Private Archive
All circulars TEst
Licensing Provisions for Credit Bureaus
Types of Licenses
Licensing Guidelines
Application Forms
Fit and Proper Forms
Application Process
Prohibited Activities
Revocation of a License
Cherry 3
Guidance Notes on Completing the SAMA Regulatory Sandbox Application Form
Guidance Notes on SAMA Application Form (August 2022)
The purpose of the below guidance notes is to assist you in completing the application form by providing sufficient and appropriate information to enable SAMA to perform its assessment. The guidance notes also provide applicants with a line-of-sight on the different stages before SAMA will provide approval to commence operations.
Please expect a response from SAMA via email in relation to the outcome of your application within sixty (60) days from the submission of your application form.
Should you be successful in this initial stage of evaluation, SAMA will request additional information as part of its second stage of evaluation. Please refer to Stage 2 for more details on this.
Should you have any questions about the Regulatory Sandbox or the application form, please contact us at sandbox@sama.gov.sa.
Overview of the Regulatory Sandbox Stages
SAMA has updated its Regulatory Sandbox operating model and processes to give greater guidance to applicants on the stages and requirements to move between the different stages.
The new operating model gives Fintech’s greater clarity on the different stages, the timeframes for stages and more transparency on the requirements to move from Stage 1 Application Submission to Stage 3 Regulatory Sandbox Live Testing.
Stage (1) One: Application Stage “60 days” ■ Innovators complete and submit the application form. Guidance on how to complete the application form can be found in this document. Thereafter, SAMA will assess the application form completeness against the “Eligibility Criteria mentioned in the Framework” and revert to the innovator within the frame of 60 days with the final decision.
Stage (2) Two: Operational Readiness “120 days” ■ The eligible innovators are informed of pre-go live requirements in the form of an Assessment Criteria (AC) which is based on the business model/concept.
■ The Regulatory Sandbox team will provide support in order to finalize the innovators operational readiness against the communicated AC within a period of 120 days.
■ Successful compliance with the AC within the specified period, eligible innovators will obtain the temporary permission “LoA”
Stage (3) Three: Testing phase “Up to 12 months” ■ Permitted innovators will test their ideas in the Regulatory Sandbox for a minimum period of six months and up to 12 months.
■ Upon successful testing SAMA will have issued and/or amended regulations, which would enable the Innovator to apply for a full Regulatory License.
Stage (4) Four: Exit the Sandbox “Graduation” ■ Upon successfully accomplishing the objectives of the testing phase, the applicant will be eligible to graduate and exit the Regulatory Sandbox environment. And follow one of the mentioned paths:
o Apply for a full license and/or amend existing license.
o Executing the exit plan without pursing a license.
o SAMA confirms the product does not require a license/permission.
■ More information provided in page 13 (Life cycle stage 4)
Stage 1: Application Form Completion Initial Stage of Evaluation
There are 4 sections to the Stage 1 Application Form:
A - About Your Innovation
B - Minimum Viable Product and Technological Readiness
C - About Your Business
D - Your Background
Sections A and B
These two sections will allow us to assess the concepts’ suitability for the Regulatory Sandbox versus the other options like the Licensing Route (regulations are already available and License Application can be made), the Technical Sandbox (testing MVP’s against Open Banking technical standards) and in some cases, whether the concept falls under SAMA’s regulatory perimeter.
Sections C and D
These two sections will give us information about the company applying to the Regulatory Sandbox, the team you have formed and its experience and finally any more wide ranging causes that may be targeted/benefit from your concept.
A. About Your Innovation
A1 Summary of the Idea
i. Please provide a summary of your innovation.
Your answer should:
- Include an outline of the idea and the stage of its development (initial, intermediate, advanced) outlining the reasoning behind this, at the time of the application
- Be provided in the textbox using bullet points and not exceed the 300-word limit.
A2 Benefits Stemming from the Idea
i. Please describe what problem the idea is addressing and solving
Your answer should:
- Include a description of the problem and an explanation of how this can be addressed by the innovation
- Be provided in the textbox using bullet points and not exceed the 500-word limit
ii. Please describe any benefits and returns of the idea for: consumers, other businesses, economy (quantifiable estimations if applicable)
Your answer should:
- Specify the type of benefits and returns of the idea for all stakeholders involved
- Include for example improvements in security, access to financial services, customer experience, cost efficiency, operational efficiency, or expansion into new market segments as well as others
- Include quantifiable estimations of these benefits and returns of the project
- Be provided in the textbox using bullet points and not exceed the 1000-word limit.
iii. Please provide an outline of how innovation promotes effective competition (optional question)
Your answer should:
- Include an explanation of how a competitive environment is promoted through the idea
- Be provided in the textbox using bullet points and not exceed the 300-word limit.
Please note that your response to this question is optional and will not affect the evaluation of your application
A3 Genuine Innovation and Regulatory Environment
i. Please provide an outline of how the proposed innovation includes new or emerging technology or uses existing technology in an innovative / novel way
Your answer should:
- Provide details on use of Distributed Ledger Technology, Hyperledger, AI, ML, etc.., (if applicable)
- Be provided in the textbox using bullet points and not exceed the 400-word limit.
ii. Please provide an outline of key similarities and differences between the innovation and other ideas in the market
Your answer should:
- Detail key similarities and differences between the idea and other innovations/ideas that are currently in the market
- Be provided in the textbox using bullet points and not exceed the 1000-word limit.
A4 Business Plan
i. Please specify which type of customers your idea is targeting
Your answer should:
- Provide details relating to customers that are expected to be targeted by the idea
- Specify whether the idea targets individuals, corporations, government, or others (if any)
- Be provided in the textbox using bullet points and be between 200-400 words.
ii. Please specify the size of the total expected customer base (market size)
Your answer should:
- Provide an approximate numeric value of the expected customer base
iii. Please provide an explanation as to the main sources of income to be generated and the main expenses expected to be incurred over a period of 3 years.
Your answer should:
- Specify which are the main sources of income and how these are expected to be generated
- Include an approximate total numeric estimation of the expected income - the value should be expressed in SAR and in the nearest 1,000’s
- Specify which the main expenses are expected to be incurred (staffing, infrastructure, solution development, referral fees, marketing, etc...)
- Include an approximate total numeric estimation of these expected expenses - the value should be expressed in SAR and in the nearest 1,000’s
- Include stage wise estimates for the testing stage (up to 12 months) and post completing testing stage (beyond 12 months)
- Be provided in the textbox using bullet points and be between 200-400 words.
A5 Risk Management
i. Please provide an outline of material risks that the innovation could incur, along with how each of these is assessed and mitigated
Your answer should:
- Include for example operational, cyber-security, AML, CFT, financial crime, conduct, technology, financial stability and legal risks
- Be provided in a tabular format as provided below
Risk Area Risk Description Mitigation Plan Operational Xxx Xxx ii. Please provide an outline of potential frauds that the innovation could incur, along with how each of these are to be assessed and mitigated
Your answer should:
- Include a list of potential frauds that the consumers may be exposed to by using the innovation/solution, along with how each of these is assessed and mitigated
- Be provided in a tabular format as provided below
Potential Fraud Assessment Method Mitigation Plan Operational abc abc A6 Genuine Need for Sandbox
i. Please describe why you think you need to gain access to the sandbox i.e. why is it essential for your innovation to be tested in a live environment for its full development
Your answer should:
- Include the need for testing the innovation in a live environment, along with how this will lead to the innovation’s full development in the future
A7 Alignment to Vision 2030
i. Please advise as to how the solution acts an enabler towards any of the initiatives of Vision 2030 within the Financial Sector Development Program
Your answer should:
- Include an explanation of how the solution acts as a catalyst for Vision 2030 initiatives.
- Please refer to the link below for more information and guidance on these initiatives Link: Vision 2030
- Be provided in the textbox using bullet points and not exceed the 300-word limit.
B. Minimum Viable Product and Technological Readiness
B1 Readiness for Testing
i. Do you have a Minimum Viable Product (MVP) ready for testing?
Your answer should include an outline of the MVP, along with product details such as features and functionalities, end to end customer journey/wireframes, design, usability etc.
ii. Have you integrated with any other entities in their development environment? If so, please provide information on which companies you have integrated with.
Your answer should include information that demonstrates the readiness of your solution to be tested in a live environment for its full development.
Example on possible integration of an end to end solution can be:
Entity Purpose Status EXAMPLE
Saudi Credit Bureau (SIMAH)EXAMPLE
Obtain consumer credit report/ information for a potential customerEXAMPLE
Integrated, or In process, or To be initiatediii. Please provide a detailed description of 3 or 4 testing scenarios with expected outcomes including a detailed description of the following:
• Testing objectives
• Description of the tests to be performed
• Relaxations/Waivers for any regulatory controls requested by SAMA to be used during testing
• Associated risks and suggested mitigation plan for each scenario
• Respective KRIs and KPIs for each testing
• Customer Safeguards to be put in place
Your answer should:
- Include in detail all the points mentioned above. For each testing objective:
o a thorough description of tests to be performed is required,
o a reference to relevant relaxations/waivers for any regulatory controls requested by SAMA such as those contained in the Cyber Security Framework
o respective risks need to be identified and ways in which they would be mitigated should be described
o respective KRIs and KPIs need to be outlined as well as reference to threshold limits
o associated safeguards to be put in place and may include testing new solutions on customers who have given informed consent, compensation to customers for any losses etc.
- Be provided in the textbox, with each scenario not exceeding the 1000-word limit.
B2 Partnerships
i. Please provide details of the types of companies you expect to integrate with in order to go live and start operational activities in the Regulatory Sandbox.
Your answer should:
- Provide details of the following types of companies: other FI's, infrastructure providers, government entities, etc.,..
- Outline the ways in which these partners are going to assist towards achieving the testing objectives as these were outlined in Section B1 of the Form
- Be provided in bullet points and be between 300-400 words
Please note that your response to this question is optional and will not affect the evaluation of your application
B3 Exit Strategy
i. Please provide an exit and transition plan by including possible end-games of tests to be performed and the intended action for each end-game.
Examples of possible end games are, for example:
- test/s is/are completed successfully and results support deployment of technology at a larger scale;
- test/s is/are completed successfully but results do not support the deployment of technology at a larger scale;
- test(s) has/have to be discontinued due to a technological failure, operational failure, indication of consumer detriment, etc.
ii. Please provide evidence of a communications plan that would inform customers with:
- the duration, boundary conditions and associated risks for participating in the sandbox
- advance notification of the termination or when the proposed financial service can proceed to be deployed on a broader scale
Your answer should:
- Include all the above-mentioned areas
Be provided in the textbox using bullet points and be between 300-400 words
C. About Your Business
C1 Identification/Contact Details
i. Please provide point of contact details including name, email and telephone.
Your answer should include the name and details of the Senior Executive/Founder and the contact point for communications with SAMA (this can be two different individuals if desired)
ii. Please provide your intended business name or corporate name.
Your answer should include the full name of the business/company and the use of any trade names.
iii. Please provide the country of incorporation.
Your answer should specify the country in which your business/company was established in.
If the company is not a local entity, please specify whether it is partnering with a SAMA- licensed entity and provide the respective details.
If the business is not an entity i.e., an individual or group of individuals then please specify whether they are KSA residents.
iv. Please provide the registered address, telephone and website URL of the business
Your answer should:
- Include a valid address and telephone number
- Include the URLs of the business's or company's websites, if applicable.
C2 Relevance to Financial Services Industry
i. Please provide details as to whether your business belongs in the Financial Services industry and in particular in the: Banking Sector, Insurance Sector, Money Exchanges, Finance Sector, Payments Sector, Other (please specify)
Your answer should:
- Whether your business belongs in the Financial services industry can be determined by specifying the sector and providing evidence of that by providing a brief outline of the operations of the business
- Specify whether your business will partner with an existing regulated entity (by SAMA or any other Regulatory Authority) and specify the name and Regulatory Authority of the company (if applicable)
- Be provided in the bullet points and be between 100-150 words
- Please note that response to this question is optional and will not affect the evaluation of your application.
D. Your Background
D1 Background of the Team
i. Please provide professional qualifications and past experience of your Team relevant to your application and business model / concept.
Your answer should:
- Include the background (including professional qualifications and past experience) of the directors, shareholders, senior management (people responsible for key control functions) and key employees (being the most senior employees responsible for the day to day tasks of the business), as applicable
- Be provided in a tabular format as provided below and limited to no more than 5 people
Name Role Qualifications Relevant past experience D2 Year(s) in Operation and Past Achievements
i. Please provide the years the applicant has been in existence and any past achievements of the business, if applicable (optional question)
Your answer should:
- If your company has been operating in other countries, please specify where and what the products/services are.
- Specify the number of years your business/company has been in operation
- Be provided using bullet points and not exceed the 300-word limit
Please note that your response to this question is optional and will not affect the evaluation of your application.
D3 Access to Funding
i. Please provide an outline of how the business will be funded until it becomes profitable?
Your answer should:
- indicate if you are self-funding, have investors ready or are planning to fund raise
ii. Please provide an outline of current shareholder structure (if applicable)
Your answer should:
- Provide an organogram (diagram) and shareholding structure (excel sheet) detailing all shareholders and their shareholding.
iii. Please provide a copy of funding commitments evidencing that the business has sufficient access to funding (if applicable)
Your answer should:
- Provide document of commitments provided to the company detailing access to funding.
Please note that your response to parts ii and iii are optional and will not affect the evaluation of your application
D4 Focus on Environmental, Social and Governance (ESG)
i. Please specify if the business places focus on any ESG goals (optional question)
Your answer should:
- Specify whether the business focuses on any of the below Sustainable Development Goals:
1. No Poverty
2. Zero Hunger
3. Good Health and Well-being
4. Gender Equality
5. Affordable and Clean Energy
6. Reduced Inequality
7. Responsible Consumption and Production
8. Climate Action
- Specify which of these goals your business places focus on and what has been done towards achieving these
- Be provided in bullet points and not exceed the 400-word limit
Please note that your response to this question is optional and will not affect the evaluation of your application
Stage 2: Operational Readiness
Once the initial Application has been screened and assessed for its suitability for the Regulatory Sandbox, there are two potential outcomes.
Outcome 1
Your application is deemed suitable for the Regulatory Sandbox and you will be given a Regulatory Sandbox Concept Approval letter to proceed to Stage 2 of the evaluation, which is your readiness for operations.
The letter will allow you to update/form your company at the Ministry of Commerce as a FinTechs and will also confirm to other stakeholders that SAMA has approved your Sandbox Concept and you are in the operational readiness stage.
This letter does not permit you to commence operations.
As part of the operational readiness stage, the Regulatory Sandbox team will assess your compliance with a number of specific requirements, which are detailed in the Regulatory Sandbox Operational Readiness Assessment Criteria (known as AC). The AC is reviewed and updated periodically, so please ensure you are using the latest version at the time of your completion of Stage 1 and not one which you have sourced from anywhere other than SAMA’s Regulatory Sandbox team or the SAMA website.
The AC requirements are a list of minimum compliance requirements that FinTechs must meet prior to being permitted to go live with operations and onboarding their clients/customers. The Regulatory Sandbox has a Risk Management Unit consisting of technical resources to assess the Fintech’s compliance with the AC requirements and they will monitor and report completion through the Operational Readiness stage.
The AC requirements consists of assessment and compliance requirements across:
i. Fit and Proper forms and approvals for management
ii. Shareholders’ approval
iii. Financial Model detailing 3 years projections for income statement, cashflow and balance sheet
iv. Strategy & Solution Architecture
v. Technology & Cyber Risk Management
vi. Governance & Operational Risk Matrix
vii. Vulnerability Assessment & Penetration Testing
viii. Cybersecurity, Policy, Standards and Processes
ix. Scalability Plans
x. Data Sovereignty
xi. Cyber Response and BCM Plans
xii. Security monitoring & Incident Management
xiii. Cybersecurity Regulatory Compliance
xiv. Corporate & Manpower Compliance
xv. Other SAMA Rules Compliance
xvi. Data Privacy Compliance
xvii. Functional and Non-Functional Testing
xviii. Change & Release Management
xix. Performance Metrics
xx. IT/Helpdesk Support
Once the AC requirements have been met, the Regulatory Sandbox will issue a No Objection Letter for the Fintech to commence operations, which is Regulatory Sandbox Stage 3.
Outcome 2
Your Application is deemed unsuitable for the Regulatory Sandbox. Some examples of why your Application would not be suitable could be one or a combination of the following:
• Regulations have been issued for your business model/concept and you should apply directly for a License not for Regulatory Sandbox permissions.
• Your business model/concept does not fall under the regulatory perimeter of SAMA but may fall under a different regulatory authority
• Your business model/concept does not require regulatory oversight
The reasons will be communicated to you at the time you are notified.
Appendix 1: Sample Response of the Application Form
Below is a sample response from FinTechs when filling out the application form.
Section Ref. Application Area Reference Guiding Notes Ref. FinTech’s Answer/Response Reference to Attachment A Summary of Idea A1.i - Answer/Response 1
- Answer/Response 2
- Answer/Response 3
Name of the attachment (if any) Appendix 2: Additional Information
Allocations for Bad and Doubtful Debts Made under Article (13) of Banking Control Regulations
We wish to draw your attention to Article 13 of the Banking Control Regulations which provides:
"Banks are prohibited to pay profits or transfer abroad any part of their profits except after having amortized all capital expenses, including establishment expenses and any losses incurred thereby."
As regards the extent of the losses incurred by the Bank under this Article, it is clarified - according to established Banking Practices - that where a bank has incurred any losses or where it is expected, to a reasonable extent, to incur losses in respect of its outstanding loans, advances, or other debts or as a result of a decrease in the value of any assets or failure to settle any commitments made by the Bank in an emergency manner or otherwise, whether reflected in the books or not, sufficient allocations should be made (through amortizing such losses from the Profit or from available reserves in cases of actual or anticipated losses or by making provisions thereto in other cases) in accordance with the normally accepted accounting procedures adopted prior to effecting payment of any profits or the transfer of any part of the Bank's profits.
Along with the Bank's Balance Sheet, Profits & Losses Account, a certificate should be sent to SAMA, stating that all the necessary precautions and allocations have been made in accordance with the above Article 13, as well as the instructions contained in this letter. You are kindly requested to advise your Bank's Auditors, appointed under the Banking Control Regulations, accordingly. Also, advise all your branches in the Kingdom of the contents of this circular.
Property Insurance 2015
SAMA issued the Circular: Underwriting Practices 2015 Update on 25/5/1435.
It was stated in that Circular that SAMA would proceed to issue instructions for property / fire insurance in Saudi Arabia.
This Circular contains SAMA's instructions for the handling of all Fire, Property and all related Business Interruption policies issued in Saudi Arabia.
Detailed instructions are contained in the protected Excel spreadsheet entitled “SAMA instructions for Property Insurance v2 - October 2015 protected” that is included with this Circular.
Issuing these instructions is intended to be the first step SAMA will take in establishing a more orderly market in Saudi Arabia for Property Insurance.
It is important for the long-term development of the market that insurance companies act as risk takers, and not as intermediaries for the international reinsurance market.
SAMA regards it as essential that the industry puts in place better controls and reinsurance to protect itself against catastrophic risks.
In addition, SAMA is seeking to raise technical standards within the insurance industry, and has identified property underwriters and risk engineers as key areas that need to be developed.
No insurance company shall ever provide a quotation without having adequate underwriting information, including claims experience, on which to scientifically determine the premium rates appropriate for the policy terms & conditions offered. It should be noted that this applies to all insurance policies of all classes.
1. Contents of Detailed Instructions
The detailed instructions spreadsheet contain the following sheets:
• Property Instructions - This sets out the basic instructions applicable to all Fire and Property products. • Business Interruption - This set out specific requirements for Business Interruption, or Loss of Profits insurance products. • Survey Reports - This specifics points that must be included in Survey Reports and when they arc required. • Deductibles - This sets minimum deductibles to be applied to all Fire and Property products written in Saudi Arabia. • Warehouses - This sheet contains additional requirements that must be applied in respect of Warehouse Insurance. • Glossary - This contains definition of terms used in the detailed instructions. • Building Classes - This contains a list of building types and classes and the Sums Insured at which surveys are required. 2. The Underwriting Manual
2.1 Submission to SAMA
The Company must submit an Underwriting Manual, rating structure and premium rates, to SAMA by 1 January 2016.
The rating structure and premium rates must be in Excel spreadsheet format.
2.2 Contents of the Underwriting Manual
Underwriting Manuals must contain sufficient information so that an external party can follow any quotation produced by an Insurance Company for a risk in that Class of Insurance.
Underwriting Manuals must:
• be comprehensive and cover all risks • be clear and user-friendly • fully describe the quotation process • include the Underwriting Authority Statement, fully described • be consistent with reinsurance arrangements
The Underwriting Manual shall be signed off by the Chief Underwriter or Chief Technical Officer for the Class of Insurance, as designated by the Company.
The Risk Manager shall also sign off the Underwriting Manual (including the Underwriting Authority Statement) from the process perspective.
It should be noted that the Company is fully responsible for the accuracy, clarity and comprehensiveness of the Underwriting Manual.
SAMA requires that companies commit to translating their Underwriting Manual and Underwriting Authority Statement into Arabic by 31 December 2018. The extended timetable granted for this is in order to ensure that the English documents are of a high standard before they are translated.
3. Compliance
A copy of this Circular must be passed to the Company’s Board of Directors, Audit Committee, Internal Auditors, Risk Management officers, Compliance Officer, Appointed Actuary and External Auditors.
4. Regulatory Action for Non Compliance
It should be noted that if an insurance company, broker, insurance agent or loss adjustor is not in compliance with this Circular, SAMA will take regulatory/legal actions as stipulated in the Law on Supervision of Co-operative Insurance Companies and its Implementing Regulations.
Any reinsurance company not licensed by SAMA should note that non-compliance with these instructions will be taken into account when SAMA introduces explicit requirements for reinsurers to be authorised to operate in Saudi Arabia
Thus, SAMA instructs the Insurance Company to do the following:
1. Provide SAMA with their Underwriting Manual. This must be provided by 1 January 2016. 2. Immediately provide the Insurance Company’s employees who are in charge of underwriting with a copy of this Circular. 3. The requirements set out in this Circular will be effective from 1 January 2016 unless other dates are explicitly stated in the detailed instructions. 4. Note that all these instructions apply to all renewals of property products where the cover incepts at any date from I January 2016 onwards (inclusive of 1 January 2016). 5. Provide confirmation from the Insurance Company’s CEO/GM within seven days of the date of this Circular of adherence to the instructions stated in this Circular. 6. Copies of this Circular must be provided to the full Board of Directors of the Company. Minutes of the Board meeting on the adherence to the requirements set out in this Circular must be provided to SAMA within 90 days of the date of this Circular.
Engineering Insurance 2016
Dear Mr.
SAMA issued the Circular: Underwriting Practices 2015 Update on 25/5/1435.
It was stated in that Circular that SAMA would proceed to issue instructions for engineering insurance in Saudi Arabia.
This Circular contains SAMA’s instructions for the handling of all policies classified as Engineering in Saudi Arabia.
Detailed instructions are contained in the protected Excel spreadsheets that are included with this Circular entitled:
a) “SAMA Instructions for Engineering Insurance - 2016 protected" b) Annex One - SAMA Guidance on Extensions to Engineering Products - 2016 protected”
SAMA will issue further instructions later regarding Government Projects.
Issuing these instructions is intended to be the first step SAMA will take in establishing a more orderly market in Saudi Arabia for Engineering Insurance.
It is important for the long-term development of the market that insurance companies act as risk takers, and not as intermediaries for the international reinsurance market.
SAMA regards it as essential that the industry puts in place better controls and reinsurance to protect itself against catastrophic risks.
In addition, SAMA is seeking to raise technical standards within the insurance industry, and has identified property/engineering underwriters and risk engineers as key areas that need to be developed.
No insurance company shall ever provide a quotation without having adequate underwriting information, including claims experience, on which to scientifically determine the premium rates appropriate for the policy terms and conditions offered. It should be noted that this applies to all insurance policies of all classes.
1. Contents of Detailed Instructions
1.1 Instructions
The main detailed instructions spreadsheet contains the following sheets:
• Engineering Instructions - This sets out the basic instructions applicable to all Engineering products. • Engineering - CAR and EAR - This sets outs instructions specific to Construction All Risks (CAR) and Erection All Risks (EAR) products. • Survey Reports - This specifies points that must be included in Survey Reports and when they are required. • Project Management - This includes instructions on the collection of information relating to the management of the project. • Deductibles - CAR and EAR - This sets minimum and maximum deductibles to be applied to CAR and EAR products written in Saudi Arabia. • Deductibles - Other Products - This sets minimum and maximum deductibles to be applied to all other Engineering products written in Saudi Arabia, where appropriate. • Third Party Liability - These instructions apply to Third Party Liability cover, whether written as an extension to CAR/EAR products, or written as a stand-alone policy. • Contractors Pollution Liability - specific instructions for this product. • Advance Loss of Profits - specific instructions for this product. • CECR - specific instructions for Civil Engineering Completed Risks products. • Comprehensive Project - specific instructions for this product. • Inherent Defect - specific instructions for this product. • Contractors Plant & Equipment - specific instructions for this product. • Machinery Breakdown - specific instructions for this product. • Machinery Loss of Profits - specific instructions for this product. • Boiler & Pressure Vessel - specific instructions for this product. • Deterioration of Stock - specific instructions for this product. • Electronic Equipment - specific instructions for this product. • Cyber Risk - specific instructions for this product. • Glossary - This contains definitions of terms used in the detailed instructions.
These instructions apply to engineering products issued by Saudi licensed insurance companies.
1.2. Extensions to Engineering Products
This Spreadsheet contains a list of product extensions for which SAMA recommends that an explicit charge is made and identified in a company’s systems.
This is non-mandatory guidance, but is considered best practice.
1.3 Governmental Projects
The Instructions for Insurance on Governmental Engineering Projects will be issued separately.
These instructions will be in addition to those included in the Circular.
2. The Underwriting Manual
2.1 Submission to SAMA
The Company must submit an Underwriting Manual, rating structure and premium rates, to SAMA by 1 September 2016.
The rating structure and premium rates must be in Excel spreadsheet format.
2.2 Contents of the Underwriting Manual
Underwriting Manuals must contain sufficient information so that an external party can follow any quotation produced by an Insurance Company for a risk in that Class of Insurance.
Underwriting Manuals must:
• be comprehensive and cover all risks • be clear and user-friendly • fully describe the quotation process • include the Underwriting Authority Statement, fully described • be consistent with reinsurance arrangements
The Underwriting Manual shall be signed off by the Chief Underwriter or Chief Technical Officer for the Class of Insurance, as designated by the Company.
The Risk Manager shall also sign off the Underwriting Manual (including the Underwriting Authority Statement) from the process perspective.
It should be noted that the Company is fully responsible for the accuracy, clarity and comprehensiveness of the Underwriting Manual.
SAMA requires that companies commit to translating their Underwriting Manual and Underwriting Authority Statement into Arabic by 31 December 2018. The extended timetable granted for this is in order to ensure that the English documents are of a high standard before they are translated.
3. Compliance
A copy of this Circular must be passed to the Company’s Board of Directors, Audit Committee, Internal Auditors, Risk Management officers, Compliance Officer, Responsible Actuary and External Auditors.
4. Regulatory Action for Non Compliance
It should be noted that if an insurance company, broker, insurance agent or insurance claims settlement specialist (third party administrator) is not in compliance with this Circular, SAMA will take regulatory/legal actions as stipulated in the Law on Supervision of Co-operative Insurance Companies and its Implementing Regulations.
Any reinsurance company not licensed by SAMA should note that non-compliance with these instructions will be taken into account when SAMA introduces explicit requirements for reinsurers to be authorised to operate in Saudi Arabia
Thus, SAMA instructs the Insurance Company to do the following:
1. Provide SAMA with their Underwriting Manual, rating structure and premiums. These must be provided by 1 September 2016. 2. Immediately provide the Insurance Company’s employees who are in charge of underwriting with a copy of this Circular. 3. The requirements set out in this Circular will be effective from 1 September 2016 unless other dates are explicitly stated in the detailed instructions. 4. Provide confirmation from the Insurance Company’s CEO/GM within seven days of the date of this Circular of adherence to the instructions stated in this Circular. 5. Copies of this Circular must be provided to the full Board of Directors of the Company. Minutes of the Board meeting on the adherence to the requirements set out in this Circular must be provided to SAMA within 90 days of the date of this Circular.
FATF Public Statement - 19 February 2016
Paris, 19 February 2016 - The Financial Action Task Force (FATF) is the global standard setting body for anti-money laundering and combating the financing of terrorism (AML/CFT). In order to protect the international financial system from money laundering and financing of terrorism (ML/FT) risks and to encourage greater compliance with the AML/CFT standards, the FATF identified jurisdictions that have strategic deficiencies and works with them to address those deficiencies that pose a risk to the international financial system.
Jurisdictions subject to a FATF call on its members and other jurisdictions to apply counter-measures to protect the international financial system from the on-going and substantial money laundering and terrorist financing (ML/FT) risks emanating from the jurisdictions.
Iran
The FATF remains particularly and exceptionally concerned about Iran's failure to address the risk of terrorist financing and the serious threat this poses to the integrity of the international financial system.
The FATF reaffirms its call on members and urges all jurisdictions to advise their financial institutions to give special attention to business relationships and transactions with Iran, including Iranian companies and financial institutions. In addition to enhanced scrutiny, the FATF reaffirms its 25 February. 2009 call on its members and urges all jurisdictions to apply effective counter-measures to protect their financial sectors from money laundering and financing of terrorism (ML/FT) risks emanating from Iran. The FATF continues to urge jurisdictions to protect against correspondent relationships being used to bypass or evade counter-measures and risk mitigation practices and to take into account ML/FT risks when considering requests by Iranian financial institutions to open branches and subsidiaries in their jurisdiction. Due to the continuing terrorist financing threat emanating from Iran, jurisdictions should consider the steps already taken and possible additional safeguards or strengthen existing ones.
The FATF urges Iran to immediately and meaningfully address its AML/CFT deficiencies, in particular by criminalising terrorist financing and effectively implementing suspicious transaction reporting requirements. If Iran fails to take concrete steps to continue to improve its CFT regime, the FATF will consider calling on its members and urging all jurisdictions to strengthen counter-measures in June 2016.
Democratic People's Republic of Korea (DPRK)
The FATF remains concerned by the DPRK's failure to address the significant deficiencies in its anti-money laundering and combating the financing of terrorism (AML/CFT) regime and the serious threat this poses to the integrity of the international financial system. The FATF urges the DPRK to immediately and meaningfully address its AML/CFT deficiencies.
The FATF reaffirms its 25 February 2011 call on its members and urges all jurisdictions to advise their financial institutions to give special attention to business relationships and transactions with the DPRK, including DPRK companies and financial institutions. In addition to enhanced scrutiny, the FATF further calls on its members and urges all jurisdictions to apply effective counter-measures to protect their financial sectors from money laundering and financing of terrorism (ML/FT) risks emanating from the DPRK. Jurisdictions should also protect against correspondent relationships being used to bypass or evade counter-measures and risk mitigation practices, and take into account ML/FT risks when considering requests by DPRK financial institutions to open branches and subsidiaries in their jurisdiction.
Improving Global AML/CFT Compliance: On-Going Process - 19 February 2016
Paris, 19 February 2016 - As part of its on-going review of compliance with the AML/CFT standards, the FATF has to date identified the following jurisdictions which have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF. While the situations differ among each jurisdiction, each jurisdiction has provided a written high-level political commitment to address the identified deficiencies. The FATF welcomes these commitments.
A large number of jurisdictions have not yet been reviewed by the FATF. The FATF continues to identify additional jurisdictions, on an on-going basis, that pose a risk to the international financial system.
The FATF and the FATF-style regional bodies (FSRBs) will continue to work with the jurisdictions noted below and to report on the progress made in addressing the identified deficiencies. The FATF calls on these jurisdictions to complete the implementation of action plans expeditiously and within the proposed timeframes. The FATF will closely monitor the implementation of these action plans and encourages its members to consider the information presented below.
Jurisdictions with strategic deficiencies Jurisdictions no longer subject to the FATF's on-going global AML/CFT compliance process Afghanistan
Bosnia and Herzegovina
Guyana
Iraq
Lao PDR
Myanmar
Papua New Guinea
Syria
Uganda
Vanuatu
YemenAlgeria
Angola
PanamaAfghanistan
In June 2012, Afghanistan made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. Since October 2015, Afghanistan has taken steps towards improving its AML/CFT regime, including by issuing amended cross-border declaration regulations for the physical transportation of cash and bearer negotiable instruments. However, the FATF has determined that certain strategic deficiencies remain. Afghanistan should continue to implement its action plan, including by: (1) further implementing its legal framework for identifying, tracing and freezing terrorist assets; (2) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (3) implementing effective controls for cross-border cash transactions. The FATF encourages Afghanistan to address its remaining deficiencies and continue the process of implementing its action plan.
Bosnia and Herzegovina
In June 2015, Bosnia and Herzegovina made a high-level political commitment to work with the FATF and MONEYVAL to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic deficiencies remain. Bosnia and Herzegovina should continue to implement its action plan to address these deficiencies, including by: (1) harmonising criminalisation of terrorist financing in all criminal codes; (2) establishing and implementing an adequate legal framework for freezing terrorist assets under UNSCR 1373; (3) implementing an adequate supervisory framework; (4) implementing adequate AML/CFT measures for the non-profit sector; (5) establishing and implementing adequate cross-border currency controls; (6) harmonising criminalisation of money laundering in all criminal codes; and (7) ensuring adequate procedures for the confiscation of assets. The FATF encourages Bosnia and Herzegovina to address its AML/CFT deficiencies by implementing its action plan.
Guyana
In October 2014, Guyana made a high-level political commitment to work with the FATF and CFATF to address its strategic AML/CFT deficiencies. Since October 2015, Guyana has taken steps towards improving its AML/CFT regime, including by enacting further amendments to the AML/CFT Act and AML/CFT Regulations, and issuing FIU guidelines on targeted financial sanctions. However, the FATF has determined that certain strategic deficiencies remain. Guyana should continue to implement its action plan, including by ensuring and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets. The FATF encourages Guyana to address its remaining deficiencies and continue the process of implementing its action plan.
Iraq
In October 2013, Iraq made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies. Since October 2015, Iraq has taken steps towards improving its AML/CFT regime, including by gazetting a new AML/CFT law, which has now entered into force. However, the FATF has determined that certain strategic deficiencies remain. Iraq should continue to implement its action plan to address these deficiencies, including by: (1) addressing remaining issues related to its criminalisation of money laundering and terrorist financing; (2) establishing and implementing an adequate legal framework and appropriate procedures for identifying and freezing terrorist assets; (3) ensuring that all financial institutions are subject to adequate customer due diligence requirements; (4) ensuring that all financial institutions are subject to adequate suspicious transaction reporting requirements; (5) ensuring a fully operational and effectively functioning financial intelligence unit; and (6) establishing and implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors. The FATF encourages Iraq to address its remaining AML/CFT deficiencies and continue the process of implementing its action plan.
Lao PDR
In June 2013, Lao PDR made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. Since October 2015, Lao PDR has taken steps towards improving its AML/CFT regime, including by issuing a Prime Minister’s Order on the freezing of terrorist assets, STR guidance for reporting entities, and regulations on preventive measures and financial sector supervision. However, the FATF has determined that certain strategic deficiencies remain. Lao PDR should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (4) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (5) implementing effective controls for cross-border currency transactions. The FATF encourages Lao PDR to address its AML/CFT deficiencies and continue the process of implementing its action plan.
Myanmar
Since February 2010, when Myanmar made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Myanmar has substantially addressed its action plan at a technical level, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets; (3) strengthening the extradition framework in relation to terrorist financing; (4) ensuring a fully operational and effectively functioning Financial Intelligence Unit; (5) enhancing financial transparency; and (6) strengthening customer due diligence measures. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Papua New Guinea
Since February 2014, when Papua New Guinea made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Papua New Guinea has substantially addressed its action plan at a technical level, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (4) establishing a fully operational and effectively functioning financial intelligence unit; (5) establishing suspicious transaction reporting requirements; (6) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (7) establishing effective controls for cross-border currency transactions. The FATF will conduct an onsite visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Syria
Since February 2010, when Syria made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, Syria has made progress to improve its AML/CFT regime. In June 2014, the FATF determined that Syria had substantially addressed its action plan at a technical level, including by criminalising terrorist financing and establishing procedures for freezing terrorist assets. While the FATF determined that Syria has completed its action plan agreed upon with the FATF, due to the security situation, the FATF has been unable to conduct an on-site visit to assess whether the process of implementing the required reforms and actions is underway. The FATF will continue to monitor the situation, and will conduct an on-site visit at the earliest possible date.
Uganda
In February 2014, Uganda made a high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies. Since October 2015, Uganda has taken steps towards improving its AML/CFT regime, including by amending the Financial Institutions Act to make the financial intelligence unit the central agency for receiving STRs, issuing and implementing regulations for the freezing of terrorist assets, issuing AML regulations for implementation of AML requirements, and issuing AML/CFT inspection manuals for financial sector supervisors. However, the FATF has determined that strategic deficiencies remain. Uganda should therefore continue to work on addressing the following deficiencies: (1) implementing an adequate legal framework and set of procedures for identifying and freezing terrorist assets; (2) ensuring that all financial institutions are subject to adequate record-keeping requirements; (3) establishing a fully operational and effectively functioning financial intelligence unit; (4) ensuring an adequate and effective AML/CFT supervisory and oversight programme for all financial sectors; and (5) ensuring that appropriate laws and procedures are in place with regard to international co-operation for the financial intelligence unit and supervisory authorities. The FATF encourages Uganda to address its remaining AML/CFT deficiencies, including adequately criminalising terrorist financing, and continue the process of implementing its action plan.
Vanuatu
In February 2016, Vanuatu made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. Vanuatu will work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets and other UNSCR sanctions; (4) ensuring a fully operational and effectively functioning financial intelligence unit; (5) strengthening preventive measures, including for wire transfers; (6) establishing transparency for the financial sector, and for legal persons and arrangements; (7) implementing an adequate AML/CFT supervisory and oversight programme for the whole financial sector and trust and company service providers; and (8) establishing appropriate channels for international co-operation and domestic coordination policies and actions on identified risks and ensuring effective implementation.
Yemen
Since February 2010, when Yemen made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, Yemen has made progress to improve its AML/CFT regime. In June 2014, the FATF determined that Yemen had substantially addressed its action plan at a technical level, including by adequately criminalising money laundering and terrorist financing; establishing procedures to identify and freeze terrorist assets; improving its customer due diligence and suspicious transaction reporting requirements; issuing guidance; developing the monitoring and supervisory capacity of the financial sector supervisory authorities and the financial intelligence unit; and establishing a fully operational and effectively functioning FIU. While the FATF determined that Yemen has completed its action plan agreed upon with the FATF, due to the security situation, the FATF has been unable to conduct an on-site visit to assess whether the process of implementing the required reforms and actions is underway. The FATF will continue to monitor the situation, and conduct an on-site visit at the earliest possible date.
Jurisdictions no Longer Subject to the FATF's On-Going Global AML/CFT Compliance Process
Algeria
The FATF welcomes Algeria's significant progress in improving its AML/CFT regime and notes that Algeria has established the legal and regulatory framework to meet its commitments in its action plan regarding the strategic deficiencies that the FATF had identified in October 2011. Algeria is therefore no longer subject to the FATF's monitoring process under its on-going global AML/CFT compliance process. Algeria will work with MENAFATF as it continues to address the full range of AML/CFT issues identified in its mutual evaluation report.
Angola
The FATF welcomes Angola's significant progress in improving its AML/CFT regime and notes that Angola has established the legal and regulatory framework to meet its commitments in its action plan regarding the strategic deficiencies that the FATF had identified in June 2010 and February 2013. Angola is therefore no longer subject to the FATF's monitoring process under its on-going global AML/CFT compliance process. Angola will work with ESAAMLG as it continues to address the full range of AML/CFT issues identified in its mutual evaluation report.
Panama
The FATF welcome Panama's significant progress in improving its AML/CFT regime and notes that Panama has established the legal and regulatory framework to meet its commitments in its action plan regarding the strategic deficiencies that the FATF had identified in June 2014. Panama is therefore no longer subject to the FATF's monitoring process under its on-going global AML/CFT compliance process. Panama will work with GAFILAT as it continues to address the full range of AML/CFT issues identified in its mutual evaluation report.
Quarterly MSME (Micro, Small and Medium Enterprises) Kpi Return
Section A - Financial Indicators
All in SAR'000 Current Quarter Previous Quarter Variance %age Reason for variance Total number of MSME borrowers - - #DIV/0! - Micro - - #DIV/0! - Small - - #DIV/0! - Medium - - #DIV/0! Total MSME loans - - #DIV/0! - On balance sheet loans - - #DIV/0! - Off balance sheet facilities (notional amount) - #DIV/0! Kafalah Fund MSME loan guarantees - Value - - #DIV/0! MSME loan guarantees - Number - - #DIV/0! Share of MSME loans/Total loans - #DIV/0! - Micro Enterprises loans/Total loans - #DIV/0! - Small Enterprises loans/Total loans - #DIV/0! - Medium Enterprises loans/Total loans - #DIV/0! MSME interest rates for lending - #DIV/0! - Micro - #DIV/0! - Small - #DIV/0! - Medium - #DIV/0! MSME NPL ratio - #DIV/0! MSME Loans coverage ratio - #DIV/0! Total number of MSME depositors - - #DIV/0! - Micro - - #DIV/0! - Small - - #DIV/0! - Medium - - #DIV/0! Total deposits - - #DIV/0! Share of MSME deposits/Total deposits - #DIV/0! - Micro Enterprises deposits/Total deposits - #DIV/0! - Small Enterprises deposits/Total deposits - #DIV/0! - Medium Enterprises deposits/Total deposits - #DIV/0! Section B - Non-financial Indicators
Previous Quarter Current Quarter Variance %age Reason for variance Number of staff members in MSME unit/department - #DIV/0! Annual cost budget allocated to MSME unit - #DIV/0! Number of MSME employees sent for training #DIV/0! Total man days of training provided to MSME employees - #DIV/0! No. of workshops held for MSME customers - #DIV/0! Number of new products for MSMEs* - #DIV/0! Number of new MSME applicants for loans - #DIV/0! MSME rejection rate out of new applicants** - #DIV/0! %age of collateral provided by MSME for loans given to them*** - #DIV/0! Number of MSME loans rescheduled/restructured - #DIV/0! - Micro - #DIV/0! - Small - #DIV/0! - Medium - #DIV/0! *Please elaborate on the new products introduced for MSMEs. **Please elaborate on the main reasons for rejection of new MSME applicants. ***Please provide types of collaterals provided by MSMEs for financing. Q18 - Prudential return on (MSME) Micro, Small and Medium Enterprises
Data as at _________ Micro Enterprises Ssmall Enterprises Medium Enterprises Total Value in SAR million Number of customers Value in SAR million Number of customers Value in SAR million Number of customers Value in SAR million Number of customers Current Quarter Previous Quarter Current Quarter Previous Quarter Current Quarter Previous Quarter Current Quarter Previous Quarter Current Quarter Previous Quarter Current Quarter Previous Quarter Current Quartet Previous Quarter Current Quarter Previous Quarter 1 Funding - - - - - - - - - - - - - - - - 1.1 Demand deposits - - - - 1.2 Saving deposits - - - - 1.3 Time deposits - - - - 1.4 Others - - - - 1.5 Type of consumer - - - - - - - - 1.5.1 Sole proprietor 1.5.2 Partnership - - 1.5.3 Joint Stock Company - - 2 Assets - - - - - - - - - - - - - - - - 2.1 Credit Facilities (outstanding) - - - - - - - - - - - - - - - - 2.1.1 Bills discounted - - - - 2.1.2 Overdrafts - - - - 2.1.3 Loans and advances - - - - 2.2 Off balance sheet items - - - - - - - - - - - - - - - - 2.2.1 Letter of credit - - - - 2.2.2 Guarantees - - - - 2.2.3 Commitments - - - - - 2.2.4 Others - - - - 2.3 Credit Facilities by Sectors - - - - - - - - - - - - - - - - Agriculture and Fishing - - - - Manufacturing and Processing - - - - Mining and Quarrying - - - - Electric. Water, Gas, Health Services - - - - Building and Construction - - - - Commerce - - - - Transport and Communication - - - - Finance - - - - Services - - - - Miscellaneous (Retail) - - - - 2.4 Provision for Losses (outstanding balance) - - - - 2.5 Non performing credits - - - - 3 Guarantee Fund Program (Kafalah) - - - - 3.1 Outstanding loans and advances - - - - 3.2 Loan defaults (during the period) - - - - 3.3 Losses taken by the Bank (During the period) - - - - 3.3 Losses taken by Kafalah (During the period) - - - - 3.4 Loans restructured during the period - - - - 3.5 Loans written off during the period - - - - Frequently Asked Questions and Answers
Log Ref # 1 For Annual Budget Allocated to SME Unit, will this be in terms of Assets, Costs or Revenues? This should be total budgeted cost allocated to SME unit for the year. 2 How do you define Total Man days of Training provided to SME Employees? The hours should be converted into days i.e. 8 hours = 1 day 3 Please confirm the correctness of our assumption that Column E of Annexure I refers to “December 2016” (previous quarter) instead of “March 2017” as indicated whilst Column F refers to “March 2017” instead of “February 2017.” This is correct, as this template/KPI should be populated on a quarterly basis. When the first reporting will start, banks should use the recent quarter. 4 There is another point which requires clarification regarding item number 7 from Annexure III - Guidance Notes which reads:
The amounts or values or number of customers reported should be as of and outstanding at the Quarter end. For period end numbers, these should be accumulated on a year-to-date basis. (For example, in case of a 30 June reporting period, the balance as of 30 June should be reported. The period-end numbers should be year-to-date for the six months).
The first sentence is very clear. Our initial understanding is that data to be reported in terms of number of customers and amounts shall be AS OF period which would include existing plus new customers and their outstanding balances as at end of quarter
This interpretation regarding reporting on the values and number of customers at the quarter end as elaborated is correct. 5 There is a clarification needed on the following statement that says “For period numbers, these should be accumulated on a year-to-date basis" - which may also be interpreted as customers that were acquired only during the year. We then would like to seek clarification on the foregoing to ensure that we provide the information as prescribed. Only the interpretation as per 4 above should be applicable. The variance between the two reporting periods should show us the movement during the year. 6 Based on the proposed definition of SMEs developed by the SME Authority, together with Annexure I and II and their supporting notes, the bank has reviewed their current customer data to determine their ability to report using the proposed criteria of turnover revenue and FTE. They only hold this data on less than 50% of their current SME relationships, largely because the majority of the portfolio is non-borrowing or because of inactive relationships. To resolve this we have considered obtaining the data from Thiqah but have been told that Thiqah's data is neither complete nor fully up to date so we are now contacting Bayan to see if they have the required data based on CR numbers. Should both Thiqah and Bayan be unable to provide the necessary data, could we suggest the last 12 months credit turnover on a customer's account be used as a viable alternative criteria. We would also suggest that inactive accounts are excluded, as an inactive account status would indicate that the particular SME is not commercially active, at least with that bank. SAMA agrees on suggestion regarding the last 12 months credit turnover on a customers account be used as a viable alternative criteria. However, we do not agree on exclusion of inactive accounts. 7 SME can be categorized into two groups; borrowing relationship, where SME entities have facility with the bank, and the other one (labeled as non-borrowing) have mainly current accounts, & other products/services such as Cash Management (PoS, Payroll etc.) with no credit exposure. Some of them have Trade product outstanding with 100% cash margin.
We understand from the meetings we attended with SAMA, the purpose of such report is to report & monitor the progress of banks financing supports to SME. Hence we recommend reporting only borrowing SME & customers with 100% cash margin covering trade finance.
We can include the non-borrowing SME relationships, but there will be some challenges regarding sub-segments as sales/number of employees might not be available or accurate
Both borrowing and non-borrowing customer data should be reported. 8 Some of SMEs are part of bigger group, although they meet the SME segmentation criteria (Sales/number of employee), but they have different characteristics such as management sophistication and needed support. We deal with them as part of main group in all credit process such as level of approval & reporting of the exposure of the whole group, hence to meet the purpose of the report we recommend excluding these entities from the report. These SMEs should not be excluded from the report. 9 The main classification criterion is annual sales turnover. Is this the sales figure as per the latest audited financial account of the MSME or we can use other sources as well e.g. in house financials or estimate from bank statements? You should use the latest audited financial statements. If these are not available, then use other alternative sources. 10 Annexure III item 8.4: Not sure what formal rejection rate means? Does it mean only where a credit proposal has been prepared and it gets declined by the Credit Committee or will it include other declines also e.g. we decline financing requests from customers that do not meet our basic eligibility criteria like sales greater than SR 30 million or not satisfactory credit history before the Credit Proposal is made This should capture the information where a credit proposal has been prepared formally and it is declined. 11 Number of staff in MSME Unit/department: MSMEs are domiciled in different business units. There are a large number of non borrowing MSMEs domiciled and serviced from the retail branches. The number of staff in the MSME unit/department only reflects the staff servicing MSMEs domiciled in CBD, which are mainly those with formal credit facilities. It should capture both retail and corporate MSME dedicated staffs. 12 Annual Budget Allocated to MSME unit: What type of budget does this refer to? Is it revenue / net profit or some cost budget? It should be cost budget. 13 For non-credit (depository) and transactional (e.g. fully secured small value exposures) customers, information availability continues to be a challenge and, when provided by customers, is difficult to validate. In such circumstances, the Bank will continue to prepare reports on the basis of available information until industry initiatives to gather and validate data (e.g. bureau for business entity demographic information) mature to improve data quality. SAMA agrees with your suggestion. 14 Is the Funding data in “Annexure II” to be provided only for Borrowing Customers? Yes, this is correct. 15 Are Total MSME loans in “Annexure I” to be provided by Limits or Outstanding? This should be based on outstanding amount. 16 Due to unavailability of Sales Turnover and Number of Employees data for most of Non-Borrowing SME customers, we find it difficult to trigger and classify Non-Borrowing SME customers in order to sub-segment them into (Micro, Small, and Medium). SAMA recognizes this challenge but banks should find alternative sources to gather this information. 17 For March quarter, should we follow the old format for reporting? That is correct. Please follow old format for Q1 2017 reporting. 18 What is the frequency of filing Dash Board with SAMA? Quarterly 19 In Annexure 1, data comparison should be with last quarter in case the return filing frequency is quarterly This is correct as it should be quarterly 20 In case of listed companies (Main index and Nomu), can a market capitalization threshold be defined for including the listed companies in the definition of MSME's (irrespective of sales volumes and number of staff). We are not considering these in the definition. This is currently not in consideration but may be considered in future. 21 In case of small set ups like foreign banks, MSME portfolio's is generally handled within Corporate or Retail unit and same is not separately identifiable with number of staff and other requirements as per Dash Board As long as they are easily identifiable, please report them. 22 In case of NPL customers, financial statements are not available for recent periods. Should the last available financial statements be consulted for defining as MSME or any other criteria to follow? For the time being, this is ok but this process should be improved in future. 23 The dashboard should have specific section about the types of collateral provided by SMEs for financing in order to differentiate between collateralized lending and clean lending. This is noted and we will reflect in the template 24 SAMA and SMEA should coordinate with MOCI in order to get some statistics (through Quawaem) about the financial figures and ratios of SMEs. The objective is (for SAMA and Financial Institutions) to be able to assess and mitigate the credit risk of SMEs. We recommend adding annual prudential return in order to capture the financial figures and ratios of SMEs that determine their credit risk. This is noted and may be considered in future. Annexure III Micro, Small and Medium Size Enterprises (Return and KPI) - Guidance Notes
1. Micro Enterprises - Includes loans to all small sized corporates with annual revenue up to SR3 million. If annual revenue data is not available, number of full time employees should be considered for the definition of Micro Company. Full time employees should be from 1 to 5.
2. Small Enterprises - Includes loans to all small sized corporates with annual revenue more than SR 3 million and up to SR 40 million. If annual revenue data is not available, number of full time employees should be considered for the definition of Small Private Corporates. Full time employees should be from 6 to 49.
3. Medium Enterprises - Includes loans to all medium sized commercial corporates with annual revenues more than SR 40 million and up to SR 200 million. If annual revenue data is not available, number of full time employees should be considered for the definition of Medium Private Corporates. Full time employees should be from 50 to 249.
4. This return and dashboard should be completed by all Banks in Saudi Arabia and submitted to SAMA Banking Supervision Department on a quarterly basis within 30 calendar days from the end of the each quarter.
5. Item 2.4 in Prudential Return on MSME - These are outstanding specific provisions for losses on MSME portfolio calculated based on SAMA’s circular on loan classification and provisioning issued in 2004.
6. The amounts or values or number of customers reported should be as of and outstanding at the Quarter end. For period end numbers, these should be accumulated on a year-to- date basis.
7. KPI return: The guidance notes for KPI return are mainly as elaborated above except with additional clarification as summarized below:
7.1 For off balance sheet facilities - notional amount means before applying credit conversion factors as required by Basel rules. 7.2 SME interest rates - This should be weighted average interest rates 7.3 NPL ratio and loans coverage ratio - this should be calculated as per SAMA’s circular on loan classification and provisioning issued in 2004. 7.4 SME rejection rate - Only formal rejection should be reported. 7.5 %age of collateral provided by MSME should be calculated by dividing amount of collateral by the amount of loan given to MSME. Offline Authorization Operating Rules, Standards, and Procedures
A. Update to SPAN Operating Rules
Rule 1. Transactions will be processed online at POS Terminals if the transaction value exceeds the floor limit set by SAMA for POS purchase transaction. 2. Banks that are members of SPAN are required to support Offline authorization for the following transactions :
Terminal Process Type Transaction Type Issuer (Mandatory / Optional) Acquirer (Mandatory / Optional) POS Offline Purchase M M 3. Offline Authorization at POS is permitted if the authorization request for a purchase transactions with a value below the Terminal Floor Limit specified by SAMA was initiated by a chip Card at a POS terminal following successful Terminal and Card Offline Authorization processing. 4. The Terminal Floor Limit mandated by SAMA at this time for POS Offline authorization is SAR 75. 5. In determining whether to perform a Transaction online or Offline, whether the Chip Card's maximum Transaction amount differs from the Terminal Floor Limit, the lower amount prevails. 6. An Issuer of a Card containing a payment application must enable Offline Authorization by setting offline parameter values that do not exceed those prescribed by SAMA. 7. The Issuer may opt to set one or more values to zero (0) as per its internal policies. All valid mada Cards are eligible and support for Offline limits. 8. An Issuer of a Card enabled for Offline Authorization will support the following Transaction types only:
a) Purchase Transaction.
9. An Issuer is liable for the parameter values and processing options contained in the payment application as defined by SAMA in the Technical Books. 10. An Issuer is liable for Offline Transactions initiated by a Card if these were authorized following the successful completion of Terminal and Card offline Authorization processes as required by SAMA. 11. The Issuer is responsible for the settlement of Transactions generated from an Issuer's compliant chip Card, irrespective of the status of the Cardholder's account at the time of the Transaction that is authorized Offline. 12. For an Offline Transaction, a valid Transaction Certificate (TC) is proof to the Issuer that the Card was present and that data covered by the TC is valid and has not been altered. This protects the Issuer against liability from a Cardholder's claim of denial of the Transaction. 13. Issuers will ensure that Cardholders are not party to a decision on offline limits as the Card authorizes the Transactions when eligible on behalf of the Issuer. 14. In the unlikely event of an unarranged overdraft in the Cardholder's account as a result of a delayed financial advice or insufficient balance, the Issuer will not levy any fees and interest rate on the affected amount or the event itself, Also, the Issuer must not insert the cardholder name in SIMAH, the Saudi Credit Bureau, as a result of any debt or overdraft that may result from such an event.
Generally, such overdraft positions are not permitted on cardholders' account(s) as a result of an offline transaction. The Issuer must take reasonable and appropriate actions to avoid such occurrences.
In all cases, the Issuer is liable and responsible for any (unauthorized) overdraft position that may accrue on a cardholders account, pursuant to the terms defined at Clause 10 and 11 above.
15. Issuers that provide Offline limits for their Cards shall ensure that Cardholders are aware of the offline feature and the potential of delayed SMS messages generated for offline purchase Transactions. Issuers may wish to include text in the account opening form and/or debit Card collateral indicating that some Transactions may be authorized offline. 16. It is recommended that Issuers that provide Offline Limits for their Cards support Script Management as per SAMA technical requirements. 17. Issuers may amend risk management values on the card using dynamic risk management scripting based on their internal policies provided velocity checks and parameters do not exceed values mandated by SAMA. 18. An Issuer of SPAN Cards must support Offline Counters and Offline Limits included in the Card personalization process as defined by SAMA. 19. An Issuer is responsible for deciding the personalization parameter values for Offline authorization, if lower than offline parameter values specified by SAMA, at its discretion. 20. If online authorization initiated by a POS Terminal cannot be completed for technical reasons, Transactions may be authorized Offline by the Card at the Issuer's discretion if these satisfy the offline Authorization processes of the Card and Terminal. 21. Issuers must not block funds from cardholder accounts as a risk mitigation measure in offline authorization. 22. Issuers may choose between one of the following recommended offline risk mitigation processes:
a. Ring fencing an account with a shadow account earmarked for offline authorization provided the cardholder has full access, through the SPAN card, to the total balance in both accounts.
b. Deferring a debit entry resulting from an offline authorization until such time as there are sufficient funds in an account to clear the accrued amount.23. Issuers may ensure that funds accrued from domestic offline debit transactions are debited from the cardholder's designated account before international offline debit transactions. 24. An Acquirer must ensure that the POS Terminal Floor limit for POS Terminals provided to its Merchants is equal to or below the Floor Limit mandated by SAMA. Acquirers will use the relevant application administered by SAMA to amend the floor limit for one or more merchants on a temporary or permanent basis, if terminal management system-TMS has the capability to support that. 25. An Acquirer must ensure that its Merchants reconcile the POS Terminals daily. The Acquirer must advise its merchants of the procedure to be followed in the event that a Terminal is unable to communicate with the SPAN switch for this purpose. 26. An Acquirer is liable for an authorized Offline Transaction at its POS Terminal which is over the SAMA mandated Floor Limit and/or no TC is generated. 27. An Acquirer that offers offline processing for purchase Transactions must ensure that POS Terminals provided to its merchants perform Terminal Risk Management for Cards regardless of the parameters on the Card. 28. An Acquirer must ensure that its Merchants obtain online authorization for Transaction amounts above the Terminal Floor Limit mandated by SAMA. 29. An Acquirer must ensure that its Merchants are aware that some purchase Transactions may be authorized Offline. The Acquirer must notify its Merchants of the Offline feature and the need for daily Reconciliation and retention of the merchant copy of the receipt for such Transactions as per SPAN operating Rules, Standards and procedures. 30. An Acquirer must ensure that its POS Terminals' Terminal Risk Management processes and parameters remain in compliance with SAMA technical requirements. 31. SPAN Scheme Processing Fees
In its capacity as operator and Settlement agent on behalf of Members, SAMA may levy processing fees on SPAN issuing and SPAN acquiring banks for POS Transactions authorized Offline as indicated in Table (7).
Table 7
Terminal Transaction Fee Paid Paid To POS Purchase Interchange Acquirer Issuer Settlement Issuer SPAN Acquirer SPAN Update to SPAN Operating Standards and Procedures - Part IV - Acquirer
Rule 1. The Acquirer is obligated to provide the Transaction Certificate (TC) upon request in the processing of a retrieval request as per sections 2.11.6, 3.34.1 and 5.11 of the SPAN Operating Standards and Procedures. 2. The Acquirer must meet Transaction approval requirements; Specifically, a TC must be generated when a Transaction initiated by a Card is approved off-line. All Offline approved Transactions without a TC are at the Acquirer's risk. 3. Acquirers that support Offline authorization will ensure that POS Terminal Risk Management be comprised of the following functions:
a. Terminal Floor Limit Check
b. Velocity Check
c. Random Online Transaction Selection4. An Acquirer that sets the POS Floor Limit at or below SAMA's defined limit must support terminal parameters that instruct the Terminal on the appropriate actions to take under various conditions during Offline Authorization. The possible actions are:
a) Approve Offline;
b) Go Online;
c) Decline Offline.5. Acquirers will support Issuer scripts sent to Cards through online response messages. 6. Acquirers must ensure that an advice message is sent to the Issuer in the event that a script is not successfully transferred between the terminal and Card. 7. Acquirers must retain the TC and related data elements with each transaction record for the period specified by SAMA in Part II, Section 2.6.2 of the SPAN Operating Standards and Procedures. 8. An Acquirer must ensure that it is able to provide the required TC data elements when an Issuer re-submits a claim requesting Transaction data as part of the claim processing procedure for Transactions authorized Offline. 9. A SPAN Acquirer or its appointed agent(s) will not change the following POS terminal parameter values required for random selection as pre-determined by SAMA.
a) Target Percentage: 15 b) Maximum Target Percentage: 15 c) Threshold Value: SAR 40 11. An Acquirer must ensure that receipts (paper or electronic receipts) from offline Transactions are retained by Merchants for a period of at least six (6) months from the date of the transaction. This must be reflected in the Merchant Services Agreement-MSA. 12. In the unlikely event where a Transaction approved Offline is not sent with a SAF flush or a reconciliation advice or through an unrecoverable technical fault, the receipt will be used as documentary support for a CPS claim raised by the Acquirer on behalf of the Merchant. If a receipt is not submitted, Issuers may settle the Transactions on best effort basis. 13. If the Merchant is unable to reconcile one or more terminals due to technical reasons, the merchant must contact the Acquirer or its appointed agent(s) helpdesk to report the incident, The Merchant must request a reference (ticket- opened) number and maintain this reference as proof of reporting the incident. 14. An Acquirer must ensure that all POS devices with Floor Limits above zero (0) are reconciled daily. 15. A POS Terminal can be removed and/or replaced only after it has been reconciled (and all SAF entries flushed) as per SPAN operating Rules, Standards and Procedures and section (13) of these procedures. 16. Acquirers will use the 1220 authorization advice generated from an offline transaction to post the required entries to merchant accounts and for SPAN settlement. Acquirers are expected to respond with a 1230 message. 17. Acquirers will be capable of identifying an offline transaction through data element 39 (Code 087,089, 190) present in the 1220 financial authorization advice. 16. With the exception of mitigating circumstances proven beyond its control, the Acquirer should ensure that the time between the Transaction date and the reconciled / cleared date for a Transaction authorized offline, does not exceed five (5) business days. B. Update to SPAN Operating Standards and Procedures - Part IV - Issuer
Rule 17 A mada Card issuer must support Card parameters that instruct the Terminal on the appropriate actions to take under various conditions during Offline Authorization.
The possible actions are:
a) Approve Offline;
b) Go Online;
c) Decline Offline.18. mada Issuers should be capable of processing script messages to change Card parameters dynamically, and delivered in a response to online authorization requests. 19. Issuers must have an effective method to confirm and record which scripts have been successfully received by the mada Card 20. It is recommended that Issuers support the following scripts for domestic Offline transactions over a contact interface:
a) Amend LCOTA ( value should be equal or lower than the SAMA mandated value)
b) Amend UCOTA ( value should be equal or lower than the SAMA mandated value)Issuers may support the above updates over a Contactless interface.
21. In Offline Authorization the Transaction Certificate (TC) represents an Issuer approval. If the TC highlights that Terminal Risk Management functions were not executed correctly, the Issuer has the right to submit ( or re-submit a claim ). 22. Issuers will advise cardholders through normal communication channels (including the account opening form) of the possibility of an SMS message delay for a POS purchase generated from the actual transaction date as a result of an offline authorization. The SMS message will mention offline and transaction date. 23. Issuers will use the 1220 authorization advice generated from an offline transaction to post the required entries to cardholder accounts and for settlement. Issuers are expected to respond with a 1230 message. 24. Issuers will be capable of identifying an offline Transaction through data element 39 (Code 087,089, 190) present in the 1220 financial authorization advice. Update to SPAN Operating Standards and Procedures - Part V - POS
Rule 1. All POS Terminals must support Terminal actions in offline authorization specified by SAMA. 2. All POS Terminals must support Terminal Risk Management in offline Authorization as specified by SAMA. 3. Issuers must retain the TC and related data elements with each transaction record for the period specified by SAMA in Part II, Section 2.6.2 of the Operating Standards and Procedures. 4. An Issuer must ensure that it is able to provide the required TC data elements when an Acquirer re-submits a claim requesting Transaction data as part of the claim processing procedure for Transactions authorized Offline. 5. The Issuer must set the parameter values for domestic offline transactions during and post-issuance at or lower than the following Offline Authorization limit values mandated by SAMA for the combined SPAN/IBCS application:
a) CTTAL/LCOTA: SAR 150
b) CTTAUL/UCOTA: SAR 225Above limits mean: A single Transaction up to SAR 75, cumulative total under normal conditions of SAR 150, and a cumulative total under exceptional conditions (loss of connectivity) of SAR 225.
6. Based on the duration between the Transaction date and the Reconciliation date as evident in the relevant Transaction log File report, the Issuer may accept a Purchase Transaction authorized offline and reconciled /cleared over a period exceeding five (5) business days. C. Definiitons
'Domestic' A Transaction authorized Offline with a SPAN card through the Saudi Payment Network within Saudi Arabia 'Offline Authorization' Authorizing or declining a payment transaction through card-to- terminal communication, using issuer-defined risk parameters that are set in the card to determine whether the transaction can be authorized without going online to the issuer host system. "CTTAL" Cumulative Total Transaction Amount Limit "CTTAUL" Cumulative Total Transaction Amount Upper Limit "LCOTA" Lower Consecutive Offline Transaction Amount "Offline" In the context of this document, an Offline Authorization occurs when a POS Transaction is authorized Offline by the SPAN chip Card without sending a request to the SPAN Issuer. "Offline PIN" A process where the PIN is verified Offline at the SPAN POS Terminal. "TC" Transaction Certificate "Transaction Certificate" A unique cryptogram generated by the Card proving that the card was present at the time of a Transaction approved Offline on behalf of the Issuer. "UCOTA" Upper Consecutive Offline Transaction Amount Appendix K Form of Bid Bond
[insert date]
The Ministry of Petroleum
and Mineral Resources
of the Government of the Kingdom of Saudi Arabia
Place: Letter of Guarantee No. Date:
Our client, [insert full name(s) of Consortium members] (the “Applicant”) intends to submit to you its Proposal for a license to design, develop, finance, procure, construct, own, insure, operate and maintain a world-class refinery in the Jazan Region in the Kingdom of Saudi Arabia, in response to your Request for Proposals dated [ ], 2008 (the “RFP”). Capitalized terms used herein and not otherwise defined shall have the meanings assigned to them in the RFP.
We [insert name of bank] do hereby guarantee unconditionally and irrevocably to pay you the aggregate sum of Four Million Saudi Riyals (SAR 4,000,000), in accordance with the following:
A. Immediately upon receipt of your written request stating either that the Applicant;
(i) has withdrawn its Proposal prior to the expiration hereof; or (ii) was selected by the Ministry as the Successful Applicant but has failed to perform all of its obligations specified in Section 6.2 of the RFP “Award of the License”,
notwithstanding any objection of the Applicant or of any other party, we shall pay you the full amount stipulated above, by transfer to your account with any bank in the Kingdom of Saudi Arabia designated in your written request, or by any other method which is acceptable to you.
B. Any payments made upon your request shall be net and free of and without any present and future deductions such as for the payment of any taxes, executions, duties, expenses, fees, deductions or retentions regardless of the nature thereof or the authority levying the same.
C. The undertakings in this guarantee constitute direct, unconditional and irrevocable obligations on our part. We shall not be released from all or any part of our obligations hereunder for any reason or cause whatsoever, including, without limitation, changes in the terms and conditions of the RFP or extension of the Period of Validity of the Proposal or changes in the scope of the Project or failure to perform or the carrying out of any act or procedure by you or by a third party that would or could exempt or release us from our unconditional and irrevocable obligations and liabilities stipulated in this guarantee.
D. This guarantee shall remain valid and effective until the earlier to occur of:
(i) submission of the First License Performance Bond, as set forth in Section 6.6(a) of the RFP; or (ii) the date that is sixty (60) days following the declaration of the Successful Applicant.
E. Any dispute concerning this guarantee will be settled by the laws of the Kingdom of Saudi Arabia.
[NAME OF BANK]1
By:_____________________________ Name: Title: Date: 1 The Bank must be listed on Appendix L to the RFP or be otherwise acceptable to the Ministry.
Appendix F Form of License Performance Bonds
Appendix F-1 Form of First License Performance Bond1
[insert date]
The Ministry of Petroleum and Mineral Resources The Kingdom of Saudi Arabia
Place: Letter of Guarantee No.:__________ Date:_________________________________
Our client [insert name of Consortium Member] (a "Consortium Member") is a Consortium Member of the Consortium that has been declared as the Successful Applicant in connection with the Request for Proposal dated [•], 200[•] in relation to the design, development, financing, procurement, construction, ownership, insurance, operation and maintenance of a crude oil refinery project (the "Project") in the Jazan region of The Kingdom of Saudi Arabia ("The Kingdom") and intends to apply for a license from you with respect thereto (the "License").
We______________ (bank) do hereby guarantee unconditionally and irrevocably to pay you the aggregate sum of One Hundred Fifty Million Saudi Riyals (SAR. 150,000,000), in accordance with the following:
A. Immediately upon receipt of your written request stating either:
(1) that a Formation Default (as such term is defined in the License) has occurred and is continuing under the License; or
(2) you have given notice to the Consortium Member or the Successful Applicant to extend the duration of this guarantee and the Consortium Member or Successful Applicant has failed to deliver the extended guarantee to you within fourteen (14) days of your notice or at least seven (7) days prior to the expiration date of this guarantee,
notwithstanding any objection of the Successful Applicant or the Consortium Member or of any other party, we shall pay you the full amount stipulated above, by transfer to your account with any bank in The Kingdom designated in your written request, or by any other method which is acceptable to you.
B. Any payments made upon your request shall be net and free of and without any present and future deductions, such as for the payment of any taxes, executions, duties, expenses, fees, deductions or retentions regardless of the nature thereof or the authority levying the same.
C. The undertakings in this guarantee constitute direct, unconditional and irrevocable obligations on our part. We shall not be released from all or any part of our obligations hereunder for any reason or cause whatsoever, including, without limitation, as changes in the terms and conditions of the License or change in the scope of the Project or nature of the work required to be executed by the Consortium Member or the Successful Applicant or the failure to perform or the carrying out of any act or procedure by you or by a third party that would or could, as the case may be, exempt or release us from our unconditional and irrevocable obligations and liabilities stipulated in this guarantee.
D. This guarantee shall remain valid and effective until the delivery to MinPet of the Project Company First License Performance Bond. According to the terms of this guarantee, if you give us a written and signed notice on or before the date of expiration of this guarantee or any subsequent extension thereof pursuant to the stipulation to extend the guarantee, we shall, pursuant to your written instruction: (i) automatically extend the guarantee for the period requested (provided it shall not exceed three hundred and sixty-five (365) days) from the original date of expiration of the guarantee or from the expiration date of the extension(s) which may have been subsequently made as indicated in the request for extension, or (ii) pay you the amount of the guarantee.
E. Any dispute concerning this guarantee will be settled by the Board of Grievances in The Kingdom in accordance with the laws of The Kingdom.
[The Bank]
Authorized signatories 1 MINPET NOTE TO APPLICANTS: This First License Performance Bond is intended to cover the period from the License Award through the delivery of the Project Company First License Performance Bond (i.e., Novation). Also, the First License Performance Bond may be provided by (a) the Successful Applicant in the aggregate amount of SAR 150 Million or (b) by each Consortium Member of the Successful Applicant in a pro rata amount that corresponds to such Consortium Member’s anticipated equity ownership in the Project Company, provided that the aggregate amount of the First Performance License Bonds provided by the Consortium members collectively in the case of (b) shall equal SAR 150 Million.
Appendix F-2 Form of Project Company First License Performance Bond2
[insert date]
The Ministry of Petroleum and Mineral Resources The Kingdom of Saudi Arabia
Place: Letter of Guarantee No.:__________ Date:_________________________________
Our client [insert name of the Project Company] ("Project Company") is the holder of the license (the “License") for the design, development, financing, procurement, construction, ownership, insurance, operation and maintenance of a crude oil refinery project (the “Project") in the Jazan region of The Kingdom of Saudi Arabia (“The Kingdom"). The License, in accordance with its terms and conditions, was novated to the Project Company pursuant to the Novation Agreement executed on [•].
We______________ (bank) do hereby guarantee unconditionally and irrevocably to pay you the aggregate sum of One Hundred Fifty Million Saudi Riyals (SAR. 150,000,000), in accordance with the following:
A. Immediately upon receipt of your written request stating either:
(1) that a Special Termination Event or an uncured Default (as such terms are defined in the License) has occurred and is continuing under the License; or
(2) you have given notice to the Project Company to extend the duration of this guarantee and the Project Company has failed to deliver the extended guarantee to you within fourteen (14) days of your notice or at least seven (7) days prior to the expiration date of this guarantee,
notwithstanding any objection of the Project Company or of any other party, we shall pay you the full amount stipulated above, by transfer to your account with any bank in The Kingdom designated in your written request, or by any other method which is acceptable to you.
B. Any payments made upon your request shall be net and free of and without any present and future deductions, such as for the payment of any taxes, executions, duties, expenses, fees, deductions or retentions regardless of the nature thereof or the authority levying the same.
C. The undertakings in this guarantee constitute direct, unconditional and irrevocable obligations on our part. We shall not be released from all or any part of our obligations hereunder for any reason or cause whatsoever, including, without limitation, as changes in the terms and conditions of the License or change in the scope of the Project or nature of the work required to be executed by the Project Company or the failure to perform or the carrying out of any act or procedure by you or by a third party that would or could, as the case may be, exempt or release us from our unconditional and irrevocable obligations and liabilities stipulated in this guarantee.
D. This guarantee shall remain valid and effective until [insert the target Financial Closing Date]. According to the terms of this guarantee, if you give us a written and signed notice on or before the date of expiration of this guarantee or any subsequent extension thereof pursuant to the stipulation to extend the guarantee, we shall, pursuant to your written instruction: (i) automatically extend the guarantee for the period requested (provided it shall not exceed three hundred and sixty-five (365) days) from the original date of expiration of the guarantee or from the expiration date of the extension(s) which may have been subsequently made as indicated in the request for extension, or (ii) pay you the amount of the guarantee.
E. Any dispute concerning this guarantee will be settled by the Board of Grievances in The Kingdom in accordance with the laws of The Kingdom.
[The Bank]
Authorized signatories 2 MINPET NOTE TO APPLICANTS: This Project Company First License Performance Bond is intended to cover the period from the expiration of the First License Performance Bond (i.e., Novation) until the later to occur of (i) the Financial Closing Date and (ii) the award of al) the EPC Contract(s), upon which the Project Company shall provide MinPet with the Second License Performance Bond, together with (x) certified copies of all the Financing Documents and an original certificate signed by the Financing Parties or their duly authorized representative(s) certifying that the Financial Closing has been achieved and (y) certified copies of ail the EPC Contract(s) and an original certificate signed by the authorized signatory(ies) of the EPC Contractor(s) certifying the completeness and authenticity of the EPC contract(s), in exchange for this Project Company First License Performance Bond.
Appendix F-3 Form of Second License Performance Bond
[insert date]3
The Ministry of Petroleum and Mineral Resources The Kingdom of Saudi Arabia
Place: Letter of Guarantee No.:__________ Date:_________________________________
Our client [insert name of the Project Company] (“Project Company") has been awarded a license (the "License") on [•], 200[•] in relation to the design, development, financing, procurement, construction, ownership, insurance, operation and maintenance of a crude oil refinery project (the “Project”) in the Jazan region of The Kingdom of Saudi Arabia ("The Kingdom”).
We________________ (bank) do hereby guarantee unconditionally and irrevocably to pay you the aggregate sum of Seventy Five Million Saudi Riyals (SAR. 75,000,000), in accordance with the following:
A. Immediately upon receipt of your written request stating either:
(1) that a Special Termination Event or an uncured Default (as such terms are defined in the License) has occurred and is continuing under the License; or
(2) you have given notice to the Project Company to extend the duration of this guarantee and the Project Company has failed to deliver the extended guarantee to you within fourteen (14) days of your notice or at least seven (7) days prior to the expiration date of this guarantee,
notwithstanding any objection of the Project Company or of any other party, we shall pay you the full amount stipulated above, by transfer to your account with any bank in The Kingdom designated in your written request, or by any other method which is acceptable to you.
B. Any payments made upon your request shall be net and free of and without any present and future deductions, such as for the payment of any taxes, executions, duties, expenses, fees, deductions or retentions regardless of the nature thereof or the authority levying the same.
C. The undertakings in this guarantee constitute direct, unconditional and irrevocable obligations on our part. We shall not be released from all or any part of our obligations hereunder for any reason or cause whatsoever, including, without limitation, as changes in the terms and conditions of the License or change in the scope of the Project or nature of the work required to be executed by the Project Company or the failure to perform or the carrying out of any act or procedure by you or by a third party that would or could, as the case may be, exempt or release us from our unconditional and irrevocable obligations and liabilities stipulated in this guarantee.
D. This guarantee shall remain valid and effective until [insert the target dale of Commencement of Commercial Operation]. According to the terms of this guarantee, if you give us a written and signed notice on or before the date of expiration of this guarantee or any subsequent extension thereof pursuant to the stipulation to extend the guarantee, we shall, pursuant to your written instruction: (i) automatically extend the guarantee for the period requested (provided it shall not exceed three hundred and sixty-five (365) days) from the original date of expiration of the guarantee or from the expiration date of the extension(s) which may have been subsequently made as indicated in the request for extension, or (ii) pay you the amount of the guarantee.
E. Any dispute concerning this guarantee will be settled by the Board of Grievances in The Kingdom in accordance with the laws of The Kingdom.
[The Bank]
Authorized signatories 3 See MinPet’s footnote above. This date should be the (i) Financial Closing Date or (ii) the date when all the EPC Contract(s) have been awarded, whichever is later.
Attachment - 1 Definitions and Guidance Notes Prudential Return on Lending and Deposits
1.
General This general guidance is provided to facilitate the preparation of this quarterly return. This return should be completed at a solo level only.
Banks should use the following definitions and guidance notes for completing these returns relating to lending, deposit and borrowing's special commissions:
• Special commission received and paid should be disclosed in percentage terms (%) for new loans in first column split into Local Currency, Foreign Currency and Total and outstanding loans for the second column. • Only weighted average is to be provided. Weighted average should be the weighted average of all changes of contractual rates within a quarter. Weighted average should be based on the amount outstanding at the end of the quarter and corresponding rates prevailing at that date. • Current column means loans, interbank loans, investments, deposits, margin deposits, bonds and interbank deposits booked in that quarter. However, outstanding means cumulative including the current quarter. • Calculation of weighted average (WA) is described in item 4. • All classifications of Loans, Deposits and Bonds issued are mutually exclusive. • All data for calculating weighted average rate should be related to M1 domestic (Resident by Local Currency & Foreign Currency). • Special commission rate for Loans (B/S item 9.2 and 9.3), interbank deposits (B/S item 16) & lending (B/S item 4), Investment (B/S item 10) and Bond & Sukuk (B/S item 28). • Special commission rate for deposits (B/S 17,18, 21 and 22). • Margin deposits (B/S 23) • Weighted average rate for each row and each column, (if data is available) including total loans, and total deposits and subtotals should be calculated. • This quarterly return to SAMA is due within 30 calendar days following the quarter end. • Banks are requested to follow the note below to fill out the return. • The list in annexure 3 should be used as a guide to fill out the return. We will update the list as needed. If any government institution or public nonfinancial corporation is not included in the list, banks are requested to draw this to our attention.
A. Quarterly Return
2. Types of Loans (please note that accrued special commission receivable should be added in the loan while computing weighted average)
2.1 Loans to Governments
Includes loans to all sovereign governments including Saudi Arabia and are classified as follows:
Budgetary central government - (more details in annexure 3) Social security funds - (more details in annexure 3) Development funds (specialised credit institutions)- (more details in annexure 3) 2.2 Loans to Financial Institutions (include insurance companies, leasing companies etc.)
2.3 Loans to Corporates
Public Non - Financial Corporates
Includes loans to all major public corporates such as ARAMCO, SABIC, SAUDIA, SEC, STC, SAPTCO etc. The detailed table as below provide examples:
Muslim World League National Water Company PETROMIN-General Organization for Petroleum and Minerals SABIC- Saudi Arabian Basic Industries SADARA SAPTCO- Saudi Arabian Public Transport Co. Saudi Arabian Airlines Saudi Arabian Minings (Ma'aden) SAUDI ARAMCO TOTAL Refining and Petrochemical Company (SATORP) Saudi Council of Engineers Saudi EDI (Saudi Electronic Data Interchange) Saudi Electricity Corporations Saudi Post Corporation Saudi Press Agency Saudi Telecom Company SAUDIA- Saudi Arabian Airlines Vela International Marine Ltd. World Assembly of Muslim Youth Large Corporates
Includes loans to all major commercial corporates with annual revenues above SR200 million. If annual revenue data is not available, in that case number of full time, employees should be considered for the definition of Large Private Corporates. Full time employees should be above 249.
Medium Enterprises
Includes loans to all medium sized commercial corporates with annual revenues between SR40 million to SR200 million. If annual revenue data is not available, in that case number of full time, employees should be considered for the definition of Medium Private Corporates. Full time employees should be from 50 to 249.
Small Enterprises
Includes loans to all small sized corporates with annual revenue between SR 3million to SR40 million. If annual revenue data is not available, in that case number of full time, employees should be considered for the definition of Small Private Corporates. Full time employees should be from 6 to 49.
Micro Enterprises
Includes loans to all small sized corporates with annual revenue upto SR3 million. If annual revenue data is not available, in that case number of full time, employees should be consider for the definition of Micro Company. Full time employees should be from 1 to five 5.
Kafalah Fund
These loans are defined to be for a maximum amount of SR. 10 MM made to an enterprise with a maximum turnover of SR. 200 MM and are guaranteed by the Kafalah fund.
Commercial real estate
A commercial mortgage or commercial real estate loan normally involves a financing a commercial real estate asset. It generally represents a long term debt normally for up to 25 years but can be for shorter periods. The loan is secured by commercial property being financed.
Other Businesses
These include all types of business exclusive of above i.e. partnerships, proprietorships, etc.
2.4 Retail Loans
Consumer Loans
Consumer loan includes loans to individuals, household and family members, granted on the following basis:
• Granted by the creditor to a borrower as a secondary activity for the borrower, i.e. outside the sphere of the borrower’s principal commercial or professional activity. It would generally include personal loans, overdraft facilities, car loans, payment card loans, etc. • To finance purchase of goods and services for enjoyment, consumption and other such requirements of individuals as identified above e.g. to purchase furniture, household items, vacations, education, etc. • These may cover Shariah compliant consumer loans under Murabaha, Istisna and other Islamic contracts. • While mortgage loans are to be excluded, home improvement financing is included.
Credit Card Loans
These include all credit balances or amount owing by payment cardholders.
Mortgages or Housing Loans
A mortgage or housing loan normally involves a financing a real estate asset. It generally represents a long term debt normally for up to 25 years but can be for shorter periods. The loan is secured by residential property being financed where this lien is recorded in the title document. These may also include Shariah complaint residential property loans that are supported by an Ijarah contract.
Other loans
Any other loan not already classified in above categories.
2.5 Interbank Loans
Refers to loan placements, made by one bank to another bank.
2.6 Investments
Represents investments in TBills, Bonds, fixed and floating rate securities issued by Government and quasi government, corporate, banks and other financial institutions and other counterparties.
2.7 Placements with SAMA - Represents reverse repo placements with SAMA. This should reconcile to line 2.6 of M1 return
3. All types of Deposits (please note that accrued special commission payable should be added in the deposits while computing weighted average)
3.1 Split of total deposits
• If a deposit is new, original maturity should be reported in the column WA rates - current quarter. However, in case of old deposits, residual maturity should be used to populate the column stating outstanding WA rates. • Demand deposits (including Shariah Compliant deposits) represent non-special commission bearing customer deposits that have no maturity and can be withdrawn without prior notice. These deposits also include current accounts. If a bank does not pay any commission rate on the demand deposits, it should report it as zero. • Saving deposits (including Shariah Compliant deposits) represent non-checking special commission bearing customer deposits with no defined maturity. • Time deposits (including Shariah Compliant deposits) represent special commissions bearing customer deposits with a defined maturity. • Split of deposit by counterparties (Government, Financial Institutions, Corporate, SME and Retail) is required to be populated as a memo line and should not affect totals or sub totals. • Repo deposits from SAMA should reconcile to line 15.2, 15.3, 15.4 and 15.5 of M1 return.
3.2
Margin deposits Represents all deposits received in relation to transaction in exchanges.
3.3 Bonds and SUKUK
Issued by banks should be reported according to their maturities, i.e. if the issuance is during the quarter, it should reflect original maturity date in the calculation of weighted average. However if there is an existing issuance, the weighted average %age reported in outstanding column should reflect residual maturity.
3.4 terbank deposits Refer to deposit received by one bank from another bank.
4. Example of Calculating Weighted Average Special Commissions
The weighted average rate is calculated as at the end of a given period, i.e, quarter.
Example-I Example of computation of weighted average special commissions for a given period end balance in the amount of SR360 million is given below:
Special Commissions Rates Related Amounts In 000's Rates multiplied by Amounts 1 2 3=1X2 0% 30,000 - 1% 50,000 500 2% 60,000 1,200 4% 80,000 3,200 5% 90,000 45,000 8% 20,000 1,600 10% 30,000 3,000 Total 360,000 14,000 WASCRs= (14000/360000)*100 Weighted Average Special Commission Rates (WASCRs) 3.89% Attachment - 2 Quarterly Return (as Attached Herewith in Excel Format)
Attachment - 3
4.1.1 Budgetary central government
1 Royal Court 2 Private Affairs of the Custodian of the Two Holy Mosques 3 Crown Prince Court 4 Private Affairs of Crown Prince 5 Royal Protocols 6 Crown Prince Royal Protocols 7 National Security Council 8 Royal Guard Regiment 9 Shura Council 10 Presidency of the Council of Ministers 11 General Secretariat of the Council of Ministers 12 Bureau of Experts at the Council of Ministers 13 King Fahd National Library 14 Ministry of National Guard 15 King Khalid Military Academy 16 The Board of Grievances 17 General Auditing Bureau 18 Ministry of Civil Service - the General Bureau 19 General Intelligence Presidency 20 Control and Investigation Board 21 General Authority of Sports 22 Chairmanship of the Commission 23 Royal Commission for Jubail and Yanbu 24 Ministry of Foreign Affairs - the General Bureau 25 Prince Saud Al-Faisal Institute of Diplomatic Studies 26 Ministry of Economy and Planning - the General Bureau 27 General Authority for Statistics 28 Ministry of Defense - the General Bureau 29 Office of the General Staff Headquarters 30 Royal Saudi Land Forces 31 Royal Saudi Air Force 32 Royal Saudi Naval Forces 33 Royal Saudi Air Defense Forces 34 King Abdulaziz Military Academy 35 King Faisal Air Academy 36 General Directorate of the Armed Forces Medical Services 37 King Fahad Naval Academy 38 King Abdullah Air Defense Academy 39 Ministry of Interior - the General Bureau 40 Directorate of Public Security 41 General Directorate of Civil Defense 42 General Directorate of Investigation 43 General Directorate of Border Guard 44 King Fahd Security College 45 Special Security Forces 46 General Directorate of Passports 47 General Administration of Mujahideen 48 Emirate of Riyadh Province 49 Emirate of Makkah Province 50 Emirate of Eastern Province 51 Emirate of Madinah Province 52 Emirate of Najran Province 53 Emirate of Aseer Province 54 Emirate of Hael Province 55 Emirate of Jazan Province 56 Emirate of Tabouk Province 57 Emirate of Al-Qasim Province 58 Emirate of Northern Border Province 59 Emirate of Al-Jouf Province 60 Emirate of Al-Baha Province 61 The Bureau of Investigation and Public Prosecution 62 General Directorate of Prisons 63 Ministerial Agency of Civil Affairs 64 Facilities Security Forces 65 The General Directorate of Narcotics Control 66 Ministry of Municipal and Rural Affairs 67 Najran Municipality 68 Aseer Municipality 69 Ha'il Municipality 70 Jazan Municipality 71 Tabuk Municipality 72 Al-Madinah Municipality 73 Al-Qasim Municipality 74 Al-Riyadh Municipality 75 Northern Borders Municipality 76 Al-Jouf Municipality 77 Al-Baha Municipality 78 Jeddah Municipality 79 Ta'if Municipality 80 Eastern Region Municipality 81 Holy Makkah Region 82 Al-Ahsa Municipality 83 Ministry of Education 84 Higher Council of Education 85 Transport Ministry 86 Saudi Railways Organization 87 Minister of Communications and Information Technology - the General Bureau 88 Ministry of Energy, Industry and Mineral Resources 89 Ministry of Commerce and Investment 90 Saudi Standards, Metrology and Quality Orgainzation 91 Saudi Export Development Authority 92 Ministry of Environment, Water and Agriculture 93 Alahsa Irrigation & Drainage Authority 94 Saudi Grains Organization 95 Ministry of Justice - the General Bureau 96 The General Presidency of Scholarly Resarch and Ifta 97 The General Presidency for the Affairs of the Two Holy Mosques 98 The Saudi Projects Bureau in Yemen 99 Ministry of Finance - the General Bureau 100 Saudi Customs 101 General Authority of Zakat & Tax 102 Saudi Wildlife Authority 103 The Ministry of Islamic Affairs, Da'wah, and Guidance 104 Ministry of Haj and Umra 105 Government programs and facilities 106 Regular allowances and subvention 107 Installment payment/returns of development bonds 108 The General Authority of Meteorology & Environmental Protection 109 Saline Water Conversion Corporation 110 Ministry of Labour & Social Development 111 Ministry of Housing 112 Supreme Judiciary Council 113 King Abdul Aziz Foundation 114 National Anti-Corruption Commission 115 Saudi Red Crescent Authority 116 General Commission for the Guardianship of Trust Funds for Minors and Their Counterparts 117 Education Evaluation Commission 118 Saudi Port Authority 119 Rayal Commission for Al-Jubyal and Yanbu 120 Saudi Standards, Metrology and Quality Orgainzation 121 Saudi Arabian General Investment Authority 122 Technical and Vocational Training Corporation 123 King Abdul Aziz City for Science & Technology (KACST) 124 Institute of Public Administration 125 King Faisal Specialized Hospital & Research Centre 126 Saudi Red Cresent Authority 127 Military Industries Organization 128 Saudi Geological Survey Authority 129 General Commission for Tourism & Antique 130 Communication and Information Technology Commission (C.l.T.C) 131 Saudi Food and Drug Authority (SFDA) 132 Saudi Post Organization 133 General Authority of Civil Aviation (GACA) 134 Human Rights Commission 135 General Survey Authority 136 Kind Abdullah City for Nuclear Energy 137 King Saud University 138 King Abdul Aziz University 139 King Fahd University of Petroleum and Minerals 140 Imam Muhammad Ibn Saud University 141 Islamic University 142 King Faisal University 143 Umm Al-Qura University 144 King Khalid University 145 Taibah University 146 Qassim University 147 Taif University 148 Jazan University 149 Al Jouf University 150 University of Ha'il 151 University of Tabuk 152 Al-Baha University 153 Najran University 154 Prince Nora Bint Abdulrahman University 155 Northern Borders University 156 University of Dammam 157 Prince Salman Bin Abdulaziz University 158 Al-Majma'ah University 159 Shagra University 160 Saudi Electronic University 161 University of Jeddah 162 University of Hafr Albatin 163 University of Bisha 4.1.2 Social security fund (GOSI and PPA)
4.1.3 Development funds
A Specialized Credit Institutions 1 Agriculture Development Fund 2 Social Development Bank 3 Public Investment Fund 4 Saudi Industrial Development Fund 5 Real Estate Development Fund B Saudi Fund for Development "SARIE" Collateral Policy & Covering Procedures
SAMA © Copyright Saudi Arabian Monetary Agency
All information contained in this document is strictly confidential and proprietary to Saudi Arabian Monetary Agency (SAMA) and shall only be used for the purpose for which it is provided. No part of this document may be reproduced nor disclosed to a third party without the prior written consent of Saudi Arabian Monetary Agency (SAMA).
SARIE Collateral Policy & Covering Procedures - The Saudi Arabian Riyal Interbank Express (SARIE)-2015
1 Introduction
In accordance with the Charter of the Saudi Arabian Monetary Agency (SAMA) issued by Royal Decree No 23 dated 23/5/1377H, Banking Control Law issued by Royal Decree No M/5 dated 22/2/1386H, other pertinent laws of the Kingdom of Saudi Arabia and the SARIE Operating Rules and Regulations - Version 3.0 (ORR) issued by SAMA dated 1/12/1425H, this policy is issued by SAMA governing the provision of Intra-day Debit Limits, Overnight Covering and Collateral requirements.
In pursuance of best practice principles and recommendations for financial settlements in Real Time Gross Settlement (RTGS) systems, and to facilitate faster clearing and settlement of transactions, SAMA shall allow SARIE participants to obtain an Intra-Day Debit Limit facility, which is fully collateralised with Eligible Collateral of the types specified later in this policy document. The intra-day debit limit is the maximum debit balance permitted on a Participant's account at any point during the Operational Phase of the SARIE system.
Overnight Covering may, at the discretion of SAMA, be granted to a SARIE Participant who is unable to fully discharge any debit balance in their SARIE account before the end of the Operational Phase of SARIE subject to the conditions set out below.
2 Participants’ Accounts
2.1 Accounts at SAMA
Each Participant must maintain a current account at SAMA (the “Participant’s Account”). The current account must be maintained in accordance with SAMA’s banking conditions from time to time.
2.2 Debit Balances
SAMA may in its sole discretion permit a Participant’s Account to be in debit intraday within the limits and for the periods allowed by SAMA. The limit and periods are together called the “intra-day debit limit” SAMA may change an intra-day debit limit during the Operational Phase if in SAMA’s opinion there are exceptional circumstances, but will not do so if this would cause a Participant to be in breach of its limit. All intra-day debit balances on a Participant’s Account must be discharged at the end of each Operational Phase and each Participant’s Account must be zero or in credit at all other times, except as SAMA may otherwise permit.
2.3 Collateral
All liabilities of a Participant in respect of any intra-day debit balance on its Participant’s Account must be fully collateralised in accordance with the requirements for collateral prescribed by SAMA from time to time (as detailed in section 5)
2.4 Liquidity
The balance on a Participant’s Account must never be less than zero plus any intraday debit limit agreed by SAMA in accordance with the foregoing and must be sufficient to cover all Payment Messages of all types as they fall due for payment.
2.5 Responsibility for Liquidity
Each Participant is responsible for monitoring its Participant’s Account and its Liquidity so as to comply with the SARIE ORR. SAMA, may, but is not obliged to, monitor each Participant’s Account for compliance with intra-day debit limits.
2.6 SAMA as a Participant
The foregoing provisions do not apply to SAMA in its capacity as a Participant.
2.7 Accounts as Evidence
Each Participant’s Account maintained on SARIE is the record of the Participant’s current account and is binding on SAMA and the Participant in the absence of manifest error.
2.8 Information
SARIE provides reporting and enquiry facilities operating in near real-time, giving each Participant immediate visibility of the position in its Participant’s Account, enabling it to manage its Liquidity, and provides SAMA with the transaction functionality and reporting to enable it to exercise its powers as central bank and operator of SARIE.
2.9 Held Payments
2.9.1 Queuing
Except where it is expressly provided in the SARIE ORR that queuing does not apply to a particular Payment Message, where sufficient Liquidity is not available in a Sending Participant’s Account with SAMA, Payment Messages for that Participant will be queued by the Central System until sufficient Liquidity is available. If sufficient Liquidity is not available prior to the close of the Operational Phase of the Business Cycle, SAMA may cancel the queued Payment Messages without liability to the Participant, if they are not cancelled by the Sending Participant other than Clearing settlements.
2.9.2 Priorities
The Sending Participant, and SAMA with the approval of the Participant, may change the priority of the sequence in which its queued Payment Messages are to be paid by the Central System. Each Participant is responsible for managing its entry of Payment Messages and other instructions and for the queuing of its Payment Messages.
2.10 Priority Codes
The priority codes are assigned by:
• SAMA for SAMA transactions • The Sending Participant for its originated same-day transactions • SARIE for:
• forward payments on their maturity date • system generated transactions (e.g. clearing settlements)
2.11 Gridlock Management
2.11.1 Gridlocks
If the Central System will not settle transactions between two or more Participants by reason of the fact that each Participant has insufficient Liquidity which they would have if they could receive their queued incoming payments (“gridlocks”), SAMA may endeavour to resolve the gridlock by one, some, or all of the following actions with the approval and co-operation of the affected Participants:
• Re-prioritise a Participant’s queued transactions. • Cause a selected number of different Participants’ transactions to be settled simultaneously, so as not to breach any Participant’s intra-day debit limit. A Participant’s approval is not required provided no change in payment sequence is made. • Require Participants to increase their Liquidity. • Cancel some of the transactions.
2.11.2 Responsibility
It is the responsibility of each Participant to manage its own Liquidity. SAMA has no responsibility to resolve gridlocks and has no liability for any steps taken by it to resolve gridlocks.
3 Overnight Covering
3.1 Overnight Covering
All intra-day debit balances on a Participant’s Account must be discharged by the end of each Operational Phase as stated in section 2.2 Debit Balances above.
The amount of the Overnight Covering must be rounded upwards to the nearest SAR 100, 000.00.
3.2 Charge
The failure by a SARIE Participant to reimburse the intraday credit at the end of the day for whatever reason shall render that Participant liable to the following penalties:
(a) If the Participant has a debit balance on its account at the end of the day for the first time within any 12-month period, then this Participant shall incur penalty interest calculated at a rate of three percentage points above the 3- month SIBOR on the amount of debit balance plus a surcharge of SAR 3,000.00;
(b) If the Participant has a debit balance on its account at the end of the day for the second time within the same 12-month period, then this Participant shall incur penalty interest calculated at a rate of six percentage points above the 3-month SIBOR on the amount of debit balance plus a surcharge of SAR 6,000.00;
(c) If the Participant has a debit balance on its account at the end of the day for at least the third time or greater within the same 12-month period, then the penalty interest and the surcharge shall be increased by three percentage points plus a surcharge of SAR 3,000.00 for each time additional to the last, that a debit position has occurred within this 12-month period.
Frequency of Occurrence Penalty Interest Rate Surcharge Frist time If the participant has a debit balance on its account at the end of the day for the first time within any 12-month period, then: This participant shall incur penalty interest calculated at a rate of three percentage points above the 3-month SIBOR on the amount of debit balance. SAR 3,000.00 Second time If the participant has a debit balance on its account at the end of the day for the second time within the same 12- month period, then: This participant shall incur penalty interest calculated at a rate of six percentage points above the 3-month SIBOR on the amount of debit balance. SAR 6,000.00 Third time onwands If the Participant has a debit balance on its account at the end of the day for at least the third time or greater within the same 12-month period, then: The penalty interest and the surcharge shall be increased by three percentage points plus a surcharge of SAR 3,000.00 for each time additional to the last that a debit position has occurred within this 12-month period. 3.3 Repayment
The full amount of the Overnight Covering, including the charge specified above, must be repaid by the participant at the start of the next business day.
4 Intra-day Debit Limit
4.1 The Limit
SAMA will decide the amount of the intra-day debit limit for each participant separately based on consideration of all relevant factors including, but not limited to, the Participant's flow of payments (both incoming and outgoing) through the SARIE system.
SAMA may instruct a Participant to review its intra-day debit limit at any time with a view to either increasing or decreasing the limit based on the flows of payment through the Participant’s SARIE account. Such instruction must be dealt with in a prompt manner and without undue delay.
4.2 Minimum Limit
The intra-day debit limit will not be less than the amount of SAR 50 million for which the Participant must provide the appropriate collateral specified in section 5 of this policy document.
4.3 Treasury Support Message
Treasury Support Message (TSM) is the only means to communicate with SAMA that can be used by a Participant with regard to requests for new or amended intraday debit limits.
The TSM is the primary means of communication with SAMA with regard to requests for Overnight Covering. A SWIFT message may be used as an alternative means of communication in emergency situations only.
5 Collateral
5.1 Eligible Collateral
The intra-day debit limit must be fully collateralised by eligible assets that a Participant has absolute ownership of free of any third party interests, which can be readily liquidated by SAMA and over which SAMA has jurisdiction.
The following table lists the eligible assets that are allowable as collateral:
Eligible Assets 1 Restrictions an use as Collateral Government Development Bonds 90% of the nominal value SAMA Bills 90% of the nominal value Murabaha 90% of the nominal value Sukuk and bonds guaranteed by MoF 2 85% of the nominal value 1 SAMA may in its sole discretion change its eligibility criteria at any time.
2 Ministry of Finance.5.2 Restrictions
The portion of a Participant’s eligible assets pledged as collateral for an intra-day debit limit may not be utilized for any other purpose. However, the Participant may use these eligible assets for the purpose of calculating their overnight Repo amounts with SAMA, so long as such Repo amounts do not reduce the amount set aside as Collateral.
5.3 Maturing Assets
On the maturity of the instruments which are pledged as collateral, the Participants must ensure that, either,
• They still have sufficient eligible assets to cover their intra-day debit limit, or, • Replace the maturing instruments with similar holdings of eligible assets in order to maintain sufficient cover for their intra-day debit limit, or, • Advise SAMA that they wish to reduce the amount of their intra-day debit limit.
In case of Participants not replacing the maturing instruments, SAMA may impose appropriate penalty fee.
5.4 No Charge
Intra-day debit balances will not incur interest or commission charges.
5.5 Available Funds
"Available Funds" in the SARIE system are calculated as follows:
Opening Credit Balance,
Plus
• Intra-day debit limit • Settled incoming payments in favor of the participant • The amount of any "direct entries” passed by SAMA, where the participant is the Credit party • Settled Direct Debit Requests where the participant is the “Sponsoring Bank”
Minus
• Settled outgoing payments by order of the participant • The amount of any "direct entries" passed by SAMA, where the participant is the Debit party • Settled Direct Debit Requests where the participant is the “Paying Bank”
Plus or Minus
• The result of any Clearing House participating in SARIE.
6 Letter of Undertaking
A Letter of Undertaking, in the format specified by SAMA, must be signed by each Participant and returned to SAMA. Such Letters of Undertaking have the effect of creating a first priority, perfected pledge over the eligible assets in favour of SAMA as collateral for the Participant’s intra-day debit limit sanctioned by SAMA for the purposes of the SARIE system. The Letter of Undertaking bestows on SAMA the right to sell or otherwise dispose of sufficient eligible assets to clear any unpaid debit balances in accordance with the SARIE ORR and this policy.
7 Glossary of Abbreviations
The following abbreviations are used in the text:
ORR Operating Rules and Regulations
SARIE Saudi Arabian Riyal Interbank Express
SIBOR Saudi Interbank Offered Rate
SWIFT Society for Worldwide Interbank Financial Telecommunication
TSM Treasury Support Message
Bank Fraud Committee
Over the years, the Bank Payment Fraud Committee has served well as a sub committee of the Bank Chief Operation Officer's Committee (BCOOC). The Mandate of the Committee was to discuss all fraud cases and operational issues related to payment cards.
With fraud in recent times gaining significance due to increased electronic banking, globilization, product sophstication, etc., most supervisors now recognize that a more strategic approach to manage and supervise fraud is required. Consequently, it was agreed both by SAMA and by the banks that there was a need for a forum to discuss all types of fraud. Therefore, it is now decided that the current Payment Card Fraud Sub Committee is to be replaced by an independent committee to be called the Fraud Committee effective Dec. 97.
Further, as a part of its strategy to combat fraud, SAMA is also taking other steps which includes an in-house developed software which consolidates banking system wide fraud related information provided by the banks to SAMA into a data base. From this data base, various fraud related report at various levels of aggregation can be extracted i.e. by fraud type, city, amount, timing, etc. SAMA plans to distribute these reports to the banks to aid them in their combat against fraud. In ths regard, SAMA is also reviewing various options related to installing a central fraud management system which would be designed to assist SAMA and the banks to jointly manage and combat fraud.
Consequently, SAMA as a part of its overall strategy to combat fraud is planning to institute a bank fraud committee on the following basis.
* A full fledged Bank Fraud Committee would be formed whose mandate would be to include all types of fraud related to a bank's operations. The next meeting is scheduled for 2.12.97 at the Institute of Banking. * Each bank would be represented by one permanent representative who would be directly involved in fraud management and or investigation at their respective bank. This person will be selected by the bank and may be the internal auditor, compliance officer, or any other senior official of the bank concerned with fraud management. This permanent representative could be accompanied by a maximum of two individuals to aid him at the Committee's deliberations on th particular fraud issue being descussed. These individuals may vary in accordance with the nature and type of fraud being discussed. * The Committee would meet on a monthly basis.
If you have any question please don't hesitate to call Ali Al-Ghaith (466-2440) or Abbas Hassan (466-2526)
Terms of Reference for a Fraud Committee
The attached represents Terms of Reference for a Fraud Committee. This document is to be used as a tool to enhance the effectiveness of the Committee members and will be updated and further refined as more experience is gained. In this respect feel free to communicate your comments to SAMA.
Fraud Committee
1. Background
Banking business has become increasingly complex and banks now take many different type of risks. Included in this profile of risk also includes fraud which relates to physical losses and is generally covered under operational risk. The consultative paper entitled "Core Principles for Effective Banking Supervision" by the Basle Committee in April 1997 has also appropriately recognized risk management which includes operational risk as its core principle # 13.
In this regard. SAMA has recently issued (June 1997) a document entitled "The Management of Operational Risk through Appropriate Insurance Schemes". SAMA expects that all Saudi banks will adopt and implement the key features of this document in their internal management system with the objective that all related risks are systematically identified and controlled through management action.
Potential for fraud is likely to increase with the advent of technology and as banks venture further into new products and services, geographical areas and markets. Further, it is certain that Saudi banks are increasingly affected by the continuing momentum of global automation, inflow and outflow of pilgrims, internationalization of markets and the advent of sophisticated products.
In view of these challenges, the Agency decided a few years ago to structure various Bank Committees under its auspices, for providing mechanism where all Saudi Banks could assemble, deliberate and discuss common issues and concerns. One of the committees being proposed is the Fraud Committee.
Given the significance and underlying importance of regulating and supervising fraud, the Agency wishes to give this committee the posture it deserves. Therefore this committee is going to be an independent Banking Committee, whose chairman and his other senior members would liaise, discuss and deliberate matters of mutual interest related to fraud with senior SAMA officials. The Committee subject to SAMA's approval would be entitled to appoint specific sub committees accountable to it in all respect.
At this committee meetings, representatives of the banks will share their experiences with respect to fraud, provide the bank's point of view for resolving common problems, as well as providing inputs to SAMA for framing supervision policy.
Major types of fraud include:
1. Money laundering 2. Forgery 3. Counterfeit currency 4. Electronic crimes
* ATM * Payment Cards * Commercial Services
* Cash Management Services * Electronic Data Interchange
* Retail Electronic Banking
5. Employee fraud
Further, sub committee may be formed in order to afford a sharper focus on specific fraud types such as employee frauds, payment card and Technology fraud, etc., and at the same time to address other constraints such as confidentiality, timing and scheduling, etc.
2. General Objectives and Mandate of the Committee
1. Issues must focus on areas which are in the interest of the long term management and containment all types of fraud occurring in the banking system, as well as enhance control, efficiency and supervision. 2. Committee members are expected to jointly identify, analyze and discuss all bank related fraud cases and issues pertaining to their respective bank's experience. Those internal fraud cases which may be sensitive may not be discussed in detail, however, the lesson learnt from such cases in a general sense should be brought to the forum. 3. Effective policies, process and procedures are implemented to detect, control and report frauds of all types. 4. Discussions must be hild in an organized and democratic manner to ensure all viewpoints are aired and objectives of the Committee are achieved. 5. The Committee is expected to keep itself abreast of all international and local development in relation with (i) occurrence of major fraud (local and international) (ii) current responses by the international banking community to response to such fraud including technological developments.
3. SAMA's Role and Responsibility
1. SAMA would normally nominat senior officers as its representatives to attend fraud committee meetings. They would act as ovservers in such forums. 2. SAMA would respond to issues raised and proposals put forward by banks at its own discretion within a reasonable span of time. These proposals should normally reflect the position of all fraud committee members, and in their own rights be comprehensive and of sufficient overall quality with respect to depth and breadth to facilitate SAMA policy makers to recommend appropriate policy responses. 3. SAMA representatives are to ensure that to the extent possible, banks are appraised of SAMA policies, directives and viewpoint on issues. Where possible SAMA representatives will put forward the constraints and concerns of other government ministries. Their effort would be to enable the committees to work in a positive and efficient manner. 4. The meetings are to be conducted with the full knowledge of SAMA and the minutes of Committee meetings to be taken by the secretary of the Committee. These minutes are to be approved by SAMA before being issued. 5. Keep itself abreast of all international regulatory and prudential developments related to operational risks, fraud, etc.
4. Bank's Role and Responsibilty
Each bank should nominate, select and appoint its representatives with proper fraud background related to the Committee's mandate. These individuals are responsible for the following;
1. Keep themselves abreast and aware of all the fraud related rules and regulations issued by SAMA. 2. To bring to the attention of the Committee the relevant issues and concerns of their bank which require support from other banks as an agenda item for discussion. 3. To bring to the attention of their bank's relevant management, the deliberation at such meetings of the various matters identified in the agenda and bring any responses thereto from their management to the Committee which may be of interest to the Committee as a whole. 4. To discuss and deliberate in an open, positive and democratic manner under the guidance of the Chairman. 5. Keep themselves abreast of major development in fraud management both locally and internationally. 6. Report all fraud to SAMA and discuss at the Fraud Committee. 7. Should a particular fraud case, of an internal nature represent a potential embarrassment to a member bank, the bank should discuss the case at the committee level in general terms by not disclosing any particular identities and focusing on the lessons learnt.
5. Committee Officials
Fraud Committee would have the following official with a term of 1 year each. However, it could be made longer by a unanimous decision of the Committee with SAMA's approval.
Chairman
It is the responsibility of the Committee's Chairman who will determine its effectiveness and success because he would normally set its tone, agenda and style. His responsibilities include but not restricted to the following:
1. Over-all planning of meetings including timings, venues, agenda items, etc. 2. Obtain approval from SAMA on minutes. 3. Liaising with SAMA officials, internal and external to the Committee, to do follow-ups on outstanding agenda items, improving the functionality, mandate and objectives of the Committee. 4. Maintain a professional and effective style and attitude amongst the members of the Committee. 5. Determine strategies and priorities for the Committee and in implementing new proposal amongst the banks most efficiently. 6. Solicit and develop new ideas in order to activate and improve on the mandate of the Committee. 7. Improve and develop the terms of reference document of the Committee in making it more effective and efficient. 8. At the beginning of each term (every September), the chairman of the committee will submit an update term of reference document to SAMA, outlining its objectives and mandate, significant and key agenda items and priorities for the coming year. 9. Decide at the Committee level if external consultants are necessary in providing input to a proposal. Final approval for such appointments to be given by SAMA.
Vice Chairman
The Vice Chairman shall assist in any way the Chairman in discharging his role and responsibilities as described above. He will be there to officiate instead of the Chairman during his absence or early termination.
The Secretary
The secretary's main responsibility would be to take and maintain minutes and obtain SAMA's approval in a reasonable span of time. The minutes must normally be prepared and submitted to SAMA for its approval within one week after the meeting. SAMA is expected to approve the minutes under normal circumstances within one week after their receipt.
6. Types, Nature and Scope of Fraud to be Discussed as Agenda Items at the Committee
It is fully recognized in the interest of internal and external confidentiality, that it would not be easy for banks to air the incidence of all frauds occurring within their bank specifically if it is involving senior officias. In such cases, the banks should discuss the lessons learnt, without detailing any particular personalities or embarrassing details. Consequently, the Agenda, as is the case amongst other banking committees, would be driven by the banks followed by SAMA's approval. Therefore, the banks should plan to bring all fraud cases to the forum keeping in view the overall objective being of exchanging relevant and mutually beneficial information with a view to educate each other and to deliberate on and discuss fraudulent cases.
The natural benefit for all banks would be to contain fraud. Consequently, the overall success, measured in terms of what the banks get out of this forum in managing fraud, would be totally contingent on the nature and level of commitment by the banks in exchanging and deliberating with each other their expertise, wisdom and experiences.
In general, what has to be recognized is that this forum is not a reporting mechanism for banks but a mechanism to gain form each other, in the quest to manage fraud, via descussions and deliberation of common, relevant and significant experience
7. Quality of Proposals to SAMA
The proposals before being presented to SAMA need to be seriously thought through and documented by the Committees. Formal proposals outlining the nature of the fraud issue, existing and international practice to combat fraud, an analysis of the merits and demerits of the status quo and of the proposed changes should be submitted to SAMA by the Chairman of the Committee.
It would be the explicit and direct responsibility of the Chairman of the Committee to submit proposals of sufficient quality in terms of definition, scope, research, etc. to SAMA. What should be clearly understood that it is with the banks and not SAMA where the responsibility of the following lies with respect to proposals being submitted for SAMA's delibertion and approval.
1. The key issue of the proposal must be clearly defined. 2. The issue must have the backing of all banks i.e. a complete consensus. 3. The key problems or risks which have actually happened or are likely to manifest. 4. Alternatives available to respond to item 3. 5. Industry pracitices on the sbject issues in amjor jurisdiction such as UK, US, France, Germany, GCC, etc. 6. Recommended course of action and a coverage on it efficiency, economy and effectiveness aspects.
8. Proposal and Decision Making by the Committee
Discussions and deliberations by the Committee often serve as inputs for SAMA in combating fraud in the Kingdom. These discussions are concerned with either existing rules, regulations or practices or for contributing towards new ones.
It is expected by SAMA that not only is there a consensus on the proposals being submitted, but also there has been sufficient research and analysis carried out by the Committee members to ensure the smooth and practical application of the proposal to combat fraud in the Saudi banking system.
Committee decisions and proposals would normally be by consensus. However, in the case of dissent a majority vote would apply. No voting by proxy is permitted.
These proposals would be further studied by SAMA internally or SAMA may at its own discretion solicit external advice and help if necessary on the account of the banks. SAMA may after studying reject any propsal.
9. Selection and Termination of Committee Officials
Each committee must elect its own set of officials composed of the following offices:
1. Chairman 2. Vice Chairman 3. Secretary
The selection of each of these officials should take place every September and would be on the basis of a majority vote with the following constraints:
1. Each bank will have one vote. 2. No proxy vote to be accepted. 3. No individual can have the same specific within a span of three years. 4. All official appointments will be approved by SAMA should there be an unexpected departure for any reason of any of the officials of the Committee, before their regular tenure of 1 year, the Committee as a whole via a voting mechanism choose a replacement to serve until the end of the term.
Any official can be terminated under any of the following circumstances:
1. Unanimous decision by the Committee and SAMA's approval. 2. SAMA's sole discretion.
10. Size of the Committee
The size of the committee will be restricted to maximum of 3 memfers from each bank. Each bank will have one central permanent representative who is i) expected to come to all meetings in order to maintain continuity ii) coordinate with the other individuals (Max.2) who are to accompany him from the bank representing fraud case or issues to be discussed at a specific meeting as determined by the agenda. The idividuals chosen to be a permanent representative will be the one who is an closest to managing fraud at any bank and may be the internal auditor, compliance officer, fraud manager, etc.
11. Confidentiality
Discussion of fraud, its implications and other ramifications in front of a forum is never easy. Consequently, all deliberations, agenda items, decisions, notifications, etc. are to be strictly confidential. However, all banks must realize that all fraud to the fullest extent possible must be reported and discussed (if material). This is because fraud is not a competitive situation, in that a joint effort in deliberating on lesson learnt to manage fraud is the underlying objective.
Under certain circumstances, banks may communicate with each other outside the committee on an individual basis and not via a formal committee, if it is deemed in their professional judgment that it would be in the best interest of the banking system.
Fraud related to employees and particularly senior management would require discretion. However, under such event, it is expected that banks may consult with SAMA, and may just discuss the key lessons learnt without disclosing any embarrassing details.
12. Follw-Up Team
For all major items deemed to be significant by the Chairman, the Chairman in conjunction with SAMA, will appoint two individuals from the Committee to maintain a follow-up on items pending resolution over an unreasonable time span. Such delays may emanate from any of the following situations:
1. The quality of the proposal in terms of its formatting, documentation, research, clarity, description, reasonableness, etc. 2. Absence of relevant SAMA executives to give a decision. 3. Protracted process at SAMA involving opinions, approvals from other relevant government bodies, etc.
It is expected that these individuals will maintain a follow-up contact with the relevant SAMA officials and provide up update on these issues to the Committee.
13. Sub-Committees
In order to ensure that issues and proposals are thoroughly deliberated upon, the Chairman of a committee, may at his discretion, but with SAMA's approval appoint a Sub-committee. These Sub-committees would be headed by a Chairman who would have an accountability and responsibility relationship with the Chairman of the main Committee for the terms of reference, reporting, agendas and timing.
A summarized "Guidelines for Banking Fraud Committees" is attached for easy reference and implementation.
Appendix-1 SAMA Guidelines for Banking Fraud Committee
1. Each Bank is required to nominate one permanent representative to the Committee. The representative should be of an appropriate level within the bank and should have the appropriate knowledge and skills in reference to fraud and its proper management in order to contribute to the proceedings of the Committee. He should also be in a position to make commitments on behalf of the bank and in contributing to the work and decisions of the Committee. The permanent representative would be accompanied by other bank individuals (Max.2) where specific areas of fraud are on the agenda. 2. Each bank must be represented at each of the Committee meetings. The bank representative(s) is responsible for communication of the proceedings of the meetings, to the relevant personnel within their bank including to the managing directors or the general managers. 3. Fraud Committee must elect a Chairman, Vice Chairman and Secretary (Committee Officials). The term of the Chairman, Vice Chairman and Secretary will normally last for one year but could be longer by a unanimous decision of the Committee. 4. The Chairman of Fraud Committee must ensure that all banks participate fully and meets their responsibility to act as Committee Officials. 5. All banks must be represented in all meetings. Attendance records must be maintained. 6. SAMA will nominate its own staff to attend meetings. 7. In circumstances where the Chairman cannot attend the meeting, the Vice Chairman will act as Chairman. 8. In circumstances where any Fraud Committee official resigns during his term, the Committee must choose a replacement to serve until the end of the term. 9. Minutes must be taken at each meeting of the Fraud Committee. The minutes for each committee meeting must be submitted to SAMA in a draft form for approval before circulation to the full membership of the Committee. 10. Fraud Committee meetings should normally be held at the Institute of Banking Bankers Club or at SAMA Head Office. Sub-committee meetings may be held at other locations. 11. From time to time, Sub-committees may be formed. The Chairman of the main committee may at his discretion delegate the Chair of the sub-committee to another member of the Committee. The sub-committee is fully accountable to the main committee. Proposals to SAMA must be voted upon and made via the main Fraud Committee. 12. Fraud Committee decisions and proposals will normally be governed by consensus. In the case of dissent, a majority vote will apply. Banks are not permitted to vote by proxy. 13. Issues to be discussed in a Committee meeting could originate from the banks, SAMA and other sources. When bank representatives agree by a consensus they shall raise the issue as proposals to SAMA. 14. Proposals made by the Fraud Committee to SAMA must be fully documented and must outline the issues, contain a detailed analysis of the merits and demerits including supporting documentation such as international best practice and the recommendations made by the committee. Proposals requiring major changes in policies or commitment of significant resources must be channeled through the Managing Directors' Committee to ensure their approval.
It, therefore, follows that central banks by managing operational risks, also attempt to manage or prevent fraud. This is achieved by central banks instituting proper internal control processes and procedures to ensure asset safeguard and prudential banking practices.
Some of practices and policies adopted by central banks exclusive of their joint and combined efforts with other central banks include the following:
1. Policies and procedures prescribing strong internal controls. 2. Rules pertaining to Audit Committees. 3. Engaging external auditors and other consultants to ensure that proper controls are in place to combat fraud. 4. Operational risk manuals. 5. Training. 6. Coordination with other law enforcement agencies.
II. Fraud Can Take Various Forms:
1. Money Laundering
Money is laundered today through banks at substantial amounts involving billions of dollar and spans a large number of banks. It is used to conceal criminal activity related to it. Banks today have become major targets in laundering operations because they provide a variety of instruments such as bank drafts, travelers cheques, wire transfers, etc. that can be used to conceal the source of ill-acquired money.
Because of the on-going sophistication in money laundering and the complexities brought in due to banking automation, many international organizations like the United Nations, Basle Committee on Banking Surevision have issued rules and regulations.
1 . The 1988 Un Convention (Vienna Convention), Against Illicit Traffic in Narcotics and psychotropic substances. 2. Financial Action Task Force (FATF). Formed at the economic summit of major industrialized countries in 1989. 40 recommendations were promulgated. 3. European Community (EC). This directive went into effect on 1 january 1993 and each member state has ratified it. 4. Prevention of criminal use of the banking system for the purpose of money laundering by the Basle Committee (1988).
2. Forgery
Forgery is the second largest area of operational exposure according to a 1993 study on fraud done by the international public accounting firm of KPMG. Such types of fraud includes simple forgery of cheques and forgery of the come complex negotiable instruments such as LCs, promissory notes, bonds, etc.
Current document technology such as optical scanners, color laser printers and powerful desktop publishing software now allow creation of forgeries which are virtually undetected except by highly sophisticated means. Here central banks can assist by promoting the institution of tough anti-forgery laws, and rigorous internal control regimes requiring signature authentication and verification and other rule and regulation. Tough anti-forgery laws are already in place in the Kingdom.
3. Counterfeit Currency
There are two major trends developing internationally which expose banks to this type of fraud.
1. Technology, As with forgery, new technology is also facilitating this type of fraud with new document processing technology. 2. Organized Crimes. Many international organizations are involved in supporting large scale counterfeiting operations directed against mainly US dollars. This bogus currency is of extremely high quality and is virtually undetectable by even experienced people.
Central banks respond to the above with technology by redesigning and incorporating various anti-counterfeit features.
4. Electronic Crime
Electronic crime represents the fastest growing form of fraud facing banks. Technology has resulted in increased exposure to financial loss (i.e. by alteration of a state of indebtedness) by gaining illegitimate access to computer records. However, there has been reduced risk of physical loss, i.e. theft of cash and other monetary assets. For example, in an EFT environment, cash holdings are drastically reduced, which serves to reduce physical risk. In general, risk of electronic crime presents 4 major areas:
1. ATMs 2. Credit Cards 3. Point of Sale 4. Commercial Services
* Cash managment services * Electronic data interchange
5. Retail Electronic Banking
* Telephone bill payments * PC-based home banking
Such types of fraud can be combated by the institution of strong internal controls procedures in an electronic environment. These mainly include high technology security controls at the input, processing, recording and programming levels. Central banks institute such controls to maintain the safety and soundness of the banking system. The most common type being inserting false instructions into the bank's system with the intent to divert funds.
5. Insiders Infidelity
One of the most common type of frauds bing committed involving substantial amounts are insiders (employees, officers, directors, shareholders, etc.) who can in concert with outsiders (members of national and international networks) act individually or collectively to defraud bank. A prime examples of insider fraud has been the savings and loans (S&L) crisis. One of the greatest factors contributing to this crisis was insider fraud where via false indebtedness or funds were diverted for the benefit of the owners. Other such examples include BCCI. DAIWA, Baring Brothers, etc.
III. Development in SAMA
Saudi Arabia already has some of the toughest laws to combat frauds related to drug trafficking and an international reputation that it is a hostile environment for such activities.
Notwithstanding, SAMA as the central bank and as a regulator of the Saudi banking system has also instituted a number of policy measures to combat fraud in the Saudi banking system. More to the point, these measures provide specific guidance to the banks in their aim to combat bank-related frauds.
Improved Internal Controls in The Banking System
The Agency has taken various steps to enhance and strengthen the internal control systems at the banks. Such controls are in place to ensure asset safeguard, prudential running of the banks, integrity of financial information and bonafide authorization of transactions. These controls ensure smooth operations of the banks and provide for safeguard against fraud.
These measures include the following:
1. The management of operation risk though appropriate insurance schemes. 2. Issuance of Internal Control Guidelines by the Agency.
These guidelines provide for the enhancement and standardization of control systems to ensure that assets specifically liquid assets such as cash and other negotiable instruments are safeguarded.
It is well known fact that there is overwhelming pre-dominance of fraud related to cash, travelers cheques, ATM cash, etc. Committed by employees and non-employees. Further, recovery of assets lost due to internal or external fraud is remarkably low. Consequently, the institution of sound internal controls is indispensable to prevent fraud.
3. Issuance of Accounting Standards for Commercial Banks.
The Agency has also issued accounting standards to ensure bonafide accounting measurement, recording, treatment and reflection of transactions as a measure to prevent fraud.
Efficient accounting records are again essential to manage and prevent frauds of various types. These controls relate to asset safeguard, authorization of transactions and to ensure general safety and soundness of banks.
4. Issuance of a Manual entitled "Rules for Minimum Physical Security Procedures for Saudi Banks"
The Agency has issued "Rules for Minimum Physical Security Procedures for Saudi Banks." These have been issued to improve the physical security controls of banks.
The manual contains minimum requirements and standards for security as described below:
1. Minimum requirements for security systems. 2. Standards for corporate security manual. 3. Minimum requirements for physical security. 4. Cash in transit procedures. 5. Security guards work instructions.
5. Other Support Manuals And Documents
1. Guidelines for the prevention of fraud. This guideline provides a coverge on the steps to be taken in the event of a fraud including collaboration with law enforcement agencies. 2. Guidelines for the prevention of money laundering. This guideline is a state-of-the-art document and has been composed after consulting various internationally known standards and documents. The Agency has very rigorously pursued this type of fraud in the Kingdom.
6. Rules And Regulation Pertaining to Audit Committees.
7. On-site Inspections
The Agency's inspection department performs periodic on-site inspection of banks, as circumstances warrant it, to ensure the detection of fraud and also to ensure that the following attributes which are again related to fraud are in place.
1. Assets are safeguarded. 2. Proper internal controls and accounting and other records exist and are functioning to detect fraud. 3. The banks are running in a prudent manner consistent with the objective of safty and soundness. 4. Transactions are authorized, recorded and re-valued.
Further, such on-site inspections also reveal if improvements can be made in meeting the above subjects.
8. Manuals under Study
The following manuals and guidance documents are in the final stages of their completion.
1. Requirements to have compliance officers to guard against operational risks.
9. Cooperative Procedures with Various Constituencies
1. With Bank's management. The Agency has defined procedures related to coordination and cooperation with the bank's managment in the event of an incidence of fraud to provide for an effctive deterrent. This entails proper recording of facts, analysis and appropriate steps to be taken. 2. With law enforcement agencies. The Agency also cooperates with different law enforcement agencies in investigation frauds, forgeries and counterfeit currencies.
11. Training Programs for Law Enforcement Agencies
The Agency also conducts training programs for law enforcement agencies in relation with economic and financial crimes. For example, SAMA has conducted a six-week training program for the security forces.
12. Fraud Reporting System
* The agency has developed a central fraud data base wherein each bank every six months report their various fraud cases. A central fraud database covering all of the significant facts and analyses has been developed to provide support in framing policies and in investigating cases. Various reports can be extracted from this data base which are planned to be distributed to all the bank. * SAMA is reviewing various options to develop a fraud management and investigation system which is planned to provide for a data base to aid in supervising and managing fraud.
13. Electronic Fund Transfer Project
SAMA has instituted the EFT system in the Kingdom. This again serves to reduce exposure to physical loss of assets, i.e. cash as there would be a reduced need to hold large amounts of cash at the branches and the need to physically transport it.
14. Embezzlement, Fraud, And Money Laundering Section
This is a special unit in the banking inspection department which has been established to conduct studies and research on all aspects of fraud, i.e. current developments, impact of technology, new types of fraud, etc.
This special unit also assists in conducting investigations and analysis on all types of fraud cases under investigation by the Agency.
15. Reporting of Fraud by The Banks to SAMA
* Banks are expected to report all fraud cases to SAMA at the time it is detected. * Banks are expected to provide summarized updates on all fraud cases.
Procedures for Dealing with the Weak Parties in the Field of Combating AML&CTF
FATF Public Statement, 18 October 2013
Paris, 18 October 2013 - The Financial Action Task Force (FATF) is the global standard setting body for anti-money laundering and combating the financing of terrorism (AML/CFT). In order to protect the international financial system from money laundering and financing of terrorism (ML/FT) risks and to encourage greater compliance with the AML/CFT standards, the FATF identified jurisdictions that have strategic deficiencies and works with them to address those deficiencies that pose a risk to the international financial system.
Jurisdictions subject to a FATF call on its members and other jurisdictions to apply counter-measures to protect the international financial system from the on-going and substantial money laundering and terrorist financing (ML/TF) risks emanating from the jurisdictions.
Iran
Democratic People's Republic of Korea (DPRK)
Jurisdictions with strategic AML/CFT deficiencies that have not made sufficient progress in addressing the deficiencies or have not committed to an action plan developed with the FATF to address the deficiencies. The FATF calls on its members to consider the risks arising from the deficiencies associated with each jurisdiction, as described below.
Algeria
Ecuador
Ethiopia
Indonesia
Kenya
Myanmar
Pakistan
Syria
Tanzania
Turkey
Yemen
Vietnam is now identified in the FATF document, "Improving Global AML/CFT Compliance: On-going Process" due to its progress in largely addressing its action plan agreed upon with the FATF.
São Tomé and Príncipe was earlier identified in the FATF's Public Statement. While São Tomé and Príncipe has made recent progress, its AML/CFT framework still contains a number of strategic deficiencies. Given the small size of this country‘s financial sector and its low impact on the international financial system, however, the FATF decided that São Tomé and Príncipe should continue to work closely with GIABA to address its remaining AML/CFT deficiencies.
Iran
The FATF remains particularly and exceptionally concerned about Iran’s failure to address the risk of terrorist financing and the serious threat this poses to the integrity of the international financial system, despite Iran’s previous engagement with the FATF and recent submission of information.
The FATF reaffirms its call on members and urges all jurisdictions to advise their financial institutions to give special attention to business relationships and transactions with Iran, including Iranian companies and financial institutions. In addition to enhanced scrutiny, the FATF reaffirms its 25 February 2009 call on its members and urges all jurisdictions to apply effective counter-measures to protect their financial sectors from money laundering and financing of terrorism (ML/FT) risks emanating from Iran. The FATF continues to urge jurisdictions to protect against correspondent relationships being used to bypass or evade counter-measures and risk mitigation practices and to take into account ME/FT risks when considering requests by Iranian financial institutions to open branches and subsidiaries in their jurisdiction. Due to the continuing terrorist financing threat emanating from Iran, jurisdictions should consider the steps already taken and possible additional safeguards or strengthen existing ones.
The FATF urges Iran to immediately and meaningfully address its AML/CFT deficiencies, in particular by criminalising terrorist financing and effectively implementing suspicious transaction reporting (STR) requirements. If Iran fails to take concrete steps to continue to improve its CFT regime, the FATF will consider calling on its members and urging all jurisdictions to strengthen counter-measures in February 2014.
Democratic People's Republic of Korea (DPRK)
Since June 2013, the DPRK has continued to engage directly with the FATF and has engaged further with the APG. The FATF urges the DPRK to enhance its engagement with the FATF to agree on an action plan to address its AML/CFT deficiencies.
The FATF remains concerned by the DPRK’s failure to address the significant deficiencies in its anti-money laundering and combating the financing of terrorism (AML/CFT) regime and the serious threat this poses to the integrity of the international financial system. The FATF urges the DPRK to immediately and meaningfully address its AML/CFT deficiencies.
The FATF reaffirms its 25 February 2011 call on its members and urges all jurisdictions to advise their financial institutions to give special attention to business relationships and transactions with the DPRK, including DPRK companies and financial institutions. In addition to enhanced scrutiny, the FATF further calls on its members and urges all jurisdictions to apply effective counter-measures to protect their financial sectors from money laundering and financing of terrorism (ML/FT) risks emanating from the DPRK. Jurisdictions should also protect against correspondent relationships being used to bypass or evade counter-measures and risk mitigation practices, and take into account ML/FT risks when considering requests by DPRK financial institutions to open branches and subsidiaries in their jurisdiction.
******************************************
Algeria
Despite Algeria’s high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, Algeria has not made sufficient progress in implementing its action plan within the established timelines, and certain strategic deficiencies remain. Algeria should continue to work with the FATF and MENAFATF on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising terrorist financing; and (2) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets. The FATF encourages Algeria to address its deficiencies and continue the process of implementing its action plan.
Ecuador
Ecuador has taken important steps towards improving its AML/CFT regime, including the recent adoption by its National Assembly of amendments to the criminal code aimed at addressing deficiencies in Ecuador’s criminalisation of money laundering and terrorist financing, and regime for freezing terrorist assets; These amendments have yet to take effect. However, despite Ecuador’s important progress and high-level political commitment to work with the FATF and GAFISUD to address its strategic AML/CFT deficiencies, Ecuador has not made sufficient progress in implementing its action plan within the established timelines, and certain strategic deficiencies remain. Ecuador should continue to work on implementing its action plan to address these deficiencies, including by: (1) ensuring adequate criminalisation of money laundering and terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets; (3) implementing adequate procedures for the confiscation of funds related to money laundering; and (4) continuing to enhance co-ordination of financial sector supervision. In particular, Ecuador should move quickly to bring the recent amendments to the criminal code into force before the February 2014 FATF meetings, or the FATF will consider calling on its members to apply counter-measures proportionate to the risks associated with this jurisdiction at that time.
Ethiopia
Ethiopia has taken steps towards improving its AML/CFT regime. However, despite Ethiopia’s high-level political commitment to work with the FATF to address its strategic AML/CFT deficiencies, Ethiopia has not made sufficient progress in implementing its action plan within the agreed timelines, and certain strategic AML/CFT deficiencies remain. Ethiopia should continue to work on implementing its action plan to address these deficiencies, including by: (1) establishing and implementing an adequate legal framework and procedures to identify and freeze terrorist assets; and (2) improving customer due diligence measures. The FATF encourages Ethiopia to address its remaining deficiencies and continue the process of implementing its action plan.
Indonesia
Indonesia has taken steps towards improving its AML/CFT regime. However, despite Indonesia’s high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Indonesia has not made sufficient progress in implementing its action plan within the agreed timelines, and certain key CFT deficiencies remain regarding the establishment and implementation of an adequate legal framework and procedures for identifying and freezing of terrorist assets. The FATF encourages Indonesia to address these remaining issues, in compliance with international standards.
Kenya
Kenya has taken steps towards improving its AML/CFT regime, including by parliamentary approval of the Finance Bill, which amends the FT offence; however, this is still awaiting Presidential assent. Despite Kenya’s high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies, Kenya has not made sufficient progress in implementing its action plan within the agreed timelines, and certain strategic AML/CFT deficiencies remain. Kenya should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising terrorist financing; (2) ensuring a fully operational and effectively functioning Financial Intelligence Unit; (3) establishing and implementing an adequate legal framework for the identification and freezing of terrorist assets; and (4) implementing an adequate and effective AML/CFT supervisory programme for all financial sectors. The FATF encourages Kenya to address its remaining deficiencies and continue the process of implementing its action plan.
Myanmar
Myanmar has taken steps towards improving its AML/CFT regime. However, despite Myanmar’s high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Myanmar has not made sufficient progress in implementing its action plan, and certain strategic AML/CFT deficiencies remain. Myanmar should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets; (3) further strengthening the extradition framework in relation to terrorist financing; (4) ensuring a fully operational and effectively functioning Financial Intelligence Unit; (5) enhancing financial transparency; and (6) strengthening customer due diligence measures. The FATF encourages Myanmar to address the remaining deficiencies and continue the process of implementing its action plan.
Pakistan
Pakistan has taken substantial steps towards improving its AML/CFT regime, including by issuing a Statutory Regulatory Order that addresses the definition of terrorism and an Anti-Terrorism Amendment Ordinance to establish procedures for the identification and freezing of terrorist assets. The FATF commends Pakistan for the issuance of the AntiTerrorism Amendment Ordinance, which came into force on 12 October 2013 and allows Pakistan to begin implementing its UNSCR 1373 obligations immediately. The FATF encourages Pakistan to begin implementing the ordinance expeditiously. However, the FATF has concerns regarding the temporary character of this ordinance, which will need to be converted into permanent legislation through the parliamentary process. The FATF therefore urges Pakistani authorities to take the necessary steps for swift ratification of the ordinance by its legislature. If Pakistan amends its Anti-Terrorism Act to incorporate the content of the ordinance before the February 2014 meetings, then the FATF will be able to authorise an on-site visit during its February 2014 meetings to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Syria
Syria has taken steps towards improving its AML/CFT regime, including by promulgating amendments to its AML/CFT Decree in July 2013. The FATF has not yet assessed these amendments to determine the extent to which they address the issue of providing sufficient legal basis for implementing the obligations under UNSCR 1373 and implementing adequate procedures for identifying and freezing terrorist assets. The FATF encourages Syria to address its remaining deficiencies and continue the process of implementing its action plan.
Tanzania
Tanzania has taken steps towards improving its AML/CFT regime. However, despite Tanzania’s high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies, Tanzania has not made sufficient progress in implementing its action plan within the agreed timelines, and certain strategic CFT deficiencies remain regarding the establishment and implementation of adequate procedures to identify and freeze terrorist assets. The FATF encourages Tanzania to address this remaining deficiency and continue the process of implementing its action plan.
Turkey
Turkey has continued to take steps towards improving its CFT regime, including by issuing a Council of Ministers’ Decree implementing UNSCRs 1267, 1988, and 1989. However, certain concerns remain, and Turkey should take further steps to implement an adequate legal framework for identifying and freezing terrorist assets under UNSCRs 1267 and 1373. Turkey should also continue to ensure that terrorist financing has been adequately criminalised. The FATF encourages Turkey to address the remaining strategic deficiencies and continue the process of implementing its action plan.
Yemen
Yemen has taken significant steps towards improving its AML/CFT regime, including by adopting and bringing into force amendments to its AML/CFT Law. The FATF has not assessed these amendments due to their very recent nature, and therefore the FATF has not yet determined the extent to which they address any of the following issues: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets. The FATF urges Yemen to address its remaining deficiencies and continue the process of implementing its action plan.
Improving Global AML/CFT Compliance: On-Going Process, 18 October 2013
Paris, 18 October 2013 - As part of its on-going review of compliance with the AML/CFT standards, the FATF has to date identified the following jurisdictions which have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF. While the situations differ among each jurisdiction, each jurisdiction has provided a written high-level political commitment to address the identified deficiencies. The FATF welcomes these commitments.
A large number of jurisdictions have not yet been reviewed by the FATF. The FATF continues to identify additional jurisdictions, on an on-going basis, that pose a risk to the international financial system.
The FATF and the FATF-style regional bodies (FSRBs) will continue to work with the jurisdictions noted below and to report on the progress made in addressing the identified deficiencies. The FATF calls on these jurisdictions to complete the implementation of action plans expeditiously and within the proposed timeframes. The FATF will closely monitor the implementation of these action plans and encourages its members to consider the information presented below.
Afghanistan Cuba Nicaragua Albania Iraq Sudan Angola Kuwait Tajikistan Antigua and Barbuda Kyrgyzstan Vietnam Argentina Lao DPR Zimbabwe Bangladesh Namibia Cambodia Nepal
Jurisdictions not making sufficient progress
Mongolia
Jurisdictions no longer subject to the FATF’s on-going global AML/CFT compliance process
Morocco
Nigeria
Afghanistan
In June 2012, Afghanistan made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Afghanistan should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (3) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; (4) establishing and implementing adequate procedures for the confiscation of assets related to money laundering; (5) establishing a fully operational and effectively functioning Financial Intelligence Unit; and (6) establishing and implementing effective controls for cross-border cash transactions. The FATF encourages Afghanistan to address its deficiencies and continue the process of implementing its action plan.
Albania
In June 2012, Albania made a high-level political commitment to work with the FATF and MONEYVAL to address its strategic AML/CFT deficiencies. Since then, Albania has taken steps towards improving its AML/CFT regime, including by parliamentary approval of new legislation aimed at addressing deficiencies in the regime for freezing terrorist assets. However, the FATF has yet to review the new legislation and certain strategic AML/CFT deficiencies remain. Albania should continue to work on implementing its action plan to address these deficiencies, including by: (I) ensuring that the new legislation establishes and implements an adequate legal framework for identifying, tracing and freezing terrorist assets; and (2) enhancing the framework for international co-operation related to terrorist financing. The FATF encourages Albania to address its remaining deficiencies and continue the process of implementing its action plan.
Angola
In June 2010 and again in February 2013 in view of its revised action plan, Angola made a high-level political commitment to work with the FATF to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Angola should continue to work on addressing these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing an adequate legal framework for the confiscation of funds related to money laundering and the identification and freezing of terrorist assets without delay; (3) ensuring an effectively functioning Financial Intelligence Unit; and (4) ensuring that appropriate laws and procedures are in place to provide mutual legal assistance. The FATF encourages Angola to address its remaining deficiencies and continue the process of implementing its action plan.
Antigua and Barbuda
Since February 2010, when Antigua and Barbuda made a high-level political commitment to work with the FATF and to address its strategic AML/CFT deficiencies, Antigua and Barbuda has made significant progress to improve its AML/CFT regime. Antigua and Barbuda has substantially addressed its action plan, including by: implementing procedures to identify and freeze terrorist assets; addressing secrecy provisions; and improving the overall supervisory framework for AML/CFT. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Argentina
In June 2011, Argentina made a high-level political commitment to work with the FATF to address its strategic AML/CFT deficiencies. Since June 2013. Argentina has taken steps towards improving its AML/CFT regime, including by issuing new regulations strengthening fit and proper tests for insurance and securities entities, and the Central Bank’s issuance of a regulation related to sanctions which the FATF will review. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Argentina should continue to work on implementing its action plan to address these deficiencies, including by: (1) addressing the remaining deficiencies with regard to the criminalisation of money laundering and freezing terrorist-related assets; (2) addressing the remaining issues for the Financial Intelligence Unit and suspicious transaction reporting requirements; and (3) further enhancing the AML/CFT supervisory programme for all financial sectors. The FATF encourages Argentina to address its remaining deficiencies and continue the process of implementing its action plan.
Bangladesh
Since October 2010, when Bangladesh made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Bangladesh has made significant progress to improve its AML/CFT regime. Bangladesh has largely addressed its action plan, including by: adequately criminalising money laundering and terrorist financing; establishing and implementing adequate procedures to identify and freeze terrorist assets; implementing adequate procedures for the confiscation of funds related to money laundering; ensuring a fully operational and effectively functioning Financial Intelligence Unit; improving suspicious transaction reporting requirements; and improving international cooperation. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Cambodia
In June 2011, Cambodia made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. Since June 2013, Cambodia has taken steps towards improving its AML/CFT regime, including by strengthening operational functions of its Financial Intelligence Unit. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Cambodia should continue to work on implementing its action plan to address these deficiencies, including by: (1) establishing and implementing adequate procedures to identify and freeze terrorist assets; (2) ensuring an effectively functioning Financial Intelligence Unit; and (3) establishing and implementing effective controls for cross-border cash transactions.
The FATF encourages Cambodia to address its remaining deficiencies and continue the process of implementing its action plan.
Cuba
In February 2013, Cuba made a high-level political commitment to work with the FATF and GAFISUD to address its strategic AML/CFT deficiencies. Since June 2013, Cuba has taken steps towards improving its AML/CFT regime, including by issuing regulations which improve provisions for customer due diligence and suspicious transaction reporting. Cuba has recently issued instruction 31/2013, aimed al further detailing the procedures for freezing of terrorist assets. Due to the recent nature of this instruction, the FATF is currently reviewing it. Cuba has also constructively engaged with GAFISUD. However, the FATF has determined that certain AML/CFT deficiencies remain. Cuba should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets; (3) ensuring comprehensive customer due diligence measures and suspicious transaction reporting requirements; (4) ensuring a fully operational and effectively functioning Financial Intelligence Unit; and (5) ensuring that appropriate laws and procedures are in place with regard to international cooperation and mutual legal assistance. The FATF encourages Cuba to address its remaining deficiencies and continue the process of implementing its action plan.
Iraq
In October 2013, Iraq made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies. Iraq will work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (3) establishing effective customer due diligence measures; (4) establishing a fully operational and effectively functioning Financial Intelligence Unit; (5) establishing suspicious transaction reporting requirements; and (6) establishing and implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors. The FATF encourages Iraq to address its AML/CFT deficiencies by implementing its action plan.
Kuwait
In June 2012, Kuwait made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies. Since June 2013, Kuwait has taken steps towards improving its AML/CFT regime, including by issuing implementing regulations to the new AML/CFT law, and CDD Instructions by the Central Bank. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Kuwait should continue to work on implementing its action plan to address these deficiencies, including by: (1) establishing and implementing adequate procedures to identify and freeze terrorist assets; (2) ensuring a fully operational and effectively functioning Financial Intelligence Unit (FIU), in particular addressing the operational autonomy of the FIU; and (3) ensuring an effective regime where the financial institutions file suspicious transaction reports to the FIU. The FATF encourages Kuwait to address its remaining deficiencies and continue the process of implementing its action plan.
Kyrgyzstan
In October 2011, Kyrgyzstan made a high-level political commitment to work with the FATF and EAG to address its strategic AML/CFT deficiencies. Since then, Kyrgyzstan has taken steps towards improving its AML/CFT regime. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Kyrgyzstan should continue to work on implementing its action plan to address these deficiencies, including by addressing the remaining issues in: (1) the criminalisation of money laundering; (2) the framework for freezing terrorist assets; and (3) the AML/CFT supervisory programme. The FATF encourages Kyrgyzstan to address its remaining deficiencies and continue the process of implementing its action plan.
Lao PDR
In June 2013, the Lao PDR made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. The Lao PDR should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (4) establishing a fully operational and effectively functioning Financial Intelligence Unit; (5) establishing suspicious transaction reporting requirements; (6) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (7) establishing and implementing effective controls for cross-border currency transactions. The FATF encourages the Lao PDR to address its AML/CFT deficiencies continue the process of implementing its action plan.
Namibia
In June 2011, Namibia made a high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies. However, the FATF has determined that strategic AML/CFT deficiencies remain. Namibia should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising terrorist financing; and (2) establishing and implementing adequate procedures to identify and freeze terrorist assets. The FATF encourages Namibia to address its remaining deficiencies and continue the process of implementing its action plan.
Nepal
Since February 2010, when Nepal made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Nepal has made significant progress to improve its AML/CFT regime. Nepal has largely addressed its action plan, including by: adequately criminalising money laundering and terrorist financing; establishing and implementing adequate procedures to identify and freeze terrorist assets; implementing adequate procedures for the confiscation of funds related to money laundering; enacting and implementing appropriate mutual legal assistance legislation; ensuring a fully operational and effectively functioning Financial Intelligence Unit; and establishing adequate suspicious transaction reporting obligations for money laundering and terrorist financing. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Nicaragua
In June 2011, Nicaragua made a high-level political commitment to work with the FATF and CFATF to address its strategic AML/CFT deficiencies. Since then, Nicaragua has taken steps towards improving its AML/CFT regime, including by issuing Decree 21- 2013 regarding the freezing of terrorist assets and beginning issuing regulations for reporting parties to the FIU. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Nicaragua should work with the FATF and CFATF on implementing its action plan to address these deficiencies, including by: (1) ensuring effective customer due diligence measures and record-keeping requirements, in particular entities not currently regulated by the supervisory authority; (2) establishing adequate suspicious transaction reporting obligations for money laundering and terrorist financing; (3) implementing an adequate AML/CFT supervisory programme for all financial sectors; (4) ensuring a fully operational and effectively functioning Financial Intelligence Unit; and (5) ensuring adequate procedures for identifying and freezing terrorist assets. The FATF encourages Nicaragua to address its remaining deficiencies and continue the process of implementing its action plan.
Sudan
In February 2010 and again in June 2013 in view of its revised action plan, Sudan made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Sudan should continue to work on addressing these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) implementing adequate procedures for identifying and freezing terrorist assets; (3) ensuring a fully operational and effectively functioning Financial Intelligence Unit; (4) ensuring an effective supervisory programme for AML/CFT compliance; (5) improving customer due diligence measures; (6) ensuring that financial institutions are aware of and comply with their obligations to file suspicious transaction reports in relation to money laundering and terrorist financing; and (7) ensuring that appropriate laws and procedures are in place with regard to international cooperation and mutual legal assistance. The FATF encourages Sudan to address its remaining deficiencies and continue the process of implementing its action plan.
Tajikistan
In June 2011, Tajikistan made a high-level political commitment to work with the FATF and EAG to address its strategic AML/CFT deficiencies. Since June 2013, Tajikistan has taken steps towards improving its AML/CFT regime, including by issuing a new regulation on the freezing of terrorist assets. Due to the recent nature of this regulation, the FATF has not yet reviewed it, and certain strategic AML/CFT deficiencies remain. Tajikistan should continue to work with the FATF and EAG on implementing its action plan to address these deficiencies, including by: (1) ensuring adequate procedures for freezing terrorist assets; (2) implementing adequate procedures for the confiscation of funds related to the full range of money laundering predicate offences; and (3) addressing the remaining issues relating to customer due diligence measures. The FATF encourages Tajikistan to address its remaining deficiencies and continue the process of implementing its action plan.
Vietnam
Since October 2010, when Vietnam made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Vietnam has made significant progress to improve its AML/CFT regime. Vietnam has largely addressed its action plan, including by: adequately criminalising money laundering and terrorist financing; establishing and implementing adequate procedures to identify and freeze terrorist assets; improving the overall supervisory framework; improving and broadening customer due diligence measures and reporting requirements; and strengthening international co-operation. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously identified by the FATF.
Zimbabwe
In June 2011, Zimbabwe made a high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies. Since June 2013, Zimbabwe has taken steps towards improving its AML/CFT regime, including by issuing new regulations aiming to implement obligations under UNCSRs 1267 and 1373. The FATF has not yet finalised the review of these regulations. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Zimbabwe should continue to work on implementing its action plan to address, these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets; (3) ensuring a fully operational and effectively functioning Financial Intelligence Unit; (4) ensuring that financial institutions are aware of and comply with their obligations to file suspicious transaction reports in relation to money laundering and the financing of terrorism; and (5) enacting and implementing appropriate mutual legal assistance legislation. The FATF encourages Zimbabwe to address its remaining deficiencies and continue the process of implementing its action plan.
Jurisdictions not making sufficient progress
The FATF is not yet satisfied that the following jurisdiction has made sufficient progress on its action plan agreed upon with the FATF. The most significant action plan items and/or the majority of the action plan items have not been addressed. If this jurisdiction does not take sufficient action to implement significant components of its action plan by February 2014, then the FATF will identify this jurisdiction as being out of compliance with its agreed action plan and will take the additional step of calling upon its members to consider the risks arising from the deficiencies associated with the jurisdiction.
Mongolia
The FATF takes note that Mongolia has taken steps towards improving its AML/CFT regime, including by issuing regulations to establish and implement adequate procedures to identify and freeze terrorist assets. Despite Mongolia’s high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, the FATF is not yet satisfied that Mongolia has made sufficient progress in improving its AML/CFT regime, and certain strategic AML/CFT deficiencies remain. Mongolia should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing adequate procedures for the confiscation of funds related to money laundering; and (3) demonstrating effective regulation of money service providers. The FATF encourages Mongolia to address its remaining deficiencies and continue the process of implementing its action plan.
Jurisdictions no longer subject to the FATF's on-going global AML/CFT compliance process
Morocco
The FATF welcomes Morocco’s significant progress in improving its AML/CFT regime and notes that Morocco has established the legal and regulatory framework to meet its commitments in its Action Plan regarding the strategic deficiencies that the FATF had identified in February 2010. Morocco is therefore no longer subject to FATF’s monitoring process under its on-going global AML/CFT compliance process. Morocco will work with MENAFATF as it continues to address the full range of AML/CFT issues identified in its Mutual Evaluation Report.
Nigeria
The FATF welcomes Nigeria’s significant progress in improving its AML/CFT regime and notes that Nigeria has established the legal and regulatory framework to meet its commitments in its Action Plan regarding the strategic deficiencies that the FATF had identified in February 2010. Nigeria is therefore no longer subject to FATF’s monitoring process under its on-going global AML/CFT compliance process. Nigeria will work with GIABA as it continues to address the full range of AML/CFT issues identified in its Mutual Evaluation Report.
Exposure Draft of Guiding Principles on Governance for Islamic Collective Investment Scheme
Acronyms
BCBS Basel Committee on Banking Supervision BOD Board of Directors CIS Collective investment scheme IAH Investment account holder IFRS International Financial Reporting Standard IFSB Islamic Financial Services Board ICIS Islamic collective investment scheme IIFS Institutions offering only Islamic financial services (excluding Islamic insurance/Takaful institutions and Islamic mutual funds) IOSCO International Organization of Securities Commissions IRR Investment risk reserve OECD Organisation for Economic Co-operation and Development PER Profit equalization reserve SSB Shari'ah Supervisory Board UCITS Undertakings for collective investment in transferable securities Preamble
1. In December 2006, the Islamic Financial Services Board (IFSB) issued its Guiding Principles for Corporate Governance of institutions offering only Islamic financial services (IIFS) - known as IFSB-3.1 In order to further strengthen the governance practice in the Islamic financial services industry (IFSl) with a broader view of promoting soundness and stability of the Islamic financial system, the IFSB Technical Committee during its meeting in Jeddah in December 2005 approved that the IFSB develops a second tier of its governance standard by focusing on collective investment schemes (CIS) which are claimed to be Shari’ah-compliant, sometimes referred to as Islamic unit trust, Islamic mutual funds or Islamic investment funds, depending on the jurisdiction.2
2. For the purpose of synchronizing key terminologies in this document in line with more internationally recognized standards for investment funds,3 the IFSB decides that the (erm "Islamic collective investment scheme" (ICIS) is more appropriate to be used for the rest of this document. In line with this premise, where appropriate, the key terminologies herein are defined and adapted accordingly.4
3. As ICIS is primarily a capital market instrument, the standard would mark a first prudential standard developed by the IFSB in the area of Islamic capital market (ICM). In this respect, the standard has specific aims of complimenting the internationally recognized governance standards by reinforcing international best practices while addressing the specificities of ICIS. The IFSB recognizes that certain governance issues are of equal concern to all CIS, whether Islamic or otherwise. Therefore, this document will not attempt to reinvent the wheel by proposing a wholly new governance framework for ICIS. Instead, it would focus on filling the appropriate best practice gaps identified by the IFSB, particularly with regard to governance issues which are specific to ICIS.
4. The IFSB has carried out its own survey on ICIS. Its findings are quite consistent with the surveys conducted by the IOSCO on CIS;5 that - regardless of the diverse CIS framework applied in different jurisdictions - they still share many similar governance concerns, such as independence of oversight over CIS operators’ conducts and execution of fiduciary duties, transparency in disclosures of material information, etc. In the case of ICIS, the requirement to comply with the Shari’ah not only reinforces the call for good governance, but also influences the way governance structure and process shall be implemented. Therefore, the IFSB believes that existing applicable international principles in respect of good governance have not been found to contravene or be incompatible, in general, with Shari’ah rules and principles. Therefore, we hold the view that rigorous compliance with internationally accepted governance best practice is actually compatible and in line with objectives (maqasid) of the Shari’ah.
1 IFSB3 contains seven guiding principles for strengthening corporate governance of IIFS which complement the existing international corporate governance standards set by the Organisation for Economic Cooperation and Development (OECD) and the Basel Committee on Banking Supervision (BCBS). In addition to reinforcing especially focuses on the protection of investment account holders (IAH) and compliance with, Shari’ah) rules and principles, which are two Important specificities of IIFS.
2 For example, the Accounting and Auditing Organisation of Islamic Financial Institutions (AAOIFI), Financial Accounting Standard No. 14 includes a definition for "investment fund". The Dubai Financial Services Authority (DFSA) in its Collective Investment Law 2006 defines "Islamic fund". Meanwhile Banque du Liban in its Basic Circular no. 98 (2005) also defines "Islamic Collective Investment Schemes"
3 The International Organization of Securities Commissions (IOSCO) has, amongst others, established the Principles of Secunties Regulation 17-20 which relate to CIS. known as the CIS Core Principles. The European Council has issued directives on the coordinalion of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities, better known as the UCITS Directives
4 In particular. we have used IFSB-3, the IOSCO Public Documents (IOSCOPD), as well as the UCITS Directives as main references. Please refer to page 30.
5 See for example, IOSCOPD no 219, Examination of Governance for CIS Part I - Final Report. June 2006 and IOSCOPD no 222. CIS in Emerging Markets. July 2006..Definition of ICIS
5. Considering the diverse legal and regulatory framework for ICIS around the world and the rapid introduction of new ICIS products through sophisticated financial engineering and innovation, the IFSB faced a major challenge in forming an appropriate definition for ICIS. However, we acknowledge that "independence"6 of review and oversight, as well as integrity and transparency, cannot be judged solely based on whether the ICIS is established as a separate legal entity, nor simply by having its organs of governance from amongst non-executives. What is more important is an effective management of the conflicts, as well as the risks, encountered by the ICIS. Hence, in order not to miss the bigger picture, emphasis should be given on whether, when the collage of several fundamentals elements such as the nature of operation, risk profiles and strategic objectives of the fund’s set-up, as well as the nature of relationship between the fund and its investors, a fund can be concluded as an ICIS.
6. Therefore, for the purpose of this standard, ICIS is defined as “any structured financial scheme which:
(i) allows a pool of investors to contribute capital to a fund (whether the fund is in a corporate or contractual form) by subscribing to units or shares of equal value, This unit or share represents ownership claims to the assets of the fund (which can be financial or non-financial assets), and entitlement to profits or losses derived from those assets; (ii) are established and managed in accordance with Shari’ah rules and principles; (iii) may or may not be managed by the institutions that establish/sponsor them; and (iv) are financially independent of the Institutions that establish them, although they may or may net be separate legal entities Amongst others, an ICIS may take the form of.
(a) authorised open-ended funds that will redeem their units or shares, whether on continuous basis or periodically; (b) closed-end funds, whether those whose units or shares are tradable (in regulated or unregulated securities market), or untradable; (c) unit investment trust, contractual model and the European UCITS model; (d) an individual fund or as an umbrella fund (multiple compartment funds comprising various sub-funds); or (e) profit-sharing investment account (whether restricted or unrestricted) which fund is pooled in a form of a CIS and whereby each of the investment account holders (IAH) is governed by the same terms and conditions;
while still meeting the criteria of (i), (ii) and (iii).
7. However, our scope of ICIS shall exclude:
(i) funds which are not pooled in a form of a CIS, such as certain types of investment accounts which are not based on profit-sharing and treated more like capital guaranteed deposits;7 (ii) funds established by Islamic insurance/Takaful operators, as they constitute a different segment of the Islamic financial services industry and will be addressed by the IFSB in separate documents, and (iii) pension funds, as they are arguably a different specie from ordinary CIS,
6 While the definitions of "independence” lor directors, internal auditors and compliance functions, as well as for the SSB, may vary somewhat across different jurisdictions, arid are often reflected in regulations or supervisory standards, the Guiding Principles consider that the key characteristic of independence is the ability to exercise sound judgment after fair consideration of all relevant information and views without undue influence from management or inappropriate outside interests The extent to which supervisory authorities establish stnngent tests of either independence or non- independence for the respective organs of governance may depend, amongst other things, on the extent to which there is a party or parties who are in a special position to influence the IlFS in an abusive or manipulative manner. See also IFSB- 3.
7 This exemplifies how this standard differs from IFSB-3. Although IFSB-3 already contains governance principles which cater for the protection of IAH, it has not covered investment accounts which, when we analyze their fundamentals, clearly operate as ICIS. In other words. IFSB-3 does not cover investment accounts which have elements such as unitized subscriptions, and tradability of those units (whether in regulated or unregulated securities market), as dealt with in this standard.Scope of ICIS Governance
8. As highlighted by the IOSCO, the operation of CIS potentially entails conflicts between the interests of those who invest in CIS (CIS Investors) and those who organize and operate the CIS (CIS Insiders or CIS Operators)8 It must be borne in mind that the general goal is not to protect investors from suffering any market-driven toss, but rather to enable investors to understand the risks pertaining to investments in specific CIS. This would hopefully shield the CIS Investors from any loss due to misleading, manipulative and fraudulent practices, as well as malfeasance or negligence on the part of the CIS Insiders.
9. Accordingly, CIS Governance which is described as "a framework for the organization and operation of CIS that seeks to ensure that CIS are organized and operated efficiently and exclusively in the interests of CIS Investors (including both resident and potential investors), and not in the interests of CIS Insiders" is expected to minimize or otherwise address conflicts of interest and to ensure that the interests of well-informed investors in CIS are well protected and managed in the best conditions.
10. In the context of ICIS, good governance should further encompass:
(i) a set of organizational arrangements whereby the actions of the management of CIS Insiders are aligned, as far as possible, with the interests of its stakeholders, including the community (Ummah), guided by the objectives (maqasid) of the Shari’ah; (ii) provision of proper incentives for the organs of governance such as the Board of Directors, Shari’ah Supervisory Board (SSB) and management to pursue objectives that are in the interests of the stakeholders and facilitate effective monitoring, thereby encouraging ICIS to use resources more efficiently; and (iii) strict compliance with Shari’ah rules and principles.
11. The IOSCO recognizes that safe for the minor details, CIS are typically organized under two structures:
(i) contractual model -whereby the CIS as an investment fund only exist as a trust or contract between the operator and individual investors; and (ii) corporate model - whereby the CIS takes the form of investment companies, legally registered as corporations.
In certain jurisdictions, there could be found a CIS which is a hybrid of these two main models, thus the Hybrid Model.
12. However, in many of the IFSB member jurisdictions, the lOSCO's assumptions cannot be applied The IFSB notes that amongst others, in many member countries (although not all) there barely exists any fiduciary law or trust law, and there is rare presence of independent custodian/trustee corporations, Some countries also do not have laws that recognize the creation of special-purpose vehicle (SPV) companies. SPVs are commonly used amongst international ICIS sponsors as a legal strategy to protect the fund's assets and separate the insolvency risks between the fund itself and its sponsors; however, the lack of legal recognition over SPVs under the insolvency laws of some countries has usually forced ICIS Sponsors to establish such entities in other jurisdictions such as the Bahamas, Cayman Island and British Virgin Islands.
13. These have forced many supervisory authorities to form a CIS regime whereby banks play multiple-roles in the operation of the CIS, including sometimes custodian/trustee of the funds’ assets. Usually the external auditor will also become the administrator, as additional safeguards to retain investors’ confidence.
14. Therefore, depending on the structural form, a number of different entities, such as the regulators, investors, sponsors, managers, auditors, broker-dealers, board of directors/governors (BOD), trustees and depositaries, SSB, Self-Regulatory Organizations (SROs) and insurance funds can play a role in the ICIS Governance framework. However, each organ of governance can only be effective if they collectively execute their roles well and recognize the importance of complementing one another, In this respect, ICIS are expected to view compliance with these regulations from a holistic perspective
8 Please refer IOSCOPD-219 Correspondingly, in the ICIS set-up, the main potential conflicts would be between the interest of ICIS Investors (which include resident and potential investors) against (CIS Insiders or ICIS Operators For example, ICIS could be subject to the risk that ICIS Operators, although being legally committed to the fiduciary responsibilities of acting on behalf of the best Interests of ICIS Investors, will use the ICIS’s assets for their own gain to the detriment of ICIS Investors ICIS Operators could rid themselves of unattractive securities that they own by dumping them into the ICIS, or CIS Operators could obtain rebates from third parlies In connection with transactions for the CIS or could inaccurately value or Inflate their assets in order to avoid showing poor performances.
How to Use the Standard
15. This document contains five guiding principles (hereinafter collectively referred to as the Guiding Principles). The Guiding Principles are divided into four parts:
(i) Part I on general governance approach and Part II on transparency of disclosure reinforce the promotion of good governance practices as prescribed in other internationally recognized governance standards; (ii) Part III on compliance with Shari’ah rules and principles addresses various specificities of ICIS which include (a) the process of portfolio screening by ICIS Operators, (b) the role of Shari’ah scholars in monitoring consistent compliance with the Shari’ah, especially through SSBs, and (c) the process of purification (tazkiyyah) of tainted income i.e. income which is contaminated by prohibited (haram) elements; and (iii) Part IV on additional protection for ICIS investors highlights the issues of adequacy of representation for investors in the organs of governance of ICIS, as well as some prevalent practices revealed from the survey which require appropriate oversight, such as the transfers and commingling of funds, as well as smoothing/stabilising of dividend payments in ICIS.
16. The Guiding Principles provide some examples of current practices that can be considered as best practices; with due recognition that these practices will and should change as markets change and as technology, financial engineering and improved coordination between supervisory authorities make other strategies available. It is not the intent of the Guiding Principles to prescribe every possible control procedure. Instead the IFSB will keep continue to review and revise these recommendations from time to time.
17. To help illustrate the governance structure of ICIS based on the different corporate and contractual models of CIS framework set out by the IOSCO, charts of the five ICIS models are included in Appendix I. For further guidance on several ICIS frameworks applied in IFSB member-countries, a list of them is set out in Appendix II. In addition, there are at least 24 lOSCOPDs which have been issued on various aspects relevant to CIS Governance and this is list out in Appendix III. Hopefully all these would facilitate supervisory authorities in reviewing and updating their own ICIS Governance requirements
18. With regard to the disclosure requirements to promote better transparency in ICIS, the Guiding Principles recommend adoption of the "comply or explain” approach, in order to allow the implementation of these Guiding Principles to accommodate the diverse legal frameworks of the jurisdictions in which the ICIS operates and be commensurate with the size, complexity and nature of each ICIS.9
9 IFSB-3 explains that the "comply or explain" approach builds on the idea of market discipline, whereby stakeholders are empowered to read to unsatisfactory governance arrangements or substandard disclosures (which can be either false, substantially incomplete or misleading) The stakeholders’ sanctions may range from reputational damage for the ICIS, to loss of trust in the management - forcing some managers to quit, to legal actions based on contractual terms. Supervisory authorities particularly should have adequate enforcement instruments, from the power of directing necessary disclosures, to imposing reprimands and fines to curb deliberate serial non-compliances.
The Guiding Principles
Part I - General Governance Approach of ICIS
Principle 1; ICIS shall establish a comprehensive governance policy framework which protects the independence and integrity of each organ of governance and set out mechanisms for addressing conflicts of interest.
Structure and Process
19. ICIS shall strive for consistent improvement of its governance by establishing a comprehensive governance policy framework which protects the independence and integrity of each organ of governance and set out mechanisms for addressing conflicts of interest. At the core of the comprehensive governance policy, there must be:
(i) continuous adoption of international best practices; and (ii) assurance that the ICIS's highest internal governing body (GB), (whether it takes the form of the BOD, the investment committee, or the management committee, etc ), shall be responsible for steering the establishment of the governance policy framework and overseeing its implementation,
Recommended Best Practices
20. ICIS shall establish the appropriate code of ethics/code of conducts to be complied by the members of its highest GB as well as its employees. There shall be adequate system in place to monitor compliance with these codes, and to ensure that any misbehaviour or misconducts are swiftly and effectively dealt with. In particular, members of the GB and the ICIS employees shall be required to declare whenever they find themselves in a position of making a decision on behalf of the ICIS but is in direct conflict with their personal interest or interest of parties related to them (like family, etc.). In such cases, it should be mandatory on them to abstain from getting involved in the decision making process.
21. For each of the organs of governance, the ICIS shall carry out a detailed analysis of the types of conflicts of interest situations that arise in the course of its operation and management. There shall be developed system to check the level of their conflicts of interest and adequate guidance to determine whether they should be:
(i) strictly prohibited from subscribing to the ICIS, (ii) allowed to subscribe to the ICIS but must hold on to their investment (prohibited from disposing) for a specific length of time; or (iii) allowed to subscribe to the ICIS and dispose of their investment at any time but must disclose their transactions/ interests. This should cover all ICIS Insiders including the sponsors, managers, auditors, broker- dealers, GB, trustees/custodians, depositaries/administrators, as well as the SSB.
22. If the ICIS enters into an arrangement to delegate or outsource any of the functions of an organ of governance to external parties, the GB shall take reasonable steps to ensure that it implements and maintains systems and controls to monitor the party carrying out the relevant activity or function This includes a progressive review of the carrying out of the relevant activities or functions, at least every 6 months Immediate action shall be taken to remedy any non-compliance of the terms and conditions of the delegation or outsourcing arrangement, and the supervisory authorities should be notified in case of any major non-compliance.
23. As much as possible, the GB shall clearly fortifies the independence and integrity of the ICIS organs of governance through legal, financial and administrative separations. Physical firewalls such as different office premises for each of the ICIS insiders, restriction and controls over market-sensitive information, and progressive independent reviews such as by the auditors, should be useful in creating an atmosphere of strong independence and integrity amongst the ICIS Insiders.
24. It would be helpful if the ICIS can establish adequate channels for stakeholders, especially ICIS Investors, to seek clarifications or convey their concerns to the GB. While some jurisdictions require the holding of general meeting of ICIS Investors for these purposes, a more fluid and open system - such as that which allow e-mail inquiries - can be put in place
25. Furthermore, the ICIS shall facilitate any ICIS Insiders who wishes to report or highlight incidents of malpractices within the ICIS or otherwise perpetrated by the ICIS. "Whistle- blowers”, as these informants often called, plays a very important role in checking and stopping ethically or legally wrong practices that can bring the ICIS into trouble and disrepute.
Part II - Transparency in Disclosure
Principle 2: ICIS shall ensure that disclosure of material information is not only done with appropriate accuracy and timeliness, but also presented in an investor-friendly manner.
Structure and Process
26. Although generally under the principle of Mudārabah the ICIS Investors as capital owner (rabbul māl) shall not intervene in the management of the investments made on their behalf, it does not mean they should also be deprived from accessing the appropriate information in order to monitor the performance of the ICIS. Without adequate disclosure, it would be difficult for ICIS Investors to even vote with their feet and simply withdraw their investments It goes without saying that accuracy and timeliness of disclosures play a significant role in ensuring market discipline and efficiency. In this respect, it is the duty of ICIS to present to ICIS Investors with information that appropriately reflects the investment profile of the ICIS, as well as the associated risks.
27. Financial reporting is certainly a critical component of good governance. Those overseeing or involved in the financial reporting process have unique responsibilities because financial reporting is a public interest activity. 10 As much as shareholders commit their funds to companies relying, in part, on management’s representations and on the auditor’s opinion that a particular company's financial statements fairly reflect the financial position, results of operations and cash flows of the company, the same goes to ICIS Investors who bear the risk of losing their capital. If ICIS investors cannot rely on the quality of information provided to them, it would influence their investment decisions. It has always been argued that information asymmetries effectively increase the cost of capital. Past scandals have taught us that when investors question the integrity of financial information, they become risk averse or risk avoiding, often to the detriment of the local economy. This is particularly true of financial institutions. When markets lose confidence in the integrity of financial information or when markets can no longer trust the issuer of financial information, the negative effects can be dramatic.
28. Therefore, it is only appropriate that ICIS Operators recognise their responsibility to the investors and the markets. This would increase market confidence in ICIS. Some of the key issues for those involved in the financial reporting process may include:
(i) for ICIS managers, they must ensure that the financial statements reflect economic reality and comply with the relevant accounting and reporting standards. This is in the ICIS's best interests - as well as the investors, because transparency has a direct impact on the cost of capital. In fact, while a lack of transparency in the short term may appear to be beneficial, over a longer period it can be very costly. (ii) for auditors, this means following appropriate auditing standards, acting with competence and integrity and providing a truly independent audit opinion. (iii) for regulators, it means designing sound regulatory mechanisms, assessing compliance with appropriate standards and having effective enforcement mechanisms (iv) for trustees, SSB and other ICIS insiders, it means ensuring that conflicts of interest are well managed and addressed.
29. It follows that the methods of disclosure can be divided into three categories:
(i) disclosure at the offering stage of the investment (this takes the form of prospectus, placement memorandum, etc.) which is a mixture of integrity disclosure and investment-related disclosure; (ii) progressive disclosure (which takes the form of quarterly reports, semi-annual reports and annual reports); and (iii) timely disclosure (which sometimes may be a non-financial disclosure relating to significant events) that affects the governance evaluation of the ICIS.
30. In addition, ICIS shall include in their disclosure to the supervisory authorities and the ICIS Investors the status of their compliance with this standard in two components:
(i) In the first component, the ICIS shall report how it applies these Guiding Principles. The ICIS may determine by itself the form and content of its disclosure based on their own governance policies in the light of the Guiding Principles, including any special circumstances applying to it which might have led to a particular approach; and (ii) In the second component, the ICIS shall either confirm that it complies with the provisions of these Guiding Principles, or, where it does not so confirm, provide a clear and adequate explanation of the reasons for non-compliance.
Recommended Best Practices
31. Emphasis should be given on providing relevant and reliable information that is crucial to the ICIS Investors in understanding and properly evaluating how their investments are managed. This would not be achieved by simply disclosing as much information as possible and inundating the ICIS Investors with tonnes of information, as it will only bring information overload which eventually can confuse and mislead the investors.
32. It is recommended that ICIS ensures that the disclosure of the following information in all its key documents (such as the prospectus, constitution and annual report):
(i) information about the GB - including Its bylaws, size, membership, selection process, qualifications, other directorships, criteria for independence, material interests in transaction or matters affecting the ICIS, as well as the senior management (responsibilities, reporting lines, qualifications and experiences); (ii) basic ownership structure - for example, major share ownership and voting rights, beneficial owners, major unitholders’ participation on the board or in senior management positions, unitholders meetings; (iii) organizational structure - for example, general organizational chart, business lines, subsidiaries and affiliates, management committees; (iv) information about the incentive structure of the ICIS - for example, remuneration policies, executive compensation, bonus fees, etc; (v) the ICIS’s code or policy of business conduct and/or ethics (including any waivers, if applicable), as well as any applicable governance structures or policies (in particular, the content of any governance code or policy and the process by which it is implemented, as well as a self-assessment by the GB of its performance relative to this code or policy); (vi) the ICIS’s policies related to conflict of interest, as well as the nature and extent of transactions with affiliates and related parties (which may be in aggregate form for routine financing facility to employees), including any ICIS matters for which members of the GB or senior management may have material interests either directly, indirectly or on behalf of third parties; and (vii) the financial administration of the ICIS, including methods of profit calculation, asset allocation, investment strategies and mechanics of smoothing the returns (if any, including any changes thereto).
33. It is important to ensure that Information is readily available in a comparable, understandable, readable and reliable form, so that if is easily accessible not only by ICIS Investors, but by information intermediaries for consumers such as the media, financial advisers and consumer associations The information intermediaries are likely to use the information to draw attention to good and bad features more effectively than consumers would typically be able to do for themselves. This process would be helped by:
(i) standardization of terms and language; (ii) comparable measures of, or ways of explaining, charges, risks, profit calculation, asset allocation, investment strategies and mechanics of smoothing the returns (if any); and (iii) easy access to such information11.
34. In recent times, specialized software has been developed that allows ICIS investment managers and SSB to track portfolios with ease. Such software, when connected to the Internet, will also provide real time access to portfolios, as well as a host of third party information. As far as possible, ICIS should ensure that it updates its information and data facility to facilitate more efficient dissemination of information to the relevant stakeholders, including the ICIS Investors.
10 Ian Ball, "Enhancing Transparency and Market Discipline in the Islamic Financial Services Industry". International Federation of Accountants. May 2004
11 For example in Malaysia and Saudi Arabia in addition to monthly and quarterly Investment statements sent to the investors. they can also check the performance of their investment in the ICIS by accessing the web site of Bursa Malaysia (klse.com.my) and Tadawul slock market (www.tadawul.com.sa). Most of the ICIS are listed there, and it contains useful information for investors and researchers, including update on any changes to the fund based on the terms and conditions of the ICIS. as well as the unit price of the fund on the day of valuation whether on daily, weekly, bi- weekly or monthly basis Similar information is widely available in the daily news papers.Part III - Compliance with Shari'ah Rules and Principle
Principle 3: IIF shall have in place an appropriate mechanism for monitoring ex-ante and ex-post Shari’ah compliance.
Structure and Process
35. Considering that the offering of any ICIS is fundamentally underlined by its promise to be in strict compliance with Shari’ah rules and principles, it would be incomprehensible for any ICIS to operate without Shari’ah supervision of any sort. Although according to the survey conducted by the IFSB, the majority of ICIS do have SSB either in the form of a panel comprising several members or an individual adviser, unfortunately there are still ICIS which takes for granted the importance of establishing appropriate mechanisms for monitoring both ex-ante and ex-post Shari’ah compliance by the ICIS.
36. A particular aspect of Shari’ah compliance, which still appears to be generally lacking amongst ICIS is the conduct of external ex-post Shari’ah compliance reviews. In its survey, the IFSB found that only a small minority of the IIF have external ex-post Shari’ah compliance reviews. The GB of ICIS should use their best efforts in ensuring that the external auditors are capable of accommodating ex-post Shari’ah compliance reviews (relying - where appropriate - on work carried out by internal auditors/Shari’ah reviewers) within their terms of reference. Where possible, the GB and the internal auditor/Shari’ah reviewer shall work closely with the external auditors to enhance the external auditors’ capabilities for conducting such Shari’ah compliance reviews as part of their audits. Meanwhile, the IFSB survey also indicates that a majority of the ICIS do have internal Shari’ah compliance reviews; however, there is a need to ensure that these reviews are conducted by competent and adequately trained internal auditors/Shari’ ah reviewers, which is still a rarity at the moment.
37. Inevitably, in order to strengthen its Shari’ah governance structure, an ICIS shall have appropriate functions that cater for:
(i) the role of Shari’ah scholars to monitor consistent compliance with the Shari’ah, especially through SSBs; (ii) the process of portfolio screening to ensure its investment portfolios remain within Shari’ah-permissible assets/projects; and (iii) the process of purification(tazkiyyah) of tainted income, whereby income which is contaminated by prohibited (haram) elements is removed from the ICIS.
These mechanisms through which the ICIS ensures its compliance with Shari’ah rules and principles shall be made publicly available through appropriate publication and communication channels.
Recommended Best Practices
38. As highlighted in Appendix II, certain jurisdictions have included specific requirements for ICIS to establish SSB in order to ensure adequate monitoring of compliance with the Shari’ah 12 On the other hand, most other jurisdictions leave this to the ICIS themselves and the market forces. As rightly assumed, the presence of SSB lends credibility to an ICIS, and it would be difficult for the ICIS to promote itself if cannot show to potential investors how would it deal with Shari’ah issues that arises from time to time.
39. Ideally, the SSB shall be comprised of three or more Shari’ah scholars who are well versed in Islamic jurisprudence and, in particular, on how Shari’ah rules and principles can be applied to modern financial transactions. Where the ICIS Operator is itself an Islamic institution, that institution may appoint its existing internal SSB to review the transaction, or alternatively it may appoint a group of scholars recommended by one of their advisors. However, regardless of how the SBB is appointed, it is important for them to be totally independent of the originator and act in the interest of the ICIS Investors.13
40. Following issuance of the ICIS share/unit certificates, the SSB should undertake a periodic review of the activities of the ICIS Operator and investment manager to ensure that the investment portfolio continues to be Shari’ah-compliant. The actual role of the SSB will vary from one ICIS to another, but in addition to the critical portfolio selection approvals as noted above, other roles may include:
(i) the study of the offering memorandum, constitutional documents, and any major agreements controlling the relationship between the functionaries of the structure: (ii) giving general advice to the operator/manager regarding compliance with Shari’ah; and (iii) advising on the use of instruments and techniques for efficient cash management and their compliance with the principles of Shari’ah.14
41. It is noted that ethics binding the ICIS can be highly subjective and not easily quantified. In considering issues of this nature, it is important that the SSB works closely with the GB and the ICIS management on policies and guidelines that will adequately cover these issues. Islamic investing has much in common with the modern forms of investing known as ethical investing, socially responsible investing, faith investing, and green investing. Each of these investment sectors, or subsectors, has much of value to contribute; and each has something in common with the teachings of Islam. It is therefore important for SSB to keep abreast of what is happening in these areas.
42. The fact also remains that the industry still largely suffers from a shortage of well qualified Shari’ah scholars to sit in SSBs. Often those who are well-versed in knowledge of Shari’ah rules and principles, are not necessarily well-acquainted with modern finance Likewise, those who are well-versed in the latter are not necessarily knowledgeable in the Shari’ah. This has forced some ICIS to find other ways to see to the Shari’ah supervision of their businesses. For example, some funds have retained the services of a single Shari’ah supervisor, who is assigned to track an Islamic index.15 Obviously, such an index fund will require less Shari’ah supervision for its portfolio than an actively managed portfolio, because its investable universe will already have been screened by the SSB of the index provider. Another way that an Islamic fund may ensure Shari’ah supervision without retaining the services of a SSB is for it to appoint a Shari’ah scholar to its GB.16 There the scholar may either chair a subcommittee or work alone to supervise the ICIS for Shari’ah compliance and oversee the other Shari’ah-related matters. However, undeniably the presence of a full panel of SSB would be more assuring to investors and quite possibly more effective.
43. Notwithstanding this, ICIS shall have in place an appropriate mechanism for consistent screening of their investment portfolios to ensure they conform to Shari’ah rules and principles. While Islamic indexes can be used to facilitate the portfolio selection by fund managers and as benchmarks to monitor the performance of Shari’ah-compliant securities across the stock exchanges, similar services are hardly available for non- securitised portfolios such as commodities and projects. The same could be said about private equities, such as in start-up companies which have often been evaluated by venture capital funds Hence, it is pertinent for each ICIS to consider having its own internal screening process as well as appropriate benchmarking mechanisms, especially when it holds portfolios other than securities approved by Islamic indexes. The mechanisms should be made transparent to the potential investors in order to help him make an informed decision before participating in the ICIS and the SSB shall be vigilant in alerting the ICIS on any part of the portfolios that has become non-compliant.
44. Realizing the volatility of the stock market and the domination of riba-based conventional financial system in the market, sometimes ICIS cannot avoid from receiving income which is tainted with non-halāl (impermissible) activities or syubhah (ambiguous) sources. This is exemplified by the investment in the equity of certain corporations which have earlier been considered halal but over a duration of time became non-halāl as the corporation transcend certain boundaries of the Shari’ah. Sometimes such cases happen following the merger and acquisition of corporate entities. Therefore, ICIS shall have put in place appropriate mechanisms for removal of income and profit derived from such non- halāI or syubhah sources before distributing the purified profit to the investors. The common practice has been to donate or forsake the tainted income to charity under direct supervision of the SSB. In surrendering non-halāl income/profits, it might be appropriate for ICIS to consider certain implications vis-à-vis its wider obligations under anti-money laundering (AML) laws.
45. In this regard, the ICIS auditors need to have full awareness and adequate access to information relating to purification process, in order to ensure appropriate checks on the liquidation of the ICIS’ assets, and the justification for separating its earnings. Hence, there should be established a smooth relationship between the SSB and the auditor.
46. For internal Shari’ah compliance reviews, the SSB or Shari’ah scholars of ICIS shall work together with either a separate Shari’ah control department or the designated internal auditors/Shari’ah reviewers. This would enable the SSB or Shari’ah scholars to advise the Shari’ah control department or designated internal auditor/Shari’ah reviewers on the scope of audit/reviews required. As the Shari’ah control department or designated internal auditors/Shari’ah reviewers shall be responsible for producing the internal Shari’ah compliance reports, they shall acquire the relevant and appropriate training to enhance their Shari’ah compliance review skills.
47. For external Shari’ah compliance reviews, the Audit Committee shall ensure as far as possible that the external auditors are capable of conducting, and do conduct, ex post Shari’ah compliance reviews within their terms of reference.
12 For example, this is the requirement in Bahrain, Brunei International Financial Centre, Dubai International Financial Centre, Lebanon, Malaysia and Qatar Financial Centre. In the case of DIFC and Malaysia, the regulations also set out some rules regarding the size, independence and changes in the SSB
13 Amongst the supervisory authorities who have specific regulations for SSB in this respect is the Securities Commission of Malaysia. Under Para 6.04 of its Guidelines on Unit Trust Fund it is required that the SSB appointed must at least be three persons qualified in the Islamic financial jurisprudence (fiqh muamalat), independent from the fund management and are registered with the Commission.
14 Trevor Norman, "Securitisation Structures within an Islamic Framework", International Securitisation Report. July 2005.
15 For example, the Dow Jones Islamic Index, the FTSE Global Islamic Index and the Bursa Malaysia Islamic Index
16 For example, in Malaysia, in addition to the SSB, IIF operators are required to have al least (wo Muslim members on their board of directorsPart IV - Additional Protection for ICIS Investors
Principle 4.1: ICIS shall ensure any transfer or commingling of its assets with another ICIS shall be carried out with on terms and conditions that preserves the ICIS’s Investors’ interest, and always supported by appropriate and objective valuations.
Structure and Process
48. ICIS operators and managers sometimes shuffle and commingle funds and assets between separate ICIS under their management, especially to create an image of strong performance for all the funds managed by them Although it is recognized that this practice is not peculiar to ICIS, it is important to ensure that the objective of securities regulation i.e. the prevention of misleading, manipulative and fraudulent practices by ICIS Insiders is appropriately observed. Bearing in mind that under the principle of Mudārabah and Wakālah the ICIS Insiders could be bound by specific mandates and instructions, adequate oversight should be put in place in order to protect ICIS Investors from malfeasance or negligence on the part of the iCIS Insiders.
Recommended Best Practices
49. ICIS Operator must ensure that any transaction in respect of the ICIS's assets, especially those undertaken with a related party (including another ICIS under the same operator or manager), is conducted on terms at least as favourable to the ICIS as any comparable arrangement on normal commercial terms negotiated at arm's length with an independent third party Any such transactions shall be carried out upon request or consent from the ICIS Investors themselves. Wherever it has been disclosed in the offering documents that the transferring and commingling between sister-ICIS will be a feature of the fund, any such transactions shall at least be reported to the GB and the SSB, and shall proceed only upon their approvals.
50. The ICIS Operator shall satisfy themselves that a competent valuer is assigned to evaluate and appraise the ICIS's assets, as well as to calculate the net tangible asset (NAV) of the ICIS. Reasonable care shall be exercised to ensure that the valuer has carried out his duties in an objective manner Where possible, the valuer shall be of highest expertise in the relevant market of assets being assessed Although the valuer may not be legally independent from the ICIS Operator, there shall be adequate independence in terms of functions and reporting structure between the valuer and the ICIS Operator Alternatively, the valuation report can be verified by an independent party such as the ICIS administrator, trustee/custodian or auditor
51. The ICIS Operator should seek assurance that the valuation system is robust and will produce accurate results. Periodic review of the outputs from the system shall be carried out at least annually (depending on the type of assets), and on any significant system change
Principle 4.2: IIF shall be transparent in the imposition of any fees, creation of any reserves and the smoothing of any dividend payments.
Structure and Process
52. One of the most common abuses by fund operator/manager is the imposition of hidden fees that cost the investors a lot Often, the fund operator/manager would gain lucrative amount from their manipulation of fee calculation, even times when the fund itself is far from performing.
53. Meanwhile, some ICIS adopt the practice of smoothing/stabilising returns from the funds, whereby the return within periods of bad or weak performance, is cushioned by returns during good and strong periods. This is often done through the creation of Profit Equalisation Reserves (PER). Arguably, this practice may be seen as a good governance practice for the ICIS investors as it buffers them from a weak market. However, a closer look reveals complicated governance issues. For example, such practices may create a false and misleading impression to investors and the market that an ICIS has been performing well. This might well result in some investors being misled and allegations of market abuse and manipulation. There are also issues of accuracy in accounting and financial disclosure. The fact that there is no regulated process on how PER can be utilised certainly makes it a subject of potential abuse and misappropriation. Reference should be made to IFSB-3 on how this issue should be addressed.
Recommended Best Practices
54. Full, accurate and timely information on fees and expenses should be disclosed in a way that allows ICIS Investors to make informed decisions about whether they wish to invest in a fund and thereby accept a particular level of costs. This includes disclosure in the offering documents as well as periodic reports. The disclosure should enable investors to understand what fees and expenses are charged and the cost structure (e.g. the management fee, operational costs such as custody fees) of the ICIS. It should describe the fees and expenses actually paid on a historical basis, and may also describe the fees and expenses likely to be paid on an anticipated basis. Information on fees and expenses should enable investors to compare costs between ICIS.
55. A performance fee, if imposed, should not create an incentive for the ICIS Operator to take excessive risks in the hope of increasing its performance fee. For example, there is a greater likelihood that the performance fee will create an incentive to take excessive risks if the management fee is set at a very low level, below the actual management costs, and the ICIS Operator relies on a high performance fee to recover its management costs. If such an incentive cannot be avoided, it should be identified and minimized.
56. A performance fee should be consistent with the fund's investment objectives and should not create an incentive for the operator to take excessive risks and should not deny investors an adequate remuneration of the return from the risks taken on their behalf and previously accepted The following items should be unambiguously determined:
(i) how the performance of the fund will be assessed (over what timeframe, including or excluding subscription/redemption fees, etc.), (ii) what benchmark reference that the performance will be compared to. This reference must be verifiable and provided by an independent party; and (iii) what the calculation formula will be (including the description of the methods used to offset gains with past losses, if applicable).
A performance fee should not result in a breach of the principle of equality of ICIS Investors.
57. ICIS shall further create practices, procedures and entitlements that adequately address any undesirable ambiguity in the smoothing of any dividend payment. This call for appropriate transparency in the method and manner of which the PER will be created and utilized Adequate disclosure shall be produced in through the offering documents as well as periodic reports.
Definitions
The following definitions are intended to give readers a general understanding of the terms used in this document. It is by no means an exhaustive list.
Islamic collective investment scheme (ICIS) Please refer to page 2, Investment risk reserve (IRR) IRR is the amount appropriated by the ICIS out of the income of ICIS Investors, after allocating the Mudārib's share, in order to cushion against future investment losses for ICIS Investors. Mudārabah A Mudārabah is a contract between the capital provider and a skilled entrepreneur whereby the capital provider would contribute capital to an enterprise or activity, which is to be managed by the entrepreneur as the Mudārib (or labour provider). Profits generated by that enterprise or activity are shared in accordance with the terms of the Mudārabah agreement, whilst losses are to be borne solely by the capital provider unless they are due to the Mudārib's misconduct, negligence or breach of contracted terms. Profit equalization reserve (PER) PER is the amount appropriated by the ICIS out of the Mudārabah income, before allocating the Mudārib's share, in order to maintain a certain level of return on investment for ICIS Investors and to increase owners' equity. Restricted investment account The accountholders authorize the IIFS to invest their funds based on Mudārabah or agency contracts with certain restrictions as to where, how and for what purpose these funds are to be invested. Stakeholders Those with vested interest in the well-being of ICIS, including;
(i) employees;
(ii) customers (including IAH and normal depositors);
(iii) suppliers;
(iv) the community (particularly the Muslim ummah); and
(v) supervisors and governments, based on the unique role of ICIS in national and local economies and financial systems.
Unrestricted investment accounts The accountholders authorize the ICIS to invest their funds based on Mudārabah or Wakālah (agency) contracts without laying any restriction. The ICIS sometimes commingle these funds with their own funds and invest them in a pooled portfolio. General Guidelines for the Working of the Banking Committees
No: 361000042432 Date(g): 7/1/2015 | Date(h): 17/3/1436 SAMA has updated the General Guidelines for the Working of the Banks Committees with a view of enhancing the efficiency and effectiveness of all Committees. The update has incorporated the main recommendations of the Banks’ Chairmans Committee Report dated 11 April 2012 on work done by the Banks’ Special Committee. SAMA had circulated to all banks the revised draft of General Guidelines in May 2014 and received the banks’ comments thereon. These comments have now been taken into consideration in revising the Guidelines.
SAMA would like the Chairman of the Managing Directors Committee to forward these guidelines to the Chairmen of all banking committees for their further distribution and use by the members of the various committees, and ensure the implementation of these guidelines by 31 March 2015.
1. Background
In the 1980’s, the Saudi Banking market was facing rapid changes and many challenges that required banks to share their experiences. For this purpose, SAMA encouraged Saudi banks to establish Bank Committees for providing a mechanism whereby the banks could assemble, deliberate and discuss common issues and concerns. The first Managing Directors Committee met in 1987 and other Committees followed. At these committee meetings, representatives of the banks could share their experiences, provide their bank’s point of view for resolving common problems, as well as providing inputs to SAMA for framing supervision policy. Accordingly, over the years, the Banks have decided to establish a number of such Committees. Each Committee is headed by a Chairman, who in turn is aided by a Vice Chairman and a Secretary, and at times is supported by Sub-committees and where needed by outside Consultants.
2. Mandate
The mandate of a Committee should be based on the specific purposes of the Committee. Also, the mandate should be reviewed annually and updated if needed.
3. Purpose of the Committee
▪ Issues discussed must focus on areas of common interest for growth of the banking system and for enhancing controls, efficiency and supervision. ▪ Committee members are expected to identify, analyze, discuss issues and come up with recommendations pertaining to their respective functions i.e. Treasury, Credit, Operations, Fraud, etc. ▪ Discussions must be conducted in an organized and structured manner to ensure all viewpoints are aired and objectives of the Committee are achieved.
4. SAMA’s Role and Responsibility (Agreed by SAMA)
▪ SAMA nominates senior officers as observers to attend Committee meetings. ▪ SAMA responds to issues raised and proposals put forward by banks at its own discretion within a reasonable span of time. These proposals normally reflect the position of all Committee members and have the support of the bank's CEO. ▪ SAMA representatives ensure that banks are appraised of SAMA policies, directives and viewpoints on various initiatives being undertaken. Where possible SAMA representatives put forward the constraints and concerns of SAMA and other Government bodies. Their effort is aimed at enabling the Committees to work in a proactive and efficient manner. ▪ All meetings are conducted with full knowledge of SAMA and the minutes of Committee meetings, are taken by the Secretary of a Committee and shared with SAMA representatives at the draft stage. After clearance and vetting by a SAMA representative (who may suggest changes taking into account SAMA confidentiality and sensitivity concerns), the minutes are distributed to all members. ▪ The SAMA representative should prepare for the meeting collecting information from all relevant departments in SAMA to respond to requests from the Committee and also share relevant new circulars issued by SAMA with the Committee. ▪ The SAMA representative should be the point of contact between SAMA and a bank Committee.
5. Bank’s Role and Responsibility
a- Each bank should select and nominate its representatives with proper background related to a Committee’s mandate. These individuals are responsible for the following:
▪ To bring to the attention of the Committee relevant issues and concerns of their banks which require support from, and/or views of, other banks. ▪ To bring to the attention of their bank’s relevant management, the deliberations at such meetings of various matters identified in the agenda and bring any responses thereto from their management to the Committee which may be of interest to the Committee as a whole. ▪ To participate in the work carried out by working groups and subcommittees. ▪ The members should be able to obtain the necessary resources to support commitments for projects and plans initiated by banking committees. ▪ Each member of the Committee must provide to the relevant senior managers of the banks, a report about the work of his/her Committee and his/her participation in its work.
b- A clear process for nominating back up (replacement) for bank’s representative.
6. Committee Structure, Composition and Membership
▪ Each Committee should be headed by a Chairman, and in his/her absence an acting Vice Chairman, and a Secretary. ▪ The Composition of the Committee shall draw upon the skills and expertise of its members to carry out its mandate and work. Professional competency and commitment are a pre-requisite for Committee membership. ▪ Formal documented procedures need to be discussed and agreed and minutes for nomination/ appointment of Chairman and Vice Chairman for each Committee must be maintained. ▪ The Banks should nominate their representatives from senior managers who have the relevant experience and expertise.
6.1 Reporting Lines
The reporting lines are, for example, as the following:
6.2 Governance Structure
▪ Each Sub-Committee is established by the Managing Directors’ Committee with consultation with SAMA. ▪ The Chairman of each (Sub-) Committee should report to the higher Committee. ▪ The Chairman of each (Sub-) Committee should update the higher Committee on its work including any important issues to be raised to SAMA.
7. Committee Officials
7.1 The Chairman
The chairman of a committee determines its effectiveness and success because he/she normally sets its tone, agenda and style. His/her responsibilities include but are not restricted to the following.
1. Overall planning of meetings including timings, venues, agenda items, etc. 2. Ensure that the minutes of the meetings should be reviewed by SAMA representative before distribution. 3. Liaising with SAMA officials, for the follow-ups on outstanding agenda items and for improving the functioning of the Committee. 4. Maintaining an independent, professional and effective style and attitude in the forum and among the members of the Committee. 5. Determining strategies and priorities of the Committee and in implementing new proposals amongst the banks. 6. Soliciting and developing new initiatives in order to activate and improve the mandate of the Committee. 7. Developing and improving the terms of reference document of the Committee for making this Committee more effective, efficient and independent at the end of each year. 8. Determining at Committee level if external consultants are necessary in providing input to a proposal. Final approval for such appointments are to be provided by SAMA.
7.2 Vice Chairman
The Vice Chairman shall assist in any way the chairman requires for discharging his/ her role and responsibilities and as above. He/she will be there to officiate during the absence or early departure of the Chairman.
The Vice Chairman of the Committee is the Chairman for the following year , unless SAMA has a different view.
7.3 The Secretary
The secretary's main responsibility would be to take notes and maintain minutes of the meetings. The minutes must normally be prepared in a reasonable span of time and submitted to SAMA's key representatives for their approval. SAMA representative approves the minutes in normal circumstances within one week after the receipt and authorizes their final distribution.
7.4 Membership of the Committee
The size of a Committee will be restricted to a maximum of 2 members (one at least is permanent) from each bank. Those members should be identified and known to other members. However, in Chairmans’ and Managing Directors’ Committees, each bank will be represented by one member only.
7.5 Selection and Termination of Committee Officials
The selection of the Committee Officials takes place in the last meeting in the calendar year. It may be decided by each Committee, and could be based on annual rotation or through a vote. In case of a vote, the following rules are to be applied:
▪ Each bank has 1 vote. ▪ No proxy vote are accepted. ▪ No individual can have the same office for more than 3 years. There are some exceptions to this rule. ▪ All appointments are approved by MD's Committee. Should there be an unexpected departure of any of the officials of a Committee, before their regular tenor of 1 year, the relevant bank may nominate a replacement.
Any official can be terminated under any of the following circumstances.
▪ Unanimous decision by the Committee members and SAMA's approval. ▪ SAMA's sole discretion.
8. Role of Managing Directors' Committee
▪ At the beginning of each term, the Managing Directors’ Committee should review all the submitted term of reference documents for various subcommittee before submitting them to SAMA. These documents should outline their objectives, mandates, and priorities for the coming year. ▪ Managing Directors’ Committee should monitor and evaluate the functionality and performance of the sub-committee on a continuous basis. ▪ The self-assessment of the Committee's performance and recommended action shall be submitted to SAMA by the Chairman of the Committee at the end of each year. An annual evaluation of a Committee's overall performance is useful in determining the effectiveness of its activities.
9. Meetings, Quorum, Agenda and Attendance
▪ Committee meetings will take place at least once each quarter, with a minimum of four Committee meetings per year, or more frequently, if necessary, and as decided by the members of the Committee. ▪ The Chairman and the Secretary shall be responsible for preparing the Agenda of the meeting. ▪ The Committee's Secretary is responsible for distributing the agendas and the meetings schedule. ▪ In the absence of the Chairman, the Vice Chairman shall preside over the meeting on behalf of the Chairman. ▪ Names of the Committees member in attendance shall be noted in the meeting minutes. ▪ In case of replacement of the representative of a bank, the bank should inform the Chairman or the Committee Secretary about the change within adequate time before the meeting. ▪ Where the Chairman believes that a bank is not adequately represented, he can seek SAMA’s help in rectifying the situation after providing the reasons for his views. ▪ Members should adhere to the meeting attendance and ensure active participation in the meeting. ▪ The Managing Directors’ Committee Secretary should provide SAMA with a consolidated annual schedule of planned meetings of all Sub-Committees to ensure discipline in the frequency of all meetings.
l0. Proposals and Decision-Making by the Committees
Discussions and deliberations of the Committees often serve as inputs for SAMA’s supervision and regulation. These discussions are concerned with either existing rules, regulations and practices or for contributing towards new ones. Accordingly, the proposals before being presented to SAMA are thought through and documented by the committees. Formal proposals outlining the nature of the issue, existing and international practice, an analysis of the merits and demerits of the status quo and of the proposed changes are submitted to SAMA by the chairman of each Committee or raised to the MDC's Committee for forwarding to SAMA Senior Management.
It is expected that there is a consensus on the proposals being submitted and that there has been sufficient research and analysis carried out by the committee members.
Committee decisions and proposals are normally by consensus. However in the case of dissent, a majority vote applies. No voting by proxy is permitted. In case of equal vote, the Committee is authorized to seek guidance from the higher Committee.
The banks’ proposals are further studied by SAMA internally or SAMA may at its own discretion solicit external advice and help if necessary. SAMA after study may reject any proposal.
11. Confidentiality
All deliberations, agenda items, decisions, notifications, etc. are strictly confidential unless decided otherwise. It is expected that all banks would strictly adhere to this requirement. While each bank can exercise its own professional judgment in deciding upon the nature and extent of confidentiality, agenda items should only be discussed at the Committee and sub-committee levels or within the scope of selected and responsible officers at their respective banks.
12. Committee Self-Assessment
Each year, the Committee shall conduct a self-assessment of its performance as well as taking note of the significant contributions of members.
There should be unified/ standardized templates, forms, KPIs, and procedures for all committees self-assessment process. KPIs should be linked to the objective of each committee.
Each Committee shall report to the Managing Directors’ Committee the evaluation of its Committee performance.
13. Sub-Committees
In order to ensure that issues and proposals are thoroughly deliberated upon, the Chairman after consultation with the members of a Committee, may at his discretion, appoint a Sub-Committee. These Sub-Committees would be headed by a Chairman who would be accountable in front of the main Committee’s Chairman for the terms of reference, reporting, agendas and timelines.
14. Role of Secretary General of the Chairman’s Committee
The Secretary General of the Chairman’s Committee may also act as an observer in other Banking Committees. His objectives is to streamline the effectiveness of all Banking Committees by the following:
▪ Eliminating any duplication of effort i.e. the Agenda items of each Banking Committee must be complementary. ▪ To bring major issues to the attention of Chairmen’s Committee.
A summary of the "Guidelines for Banking Committees” is attached for easy reference.
Annex 1 Summary of Guidelines for Banking Committees
1. Each bank is required to nominate a representative(s) to each of the committees. The representative(s) should be of an appropriate seniority within the bank and should have the appropriate knowledge and skills to contribute to the proceedings of the committee. He should also be in position to make commitments on behalf of the bank and contribute to the work and decisions of the Committee according to the bank’s reporting line. 2. Each bank must be presented at the committee meetings. The bank representative(s) is responsible for communication of the proceedings of the meetings to the relevant personnel within their bank including to the Managing Director, Chief Executive Officer or the General Manager. 3. Each Committee must elect a Chairman, Vice Chairman and Secretary (committee officials). The terms of the Chairman, Vice Chairman and Secretary will normally be for one year but could be extended by a unanimous decision of the Committee. 4. Each bank has an equal obligation to act as an official of the committee. The Chairman of each committee must maintain a record of the individuals and banks appointed as committee officials, and must ensure that all banks participate fully and meets their responsibility to act as committee officials. 5. All banks must be represented in all meetings. Attendance records must be maintained. 6. SAMA will nominate staff to attend meetings as observers only. 7. In circumstances where the Chairman cannot attend the meeting the Vice Chairman will act as Chairman. 8. In circumstances where any Committee member resigns during his term, the bank must choose a replacement to serve until the end of the term. 9. Minutes must be taken at each meeting of a Committee. The minutes of each Committee meeting must be submitted to a SAMA representative in a draft form for reviewing before circulation to the full membership of the Committee. 10. Committee meetings should normally be held at the Institute of Banking, or at SAMA Head Office. Sub-committee meetings may be held at other locations or in Banks after receiving SAMA consent. 11. From time to time, sub-committees may be formed. The Chairman of the main Committee after consultation with membership may at his discretion delegate the Chair of the sub-committee to another member of the committee. The sub-committee is fully accountable to the main committee. Proposals to SAMA must be voted upon and made via the main committee. 12. Committee decisions and proposals will normally be governed by consensus. In the case of dissent, a majority vote will apply. Banks are not permitted to vote by proxy. In case of equal vote, the committee is authorized to seek guidance from the higher Committee. 13. Each Committee should prepare its terms of reference. The terms of reference should detail the scope and objectives of the Committee and identify the types of issues which the Committee intends to consider. At the beginning of each term, the Managing Directors’ Committee should review all the submitted term of reference documents for the sub-committee before submitting them to SAMA outlining their objectives, mandates, and priorities for the coming year. 14. Issues to be discussed in a Committee meeting could originate from the banks, SAMA and other stakeholders. Banks representatives may agree by consensus to raise issues as proposals to SAMA. 15. Proposals made by the committees to SAMA must be fully documented and must outline the issues, contain a detailed analysis of the merits and demerits including supporting documentation such as international best practice, and the recommendations made by the committee. Proposals requiring major changes in policies or commitment of significant resources must be channeled through the Managing Directors’ Committee to ensure their approval.
Annex 2 Basic Information on a Banking Committee
Committee Name No. Items Description 1 Mandate 2 Purpose 3 KPIs for the Year 4 SAMA Representative (only name and department) 5 Bank Representatives (name, position, and bank) 6 Chairman (Name + Bank) 7 Vice Chairman (Name + Bank) 8 Committee Secretary (Name + Bank) 9 Meeting Frequency 10 Meeting Location 11 Reporting to 12 Sub-Committee, if any. [Must be updated every year by the Chairman of a Committee.]
confidential Circulars
Internal Policies
Anti Money Laundering and Combating the Financing of Terrorism Compliance Policy
This section is currently available only in Arabic, please click here to read the Arabic version.The Banking Policies Department is Responsible for Issuing, Updating, and Circulating Banking Instructions
Referring to the responsibilities of the Banking Policies Department in issuing and updating all banking instructions and circulating them to banks, and considering the recent observation of some departments issuing their instructions directly to banks in a manner that affects the centralization of instructions and the monitoring of their application, as well as the differences in the procedures followed during issuance, we would like to confirm the following:
First: Relevant departments shall coordinate with the Banking Policies Department in the General Directorate of Banking Supervision regarding the issuance of banking instructions according to the approved procedures, as the Banking Policies Department is the authorized entity to issue these instructions.
Second: Relevant departments should not use the term "circular" when addressing banks, as this is the prerogative of the Banking Policies Department, which sets the necessary conditions for this to ensure consistency with what is issued by SAMA in this regard based on legal basis, and to include it in the circulars portal.
Dissemination and Disclosure of Classified Information and Documents
No: 351000076667 Date(g): 14/4/2014 | Date(h): 14/6/1435 Status: In-Force Translated Document
In response to the Royal Circular No. 16749 dated 4/5/1435H, which emphasizes that all governmental entities must maintain and care for their documents and address any shortcomings in their conditions, and to the Royal Circular No. 46315 dated 24/12/1434H, which restricts the handling of confidential documents to authorized personnel only, and mandates that each governmental entity educate its employees about the importance of maintaining the confidentiality of information and documents, as well as the penalties associated with their disclosure and the implementation of the Penal Law on Dissemination and Disclosure of Classified Information and Documents 1432H
Attached, you will find the document Instructions for Handling Confidential Documents and Information No. (2-1434) dated 22/4/1434H. Please ensure that all employees under your supervision read and understand it thoroughly, and take responsibility for complying with the instructions contained therein.
Instructions for Handling Confidential Documents and Information
No: 2-1434 Date of Event
22/04/1434 AH
04/03/2013 M
Date of Last Modification Subject: Confidential Documents and Information Objective:
To establish the controls and procedures that must be followed when handling confidential documents.
Definitions:
For the purposes of this document, the terms and phrases listed below shall have the meanings indicated next to each:
1- Confidential Documents: Any type of medium that contains confidential information or data, classified into the following levels of confidentiality:
A- Highly Confidential Documents and Archives: Documents and archives whose disclosure could harm the security of the state.
B- Very Confidential Documents and Archives: Documents and archives whose disclosure could harm public or private interests.
C- Confidential Documents and Archives: Documents and archives related to individual subjects or cases whose disclosure or access could negatively affect the social life of groups or individuals.
2- Confidential Information: Any data or information sourced from confidential documents.
3- Employee: Any employee or contractor with the institution (full-time or part-time) directly or through a contractor working on behalf of the institution.
4- Automated System: The automated incoming and outgoing system or "Sama Net" system.
5- Envelope: A container or holder for documents to be sent to another entity within or outside the institution.
Controls:
First: Compliance with the provisions of Penal Law on Dissemination and Disclosure of Classified Information and Documents issued by Royal Decree No. (M/35) dated 08/05/1432 H.
Second: Compliance with the following:
1- It is prohibited for any employee or contractor, even after the termination of their service, to publish a confidential document or disclose confidential information obtained or learned by virtue of his position, as the publication or disclosure remains prohibited.
2- It is prohibited to remove confidential documents from the institution, exchange them, or exchange confidential information with others by any means, or to retain them in locations not designated for their storage, or to remove them from the institution for the purpose of working on them or leaving them in a vehicle. It is also prohibited to print, copy, or photograph them outside the institution or send them via unencrypted automated devices, except as required by work needs.
3- Confidential documents must be stored in a manner that prevents unauthorized individuals from accessing, handling, or photographing them.
4- Confidential documents should be handled in sealed envelopes suitable for confidential documents, to be used only once and marked with a seal indicating the confidentiality of the contents upon opening, specifying the level of confidentiality.
5- Confidential documents must be delivered or received within or outside the institution using a delivery receipt form, noting the recipient's name and date alongside their signature upon receipt, with the forms retained by the sending entity.
6- The delivery of confidential documents should be conducted either by the sender themselves or by designated employees responsible for ensuring the prompt and safe delivery of the envelope to the recipient, who should be the designated individual or officially authorized to receive them.
7- Confidential envelopes may only be opened by the individual concerned with the document or by officially designated individuals authorized to open such envelopes.
8- The sending entity or individual must track the receipt of these documents through the automated system or delivery receipt form or personal contact with the recipient, within the expected timeframe for completing the delivery process.
9- In cases where a confidential document envelope does not have a number issued by the sending entity, the current date/SR (Model 330329/SR) should be recorded as a temporary issued number in the automated system, until the envelope is opened by the concerned individual, after which the issuing entity's number should be modified and the subject name updated in the automated system of the receiving entity.
10- Envelopes opened from general incoming mail that are found to contain confidential documents, as well as envelopes that have not been opened but are inadequately stored for handling confidential documents, should be re-enveloped in envelopes designated for handling confidential documents, with the sending entity's issued number noted (the temporary number in the absence of an issued number from the sending entity), and then the necessary procedures for sending them to the concerned department should be completed.
11- Each department must organize the handling of confidential documents and transactions in accordance with the nature and type of confidential transactions received or issued, ensuring their protection from loss, damage, or unauthorized access. This includes the following:
A- Designating a secure location accessible only to authorized personnel for storing the department's confidential documents.
B- Assigning one or more employees to this task if necessary.
C- Documenting the procedures and steps for handling transactions that contain confidential documents in collaboration with the development department, including the mechanisms for receiving and recording the transaction and processing it, ending with the response to the concerned entity.
Responsibilities:
The responsibility for updating this document as needed lies with the Administrative Affairs Department.
Attachments:
1- Penal Law on Dissemination and Disclosure of Classified Information and Documents
References:
This document has been prepared after reviewing the following:
1- Circular No. 12457/T.D/75 dated 06/03/1433 H.
2- Circular No. 22272/M.B dated 25/08/1425 H.
3- Circular No. 8541/M.B dated 18/04/1424 H.
4- Circular No. 13211/N.Z/A.D dated 20/10/1417 H.
All previous instructions that contradict this document are canceled effective from the date of its issuance.
Sensitive Information
Update of the List of Collection Accounts of Government Authorities
This section is currently available only in Arabic, please click here to read the Arabic version.Cancellation of Transfer-Purposed Linkage of Aggregate Accounts of Government Entities Receiving Direct Revenues
This circular is currently available only in Arabic, please click here to read the Arabic version.Direct Government Revenues-Secretariats and Similar Bodies
This section is currently available only in Arabic, please click here to read the Arabic version.161000000157
This section is currently available only in Arabic, please click here to read the Arabic version.Banks Electronic Link with Ministry of Commerce & Investment
Watheq Webservice
Webservice URL :http://212.119.82.110/WatheqWS/Watheq.svc
Methods:
Method Name Get CRinfo By CRNo Input Field Datatype Desc Cr No string CR Number Output Cr lnformation Return information for a certain CR Method Name Get Cr List By NID Input Field Datatype Desc NID string National ID Output Cr List Return List of CRs by National ID Method Name Get Cr Related Input Field Datatype Desc Cr No string CR Number Output Cr Related Return all branches/main CR Number for a certain main/branch CR Method Name Get Manager lnfo By CR Input Field Datatype Desc Cr No string CR Number Output List Persons Information Return all Managers for a certain CR Method Name Get Manager lnfo By CR Input Field Datatype Desc Cr No string CR Number Output List Persons Information Return all Managers for a certain CR Method Name Has CR Input Field Datatype Desc NID string National ID Output Boolean Check if Cr is Exists by entering a National ID 3- Objects:
Object Name ListPersonsInformation Field Datatype Desc Informations List <PersonInformation> List of (Persons Information) Error Code int Error Code Object Name Person Information Field Datatype Desc Name string Person Name NID string National ID NID Created Date string Created Date of National ID Location string Location Nationality string Nationality Birth Date string Birth Date Relation Type string Relation Type Card No string Card No Object Name Cr Related Field Datatype Desc Informations List<CrRelatedInfo> List of (Related CRs) Error Code Int Error Code Object Name Cr Related lnfo Field Datatype Desc CR string Cr Number CR Type string Return ‘Main’ or ‘Branch’ Object Name CrList Field Datatype Desc Informations List<CrListInfo> List of (CR Relation information) Error Code int Error Code Object Name Cr List lnfo Field Datatype Desc CR string Cr Number Relation Type string Cr Relation Type Object Name Cr lnformation Field Datatype Desc Name string Name Created Date string CR Created Date Cr Type string CR Type Bus Type string Business Type Location string Location Activities string Activities Capital string Capital Address string Address POBOX string PObox Zip Code string Zip Code Phone Number string Phone Number Fax string Fax Status string Status Expired Date string Expired Date Error Code int Error Code 4- Header (Authentication)
Username Username Password Password 5- Errors Codes :
Error Code
Description 0
Success with value returned -1
Success without value returned -2
Error - No header authentication -3
Error - Wrong username or password Webservices specification
1. Get Contract lnfo
Operation name Get Contract lnfo Description Get company contract information from MCI output Contract details Provider MCI (Thiqah) Consumer Bank Field Datatype
Desc
Input
Bankid String
رمز البنك Password String
الرقم السري للخدمة Contract No Int
رقم عقد التأسيس Output
Contract lnfo String
رقم العقد Contract Date String
تاريخ القد Trade Name String
الاسم التجارى Business Type int
نوع المنشأة: مؤسسة فردية، شركة ذات مسؤولية محدودة ، شركة مساهمة مغلقة .الخ HQ Location String
المدينة(المركز الرنيسى للشركة) Purposes String
آغراض الشركة Period Int
مدة الشركة بالسنوات Capital long
رأس المال(ريال سعودي) No Of Shares Int
عدد الحصص Share Value Int
قيمة الحصة (ريال سعودي)
Owners
object بيانات الشركاء والمدراء Field Data type Desc
IDNO
string
رقم الهوية او السجل التجاري Id Type
int
(هوية وطنية، سجل تجارى) Name
String
اسم الشريك Partner Type
char
فرد = ,P شركة =c Relation
string
الصفة (شريك ، مدير..الخ) Shares
Int
عدد الحصص للشريك Nationalty
String
الجنسية Gender
Char (M or F)
() الجنس 2. Submit Capital Deposit
Operation name Submit Capital Deposit Description Update MCI with capital deposit details output Int (explained below) Provider MCI (Thiqah) Consumer Bank Field Datatype Desc Input
Bankid
String
رمز البنك
Password
String
الرقم السري للخدمة
Contract No
Int
رقم عقد التأسيس
Deposit RN
Long
رقم الايداع
Capital
Long
رأس المال
Bank Branch
String
فرع البنك
Deposit Date
Datetime
تاريخ الايداع
Output
1
Success -1
خطأ في بيانات الدخول -2
سبق تحديث العقد من قبل -3
رقم العقد غير صحيح -4
رأس المل غير صحيح
Current opening company process
In the current method, Users apply for the company contract online through the ministry's website. Then the ministry review's the application, issue the company contract, and document it. Then user need to capital deposit and get the capital deposit certificate from the bank. Users give capital deposit certificate to the ministry to get the commercial registry. Finally, users give the commercial registry information to the bank to open the bank account. This process takes about 5 to 7 business days.
Future opening company process
Users apply for the company contract online through the ministry's website. The ministry gets the application in a well-organized form and reviews it. The ministry documents the contract and informs the user. User goes to the bank for capital deposit. Bank informs the ministry with the capital deposit. The ministry issues commercial registry and give its details to the bank. Finally bank open the account, Throughout this process, users can check the status online. This process takes about 2 business days.
Advantages of Company e-Contract System
For Users:
- No need to visit the Ministry of Commerce and Industry.
- Ability to request company e-contract from anywhere.
- Ability to check request status electronically.
- Getting the e-contract in shorter time.
For MCI:
- Automatic authentication about users
- Process request in an effective and efficient way.
For Banks:
- Ability to check documents for forgery.
- Dealing directly with the ministry.
Client Balance Statement
Directorate General of Banking Control
No. 16323/BC/319
Date: 22/12/1405 H.
(7/9/1985 A.D.)
Urgent & Confidential
Circular to All Banks Operating in The Kingdom
HE the Manager
Greetings,
SAMA has received a cable from HE the Minister of Finance & National Economy No. 5200/405, dated 17/12/1405 H requesting it to emphasize on banks operating in the Kingdom to comply with all instructions regarding the disclosure of client balances.
SAMA, therefore, calls on banks to comply with its circulars No. BC/212, dated 24/12/1390 H., circular No. BC/320, dated 4/11/1392 H., circular No. M/l/383, dated 23/12/1392 H„ circular No. M/l/8, dated 14/1/1400 H. and circular No. BC/160 dated 2/9/1400 H., regarding SAMA instructions to comply with the common rule of not disclosing any information except through SAMA and to reject any request for information.
SAMA calls on all banks in the Kingdom to abide by such instructions and to require same from all their branches and to acknowledge receipt of this circular.
Regards
Director General of Banking Control
J. A. Al-Suhaimi
Dealing With Private Civil Security Companies
Banking Control
No.: 14131/BCP/855
Date: 7-11-1417 H
Circular to All Banks Operating in The Kingdom
Greetings,
SAMA has received the letter of HE the Minister of Finance and National Economy No. 3/11534 dated 22-10-1417H, attached thereto a copy of a cable by HRH the Minister of Interior No. 3/1453/1 dated 9-10-1417H, which stressed on banks to comply with the provisions of HE's previous decision No. 7 dated 22-1-1413H and not to contract with any company or establishment which provides the service of private civil security guards and does not have a valid license from the Ministry of Interior, General Security, to perform this service. Banks were also instructed not to include the civil security service in contracts with O&M companies and establishments, but to contract directly for this service with companies and establishments that are licensed to provide this service.
For your information.
Regards,
Assistant Director General of Banking Control
M. A. Nashar
Deputy Governor
No.: 01544/BCI/75
Date: 2-2-1417 H
Confidential / Very Urgent
Circular to All Banks Operating in The Kingdom And Licensed Money Exchangers
Greetings,
SAMA has received a letter from HE the Director of General of Security No. 3/17/1 dated 3-1-1417H, together with a copy of the Special Security Rules issued by General Security. Article (17) of the Rules specified the conditions of the security guard, the most important of which is to be a born Saudi.
In his letter, HE the Director of General Security asked us to urge all banks to benefit from these Rules and to engage only Saudi citizens to guard their premises, either directly or through a contract with a licensed firm to provide them with this service.
SAMA has also received the circular of HE the Director of General Security No. 3/3563/1 dated 3-12-1416H, noting that HRH the Vice Minister of Interior has ordered security patrols on 26-10-1416H to withdraw all foreign civil security guards from service and deport them at the expense of the company or establishment that hired them.
Hence, banks are requested to comply with the Special Security Rules (copy attached), and in particular not to accept any foreign guard supplied to them by security firms or directly engage any foreign security guard.
Please be informed and act accordingly.
Deputy Governor
J. A. Al-Suhaimi
Deputy Governor
No.: BC/263
Date: 3-7-1412 H
(7-1-1992A.D)
Circular to All Banks Operating in The Kingdom
Greetings,
In his letter to SAMA No. 738 dated 22-6-1412H, HE the Director of General Security explained what was meant by the first paragraph of the Council of Ministers Decision No. 15 dated 9-2-1412 which reads as follows: 'Banks and other important companies and establishments, to be defined by the Minister of Interior, must keep special civil security guards on their premises within the scope that shall be defined by the Minister of Interior, provided such guards shall be stationed inside and at the doors of banks and other companies and establishments. The outside security will be handled by the security forces'.
HE explained that 'outside security’ means motorized and foot patrols and that the rules which will be issued soon will explain this point. In view of the importance of keeping outside security at the doors of banks for 24 hours a day, during and outside regular office hours, to protect these premises and timely notify security authorities of any suspected person, HE asked us to instruct the banks to keep practicing the same outside security measures as before,
Hence, SAMA urges you to comply with the directions of HE the Director of General Security in this regard and to notify your branches accordingly to keep security guards at the door of banks and branches for 24 hours a day. Please acknowledge receipt.
Receipt,
DeputyGovernor
J. A. Al-Suhaimi
Banking Control
No.: 13694/BC/453
Date: 14-12-1411 H
(26-6-1991A.D)
Circular to All Banks Operating in The Kingdom
HE The Manager
Greetings,
It has been lately noticed that an increasing number of cars owned by bank clients are being stolen while parked in the parking lots of banks and commercial markets. The criminals track their victims when they go in to withdraw money and when they leave. Accomplices inside the bank will be watching the client and then he will be chased and rubbed at the first convenient opportunity.
We would like you to urge security guards inside and outside your branches to be always on the alert and to notify security authorities (Police Operations 999) of any suspicious person, his car number and descriptions to take swift security measures to put an end to such crimes.
Regards,
Assistant Director General of Banking Control
M. A. Nashar
Deputy Governor
No.: 8009/BC/262
Date: 11-7-1411 H
(26-1-1991A.D)
Confidential / Very Urgent
Circular to All Banks Operating in The KingdomGreetings,
According to a cable from HRH the Minister of Interior No. 4835/2/R dated 1-7-1411H, communicated to us by the cable of HE the Minister of Finance and National Economy No. 3/R/1138 dated 6-7-1411, it was noticed that some bank branches have not taken the necessary civil security measures, in terms of number of guards or equipment. These branches are either relying on local police protection, without themselves sharing any responsibility in protecting their funds and property, or their head offices have failed to supply them with sufficient guards and weapons.
HRH requested us to stress on all bank head offices and branches throughout the Kingdom to comply with civil security instructions and to supply the guards with adequate weapons that can be used according to specific rules and instructions, in view of the importance of security under present conditions.
Consequently, SAMA stresses on banks to comply with instructions already communicated to them in this respect, such as a providing sufficient number of security guards in all their branches and supplying the guards with sufficient arms and ammunitions, to be used by Saudi guards of banks and money exchange firms, according to the controls issued by the General Security of the Ministry of Interior and communicated to you via our circular No. 9721/BC/288 dated 22-8-1407H.
Please be informed and acknowledge receipt.
Receipt,
DeputyGovernor
J. A. Al-Suhaimi
Banking Control
No.: 3633/BC/100
Date: 27-3-1411 H
Circular to All Banks Operating in The Kingdom
Greetings,
Reference our circulars No. BC/288 dated 22-8-1407H and No. BC/243 dated 18-9-1408H, regarding compliance with the controls of arm-carrying by Saudi guards of banks and money-exchange firms,
SAMA has received the letter of HE the Director of General Security No. 475/A dated 19-3-1411H, noting that some banks are not complying with such instructions. HE asked us to notify banks and money exchangers and stress on them the need to comply with the controls of arm carrying by the guards of banks and money exchange firms and to supply their guards and the guards of their branches with adequate fire arms and electric sticks.
SAMA, therefore, calls on you to implement these instructions and to notify your branches to act accordingly. You may apply to the Ministry of Interior to obtain your need of these items if you do not have them. We are attaching herewith a copy of these controls.
Please acknowledge receipt.
Regards,
Assistant Director General of Banking Control
M. A. Nashar
Disclosed Account Numbers, Balances and Status Shall be Indicated in the Response Letters to SAMA's Requests
This section is currently available only in Arabic, please click here to read the Arabic version.Ease of Process for Disbursing Funds From Charity Organizations
This section is currently available only in Arabic, please click here to read the Arabic version.Emergency Planning in Saudi Banks
Saudi Central Bank has lately prepared a survey of emergency planning by Saudi banks and found out that all banks are aware of the importance of such planning. It was also revealed that there is a great difference in the nature and extent of such planning. The purpose of this memorandum is to advise banks of the most important points to be covered as a minimum by applying the following procedures:
1. Account Books And Records - The Information system and Important Documents:
1.1.
Each bank must keep its extra account books and records in a different place, preferably in another city, including ledgers, trial balances and other books related to original entries. Each bank should do this on a daily basis depending on the volume and size of its operations.
1.2.
Each bank must be sure of keeping additional copies of the Information System (the main software) in another place and conduct tests to make sure of its ability to retrieve its system the soonest possible.
1.3.
Banks have to arrange for stand-by computers to be available for use the soonest possible in case of emergency. They must arrange with a service office or any other establishment through which they can use such computers, and they have to test this arrangement to make sure that it is workable.
1.4.
All original documents and micro films must be kept in well protected places with keeping extra copies thereof.
2. Clients Services
2.1.
Banks must prepare plans for providing all kind of service for their clients in case of emergency, specially banks that are not yet fully connected electronically with their branches, banks that use the decentralized system and banks that use the manual system.
2.2.
Banks have to be sure of keeping extra copies of client information and signature cards (whether original or copies) in another place in order to be able to provide the service with no interruption in case of emergency.
2.3.
Banks must make sure of having adequate procedures that ensure the availability of sufficient amount of Saudi Riyals at all times.
2.4.
Banks have to be sure of having adequate procedures to ensure the feeding of ATM's in case of emergency.
2.5.
Banks must have adequate procedures to keep a sufficient amount of foreign cash and traveler checks to meet the urgent needs of their clients.
3. Liquidity
3.1.
Banks must have plans to keep sufficient liquidity at all times. Such plans must define the method of securing liquidity in the event of a rush on liquidity.
3.2.
Such plans must also take into consideration the maturity date of the bank's assets and the possibility of converting such assets into cash.
4. Instruction to Managers and Employees
4.1.
Senior management and managers of banks in branches and at the regional level must be fully acquainted with the bank emergency plans within their responsibilities. They must also be acquainted with procedures guides for all operations and how to take decisions in case of emergency.
4.2.
It is preferable for the purpose of clarity and harmony, that instructions to the bank high-senior officers, regarding emergency procedures, be brief and in writing, instead of verbal instructions.
4.3.
Brief and written instructions, regarding the opening and closing of a branch in case of emergency, must be observed.
4.4.
Such instructions must include the method of contact between the branch and the regional management and head office, as well as the head office and branches of Saudi Central Bank and the concerned security agencies.
5. Compensation for Occupational Accidents And Other Facilities
5.1.
Banks must observe equality and fairness among their employees and must not encourage favoritism or programs in favor of a group against the other.
5.2.
Banks must not develop any program regarding the evaluation and compensation of an employee in an emergency case, thus creating a precedent in the banking industry which may not be matched by other banks
Saudi Central bank welcomes the opinion of banks regarding any issue that was not covered by this memorandum, and they can contact Banking Control for any proposal they may have on the subject.
Emphasizing that Except through the Saudi Civil Authority for Relief and Charitable Works Abroad, no subsidy Shall Be Disbursed Outside the Kingdom
This section is currently available only in Arabic, please click here to read the Arabic version.Examining the Cheques Before Cashing
No. /BC/196
Date: 11-11-1400 H
(20-9-1980A.D)
Confidential
Circular to All Banks Operating in Saudi Arabia
HE the General Manager
Greetings,
In our previous circulars No. BC/94 dated 20-5-1400H, No. BC/52 dated 19-3-1400H, No. BC/35 dated 26-1-1399H and No. BC/204 dated 16-4-1398H, we urged you to carefully examine the checks before cashing, to record all required personal information about the client to have it available for the concerned authorities, if need be, and to safe keep the bank seals and documents in secure coffers.
Given the increase in counterfeit operations, whereby withdrawals from the accounts of some establishments and individuals have been made with forged signatures or endorsements, usually with the knowledge of the employees of such establishments and individuals,
We call on you to once more alert your concerned staff to examine the checks before cashing, verify the ID of the person presenting the check, verify the signature of the drawer and instruct bank clients to keep their checkbooks in a safe place accessible only to authorized employees.
Please notify all your branches accordingly and acknowledge receipt.
Regards
For The Director General of Banking Control
A.S. Balamash
CC.:The Office of HE the Governor
The Office of HE the Vice Governor
Banking Control (3 copies)
Exclude Banknotes Bearing Offensive Phrases or Words and Hand them Over to the Saudi Central Bank or one of its branches
No. BC/155
Date: 23-8-1400 H
(6-7-1980 A.D)
Urgent & Confidential
Circular to All Banks Operating in The Kingdom
HE the Manager
Greetings,
SAMA has received a copy of a letter by HRH the Minister of Interior No. l/S/340 dated 16-8-1400H, addressed to HE the Minister of Finance & National Economy, regarding some non-ethical terms written by some people on banknotes or addressed to certain persons.
Since this is a non-ethical conduct, SAMA calls on all banks to review and reject banknotes that carry such writings and deliver same to SAMA or one of its branches and advise the Emirate where such conduct was practiced to investigate the matter.
Please acknowledge receipt and notify all your branches.
Regards,
Director General of Banking Control
O. A. Sujaini
CC.:The Office of HE the Governor
The Office of HE the Vice Governor
Banking Control (3 copies)
Exempting all Bank Employees and their Branches from the Requirement to Leave for Mosque During Prayer Times
The Office of The Governor
No.: 2028/BC/44
Date: 10-2-1406 H
(24-10-1985A.D)
Confidential /Urgent
Circular to All Banks Operating in The Kingdom
HE the Manager
Greetings,
SAMA has received a copy of a letter from HRH, the Governor of Riyadh, the original of which was addressed to His Honor the Head of the Committee for the Propagation of virtues and Prohibition of Vices in Riyadh, No. 820/R dated 2/2/1406H, allowing the employees of banks and their branches, as an exception, to stay at the bank rather than go to the mosque during prayer hours. But the banks are required to prepare a suitable prayer place for the employees to be able to pray therein during prayer time, pursuant to Royal Order No. 31601 dated 7-11-1395H, based on the duty of performing prayers at praying time in accordance with the teachings of Islam.
The reason for this is that commercial banks and branches throughout the Kingdom are of great significance in so far as they are responsible for the preservation and protection of citizens' funds, which, on one hand, may be at risk if the employees leave their offices, and due to the great difficulty in opening and closing client accounts and computers, on the other hand. Furthermore, security procedures will have to be modified during office hours if the employees leave their offices for prayer.
Regards
The Governor
H. Al-Sayari
CC.:The Office of HE the Governor
The Office of HE the Vice Governor
Banking Control (3 copies)
First Update of the Operating Rules of Self-Supervision Units and Committees in Financial Institutions
This circular is currently available only in Arabic, please click here to read the Arabic version.For COMMERCIAL BANKS And TRANSPORTING COMPANIES
SAUDI ARABIAN MONETARY AGENCY
BANKING CONTROL
OPERATION PROCEDURE
For COMMERCIAL BANKS
And TRANSPORTING COMPANIES
SYNPSIS
This objective of this procedure is to establish and maintain standards for the Cash in Transit Teams with regard to the executions of their operations and the requirements of the means of transportation.
1.0 INTRODUCTION
This Procedure describes the requirements for the Cash in Transit Team, covering their responsibilities and activities related to the execution thereof. The requirements for the method of transportation, vehicles and equipment are laid down as well.
2.0 PERSONNEL
2.1 Selection requirements
The selection of personnel for the execution of Cash in transit has to be approached very seriously. Before a person can be appointed to be trained for the job one has to be convinced to be trained for the job, one has to be convinced that such a person has a stable character, can handle panic and emergency situations and will be devoted to his accountabilities. It should also be insured that he has, no criminal record, or has not been previously dismissed for defalcation or fraud. And in-depth vetting (investigation) has to be part of the selection procedure.
2.2 Training requirements
2.2.1 Basic off-the job training
The basic off-the-job training requires at least 3 days covering the following subjects:
* Introduction to Cash in Transit.
* Concepts of risk reduction
* Operational procedures
* Vigilance
* Vehicle familiarization
* Communication procedures
* Emergency procedures
* Health and safety
* Service standards
* General customers information
2.2.2 Basic on-the job training
The basic on-the job training requires at least 2 days which should cover the following subjects:
* Secure transportation of cash and valuables
* Technical inspection of vehicle and other equipment
* Rules and responsibilities of team members
* Route planning
* Collection and delivery of consignments
* Communication activities
* Response in emergency situations
3.0 COMFPOSITION OF TEAMS
All Cash in Transit Team-members must have the Saudi nationality. Each Cash in Transit Team must be composed of Three individuals, as follows:
* One Driver/observer
* One Security Guard/escorted
* One Runner/Team Supervisor
Each member of the Team must have an Identity Card, describing name, ID number, photograph, date of issue and expiry and his signature. A copy of this Identity Card bas to be in the possession of the Bank and customer.
4.0 RESPONSIBILITIES AND TASKS OF TEAMS
Generally, one member must be in charge Team Supervisor) and responsible for ensuring that the designated work is carried out properly and that procedures and instructions are observed. This does not free the other members from their individual responsibility for complying fully with their organization's procedures and instructions.
4.1 The Driver
The Driver’s main responsibility is the condition of the vehicle and safe driving. Before the Team starts their first collection/delivery, he has to control and chock the roadworthiness of the vehicle every single day. See Attachment A: Vehicle Check List
During the entire time that the vehicle is in use for Cash in Transit, he is not allowed to leave the vehicle. If it is absolutely necessary to leave the vehicle, i.e., accident, the Security Guard will take the Driver's seat immediately. The Driver will keep the doors of the cabin locked at all times. During the collection/delivery of consignments from/to customers, he will at all times observe the Cash in Transit operation and the neighborhood.
4.2 The Security Guard
The main responsibility of the armed Security Guard is to watch and secure the operations. During the on-the-road-time, the Security Guard will sit beside the driver. He will at all times guard the consignments during collections/deliveries. On arrival at the customer's location, he will observe and investigate the neighborhood and entrance of customer's location. He will escort the runner in such a way and maintain convenient distance that he will be able to (re)act if criminal or other emergency situations occur.
4.3 The Runner
The Runner will be in charge and carries the final responsibility. He has to test and ensure that before the operations starts each day, the security and safety equipment of vehicle and Team members are in a good condition.
See Attachment B: Equipment Check List
He must check that the Cash and Valuables boxes/bags are not damaged, the lockers are working properly and that the seals are the correct ones and are not damaged. it is his responsibility also to handle all the documents related to the Cash in Transit operations as described in the procedures and instructions.
During the on-the-road-time, the Runner will stay in the cash area of the vehicle. He will lock the door from the inside and keep the key of the door in the cash area with him at all times.
5.0 VEHICLES
It is imperative that transportation of cash and valuables above the value/amount of Two Hundred Thousand Saudi Rivals (SR 200,000.00 or the equivalent in foreign currency, is implemented with the use of armoured vehicles.
For the Cash in Transit within the Kingdom of Saudi Arabia, Four categories of vehicles are required.
Category 1: For the transport of up to SR 200,000. =
Category 2: For the transport of SR 200,000. = to SR 500,000.=.
Category 3: For the transport of SR 500,000. = to SR 5,000,000. =.
Category 4: For the transport of above SR 5,000,000. =
The technical standards and security specifications of these Categories of vehicles are laid down in Attachments C and C1.
All Cash in Transit vehicles must be equipped with at least:
* Cash and valuables boxes
* These boxes must be constructed of metal, must be tamper-proof and provided with a security (pad)lock.
* First Aid box
* Fire extinguisher (ABC-type)
CASH IN TRANSIT OPERATION PROCEDURE
* Communication equipment (radio or telephone)
* Intercom (between driver's cabin and vehicle's cash area)
* Alarm system (i.e. siren and strobe light)
* Documents:
- Phonetic alphabet list
- Daily trip sheet
- Delivery/Receipt forms
- Accident reports
- Incident reports
- Daily activity report
6.0 CONTAINERS
Cash and valuables for transportation must be stored and sealed by the customer in one of the following (fully tamper-proof) type of containers:
* Canvas container:
A canvas bag with a double flap with eyelets for passing a unique numbered string or a metal strip seal through.
* Cases / Boxes:
Cases or boxes, made of heavy-duty plastic or metal, equipped with space for a unique numbered seal.
* Self-sealing containers:
Self-sealing containers made of thin-gauged plastic, individually coded and/or numbered.
7.0 COLLECTION AND DELIVERY OF CONSIGNMENTS
The operation of collection and delivery of consignments is sensitive and accordingly requires close attention and concentration of the Cash in Transit Team. In addition to common sense, the following elements have to be considered.
7.1 Road/driving behavior
Before the daily trip, the Team members must be familiar with the Daily-trip-sheet and plan their route in advance, by choosing busy traffic roads and avoiding bottlenecks known or their traffic jams during certain hours. The routes and times of the daily trips have to be changed frequently.
CASH IN TRANSIT OPERATION PROCEDURE
7.2 Accidents and risk situations
When involved in a traffic accident and the vehicle is still in a good mechanical condition, the Driver or Security Guard should provide the involved third party with a card containing name, address and telephone number of the Bank/Transporting Company. This card must be handed over through the window Immediately afterwards, the Team should drive to the nearest Police patrol car or Police Station to report the accident and at the same time inform their Bank/Company using the mobile telephone of the vehicle or the telephone in the Police Station.
If the vehicle is not mechanically fit to drive, the Security Guard should go to a nearest telephone to call the Police (999) and after that the Bank/Company. Immediately after the calls, he should stay near the vehicle to secure it. The other two Team members should stay inside the vehicle with all the doors locked.
In case of (suspicious) situation attempt for a hold-up, the Team must drive away immediately and report to the nearest Police patrol car or Police Station. As soon as possible, they should inform their Bank/Company as well.
7.3 Collecting consignments
* Park the vehicle as close as possible to the collecting (pick-up) point, in principle with the vehicle-door in front of Customer's service-door.
* Check the surroundings for people at collecting points with no obvious reason to be there. Be also aware of parked vehicles with a driver and/or more people inside.
* Check each container to ensure it is undamaged, correctly labelled and sealed.
* Hand-out a correctly completed receipt for each container.
* If more than one container has to be collected, sign for it and carry only one container at a time.
* The Security Guard must observe the area at all times.
7.4 Delivery of Consignments
- Park the vehicle as close as possible to the collecting (pick-up) point, in principle with the vehicle-door in front of Customer's service-door.
- Survey the location before leaving the vehicle, making sure there are no suspicious characters or vehicles (manned) in the vicinity of the delivery point.
- The receiving customer has to be informed to be ready for receiving before the delivery operation starts.
- If more than one container has to be delivered, deliver one and let the receiving customer sign for receipt before the next one is handled.
- The Security Guard has to observe the carrier until he is out of sight and keep his attention further to the vehicle and surroundings.
7.5 Discrepancies
If a container shows any outside sign of tampering or is found to be not securely sealed or locked, it has to be refused. The acknowledgement of receipt should not be signed.
8.0 ATACHMENTS
A. Vehicle Check List B. Equipment Check List C. Categories of Vehicles C 1. Bullet Resistance 9.0 REFERENCES
- Corporate Security Manual
- Internal Bank Procedure Cash in Transit
Informing Authorities About Any Suspicious Transaction
This section is currently available only in Arabic, please click here to read the Arabic version.Machines for Detecting Counterfeit Currency
The Office of The Vice Governor
No.: 13873/VG
Date: 9-1-1402 H
(30-6-1982A.D)
Confidential
Circular to All Banks
Operating in The Kingdom
HE the General Manager,
Based on a proposal by HRH the Vice Minister of Interior, communicated to SAMA by HE the Minister of Finance and National Economy, which requires all commercial banks and branches to have machines for detecting counterfeit currency to be used by those in charge of changing currency to ensure that no counterfeit banknotes slip in with genuine banknotes,
SAMA suggests the following procedures to be followed by banks and branches:
- Training all employees who deal with local and foreign currency on how to examine the banknotes and verify they are genuine, and acquainting them with the traditional method of examining the main features such as the water mark, the security line, the type of printing and the ink.
- Using simple examination machines such as 'UTERA VIALET' and other more sophisticated machines which count, arrange and examine banknotes.
SAMA urges all banks to implement those proposals the soonest possible.
Vice Governor
H. S. Al-Sayari
Mortgage Products with the Variable Cost for Individuals
This circular is currently available only in Arabic, please click here to read the Arabic version.Opening Accounts: Complaints from Charities and Beneficiaries of Grants and Subsidies
This section is currently available only in Arabic, please click here to read the Arabic version.Plan to Raise Awareness of Fraud and Scams among Banked Customers
This section is currently available only in Arabic, please click here to read the Arabic version.Providing the Necessary Civil Security for Bank Branches in Terms of Personnel and equipment
According to a cable from HRH the Minister of Interior No. 4835/2/R dated 1-7-1411H, communicated to us by the cable of HE the Minister of Finance and National Economy No. 3/R/l138 dated 6-7-1411, it was noticed that some bank branches have not taken the necessary civil security measures, in terms of number of guards or equipment. These branches are either relying on local police protection, without themselves sharing any responsibility in protecting their funds and property, or their head offices have failed to supply them with sufficient guards and weapons.
HRH requested us to stress on all bank head offices and branches throughout the Kingdom to comply with civil security instructions and to supply the guards with adequate weapons that can be used according to specific rules and instructions, in view of the importance of security under present conditions.
Consequently, Saudi Central Bank stresses on banks to comply with instructions already communicated to them in this respect, such as a providing sufficient number of security guards in all their branches and supplying the guards with sufficient arms and ammunitions, to be used by Saudi guards of banks and money exchange firms, according to the controls issued by the General Security of the Ministry of Interior and communicated to you via our circular No. 9721/BC/288 dated 22-8-1407H.
Regulatory Controls for Credit and ATM Cards
Banking Control
No.: 4225/BC/146
Date: 5-4-1415 H
Confidential
Circular to All Banks Operating in The Kingdom
Greetings,
SAMA has noticed that the banks are facing several legal disputes in connection with the issuance and delivery of credit and ATM cards due to the absence of adequate controls over the delivery of such cards to their owners and the consequences resulting therefrom.
SAMA has conducted an extensive study of the subject and came out with the following supervisory controls that will protect their cards:
I. ATM cards
- A special application form must be prepared for issuing an ATM card containing personal data on the client, the date of application, his approved signature at the bank and the signature of the bank employee preparing the application.
- The signature of the client on the application must be verified, stamped by the conformity stamp and initialed by the concerned employee.
- Acopy of the application shall be kept by the receiving branch and the original copy shall be sent to the general management of the bank to complete the procedures of issuing the card.
- Card must be sent to client by registered mail, not regular mail, to ensure safe delivery to the client in person and rule out its loss on the way. The card should not be sent in an envelope which may reveal its contents.
- In the event the card is delivered by the branch, the card must be in the custody of a specific employee and the secret code in the custody of another employee.
- Each branch should have a special register for receiving and delivering the cards to clients. The data on the card should be recorded in this register immediately upon its receipt from the general management, along with the date of delivery to the client and the name of the employee who received and delivered the card.
- Cards should be officially delivered by having the client sign the delivery report with his approved signature at the bank after verifying his ID and recording the data therein.
- Clients should be guided to keep their secret code confidential and not to disclose it to others by writing such guidances or the code on the envelope of the card.
II. Credit Cards
- Credit cards shall be sent directly to the branch, if the owner is a client of the bank, or to the nearest branch to the address of the card owner if he is not a client of the bank and wishes to receive it direct through a branch of the bank. The process of keeping, receiving and delivering the card to the client is subject to the above-mentioned controls.
If the owner wishes to receive the card on his private address, the card should be sent to him by registered mail, provided the card will not become operative until the bank receives a written notice from him, signed by his approved signature at the bank, confirming that he has received the card by registered mail or through one of the bank branches, or until the bank receives the first phone call from a merchant requiring the bank to approve a transaction for the card holder and the bank is sure of the card holder.
Please comply, notify your branches to act accordingly and acknowledge receipt.
Regards,
Deputy Governor
J.A. Al-Suhaimi
SAMA Approval for Opening Bank Branches Outside the Kingdom
No.: 13520/BC/1186
Date: 26-9-1404H
Confidential
Circular to All Banks Operating in The Kingdom
HE the Director General
Greetings,
Reference the opening of branches outside the Kingdom, if need be, and the importance of obtaining a prior license from SAMA for that, we hope the bank will not take any action or make any contacts with foreign states regarding the opening of a branch before taking a preliminary approval from the Ministry of Finance, through SAMA, to avoid any embarrassment in international relations.
For your information and compliance.
Regards,
Acting Governor
H. S. Al-Sayari
SAMA Rules for Minimum Security Procedures in Saudi Banks
The Governor
No.: 485/BC/36
Date: 7-1-1416 H
From: Saudi Arabian Monetary Agency-H.O Riyadh
To: All Saudi Banks
Attn: Managing Directors/General Managers
Subject: SAMA Rules for Minimum Security Procedures in Saudi Banks
1. Introduction:
As you are aware in 1993 and 1994, members of the Joint Security committees (From SAMA, Emirates of various Provinces, and various Police Departments) visited all branches of Saudi Banks to review the implementation of the existing security requirements. These Committees identified many weaknesses and made recommendations including the need to update and consolidate the existing requirements contained in various SAMA circulars into comprehensive minimum standards. They also recommended a follow-up after such requirements were issued.
Following this review, the Agency in consultation with the managing Directors and General Managers of Saudi Banks, initiated a comprehensive survey of security procedures in the Banks. The results of the Survey which identified many weaknesses and deficiencies were shared with Banks' management. The Agency also commissioned the updating and consolidation of existing circulars into a set of minimum-security standards.
2. Security Standards and Requirements Covered:
Subsequently, the Agency issued draft minimum requirements and standards for Security in the following areas:
- Minimum Requirements for Security Systems.
- Standards for Corporate Safety, Health and Environmental manual.
- Standard for Corporate Security manual.
- Minimum Requirements for Physical Security.
- Internal Bank Procedure for Cash in Transit.
- Cash in Transit Operating Procedures for Commercial Banks and Transporting Companies.
- Security Guards Work Instructions-For H.O and Regional Offices.
- Security Guards work Instructions-For Branches.
These draft documents were issued to the Banks in November 1994 and their written comments were received in December. Further consultations and discussions also took place with the Saudi Banks, and as a result some changes and revisions were made to the draft documents before they were finalized.
3. Security Officer:
Saudi Banks are required to appoint a senior Saudi officer in charge of all Security related matters. He should be responsible for the design, planning and implementation of Security standards, procedures and systems covering all aspects of physical and technical security aimed at safeguarding the assets and operations of the Bank.
The designated officer should be a competent security professional who has appropriate experience, technical knowledge, and skills in Security related matters. He should be fully responsible for ensuring the implementation of the Bank's and SAMA Security requirements.
4. Implementation Plan:
A detailed implementation plan is attached as appendix l to this Circular. The Banks are required within 30 days after the final implementation date to provide a certificate to the Agency from a reputable domestic or international security consultant that these requirements and standards have been implemented.
5. Effective Date:
With this Circular we are forwarding to you the final Minimum-Security requirements which supersede previous SAMA Circulars on this subject. The effective date for the implementation of these Requirements is 1 July 1995.
In due course representatives from SAMA and the Joint Security Committees will carry out on-site visits to the premises of Banks to ensure they have implemented these requirements. The failure by a Bank to meet the requirements and standards could lead to penalties prescribed under the Banking Control Law.
Governor
Hamad Al-Sayari
SARIE Collateral Policy and Limits
This section is currently available only in Arabic, please click here to read the Arabic version.1 Introduction
In accordance with the Charter of the Saudi Arabian Monetary Agency (SAMA) issued by Royal Decree No 23 dated 23/5/1377H, Banking Control Law issued by Royal Decree No M/5 dated 22/2/1386H, other pertinent laws of the Kingdom of Saudi Arabia and the SARIE Operating Rules and Regulations - Version 3.0 (ORR) issued by SAMA dated 1/12/1425H, this policy is issued by SAMA governing the provision of Intra-day Debit Limits, Overnight Covering and Collateral requirements.
In pursuance of best practice principles and recommendations for financial settlements in Real Time Gross Settlement (RTGS) systems, and to facilitate faster clearing and settlement of transactions, SAMA shall allow SARIE participants to obtain an Intra-Day Debit Limit facility, which is fully collateralised with Eligible Collateral of the types specified later in this policy document. The intra-day debit limit is the maximum debit balance permitted on a Participant's account at any point during the Operational Phase of the SARIE system.
Overnight Covering may, at the discretion of SAMA, be granted to a SARIE Participant who is unable to fully discharge any debit balance in their SARIE account before the end of the Operational Phase of SARIE subject to the conditions set out below.
2 Participants’ Accounts
2.1 Accounts at SAMA
Each Participant must maintain a current account at SAMA (the “Participant’s Account”). The current account must be maintained in accordance with SAMA’s banking conditions from time to time.
2.2 Debit Balances
SAMA may in its sole discretion permit a Participant’s Account to be in debit intraday within the limits and for the periods allowed by SAMA. The limit and periods are together called the “intra-day debit limit” SAMA may change an intra-day debit limit during the Operational Phase if in SAMA’s opinion there are exceptional circumstances, but will not do so if this would cause a Participant to be in breach of its limit. All intra-day debit balances on a Participant’s Account must be discharged at the end of each Operational Phase and each Participant’s Account must be zero or in credit at all other times, except as SAMA may otherwise permit.
2.3 Collateral
All liabilities of a Participant in respect of any intra-day debit balance on its Participant’s Account must be fully collateralised in accordance with the requirements for collateral prescribed by SAMA from time to time (as detailed in section 5)
2.5 Responsibility for Liquidity
Each Participant is responsible for monitoring its Participant’s Account and its Liquidity so as to comply with the SARIE ORR. SAMA, may, but is not obliged to, monitor each Participant’s Account for compliance with intra-day debit limits.
2.6 SAMA as a Participant
The foregoing provisions do not apply to SAMA in its capacity as a Participant.
2.7 Accounts as Evidence
Each Participant’s Account maintained on SARIE is the record of the Participant’s current account and is binding on SAMA and the Participant in the absence of manifest error.
2.8 Information
SARIE provides reporting and enquiry facilities operating in near real-time, giving each Participant immediate visibility of the position in its Participant’s Account, enabling it to manage its Liquidity, and provides SAMA with the transaction functionality and reporting to enable it to exercise its powers as central bank and operator of SARIE.
2.9 Held Payments
2.9.1 Queuing
Except where it is expressly provided in the SARIE ORR that queuing does not apply to a particular Payment Message, where sufficient Liquidity is not available in a Sending Participant’s Account with SAMA, Payment Messages for that Participant will be queued by the Central System until sufficient Liquidity is available. If sufficient Liquidity is not available prior to the close of the Operational Phase of the Business Cycle, SAMA may cancel the queued Payment Messages without liability to the Participant, if they are not cancelled by the Sending Participant other than Clearing settlements.
2.9.2 Priorities
The Sending Participant, and SAMA with the approval of the Participant, may change the priority of the sequence in which its queued Payment Messages are to be paid by the Central System. Each Participant is responsible for managing its entry of Payment Messages and other instructions and for the queuing of its Payment Messages.
2.10 Priority Codes
- The priority codes are assigned by:
- SAMA for SAMA transactions
The Sending Participant for its originated same-day transactions
SARIE for:
- forward payments on their maturity date
- system generated transactions (e.g. clearing settlements)
2.11 Gridlock Management
2.11.1 Gridlocks
If the Central System will not settle transactions between two or more Participants by reason of the fact that each Participant has insufficient Liquidity which they would have if they could receive their queued incoming payments (“gridlocks”), SAMA may endeavour to resolve the gridlock by one, some, or all of the following actions with the approval and co-operation of the affected Participants:
- Re-prioritise a Participant’s queued transactions.
- Cause a selected number of different Participants’ transactions to be settled simultaneously, so as not to breach any Participant’s intra-day debit limit. A Participant’s approval is not required provided no change in payment sequence is made.
- Require Participants to increase their Liquidity.
- Cancel some of the transactions.
2.11.2 Responsibility
It is the responsibility of each Participant to manage its own Liquidity. SAMA has no responsibility to resolve gridlocks and has no liability for any steps taken by it to resolve gridlocks.
3 Overnight Covering
3.1 Overnight Covering
All intra-day debit balances on a Participant’s Account must be discharged by the end of each Operational Phase as stated in section 2.2 Debit Balances above.
The amount of the Overnight Covering must be rounded upwards to the nearest SAR 100, 000.00.
3.2 Charge
The failure by a SARIE Participant to reimburse the intraday credit at the end of the day for whatever reason shall render that Participant liable to the following penalties:
(a) If the Participant has a debit balance on its account at the end of the day for the first time within any 12-month period, then this Participant shall incur penalty interest calculated at a rate of three percentage points above the 3- month SIBOR on the amount of debit balance plus a surcharge of SAR 3,000.00; (b) If the Participant has a debit balance on its account at the end of the day for the second time within the same 12-month period, then this Participant shall incur penalty interest calculated at a rate of six percentage points above the 3-month SIBOR on the amount of debit balance plus a surcharge of SAR 6,000.00; (c) If the Participant has a debit balance on its account at the end of the day for at least the third time or greater within the same 12-month period, then the penalty interest and the surcharge shall be increased by three percentage points plus a surcharge of SAR 3,000.00 for each time additional to the last, that a debit position has occurred within this 12-month period.
Penalty Interest Rate Surcharge (a) First time If the participant has a balance on its account at the end of the day for the first time within any 12-month period, then: This participant shall incur penalty interest calculated at a rate of three percentage points above the 3-month SIBOR on the amount of debit balance. SAR
3,000.00
(b) Second time If the participant has a debit balance on its account at the end of the day for the second time within the same 12- month period, then: This participant shall incur penalty interest calculated at a rate of six percentage points above the 3-month SIBOR on the amount of debit balance. SAR
6,000.00
(c) Third time If the Participant has a debit balance on its account at the end of the day for at least the third time or greater within the same 12-month period, then: The penalty interest and the surcharge shall be increased by three percentage points plus a surcharge of SAR 3,000.00 for each time additional to the last that a debit position has occurred within this 12-month period. 3.3 Repayment
The full amount of the Overnight Covering, including the charge specified above, must be repaid by the participant at the start of the next business day.
4 Intra-day Debit Limit
4.1 The Limit
SAMA will decide the amount of the intra-day debit limit for each participant separately based on consideration of all relevant factors including, but not limited to, the Participant's flow of payments (both incoming and outgoing) through the SARIE system.
SAMA may instruct a Participant to review its intra-day debit limit at any time with a view to either increasing or decreasing the limit based on the flows of payment through the Participant’s SARIE account. Such instruction must be dealt with in a prompt manner and without undue delay.
4.2 Minimum Limit
The intra-day debit limit will not be less than the amount of SAR 50 million for which the Participant must provide the appropriate collateral specified in section 5 of this policy document.
4.3 Treasury Support Message
Treasury Support Message (TSM) is the only means to communicate with SAMA that can be used by a Participant with regard to requests for new or amended intraday debit limits.
The TSM is the primary means of communication with SAMA with regard to requests for Overnight Covering. A SWIFT message may be used as an alternative means of communication in emergency situations only.
5 Collateral
5.1 Eligible Collateral
The intra-day debit limit must be fully collateralised by eligible assets that a Participant has absolute ownership of free of any third party interests, which can be readily liquidated by SAMA and over which SAMA has jurisdiction.
The following table lists the eligible assets that are allowable as collateral:
Eligible Assets1 Restrictions on use as Collateral Government Development Bonds 90% of the nominal value SAMA Bills 90% of the nominal value Murabaha 90% of the nominal value Sukuk and bonds guaranteed by MoF2 85% of the nominal value 1 SAMA may in its sole discretion change its eligibility criteria at any time.
2 Ministry of Finance.
5.2 Restrictions
The portion of a Participant’s eligible assets pledged as collateral for an intra-day debit limit may not be utilized for any other purpose. However, the Participant may use these eligible assets for the purpose of calculating their overnight Repo amounts with SAMA, so long as such Repo amounts do not reduce the amount set aside as Collateral.
5.3 Maturing Assets
On the maturity of the instruments which are pledged as collateral, the Participants must ensure that, either,
- They still have sufficient eligible assets to cover their intra-day debit limit, or,
- Replace the maturing instruments with similar holdings of eligible assets in order to maintain sufficient cover for their intra-day debit limit, or,
- Advise SAMA that they wish to reduce the amount of their intra-day debit limit.
In case of Participants not replacing the maturing instruments, SAMA may impose appropriate penalty fee.
5.5 Available Funds
"Available Funds" in the SARIE system are calculated as follows:
Opening Credit Balance,
Plus
- Intra-day debit limit
- Settled incoming payments in favor of the participant
- The amount of any "direct entries” passed by SAMA, where the participant is the Credit party
- Settled Direct Debit Requests where the participant is the “Sponsoring Bank”
Minus
- Settled outgoing payments by order of the participant
- The amount of any "direct entries" passed by SAMA, where the participant is the Debit party
- Settled Direct Debit Requests where the participant is the “Paying Bank”
Plus or Minus
- The result of any Clearing House participating in SARIE.
6 Letter of Undertaking
A Letter of Undertaking, in the format specified by SAMA, must be signed by each Participant and returned to SAMA. Such Letters of Undertaking have the effect of creating a first priority, perfected pledge over the eligible assets in favour of SAMA as collateral for the Participant’s intra-day debit limit sanctioned by SAMA for the purposes of the SARIE system. The Letter of Undertaking bestows on SAMA the right to sell or otherwise dispose of sufficient eligible assets to clear any unpaid debit balances in accordance with the SARIE ORR and this policy.
7 Glossary of Abbreviations
The following abbreviations are used in the text:
ORR Operating Rules and Regulations
SARIE Saudi Arabian Riyal Interbank Express
SIBOR Saudi Interbank Offered Rate
SWIFT Society for Worldwide Interbank Financial Telecommunication
TSM Treasury Support Message
Safety Procedures for Banks
This section is currently available only in Arabic, please click here to read the Arabic version.Semi-Annual Report of all Cases that Arise in the Future
This section is currently available only in Arabic, please click here to read the Arabic version.SPAN Pricing Policy
SAMA © Copyright 2014 Saudi Arabian Monetary Agency (SAMA) All rights reserved. All information contained in this document Is confidential and proprietary to Saudi Arabian Monetary Agency (SAMA) and shall only be used for the purpose for which it is provided. No part of that document may be reproduced nor disclosed to a third party without the prior written consent of Saudi Arabian Monetary Agency (SAMA).
1 Introduction
This document sets out the charging policy that will be ‘applied to all members in the Saudi Payments Network (SPAN) card scheme for ATM, POS and Pre-paid usage.
The key elements related to SPAN fees are switch fees (authorization & settlement), banks interchange fees and Merchant Service Charges. Fees are levied by SAMA for the use of the SPAN central system (the switch) based on cost recovery, including processing and network usage and are subject to volume based discounts. SPAN fees are levied under the following headings:
- Authorization - charged to issuers
- Settlement - charged to both issuers and Acquirers
- Penalty fees
Merchant Service Charges (MSC) in respect of POS transactions are charged by the Acquirer to the Merchant and are subject to negotiation between those two parties. The level of MSC fees is subject to the maximum fees stated in this policy document.
interchange fees for both ATM and POS transactions are payable between the issuer and Acquirer banks with different fee scales and polarity (who pays the fee):
- ATM Interchange fees are payable by the issuer to the Acquirer
- POS interchange fees, currency set at zero during the transition phase wit), from 1st January 2015, be payable by the Acquirer to the issuer
No fees are payable by the Cardholder for any domestic SPAN Card transactions at POS or ATM except, where relevant, in relation to the reissuing of lost or damaged cards and the issuing of additional cards
Separate fee scales for Prepaid SPAN transactions apply for both ATM and POS. These are also set out in this policy document.
Penalty fees are charged to those members who do not meet the standards set out in the SPAN Operating Rules, SPAN Operating Standards and Procedures or any related requirements issued by SAMA including also SPAN Service Level Agreements (SLAs).
These fees are intended to encourage best practice, optimal levels of service, and the efficient operation of the SPAN system for the benefit of all stakeholders.
Rules and procedures for the calculation, billing and payment of fees are included in the SPAN Operation Rules and the SPAN Service Level Agreements (SLAs).
SAMA, as owner and operator of SPAN, will review the SPAN charging policy from time to time. Amendments to the SPAN fees and charges will be advised to all members in advance.
2 Daily limits
The maximum dally limits for SPAN transactions across POS and ATM terminals are as follows:
- POS transactions - The current default limit of SAR 20,000 will remain as the default transaction daily limit. However, banks may authorize higher daily limits for individual cardholders, up to a maximum of SAR 60,000, based on account-holder requests and subject to normal banking risk evaluation and controls.
- Cardholders should be provided with the facility, which could include through electronic banking channels, to request a change to their daily limit between the standard default limit of SAR 20,000 and the higher individual limit authorized by the bank.
- ATM transactions - the maximum permitted daily withdrawal limit is SAR 5,000.
3 Merchant Transaction Limit (MTL)
Acquirer banks may set the MTL for their Merchant customers in accordance with the type of business transactions normally processed by the merchant The MTL will be the maximum amount of any individual POS transaction that may be processed by that merchant.
In the absence of an Acquirer Bank defined MTL, the cardholder daily POS limit will apply.
4 SPAN Cardholder Fees and Charges
No SPAN transaction fee can be charged to the SPAN cardholder either by the issuer, Acquirer or Merchant for a domestic SPAN transaction initiated through a single or dual scheme SPAN Card, unless specifically authorized by SAMA.
However, charges may be applied when a SPAN card is used outside the Kingdom of Saudi Arabia as explicitly stated in the card service agreement signed by the cardholder. Applicable charges for SPAN cards used at GCC-NET (see Section 9) and for international networks (see Section 10) are as specified in this document.
Subject to SAMA Banking Tariff (SAMA circular No. 341000134319, dated: 25/11/1434H), Issuing banks may only levy subscription and maintenance fees for SPAN branded cards as follows:
SPAN Cardholder fees
Issuing a new SPAN card upon opening an account Free SPAN card renewal Free Reissuing a SPAN card that was lost or damaged by the cardholder SAR 30 Reissuing a SPAN card held by an ATM Free issuing an additional SPAN card SAR 30 Note: please refer to SAMA circular (Dated: 25/11/1434H, No. 341000134319)
Acquiring members must ensure that SPAN cardholders are not charged a fee or surcharged by a merchant with whom the members have entered into a Merchant Service Agreement (MSA) for the use of SPAN card.
5 Service Fees - SPAN ATM Switch Fees (Authorization & Settlement)
SPAN switch fees will be charged by SAMA for processing both ATM and POS transactions. The issuer bank will be charged for transaction authorization messages and settlement, while the acquirer bank will be charged fees for the settlement only.
5.1 ATM - SPAN Switch Fees
SPAN ATM switch fees will be charged by SAMA where ATM requests (cash or balance enquiry) are initiated between banks (different issuer and acquirer).
ATM Switch fees are calculated dally and charged monthly to both the issuer and acquirer banks, with discounted fees charged based on the aggregate volume of transactions processed per month, per bank.
ATM switch fees are calculated on transaction volume alone and are not affected by individual transaction values.
ATM Switch Fees
Number of messages per Month Fees per authorization message SAR Fees per settlement message SAR 1 150,000 0.1769 0.1369 150,001 300,000 0.1731 0.1338 300,001 600,000 0.1705 0.1320 600,001 1,250,000 0.1655 0.1289 1,250,001 2,500,000 0.1588 0.1251 2,500,001 5,000,000 0.1524 0.1215 5,000,001 8,000,000 0.1459 0.1179 8,000,001 11,000,000 0.1422 0.1157 11,000,001 15,000,000 0.1375 0.1118 15,000,001 20,000,000 0,1280 0.1041 20,000,001 30,000,000 0.1201 0.0977 30,000,001 50,000,000 0.1122 0.0912 Over 50,000,001 0.0964 0.0784 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests 5.2 POS - SPAN Switch Fees
5.2.1 SPAN POS switch fees operate in a similar manner to ATM switch fees, with Authorization and Settlement fees in general reducing as transaction volume per month grows.
5.2.2 In addition, SPAN POS switch fees will be further discounted for transactions at POS where the transaction value is less than SAR 50 in value. If the Purchase Value is less than SAR 50, the Authorization and Settlement Fees applied will be SAR 0.01 for each of the processes provided:
SPAN Switch Fees for POS transactions of less than SAR 50
Fees per authorization message SAR Fees per settlement message SAR Issuer Fees for POS transactions up to SAR 49.99 SAR 0.01 SAR 0.01 Acquirer Fees for POS transactions up to SAR 49.99 SAR 0.01 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
5.2.3 If the SPAN POS Purchase Value is greater than or equal to SAR 50, the standard SPAN switch fees for Authorization and Settlement will apply. The Standard SPAN pricing table (shown) is effective as of May 2013.
5.2.4 This banded pricing table offers volume discounts to Issuers and Acquirers, based on monthly transaction volumes. Transaction messages for POS transactions value of less than SAR 50 are excluded from the count.
SPAN Switch Fees for POS transactions equal to or greater than SAR 50
Number of messages per Month Fees per authorization message SAR Fees per settlement message SAR 1 250,000 0.1698 0.1359 250,001 500,000 0.1536 0.1207 500,001 1,000,000 0.1403 0.1095 1,000,001 1,750,000 0.1203 0.0935 1,750,001 3,000,000 0.1036 0.0806 3,000,001 5,000,000 0.0873 0.0682 5,000,001 8,000,000 0.0657 0.0514 8,000,001 12,000,000 0.0523 0.0408 12,000,001 18,000,000 0.0510 0.0398 18,000,001 25,000,000 0.0498 0.0389 25,000,001 40,000,000 0.0486 0.0379 40,000,001 50,000,000 0.0474 0.0370 Over 50,000,001 0.0461 0.0360 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
6 interchange Fees
Interchange fees for ATM transactions are payable by the Issuer to the Acquirer. The ATM Interchange fee rate is cost based and depends on the nature of the transaction being offered. Specifically, the Interchange fee paid is a function of whether the request is for balance enquiry or cash withdrawal.
Standard SPAN ATM interchange fees
Service Feature Fees (SAR) ATM Cash Withdrawal 2.50 ATM Balance Enquiry 1.00 The POS interchange fee is currently set at zero. As a result, no payment is made between the card Issuer and the Acquirer for transactions effected at POS.
Interchange fees in respect of POS transactions will, from 1st January 2015, be payable by the Acquirer to the Issuer.
This Interchange fee will be determined by SAMA and will be a percentage of the POS purchase transaction value.
POS Interchange will however, be subject to an absolute maximum Interchange fee determined by SAMA from time to time
SPAN POS Interchange fee rates (Payable by the Acquirer to the Issuer)
SPAN POS Interchange Rate on Purchase Value SPAN POS Interchange Maximum (Cap) Note 0.40% SAR 4.00 • Paid by Acquirer to Issuer on each purchase transaction
• Cap of SAR 4.00 (when the purchase value is SAR 1,000 or more).
Where relevant, Cashback values are NOT included in the Interchange calculation
7 Merchant Service Charge (MSC)
Acquiring Banks may charge Merchants a Merchant Service Charge (MSC) for the acquiring service rendered and governed under the Merchant Services Agreement (MSA).
The MSC continues to be a function of the Acquirer / Merchant relationship.
Acquiring Banks will bi-laterally negotiate the MSC fees levied subject to a SAMA defined 'maximum rate' as set out in the following table:
SPAN Merchant Service Charge (MSC) Maxlmum Rates
SPAN POS MSC Rate on Purchase Transaction Value SPAN POS MSC Maximum (Cap) Note Acquiring banks are permitted to levy a maximum of 0.80% of purchase value for each transaction up to a purchase value of SAR 5,000 For transactions exceeding SAR 5,000 in value, a capped MSC of SAR 40 (maximum) applies. • This fee is paid by the Merchant to the Acquiring bank.
• This rate is the maximum charge levied by Banks on Merchants, subject to an absolute maximum of SAR 40 per transaction on transactions greater than SAR 5,000 in value,
• The applied MSC rate is subject to market dynamics and the Acquiring banks may negotiate a lower MSC rate (Including zero)
Where relevant, Cashback values are NOT included in the MSC calculation
8 SPAN Prepaid Fees
8.1 SPAN Prepaid Switch Fees (Authorization & Settlement
SPAN Prepaid Switch fees will be charged by SAMA for processing both ATM and POS transactions. The issuer bank will be charged for transaction authorization messages and settlement, while the acquirer bank will be charged fees for the settlement only.
SPAN Prepaid Switch Fees for ATM transactions
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 100,000 0.1062 0.0821 100,001 200,000 0.1050 0.0812 200,001 400,000 0.1031 0.0797 400,001 800,000 04008 0.0783 800,001 1,600,000 0.0953 0.0751 1,600,001 2,700,000 0.0946 0.0747 2,700,001 4,000,000 0.0914 0.0729 4,000,001 6,000,000 0.0895 0.0718 6,000,001 9,000,000 0.0868 0.0703 9,000,001 14,000,000 0.0836 0.0680 14,000,001 20,000,000 0.0777 0.0632 20,000,001 30,000,000 0.0720 0.0586 Over 30,000,001 0.0673 0.0547 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
8.1.1 POS Prepaid - SPAN switch fees
SPAN Prepaid POS switch fees will be discounted for transactions at POS for less than SAR 50 in value, in the same way that standard SPAN POS transaction fees are applied.
If the Purchase Value is less than SAR 50, the Authorization and Settlement Fees applied will be SAR 0.01 for each of the processes provided:
SPAN Prepald Swtch Fees for POS transactions of less than SAR 50
SPAN Transactions up to SAR 49.99 Fees per authorization message (SAR) Fees per settlement message (SAR) Issuer Fees for POS transactions up to SAR 49,99 SAR 0.01 SAR 0.01 Acquirer Fees for POS transactions up to SAR 49.99 SAR 0.01 8.1.2 If the SPAN Prepaid POS Purchase Value is greater than or equal to SAR 50, the Prepaid SPAN switch fees for Authorization and Settlement will apply (see below).
8.1.3 The Prepaid SPAN pricing table (shown) is effective as of December 2013. This banded pricing table offers volume discounts to Issuers and Acquirers, based on monthly transaction volumes. Transaction messages for POS transactions of less than SAR 50 are excluded from the count.
SPAN Prepaid Switch Fees for POS transactions equal or greater than SAR 50
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 150,000 0.1019 0.0815 150,001 300,000 0.0987 0.0785 300,001 600,000 0.0895 0.0702 600,001 1,250,000 0.0862 0.0672 1,250,001 2,500,000 0.0772 0.0600 2,500,001 5,000,000 0.0634 0.0495 5,000,001 8,000,000 0.0541 0.0423 8,000,001 11,000,000 0.0431 0.0336 11,000,001 15,000,000 0.0411 0.0321 15,000,001 20,000,000 0.0404 0.0316 20,000,001 30,000,000 0.0394 0.0307 30,000,001 50,000,000 0.0384 0.0300 Over 50,000,001 0.0369 0.0288 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
8.2 SPAN Prepaid - ATM Interchange Fees
Interchange fees are payable from the Issuer to the Acquirer for interbank Prepaid ATM transactions processed through the SPAN payments switch. The fee rate depends on the nature of the transaction and specifically whether the request is for information or cash withdrawal.
SPAN Prepaid - ATM Interchange fees paid by the Issuer to the Acquirer
Service Feature Fees (SAR) ATM Cash Withdrawal 2.00 ATM Balance Enquiry 0.80 8.3 SPAN Prepaid - POS Interchange Fees
Interchange fees in respect of Prepaid POS transactions will, from 1st January 2015, be payable by the Acquirer to the Issuer. The POS interchange fee is currently set at zero during the transition phase.
SPAN Prepaid - POS interchange fees
SPAN POS Interchange Rate on Purchase Value SPAN POS Interchange Maximum (Cap) Note 0.40% SAR 4.00 • Paid by Acquirer to Issuer on each purchase transaction
• Cap of SAR 4.00 (when the purchase value is SAR 1,000 or more).
Where relevant, Cashback values are NOT included In the Interchange calculation
8.4 SPAN Prepaid POS Merchant Service Charges
Acquiring Banks may charge Merchants a Merchant Service Charge (MSC) for the acquiring service rendered and governed under the Merchant Services Agreement (MSA).
The standard SPAN MSC pricing model described at section 6 of this pricing policy applies for Prepaid SPAN Cards at POS. No distinct Prepaid MSC or Merchant Service Agreement (MSA) need apply.
SPAN Merchant Service Charge (MSC) Maximum Rates
SPAN POS MSC Rate on Purchase Transaction Value SPAN POS MSC Maximum (Cap) Acquiring banks are permitted to levy a maximum of 0.80% of purchase value for each transaction up to a purchase value of SAR 5,000 For transactions exceeding SAR 5,000 in value, a capped MSC of SAR 40 (maximum) applies. 8.5 Prepaid Cardholder Fees
In defined circumstances, the card issuer may apply fees to the cardholder for issue, replacement and specified use of the prepaid service.
Such fees are permitted ONLY in those circumstances defined by SAMA and are subject to the maximum fees and/or minimum conditions defined by SAMA from time to time.
SPAN Prepaid Cardholder / Service Fees
Fee Type Fee Maximum Conditions Prepaid Card issuing/ Maintenance Fee SAR 90.00 per annum Fees paid annually by the Prepaid Contracting Entity
(not necessarily the Cardholder)
Reissuing a Prepaid card that was lost or damaged by the cardholder SAR 50 per card Applicable only where the card replacement is not at the request of the Issuer Bank Reissuing a Prepaid Card held by an ATM Free Issuing an additional Prepaid Card SAR 25 per card Where additional cards are permitted by the Prepaid scheme ATM Enquiry-Transaction Fee SAR 0.80 Fees may be charged on Interbank ATM transactions only, subject to a minimum of four (4) interbank ATM Enquiries free per month
'Enquiry' Includes Balance Enquiry and Mini-Statements
ATM Cash Withdrawal -Transaction Fee SAR 2.00 Fees may be charged on Interbank ATM Transactions only, subject to a minimum of four (4) interbank Cash Withdrawals free per month Note: All Prepaid Consumer Fees, including those listed above, are subject to a SAMA 'Statement of No Objection' for each prepaid service type introduced by a card issuer bank.
9 SPAN GCC-NET Fees
9.1 ATM Fees
GCC switch Interchange fees for ATM transactions are payable by the GCC Issuer switch to the GCC Acquirer switch. The fee rate depends on the nature of the transaction and specifically whether the request is for balance enquiry or cash withdrawal.
GCC-NET-ATM Switch Fees
Service Feature KSA Cardholder Fee (SAR) KSA Issuer Bank Issuer (SPAN) Switch Acquirer (GCC) Switch Acquirer (GCC) Bank ATM Cash Withdrawal Up to SAR (10.00) Up to SAR 4.00 SAR 1.00 SAR 1.00 SAR 4.00 ATM Balance Enquiry SAR (3.00) - SAR 0.50 SAR 0.50 SAR 2.00 Table shows the fee paid or retained by each stakeholder, please refer to SAMA circular (Dated: 11/8/1421H, No. 130/GAM/12981)
Member Issuer banks are permitted to charge the cardholder up to SAR 10.00 maximum fee for a GCC ATM cash withdrawal transaction.
The Issuer Bank will pay away SAR 6.00. The SPAN Switch will retain SAR 1.00 and pay SAR 5.00 to the Acquirer side, to be distributed by the (GCC) Acquirer Switch between the Acquirer Switch (SAR 1.00) and the Acquirer Bank (SAR 4.00).
In the case of a GCC ATM balance enquiry, the issuer bank is permitted to charge the cardholder a maximum cardholder fee of SAR 3.00.
Of this, SAR 0.50 is paid to the Issuer (SPAN) Switch and the remaining SAR 2.50 is paid to the Acquirer (GCC) side, for distribution between the Acquirer Switch (SAR 0.50) and the Acquirer Bank (SAR 2.00).
10 SPAN International card bank Fees
SAMA levies fees for routing ATM and POS Transactions to International Bank Card Schemes (Visa, MasterCard and American Express) on behalf of either issuing or acquiring Members within Saudi Arabia.
10.1 International Bank Card Scheme - ATM Switch Fees
10.1.1 Visa and MasterCard ATM Switch Fees
Visa and MasterCard ATM transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant international scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card - Visa and MasterCard - ATM Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.6000 0.4650 25,001 50,000 0.5955 0.4605 50,001 100,000 0.5895 0.4560 100,001 200,000 0.5820 0.4500 200,001 400,000 0.5745 0.4440 400,001 675,000 0.5655 0.4380 675,001 1,000,000 0.5550 0.4320 1,000,001 1,500,000 0.5430 0.4245 1,500,001 2,250,000 0.5295 0.4170 2,250,001 3,500,000 0.5160 0.4095 3,500,001 5,000,000 0.5025 0.4020 5,000,001 7,500,000 0.4890 0.3945 Over 7,500,001 0.4740 0.3855 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
10.1.2 American Express ATM Switch Fees
American Express ATM transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant International scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card - American Express Card - ATM Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.8000 0.6200 25,001 50,000 0.7940 0.6140 50,001 100,000 0.7860 0.6080 100,001 200,000 0.7760 0.6000 200,001 400,000 0.7660 0.5920 400,001 675,000 0.7540 0.5840 675,001 1,000,000 0.7400 0.5760 1,000,001 1,500,000 0.7240 0.5660 1,500,001 2,250,000 0.7060 0.5560 2,250,001 3,500,000 0.6880 0.5460 3,500,001 5,000,000 0.6700 0.5360 5,000,001 7,500,000 0.6520 0.5260 Over 7,500,001 0.6320 0.5140 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
10.2 International Bank Card Scheme - POS Switch Fees
10.2.1 Visa and MasterCard POS Switch Fees
Visa and MasterCard POS transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant international scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card - Visa and MasterCard - POS Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.6600 0.5400 25,001 50,000 0.6390 0.5190 50,001 100,000 0.6150 0.4950 100,001 200,000 0.5880 0.4680 200,001 400,000 0.5565 0.4380 400,001 675,000 0.5205 0.4080 675,001 1,000,000 0.4815 0.3750 1,000,001 1,500,000 0.4395 0.3420 1,500,001 2,250,000 0.3945 0.3060 2,250,001 3,500,000 0.3465 0.2700 3,500,001 5,000,000 0.2955 0.2310 5,000,001 7,500,000 0.2415 0.1890 Over 7,500,001 0.1845 0.1440 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
10.2.2 American Express POS Switch Fees
American Express POS transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant international scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card -American Express Card - POS Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.8800 0.7200 25,001 50,000 0.8520 0.6920 50,001 100,000 0.8200 0.6600 100,001 200,000 0.7840 0.6240 200,001 400,000 0.7420 0.5840 400,001 675,000 0.6940 0.5440 675,001 1,000,000 0.6420 0.5000 1,000,001 1,500,000 0.5860 0.4560 1,500,001 2,250,000 0.5260 0.4080 2,250,001 3,500,000 0.4620 0.3600 3,500,001 5,000,000 0.3940 0.3080 5,000,001 7,500,000 0.3220 0.2520 Over 7,500,001 0.2460 0.1920 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
11 Penalties
In order for SAMA to maintain an acceptable level of service provided by all banks within the payment system, member banks have signed Service Level Agreements (SLA's) with SAMA to ensure that appropriate levels of service and efficiency are maintained.
These SLA's define the service standards expected at ATM's and at Point of Sale terminals and facilitate the measurement of services delivered by issuer and Acquirer Banks across the ATM, POS and issued Card suites within the SPAN ecosystem.
11.1 Penalty fees and other charges
Penalty fees are charged to those members who fail to meet the standards set out in the SPAN Operating Rules, Standards, Procedures, and SLA's. These fees are intended to encourage best practice and to ensure the smooth operation of the SPAN system for the benefit of all stakeholders.
The bank should allocate adequate resources to meet the service targets and provide SAMA with the relevant reports listed in the SLA's. Details of the targeted service levels are set out in the SPAN Service Level Agreement (SLA) and SPAN Operating Standards.
11.2 ATM Service Level Agreement (SLA) and Reporting
The SPAN ATM SLA defines and quantifies the standard of service expected from ATM Acquirer members of the SPAN network. SLA participants are expected to submit monthly performance reports, from which adherence to Service Level standards is assessed
11.2.1 ATM Avallability
The SPAN SLA states that it is the responsibly of each member to meet the minimum monthly uptime (availabllity) for ATM's, progressing to the target standard of 98.5% overall availabillity for the bank's ATM network.
In the event of failure to achieve this standard, the ATM Acquirer Member will be determined to be in breach of the ATM Standard and SLA. Non-adherent members will be subject to a 'Base Charge' as set out in the ATM Service Level Agreement.
11.2.2 ATM incident
in addition to a Base Charge', the SPAN SLA provides for a unit charge to be applied per incident', to be assessed and paid by the Member Bank(s), when the monthly average number of incidents per ATM exceeds a defined threshold.
These 'charges' and 'thresholds' are defined in the respective SLA's.
11.2.3 SLA Reporting
The SPAN SLA states that, subject to defined criteria, an ATM Acquirer may be charged up to a defined maximum, for late, invalid or incorrect report submission to SAMA, or where no report is received in a given reporting period.
This Late Reporting Charge is defined in the terms of the ATM SLA
11.3 Point of Sale (POS) SLA
An SLA Charge will be applied where the POS Acquiring service and process offered by a member bank is not adherent to the standards as specified by SPAN in the SPAN Business and Technical Books and defined within the POS SLA.
11.4 Card issuing SLA
An SLA Charge will be applied where the card issuance service and process offered by a member bank is not adherent to the standards as specified by SPAN in the SPAN Business and Technical Books and defined within the Card issuing SLA.
11.5 Additions! SLA's
SAMA may from time to time initiate and implement additions! SLA(s) to maintain target levels for the services provided by the scheme. These SLA(s) will be discussed, agreed and signed by member banks and will be included in any future updates to this document
11.6 Transaction Declines
Subject to member bank performance in the payment network and based on the SPAN switch monitoring and catenation, a charge will be applied where the member bank(s) monthly transaction decline rate is greater than the threshold 'transaction decline rate' as specified by SPAN from time-to-time.
11.7 Claims
As stated in SAMA circular number 2555 dated 1422H, a charge of SAR 100.00 will be levied on a SPAN member bank where a claim raised on SPAN ATM and/or POS transaction is not settled by the receiving bank within the timeline mandated by SAMA.
This charge will also apply if a claim is rejected incorrectly or is not supported by the appropriate documentary evidence.
SPAN Pricing Policy
1 Introduction
This document sets out the charging policy that will be applied to all members in the Saudi Payments Network (SPAN) card scheme for ATM, POS and Pre-paid usage.
The key elements related to SPAN fees are switch fees (authorization & settlement), banks interchange fees and Merchant Service Charges. Fees are levied by SAMA for the use of the SPAN central system (the switch) based on cost recovery, Including processing and network usage and are subject to volume based discounts. SPAN fees are levied under the following headings:
• Authorization - charged to Issuers • Settlement - charged to both Issuers and Acquirers • Penalty fees
Merchant Service Charges (MSC) in respect of POS transactions are charged by the Acquirer to the Merchant and are subject to negotiation between those two parties. The level of MSC fees is subject to the maximum fees stated in this policy document.
Interchange fees for both ATM and POS transactions are payable between the Issuer and Acquirer banks with different fee scales and polarity (who pays the fee):
• ATM Interchange fees are payable by the Issuer to the Acquirer • POS Interchange fees, currently set at zero during the transition phase will, from 1st January 2015, be payable by the Acquirer to the Issuer
No fees are payable by the Cardholder for any domestic SPAN Card transactions at POS or ATM except, where relevant, in relation to the reissuing of lost or damaged cards and the Issuing of additional cards
Separate fee scales for Prepaid SPAN transactions apply for both ATM and POS. These are also set out in this policy document.
Penalty fees are charged to those members who do not meet the standards set out in the SPAN Operating Rules, SPAN Operating Standards and Procedures or any related requirements issued by SAMA including also SPAN Service Level Agreements (SLAs).
These fees are intended to encourage best practice, optimal levels of service, and the efficient operation of the SPAN system for the benefit of all stakeholders.
Rules and procedures for the calculation, billing and payment of fees are included in the SPAN Operation Rules and the SPAN Service Level Agreements (SLAs).
SAMA, as owner and operator of SPAN, will review the SPAN charging policy from time to time. Amendments to the SPAN fees and charges will be advised to all members in advance,
2 Paily Limits
The maximum dally limits for SPAN transactions across POS and ATM terminals are as follows:
• POS transactions - The current default limit of SAR 20,000 will remain as the default transaction daily limit. However, banks may authorize higher daily limits for individual cardholders, up to a maximum of SAR 60,000, based on account-holder requests and subject to normal banking risk evaluation and controls. • Cardholders should be provided with the facility, which could include through electronic banking channels, to request a change to their daily limit between the standard default limit of SAR 20,000 and the higher individual limit authorized by the bank. • ATM transactions - the maximum permitted daily withdrawal limit is SAR 5,000.
3 Merchant Transaction Limit (MTL)
Acquirer banks may set the MTL for their Merchant customers in accordance with the type of business transactions normally processed by the merchant The MTL will be the maximum amount of any individual POS transaction that may be processed by that merchant.
In the absence of an Acquirer Bank defined MTL, the cardholder daily POS limit will apply.
4 SPAN Cardholder Fees and Charges
No SPAN transaction fee can be charged to the SPAN cardholder either by the Issuer, Acquirer or Merchant for a domestic SPAN transaction initiated through a single or dual scheme SPAN Card, unless specifically authorized by SAMA.
However, charges may be applied when a SPAN card is used outside the Kingdom of Saudi Arabia as explicitly stated in the card service agreement signed by the cardholder. Applicable charges for SPAN cards used at GCC-NET (see Section 9) and for International networks (see Section 10) are as specified in this document.
Subject to SAMA Banking Tariff (SAMA circular No. 341000134319, dated: 25/11/1434H), Issuing banks may only levy subscription and maintenance fees for SPAN branded cards as follows:
SPAN Cardholder fees
• Issuing a new SPAN card upon opening an account Free • SPAN card renewal Free • Reissuing a SPAN card that was lost or damaged by the cardholder SAR 30 • Reissuing a SPAN card held by an ATM Free • Issuing an additional SPAN card SAR 30 Note: please refer to SAMA circular (Dated: 25/11/1434H, No. 341000134319)
Acquiring members must ensure that SPAN cardholders are not charged a fee or surcharged by a merchant with whom the members have entered into a Merchant Service Agreement (MSA) for the use of SPAN card.
5 Service Fees - SPAN ATM Switch Fees (Authorization & Settlement)
SPAN switch fees will be charged by SAMA for processing both ATM and POS transactions. The issuer bank will be charged for transaction authorization messages and settlement, while the acquirer bank will be charged fees for the settlement only.
5.1 ATM - SPAN Switch Fees
SPAN ATM switch fees will be charged by SAMA where ATM requests (cash or balance enquiry) are initiated between banks (different issuer and acquirer).
ATM Switch fees are calculated dally and charged monthly to both the issuer and acquirer banks, with discounted fees charged based on the aggregate volume of transactions processed per month, per bank.
ATM switch fees are calculated on transaction volume alone and are not affected by individual transaction values.
ATM Switch Fees
Number of messages per Month Fees per authorization message SAR Fees per settlement message SAR 1 150,000 0.1769 0.1369 150,001 300,000 0.1731 0.1338 300,001 600,000 0.1705 0.1320 600,001 1,250,000 0.1655 0.1289 1,250,001 2,500,000 0.1588 0.1251 2,500,001 5,000,000 0.1524 0.1215 5,000,001 8,000,000 0.1459 0.1179 8,000,001 11,000,000 0.1422 0.1157 11,000,001 15,000,000 0.1375 0.1118 15,000,001 20,000,000 0,1280 0.1041 20,000,001 30,000,000 0.1201 0.0977 30,000,001 50,000,000 0.1122 0.0912 Over 50,000,001 0.0964 0.0784 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests 5.2 POS - SPAN Switch Fees
5.2.1 SPAN POS switch fees operate in a similar manner to ATM switch fees, with Authorization and Settlement fees in general reducing as transaction volume per month grows.
5.2.2 In addition, SPAN POS switch fees will be further discounted for transactions at POS where the transaction value is less than SAR 50 in value. If the Purchase Value is less than SAR 50, the Authorization and Settlement Fees applied will be SAR 0.01 for each of the processes provided:
SPAN Switch Fees for POS transactions of less than SAR 50
Fees per authorization message SAR Fees per settlement message SAR Issuer Fees for POS transactions up to SAR 49.99 SAR 0.01 SAR 0.01 Acquirer Fees for POS transactions up to SAR 49.99 SAR 0.01 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
5.2.3 If the SPAN POS Purchase Value is greater than or equal to SAR 50, the standard SPAN switch fees for Authorization and Settlement will apply. The Standard SPAN pricing table (shown) is effective as of May 2013.
5.2.4 This banded pricing table offers volume discounts to Issuers and Acquirers, based on monthly transaction volumes. Transaction messages for POS transactions value of less than SAR 50 are excluded from the count.
SPAN Switch Fees for POS transactions equal to or greater than SAR 50
Number of messages per Month Fees per authorization message SAR Fees per settlement message SAR 1 250,000 0.1698 0.1359 250,001 500,000 0.1536 0.1207 500,001 1,000,000 0.1403 0.1095 1,000,001 1,750,000 0.1203 0.0935 1,750,001 3,000,000 0.1036 0.0806 3,000,001 5,000,000 0.0873 0.0682 5,000,001 8,000,000 0.0657 0.0514 8,000,001 12,000,000 0.0523 0.0408 12,000,001 18,000,000 0.0510 0.0398 18,000,001 25,000,000 0.0498 0.0389 25,000,001 40,000,000 0.0486 0.0379 40,000,001 50,000,000 0.0474 0.0370 Over 50,000,001 0.0461 0.0360 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
6 Interchange Fees
6.1 ATM Interchange Fees
Interchange fees for ATM transactions are payable by the Issuer to the Acquirer. The ATM Interchange fee rate is cost based and depends on the nature of the transaction being offered. Specifically, the Interchange fee paid is a function of whether the request is for balance enquiry or cash withdrawal.
Standard SPAN ATM interchange fees
Service Feature Fees (SAR) ATM Cash Withdrawal 2.50 ATM Balance Enquiry 1.00 6.2 POS Interchange Fees
The POS interchange fee is currently set at zero. As a result, no payment is made between the card Issuer and the Acquirer for transactions effected at POS.
Interchange fees in respect of POS transactions will, from 1st January 2015, be payable by the Acquirer to the Issuer.
This Interchange fee will be determined by SAMA and will be a percentage of the POS purchase transaction value.
POS Interchange will however, be subject to an absolute maximum Interchange fee determined by SAMA from time to time
SPAN POS Interchange fee rates (Payable by the Acquirer to the Issuer)
SPAN POS Interchange Rate on Purchase Value SPAN POS Interchange Maximum (Cap) Note 0.40% SAR 4.00 • Paid by Acquirer to Issuer on each purchase transaction
• Cap of SAR 4.00 (when the purchase value is SAR 1,000 or more).
Where relevant, Cashback values are NOT included in the Interchange calculation
7 Merchant Service Charge (MSC)
7.1 POS Merchant Service Charges
Acquiring Banks may charge Merchants a Merchant Service Charge (MSC) for the acquiring service rendered and governed under the Merchant Services Agreement (MSA).
The MSC continues to be a function of the Acquirer / Merchant relationship.
Acquiring Banks will bi-laterally negotiate the MSC fees levied subject to a SAMA defined 'maximum rate' as set out in the following table:
SPAN Merchant Service Charge (MSC) Maxlmum Rates
SPAN POS MSC Rate on Purchase Transaction Value SPAN POS MSC Maximum (Cap) Note Acquiring banks are permitted to levy a maximum of 0.80% of purchase value for each transaction up to a purchase value of SAR 5,000 For transactions exceeding SAR 5,000 in value, a capped MSC of SAR 40 (maximum) applies. • This fee is paid by the Merchant to the Acquiring bank.
• This rate is the maximum charge levied by Banks on Merchants, subject to an absolute maximum of SAR 40 per transaction on transactions greater than SAR 5,000 in value,
• The applied MSC rate is subject to market dynamics and the Acquiring banks may negotiate a lower MSC rate (Including zero)
Where relevant, Cashback values are NOT included in the MSC calculation
8 SPAN Prepaid Fees
8.1 SPAN Prepaid Switch Fees (Authorization & Settlement)
SPAN Prepaid Switch fees will be charged by SAMA for processing both ATM and POS transactions. The issuer bank will be charged for transaction authorization messages and settlement, while the acquirer bank will be charged fees for the settlement only.
SPAN Prepaid Switch Fees for ATM transactions
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 100,000 0.1062 0.0821 100,001 200,000 0.1050 0.0812 200,001 400,000 0.1031 0.0797 400,001 800,000 04008 0.0783 800,001 1,600,000 0.0953 0.0751 1,600,001 2,700,000 0.0946 0.0747 2,700,001 4,000,000 0.0914 0.0729 4,000,001 6,000,000 0.0895 0.0718 6,000,001 9,000,000 0.0868 0.0703 9,000,001 14,000,000 0.0836 0.0680 14,000,001 20,000,000 0.0777 0.0632 20,000,001 30,000,000 0.0720 0.0586 Over 30,000,001 0.0673 0.0547 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
8.1.1 POS Prepaid - SPAN switch fees
SPAN Prepaid POS switch fees will be discounted for transactions at POS for less than SAR 50 in value, in the same way that standard SPAN POS transaction fees are applied.
If the Purchase Value is less than SAR 50, the Authorization and Settlement Fees applied will be SAR 0.01 for each of the processes provided:
SPAN Prepald Swtch Fees for POS transactions of less than SAR 50
SPAN Transactions up to SAR 49.99 Fees per authorization message (SAR) Fees per settlement message (SAR) Issuer Fees for POS transactions up to SAR 49,99 SAR 0.01 SAR 0.01 Acquirer Fees for POS transactions up to SAR 49.99 SAR 0.01 8.1.2 If the SPAN Prepaid POS Purchase Value is greater than or equal to SAR 50, the Prepaid SPAN switch fees for Authorization and Settlement will apply (see below).
8.1.3 The Prepaid SPAN pricing table (shown) is effective as of December 2013. This banded pricing table offers volume discounts to Issuers and Acquirers, based on monthly transaction volumes. Transaction messages for POS transactions of less than SAR 50 are excluded from the count.
SPAN Prepaid Switch Fees for POS transactions equal or greater than SAR 50
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 150,000 0.1019 0.0815 150,001 300,000 0.0987 0.0785 300,001 600,000 0.0895 0.0702 600,001 1,250,000 0.0862 0.0672 1,250,001 2,500,000 0.0772 0.0600 2,500,001 5,000,000 0.0634 0.0495 5,000,001 8,000,000 0.0541 0.0423 8,000,001 11,000,000 0.0431 0.0336 11,000,001 15,000,000 0.0411 0.0321 15,000,001 20,000,000 0.0404 0.0316 20,000,001 30,000,000 0.0394 0.0307 30,000,001 50,000,000 0.0384 0.0300 Over 50,000,001 0.0369 0.0288 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
8.2 SPAN Prepaid - ATM Interchange Fees
Interchange fees are payable from the Issuer to the Acquirer for interbank Prepaid ATM transactions processed through the SPAN payments switch. The fee rate depends on the nature of the transaction and specifically whether the request is for information or cash withdrawal.
SPAN Prepaid - ATM Interchange fees paid by the Issuer to the Acquirer
Service Feature Fees (SAR) ATM Cash Withdrawal 2.00 ATM Balance Enquiry 0.80 8.3 SPAN Prepaid - POS Interchange Fees
Interchange fees in respect of Prepaid POS transactions will, from 1st January 2015, be payable by the Acquirer to the Issuer. The POS interchange fee is currently set at zero during the transition phase.
SPAN Prepaid - POS interchange fees
SPAN POS Interchange Rate on Purchase Value SPAN POS Interchange Maximum (Cap) Note 0.40% SAR 4.00 • Paid by Acquirer to Issuer on each purchase transaction
• Cap of SAR 4.00 (when the purchase value is SAR 1,000 or more).
Where relevant, Cashback values are NOT included In the Interchange calculation
8.4 SPAN Prepaid POS Merchant Service Charges
Acquiring Banks may charge Merchants a Merchant Service Charge (MSC) for the acquiring service rendered and governed under the Merchant Services Agreement (MSA).
The standard SPAN MSC pricing model described at section 6 of this pricing policy applies for Prepaid SPAN Cards at POS. No distinct Prepaid MSC or Merchant Service Agreement (MSA) need apply.
SPAN Merchant Service Charge (MSC) Maximum Rates
SPAN POS MSC Rate on Purchase Transaction Value SPAN POS MSC Maximum (Cap) Acquiring banks are permitted to levy a maximum of 0.80% of purchase value for each transaction up to a purchase value of SAR 5,000 For transactions exceeding SAR 5,000 in value, a capped MSC of SAR 40 (maximum) applies. 8.5 Prepaid Cardholder Fees
In defined circumstances, the card issuer may apply fees to the cardholder for issue, replacement and specified use of the prepaid service.
Such fees are permitted ONLY in those circumstances defined by SAMA and are subject to the maximum fees and/or minimum conditions defined by SAMA from time to time.
SPAN Prepaid Cardholder / Service Fees
Fee Type Fee Maximum Conditions Prepaid Card issuing/ Maintenance Fee SAR 90.00 per annum Fees paid annually by the Prepaid Contracting Entity
(not necessarily the Cardholder)
Reissuing a Prepaid card that was lost or damaged by the cardholder SAR 50 per card Applicable only where the card replacement is not at the request of the Issuer Bank Reissuing a Prepaid Card held by an ATM Free Issuing an additional Prepaid Card SAR 25 per card Where additional cards are permitted by the Prepaid scheme ATM Enquiry-Transaction Fee SAR 0.80 Fees may be charged on Interbank ATM transactions only, subject to a minimum of four (4) interbank ATM Enquiries free per month
'Enquiry' Includes Balance Enquiry and Mini-Statements
ATM Cash Withdrawal -Transaction Fee SAR 2.00 Fees may be charged on Interbank ATM Transactions only, subject to a minimum of four (4) interbank Cash Withdrawals free per month Note: All Prepaid Consumer Fees, including those listed above, are subject to a SAMA 'Statement of No Objection' for each prepaid service type introduced by a card issuer bank.
9 SPAN GCC-NET Fees
9.1 ATM Fees
GCC switch Interchange fees for ATM transactions are payable by the GCC Issuer switch to the GCC Acquirer switch. The fee rate depends on the nature of the transaction and specifically whether the request is for balance enquiry or cash withdrawal.
GCC-NET-ATM Switch Fees
Service Feature KSA Cardholder Fee (SAR) KSA Issuer Bank Issuer (SPAN) Switch Acquirer (GCC) Switch Acquirer (GCC) Bank ATM Cash Withdrawal Up to SAR (10.00) Up to SAR 4.00 SAR 1.00 SAR 1.00 SAR 4.00 ATM Balance Enquiry SAR (3.00) - SAR 0.50 SAR 0.50 SAR 2.00 Table shows the fee paid or retained by each stakeholder, please refer to SAMA circular (Dated: 11/8/1421H, No. 130/GAM/12981)
Member Issuer banks are permitted to charge the cardholder up to SAR 10.00 maximum fee for a GCC ATM cash withdrawal transaction.
The Issuer Bank will pay away SAR 6.00. The SPAN Switch will retain SAR 1.00 and pay SAR 5.00 to the Acquirer side, to be distributed by the (GCC) Acquirer Switch between the Acquirer Switch (SAR 1.00) and the Acquirer Bank (SAR 4.00).
In the case of a GCC ATM balance enquiry, the issuer bank is permitted to charge the cardholder a maximum cardholder fee of SAR 3.00.
Of this, SAR 0.50 is paid to the Issuer (SPAN) Switch and the remaining SAR 2.50 is paid to the Acquirer (GCC) side, for distribution between the Acquirer Switch (SAR 0.50) and the Acquirer Bank (SAR 2.00).
10 SPAN International Bank Card Fees
SAMA levies fees for routing ATM and POS Transactions to International Bank Card Schemes (Visa, MasterCard and American Express) on behalf of either issuing or acquiring Members within Saudi Arabia.
10.1 International Bank Card Scheme - ATM Switch Fees
10.1.1 Visa and MasterCard ATM Switch Fees
Visa and MasterCard ATM transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant international scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card - Visa and MasterCard - ATM Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.6000 0.4650 25,001 50,000 0.5955 0.4605 50,001 100,000 0.5895 0.4560 100,001 200,000 0.5820 0.4500 200,001 400,000 0.5745 0.4440 400,001 675,000 0.5655 0.4380 675,001 1,000,000 0.5550 0.4320 1,000,001 1,500,000 0.5430 0.4245 1,500,001 2,250,000 0.5295 0.4170 2,250,001 3,500,000 0.5160 0.4095 3,500,001 5,000,000 0.5025 0.4020 5,000,001 7,500,000 0.4890 0.3945 Over 7,500,001 0.4740 0.3855 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
10.1.2 American Express ATM Switch Fees
American Express ATM transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant International scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card - American Express Card - ATM Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.8000 0.6200 25,001 50,000 0.7940 0.6140 50,001 100,000 0.7860 0.6080 100,001 200,000 0.7760 0.6000 200,001 400,000 0.7660 0.5920 400,001 675,000 0.7540 0.5840 675,001 1,000,000 0.7400 0.5760 1,000,001 1,500,000 0.7240 0.5660 1,500,001 2,250,000 0.7060 0.5560 2,250,001 3,500,000 0.6880 0.5460 3,500,001 5,000,000 0.6700 0.5360 5,000,001 7,500,000 0.6520 0.5260 Over 7,500,001 0.6320 0.5140 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
10.2 International Bank Card Scheme - POS Switch Fees
10.2.1 Visa and MasterCard POS Switch Fees
Visa and MasterCard POS transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant international scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card - Visa and MasterCard - POS Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.6600 0.5400 25,001 50,000 0.6390 0.5190 50,001 100,000 0.6150 0.4950 100,001 200,000 0.5880 0.4680 200,001 400,000 0.5565 0.4380 400,001 675,000 0.5205 0.4080 675,001 1,000,000 0.4815 0.3750 1,000,001 1,500,000 0.4395 0.3420 1,500,001 2,250,000 0.3945 0.3060 2,250,001 3,500,000 0.3465 0.2700 3,500,001 5,000,000 0.2955 0.2310 5,000,001 7,500,000 0.2415 0.1890 Over 7,500,001 0.1845 0.1440 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
10.2.2 American Express POS Switch Fees
American Express POS transactions issued or acquired by SPAN Member banks in Saudi Arabia are routed to the relevant international scheme for Authorization and Settlement. The following switch fees apply:
SPAN International Bank Card -American Express Card - POS Switch fees
Number of SPAN Switch Transactions per month Fees per authorization message (SAR) Fees per settlement message (SAR) 1 25,000 0.8800 0.7200 25,001 50,000 0.8520 0.6920 50,001 100,000 0.8200 0.6600 100,001 200,000 0.7840 0.6240 200,001 400,000 0.7420 0.5840 400,001 675,000 0.6940 0.5440 675,001 1,000,000 0.6420 0.5000 1,000,001 1,500,000 0.5860 0.4560 1,500,001 2,250,000 0.5260 0.4080 2,250,001 3,500,000 0.4620 0.3600 3,500,001 5,000,000 0.3940 0.3080 5,000,001 7,500,000 0.3220 0.2520 Over 7,500,001 0.2460 0.1920 Note: Authorization Fees are charged on all transaction requests - Approved and Declined Settlement Fees are charged ONLY on Approved financial transaction requests
11 Penalties
In order for SAMA to maintain an acceptable level of service provided by all banks within the payment system, member banks have signed Service Level Agreements (SLA's) with SAMA to ensure that appropriate levels of service and efficiency are maintained.
These SLA's define the service standards expected at ATM's and at Point of Sale terminals and facilitate the measurement of services delivered by Issuer and Acquirer Banks across the ATM, POS and Issued Card suites within the SPAN ecosystem.
11.1 Penalty Fees and Other Charges
Penalty fees are charged to those members who fall to meet the standards set out in the SPAN Operating Rules, Standards, Procedures, and SLA's. These fees are intended to encourage best practice and to ensure the smooth operation of the SPAN system for the benefit of all stakeholders.
The bank should allocate adequate resources to meet the service targets and provide SAMA with the relevant reports listed in the SLA's. Details of the targeted service levels are set out in the SPAN Service Level Agreement (SLA) and SPAN Operating Standards.
11.2 ATM Service Level Agreement (SLA) and Reporting
The SPAN ATM SLA defines and quantifies the standard of service expected from ATM Acquirer members of the SPAN network SLA participants are expected to submit monthly performance reports, from which adherence to Service Level standards is assessed
11.2.1 ATM Availability
The SPAN SLA states that it Is the responsibility of each member to meet the minimum monthly uptime (availability) for ATM's, progressing to the target standard of 98.5% overall availability for the bank's ATM network.
In the event of failure to achieve this standard, the ATM Acquirer Member will be determined to be in breach of the ATM Standard and SLA. Non-adherent members will be subject to a 'Base Charge' as set out in the ATM Service Level Agreement.
11.2.2 ATM Incident
In addition to a 'Base Charge', the SPAN SLA provides for a unit charge to be applied 'per Incident', to be assessed and paid by the Member Bank(s), when the monthly average number of incidents per ATM exceeds a defined threshold.
These 'charges' and 'thresholds' are defined in the respective SLA's.
11.2.3 SLA Reporting
The SPAN SLA states that, subject to defined criteria, an ATM Acquirer may be charged up to a defined maximum, for late, invalid or incorrect report submission to SAMA, or where no report is received in a given reporting period.
This Late Reporting Charge is defined in the terms of the ATM SLA
11.3 Point of Sale (POS) SLA
An SLA Charge will be applied where the POS Acquiring service and process offered by a member bank is not adherent to the standards as specified by SPAN in the SPAN Business and Technical Books and defined within the POS SLA.
11.4 Card Issuing SLA
An SLA Charge will be applied where the card issuance service and process offered by a member bank is not adherent to the standards as specified by SPAN in the SPAN Business and Technical Books and defined within the Card Issuing SLA.
11.5 Additional SLA's
SAMA may from time to time initiate and implement additional SLA(s) to maintain target levels for the services provided by the scheme. These SLA(s) will be discussed, agreed and signed by member banks and will be included in any future updates to this document.
11.6 Transaction Declines
Subject to member bank performance In the payment network and based on the SPAN switch monitoring and calculation, a charge will be applied where the member bank(s) monthly transaction decline rate is greater than the threshold 'transaction decline rate' as specified by SPAN from time-to-time.
11.7 Claims
As stated in SAMA circular number 2555 dated 1422H, a charge of SAR 100.00 will be levied on a SPAN member bank where a claim raised on SPAN ATM and/or POS transaction is not settled by the receiving bank within the timeline mandated by SAMA.
This charge will also apply if a claim is rejected Incorrectly or is not supported by the appropriate documentary evidence.
Caution from Electronic Fraud
This Circular has been superseded by the Cyber Security Framework, 381000091275, 24/5/2017.261000000286
This section is currently available only in Arabic, please click here to read the Arabic version.Notification of Financial Embezzlement and Fraud Operations, Theft, Currency Counterfeiting, Money Laundering and Forgery
Further to our previous circulars regarding the notification of security authorities and SAMA of any abnormal and suspicious activities,
We wish to reiterate our previous instructions in addition to the requirement of notifying the police immediately and through the most expedient means in the following events:
Financial embezzlement and fraud operations, theft, currency counterfeiting, money laundering and the forgery of documents.
Please be informed and instruct all your branches to act accordingly.
Monitoring ATMs with Cameras
Monitoring ATMs with Cameras
Security and Safety Guidelines-1416
The Security and Safety Guidelines-1416 have been superseded by the Security and Safety Guidelines, (40570/BCI/525), dated 23/08/1429 H, Corresponding To 24/08/2008 G.021000000104
Notify Banks and Money Exchangers that the Posting of all Kinds of Advertisements for Hajj is Outlawed for Security Reasons
Attempts to Peddle Counterfeit US Banknotes
241000000307
This circular is currently available only in Arabic, please click here to read the Arabic version.Linking the transfer of Direct Revenue Accounts to Account (37)
This circular is currently available only in Arabic, please click here to read the Arabic version.Emphasize Adherence to the Mentioned Circulars
Security and Safety Guidelines
With reference to the Central Bank Circular No. 485/MA/36 dated 07/01/1416H on the Security Safety Manual, a copy of the final draft of the updated Security Safety Manual is attached.
We hope that you will express your views on the draft within one month from the date of this letter.
Section 1 Requirements and Responsibilities
Synopsis
This section describes the general requirements of the Security and Safety Guidelines and the responsibilities of the banks and SAMA.
1. Introduction
Since the last guidelines were introduced in June 1995 (1/1416) a number of major changes have affected the security and safety responsibilities of the Saudi banks to its staff, assets and customers.
A major consideration is the recent increase of criminal activity against Saudi banks in the form of robbery, theft and fraud. Whilst the initial guidelines provided suitable standards and requirements at the time, it was therefore, assessed that these required a detailed review process followed by a revision of the minimum security and safety standards.
The recent criminal activities and the advances in security and safety equipments, systems and procedures has provided an opportunity to implement more effective measures that incorporate international, regional and local standards that would only benefit the Saudi banks.
2. Security and Safety Standards and Requirements
SAMA has issued the Security and Safety Guidelines that are designed to provide the minimum standards in the following areas:
a. Implementation of a Corporate Security and Safety Plan b. Standards for the implementation of Electronic Security and Safety Systems c. Standards for the implementation of Physical Security and Safety Systems d. Standards for the Cash in Transit procedures and transportation service providers e. Standards and Procedures for the Security Guards operating in the main buildings and branches
These documents have been prepared using international consultants and reviewed by SAMA and associated government agencies prior to their dissemination to the Saudi Banks.
3. Security and Safety Unit
Saudi banks are required to appoint a senior and capable individual as a Security and Safety Manager who will be responsible for the design, planning and implementation of the minimum standards contained within the SAMA Security and Safety Guidelines. The Security and Safety Manager is to be provided the necessary personnel and resources to fulfil these obligations and thereby safeguard the staff, assets, customers and business operations of the bank.
4. Implementation Plan
A detailed Implementation Plan is attached at Appendix 1 to this Circular. The banks are required, within 30 days of the implementation date, to provide a certificate to SAMA from an external security consultant that these requirements and standards have been implemented.
5. Effective Date
With this Circular is attached the final version of the SAMA Security and Safety Guidelines which supersede the previous guidelines and all memorandums and circulars issued prior to this date. The effective date for the implementation of these requirements is (Date).
To ensure regulatory compliance of the implementation of the new requirements, SAMA and the Joint Security Committee will carry out site visits to the banks using appointed representatives. The failure by a bank to meet the requirements and standards could lead to penalties prescribed under the Banking Control Law.
Summary of Responsibilities
SAMA:
To ensure the effective implementation of the Security and Safety Guidelines the following responsibilities are to be undertaken by Saudi Central Bank:
1. The Guidelines are to be implemented in full by all banks before the 01st July 2009.
2. The Guidelines are to supersede the previous version and any associated amendments, circulars and memos.
3. All matters regarding the Security and Safety of the banks will be coordinated through SAMA. All correspondences, responses and requirements from external organizations, agencies and ministerial departments will be reviewed, assessed and forwarded as formal amendments to all banks.
4. Amendments and updates to the Guidelines will be provided by SAMA electronically and/or hardcopy as applicable.
5. Regular audits of the Guidelines will be carried out by SAMA or its nominated external consultants to ensure compliance and implementation by the banks.
6. Annual audits of the Guidelines will be conducted to ensure the accuracy and validity of its content. The audits will be conducted internally or by its nominated external consultants.
BANKS:
To ensure the effective implementation of the Security and Safety Guidelines the following responsibilities are to be undertaken by the Banks:
1. The Guidelines are to be implemented in full by all banks before the 01st July 2009.
2. The Guidelines have been prepared to provide the minimum security and safety standards for all banks. It is expected, where applicable, that all banks will exceed these requirements and adopt internal standards and specifications dependent upon their structure and organizational needs.
3. The sections within the Guidelines have been designed to work in unison with each other and a clear understanding of its entire content is required.
4. The appointment of identified and capable personnel is to be undertaken to ensure the implementation of the Guidelines and its compliance.
5. All sections within the Guidelines are to be adhered to in full and will include the implementation of any subsequent amendments sent by SAMA.
Section 2 Corporate Security and Safety Plan
Synopsis
This section describes the minimum requirements for the establishment and implementation of the Corporate Security and Safety Plan.
1.0 INTRODUCTION The purpose of the Corporate Security and Safety Plan (CSSP) is to provide a single document that incorporates all the procedures and processes to ensure the security and safety of the banks staff, assets and customers.
The CSSP is to include the overall security and safety policy of the bank and identify locations requiring dedicated plans and procedures for specific facilities.
The CSSP is to include the minimum requirements contained within this section and be prepared, introduced and implemented by the appointed Security and Safety Manager and/or a nominated external consultant.
2.0 RESPONSIBILITIES The CSSP is considered a strategic document that will have an impact on every aspect of the banks business and therefore requires senior management commitment and approval.
The CSSP is to include a Corporate Policy Statement that confirms the commitment by the banks senior management and their enforcement of its content.
To ensure the successful enforcement of the CSSP the bank is to appoint a Security and Safety Manager and who is provided the necessary assistance and support to carry out his duties and responsibilities.
Whilst the CSSP is to be enforced, controlled and managed by the Security and Safety Manager, Its preparation and implementation can be undertaken and/or assisted by a nominated external consultant.
The CSSP is to include the minimum requirements contained within these guidelines and be available for audit and assessment by SAMA and/or its nominated representatives.
3.0 CORPORATE SECURITY AND SAFETY PLAN REQUIREMENTS The Corporate Security and Safety Plan (CSSP) is to include all aspects that would affect the security and safety of the banks' staff, assets and customers.
The CSSP is to incorporate the policies, procedures and processes for both general and detailed requirements.
Whilst common elements will affect the bank as a whole, the more detailed requirements will need to be prepared for specific facilities. These facilities include:
1. Regional Buildings 2. Branches 3. Cash Holding Facilities 4. Data Centres 5. Disaster Recovery (DR) Sites 6. Warehouses
To ensure a complete and consistent approach is incorporated within the preparation of the CSSP the following sections and elements are to be mandatory.
3.1 INTRODUCTION This section of the CSSP will include the following elements:
1. Purpose and Regulatory Basis - identifies the standards, regulatory requirements and authority of the CSSP. 2. CSSP Security and Control - identifies the security of the CSSP and its dissemination within the bank. 3. Reviews and Audit Requirements - identifies the frequency of reviews, audits and those responsibly for conducting them. 4. Reference Documentation - includes the associated material in the construction of the CSSP and related plans, policies and procedures. 5. Business Description and Assets - provides a summary of the banks facilities that are included within the CSSP.
3.2 INTERNAL SECURITY AND SAFETY ORGANISATION This section of the CSSP will include the following elements:
1. Corporate Policy Statement - signed policy statement from senior management that provides commitment to the CSSP. 2. Security and Safety Organisational Chart - identifies the management and reporting chain of all relevant personnel. 3. Security and Safety Personnel Responsibilities and Job Descriptions - provides the requirements of each position and their Key Performance Indicators. 4. External Agencies and Organisations - identifies the coordination between the banks' security personnel and external groups i.e. Contract Guards, Police, Civil Defence, SAMA etc. 5. Security Coordination Committee -identifies personnel responsible for review of the CSSP and any amendments and/or updates. 6. Conduct and Ethical Practices -provides the standards expected of the security and safety personnel. 7. Vendor Management and Tendering Process - identifies the procedures for tendering and contracting security and safety related equipment, services and systems.
3.3 SECURITY AND SAFETY TRAINING AND DRILLS This section of the CSSP will include the following elements:
1. Security and Safety Awareness Programmes - provides the training and education requirements delivered to new and existing staff. 2. General Security and Safety Training - identifies internal and external training in security, fire prevention and incident control for the banks' dedicated security and safety personnel. 3. Specialist Security and Safety Training - outlines specific training to select personnel that would include Retail Robbery, Anti Money Laundering (AML), Fire Marshalls / Floor Wardens and Emergency Evacuation procedures. 4. Security and Safety Drills - include practical tests of the physical and electrical security and safety systems, measures and procedures.
3.4 RECORDS AND DOCUMENTATION This section of the CSSP will include the following elements:
1. Purpose and Requirements - outlines the files and records required to support the CSSP, provide a centralised reference system and assist in the audit process. 2. Security and Safety Files:
a. Internal and External CSSP Updates and Amendments b. CSSP Distribution List c. Security Equipment List and Floor Plans d. Safety Equipment List and Floor Plans e. Access Control Card Request and Issue Record f. Master Key and Password Register g. Training Courses and Programmes h. Security and Safety Drills i. Fire Marshalls / Floor Wardens j. Reviews, Inspections, Assessments and Audits k. Incidents, Threats and Breaches of Security l. Service and Maintenance Contracts, Schedules and Reports m. Visitor and Control Room Logs n. Approved Vendor List
3. Maintenance of Records - identifies the location and security of the records and files that are to be retained for a minimum of five (5) years from the date of preparation.
3.5 SECURITY SYSTEMS AND PROCEDURES This section of the CSSP will include the following elements:
1. Security Guards - include roles, responsibilities and post instructions for the access control of the banks facilities. 2. Entry Point Screening Procedures - identifies the procedures for permitting access to a facility for staff, visitors, customers and vehicles. 3. ID Cards / Access Control Cards -includes the request, issue, replacement and cancellation procedures for the cards. 4. Locks and Keys - identifies the distribution, storage, management and recording of all keys, lock changes and master keys. 5. 5. Restricted Areas - identifies and lists the locations considered sensitive, high risk and vulnerable whose loss would severely impact on the business operation and the security and safety of the bank. 6. Security and Safety Equipment Systems - includes the operational capability, locations, specifications, standards, testing and maintenance for installed equipment and systems in the following locations:
a. Main Buildings b. Branches c. Restricted Areas d. Cash Holding Facilities (Vaults and Safes) e. ATMs f. Data Centres and Back Up Sites g. Disaster Recover (DR) Sites h. Warehouses
7. Asset Protection - identifies the cash and types of valuables held by the bank and the levels of security needed for their protection. 8. Cash In Transit (CIT) - provides the internal procedures and processes in the receipt, accounting and delivery of cash and the coordination with external service providers in its transportation. 9. Communications Systems - identifies the relevant systems used by the security personnel and the effective management of their use. 10. Disposal of Sensitive Material -identifies the procedures for the disposal of sensitive electronic data stored on equipment and confidential documentation. 11. Clear Desk Policy - identifies the procedures for the accessibility of confidential documents in Individual workspaces.
3.6 SECURITY AND SAFETY THREATS AND RESPONSES This section of the CSSP will include the following elements:
1. Identification of Threats and Risks - provides a summary of the main threats and risks concerning the banks staff, assets and customers. 2. Security and Safety Response Procedures - provide a detailed list of the main events and the response procedures in mitigating their effects. The following are to be included within the CSSP:
a. Bomb Threats (vehicle and Package) b. Armed Robbery c. Burglary d. Shooting e. Fire
3. Travel Security - identifies the risks and mitigation procedures when travelling as individuals and in groups. Considerations are to include the following:
a. Air b. Vehicle (Company and Private) c. Hotels
4. Search Plans - provide detailed procedures for searching and checking during routine operations and elevated threat levels. The following are to be included within the CSSP:
a. Buildings b. Cars c. Armoured CIT Vehicles and Trucks d. Stores Delivery Vehicles e. Personnel
3.7 SAFETY SYSTEMS AND PROCEDURES This section of the CSSP will include the following elements:
1. Fire Systems and Equipment - provide a detailed list of the equipment, function, location, specification and operating capability of the installed systems in each facility. The following are to be included within the CSSP:
a. Fire Detection Equipment b. Fire Alarm and Control System c. Fire Suppression Equipment and Systems (Sprinklers, Extinguishers and Hose Reels)
2. Emergency Response Procedures - provide detailed instructions for personnel in the event of discovering a fire or smoke condition. 3. Emergency Evacuation Procedures - provide detailed instructions and plans on the emergency evacuation procedures of a facility. 4.
First Aid - identifies the personnel trained to deal with First Aid and the equipment they have available to use. Section 3 Electronic Security and Safety Systems
This section should be read in conjunction with " the Financial Sector Safety and Security Guidelines CCTV Specifications Summary" issued by circular No.(69427/149), dated 20/11/1440H, Corresponding to 22/07/2019G .Synopsis
This section describes the minimum requirements and standards for Electronic Security and Safety Systems installed throughout the banks facilities.
1.0 INTRODUCTION The purpose of installing electronic security and safety systems is to enhance the physical measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximized to best effect.
Due to the variety and availability of internationally recognized standards it is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.
The every increasing availability of systems, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependent upon the security and business requirements of the bank.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all electronic security and safety system installations.
2.0 CCTV SURVEILLANCE AND RECORDING SYSTEM The use of a CCTV Surveillance and Recording system is an essential element in an effective security and safety screen. The systems main functions within the bank environment are as follows:
1. Visual deterrence 2. Proactive and preventative surveillance on suspicious activity 3. Identification of individuals 4. Visual evidence in criminal investigations 5. Visual confirmation in the event of an incident 6. Post event analysis
The installation and connection of a CCTV surveillance network should consider the integration with related systems such as the Access Control, Intruder, Building Management and Fire Alarm systems.
2.1 General Requirements and Standards To ensure appropriate equipments, systems, services and their security are incorporated throughout the banks facility, the following are considered a minimum requirement for all locations:
1. All Installed equipment is to include a one (1) year warranty period as standard. 2. On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. A minimum schedule should include two (2) visits per year.
CCTV Cameras:
1. CCTV camera types employed throughout the banks facilities are dependant upon their purpose and can be a mixture of both fixed and dome type. 2. Dependant upon the purpose and requirement of the camera the picture/image type can be:
a. Black and White b. Colour c. Combination (Day/Night)
3. To ensure the security of the connections and cabling of the cameras all exposed cabling is to be encased in steel tubes no less than 1.5mm thick. 4. Pinhole Camera - Minimum Requirements:
a. Resolution: 500 TVL b. Lens: 1/3 inch c. Fixed Iris Lens: 3.8mm d. Back Light Compensation (BLC) e. Illumination: 0.1 Lux
5. Fixed Camera - Minimum Specification:
f. Resolution: 500 TVL g. Lens: 1/3 inch h. Video Motion Detection (VMD) -through DVR l. Auto Iris Lens j. Back Light Compensation (BLC) k. Illumination: 0.1 Lux
6. PTZ Camera - Minimum Specifications:
a. Resolution: 500 TVL b. Lens: 1/4 inch c. Optical (x22) and Digital (x10) Zoom d. Auto and Manual Focus e. Pan Range: 340 deg f. Tilt Range: 90 deg g. Pan-Tilt Speed: 300 deg / sec h. Back Light Compensation (BLC) i. Illumination: 0.1 Lux
7. External Cameras - Minimum Requirements:
a. Positioned to cover all access and entry points for a facility. b. Provide effective picture quality at both day and night. This can be achieved by correct positioning, shielding from the sun, In-built LED lighting and/or external illumination. c. Fully enclosed in a weatherproof and vandal resistant housings. d. Positioned at a minimum height of 2.5m.
8. Internal Cameras - Minimum Requirements:
a. Provide effective picture quality at both day and night. This can be achieved by correct positioning, built in LED lighting and/or external illumination. b. Positioned at a minimum height of 2.5m and not vulnerable to approach without surveillance.
CCTV Digital Recording System:
The central element of the CCTV surveillance system is the recording medium. To ensure effective management, recording and storage of surveillance material it is to be undertaken in a digital format.
The type of system installed is dependant upon the requirements and capability of the bank. Ultimately, this can be either a hardwire system or an IT based solution.
1. The recording equipment is to be secured (as well as its power supply) separately in an enclosed and lockable cabinet / container that is securely fixed. 2. To ensure the integrity and continuous operation of the recording and surveillance equipment in the event of a power failure a separate battery back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 30 minutes. 3. The location of the recording equipment is essential in maintaining its integrity and in the prevention of tampering. The following options are available for its placement:
a. Security Control Room b. Communication Room c. Data Room d. Cash / Operations Officer (if located within the secure Teller Area)
Monitors:
To ensure effective monitoring and viewing of the CCTV surveillance system a 17" screen is to be considered as a minimum for all identified locations.
2.2 Detailed Requirements - Main Buildings The classification for main buildings includes all facilities not separately covered within these guidelines. They include the following types:
1. Head Office Buildings 2. Regional Buildings 3. Data / Computer Centres 4. Disaster Recovery Sites 5. Warehouses
To ensure an effective recording period is adopted for all main buildings a minimum storage period of 1 month is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.
In addition to the general requirements listed above the following standards are to be considered as minimum requirements for CCTV surveillance and recording systems in all main buildings:
CCTV Cameras - Surveillance Area:
1. External coverage of all entry and exit points 2. Internal coverage of customer reception areas and staff entrances 3. Internal coverage of entry and exit points 4. Floor access points that include stairwells and elevator lobbies 5. Restricted Areas that require internal surveillance include:
a. Data and Computer Rooms (including individual aisles) b. Security Control Rooms
CCTV Digital Recording System:
The operation and storage of the system is to be located in the Security Control Room. For smaller buildings it can be located in a secure area and monitored from the reception and/or the security guard position.
2.3 Detailed Requirements - Branches and Cash Holding Facilities The primary risks and threats facing the banks are against its branch network and cash holding facilities. The geographic diversity and storage of cash / valuables makes them an attractive target for criminal activities.
In combination with other related systems the CCTV surveillance capability plays an essential role in deterring, recording and monitoring the potential risks.
The requirements covered within these guidelines include male, female and combined branches. Where combined branches are concerned they are to have separate recording and monitoring systems and controlled independently of each other.
To ensure an effective recording period is adopted for all branches and cash holding areas a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required. If specific recorded data is requested by SAMA a copy is to be retained by the bank for a period of 1 year.
In addition to the general requirements listed above the following standards are to be considered as minimum requirements for all branches and cash holding facilities:
1. Cash In Transit (CIT) Route - the bank is responsible for the continuous and uninterrupted CCTV recording of cash and valuables once it has arrived at the property until the time it has left the property. This is to include the following:
a. External arrival / departure point b. The transit route through the branch or cash holding facility c. Transfer point to bank staff d. Cash Handling Area e. Transfer to Storage Area f. Storage Area (Vault / Safe / Safety Deposit Boxes) g. ATM service room and access door
2. CIT Call Point - at the recognised access point for CIT operations a Call Point is to be fitted (bell / Video Speaker Phone) to alert the Cash Officer and/or Security Guard. 3. Branch - in addition to the above requirements the following areas are also to be covered by CCTV cameras:
a. Tellers - a camera is to be located behind the teller positions and cover a maximum of two (2) teller locations. The camera is to include facial features of the customers and the area around the teller. The coverage of VIP tellers is also to be covered. b. Entry and Exit Points - all doors that exit the building are to be monitored internally. These include main, service entrances and emergency exits. Internal stairwells and access points to upper floors are also to be covered. c. Customer Lines - a camera is to monitor the customer lines.
4. Monitors - the surveillance and monitoring of the installed cameras is to be undertaken by the Cash Officer and nominated representatives. Security guards are only to be provided surveillance of the external areas, public areas and the entry points to the building.
Monitors are to be positioned so that the images are not clearly visible to the customers.
No more than sixteen (16) images are to be displayed on the monitor at any one time.
2.4 Detailed Requirements - ATMs In addition to, and for the same reasons, the risk and threats facing the branches and cash holding areas, the ATMs are also a potential target for criminal activities.
To ensure an effective recording period is adopted for all ATMs a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.
Whilst the ATMs located in the branches are supported by their security system, all ATMs are to incorporate the following minimum requirements:
CCTV Cameras - Surveillance Area:
1. External Camera - to monitor the activity in front of the ATM and include the immediate area around the customer / vehicle. 2. Internal Camera - to clearly monitor the facial features of the customer.
CCTV Digital Recording Equipment:
1. Branch ATMs - are to be connected to the branch recording system. 2. Off Site ATMs - are to have a separate recording unit or server-based system.
Sufficient ventilation and cooling are to be available to the installed equipment to ensure effective and continuous operation.
2.5 Additional Considerations In addition to the minimum requirements listed above for the CCTV surveillance and recording system the bank could implement a Central Monitoring System (CMS) which is considered preferable by SAMA.
The adoption of a CMS will provide a remote monitoring and (possible) recording capability that will enhance the banks' ability to respond to incidents and effectively mitigate the potential losses and damage as a result of a serious event that would affect its staff, assets, business and customers.
SAMA is currently reviewing this option for kingdom wide implementation with the following considerations:
1. Bank Controlled CMS 2. Police Controlled CMS 3. Privately Controlled CMS
3.0 ACCESS CONTROL SYSTEM An Access Control System is designed to provide a centralised control, management and recording of personnel throughout the banks facilities.
To ensure effective security of the banks facilities; Its critical assets, and the prevention of unauthorised access a dedicated system is to be employed.
Electronic Access Control Systems include the following types:
1. Proximity Cards 2. Biometric 3. Digital Keypads
Access Control utilising mechanical locks and keys are Included within Section 4 'Physical Security and Safety Systems'.
To ensure the integrity and continuous operation of the Readers in the event of a power failure a separate battery back up supply is to be incorporated within the reader / controller. The internal battery is to have a minimum back up capability of 30 minutes.
Access control systems that utilise controllers are to have a maximum of eight (8) doors controlled from a single unit.
The central database for maintaining the record of authorised personnel and the access log is to have a separate automatic / simultaneous back up capability.
To ensure effective security, control and recording of specific locations and Restricted Areas, all banks are to implement one (1) of the above systems, mechanical alternatives or a combination of them and retain a log of events for a period of 6 months.
ID Cards:
All staff, contractors and visitors are to be issued and clearly display an ID Card that identifies them whilst in the banks facility.
The cards may be incorporated within the Access Control system technology described above or be independently produced.
All banks are to ensure an effective system is adopted for the process of requesting, issuing and managing of the ID Cards.
4.0 INTRUDER ALARM SYSTEMS An Intruder Alarm System incorporates a number of different sensors to detect and alarm in the event of unauthorised access or presence.
All alarms are to be controlled through a panel and have both local and remote capability. Remote capability may include one (1) or a combination of the following options:
1. External and separate Building / Branch / Security Control Room 2. Regional Building 3. Centralised Monitoring Station (CMS)
The remote location must have a 24-hour monitoring capability to ensure an effective response.
The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from any one of the identified systems.
The Intruder Alarm panel can either be a separate system or be combined with the Fire Alarm System.
The panel is to be located in a secure location and situated within a Restricted Area. Remote keypads for arming / disarming are to be located close to the exit of the area to be alarmed and not in a public area of the building or branch.
To ensure the integrity and continuous operation of the Intruder Alarm panel and its sensors / detectors in the event of a power failure a separate battery back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 48 hours.
The following sensors / alarms are to be fitted in the locations identified:
Hold Up / Panic Buttons:
These are designed to be activated if the operator / user is being attacked or threatened. The buttons are to be fitted in the following locations:
1. Teller Positions 2. Cash Officer 3. Cash Handling Area 4. Branch / Operations Manager 5. Vault / Safety Deposit Room 6. Security Guard (Branch) 7. Reception Desk (Main Buildings) 8. ATMs
The buttons can be of double operation and suitably protected and positioned against false activation.
Passive Infra Red (PIR) Sensors:
PIR sensors are designed to detect movement in a given area under their surveillance. Sensors are to be a minimum of dual technology and Include enhanced features to minimise false alarms. The sensors are to be fitted in the following locations:
1. Access points to the Teller Area 2. Access route and door to the Vault / Safe / Safety Deposit Room 3. Emergency Exit doors (Ground Floor) 4. Data / Computer Room 5. Disaster Recover (DR) Sites 6. ATM Cabinet 7. ATM Service Room
The PIR sensor is to have a visual LED self-test capability to demonstrate when movement is detected. This is to be active when in the armed or disarmed mode.
Seismic / Vibration Sensors:
Seismic sensors are used to detect vibrations from all types of attacks through solid structures. The primary purpose of the sensors is to protect and prevent access to the vault, cash holding areas and ATMs.
All sensors are to be flush mounted within the floor (where applicable), wall and ceilings and be suitably protected using a protective cover to prevent damage and as a trip hazard.
Locations to be fitted with seismic sensors are as follows:
1. Vaults - to cover all 4 walls, ceilings and floor (where there is a basement) 2. ATMs - to be fitted inside the body / cabinet of the unit
Additional sensors are to be fitted to walls and ceilings adjoining other commercial or private properties.
Magnetic Door Contacts:
Restricted Areas identified above that do not have Electronic Access Control Systems are to incorporate Magnetic Door Contacts and linked to the Intruder Alarm Panel. Additional locations include all ground floor Emergency Exit doors.
Magnetic Door Contacts are to be fitted to the internal side of the door and located at the top open corner. Dependant upon the construction material and design of the door alternative contacts / switches may be used.
All doors with Magnetic Contacts are to have effective heavy duty door closures fitted.
Glass Break Detectors:
Glass Break Detectors are to incorporate dual technology that is capable of analyzing both flex (impact) and audio (shattering) frequencies.
Prior to the fitting of the sensors the glazed areas are to be checked for their type (sheet / tempered / laminated) to ensure their effectiveness.
If the glazed panels have film fitted, are of tempered or laminate type there is no requirement for the detectors.
Where sheet glass is used it is to be supported by the detectors.
5.0 FIRE DETECTION, ALARM AND SUPPRESSION SYSTEMS The installation of a dedicated, integrated and effective fire detection, alarm and suppression system is critical for the safety of the banks staff, assets, business and customers.
The installation of smoke detectors is to be included in all rooms, stairwells, corridors, lift shafts, and public areas of a banks facility.
Fixed temperature thermal detectors are to be fitted to all kitchen and tea room facilities. Special attention is to be given to the fitting of thermal detectors within ATMs.
To ensure effective identification and response to a potential alarm activation a maximum of 20 detectors are to be registered in each zone if the system is not of the addressable type.
Manual Call Points are to be installed next to emergency exits, escape routes and located close to the fire extinguisher and hose reel points. The distance between Manual Call Points should not exceed 30m.
On the activation of an alarm an audible ringing is to be heard throughout the entire facility. An audible bell and visual strobe is to be visible from outside the facility.
The internal bells are to be rated at 108 dB and external bells at 120 dB.
The strobe is to remain active until the system has been reset.
Both the strobe and bells must be tamper resistant.
All cabling is to be fire rated and not run alongside power cables.
All banks are to ensure the fire alarm panel has both local and remote capability. Remote capability may include one (1) or a combination of the following options:
1. External and separate Building / Branch / Security Control Room 2. Regional Building 3. Centralised Monitoring Station (CMS)
The remote location must have a 24-hour monitoring capability to ensure an effective response.
To ensure the Integrity and continuous operation of the Fire Panel, detectors and suppression systems in the event of a power failure a separate battery back up supply is to be incorporated. The internal battery is to have a minimum back up capability (under normal load) of 48 hours and then maintain the activation of the alarm for a further 5 minutes.
The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from the panel.
The Fire Alarm panel can be implemented as a separate system or combined along with the Intruder Alarm System. It is to be located in a secure room and remote annunciator panels near personnel operating on a 24 hour shift.
All installed equipment is to Include a one (1) year warranty period as standard.
On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. A minimum schedule should include two (2) visits per year.
To ensure the effectiveness and capability of the system, regular internal tests are to be conducted. These tests are to be conducted on a monthly basis and the results recorded.
Evacuation procedures and floor plans identifying exit routes are to be prepared and positioned throughout the facility for maximum exposure.
All Emergency Exit doors are to be fitted with mechanical push bars / levers to facilitate a quick and easy access and open outwards in the direction of escape (Section 4).
To facilitate the safe evacuation process from a building once a fire alarm has activated the recruitment and training of Floor Wardens / Fire Marshalls is to be done from with the banks' staff.
Careful selection of individuals and their deputies will ensure all relevant areas are considered and included.
6.0 LIGHTING Internal and external lighting can enhance the security and safety requirements of the bank and assist the surveillance capabilities of the security guards and CCTV surveillance system.
Application, placement and types of lighting are to be carefully considered as part of the overall requirements.
All CCTV camera locations that do not have built in illumination are to be supported by external lighting.
All identified Restricted Areas are to maintain constant illumination.
All branches are to maintain constant lighting throughout the ground floor.
External lighting is to be available for all entry and exit points of a building including emergency exit doors.
Emergency lighting incorporating an internal battery back-up capability is to be available in the event of a power failure and automatically activate.
Emergency lighting is to be fitted in the following locations:
1. Emergency Exit Routes 2. Emergency Exit Doors 3. Fire Extinguisher and Hose Reel Locations 4. Manual Fire Alarm Points 5. Restricted Areas
Emergency lighting must be capable of operating for minimum of 3 hours and fitted no less than 2m from ground level.
Emergency Exit signs that are not self-illuminating and to be covered by the back-up system.
7.0 POWER SUPPLY Whilst the main power for the banks facilities will be supplied from the electrical grid there may be occasions where a disruption or power failure is experienced.
As identified above, all the main security and safety systems are to incorporate an emergency battery / UPS back up system that will provide sufficient power for a minimum of 30 minutes. This is designed to provide sufficient time to secure the premises until normal power is resumed.
In critical facilities the use of emergency generators is to be used. The following locations are to incorporate generators:
1. Head Office Buildings 2. Regional Head Office Buildings 3. Data / Computer Buildings 4. Cash Centres / Main Cash Holding Facilities
Dependant upon business and bank requirements, additional buildings / facilities may be identified for generator back up.
8.0 SERVICE AND PREVENTIVE MAINTENANCE Once systems have been installed it is essential they are properly serviced and maintained by qualified, approved and experienced service providers.
The adoption of a comprehensive service and preventive maintenance contract will mitigate the possibility of system failure in the event of an incident and prolong the life of the equipment.
A minimum schedule of three (3) visits is to be conducted for all locations. Locations include main buildings, branches, data and cash centres, ATMs and warehouses.
8.1 Disposal of Equipment To ensure the security of information contained on hard drives, internal memory and recordable mediums an effective disposal procedure is to be adopted.
Equipment identified for proper disposal are as follows:
1. ATMs 2. Point of Sale Hardware 3. PCs and Laptops 4. Fax Machines 5. CCTV Recording Hardware 6. Servers and Back Up Units 7. CDs and DVDs
Disposal is to take the form of electronic (erasing), or physical (destruction), or a combination of both to ensure the data is permanently removed.
Clear procedures are to be in place for the disposal of the above equipment/items and coordination between the Security and Safety Manager and the Information Security department is to identify the responsibilities dependant upon the internal processes of the bank.
Section 4 Physical Security and Safety Systems
Synopsis
This section describes the minimum requirements and standards for Physical Security and Safety Systems installed throughout the banks facilities.
1.0 INTRODUCTION The purpose of installing physical security and safety systems is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
Due to the variety and availability of internationally recognised standards It is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.
The every increasing availability of, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependant upon the security and business requirements of the bank.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all physical security and safety system installations.
2.0 EXTERNAL SECURITY AND SAFETY MEASURES The first line of deterrence and protection for any facility is the application of measures to secure the external perimeter.
The effective use of measures and systems will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.
2.1 Windows and Glass Panels The increased use of glass in buildings and branches provide an alternative entry point to the much better protected main entrances.
Glass panels provide both a security and a safety risk to a facility, its personnel and customers.
The most vulnerable areas are on ground level and those obscured from public sight. To protect and secure these locations the following options are to be installed:
1. Sheet/Tempered Glass - is to have security/blast film (min 200 microns) attached to the inner surface and be secured within the frame. A minimum thickness of 10mm is to be used for the glass panels. 2. Laminate Glass - does not require additional measures added to the panels.
Laminate glass panels are to be capable of multiple attacks and be tested/certified by internationally recognised standards.
All ground floor windows/glass panels are to be of clear glass (or maximum 10% tint) and lighting is to be left on during 'out of working' hours to maximise external surveillance.
The use of grills and shutters to secure the facility during 'out of hours' can be used but will not reduce the above requirements for the glass panels.
Windows and glass panels in upper floors still require an element of protection for personnel who may be at risk from flying/broken glass. To ensure the safety of personnel in the upper floors the following options are to be installed:
1. Sheet Glass - is to have security/blast film (min 150 microns) attached to the Inner surface and be secured within the frame. 2. Tempered / Laminate Glass - does not require additional measures added to the panels.
2.2 Main Entrances All bank facilities are to have at least one main entrance that is to be used for its primary access control point.
These entrances are to be kept to a minimum to ensure their control of access and surveillance capability. All staff and service entrances are to be treated in the same way.
All glass doors are to conform to the above standards (2.1) in the type and protection required.
All non-glass doors are to be of solid wood or steel construction and fitted with an eye-hole if an observation window is not available.
All access doors to the main entrances are to have a manual locking capability regardless of its primary operating action.
Dependant upon the use of the main entrance, the results of a Security Risk Assessment (SRA) and the procedures identified within the Entry Point Screening procedures of the Corporate Security and Safety Plan (CSSP), the following screening equipment may be required:
1. Baggage X-Ray Screener 2. Archway Metal Detector 3. Hand Held Metal Detectors
2.3 Emergency Exits Emergency exit doors are the primary means of exiting a facility in the event of an incident and should provide unrestricted use from the inside.
As these locations are easily accessible from the outside they are to be secured using the following measures:
Internally:
1. A mechanical push bar/lever is to be fitted to the internal surface. 2. Electronic locking systems are to be on a 'fail open' setting. 3. Magnetic Contact connected to the Intruder Alarm System 4. CCTV Camera 5. An eye-hole. 6. Appropriate exit signage and lighting.
Externally:
1. Flat door plate with no handle. 2. CCTV Camera and PIR.
As part of the fire safety requirements, all routes leading to the emergency exit are to be clear of obstructions and have appropriate signage and lighting to facilitate easy exit.
2.4 ATM Locations In addition to a facilities' cash holding areas the Automated Teller Machines (ATM) are to be considered high risk. The diversity in their locations (Branch, Drive Up, and Stand Alone) and the cash they hold make them an attractive target compared to highly secured locations such as vaults and safes contained within buildings and branches.
Only internationally recognised standards and providers are to be used in the purchase of ATM units.
Whilst the locations are dictated by the bank in conjunction with SAMA and Police approval, there are a number of minimum-security requirements and are as follows:
1. All ATM units are to be securely fixed to a solid base using at least four (4) points. 2. All cabling is to be buried/hidden where possible. 3. All exposed cabling is to be contained within a steel conduit. 4. All waste paper containers should only facilitate the use of receipt slips and be self extinguishing. 5. All ATM units are to have external lighting on 24 hour operation. 6. All intruder/fire panels are to have tamper sensors fitted. 7. All ATM cabinets are to have the following security measures:
a. Access via high security lock and cylinder or electronic access control. b. Door contact connected to intruder alarm panel. c. Seismic/Vibration Sensor (Section 3) d. PIR connected to the intruder alarm panel (Section 3). e. Hold Up Button (Section 3). f. Smoke and Heat Sensor. g. External alarm bell and strobe.
All ATM units are to have CCTV surveillance (Section 3) that is recorded on its own Digital Recording system, or remotely, through the system incorporated within branch it is attached to.
All ATM units are to be connected to a remote Central Monitoring Station (CMS) for the activation of alarms from any of the fitted sensors.
3.0 INTERNAL SECURITY AND SAFETY MEASURES Should the external security and safety measures be defeated and/or bypassed the internal systems are designed to delay and deter criminal activity as part of a layered methodology.
The internal security measures primarily concentrate on the Restricted Areas identified within a facility so that security can be effectively and efficiently focused.
Restricted Areas: are considered as follows:
1. Vaults, Safes and Safety Deposit Rooms 2. Teller Areas 3. ATM Service Rooms 4. Cash Holding Areas 5. Cash Handling Areas 6. Building Access / Entry Points 7. Security Control Room 8. Data / Computer Rooms 9. IT /Communication Rooms 10. Disaster Recovery (DR) Sites 11. Electrical Rooms
Additional locations can utilise either electronic and/or mechanical means to secure their access and include the following:
1. ATM Cabinets 2. Generator Rooms 3. PTT/PABX Room 4. SCECO Switch Room 5. Electrical Rooms
All Restricted Area doors are to have effective heavy duty door closures fitted.
3.1 Mechanical Locks Mechanical locks using keys are a standard means of securing doors throughout a facility.
In addition to the considered use of an electronic access control system, appropriate mechanical locks can be used in conjunction, or as a replacement, for the security of Restricted Areas (Section 3).
To compliment the electronic security and safety measures the physical requirements are as follows:
1. All doors are to be of solid wood or steel construction with same quality material for door frames. 2. All locks/cylinders are to be of high security standard with deadlocking mechanism and resistant to the following:
a. Picking b. Drilling c. Overlift and Reading d. Rap and Rake
3. All hinges are to be of steel heavy duty standard with non-rising or removable pins. 4. All doors are to have heavy duty door closures fitted. 5. All doors are to have appropriate security signage for Restricted Areas.
Restricted Areas are to be completely sealed outside the main entry points that are secured by the above / or electronic means. All false ceilings, floors, AC vents and other access points are to be considered and secured. All walls are to be of brick/block construction.
The other major consideration concerning mechanical locks is in the security and control of the keys.
