Regulation of Agent Banking in the Kingdom of Saudi Arabia
No: 37541/67 Date(g): 20/2/2019 | Date(h): 15/6/1440 Status: In-Force Section One: Definitions and General Provisions
The Regulation is issued pursuant to powers granted to SAMA under the following laws and regulations:
a. Charter of the Saudi Arabian Monetary Authority, issued by Royal Decree No. 23 dated 23/05/1377H; and
b. Banking Control Law, issued by Royal Decree No. M/5 dated 22/02/1386H.
Banking Agents shall comply with this Regulation in addition to relative laws, regulations, and instructions, including the following:
- Banking Control Law and its instructions;
- Anti-Money Laundering Law and its Implementing Regulations;
- Law on Terrorism Crimes and Financing and its Implementing Regulations;
- SAMA Rules on Outsourcing, and Outsourcing Controls for Foreign Banks’ Branches Operating in Saudi Arabia; and
- Rules Governing Anti-Money Laundering and Combating Terrorist Financing issued to banks, money changers, and foreign banks’ branches operating in Saudi Arabia.
Article 1: Definitions
The following terms and phrases, wherever mentioned herein, shall have the meanings assigned thereto unless the context otherwise requires:
SAMA: Saudi Arabian Monetary Authority*.
Bank: any bank licensed to carry out banking business in the Kingdom of Saudi Arabia in accordance with the provisions of the Banking Control Law.
Regulation: Regulation of Agent Banking.
Agent(s): a legal entity contracted by a licensed commercial Bank and approved by SAMA to engage in Agent Banking activity.
Agent Banking: the provision of banking services and/or products by an Agent on behalf of a Bank in accordance with the provisions of this Regulation.
Know Your Customer (KYC): the processes that the Agent needs to carry out in order to identify its Customers and beneficiaries and verify their identities.
Conflict of Interest: a situation involving achieving a material or moral interest that contradicts job duties.
Exclusive Agent: an Agent that entered into an agency agreement with one Bank to exclusively provide banking services and/or products on behalf of the contracting Bank.
Multiple Agent: an Agent that entered into a non-exclusive agency agreement with a Bank or into agency agreements with multiple Banks to provide banking services on its/their behalf.
Customer: any natural or legal person obtaining banking services or products or to whom such services or products are offered.
* The Saudi Arabian Monetary Agency was replaced by the name of Saudi Central Bank in accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding 26/11/2020AD.
Article 2: Purpose and Scope
1. The objectives of this Regulation are as follows:
a. Increasing banking services outreach and promoting financial inclusion to the unbanked and under-banked population while maintaining the safety, soundness and stability of the banking sector;
b. Encouraging Banks to use Agents in the provision of banking services to reduce the cost of banking services and to foster financial inclusion, reach and depth;
c. Setting a regulatory and supervisory framework for Agent Banking, in compliance with which banking services are offered whilst ensuring full compliance with the Banking Control Law and the implementation of its provisions in addition to SAMA instructions;
d. Providing the minimum standards and requirements for Agent Banking to organize business;
e. Outlining the permissible activities that can be carried out by a banking Agent after receiving SAMA’s non- objection; and
f. Providing minimum standards of data and network security, consumer protection and risk management to be adhered to in the conduct of Agent Banking activity.
2. This Regulation shall apply to all Banks desiring to contract with an Agent.
Article 3: Responsibility
1. It is the responsibility of the board of directors of each Bank to ensure compliance with this Regulation. Banks shall be solely responsible for the selection of Agents. Without prejudice to the provisions hereof, the relationship between the Bank and its Agent shall be direct and governed by a contract.
2. The Bank is responsible for all actions or omissions of its Agent(s) in the matter of providing the permissible banking products and services on behalf of the Bank.
3. The board of directors of each Bank shall be responsible for approving policies, procedures and processes which ensure the following:
a. Credible Agents are identified and selected.
b. Risks associated with Agent Banking are identified, documented and addressed. Adequate risk management policies are developed and implemented, in a way consistent with relevant rules and instructions issued by SAMA.
c. Agent Banking activities are constantly monitored to ensure compliance with the provisions hereof and other relevant laws and rules.
d. All necessary controls are in place and complied with to ensure that the contracted Agent fully complies with all legal and supervisory requirements, including SAMA requirements related to AML/CFT, combating embezzlement and financial fraud, and information security.
