Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • Anti-Fraud Rules for Finance Companies

    • Chapter I: Definitions

      4- The following terms and phrases, wherever mentioned herein, shall have the meanings assigned thereto unless the context requires otherwise:

      Rules: Anti-Fraud Rules for Finance Companies.

      SAMA: Saudi Arabian Monetary Authority.

      Fraud: An act or omission intended to gain, directly or indirectly, an advantage, that would not be gained otherwise, for the party committing the fraud or for other parties. This includes, but is not limited to, the following:

      a. use of documents containing incorrect information;

      b. non-disclosure or deliberate concealment of information required by law;

      c. abuse of authority, a position of trust, or a fiduciary relationship; and 

      d. asset misappropriation.

       Finance Company: A joint-stock company licensed by SAMA to engage in finance activities.

       

    • Chapter II: Strategy and Organizational Structure

      5- The Finance Company shall develop an anti-fraud strategy aligned with its risk profile and business. The strategy shall be approved by the Finance Company’s board of directors and updated regularly to ensure its alignment with corporate ever-evolving business environment.

      6- The Finance Company shall design a structure for fraud control. The structure shall be commensurate with the size and nature of the Company’s business so as to facilitate control and implementation of anti-fraud policies by the Company’s management and ease communication between departments in case of suspicion or detection of fraud.

    • Chapter III: Policies and Procedures

      7- The Finance Company shall put in place policies and procedures to implement anti-fraud and risk management strategies. Such policies and procedures shall be updated regularly and tested in terms of effectiveness to keep abreast of developments in fraud. A copy of such policies and procedures shall also be provided to SAMA.

      8- Policies shall be based on an analysis of fraud risks to which a Finance Company is exposed.

      9- Policies and procedures shall include, at a minimum, the following:

      a. the role of employees in the implementation of anti-fraud strategy, and identification of individuals responsible for its implementation;

      b. standards for the detection and prevention of fraud;

      c. a mechanism clarifying the procedures and communication methods for internal reporting of suspicious or actual cases of fraud, identifying the party responsible for investigating fraud cases inside the Company, and designating the available external reporting channels and the protection offered to whistleblowers;

      d. a policy on retention of documents containing details of suspicious and actual cases of fraud; and

      e. a mechanism for training the Company’s employees on a regular basis to raise awareness of fraud risks and prevention methods.

      10- The Finance Company shall develop a mechanism to ensure the soundness of financed asset’s valuation carried out by the accredited valuer.

      11- The Finance Company shall establish a mechanism to ensure the implementation of its credit policy on financing contracts.

       

      • Training

        12- The Finance Company shall ensure that its board of directors and employees understand anti-fraud policies through training programs in fraud control. The training materials shall be updated regularly to keep abreast of developments in fraud.

        13- The scope of training shall vary depending on the role and responsibilities of individuals, and shall cover the responsibility of employees when suspecting fraudulent acts and the steps of escalating fraud incidents within the Company or to competent authorities.

        14- The Finance Company shall provide training programs dedicated to new employees, especially those dealing directly with the public.

         

      • Reporting

        15- The Finance Company shall develop a policy describing the steps of escalating a fraud incident within the Company or to external competent authorities, and providing for confidentiality of the report and protection offered to whistleblowers.

         

      • Documentation and Record Retention

        16- The Finance Company shall document the actions taken in fraud incidents, inside and outside the Company, and shall maintain, for 10 years, records containing detailed information of suspicious and actual cases of fraud.

         

      • Exchange of Information

        17- The Finance Company shall, using the form attached hereto, inform SAMA of any fraud incidents within 10 business days from closing the investigation.

        18- Without prejudice to any other regulations or instructions on the confidentiality of consumer information and transactions, Finance Companies may enhance cooperation mechanisms among them to exchange information on fraud incidents. SAMA’s non-objection shall be required for any agreed cooperation mechanism.

    • Chapter IV: Anti-Fraud Standards

      • Fraud Detection

        19- The Finance Company shall develop indicators of fraud and update them regularly to ensure their effectiveness and suitability to detect fraud at an early stage. The General Indicators set forth in Chapter VI may, without limitation, be used in detecting internal fraud committed by individuals inside the Company and external fraud committed by external parties.

         

      • Fraud Prevention

        20- The Finance Company shall apply KYC and CDD measures to consumers.

        21- The Finance Company shall draft finance contracts based on fraud reports issued by the audit committee and in a way that would minimize, to the extent possible, fraud occurrences.

        22- When developing a new product, the Finance Company shall assess its associated fraud risks.

        23- The Finance Company shall notify consumers and any third party of the consequences of providing the Company with misleading information.

        24- The Finance Company shall, prior to hiring permanent or temporary personnel or contracting with external service providers, perform due diligence and check applicant information to ensure the integrity and proper ethics of potential recruits. Standards of scrutiny shall be increased for positions most likely to encounter or commit fraud.

        25- The Finance Company shall develop and apply information security rules to prevent access to and tighten control over its information, and shall also review user accounts regularly.

        26- The Finance Company shall develop job descriptions for positions across the Company and detail responsibilities of management and employees. Functions that might be susceptible to conflict of interest shall be separated. Job rotations and vacations for employees in sensitive positions shall be mandatory.

         

    • Chapter V: Roles and Responsibilities

      27- Board of Directors of Finance Company: The Company’s board of directors is responsible for the control of fraud. The board’s activities shall include, at a minimum, the following:

      a. approving anti-fraud strategy and policies.

      b. ensuring the provision of resources necessary for the implementation of the strategy and policies.

