and Responsibilities of the Audit Committee toward Internal Audit Function

Principle 3: Duties and Responsibilities of the Executive Management toward Internal Audit Function

Section Three: Department Features, Duties and Responsibilities

Principle 4: Key Department Features

Principle 5: Duties and Responsibilities of the Department Director

Principle 6: Duties and Responsibilities of the Department

Principle 7: Internal Audit Policy

Principle 8: Internal Audit Plan

Principle 9: Department Reports

Principle 10: Department Policies and Work Procedures

Principle 11: External Evaluation of the Department

Principle 12: Documentation of Documents and Reports

Principle 13: Department Relationship with First and Second Line Units

Section Four: Concluding Provisions

Shariah Governance Instructions for Finance Companies

Chapter One: Preliminary Provisions

Article One: Introduction

Article Two: Definitions

Article Three: Scope

Article Four: General Provisions

Chapter Two: Responsibilities of the Board of Directors and Senior Management

Article Five: Responsibilities of the Board of Directors

Article Six: Responsibilities of Senior Management

Chapter Three: Shariah Compliance Supervision

Article Seven: Shariah Compliance Supervision Activities

Chapter Four: Regulations for the Work of the Shariah Committee

Article Eight: Selection of Committee Members and Membership Requirements2

Article Nine: Responsibilities of the Committee4

Chapter Five: Independence and Confidentiality of Information

Article Ten: Independence

Article Eleven: Confidentiality of Information

Chapter Six: Final Provisions

Article Twelve

Article Thirteen

Article Fourteen

Article Fifteen

The General Committee of General Managers in Financing Companies

1. Introduction

2. Definitions

3. Organizational Structure of the Financing Companies Committees

4. Committees

4.1. The General Committee

4.1.1. Formation of the Committee

4.1.2. Nomination and Dismissal

4.1.3. Meetings and Quorum

4.1.4. Agenda, Meeting Minutes, and Reports

4.1.5. Responsibilities

4.2. Executive Committee

4.2.1. Formation of the Committee

4.2.2. Nomination and Exemption

Article Nine: Responsibilities of the Committee⁴