Section Two: Applying for Agent Banking
Article 4: Application Requirements
1. Banks wishing to contract with Agents shall apply for SAMA’s no-objection pursuant to the provisions hereof. The applications submitted by Banks shall be as follows:
a. One-time application for SAMA’s non-objection to the engagement of the Bank in Agent Banking activity; and
b. Prior to contracting with each Agent, a separate application for SAMA’s non-objection to each Agent to be contracted under an “Exclusive Agent” or “Multiple Agent” arrangement for the purposes of Agent Banking and in accordance with SAMA’s requirements.
c. Applications mentioned in Clause (1.a) and Clause (1.b) of Article 4 may be submitted at the same time. However, the application mentioned in Clause (1.b) may not be submitted alone unless the Bank has previously submitted SAMA’s non-objection application referred to in Clause (1.a).
2. When submitting the application mentioned in Clause (1.a) of Article 4, Banks must also submit, along with it, the following:
a. Approval of the Bank’s board and its commitment to complying with this Regulation and what SAMA issues in this regard;
b. Bank’s internal policy on Agent Banking that covers procedures related to Agent selection, management, monitoring, operations, compliance, conduct, service quality and business supervision;
c. A copy of the Bank’s branch expansion plan;
d. Proof of the Bank’s infrastructure that supports Agent Banking, including systems and technologies to be utilized;
e. The Bank’s qualifying criteria for engaging Agents, such as the following:
- Outreach
- Efficiency
- Integrity
- Security
- Proper IT Infrastructure
f. Description of permissible services that may be provided through the Bank’s Exclusive Agent or Multiple Agent arrangement;
g. Agent Banking contract template;
h. Description of processes for customer due diligence, including KYC and compliance with AML/CFT laws and instructions;
i. Description of procedures of information security and confidentiality protection;
j. Risk assessment report, including risk management, internal control and operational policies and procedures;
k. Description of consumer protection measures, including financial awareness and education strategies related to Agent Banking;
l. Description of controls and monitoring procedures to ensure compliance with relevant laws, regulations, instructions and regulatory requirements;
m. Business Continuity Plan (BCP) and contingency arrangements to ensure continuity of Agent Banking services in the event of disruption; and
n. Any other policies, procedures and/or requirements relevant to the management of Agent Banking business as SAMA may deem appropriate.
Article 5: Application to Contract with an Agent for Agent Banking
1. The Bank may use a super-agent to manage its other banking Agents, provided that the super-agent meets all the requirements of the Fit and Proper Assessment for Agent Banking stipulated in Article 13 hereof while retaining overall responsibility for the agency relationship.
2. The Agent company shall have a commercial register that permits the engagement in Agent Banking business.
3. The Agent shall apply for and receive necessary approval from the relevant supervisory and regulatory entity before the Bank applies for SAMA’s non-objection to the Agent to be contracted.
4. The Bank may appoint its direct employees to perform or supervise Agent Banking business on the Agent premises. In the event that the Bank and its Agent agree on assigning the Agent Banking business to Agent’s employees upon Agent Banking contract, provisions of Article 19 hereof shall be observed.
5. The Bank must provide a signed declaration by its Chief Executive Officer or a duly designated senior officer, confirming that the Bank has carried out the proper and fit assessment of the proposed Agent. The declaration must also indicate that the proposed Agent has met the minimum requirements of Agent Eligibility prescribed herein and has the competence to run Agent Banking business on behalf of the contracting Bank.
6. After reviewing the complete applications in accordance with the provisions hereof, SAMA will notify the Bank of the result of the application.
Article 6: Not Commencing Agent Banking Activity
SAMA’s non-objection to contracting with an Agent shall be deemed cancelled if the approved Agent does not commence business within a nine-month period from the date of issuing SAMA’s non-objection. SAMA may, at its discretion, extend this period.
Section Three: Agent Banking Contract
Article 7: Key Requirements
a. After obtaining SAMA’s non-objection, the Bank must enter into a written contract for a specified period with the Agent for the provision, on the Bank’s behalf, of any of the banking services for which SAMA’s non-objection was issued.
b. The Agent Banking contract must clearly specify the rights and responsibilities of all parties without prejudice to this Regulation and must be signed by the relevant parties prior to the commencement of Agent Banking services by the Agent.
Article 8: Contract
At a minimum, the Agent Banking contract must incorporate provisions that address the following:
1. The appointment of a third party as the Bank’s Agent to provide a clearly defined scope of banking services.
2. Capacity and nationality of the parties and the necessity of all parties having the authority to enter into this Agent Banking contract.
