Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • Section 4: Enhanced Due Diligence Measures

    • A. Enhanced Due Diligence Measures

      Customer classification according to the level of risks is a key element in the financial institution’s risk-based approach. The financial institution shall identify the risk factors to be taken into consideration when classifying a customer in the high-risk customer category from the AML/CTF perspective. It shall also take additional steps to collect information about high-risk customers and business relationships in order to understand and assess risks and monitor transactions more accurately. It is the responsibility of the financial institution to identify high-risk customers, either individually or by category, and accordingly implement enhanced due diligence measures in a manner that ultimately leads to mitigating risks. 
       
      The financial institution may also refer to a set of available resources to classify the degree and level of risk for high-risk customers, including the data collection form prepared by SAMA and the FATF guidelines that aim to assist financial institutions in identifying high-risk customers. 
       
      Article (7/14) of the Implementing Regulations of the Anti-Money Laundering Law and Article (17) of the Implementing Regulations of the Law on Combating Terrorism Crimes and Financing state that it is the responsibility of the financial institution to implement enhanced due diligence measures in the case of ML/TF high risks based on the type and level of risk posed by a specific customer or business relationship. Article (11) of the Anti-money Laundering Law and Article (66) of the Low on Combating Terrorism Crimes and Financing require the financial institution to apply enhanced due diligence measures commensurate with the risks involving business relationships and transactions with a person from a country identified as a high-risk country by the financial institution, the PCCML, or the PCCT.

      4.1
      The financial institution shall design and implement its risk-based approach in a manner that enables it to identify high-risk customers and beneficial owners according to the risk elements specified in Paragraph (1.1) in the ML/TF Risk Assessment Section. When a customer or business relationship is classified as high risk, the financial institution shall take enhanced risk mitigation measures, including enhanced due diligence measures.
       
      4.2The financial institution shall include in its approved AML/CTF policies and procedures the enhanced due diligence measures to be taken to identify high-risk customers and business relationships. These measures may include the following:
       
       a)Obtaining and verifying information about the customer's job, activity or profession.
       
       b)Identifying and knowing the source of funds/income at the beginning of dealing with the customer and when carrying out transactions for the customer as well as verifying the data and information.
       
       c)Obtaining information regarding the customer’s size of assets and transactions.
       
       d)Conducting on-site visits to verify the nature of the customer's business.
       
       e)Obtaining any additional documents or information to know the customer.
       
      4.3Upon identifying a high-risk customer before/after establishing the business relationship, the financial institution shall obtain approval from the senior management to deal with and continue the business relationship with the customer.
       
      4.4The financial institution shall apply enhanced due diligence measures to high-risk customers and business relationships with any natural or legal person, even if the financial institution does not have a business relationship with that person, if such person poses high risk from the AML/CTF perspective.
       
      4.5When discovering that another financial institution has refused to deal with a specific customer, the financial institution shall implement enhanced due diligence measures, know the reasons behind that refusal, and take additional due diligence measures if the reason for refusal was a suspicion related to ML/TF.
       
      4.6The financial institution shall apply enhanced due diligence measures to customers with a complex organizational structure so it can understand and identify customer risks and verify the beneficial owner.
       
      4.7The financial institution shall take appropriate measures to identify high-risk countries associated with ML/TF risks and implement enhanced due diligence measures that are commensurate with the risks that may arise from business relationships and transactions with a person from such countries. This includes the following:
       
       a)Following up what is issued by the PCCML regarding high-risk countries.
       
       b)Following up what is issued by the PCCT regarding high-risk countries.
       
       c)Following up on the guidance issued by the FATF concerning the deficiencies of countries in the implementation of preventive measures to protect the international financial system against ML/TF risks.
       
      4.8When taking enhanced customer due diligence measures, the financial institution shall properly document these measures in accordance with Paragraph (6.1) in the Record Keeping Section.
       

    • B. Politically Exposed Persons (PEPs)

      Identifying a PEP and the extent to which that person is considered politically exposed is one of the customer due diligence measures taken by the financial institution to implement the risk-based approach in conducting its business. The political influence and power of such person may lead to misuse of this power for illicit enrichment. Proceeds in this case are often transferred under names of relatives or persons close to a PEP for the purpose of concealment. 
             		 
      Therefore, the financial institution shall take reasonable measures to identify whether a customer or beneficial owner is a PEP. In cases of high-risk business relationships with PEPs, the financial institution shall apply enhanced due diligence measures and apply the same to all types of PEPs, their family members, and persons close to those PEPs. 
             		 