      28- Employees of Finance Company: The Finance Company’s employees, whether permanent or contractors, shall be responsible for monitoring fraud in their work and shall report any suspicious cases of fraud immediately.

      29- Internal Audit Department: The Internal Audit Department shall be responsible for the following:

      a. tracking fraud incidents during the performance of its work, collecting necessary evidence in case of a suspicion, and investigating suspicious transactions; and

      b. conducting regular assessment to verify the effectiveness of and compliance with anti-fraud policies and procedures and ensure appropriate and timely dealing with suspicious cases of fraud، proper documentation of actions taken، and inclusion of said information in the audit department’s report prescribed in the Implementing Regulation of the Finance Companies Control Law.

      30- External Auditor: The external auditor shall be responsible for verifying the Company’s compliance with anti-fraud policies.

       

       

       

    • Chapter VI: General Indicators of Fraud

      Internal Fraud

      Governance&

      Organizational

      Structure

      		- An individual or a group of individuals monopolizes running operations or taking financial decisions.
             		 
      - Company’s strategy is inconsistent and changes rapidly.
             		 
      -Company’s organizational structure is complex.
             		 
      - Managers, members of staff, external businesses, and contractors have conflict of interest.
             		 
      - Board of directors or management displays dominant management style, discouraging critical or opposing views from employees.
             		 

      Operational

      Management

      		- Training provided for employees is weak. 
      - Activities of the Finance Company are inconsistent with its declared policies.
             		 
      - Staff turnover at the department level is high, especially in finance or accounting departments.
             		 
      - Tasks and transactions are complex and require special skills to be understood.
             		 
      - Original documents are lost and replaced with copies.
             		 
      Accounting& Finance- Costs are unjustifiably high or are higher than those of competitors.
             		 
      - Financial results and ratios are unmatched. 
      - Company’s return is much lower than that of its counterparts in the market.
             		 
      Internal Audit- Internal control structure is weak.
             		 
      - Information from prior audits is insufficient.
             		 
      - Results of internal audits are weak or missing.
             		 
      - Internal auditors are not completely independent.
             		 
      - Board of directors or managers place undue pressure on auditors.
             		 
      - Board of directors or managers display aggressive attitude toward the Company’s financial reporting.
             		 
      Employees’ Conduct- Unjustified wealth of employees and sudden change in their lifestyle.
             		 
      - Employees frequently work outside official working hours.
             		 
      - Employees do not go on leaves.
             		 
      - New employees resign quickly.
             		 

      Information

      Technology

      		- Information and asset security system is weak.
             		 
      External Fraud

      Finance

      Procedures

      		- Consumer age and qualifications are not compatible with the number of his/her work years.
             		 
      - Employer’s address provided is a postal box only.
             		 
      - Use of consumer’s personal phone number as the employer phone number.
             		 
      - Applicant’s handwriting is not similar on different documents.
             		 
      - Attempt by consumer to pay all financial obligations in cash other than usual means, especially in early repayment.
             		 
      - Installments are paid by another individual or party and not by the consumer.
             		 
      - Consumer’s income and credit record are not consistent with his/her personal profile.
             		 
      - Signatures on finance documents are different.
             		 
      - Information Provided by the Consumer is not Consistent in Different service Request forms Submitted to the finance company.
             		 
      - Transfer of the ownership of financed assets immediately after the completion of sale, indicating that the consumer has obtained the finance for an ineligible third party.
             		 
      Valuation- Valuer is not one of the accredited valuers by theFinance Company.
             		 
      - Valuer is not familiar with the region of the financed asset and the local market value.
             		 
      - Valuation is based only on making adjustments to the financed asset.
             		 
      - Valuation is based on data of more than 9 months in a rapidly changing market.
             		 
      - Valuation of the financed assetis based on comparison with previous valuations carried out by the same valuer.
             		 
      - Mismatch between the pictures of the financed asset and the description provided in the valuation report.
             		 
      - Valuation fee is based on a specified percentage of the estimated value of the financed asset.
             		 
      - There are indications that the financed asset has been sold more than once during a short period of time, indicating that its value does not reflect the actual value of the asset in the market.
             		 

      Job

      Information

      		- The employment letter is not printed on employer’s letter head. 
      - The date of the employment letter is old.
             		 
      - The signature on the employment letter is not accompanied by the name or position of the signee.
             		 
       - The employment letter contains handwritten modifications. 
      - The original copy of the employment letter is not provided. 

       

    • Chapter VII: Effective Date

      31- These Rules shall enter into force after 180 days from the day of their promulgation, and shall be published on SAMA’s website.

       

    • Form For Reporting Fraud to SAMA

      Form For Reporting Fraud to SAMA

      a. Company Informationb.
      Name   

      Line of

      Business

      		   
      Headquarters City   

      Name of Branch (if any)

       

      		 City   
      Telephone No.   
      E-mail   

       

      c. Information on Fraud Incident

      Date of

      Incident

      		 
      Total Amount (if any)

      in words

      SAR

      in numbers

      SAR

      Fraud Incident Description 
      Actions Taken 
      Subsequent Actions 

       

      d. Information on Alleged Fraudster

      Name(s) 
      ID/ Iqama No. 
      Nationality 

        

      e. Attached Documents

      Report Writer 
      Signature Date