3. The Agent’s personal and business details, including the Agent’s business hours and any other important information.
4. The services provided by the Agent in detail, subject to the provisions of Article 20 hereof.
5. The Agent’s responsibilities, including, at a minimum, the following:
a. Dealing with Customers in a professional way and avoiding any prohibited activities as specified herein.
b. Exercising customer due diligence when conducting transactions, including:
1. Specifying a Customer authentication mechanism for transactions executed through the Agent; and
2. Using an ICT device with a screen of proper size for Customers to review and verify the details of transactions executed.
c. Taking consumer protection measures as follows:
1. Providing proof of transactions to Customers;
2. Facilitating channeling of complaints by Customers to the contracting Bank; and
3. Disclosing mandatory information as specified in SAMA regulations, instructions, and Consumer Protection Principles.
d. Compliance with all applicable laws, instructions and internal policies of the Bank, including the Bank’s codes of ethics and conduct.
e. Exercising due care in handling the Agent Banking systems and devices.
f. Maintaining records, documents, files and proof of transactions for a period not less than 10 years. The Agent must provide the Bank with these records regularly in previously determined periods. The Bank shall then maintain these records to facilitate supervision, control and verification as specified in Article 27 hereof.
g. Fulfilling reporting requirements necessary to enable the Bank to effectively monitor the performance of the Agent on a monthly basis and reporting incidents that may materially affect the efficiency of service delivery.
h. Allowing access upon receiving notification for the contracting Bank to carry out examination or on-site inspection and investigation on the Agent’s premises, and cooperating when the Bank requires information from the Agent as stipulated in Article 29 hereof.
i. Having a description of prohibited activities that the Agent cannot practice on behalf of the Bank, as indicated in Article 20 hereof.
j. Keeping confidential the Customers’ information and not disclosing any information obtained by virtue of work.
k. Conforming to legal and regulatory requirements.
6. Mechanisms for dispute resolution and indemnities, which cover disputes between Customer and Agent, disputes arising between the Agent and the Bank, and non-compliance of the Agent that is detrimental to the Bank. Such mechanisms shall also encompass recourse to other methods of compensation, procedures and period for resolution, indemnities, and obligations of the respective parties in the event of a dispute.
7. Terms of termination or expiration of the Agent Banking contract, which may include failure to meet obligations of the contract or comply with provisions hereof.
8. Measures to mitigate risks associated with Agent Banking services.
9. Compliance with AML/CFT and KYC requirements, including providing SAMA, by the Bank, with all requested documents and periodic reports on AML/CFT.
10. A statement that all information or data that the Agent collects in relation to Agent Banking services, whether from the Customers, the Bank or other sources, is the property of the Bank and that such information must be kept confidential and no unauthorized third party will have access to Customer information. The statement shall also indicate that the aforementioned provisions shall survive termination of the Agent Banking contract.
11. Changing the contract terms for default and contract termination.
12. A transition clause on the rights and obligations of the parties upon termination or cessation of the Agent Banking contract.
13. Stating that the banking services indicated are subject to regulatory review and that SAMA must be granted full authority to inspect and request information, data and documents at any time and full access to the internal systems, reports and records of the Bank and Agent. In addition, the Agent Banking contract must include a statement indicating that SAMA has the power to interrogate the Agent’s staff.
14. SAMA power to cancel or suspend its non-objection as it deems appropriate pursuant to this Regulation.
15. Stating that the Agent will not perform management functions, make management decisions, or act or appear to act in a capacity equivalent to that of a member of management or an employee of the Bank.
16. Any other terms or provisions that the Bank or the Agent considers necessary without prejudice to the provisions of laws, regulations, rules and instructions issued by SAMA.
Article 9: Agent Eligibility
1. The Agent must be licensed to practice its commercial activity before the Bank applies for SAMA’s non-objection to the Agent to be contracted as a banking Agent.
2. The following entities are eligible for appointment as Agents under this Regulation:
a. Companies, except for commercial banks and finance companies, without prejudice to Companies Law;
b. Post offices;
c. SME businesses, such as chain stores;
d. Mobile network operator agents;
e. Foreign licensed companies registered through SAGIA; and
f. Any other entities that SAMA may prescribe.
3. The entity must not have been classified as a non-performing borrower by any banks in the last 12 months preceding the date of signing the contract (such information having been obtained from a licensed credit bureau). The Agent must maintain this status for the whole period of engaging in Agent Banking business.
4. It is necessary to have appropriate physical infrastructure and human resources to provide the Agent Banking services required.