      Article (8) of the Anti-Money Laundering Law and its Implementing Regulations require the financial institution to develop internal procedures and provide appropriate tools to identify PEPs and implement enhanced due diligence measures regarding them. 

      4.9
      The financial institution shall use appropriate tools and measures to determine if a customer or beneficial owner is a PEP, whether that person is foreign or local. These tools and measures may include the following:
             		 
       a)Searching for the customer in any available information sources.
       
       b)Relying on a credible database to identify and verify the information of PEPs, including the use of programs or information systems that enable the financial institution to determine if a customer, potential customer, or beneficial owner is a PEP.
       
       c)Include specific questions regarding a customer being a PEP at the start of the business relationship or when updating and reviewing customer information.
       
       d)Verify the customer’s position and the potential use of power related to it.
       
      4.10The financial institution shall take into consideration that mere reliance on electronic systems and programs does not guarantee full compliance with the Anti-Money Laundering Law and its Implementing Regulations. The financial institution is responsible for determining whether a customer is a PEP or not, and combining the tools mentioned in Paragraph (4.9) may be highly effective in identifying and verifying the PEP.
             		 
      4.11The financial institution shall determine if a customer or beneficial owner is a PEP in the following cases:
             		 
       a)Prior to starting a new business relationship.
       
       b)Prior to making a transaction for a natural or legal person with whom there is no business relationship, whether such transaction is carried out in a single operation or in several operations that appear to be linked.
       
       c)When updating or reviewing customer information.
       
       d)Upon suspicion that the customer is a PEP.
       
      4.12The financial institution shall continuously apply due diligence to customers, business relationships, and beneficial owners to verify if a customer is a PEP, as mentioned in Paragraph (3.7) in the Due Diligence Section.
             		 
      4.13The financial institution shall classify the foreign person as a high-risk PEP customer and implement enhanced due diligence measures to mitigate risks, including:
             		 
       a)Obtaining approval of the senior management before establishing or continuing a business relationship with that person.
       
       b)Taking all reasonable measures to identify the source of the customer’s wealth and funds.
       
       c)Implementing enhanced and continuous due diligence measures for the business relationship.
       
      The financial institution shall apply the same measures to local PEPs when the level of ML/TF risks is high. 
             		 
      4.14The financial institution shall apply the same enhanced due diligence measures to the family members of the PEP as well as any person close to the PEP.
             		 
      4.15To determine the level and degree of risk posed by a local PEP, the financial institution shall observe the requirements mentioned in Paragraph (1.1) under the ML/TF Risk Assessment Section. It may also rely on the following information:
             		 
       a)The period of time for which a local PEP has been entrusted with prominent public functions in Saudi Arabia or in a foreign country.
       
       b)Corruption risks associated with the entity where a local PEP occupies his position and the extent to which that entity is exposed to corruption risks.
       
       c)The customer's attempt to conceal or present inaccurate information related to the application of due diligence/enhanced due diligence, such as:
       
        -Concealing or providing inaccurate information related to the customer's job and the extent to which it is associated with high public positions or functions in Saudi Arabia or any foreign country.
             		 
        -Concealing or providing inaccurate information related to the source of income/wealth.
             		 
       d)Reliance on the family members of a local PEP or persons close to that person to act on his behalf.
       
      4.16The financial institution shall have sufficient, reasonable and documented grounds based on the ML/TF risk assessment results if it decides that a local PEP, their family members, or persons close to that PEP do not pose high risk from the AML/CTF perspective.
             		 
      4.17If it is established from protection and/or savings policies or investment- related insurance documents that a beneficiary or beneficial owner is a PEP, the financial institution shall take enhanced due diligence measures to mitigate risks before the payment of benefits or exercise of any rights under those documents. Such measures shall include the following:
             		 
       a)Notifying the senior management before the payment of benefits or exercise of any rights under those documents.
       
       b)Carrying out a thorough examination of the business relationship with the customer and considering reporting to the SAFIU in case of a suspicious transaction.
       
       The rights exercised by a customer under a policy may include:
             		 
       Cancellation of the policy.
       
       Cancellation of the policy during the free-look period.
       
       Partial withdrawal of the investment amount.
       
       Change of investment fund.
       
       Payment of additional premiums.
       
      4.18If the financial institution fails to identify a PEP or has suspicions regarding a PEP, it shall include the following in its records:
             		 
       a)The measures taken to determine the customer type.
       
       b)Reasons for suspicions about the nature of the customer’s position or job or association with a PEP.
       
       c)Reasons why the measures did not work.
       
       d)The date on which the measures were taken.