A close loop prepaid products may or may not be  reloadable. Closed loop prepaid payment services are not allowed to provide cash withdrawal  functionality at ATMs or transfer of funds into a bank account.

An issuer (refer to 1.2.1 Issuing Programme Manager) proposing to operate closed loop prepaid programme must seek SAMA’s “no objection” to  the proposed programme at a contracting entity level.

A closed loop prepaid payment service issued in the Kingdom is not allowed to provide cross- border payment functionality, unless permitted by SAMA.

A restricted loop prepaid products may or may not be reloadable. Restricted loop prepaid payment service product is not allowed to provide cash withdrawal functionality at ATMs or transfer of funds onto a bank account.

Any Issuer (refer to 1.2.1 Issuing Programme Manager) proposing to operate restricted loop prepaid programme must seek SAMA’s “no objection” to the proposed programme at a contracting entity level.

A restricted loop prepaid payment service issued in the Kingdom is not allowed to provide cross-border payment functionality, unless permitted by SAMA.

Open loop prepaid products may or may not be reloadable. An open loop prepaid payment product can, but is not required to, enable cash withdrawals at ATMs or the transfer of funds onto a bank account, including international remittances within the restrictions of Know Your Customer (KYC) and Anti Money Laundering (AML)/Combating Terrorist Financing (CTF) rules documented in Section 2-5.

Any Issuer (refer to 1.2.1 Issuing Programme Manager) proposing to operate open loop prepaid programme must seek SAMA’s “no objection” to the proposed programme at a product level.

Regulated Issuers (Refer to The issuing Programme Manager (issuer) 1-2-1) may outsource activities within the KSA to trusted third parties under an outsourced service contract, provided that the regulated issuer assumes the responsibility for all actions undertaken by a third party.

In accordance with the "Rules on Outsourcing", issued by Saudi Central Bank, section 2-3, banks are required to confirm SAMA has "no objection" prior to undertaking any Material Outsourcing.

All disclosures required by these Rules shall be made in the Arabic language and utilise the Hijrah calendar and/or using the Gregorian calendar. Disclosures in the English language shall be provided at the primary cardholder’s request. Any Operator must be a licensed bank in the Kingdom of Saudi Arabia that is permitted to accept deposits, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H.

These rules have been issued in a bilingual form in Arabic and English. In case of any difference in the meaning or interpretation of the text, the Arabic text will prevail. The English language will be referred to only for the purpose of assisting in understanding these rules.

All disclosure requirements contained in these Regulatory Rules apply to products offered in totality by a business approved by SAMA to issue prepaid payment services. Where a joint product is offered the disclosure requirements apply to the business approved by SAMA to issue prepaid payment services.

To issue a prepaid payment service product or acquire prepaid payment service transactions a financial institution must be a licensed bank in the Kingdom of Saudi Arabia, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H, and licensed to provide financial services within the Kingdom of Saudi Arabia, with SAMA’s “no objection” prior to introduce any prepaid product.

A Prepaid issuer or acquirer operating in the Kingdom of Saudi Arabia shall be allowed to issue or acquire prepaid payment services within all acceptance categories (Open Loop, Restricted Loop, Closed Loop) & prepaid payment service segments (Payroll Cards, Youth Cards, etc.) in both the reloadable & non-reloadable variants, as long as the requirements contained within these rules are me

Open loop and/or reloadable prepaid payment service products are allowed to be issued to an individual provided a Full Verification process has been undertaken:

Full verification is the process by which the Issuer or an authorised third party obtains and verifies the prepaid accountholder’s identity. Accountholders whose identity has been fully verified shall have a prepaid payment service with the full functionality as determined by the Issuer. Full verification is conducted face-to-face (refer to (100-8) interviewing the customer in Rules governing the opening of bank accounts & general operational guidelines in Saudi Arabia).

The face to face verification process requires a government issued document with primary cardholder's full name and photograph. The accepted documents are the same as mentioned in the rules of opening bank accounts. In addition, for those who are not resident in the Kingdom and are in Saudi Arabia to perform Hajj & Omrah or to provide professional consultancy services for government agencies or for a local commercial entity, the accepted documents are a valid passport with valid Saudi visa.

Merchants will not be entitled to conduct the full verification due to the potential conflict of interest.

The Issuer remains responsible for the verification process and is officially required to produce the verification information on demand by SAMA.