Article 10: Renewal of Agent Banking Contract
Banks wishing to extend Agent Banking contracts must renew their contracts with Agents, whether ‘Exclusive’ or ‘Multiple’, at least one month prior to the expiration date of the banking Agent contract, following a comprehensive assessment of outsourcing risks.
Article 11: Termination of Agent Banking Contract
1. SAMA may withdraw or suspend licenses granted to Banks to engage in Agent Banking business in any of the following cases:
a. Violating any provisions hereof as may, in the opinion of SAMA or the contracting Bank, warrant termination of the agency contract; or
b. Furnishing contracting Bank(s) with false or inaccurate information under this Regulation.
2. Subject to the provisions for termination of the agency contract set out in the contract, the Bank must terminate an agency contract in any of the following cases:
a. if the Agent is guilty of a criminal offense involving fraud, dishonesty or any other forms of financial impropriety;
b. if the Agent, where it is a legal person, is being dissolved or wound up through a court order or otherwise;
c. if the Agent, where it is a sole proprietor, dies or becomes mentally incapacitated;
d. if the Agent transfers, relocates or closes its place of agency business without the prior written consent of the contracting Bank;
e. if the Agent carries on Agent Banking business when the Agent’s principal commercial activity has ceased;
f. if the Agent sustains a financial loss or damage to such a degree that, in the opinion of the Bank, makes it impossible for the Agent to gain its financial soundness within three months from the date of the loss or damage; or
g. if the Agent fails to hold or renew its valid business license.
3. Where a dispute arises between a Bank and its Agent, the parties must exert every effort to settle the dispute within a period of 10 (ten) business days from the date of such dispute. If the dispute is not resolved within this stipulated period and the litigation is sought, then the Bank must begin preparations to terminate the agency within the timeframes mentioned herein before litigation starts.
4. Where an Agent Banking contract is terminated, the Bank must publish a notice of the termination in the locality where the Agent was operating or in any other manner, such as SMS messages, to adequately inform the general public of the cessation of the Agent Banking contract.
5. Upon termination of the Agent Banking contract, the Bank may not re-contract with the Agent, whose agency contract was cancelled, after changing its commercial name.
Article 12: Record Retention
The Agent shall maintain records and documents of its contracting Bank’s Customers for a period not less than ten (10) years. The Bank shall specify the mechanism for their retention and transfer to its possession.
Article 13: Fit & Proper Assessment
1. Prior to arranging a contract with a third party for Agent Banking, the Bank must carry out a ‘fit and proper’ assessment. The assessment is aimed at ensuring that the Agent, its proprietors, and persons involved in the management of the Agent Banking business are sufficiently competent, ‘fit and proper' and that the management structures and funding sources are adequate. The key components of Fit and Proper Assessment, at a minimum, must take into consideration the following:
a. The moral, business and professional suitability of the entities to be contracted as Agents;
b. Negative information obtained from a credit bureau or other credible sources;
c. Criminal records, especially in relation to issues of ML/TF, fraud, or integrity;
d. Business or work experience;
e. Sources of funds necessary to finance the establishment of the Agent Banking business; and
f. Any other information that may negatively or positively affect the prospective Agent.
2. Any Agent, its proprietors, partners, officers or any other individuals that has/have been vetted and approved by SAMA within the previous 12 months may be exempted from vetting under this Regulation.
Article 14: Agent Due Diligence
1. The Bank must establish clear agent due diligence policies. Minimum contents must include methods of identifying Agents, initial due diligence, regular due diligence checks to be performed at specified periods, check list of early warning signals, and corrective actions to ensure proactive agent management.
2. The Bank must clearly specify roles/responsibilities of functions/departments within the Bank with regard to agent management in the agent due diligence procedures.
3. The Bank must ensure that proper monitoring processes for AML/CFT and combating embezzlement and financial fraud in the area of Agent Banking are in place. The necessary actions to be taken by Agents in this regard must be communicated to the Agents, and the Agents’ compliance must be monitored regularly.
4. Due Diligence must, at a minimum, cover the following:
a. Verification of legal status of the Agent;
b. Verification of address and location of all prospective Agents;
c. Establishing that there is no conflict of interest between the Bank and the Agent;
d. Verification of the adequacy of the prospective Agents’ resources for Agent Banking business, including financial and infrastructure resources (especially information security, technology and personnel);
e. Agent’s trustworthiness and likelihood of good behavior;
f. Clear credit history of Agent with a licensed credit bureau;
g. The Bank’ approval for the Agent’s procedures to ensure compliance with security risk management processes; and
h. Any other measures deemed necessary by the Bank.
Article 15: Customer Due Diligence
1. Each Bank engaging in Agent Banking must develop a ‘Customer Due Diligence (CDD)’ program that is tailored to its individual circumstances, type of Agents and risk level. The CDD program should include policies and procedures for the following, as a minimum:
a. Know Your Customer (KYC);
b. Information security; and
c. Data privacy and confidentiality.
2. The Bank must be responsible for ensuring compliance of its Agents with its CDD program and the CDD requirements provided herein.
3. Agents must establish the identity of their Customers as deemed appropriate by the Bank, including through ID, fingerprint, etc., and must verify the purpose and nature of making any banking activities or any banking relationship through Agents.
4. If an Agent has reasons to doubt the credibility of information provided by the Customer, it has to use all the possible reliable means to validate such information. In such cases, the Agent must stop dealing with the Customer and report findings to the Bank’s Money Laundering Reporting Officer (MLRO).
Section Four: Agent Banking Operations
Article 16: Obligations and Responsibilities of the Bank
1. The Bank must make a clear, informed and documented decision on the use of Agents for rendering banking services to its Customers.
2. The Bank must be wholly responsible and liable for all actions or omissions of its Agent(s). This responsibility must extend to actions of the Agent(s) even if not authorized in the contract so long as they relate to Agent Banking services or other matters connected therewith. Such responsibilities include the following:
a. Maintaining effective oversight of the Agent’s activities and ensuring that appropriate controls, including remote transaction monitoring to identify and report suspicious and fraudulent transactions, are incorporated into the Bank’s procedures on Agent Banking, in order to assure compliance with relevant laws, regulations and instructions.
b. Assessing the adequacy of controls of Agent Banking activities through regular audits.
c. Formulating and implementing policies and procedures to safeguard the information, communication and technology systems and data from threats.
d. Providing Agents with this Regulation, operational manuals and risk management policy documents as must be needed for rendering services to Customers efficiently.
e. Conducting risk-based review of critical Agent Banking processes to ensure that relevant laws, rules, policies and instructions are adhered to.
f. Selecting credible Agents with suitable/convenient retail outlets.
g. Managing and mitigating risks associated with the engagement of Agents to provide banking services on behalf of the Bank.
h. Providing basic financial education for Customers and Agents. Such education should cover, at a minimum, the importance of protecting the bank card PIN and not disclosing the confidential information of bank accounts to Agents and the confidential information of banking products and services provided. The Bank must periodically train its Agents as set out in Article 18 hereof.
i. Assigning one of its branches or establishing a central administration to be responsible for supervising its Agent(s) operating in a designated area and recruiting experts necessary to effectively supervise its Agent(s).
j. Enabling Agents when executing Customers’ transactions to use ICT devices that are integrated into the technological systems of the Bank. The figures of the transactions must be reflected in ‘Core Banking Solution’ (CBS) of the Bank. The Customer must get instant confirmation of the transaction through paper-based receipt (debit or credit slip), as well as SMS confirming the transaction.
k. Branding Agent banking business in such a clear manner so that the Customer can realize that the Agent is providing services on behalf of the Bank.
l. Taking steps to update and modify, where necessary, its existing risk management policies and practices to cover current or planned Agent Banking services, and to ensure the integration of Agent Banking applications with the main banking systems so as to achieve an integrated risk management approach for all banking activities. The Bank must also seek to perform regular, dependent test by an internal/external auditor or by the Bank’s concerned department to assess the Agent’s AML/CFT program.
m. Preparing and publishing an updated list of all its Agents, by type of Agent, on its website and annual reports. In addition to this, the Bank may publish a comprehensive list of Agents on flyers, corporate gifts and such other publications, as it deems appropriate.
n. Developing a written policy on conflict of interest and ensuring that this policy helps detect potential conflicts of interest. When the possibility of a conflict of interest arises between the Bank and the Agent, this should be disclosed to SAMA.
Article 17: Cash Services
If the Agent Banking contract allows for providing banking services that involve cash, the Bank shall establish, subject to prior non-objection of SAMA, an appropriate daily cash withdrawal and deposit limit for Customers.
