Part Eight: Risk Management
Article 38
The Finance Company must:
1. Establish a clear written business strategy and a written risk management policy approved and updated annually by the Board. The risk management policy should take into account all relevant types of risks and how to deal with them, taking into consideration all business activities, including operations and tasks that have been outsourced. The risk management policy must include analysis for at least the following risks: a. Credit risks; b. Market risks; c. Term Cost rate risks; d. Incompatibility of assets with liabilities risks; e. Exchange rate risks; f. Liquidity risks; g. Operational risk; h. Country risks; i. Legal risks; j. Reputation risks; k. Technology risks. 2. Establish appropriate procedures to identify, assess, manage, monitor and communicate risks. These processes must be included in a comprehensive risk management framework that ensures the following: a. Early and comprehensive identification of risks; b. Assessment of correlations between risks; and c. Immediate coordination with Senior Management, the Board, risk and credit management committee and the responsible staff, and where appropriate, the internal audit department. 3. Establish a risk management function directly reporting to the risk and credit management committee. Risk and credit management committee must raise their views about risk management reporting to the Board. Article 39
The Finance Company must prepare a quarterly risk report for discussion by the risk and credit management committee and the Board after review by Senior Management. The report must include as a minimum the following:
1. A comprehensive overview of the risk development and performance of financial positions that incur market price risks, as well as any instances in which the limits have been exceeded; 2. Changes to assumptions or parameters which form the basis of risk assessment procedures; 3. The performance of the Finance portfolio by activity, risk class and size and collateral category; 4. The extent of limits granted and external credit lines; Large Exposures as defined in Article 55 of this Regulation and other significant Exposures, such as default Finance, must be listed and commented on; 5. Analysis of the conditions in which the Finance Company exceeded the limits and the reasons thereof, the scale and development of new business, and Finance Company’s risk provisioning; and 6. Any major Finance decisions which deviate from the strategies or policies of the Finance Company. Article 40
The Finance Company must submit to SAMA the report referred to in Article (Thirty-Nine) of this Regulation, after being discussed and approved by credit and risk management committee and the Board, along with the decisions made in this regard.