Card payment service products that use a simpler form of KYC are limited to products providing restricted value, non-reloadable services which can be offered by the issuer (directly or via a third party) without verification of the cardholders identity. This may apply if the prepaid payment service has the following characteristics:

1. The prepaid payment service is not reloadable; and
2. The amount stored on the device does not exceed 400 SAR; and
3. The value is redeemable through a predefined merchant group (closed or restricted loop); and
4. The value on the prepaid account cannot be redeemed at ATMs or by transfer to a bank account.

For prepaid payment products where the contracting entity is an individual and where the prepaid payment product is not using a simpler form of KYC the said individual shall be the person for whom the bank will need to identify the required information pertinent to doing financial business with them as a customer for KYC purposes. The individual will also be the person against which the required transaction monitoring of KYC, AML and CTF are applied.

Included within these are all consumer prepaid payment services where the contracting entity is an individual. This includes personal payment service products with a single payment device attached, as well as payment service products with sub-records such as youth cards. Specifically for payment service products for minors less than 18 years old the requirements set out in "Rules Governing the Opening of Bank Accounts & General Operational Guidelines in Saudi Arabia", section 200-1-1 “Minors of less than 18 years' old" apply.

For such a payment service product the following conditions shall apply;

All programs must comply with the regulatory rules for prepaid payment services in the Kingdom of Saudi Arabia.

For prepaid electronic records where the contracting entity is a juristic person and where the prepaid electronic records is not using a simpler form of KYC, the individual(s) who will be provided the payment service product shall be the person for whom the issuer will need to identify the required information pertinent to doing financial business with them as a customer for KYC purposes. The individual will also be the person against which the required transaction monitoring of KYC, AML and CTF are applied.

Included within these are all commercial prepaid payment services where the contracting entity is a Juristic person. This includes salary payment service products, prepaid procurement cards (petty cash payment products) with a single payment device attached, as well as payment service products with sub-records.

Specifically account opening procedures must be compliant with section 300 of the 'Rules Governing the Opening of Bank Accounts and General Operational Guidelines in Saudi Arabia’ as issued by SAMA.

For the opening of accounts of prepaid payment service products where the contracting entity is a Juristic person the following conditions shall apply;

For prepaid electronic records where the contracting entity is government agency and where the prepaid electronic record is not using a simpler form of KYC, the individual(s) who will be provided the payment service product shall be the person for whom the issuer will need to identify the required information pertinent to doing financial business with them as a customer for KYC purposes. The individual will also be the person against which the required transaction monitoring of KYC, AML and CTF are applied.

Included within these are all commercial prepaid payment services where the contracting entity is a government agency. This includes salary payment service products, prepaid procurement cards (petty cash payment products) with a single payment device attached, as well as payment service products with sub-records.

Specifically account opening procedures must be compliant with the following clauses (Section 500-1-1, sub-clauses 1, 2, 3 and 7 & Section 500-2) of the 'Rules Governing the Opening of Bank Accounts and General Operational Guidelines in Saudi Arabia’ as issued by SAMA.

In addition to the rules laid out in the above, for a prepaid payment product opened under these rules the account terms and conditions must specify the withdrawal functionality and/or value threshold (via POS and/or ATM), as agreed with the Government entity.

For the opening of accounts of prepaid payment service products where the contracting entity is government agency the following conditions shall apply;

For prepaid payment products where the contracting entity is an individual householder and the contracting entity has satisfied the normal SAMA Account Opening and KYC requirements, as identified at 2.4.1. The contracting entity will also be the person against which the required transaction monitoring of KYC, AML and CTF obligations are applied.

Included within these are all retail prepaid payment services where the contracting entity is a householder who offers payments cards to household members, for the purpose of effecting purchase payments and cash withdrawals using a SPAN debit card drawn on monies for which the contracting entity is the beneficial owner.

Such household members shall be either:

• A family member (e.g. wife, son) or have a legal relationship with the contracting entity (e.g. legal guardian).
• A contracted employment relationship, where the cardholder is under the sponsorship of the contracting entity.

For such a payment service product the following conditions shall apply;

For Prepaid Payment Electronic Records that uses a simpler form of KYC the following applies:

Anti-money laundering regulations are designed to prohibit the funding of prepaid accounts with financial money from criminal activities.

