As SAMA has adopted the CSM for carrying out SAMA and Direct Participants operations in AFAQ's Service, the functions of a Domestic RTGS system in respect of both inward and outward cross-border payment processing and bookkeeping of Direct Participants' mirror accounts and the relevant NCB shadow accounts are performed in the AFAQ Service CC.

SAMA controls the installation, maintenance, operation, security, and contingency of the Service and has the right to regulate, administer and monitor the Service using the facilities afforded.

Each Direct Participant is responsible at its own cost for the development, maintenance, security and reliability (including back-up and contingency) of its host system connected to the Service and any links from or to the Service.

No Direct Participant may use the Service until it and its systems used in relation to the Service have been certified by SAMA.

SAMA has the right to monitor relevant Direct Participant's activities for the sake of ensuring that the Service is operated properly, exercising responsibility for central risk management and mitigating pertinent risks.

SAMA has no responsibility to monitor Direct Participant’s liquidity. It is the responsibility of each Direct Participant to manage its own Liquidity.

The Service provides reporting and enquiry facilities operating in near real-time; giving each Direct Participant immediate visibility of respective position & enabling it to manage its Liquidity.

SAMA may arrange for enhancements and changes to the Service and advise the Direct Participants accordingly, giving such notice before the changes are to be implemented as SAMA considers reasonable. SAMA may give directions for the safe, accurate and timely implementation of changes, updates and distributions. The changes will be binding on the Direct Participants and each Direct Participant will at its own cost carry out all necessary tests & modifications to its own systems linked to the Service and to its pertinent procedures to give effect to these measures.

SAMA may from time to time specify the service levels to be provided by the Service and by the Direct Participants systems used in connection with the Service.

Each Direct Participant must inform SAMA Immediately of any event which may affect its role or function as a Direct Participant in the Service, including any known or planned disconnection from the Service, or any significant changes to Its host system interface to the Service, its organisation, or environment.

Each Direct Participant must maintain their own internal operating procedures that comply with these Operating Rules.

Each Direct Participant must ensure that their back-up and contingency procedures are such that the Service is capable of completing their daily processing requirements, without compromising the integrity, security, or performance of the Service. Each Direct Participant will ensure that it has access to adequate contingency facilities to enable It to send and receive its Payment Messages at least during the Operational Phase of the Business Cycle. Each Direct Participant shall ensure that their contingency procedures allow the resumption of operations at the contingency site when required, with the minimum loss of operational time in accordance with the Business Continuity Management Framework published by SAMA, as amended from time to time.

Each Direct Participant will comply with the Business Continuity Management Framework issued by SAMA & conduct realistic tests of contingency facilities at least twice annually to ensure the readiness and capability of operations. Signed records of the conduct of such tests must be retained.

Each Direct Participant is responsible for backing up data and programs for its own the Service operations.

Unless advised otherwise by SAMA, The Direct Participant agrees to keep confidential all information concerning SAMA's business or its ideas, intellectual properties, products, customers or services that are of confidential, proprietary or trade secret nature.

The Direct Participants will abide by applicable rules, regulations, policies and frameworks issued by SAMA; including the Service Security Policy as amended by SAMA from time to time. The Direct Participant must ensure the security and soundness of (SAMA - AFAQ) operations and inform SAMA in case of any security incidents.

The Direct Participant must take necessary actions & implement adequate measures to prevent, detect and respond in a timely manner to fraudulent activities involving the Service & report such activities to SAMA and the Direct Participants concerned in accordance with relevant fraud prevention guidelines.

Each Direct Participant must maintain a current the Service account at SAMA. Relevant Direct Participant's account must be held in accordance with SAMA's banking conditions from time to time.