Article 18: Training of Banking Agents’ Employees
Banks must train their Agents’ employees to enhance their competency before any Agent Banking activities are conducted. Training must continue for the whole period of the Agent Banking contract to equip Agents’ employees with any updates. At a minimum, training must encompass the following:
a. Products and services offered by the Agent on behalf of the Bank;
b. Know Your Customer (KYC) processes;
c. Protection of Customer information and complaints handling;
d. Fraud detection mechanisms, including identification of counterfeit money;
e. Procedures of anti-money laundering and counter terrorist financing (AML/CFT);
f. Equipment operation and troubleshooting;
g. Claims processing and reconciliation;
h. Obtaining the Retail Banking Professional Foundation Certificate (RBPFC);
i. Agents that handle loan or credit processing must have fulfilled the requirements set by SAMA;
j. Codes of ethics and conduct; and
k. Procedures and mechanisms of reporting fraudulent and suspicious transactions to the Bank.
Article 19: Permissible Activities
1. The Bank may contract with its Agent to provide some or all of the banking services prescribed under this Article. The services provided by the Agent must be stated in detail in its contract with the Bank and must be prominently displayed on the Agent’s business premises and on the website of the Bank, where a full list of all of the Bank’s Agents and their services can be found.
2. Banks shall be responsible for determining, based on agent risk assessment, the services a particular Agent may provide.
3. Permissible services for Agents, after the Bank obtains SAMA’s non-objection, are as follows:
a. Bank accounts opening;
b. Preparation and submission of loan applications and other related documentation;
c. Preparation and submission of applications for credit cards, domestic worker salary cards and other cards, as well as other related documentation;
d. Preparation and submission of bank letters of guarantee and other related documentation;
e. Cash deposits and withdrawals through ATMs;
f. Check deposits through ATMs;
g. Check book request and collection;
h. Payment of electronic bills, fees and fines for utility services;
i. Generation and issuance of account statements;
j. Activation of accounts after obtaining the final approval of the Bank;
k. Funds transfers, local and international;
l. Currency exchange;
m. Issuance of bank debit and credit cards and checks after obtaining the final approval of the Bank;
n. Encashment of checks;
o. Provision of Banking services for SMEs;
p. Reception and submission of POS terminals’ applications;
q. Sales and marketing services; and
r. Any other activities as may be determined from time to time by SAMA.
Article 20: Prohibited Activities
The Bank shall not permit the Agent to perform any of the following activities:
a. Operating or carrying out any transactions when there is communication failure with the Bank and operating in an offline mode or on a manual basis;
b. Carrying out a transaction where a receipt or acknowledgement cannot be generated;
c. Charging the Customer any fees that are not approved by SAMA or included in the Agent Banking contract;
d. Providing, rendering or holding itself out to be providing or rendering a banking service that is not specifically permitted in the contract;
e. Conducting non-electronic transactions outside of the business premises;
f. Soliciting personal information from Customers, including account details and Personal Identification Number (PIN) of Customers;
g. Providing any form of manual cash services unless a written official non objection letter is obtained in this regard from SAMA;
h. Carrying out any Agent Banking transactions or activities other than those approved in SAMA’s non-objection to the Agent contracted;
i. Conducting any payment system services outside of SAMA’s payment system infrastructure;
j. Accessing credit reports at a licensed credit bureau, as part of the loan application process;
k. Disclosing any information obtained by virtue of work;
l. Violating the Bank’s codes of ethics and conduct; or
m. Any other prohibited activities specified herein or as may be determined from time to time by SAMA.
Article 21: Relocation, Transfer and Closure of Agent Premises
The Bank must ensure the following:
a. that its Agent does not transfer, relocate or close its Agent Banking premises without serving a written notice of intention on the Bank at least sixty (60) business days in advance. In these cases, the Bank must apply for SAMA’s non-objection to the measure intended not less than thirty (30) business days prior to transfer, relocation or closure of Agent Banking premises. The Bank must also forward the details and reason(s) for relocation, transfer or closure of premises to SAMA.
b. that the Agent posts a notice of the relocation, transfer or closure on the Agent’s premises so as to be clearly visible to the general public at all times. Further, the Agent must advise Customers by an effective channel of its intention to relocate, transfer or close the Agent Banking business.
Article 22: Settlement of Transactions
To ensure quality of services provided for the beneficiaries and to earn their trust, the Bank must perform the following:
a. Ensure that all transactions carried out through the banking Agent are posted on a real time basis for ‘in bank’ account transactions;
b. Complete transactions that credit or debit accounts in other banks in accordance with SAMA clearing instructions;
c. Conduct a daily reconciliation to ensure settlement is done properly; and
d. Clarify responsibilities of both the Bank and the Agent towards transaction settlement risks.
Article 23: Information Technology (IT) and Operational Requirements
The technology implemented by the Bank for Agent Banking must comply with the industry standard technology in terms of hardware and software. At a minimum, the Bank must ensure that:
a. The Bank has an automatic system that is suitable for Agent Banking and that provides services stipulated in the contract with the required quality, security and speed.
b. The technology deployed comprises a set of interoperable infrastructure modules that work seamlessly and harmoniously. There must be an end- to-end connection from the Bank to the banking Agent.
c. Payment orders are instantly executed. In the event of failure of communication during a transaction, the transaction must be reversed.
d. An audit trail is maintained and made available on request.
e. All settlement information details are preserved.
f. The Bank puts in place adequate measures to mitigate all the risks that could arise from the deployment and use of its Agent Banking IT infrastructure.
g. The Agent Banking IT infrastructure must be, at a minimum, as follows:
1. Be able to support real time, electronic processing of transactions executed;
2. Be able to provide a secured network, including end-to-end encryption;
3. Be able to support Agent Banking services; and
4. At the end point, devices should not store sensitive Customer information, e.g. PIN, passwords, fingerprints, etc.
h. At a minimum, two-factor authentication is required for Agent and Customer registration.
i. Transaction information is transmitted in a secure manner.
j. There is an advanced and secure technological infrastructure.
k. A secured network, including end-to-end encryption, is provided.
Section Five: Consumer Protection
Article 24: Consumer Protection Requirements
Banks must put in place an appropriate consumer protection framework that ensures implementation of all requirements set out in the Banking Consumer Protection Principles (BCPP) and SAMA instructions to protect beneficiaries from risks involved in Agent Banking services, such as fraud, loss of privacy, loss of service, etc.
The Bank must ensure that the following requirements, at a minimum, are complied with at all times:
a. The Agent must have signs that are clearly visible to the public, indicating that it is a provider of services of the Bank with which it has an Agent Banking contract. The Agent must not represent to the public that it is a Bank.
b. The Agents must issue receipts for all transactions undertaken directly through them. Banks must provide their Agents with necessary tools that enable generation of receipts or acknowledgements for direct transactions carried out through Agents.
c. Where the Agent acts as a receiver or deliverer of documents, the Agent must provide an acknowledgement for all documents received from or delivered to the Customer. Such acknowledgement should include all relevant details.
d. Customer complaints must be resolved in accordance with SAMA requirements on customer complaints. The Bank must keep record of all customer complaints and how such complaints were redressed.
e. The Customer must be made aware of the fact that he/she must not carelessly store PIN and other critical information or share such information with other parties, including Banks and their Agents.
f. The Bank must take necessary steps to promote awareness among Customers about its Agent(s). Such awareness should cover, at a minimum, the responsibilities of the Bank and the Agent, rights of Customers, safety measures to make transactions with Agents, services that can or cannot be provided by the Agent, commissions, and fees.
g. Banks must publish and update the details of their Agents (e.g. name, address, and communication channels) on their websites, including existing Agents, terminated Agents, Agent relocations and/or transfers.
h. Protection measures of Customer information must be developed. Banks and Agents must ensure that such information is not disclosed to unauthorized third parties without prior non-objection of SAMA. Non-Compliance with this provision is considered a crime punishable by law as per the Banking Control Law.
i. A client manual of Agent Banking services must be established. The manual should address the commitment of the Bank and the Agent to security, privacy policy and confidentiality of data, reliability and quality of services, transparency of products and services, and prompt response to enquiries and complaints.
j. The Agent must adequately disclose and display other information on its business premises, which includes, but not limited to, the following:
1. Its appointment as an Agent of a Bank and the duration of the appointment;
2. The list of services, client manual, fees and charges, and daily transaction limits for Customers;
3. The dedicated single toll-free number(s) through which Customers can contact the Bank or the responsible branch; and
4. The current license for the commercial activity being undertaken by the Agent (prominently displayed on its business premises).