Irrespective of the number of parties with whom the Issuer may share the issuing activities, the issuer remains liable for ensuring compliance of its prepaid programme(s). If necessary, additional systems, procedures and controls must be deployed by the issuer to ensure compliance with these guidelines.

The issuer is required to monitor on an on-going basis the prepaid payment service activity by undertaking the following tasks and verifying to SAMA their compliance with the Kingdom's AML legislation:

1. Keep up to date the primary cardholder’s verification data (as described in 2.3) held on record as required according to the Anti-Money Laundering (“AML”) law in the Kingdom of Saudi Arabia, Article 5
2. Verify transaction records at regular intervals, where the frequency will depend on the level of risk attributed to the primary cardholder, to ensure that these fall within the scope agreed in the contract established with the primary cardholder;
3. Maintain a log of all the transactions undertaken using the prepaid payment services. This data must be available for scrutiny by SAMA as appropriate when requested;
4. Report suspicious activity promptly to Financial Intelligence Unit if it suspects that funds loaded onto the prepaid account are the proceeds of criminal activity;
5. Such monitoring to be undertaken by the Financial Intelligence Unit as defined in the "Anti Money Laundering (“AML”) law" and "Rules Governing Anti-Money Laundering & Combating Terrorist Financing", Section 4.2;
6. Conduct transaction screening as well as account and primary cardholder behaviour monitoring, to identify any unusual activity;

If the prepaid payment service allows the primary cardholder to transfer money to a bank account in the Kingdom of Saudi Arabia or abroad, the issuer must conduct the following precautionary measures:

1. Obtain adequate levels of information about the beneficiary bank; and
2. Assess whether the beneficiary bank’s anti-money laundering controls and risk management procedures are adequate; and
3. Screen the beneficiary's bank account against available AML/CFT negative files.
4. Consider all the relevant rules relating to remittances and follow Customer Due Diligence (CDD) processes with individual customers and with receiving banks (correspondent banks).

Further to the customer due diligence measures carried out at the onset of the contract (see 2.3), a further full verification must be carried out face-to- face whenever:

a. There is a suspicion of money laundering or terrorist financing;

b. There are doubts about the veracity or adequacy of the previously obtained primary cardholder identification data;

c. Higher compliance risks are posed.

The prepaid account must be blocked until full verification occurs if any of the above suspicions are raised.

SAMA may conduct the following activities:

a. Request the issuer to provide, detailed information about the transaction (e.g. primary cardholder’s identity, transactions history) upon request;

b. Interview staff at the Issuer to investigate potential compliance issues;

c. Conduct an inspection of the books and accounts of a bank, or affiliated third parties;

d. Impose penalties to any issuer who fails to observe the primary cardholder due diligence and the transaction archiving requirements.

The distance selling rules and guidelines described in this section are applicable whenever a prepaid account and payment device is requested via an internet website, call centre or postal mail. Distance selling applications to an eligible prepaid issuer within the Kingdom for a prepaid account originating from outside the Kingdom of Saudi Arabia.

All contractual terms and conditions must be provided in a written form (including electronically).

Upon completing the electronic full verification (see 2.3.1), the Issuer must confirm that the contracting entity (an individual or a juristic person or government entity) has received the contract information by contacting the primary contracting entity (an individual or a juristic person or government entity) via telephone, postal mail or email or any other electronic means. Contracts can be concluded online.

The contracting entity (an individual or a juristic person or government entity) shall be entitled to a cooling-off period of 14 days, during which they may terminate the initial contract without any penalties.

The issuer shall provide the disclosures required under this section on or with any application that is made available to the customers, including one contained in a catalogue, magazine, or other generally available publication, to open a prepaid payment service account.

A prepaid payment service issuer shall disclose the following with or on an application:

Table 2: Beneficial owners of funds on prepaid accounts in specific cases

^* The Child/Accountholder is the beneficial owner of the funds, but the Guardian will typically have Power of Attorney and signing rights on the Account until the Child reaches age of majority (18)

^#The value on the Gift Card will be the property of the Cardholder, but may be limited to ‚withdrawal through Purchase‘ at the Merchant outlet. This will be defined in the Prepaid Service Terms & Conditions

If the prepaid payment service is a Government or a juristic persons prepaid payment service (see1.3.2 and 1.3.3), the master accountholder/contracting entity shall be responsible for all expenses incurred in processing the payment including bank fees, service provider charges, and all other costs. The Contracting entity is not allowed to share any costs with the primary cardholders, including deducting fees from funds from the account directly or indirectly.

