2.5 Anti-Money Laundering & Control of Terrorist Financing
The general rules for Anti-Money Laundering (AML) are set out in the Saudi Arabian "Anti Money Laundering (“AML”) law" and "Rules Governing Anti-Money Laundering & Combating Terrorist Financing", Section 4.2. Any prepaid product must comply with all anti-money laundering/combating financing of terrorism guidelines already implemented in the Kingdom of Saudi Arabia.
2.5.1 Anti-money laundering regulations
Anti-money laundering regulations are designed to prohibit the funding of prepaid accounts with financial money from criminal activities.
2.5.2 Issuer compliance
Irrespective of the number of parties with whom the Issuer may share the issuing activities, the issuer remains liable for ensuring compliance of its prepaid programme(s). If necessary, additional systems, procedures and controls must be deployed by the issuer to ensure compliance with these guidelines.
2.5.3 Monitoring of payment service activity
The issuer is required to monitor on an on-going basis the prepaid payment service activity by undertaking the following tasks and verifying to SAMA their compliance with the Kingdom's AML legislation:
- Keep up to date the primary cardholder’s verification data (as described in 2.3) held on record as required according to the Anti-Money Laundering (“AML”) law in the Kingdom of Saudi Arabia, Article 5
- Verify transaction records at regular intervals, where the frequency will depend on the level of risk attributed to the primary cardholder, to ensure that these fall within the scope agreed in the contract established with the primary cardholder;
- Maintain a log of all the transactions undertaken using the prepaid payment services. This data must be available for scrutiny by SAMA as appropriate when requested;
- Report suspicious activity promptly to Financial Intelligence Unit if it suspects that funds loaded onto the prepaid account are the proceeds of criminal activity;
- Such monitoring to be undertaken by the Financial Intelligence Unit as defined in the "Anti Money Laundering (“AML”) law" and "Rules Governing Anti-Money Laundering & Combating Terrorist Financing", Section 4.2;
- Conduct transaction screening as well as account and primary cardholder behaviour monitoring, to identify any unusual activity;
2.5.4 Funds transfers
If the prepaid payment service allows the primary cardholder to transfer money to a bank account in the Kingdom of Saudi Arabia or abroad, the issuer must conduct the following precautionary measures:
- Obtain adequate levels of information about the beneficiary bank; and
- Assess whether the beneficiary bank’s anti-money laundering controls and risk management procedures are adequate; and
- Screen the beneficiary's bank account against available AML/CFT negative files.
- Consider all the relevant rules relating to remittances and follow Customer Due Diligence (CDD) processes with individual customers and with receiving banks (correspondent banks).
2.5.5 Face to face verification
Further to the customer due diligence measures carried out at the onset of the contract (see 2.3), a further full verification must be carried out face-to- face whenever:
a. There is a suspicion of money laundering or terrorist financing;
b. There are doubts about the veracity or adequacy of the previously obtained primary cardholder identification data;
c. Higher compliance risks are posed.
The prepaid account must be blocked until full verification occurs if any of the above suspicions are raised.
2.5.6 SAMA Examination
SAMA may conduct the following activities:
a. Request the issuer to provide, detailed information about the transaction (e.g. primary cardholder’s identity, transactions history) upon request;
b. Interview staff at the Issuer to investigate potential compliance issues;
c. Conduct an inspection of the books and accounts of a bank, or affiliated third parties;
d. Impose penalties to any issuer who fails to observe the primary cardholder due diligence and the transaction archiving requirements.