Section Six: Supervision of Banking Agents
Article 25: Key Inspection and Supervision Procedures
a. Banks shall be held fully liable for the actions and compliance of their Agents. In addition, Banks must, at least, have in place adequate technological systems for risk management, consumer protection, AML/CFT, and combating embezzlement and financial fraud. It is the responsibility of the Bank’s board of directors to ensure the following:
1. Bank’s policies and procedures are comprehensive and reflect all of SAMA regulatory requirements;
2. Mechanisms are established to ensure that relevant departments of the Bank implement all the necessary provisions of SAMA instructions; and
3. Monitoring of Agents’ activities matches any risks posed to the Bank.
b. Banks must take all other measures, including onsite visits undertaken by their staff or authorized persons to ensure that Agents operate strictly within the requirements of the law, guidelines and Agent Banking contract.
c. Banks must formulate internal audit policy to monitor and control their Agents and must conduct monitoring visits to the Agent’s outlets at regular intervals to ensure that the Agents are working in accordance with the terms and conditions of the contract, rules, regulations, and instructions issued by SAMA. A report of each visit must be prepared and submitted to SAMA upon its request or with the overall annual report prescribed in Article 30.
d. SAMA will monitor the Bank-Agent relationship and its compliance with laid down instructions. SAMA has the right to carry out monitoring visits at any time to any of the Agent’s outlets.
e. SAMA shall have free, full, and unfettered access to the internal systems, documents, reports, records, staff and premises of the Agent at any time as far as the Agent Banking business is concerned. SAMA shall exercise such powers as it may deem necessary.
f. Notwithstanding Banks' responsibility to monitor and supervise their Agents, as set forth in Clause (a) of Article 25, SAMA may, at any time and as it may deem necessary, perform the following:
1. Requesting information and data directly from Agents;
2. Carrying out full-scope or thematic inspection, with regard to Agent Banking, of the records and premises of the Agent;
3. Directing an Agent to take specific actions or desist from specific practices;
4. Ordering the termination of the Agent Banking contract;
5. Directing the Bank to take specific actions against the Agent;
6. Directing the Bank to take remedial actions as a result of the conduct of an Agent; and
7. Any other guidelines, procedures and/or requirements as SAMA may deem appropriate.
Article 26: Off-site Inspection
SAMA, based on reports submitted to it, will carry out off-site monitoring of banking Agents’ business to assess and monitor risks (particularly material risks) and compliance with laws, regulations and instructions that SAMA supervises their implementation.
Article 27: On-Site Inspection
1. SAMA may conduct onsite inspections, as it may deem appropriate and at any time, carried out by its staff or appointed individuals.
2. The Bank and the Agent shall submit documents requested by SAMA staff or appointed individuals in the form and at the time they determine.
Article 28: Random Inspection
SAMA may make both random and targeted visits to Agent’s premises as it may deem necessary at any time (based on a standard sampling method or on reports identifying Agents that have been the subject of multiple complaints). The visits are aimed at examining the compliance of the Agent with all requirements prescribed herein, including those related to consumer protection.
Section Seven: Agent Registration
Article 29: Agent Registry
1. SAMA will establish an electronic agent registry to which Banks are required to submit information on every Agent operating on their behalf. The agent registry must include, as a minimum, the following:
a. Start date of business relationship as set out in the contract;
b. Agent name and business name;
c. Business address;
d. Geographic coordinates of business location;
e. Contact numbers;
f. Agent’s core business and number of years in operation; and
g. Agent banking contract.
2. Banks may not engage in Agent Banking unless they have registered the required information in the agent registry. Any Banks or Agents engaging in Agent Banking without registering in the agent registry will be subject to any actions or penalties that SAMA may take or impose in this regard.
3. Banks must be responsible for keeping the registry up-to-date.
4. In case of any changes in the Agent’s information (e.g. telephone number), Banks must update data in the registry within ten (10) business days of the date of such change made by the Agent.
Article 30: Annual Reporting
The Bank shall submit an overall report on its Agent Banking business annually to its board. The Bank’s board shall, in its turn, submit to SAMA an approved report that includes, as a minimum, the following information:
a. Nature, value, volume and geographical distribution of operations or transactions;
b. Cases of money laundering and terrorism financing;
c. Incidents of fraud, theft or robbery;
d. Results of the monitoring visits carried out by the Bank; and
e. Customer complaints, their nature and number, and the remedial measures taken to address them.
Article 31: Timely and Accurate Reporting
1. Upon request, Banks shall submit timely and accurate reports to SAMA. Banks will be held liable for any false or late reporting and will be subject to actions and penalties that SAMA may take or impose.
2. Banks shall submit, and be willing to submit in the manner required, any information on the volume and value of transactions carried out for each type of services provided by each Agent, or any other information requested by SAMA at any time as it may deem necessary.
Section Nine: Violations
Article 32: Measures and Penalties
SAMA will take measures and/or impose penalties set forth in related laws against any Banks violating any provisions hereof.
Section Ten: Enforcement
Article 33: Enforcement
This Regulation enters into force as of the date of its publication on SAMA’s website.