However, in the case of sub-records where the cardholder is the beneficial owner, transaction effected directly by the beneficial owner (e.g. ATM and/or POS transactions) which may be chargeable, can be applied to such sub-record. All other expenses related to production and distributions of cards remain responsibility of the contracting entity.

The issuer must enter into a written contract with the contracting entity (an individual or a juristic person or government entity) which can be in electronic form.

Contracts must be signed by the contracting entity (an individual or a juristic person or government entity). If the contract is entered into online there must be a requirement for a digital signature or exchange of written copies later on.

The issuer must put in place an effective mechanism to attend to any primary cardholder complaints. The contracting entity (an individual or a juristic person or government entity) will also be able to complain to SAMA in accordance with the SPAN rules.

The use of clear and simple language terms is required in all communications. The Arabic language should be the main communication language.

The issuer shall honour the primary cardholder's instructions for payments, at approved locations, if there is sufficient balance outstanding against the instrument.

Periodical fees, such as dormancy fees or inactivity charges, shall not be charged to prepaid payment services, except in the circumstances below and provided that these are clearly stated in the terms and conditions:

Prepaid Payment Services shall be subject to standard SPAN card expiration date,

a. The expiration date is at least 3 years after the date on which the prepaid account funds were first loaded, where the card is a smart/EMV card

OR

B. two years for magnetic stripe cards;

AND

c. the terms of expiration are prominently disclosed

Any term in the contract will be considered unfair if it causes a significant imbalance in the rights and obligations arising under the agreement to the detriment of the account or primary cardholder. Unfair terms will be considered null and void, but shall not affect the validity of any other provisions in the contract. Where there is any doubt as to the meaning of a contractual term, the interpretation should favour the primary cardholder

For the purpose of this Regulatory Framework, an advertisement is a commercial message in any medium that promotes, directly or indirectly, a prepaid payment service product.

Advertisement shall clearly state the identity of the issuer making the disclosure (i.e. any public disclosure or communication relating to a prepaid service offering MUST identify the identity of the regulated issuer/IPM notwithstanding any other brand or title under which the service may be offered to market). The minimum level of detail should contain the name of the issuer and the bank address/phone number and specify that the account balance is held by a bank.

Advertisement shall only state specific terms that actually are, or will be arranged or offered by the prepaid payment service issuer. The terms shall be presented as a whole with charges shown adjacent to the offer.

In the following the term “billing error” represents a posting to the prepaid payment service account and which gives rise to an error in the overall balance. Billing errors include:

A billing error notice is an oral or written message from the primary cardholder that:

a. Is received by the issuer at the call centre or address provided in the Terms and Conditions in force no later than 180 days after the transaction date of the alleged billing error;

b. Enables the issuer to identify the primary cardholder’s name and account number, and, to the extent possible, indicates the primary cardholder’s reasons for believing that a billing error exists, the type of error, the date and amount of the error.

c. Such billing error notice shall be taken seriously by the bank (issuer and/or acquirer).

The bank (issuer) shall handle billing errors as follows:

A closed loop prepaid payment service Operator must be a bank in the Kingdom of Saudi Arabia that is permitted to accept deposits, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H.

The Operator shall disclose in Merchant Service Agreement all charges, if any, associated with the operation of prepaid payment services and acceptance of prepaid payment service transactions and an explanation of the method of computation of charges as follows:

The Operator shall inform the merchant in writing of any changes in charges at least 60 working days before the changes take effect.

The merchant shall have the right to cancel a Merchant Service Agreement with a notice period not to exceed 90 calendar days.

The Operator shall disclose within the Merchant Service Agreement the elapsed time between the deposit of transactions, these being either captured on paper or electronically, and the crediting of the value, less any applicable charges according to section 2.13.2, into the merchant’s account. The Operator must pay or credit their contracted Merchants after the transaction reconciliation process is completed according to the terms and conditions stipulated in the Merchant Service Agreement. Payment must cover the transaction totals reduced by the credits (reversals, adjustments and refunds) and any applicable Merchant discounts.

The prepaid payment service Operator shall mail or deliver by other means a periodic statement to the merchant relating to prepaid transactions credited to the merchant account. The statement shall disclose the following items: