Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • Chapter III: Internal Organization

    • Article 13: Internal Policies and Procedures

      The BNPL company shall:

      1. Develop appropriate written organizational policies that address, at least, the internal organization guides, governance, stores acceptance and approval procedures, purchase approval and cancellation, credit, risk management, compliance, information confidentiality and security, consumer data protection, outsourcing, human resources, and anti-money laundering and counter-terrorist financing (AML/CTF).
      2. Ensure that technological and security equipment in place and related systems are adequate for its operational needs, nature of activity and risk status, in accordance with best practices and SAMA-issued instructions in this regard.
      3. Design information technology systems and their processes in a manner that ensures data availability, integration, integrity, and confidentiality. Such systems and processes shall be assessed by the BNPL company on a periodic basis in accordance with the generally accepted technical standards. They shall also be tested before they are used for the first time and after any changes applied to them.
      4. Retain all consumer documents, records and files in an orderly, clear and safe manner and ensure that all files are complete and updated periodically, for a period of at least 10 years from the date of the end of the relationship with the consumer.
      5. Have sufficient and qualified human resources in terms of knowledge and expertise to meet its operational needs and risk status.

    • Article 14: Requirements for Information Security and Combating Financial Crimes

      1. The BNPL company shall comply with the information security requirements set by SAMA and the relevant laws, regulations and instructions issued by SAMA.

      2. The BNPL company shall comply with the legal requirements contained in the AML/CTF Laws, their Implementing Regulations, and the relevant rules and guidelines as specified by SAMA, in a manner that is consistent with the nature of the company’s activity and its size and the risks it may be exposed to. In addition, the company shall comply with the requirements and instructions issued by SAMA on financial crimes.

         

    • Article 15: Outsourcing

      The BNPL company shall comply with the Rules on Outsourcing for Finance Companies issued by SAMA.

      • Article 16: Auditor

        1. The BNPL company shall appoint one or more certified external auditors, with the condition of obtaining a non-objection letter from SAMA. However, SAMA may appoint another auditor at the company’s expense where the size and nature of its business require so.
        2. SAMA may require external auditors to explain their report or disclose other facts of which they obtain knowledge during the audit process that could indicate a violation of the applicable laws, regulations or instructions or a violation of the BNPLby-laws.

      • Article 17: Consumer Protection and Data Confidentiality

        1. The BNPL company shall establish a function for handling complaints and set clear procedures for receiving, documenting, reviewing, and responding to complaints within the period set by SAMA. Such complaints must be kept in records that include all necessary details in relation to the complaint and the procedures taken.
        2. The BNPL company, including all of its employees, shall maintain the confidentiality of consumers’ data and transactions and shall not disclose them to other parties even after the end of service for employees or revocation of license, except in accordance with the relevant laws and instructions.

      • Article 18: Saudization of Human Resources

        1. At least 50% of human resources employees must be Saudi nationals when the BNPL company starts operations. The percentage applies to all departments and organizational levels.
        2. The percentage must be increased annually by 5% at least until it reaches 75%. Furthermore, SAMA determines the minimum annual increase required for Saudization.
        3. Recruitment of non-Saudis in the BNPL company shall be limited to positions that require expertise not available in the Saudi labor market. In all cases, the company shall obtain a non-objection letter from SAMA before appointing any non-Saudi employee in control departments, provided that the company shall prove that there are no Saudi nationals available to fill the position.