Section Four: Agent Banking Operations
Article 16: Obligations and Responsibilities of the Bank
1. The Bank must make a clear, informed and documented decision on the use of Agents for rendering banking services to its Customers.
2. The Bank must be wholly responsible and liable for all actions or omissions of its Agent(s). This responsibility must extend to actions of the Agent(s) even if not authorized in the contract so long as they relate to Agent Banking services or other matters connected therewith. Such responsibilities include the following:
a. Maintaining effective oversight of the Agent’s activities and ensuring that appropriate controls, including remote transaction monitoring to identify and report suspicious and fraudulent transactions, are incorporated into the Bank’s procedures on Agent Banking, in order to assure compliance with relevant laws, regulations and instructions.
b. Assessing the adequacy of controls of Agent Banking activities through regular audits.
c. Formulating and implementing policies and procedures to safeguard the information, communication and technology systems and data from threats.
d. Providing Agents with this Regulation, operational manuals and risk management policy documents as must be needed for rendering services to Customers efficiently.
e. Conducting risk-based review of critical Agent Banking processes to ensure that relevant laws, rules, policies and instructions are adhered to.
f. Selecting credible Agents with suitable/convenient retail outlets.
g. Managing and mitigating risks associated with the engagement of Agents to provide banking services on behalf of the Bank.
h. Providing basic financial education for Customers and Agents. Such education should cover, at a minimum, the importance of protecting the bank card PIN and not disclosing the confidential information of bank accounts to Agents and the confidential information of banking products and services provided. The Bank must periodically train its Agents as set out in Article 18 hereof.
i. Assigning one of its branches or establishing a central administration to be responsible for supervising its Agent(s) operating in a designated area and recruiting experts necessary to effectively supervise its Agent(s).
j. Enabling Agents when executing Customers’ transactions to use ICT devices that are integrated into the technological systems of the Bank. The figures of the transactions must be reflected in ‘Core Banking Solution’ (CBS) of the Bank. The Customer must get instant confirmation of the transaction through paper-based receipt (debit or credit slip), as well as SMS confirming the transaction.
k. Branding Agent banking business in such a clear manner so that the Customer can realize that the Agent is providing services on behalf of the Bank.
l. Taking steps to update and modify, where necessary, its existing risk management policies and practices to cover current or planned Agent Banking services, and to ensure the integration of Agent Banking applications with the main banking systems so as to achieve an integrated risk management approach for all banking activities. The Bank must also seek to perform regular, dependent test by an internal/external auditor or by the Bank’s concerned department to assess the Agent’s AML/CFT program.
m. Preparing and publishing an updated list of all its Agents, by type of Agent, on its website and annual reports. In addition to this, the Bank may publish a comprehensive list of Agents on flyers, corporate gifts and such other publications, as it deems appropriate.
n. Developing a written policy on conflict of interest and ensuring that this policy helps detect potential conflicts of interest. When the possibility of a conflict of interest arises between the Bank and the Agent, this should be disclosed to SAMA.
Article 17: Cash Services
If the Agent Banking contract allows for providing banking services that involve cash, the Bank shall establish, subject to prior non-objection of SAMA, an appropriate daily cash withdrawal and deposit limit for Customers.
Article 18: Training of Banking Agents’ Employees
Banks must train their Agents’ employees to enhance their competency before any Agent Banking activities are conducted. Training must continue for the whole period of the Agent Banking contract to equip Agents’ employees with any updates. At a minimum, training must encompass the following:
a. Products and services offered by the Agent on behalf of the Bank;
b. Know Your Customer (KYC) processes;
c. Protection of Customer information and complaints handling;
d. Fraud detection mechanisms, including identification of counterfeit money;
e. Procedures of anti-money laundering and counter terrorist financing (AML/CFT);
f. Equipment operation and troubleshooting;
g. Claims processing and reconciliation;
h. Obtaining the Retail Banking Professional Foundation Certificate (RBPFC);
i. Agents that handle loan or credit processing must have fulfilled the requirements set by SAMA;
j. Codes of ethics and conduct; and
k. Procedures and mechanisms of reporting fraudulent and suspicious transactions to the Bank.
Article 19: Permissible Activities
1. The Bank may contract with its Agent to provide some or all of the banking services prescribed under this Article. The services provided by the Agent must be stated in detail in its contract with the Bank and must be prominently displayed on the Agent’s business premises and on the website of the Bank, where a full list of all of the Bank’s Agents and their services can be found.
2. Banks shall be responsible for determining, based on agent risk assessment, the services a particular Agent may provide.
3. Permissible services for Agents, after the Bank obtains SAMA’s non-objection, are as follows:
a. Bank accounts opening;
b. Preparation and submission of loan applications and other related documentation;
c. Preparation and submission of applications for credit cards, domestic worker salary cards and other cards, as well as other related documentation;
d. Preparation and submission of bank letters of guarantee and other related documentation;
e. Cash deposits and withdrawals through ATMs;
f. Check deposits through ATMs;
g. Check book request and collection;
h. Payment of electronic bills, fees and fines for utility services;
i. Generation and issuance of account statements;
j. Activation of accounts after obtaining the final approval of the Bank;
k. Funds transfers, local and international;
l. Currency exchange;
m. Issuance of bank debit and credit cards and checks after obtaining the final approval of the Bank;
n. Encashment of checks;
o. Provision of Banking services for SMEs;
p. Reception and submission of POS terminals’ applications;
q. Sales and marketing services; and
r. Any other activities as may be determined from time to time by SAMA.
Article 20: Prohibited Activities
The Bank shall not permit the Agent to perform any of the following activities:
a. Operating or carrying out any transactions when there is communication failure with the Bank and operating in an offline mode or on a manual basis;
b. Carrying out a transaction where a receipt or acknowledgement cannot be generated;
c. Charging the Customer any fees that are not approved by SAMA or included in the Agent Banking contract;
d. Providing, rendering or holding itself out to be providing or rendering a banking service that is not specifically permitted in the contract;
e. Conducting non-electronic transactions outside of the business premises;
f. Soliciting personal information from Customers, including account details and Personal Identification Number (PIN) of Customers;
g. Providing any form of manual cash services unless a written official non objection letter is obtained in this regard from SAMA;
h. Carrying out any Agent Banking transactions or activities other than those approved in SAMA’s non-objection to the Agent contracted;
i. Conducting any payment system services outside of SAMA’s payment system infrastructure;
j. Accessing credit reports at a licensed credit bureau, as part of the loan application process;
k. Disclosing any information obtained by virtue of work;
l. Violating the Bank’s codes of ethics and conduct; or
m. Any other prohibited activities specified herein or as may be determined from time to time by SAMA.
Article 21: Relocation, Transfer and Closure of Agent Premises
The Bank must ensure the following:
a. that its Agent does not transfer, relocate or close its Agent Banking premises without serving a written notice of intention on the Bank at least sixty (60) business days in advance. In these cases, the Bank must apply for SAMA’s non-objection to the measure intended not less than thirty (30) business days prior to transfer, relocation or closure of Agent Banking premises. The Bank must also forward the details and reason(s) for relocation, transfer or closure of premises to SAMA.
b. that the Agent posts a notice of the relocation, transfer or closure on the Agent’s premises so as to be clearly visible to the general public at all times. Further, the Agent must advise Customers by an effective channel of its intention to relocate, transfer or close the Agent Banking business.
Article 22: Settlement of Transactions
To ensure quality of services provided for the beneficiaries and to earn their trust, the Bank must perform the following:
a. Ensure that all transactions carried out through the banking Agent are posted on a real time basis for ‘in bank’ account transactions;
b. Complete transactions that credit or debit accounts in other banks in accordance with SAMA clearing instructions;
c. Conduct a daily reconciliation to ensure settlement is done properly; and
d. Clarify responsibilities of both the Bank and the Agent towards transaction settlement risks.
Article 23: Information Technology (IT) and Operational Requirements
The technology implemented by the Bank for Agent Banking must comply with the industry standard technology in terms of hardware and software. At a minimum, the Bank must ensure that:
a. The Bank has an automatic system that is suitable for Agent Banking and that provides services stipulated in the contract with the required quality, security and speed.
b. The technology deployed comprises a set of interoperable infrastructure modules that work seamlessly and harmoniously. There must be an end- to-end connection from the Bank to the banking Agent.
c. Payment orders are instantly executed. In the event of failure of communication during a transaction, the transaction must be reversed.
d. An audit trail is maintained and made available on request.
e. All settlement information details are preserved.
f. The Bank puts in place adequate measures to mitigate all the risks that could arise from the deployment and use of its Agent Banking IT infrastructure.
g. The Agent Banking IT infrastructure must be, at a minimum, as follows:
1. Be able to support real time, electronic processing of transactions executed;
2. Be able to provide a secured network, including end-to-end encryption;
3. Be able to support Agent Banking services; and
4. At the end point, devices should not store sensitive Customer information, e.g. PIN, passwords, fingerprints, etc.
h. At a minimum, two-factor authentication is required for Agent and Customer registration.
i. Transaction information is transmitted in a secure manner.
j. There is an advanced and secure technological infrastructure.
k. A secured network, including end-to-end encryption, is provided.