SAMA may conduct regular or unexpected inspection, through its inspectors or external auditors, to check the company’s accounts and records, and the company’s staff must cooperate and provide any information or data requested.

Companies shall sign membership agreements approved by SAMA with any party that wishes to obtain credit information about consumer credit records. Such agreements shall indicate rights and obligations of the parties. Each party after signing the agreement will be regarded as a "member".

Credit information shall be shared among companies that are governed by the Law according to bi-lateral or multi-lateral agreements or contracts entered into between such companies. These agreements and contracts shall specify the parties' rights and obligations, documents to be provided concerning such information, validity, method of extension or renewal, and financial charges to be paid. They shall be submitted to SAMA to obtain its non-objection.

Companies shall prepare regular records containing (natural and legal) consumers’ names, capacities, addresses, workplaces, nature of business and credit information.

Companies shall regularly prepare records containing the names of members and companies they are transacting with, whether credit information companies or any other companies governed by the Law and its Implementing Regulations, as well as the agreements and contracts signed with each company, their durations and conditions.

Companies shall take all measures and precautions necessary to ensure soundness, accuracy, integrity and completeness of information obtained according to the Law and its Implementing Regulations and shall:

A company shall be held responsible to the parties transacting with it, i.e. public and private institutions/ agencies, firms and consumers, for any invalid or false information and data it provides. However, this will not waive the company’s right of recourse against a member for any damages the company incurs once it proves the member's deception and misleading information.

Companies shall establish data and information security protection controls for the information they have or obtain, and they shall:

Prior to providing a member with any credit record, the company shall:

With due consideration to these Implementing Regulations, the company may not issue any credit record on a consumer except based on:

Companies shall procure an insurance policy from an authorized insurance provider in Saudi Arabia to cover its liabilities arising from failure, negligence or errors in the provision of credit information services.

The company may not sell, rent or assign its databases except to another licensed credit information company, and after obtaining SAMA’s prior written approval. Upon dissolution of the company for any reason, its databases will go to SAMA or any other organization designated by SAMA.

Companies shall obtain SAMA's prior written approval on the pricing policy for their provided services that are governed by the Law and its Implementing Regulations, except as stipulated in Article (43) of these Implementing Regulations.

With due consideration to Article (12) of these Implementing Regulations, companies will collect credit information on consumers from all available sources such as public records and financial institutions whose nature of work involve providing credit in addition to consumers’ current and previous places of work, chambers of commerce and industry, and other related organizations and sources.

Companies shall establish a complaints settlement department and develop a procedural manual for processing consumer complaints to be published after obtaining SAMA’s approval. The manual shall include procedures that ensure:

Companies shall prepare a procedural manual for consumer awareness of credit information and submit it to SAMA for its approval.