As part of the requirements of the Corporate Security and Safety Plan (CSSP) the following is to be established for keys that access Restricted Areas:
1. Log of all keys and the controlling department. 2. Secure storage and issue procedures. 3. Cylinder / Lock / Key replacements. 4. Regular audits / inspections of the keys and issue log. 5. Issue, storage and security of master keys and blanks.
3.2 Teller Areas The teller areas are considered a Restricted Area and incorporate a number of electronic security systems/sensors (Section 3) to protect them during working and silent hours.
The main threat against the tellers is a hostile attack from a customer, armed robbery and direct access to the vault, safe and/or cash holding area.
In consideration with the electronic systems, security guards and effective procedures that accommodate the main threats, the following options are available for protecting the teller area:
Option 1: Open Cash Drawer
1. Tempered/Hardened glass (Min 10mm in thickness) is to be fitted to the top of the teller counter and extend for a minimum of 2m in height. 2. Construction below the counter is to be of double brick/block with an external layer steel sheet.
Option 2: Automated Cash Dispenser
1. An Automated Cash Dispenser is fitted to each teller position. The dispenser is to be securely fixed to the floor using at least 4 points and have the following security measures:
a. Mechanical / Electronic access control mechanism. b. Seismic / Vibration sensor (Section 3).
3. Suitable and appropriate signage is to be used to identify the use of Automated Cash Dispensers.
The main purpose of the above options is to provide additional delay for the police to respond as well as maximising the protection of the teller personnel, branch staff and customers.
As a result of a Security Risk Assessment (SRA) of the branch there may be a requirement to fit tempered/hardened glass to the top of the teller counter for Option 2. This will be dependant upon the risks identified in the area.
3.3 VAULTS AND SAFES The primary storage, security and safekeeping for the majority of cash holdings, valuables and high value documents in a facility are kept in the designated vault and/or safe.
Vault
In addition to the electronic security systems identified in Section 3, the following physical measures are to be incorporated:
1. Vaults are to have walls, floor and ceiling of steel reinforced concrete with a minimum thickness of 30cm. 2. Reinforcing is to be in horizontal and vertical staggered rows of 10cm forming a grid pattern using No5 diameter deformed steel bars. A minimum of at least two (2) grid patterns shall be used. 3. The grids are to be in parallel with the face of the walls and secured using beam bolsters, wall ties or upper continuous high chairs and fastened together at the corners. 4. The use of modular panels can be used if materials are rated to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 60 minutes. 5. The main door is to be constructed of high strength stainless steel with a minimum thickness of 10cm. The door is to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 60 minutes. 6. A double rotary mechanical combination and key system is to be used for access control of the main door. The keys are to be under dual control of two (2) senior bank/branch officers. Spare keys are to be kept and combinations are to be kept In a neighbouring branch vault. 7. The frame of the main door is to be welded to the walls reinforcing bars and filled with concrete. 8. A steel day gate is to be fitted with two (2) high security cylinders on both sides. 9. If an optional emergency door is installed it must conform to the specifications of the main door. 10. An emergency vault ventilator must be provided in the wall or vault door. 11. A telephone is to be fitted inside the vault. 12. All cables connected to the vaults security and safety systems are to be secured and protected within steel conduit.
Storage Requirements The purpose of the below table is to provide a minimum security requirement for the identified amounts of cash and valuables. Where extremely high amounts (in excess of SR 20,000,000) are stored, protection levels and specifications are to be investigated and assessed separately. Storage Requirement for Cash and Valuables
Amount / Value
(Cash and Valuables)
Storage Type Over SR 2,000,000 Vault SR 500,000 to SR 2,000,000 Safe 'Type A' Up to SR 500,000 Safe 'Type B' Safes
A safe is defined as a free standing, prefabricated secure storage unit whose protection originates in the prefabrication and which does not have holes through the protection other than those for locks and cables for anchoring.
The safe is to be designed and manufactured to meet stringent international testing authority standards and be approved and/or listed by an international recognised testing laboratory or agency.
The safe is to have a dual control mechanism that consist of one (1) of the following:
1. 2 x Combination Locks 2. 2 x Key Locks 3. Combination and Key Lock
The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.
The safe must be positioned in a Restricted Area will the associated protection and systems identified within these guidelines.
Type A:
The minimum weight for this safe is 750kg (empty) and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.
All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 30 minutes.
Type B:
The minimum weight for this safe is 200kg and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.
All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 15 minutes.
3.4 Safety Deposit Box Room Customer safety deposit boxes are to be contained within a room that incorporates the same requirements and standards as listed above for a vault.
The electronic security systems (Section 3) are also those required for this location. Special attention in the fitting of the internal CCTV camera is to be considered to ensure it does not cover the area designated for the customer to inspect its content.
All safety deposit boxes are to have dual control high security cylinders.
3.5 Strong Rooms In addition to the use of the above listed vault and safes there may be a requirement to store other sensitive material and documents separately. These items may include the following:
1. Documents classified Confidential and above. 2. Stocks of Cheque Books. 3. Bills, Securities and Guarantees. 4. Official Seals 5. Shares and Bond Documents 6. Spare Master Keys
If existing facilities for storage are not available, the strong rooms are to have the same requirements designated for the vault. The only differences are as follows:
1. Vaults are to have walls, floor and ceiling of steel reinforced concrete with a minimum thickness of 15cm. 2. The main door is to be constructed of high strength stainless steel with a minimum thickness of 10cm. The door is to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 15 minutes.
3.6 Cabinets In addition to the above listed secure storage rooms there may be a requirement to secure and protect other materials.
The use of cabinets primarily provides protection against fire and environmental damage. Whilst they do provide a level of security this should be considered limited.
All cabinets are to have locks that, if tampered with, will provide visual evidence.
Fire Resistant Cabinets:
The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.
The fire resistant cabinets are designed to protect environmentally sensitive items such as:
1. Microfilms and Microfiche 2. Insurance Files 3. Documents classified below Confidential
Steel Cabinets:
The steel cabinets are designed to protect sensitive items such as:
1. Account Documents 2. Unclassified Mail 3. Specimen Signatures 4. Date, Authority and Signature Stamps 5. Registers 6. Security and Safety Plans
3.7 Fire Safety Equipment The risk of a fire in a facility is potentially greater than any other form of hazard or incident type. The ability to effectively detect and quickly extinguish a fire is critical in minimising the potential damage to life and the assets of the bank.
In addition to the electronic safety systems (Section 3) it is the use of automated and hand held fire suppression systems that will ensure an effective response.
The positioning, quantity and use of these equipments are available through international standards (eg NFPA), Civil Defence standards and requirements. These should also be clearly identifies within the Corporate Security and Safety Plan along with the identification of responsible personnel, their training on how to use the equipment and in emergency evacuation procedures.
The main suppression equipment types are as follows:
Water Sprinkler Systems:
Dependant upon Civil Defence requirements on the locations, standards and specifications the bank is to install an automated water sprinkler system to all underground car parking areas.
Clean Gaseous Systems:
In sensitive electrical locations there is a requirement to minimise the damage to the equipment in the event of an automated system activating.
This is achieved by using a system such as FM200 (or equivalent) but will require the room to be sealed against air leaks. Due to the non toxic nature of this type of system it is also considered essential in similar areas that are occupied by bank staff and/or contractors.
Fire Extinguishers and Fire Hoses:
A wide range of fire extinguisher types are available (water, powder, chemical) and their positioning will be dependant upon the locations they are designed to protect.
The majority of extinguishers will be water based (Class A Fires). Electrical / Computer rooms will require the use of dry powder types (Class C Fires) and positioned accordingly. The minimum capacity for any extinguisher is to be not less than 6kg.
Should extinguishers over 10kg be required they should be trolley based.
The positioning of fire hoses is to ensure sufficient coverage is achieved between them so that no area cannot be reached or is inaccessible.
Emergency water supplies are to be available to support the hoses in the event of a failure of the mains water supply. This can be achieved by reserving a given amount of water in the existing water tanks or by having a separate tank specifically for the fire fighting system.
The use of generators (Section 3) will also be required to support the pumps in the event of power loss.
Signage is to be located at each position where extinguishers and fire hoses are fitted.
As a minimum requirement they are to be located in the following areas:
1. Floor lobby areas 2. Emergency Exits 3. Restricted Areas (Fire Extinguishers dependant upon type required) Section 5 Cash in Transit - Bank Procedures
Synopsis
This section describes the minimum requirements, procedures and standards for Cash in Transit (CIT) operations for all banks.
1.0 INTRODUCTION The Cash in Transit (CIT) operations currently pose the greatest risk to the banks. It is during the transit and movement of cash and valuables between the secure storage locations that it is most vulnerable.
This section describes the internal procedures and requirements of the bank for the movement, handling and safeguarding of cash and valuables.
As all banks outsource the CIT function a separate document has been prepared for companies that provide this service.
This section is designed to work in coordination and conjunction with the other section requirements outlined within the SAMA Guidelines.
2.0 DEFINITION OF TERMS Cash:
Includes both local and foreign currency bank notes and coins.
Valuables:
Includes all negotiable documents and materials such as cheques, bills, bonds and guarantees. This also includes precious stones, metals and customer safety deposit boxes.
CIT Manager:
This person is assigned by the bank and responsible for the internal coordination of the CIT service and is to be assisted by identified personnel for kingdom wide operations.
Consignor:
The person or party involved in the dispatch/sending of the cash or valuables.
Consignee:
The person or party involved in the receipt of the cash or valuables.
3.0 RECORDS AND DOCUMENTATION To ensure the security and safety of the CIT operations the bank is responsible for maintaining and coordinating the necessary documentation for the movement and handling of cash and valuables.
The following records and documentation are required:
1. CIT Operating Schedule - an operating schedule is to be prepared by the bank or CIT service provider for all transportation, deliveries, pick ups and ATM replenishments. The schedule is to be sent to the police by the end of the previous working day. Copies of the schedule are to be held by the bank and CIT service provider. 2. CIT Transfer Record - a transfer record of all cash and valuables is to be maintained by the bank and include the following:
a. Names and signatures of carriers, consignees and consignor b. Date and time of transfer c. Cash amount or content of consignment d. Condition of consignment e. Seal numbers f. Departure and destination
3. Corporate Security and Safety Plan (CSSP) - the CSSP is to include a detailed list of procedures and processes for the internal movement and handling of cash and valuables. These procedures are to be sent to SAMA for verification and approval. Procedures are required for the following:
a. Custodians / ATM replenishment teams b. Branches (Vaults / Safes / Safety Deposit Boxes) c. Cash Centres / Holding Areas
The bank is responsible for the compliance of these guidelines and may utilise the services of an external security consultant to ensure the CIT requirements are met for all applicable facilities and equipment.
The CIT Manager and/or the Security and Safety Manager are responsible for the implementation, coordination and maintenance of the above requirements.
4.0 TRANSPORTATION REQUIREMENTS The external transportation of cash and valuables is primarily undertaken by CIT service providers. The requirements, procedures and regulations for these companies are contained within the separate document 'Cash in Transit Procedures for Transportation Companies'.
To ensure the secure and safe movement and handling of cash and valuables, the minimum requirements for banks are as follows:
1. Canvas Bag Container - to have a double flap and be capable of attaching a uniquely numbered plastic or metal seal. 2. Cassette Container - to be constructed of heavy duty plastic or metal and be capable of attaching a uniquely numbered plastic or metal seal. 3. Self Sealing Container - to be constructed of thin gauged plastic and be individually coded and/or numbered.
The bank is responsible for the coordination, verification and performance of the CIT service provider. Regular assessments of the service providers' procedures are to be conducted by the CIT Manager, Security and Safety Manager and/or external consultant.
The transportation of cash and valuables outside the banks property is to be notified to the appointed police contact by the bank or CIT service provider.
Should the CIT service provider not be able to deliver a consignment in time the SLA is to clearly identify the procedures for storing and securing it until it can be delivered.
The use of the above-mentioned CIT Operating Schedule will ensure the police are aware of the routes, locations and activities.
Whilst it is preferable to have a police escort and presence during the delivery operations and ATM replenishment it may not be possible due to availability of resources. It is the banks responsibility to ensure they are informed and maintain the CIT schedule they, or the service provider, has established.
The CIT Manager is responsible for the coordination of the schedule and that the police are provided sufficient notice.
5.0 CIT-PREPARATION To ensure suitable supervision, accountability and security in the preparation of the cash and valuables for transportation, this is to be a dual control operation. A minimum of two (2) bank employees are responsible for the counting, packing and sealing of the bags/containers. Ultimate responsibility is with the following personnel:
1. Cash Officer 2. Chief Cashier / Teller
Nominated deputies can undertake this task but must be authorised by the above.
Dual control is to be maintained until the transfer has taken place and the CIT Transfer Form has been completed.
The Branch Manager or Cash Centre Manager is to coordinate with the above staff to identify the transfer of cash and valuables for the next working day with the CIT service provider.
The CIT Manager or representatives are to ensure the CIT Transfer Forms and Records are correctly completed, maintained and securely stored for each location.
6.0 CIT-DISPATCH Once the preparatory phase has been completed the two (2) authorised personnel are to recheck seals and the security of the bags or containers and verify the transporting personnel against their ID cards.
On completion and signing of the CIT Delivery Receipt Form the bags or containers are to be handed over to the authorised carriers.
The original and a copy of the CIT Transfer Form are to be sent in a sealed envelope to the consignee.
If cash or valuables are being sent to SAMA an authorised bank employee is to be present during the handover. The authorised employee is to acknowledge the receipt of the consignment from the carriers after checking the bags or containers are securely sealed.
The authorised bank employee is then to deposit the consignment, forward the deposit receipt and record the transaction.
7.0 CIT - RECEIPT Only authorised bank employees are to receive the cash and valuables from the carrier along with the CIT Transfer Form.
On verifying that the bags or containers are securely sealed the two (2) authorised bank employees are to sign the CIT Delivery Receipt Form.
On confirming the contents of the bags or containers are correct and in order, the two (2) authorised bank employees are to sign the CIT Transfer Form.
On completion and recording of the checks and receipt of the consignment, a copy of the CIT Transfer Form is to be sent to the consignor.
The Cash Officer or Cash Centre Manager is responsible for checking the forms and records in line with the procedures laid down in the CSSP.
Cash and valuables being received from SAMA is to follow the above (6.0) requirements.
8.0 CIT - DISCREPANCIES If a discrepancy Is identified during the preparation, receipt or delivery of cash and valuables the following actions are to be undertaken:
1. Insecure Bags or Containers - in the event of tampering, missing seals and/or any other signs of insecurity of the bags or containers they are to be refused unsigned and returned to the carrier immediately for investigation.
The authorised checking personnel are to make a report and the following are notified and sent a copy of the report:
a. Cash Officer / Cash Centre Manager b. Branch Manager c. CIT Manager / Regional Representative d. Consignor Manager
When returned consignor the bag or container is to be checked by the original authorised personnel for verification.
In the event of a loss of cash or valuables a report is to be prepared and signed by both the consignor and consignee.
2. Discrepancy in Cash or Valuables - in the event of a discrepancy between the CIT Transfer Form and the contents of the bag or container the above actions are to be followed once a confirmation has been made between the Branch Manager / Cash Centre Manager and the consignor regarding the CIT Transfer Form..
All original reports are to be held and maintained by the CIT Manager for safe keeping.
Dependant upon the nature of the incident and whether it was resolved or not, the CIT Manager may involve the Security and Safety Manager and/or other identified personnel should further investigations be required.
Training is to be provided for personnel authorised to conduct these operations that includes the following:
1. Anti Money Laundering (AML) 2. Procedures and processes for the movement of cash and valuables as per the CSSP 3. Procedures in the event of armed robbery and/or criminal acts
9.0 ATM The replenishment and servicing of Automated Teller Machines (ATM) is to be regarded as a CIT operation when the machine cannot be replenished within a secure area.
The replenishment operation is to be undertaken by a minimum of two (2) authorised personnel.
All replenishment operations are to be conducted in the presence of armed guards.
Lobby ATMs:
Where relevant, all doors and access points to the ATM lobby or replenishment area are to be secured and locked prior to the opening of the ATM.
The use of blinds and screens are to be maximised to prevent unnecessary visibility of the replenishment operation.
External ATMs:
The replenishment teams will be assisted by the team in the armoured car. The cash containers are to remain in the vehicle until they are required and are as close to the ATM as possible.
During the replenishment the armoured car team is to remain vigilant and is responsible for the protection of the team and the cash containers.
Dependant upon availability the police may also be present to provide additional security and protection to the replenishment teams and the cash containers.
Should the replenishment schedule change from the prepared itinerary this is to be communicated back to the CIT Manager or regional representative. Any changes are to be sent to the nominated contact in the police to ensure their presence during transit and replenishment operations.
Police presence is dependant upon availability of resources and CIT operations should maintain their schedule of timings and identified routes.
Training is to be provided for personnel authorised to conduct these operations that includes the following:
4. ATM Security and Safety Systems 5. Procedures and processes for the movement of cash and valuables as per the CSSP 6. Procedures in the event of armed robbery and/or criminal acts Section 6 Security Guards for Main Buildings and Branches
Synopsis
This section describes the minimum requirements and standards for Security Guards operating throughout the banks Main Buildings and Branches.
1.0 INTRODUCTION In addition to the installation and implementation of other security and safety measures to protect the banks' main buildings and branches, a security guarding service to be used.
The purpose of using security guards is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximized to best effect.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for the use of security guards for the banks main buildings and branches.
2.0 RESPONSIBILITIES AND REQUIREMENTS The security guard(s) is intended to compliment the use of other security and safety systems, measures and equipment.
The deployment of security guards throughout the banks main buildings and branches is to be closely monitored and supervised by the service provider and the banks personnel.
To ensure sufficient guards are available to carry out their responsibilities, an assessment is to be carried out to identify the quantity and requirements. This can be part of the Security Risk Assessment or undertaken as a separate report.
The security guards can be contractors or directly employed by the bank.
Detailed responsibilities and requirements are to be identified within the Corporate Security and Safety Plan (CSSP) and controlled, monitored and enforced by the Security and Safety Manager.
The primary responsibilities of the security guard is as follows:
1. Provide an effective physical and visual deterrent. 2. Provide effective control of access and entry points. 3. Provide an effective response to security and safety incidents.
The primary requirements of the security guard is as follows:
1. They are to be a Saudi national. 2. Clearly identifiable and appropriate uniform is to be worn at all times. 3. Maintain the Security Guard Shift Report. 4. Fully trained and prepared for their function and location.
All security guard reception/entry locations are to maintain a Shift Report that records all the events and activities for each shift. The security guard/supervisor is to include the following Information:
1. Date, time and guard names for each shift changeover. 2. Suspicious activity identified during the shift period. 3. Incidents/Events during the shift period. 4. Activation of Alarms. 5. Security and Safety equipment check and test.
The Security and Safety Manager is to ensure that the information contained within the Security Guard Shift Report is reported, acknowledged and any appropriate action taken. Apart from immediate/emergency actions the report is to be checked and acknowledged at the start of each working day.
Prior the changeover between shifts, the oncoming guard is to have physically checked his area of responsibility and acknowledged the content of the previous shift report.
All security guard locations are to have detailed Post Instructions that clearly identify their function, responsibilities, incident response and reporting chain. These will form part of the CSSP (Section 2).
The effective use of security guards will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.
3.0 ACCESS CONTROL One of the primary responsibilities of the security guard is the control of access to the building or branch.
To assist in the control and identification of personnel an ID Card system is to be employed by all banks.
All security guards are to be aware of the Restricted Areas within their area of responsibility.
All buildings and branches are to have 24 hour security guard presence and working hours and overtime are to conform to the regulations laid down in the Saudi Labor Law and are the responsibility of the service provider.
The security guards are responsible for the enforcement of a Clear Desk Policy and are to report any infringements within their shift reports.
3.1 Main Buildings To ensure the identity and control of the different personnel working and visiting the building, the following are to be clearly identified:
1. Permanent Employees 2. Contractors 3. Visitors
The security guard is to enforce the wearing and prominent display of the issued ID cards by all personnel working and visiting the building.
A Building Log Sheet is to be maintained at each reception/access point. The log sheets are to include all personnel (without ID) and visitors that enter the building. The information is to include the following:
1. Name, contact number and date 2. Type of ID used 3. Person Visited / Employee Dept 4. Time in and out
Visitors are issued temporary ID cards once the following has been confirmed:
1. Confirmation of visit/appointment by bank employee. 2. Confirmation of visitor by official identification (picture and name).
Visitors are not to be given access without being escorted by the visited bank employee or a security guard. The bank employee is responsible for their visitor until they are returned to the reception desk and logged out.
The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).
3.2 Branches To ensure the identity and control of the different personnel working in the branch, the following are to be clearly identified:
1. Permanent Employees 2. Contractors
The security guard is to enforce the wearing and prominent display of the issued ID cards by all employees and contractors whilst working in the branch.
Customers are only permitted entry during the banks official opening hours.
Cash In Transit (CIT) operations are considered a separately and can be found in Section 5.
Bank employees are only permitted access to the branch during out of hours if prior permission has been provided by the Branch Manager or his nominated deputy.
Access to the branch out of working hours, regardless of permission, is to be visually confirmed by the guard prior to allowing entry.
The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).
3.3 Cleaning Personnel All cleaning personnel are to be escorted and/or supervised whilst working within Restricted Areas during out of hours. This can be undertaken by a bank employee or the security guard dependent upon the policy of the bank.
The contract company providing the cleaning services are to issue a list of all personnel, and their duty hours, to the building reception desk or branch security guard.
Changes to the names and/or hours are to be confirmed in writing by the nominated supervisor/manager of the service provider.
4.0 ADDITIONAL CONSIDERATIONS Whilst it is mandatory for all buildings and branches to maintain 24 hour security, the installation of a remotely monitored alarm/surveillance capability may be considered for the reduction in security guard numbers and presence.
All implemented and/or proposed systems should be prepared in writing and sent direct to SAMA for review and consideration.
Reporting to the Financial Investigation Unit
This circular is currently available only in Arabic, please click here to read the Arabic version.Insurance Sector
Insurance (Draft)
Laws and Regulations
Implementing Regulations of the Cooperative Insurance Companies Control Law
Definitions
Article One
The following words and statements mentioned in this implementing regulations, wherever they occur unless otherwise provided in the text, shall have the meanings indicated below:
1. Law: Law on Supervision of Cooperative Insurance Companies promulgated by Royal Decree No. (M/32) dated 2.6.1424 H, corresponding to 31.7.2003.
2. Implementing Regulations: Implementing regulations provisions of the Law on Supervision of Cooperative Insurance Companies.
3. Governor: The Governor of the Saudi Arabian Monetary Authority.
4. SAMA: The Saudi Arabian Monetary Authority.
5. Person: A natural person or a juristic entity.
6. Insurance Supervisor: A government agency or public institution responsible for the supervision and control of the insurance sector.
7. Insurance: Mechanism of contractually shifting burdens of pure risks by pooling them.
8. Reinsurance: Transfer of the insured’s risk from the insurer to the reinsurer and to indemnify the insurer by the reinsurer for any payments made to the insured against damages or loss.
9. Facultative Reinsurance: An optional case-by-case method of reinsurance. The reinsurer has the option to accept or neglect the offered risks.
10. Treaty Reinsurance: Occurs when the primary insurers cede insurance of certain risks within certain amounts & percentages to the reinsurer and the reinsurer has agreed to accept reinsurance of the assigned risks.
11. Quota-Share Reinsurance: A proportional type of reinsurance treaty, whereby the insurer is required to cede certain risks within agreed percentages to the reinsurer and the reinsurer has agreed to accept the business.
12. Excess of Loss Reinsurance: A nonproportional type of reinsurance treaty whereby the insured is required to cede certain risks within specified amounts in excess of the loss amount, which the insurer has agreed to accept. The reinsurer undertakes to accept the insurance on the assigned risks.
13. Company: A public joint stock company conducting insurance and/or reinsurance activities.
14. Insurer: An insurance company that accept insurance contracts directly from insured(s).
15. Reinsurer: an insurance or reinsurance company that accept insurance contracts from another insurer.
16. Insured: A natural person or juristic entity, which has entered into an insurance contract.
17. Insurance Policy: Legal document/contract issued to the insured by the insurer setting out the terms of the contract to indemnify the insured for loss and damages covered by the policy against a premium paid by the insured.
18. Contribution (Premium): Amount offered by the insured to the insurer in exchange for the insurer’s acceptance to indemnify the insured for loss / damages resulting directly from a covered risk.
19. Beneficiary: A natural person or juristic entity to whom the benefit(s) under the insurance policy is assigned as a result of a covered loss.
20. Insurance Services: Professional activities related to the insurance and reinsurance sector.
21. Insurance and Reinsurance Services Provider: A natural person or juristic entity that is licensed to engage in the insurance and reinsurance services or activities, excluding underwriting, permitted in the Saudi Arabia.
22. Person Providing Insurance and reinsurance Services: A natural person that is licensed to engage in the insurance and reinsurance services or activities permitted in Saudi Arabia who is employed by an insurance services provider.
23. Insurance Agency: A juristic entity that for compensation represents the Company to solicit, procures and negotiates insurance contracts.
24. Insurance Brokerage: A juristic entity that for compensation represents insureds or prospective insureds to solicit, procure and negotiate insurance contracts.
25. Insurance Advisor: A natural person or juristic entity who provides insurance consultative services
26. Loss Assessor and loss Adjuster: A juristic entity that examines and inspects the insurance risk before it is insured, inspects the damages after they occur to determine the reasons for the loss, assesses the value thereof, and assigns liabilities.
27. Insurance Claims Settlement Specialist (Third Party Administrator): A juristic entity that investigates and assesses losses, and negotiates settlements on behalf of the insurance company.
28. Actuary: Person who conduct various statistical and probability theories whereby services are priced; liabilities are assessed and provisions calculated.
29. Underwriting: The process of evaluating and accepting of insurance risk.
30. Retention: The amount of risk kept by an insurance company in its own books, in comparison with insurance risks ceded to a reinsurance company.
31. Solvency Margin: Minimum standard of financial health for an insurance or reinsurance company, where assets exceed liabilities.
32. Technical Provisions (Reserves): Insurance liabilities, i.e. the value set aside to cover expected losses arising on a book of insurance policies and its financial obligations.
33. Statutory Reserves: Percentage of profit that a company must set aside as provided under Article (15) of the Law.
34. Surplus Distribution: Method by which profit of insurance and reinsurance companies is distributed among shareholders and policyholders.
35. Reciprocal Exchange: Unincorporated association with each insured insuring the other insureds within the association. Each participant in this pool is both an insurer and an insured. An attorney in-fact administers the exchange, to include paying losses, investing premium, recruiting new members, underwriting new and renewal business, receiving premium, and exchanging reinsurance contracts. Members share profits and losses in the same proportion
36. Self-Insurance: Retention of any risk by structured means, i.e. the company that is retaining the risk has set up a fund against a future event that is fortuitous and outside the control of the company.
37. Financial Derivatives: A contract whose value is based on the performance of an underlying financial assets, indexes, or other investments.
38. Risk: Situation involving the chance of loss or no loss, but no chance of gain.
39. Compliance Officer: A natural person that is concerned with regulatory work to ensure compliance with all rules and regulations.
Objectives of the Law and the Implementing Regulations
Article Two
Objectives of the Law and its Implementing Regulation:
1. Protection of policyholders and shareholders.
2. Encouraging fair and effective competition.
3. Enhancing the stability of the insurance market.
4. Enhancing the insurance sector in the Kingdom, and provide training and employment opportunities to Saudi nationals.
Classes of Insurance
Article Three
Insurance is divided into insurance and reinsurance business activities, and it covers the following insurance classes:
First: General Insurance
1. Accident and liability insurance including the following:
a. Personal Accident Insurance.
b. Work Related Insurance.
c. Employer’s Liability Insurance.
d. Third Party Liability Insurance.
e. General Liability Insurance.
f. Product Liability Insurance.
g. Medical liability Insurance.
h. Professional Liability Insurance.
i. Theft and Burglary Insurance.
j. Fidelity Insurance.
k. Safe Burglary Insurance inside the premises and in transit.
l. Any other Liability Insurance
2. Motor Insurance: Provides coverage against losses and liability related to motor vehicles, excluding transport insurance.
3. Property Insurance: Provides coverage against fire, theft, explosions, natural phenomena, civil disturbances, and any other insurance included under this class of insurance.
4. Marine Insurance: Provides coverage for goods in transit and the vehicles of transportation on waterways, and any other insurance included under this class of insurance.
5. Aviation Insurance: Provides coverage for airline hulls and liability against passengers and third parties, freight transport by air, and any other insurance included under this class of insurance.
6. Energy Insurance: Provides coverage for oil, petrochemical, other energy installations, and any other insurance included under this class of insurance.
7. Engineering Insurance: Provides coverage for builder’s risks, construction, mechanical, electrical, electronic, and machinery breakdown, and any other insurance included under this class of insurance.
8. Other Classes: includes all recognized classes of general insurance not mentioned above.
Second: Health Insurance
Health insurance provides individual or group coverage for medical costs, medicines, medical and medications requirements as well as management of medical programmes.
Third: Protection and Savings Insurance
1. Protection Insurance: Provides individual or group coverage for death related consequences, and permanent and partial disability.
2. Protection and Savings Insurance: Provides individual or group coverage for death related consequences, and permanent and partial disability with a saving / retirement plan for an additional premium paid by the insured.
3. Other Protection and Savings Insurance: It includes other classes of insurance in the protection and savings insurance not mentioned above.
Licensing Requirements
Article Four
First: Insurance and/or Reinsurance Companies:
A license application including the following shall be submitted to SAMA:
1. Completed licensing application.
2. Memorandum of Association.
3. Articles of Association
4. Organizational structure
5. Feasibility study.
6. Five-years business plan that shall include as a minimum, the following:
a. Classes of insurance that will be undertaken by the Company.
b. Ability to cede or accept reinsurance treaties for the classes the company intend to reinsure.
c. Marketing plan.
d. Projected costs and financing to start the Company’s operation.
e. Projected underwriting growth taking into consideration solvency margin requirements.
f. Expected number of employees and a saudization plan for training and employment.
g. Annual cost based on projected growth rate.
h. Projected financial statements related to the growth rate.
i. Technical Provisions statement for the proposed growth of the insurance operation certified by a qualified Actuary.
j. Branching distribution plan in the Kingdom.
7. Any agreements with outside parties.
8. An Irrevocable bank guarantee issued by one of the local banks for the capital required, such guarantee must be renewed until the capital is paid up.
Second: Insurance and Reinsurance Services Provider:
A license application including the following shall be submitted to SAMA:
1. Completed licensing application.
2. Memorandum of association.
3. Articles of Association.
4. Organizational structure
5. Feasibility study.
6. Three-years business plan that shall include as a minimum, the following:
a. Classes of insurance that will be undertaken by the insurance and reinsurance services provider.
b. Projected costs and financing to start the operation.
c. Projected growth of the business.
d. Expected number of employees and a saudization plan for training and employment.
e. Annual cost based on projected growth rate.
f. Projected financial statements related to the growth rate.
g. Branching distribution Plan in the Kingdom.
7. Any agreements with outside parties.
8. An Irrevocable bank guarantee issued by one of the local banks for the capital required, such guarantee must be renewed until the capital is paid up.
Third: Individuals Providing Insurance and reinsurance Services:
Any individual who wish to practice any of the insurance professions shall obtain a license from SAMA providing that the following requirements are fulfilled:
1. A university degree as a minimum, and five years relevant insurance experience, or an insurance professional designation accepted by SAMA.
2. Pass the examination approved by SAMA to engage in the designated insurance profession, or any other equivalent qualifications acceptable to SAMA.
Article Five
SAMA may apply penalties provided under Article (19) of the insurance law and request application of the penalties stipulated in Article (21) of the insurance law in case of submitting incorrect or false information.
Article Six
1. SAMA shall notify the applicant within 30 working days confirming that the application is complete. Whereby, the application is incomplete SAMA shall notify the applicant of any further requirements or missing documents.
2. All incomplete and/or missing documents shall be provided within 30 working days from SAMA’s notification, otherwise the application shall be cancelled and the applicant must re-submit a new application for consideration.
3. SAMA shall notify the applicant within 90 working days from the receipt of a completed application of its approval, or its rejection by providing reasons.
Article Seven
The applicant shall pay SAMA a non-refundable licensing application processing fee of ten thousand Saudi Riyals (SR 10,000). Upon approval of the application, the applicant shall pay SAMA the following licensing fee:
■ (SR 100,000) One hundred thousand Saudi Riyals for Insurance Company.
■ (SR 200,000) Two hundred thousand Saudi Riyals for Re-insurance Company.
■ (SR 300,000) Three hundred thousand Saudi Riyals for Insurance and Reinsurance Company.
■ (SR 25,000) Twenty five thousand Saudi Riyals for Insurance and reinsurance Services Providers, except the actuary and the insurance advisor.
■ (SR 5,000) Five thousand Saudi Riyals for Actuaries and Insurance Advisors.
Article Eight
Insurance and reinsurance Services shall be provided by a Person licensed in the kingdom with a minimum capital requirement of:
■ (SR 3,000,000) Three million Saudi Riyals for Insurance Brokerage.
■ (SR 3,000,000) Three million Saudi Riyals for Insurance Claims Settlement Specialist (Third Party Administrator).
■ (SR 500,000) Five hundred thousand Saudi Riyals for Insurance Agency.
■ (SR 500,000) Five hundred thousand Saudi Riyals for Loss Assessor and Loss Adjuster.
■ (SR 150,000) One hundred and fifty thousand Saudi Riyals for Insurance Advisor.
■ (SR 150,000) One hundred and fifty thousand Saudi Riyals for Actuary.
Article Nine
Insurance and Reinsurance Services Providers shall obtain an insurance policy to cover professional liability risks for negligence, wrongdoing and dereliction of duties with a minimum coverage limit of:
■ (SR 3,000,000) Three million Saudi Riyals for Insurance Brokerage.
■ (SR 6,000,000) Six million Saudi Riyals Reinsurance Brokerage.
■ (SR 1,000,000) One million Saudi Riyals for Insurance Agency.
■ (SR 3,000,000) Three million Saudi Riyals for Actuary or Loss Assessor and Loss Adjuster.
■ (SR 1,000,000) One million Saudi Riyals for Insurance Claims Settlement Specialists (Third Party Administrator).
■ (SR 500,000) Five hundred thousand Saudi Riyals Insurance Advisor.
Article Ten
The founders of the Company, and owners of insurance professions shall be of good conduct and reputation with no convictions by court action affecting their honor and integrity.
Article Eleven
The commercial registration shall be restricted to the licensed insurance activity. SAMA shall be supplied with a copy of such registration and any subsequent renewals thereof. Any other unlicensed activities shall not be practiced.
Regulation of Insurance Operations
Article Twelve
The Company and all Insurance and Reinsurance Services Providers shall conduct their business according to professional and ethical standards.
Article Thirteen
The Company and all Insurance and Reinsurance Services Providers shall comply with all Saudi accounting standards approved by SAMA. In the absence of such standards, the company shall apply international accounting standards.
Article Fourteen
The Company and all Insurance and Reinsurance Services Providers shall obtain prior written approval of SAMA before dealing with Lloyd’s insurance brokers or foreign companies to cover risks that cannot be covered through a licensed Company in the Kingdom.
Article Fifteen
The Company and all Insurance and Reinsurance Services Providers, in accordance with all rules and regulations issued by SAMA to that effect, shall:
1. Adopt an internal policy and procedures to combat economic crimes including money laundering.
2. Apply “Know Your Customer” standards.
3. Notify the Financial Intelligence Unit (FIU) in writing of any suspected transactions, in accordance with the designated form designed by SAMA with a copy submitted to SAMA.
Article Sixteen
The Company and all Insurance and Reinsurance Services Providers shall provide complete and accurate information regarding their insurance products and services to SAMA. Written prior approval by SAMA is required for marketing all insurance products and services.
Article Seventeen
The Company shall comply with all conditions set by SAMA for specialized inter-companies insurance funds. No given Company may subscribe to such funds outside the Kingdom without obtaining SAMS’s written approval.
Article Eighteen
The company shall provide SAMA with copies of reinsurance agreements on an annual basis. SAMA may comment on these agreements and request amendments if deemed necessary.
Article Nineteen
1. The Company shall not deal with any unlicensed Insurance and Reinsurance Services Providers, and Insurance and Reinsurance Services Providers shall not deal with any unlicensed Person Providing Insurance and reinsurance Services. A signed written agreement outlining the scope and relationship between the Company and Insurance and Reinsurance Services Providers is required.
2. Insurance and Reinsurance Services Providers and their employees shall not deal with an unlicensed Company, and they shall not prejudice other company’s products when providing insurance services to the consumers.
3. The Company or an Insurance and Reinsurance Services Providers shall have a valid contract with any Person they are dealing with.
Article Twenty
First: The Company shall appoint an Actuary that holds the designation of a Fellow, or seek the services of an actuary or an actuarial firm after obtaining a written permission from SAMA. The Company’s Actuary shall undertake the following duties:
1. Obtain all required information and particulars from the previous Actuary.
2. Examine the Company’s financial position.
3. Evaluate the Company’s ability to meet its future obligations.
4. Determine adequate risk retention level.
5. Price the Company’s insurance product.
6. Determine and approve the Company’s technical provisions.
7. Provide advice and recommendations related to the Company’s investment policy.
8. Any other actuarial recommendations.
Second: The Actuary shall be professionally liable for his/her advice and technical services provided to the Company, and shall upon the Company’s request, furnish the Company’s management with the following particulars and documents:
1. Sound actuarial information and statements about the company’s present and future financial position.
2. Annual report, within sixty days from the expiry date of the company’s fiscal year reflecting the adequacy of the Company’s technical provisions.
3. Annual report, within sixty days from the expiry date of the Company’s fiscal year reflecting the pricing adequacy of the insurance products.
4. Company’s investment returns analysis.
5. Insurance portfolio development analysis.
6. Cost Analysis
7. Report reflecting the adequacy of matching assets with liabilities.
8. Positive and adverse underwriting policy development status.
The Company shall ensure compliance with all required actuarial duties and reports. Otherwise, SAMA shall appoint an actuary at the company’s expense to undertake these actuarial duties.
Third: An external auditor shall review actuarial reports that present immediate or future risks facing the Company, and SAMA shall be provided with copies of these reports in a timely manner.
The Company’s Actuary shall, in the presence of immediate or future risks facing the Company, submit a report on an urgent basis directly to the company’s Board of Directors. The Board of Directors shall examine the report and recommend corrective actions, and forward all related information to SAMA within fifteen days from receiving the report.
Article Twenty-One
The Company that underwrites Protection/Savings insurance business class along with other classes of insurance shall comply with the following requirements:
■ Appoint a qualified risk manager for its Protection/Savings insurance class that is independent from the other classes of insurance business
■ Appoint a qualified reinsurance manager for its Protection/Savings insurance class that is independent from the other classes of insurance business.
■ Separate all investments and provisions for its Protection/Savings insurance business from the other classes of insurance business.
Article Twenty-Two
A Person shall not engage in more than one insurance or reinsurance related service without the written permission of SAMA.
Article Twenty-Three
An Insurance and Reinsurance Services Provider shall have a permanent office where all insurance related registers and documents used in their operations are kept, SAMA must be notified within thirty (30) days of any changes in the permanent office location. An exception is made for Actuaries and Advisors residing outside the Kingdom with written permission from SAMA.
Article Twenty-Four
Insurance Brokers and Agents shall provide sound advice to the insured and shall disclose all facts and risks associated with the insurance policy that will be issued by the Company.
Article Twenty-Five
Insurance Brokers and Agents shall provide the insured with adequate information regarding the insurance policy and that there must be no inducement or deception. The information provided must include the following as a minimum:
a. Limits of insurance coverages.
b. Policy exclusions.
c. Contribution or Premium amount (s).
d. Inception and expiration dates (policy period) of the policy.
e. Policy conditions.
f. Name of the Company issuing the insurance policy.
Article Twenty-Six
Insurance and/or Reinsurance Brokerages shall:
1. Disclose to the insured the commission and/or fees earned for the services provided.
2. offer to place reinsurance business with local reinsurance Companies’ before placement with a foreign reinsurer.
3. Not allow an insurance broker to combine insurance and reinsurance business activities to avoid conflict of interest that is harmful to the policyholder. Commissions and fees of insurance and reinsurance business shall be separated.
4. Serve the insured’s interests by striving to obtain the most appropriate available coverage and price.
5. Disclose to the insured in advance all benefits under the policy as compared to other similar policies in terms of coverages and prices.
Corporate Governance
Article Twenty-Seven
Fit and proper standards issued by SAMA shall be applied to the Company’s and Insurance and Reinsurance Services Provider’s Chairman, Board Members, Directors, and Senior Managers. Designated forms issued for this purpose shall be completed and approved by SAMA.
Article Twenty-Eight
1. The Company’s and Insurance and Reinsurance Services Provider’s Chairman, Board Members, and Senior Managers must be trustworthy and experienced in financial and insurance business to unable them to carry out their duties in the best possible way.
2. A Company’s board members shall not be a member of the board of directors of any other insurance and or reinsurance Company.
3. SAMA may object to the appointment of any of the Board Members, appointed executive managers of the company and of the Insurance and Reinsurance Services Provider.
Article Twenty-Nine
The Company shall not nominate a member to its board of directors or to a senior management position without the written approval of SAMA in the following circumstances:
1. A Person who had held similar position in a liquidated Company.
2. A Person who had been dismissed from a similar position in another Company.
Regulatory And Supervisory Procedures
Article Thirty
SAMA’s examiners or any person assigned by it shall have the right to conduct office and field examinations of all accounts, records, documents, and transactions related to the insurance affairs of the Company and the Insurance and Reinsurance Services Provider, and their employees shall provide all information, particulars, and documents required by the examiners.
Article Thirty-One
The Company and the Insurance and Reinsurance Services Provider shall cooperate fully with SAMA’s examiners, and particularly in the following:
1. Enabling SAMA’s inspectors to have access to the company’s registers, accounts, and other documents in order to carry out their examination;
2. Providing SAMA’s examiners with all available information and clarifications.
3. Revealing to SAMA’s examiners any irregularities or violations in the Company’s activities upon commencing their assignment;
4. The Company and the Insurance and Reinsurance Services Provider’s employees are prohibited from concealing or attempting to conceal any information or irregularities, and not replying to any clarifications sought by the examiners.
5. Carrying out the recommendations and instructions issued to the Company and to the Insurance and Reinsurance Services Provider as a result of the examination.
Article Thirty-Two
The Company and the Insurance and Reinsurance Services Provider shall comply with the working hours specified by SAMA at its head office and branches in the Kingdom.
Article Thirty-Three
The Company shall comply with the minimum and maximum limits as determined by SAMA for each class of insurance as well as insurance contributions and premiums.
Article Thirty-Four
1. The Company’s Board of Directors shall form an audit committee consisting of at least three and no more than five members. from nonexecutive managers and mostly nonmembers of the Board of Directors.
2. The Company shall:
a. Establish an internal audit department, which shall report directly to the audit committee. The officer in charge of this department must be a holder of a professional certificate in this discipline.
b. Establish a regulatory compliance department and appoint a regulatory compliance officer. This office shall verify compliance with all rules, regulations and directives. This office shall be directly affiliated to the audit committee and may contact directly SAMA and provide it with information according to the procedures that it specifies, and report to the internal audit department any indemnity or claim payments which violate the standard technical claim payments.
Article Thirty-Five
No Person shall:
1. Disclose any information obtained in the course of carrying out any work related to the implementation of any provisions of the Law and this Implementing Regulations except for official purposes.
2. Seek or obtain personal benefits by taking any action related to the implementation of the Law and this Implementing Regulations.
Article Thirty-six
The Company and the Insurance Brokerage shall pay the costs of inspection and supervision by paying SAMA the following:
1. The Company shall pay five per thousand (0.5%) of total underwritten premiums in a financial year excluding local market share of the reinsurance business.
2. The Insurance/Reinsurance Brokerage shall pay an amount representing one percent (1%) from the total commissions and fees earned within an accounting year.
Article Thirty-Seven
The Company and the Insurance and Reinsurance Services Provider shall set and implement written internal control procedures, the effectiveness of which 13 shall be valuated by the internal and external auditors shall issue and implement written internal audit procedures.
Article Thirty-Eight
1. The Company shall notify SAMA of the percentage of ownership of any Person who owns five percent (5%) or more of the Company through a quarterly report.
2. Any Person owning five percent (5%) or more of the Company’s shares shall notify SAMA in writing of their percentage ownership and any changes thereof within 5 working days of the date of occurrence of such event.
Article Thirty-Nine
1. SAMA’s written approval is required for any mergers, acquisitions, transfer of ownership, and opening new branches by any Company or Insurance and Reinsurance Services Provider.
2. A written notice to SAMA is required for any mergers and acquisitions between Companies. The written notice to SAMA shall provide the following information:
a. Initial agreement
b. Financial statements.
c. Agreed value:
d. Mode of payment; and
e. Method of valuation.
SAMA may reject the application if it finds that the value or the valuation method is not appropriate or if it deems that, this action is likely to adversely affect policyholders, the insurance sector and the economy in the Kingdom.
Article Forty
The Company shall:
1. Retain at least thirty percent (30%) of its total insurance premium.
2. Reinsure thirty percent (30%) of its total premium in the Kingdom.
3. SAMA’s written approval is required whereby if its difficult for the Company to comply with the above percentages or it wishes to retain a lesser percentage. SAMA may obligate the Company to reinsure or not reinsure part of its direct insurance business transacted in the Kingdom with a domestically or foreign registered reinsurance company in accordance with the insurance market and each Company’s financial position.
Article Forty-One
The Company shall, within one month from the end of each quarter, reconcile policy terms and total coverage issued to the insured with that available from the reinsurer and to take corrective action in case of any differences.
Article Forty-Two
1. A Company wishing to engage in reinsurance treaties outside the Kingdom shall ensure that the following criterions are met:
a. The foreign reinsurer is licensed and authorized to transact the kinds of insurance proposed in the Kingdom in its country of domicile.
b. The insurance supervisor of the foreign reinsurer must authorize the exchange of relevant information with SAMA.
c. The foreign reinsurer must maintain separate records and financial statements of all Saudi operation and be ready to provide SAMA with any related information upon request.
d. The Company shall provide SAMA with the reinsurer’s financial statements related to the most recent financial year.
e. The Company must provide SAMA with the latest regulatory or supervisory report issued by the foreign reinsurer’s supervisory authority.
2. The Company shall select a reinsurer, at a minimum, with an S&P Rating of BBB, or its equivalent rating from a recognized international rating organization. If the Company wishes to do business with a reinsurer that is not rated by any international organization or has a rating less than the minimum requirement mentioned above, the Company should obtain prior written approval of SAMA.
Article Forty Three
The Company shall set up a claims’ department with procedures for accepting policyholder’s claims, claims evaluation and processing. The Company shall maintain records pertaining to policyholder’s claims and classify them into paid, unpaid, and rejected claims. Each record shall include the following:
1. Insurance application and proposal, if available;
2. Copy of the insurance policy;
3. Policyholder’s claim’s information;
4. Adjusters and assessor’s report and any other documents pertaining to the claim and the direct reason leading to the covered loss;
5. Proportional indemnity share of any other insurance and reinsurance policies in effect.
6. Action taken by the Company and the status of the claim.
7. A power-of-attorney from the Insured to the Company to subrogate it in the following cases:
a. Third party Liability for the Loss.
b. Defending the insured in repudiate liability or in determining the indemnity amount.
8. Signed settlement agreement by a Person for a paid claim.
Article Forty-Four
The Company shall settle individual policyholder’s claims in a period not to exceed fifteen (15) days from the date of receiving all requested and necessary documentation related to the claim, another fifteen (15) day period shall be extended with a notification to the regulatory compliance officer with reason(s) of such extension. The Company shall settle commercial entities’ claims in a period not to exceed forty-five (45) days after receipt of all requested and necessary documentation including the report of the loss assessor who must be appointed by the company within one week from the loss notification’s date. If this period is exceeded, the regulatory compliance officer must be notified and provided with reason(s) for such delay.
Article Forty-Five
The Company and the Insurance and Reinsurance Services Provider shall respond to policyholder’s complaints within fifteen days. All complaints shall be entered into a registry that is designated for this purpose. All complaints in the registry must contain all necessary and material information. A semiannual report shall be prepared and forwarded to the Audit committee with all complaints referred or will be referred in the future for litigation purposes.
Article Forty-Six
The Company shall adhere to principles set forth in this article when pricing insurance policies:
1. Pricing shall be fair, reasonable and adequate;
2. Pricing shall be set in accordance with the Company’s underwriting guidelines with adequacy and appropriateness to the risks undertaken by the Company, and in accordance with appropriate technical reserves.
3. Providing SAMA with justifications and basis used in setting prices. These prices shall not be relied upon other Company’s pricing.
Article Forty-Seven
The Company shall evaluate the adequacy of its technical provisions on a quarterly basis. The minimum capital requirement shall be used to cover policyholders’ claims in the case whereby the technical reserves are deficient to meet the Company’s claims obligations. SAMA must be notified if such deficiencies exist.
Article Forty-Eight
The Company’s gross written premium shall not exceed Ten (10) times the paid capital and reserves without SAMA’s written approval.
Article Forty-Nine
No insurance policy shall be issued or renewed to any of the Company’s members of the Board of Directors, Senior and Executive Managers, and their related parties except after the payment of the full premium. Claims submitted for payment on their behalf shall be treated in accordance with procedures and rules set forth by the Company without any exception or preference. The Compliance Officer shall be notified of any related claims payment.
Article Fifty
The Company and the Insurance and Reinsurance Services Provider shall, within forty five (45) days from the end of each year, provide SAMA with the following particulars:
1. Report identifying the names of members of the Board of Directors, managing directors, general mangers, senior managers in all branches and affiliates and foreign representative offices, including the names and current positions and dates of appointment and the number of years of service in the company.
2. Report identifying the percentages of Saudi and non-Saudi employees on the Company, Branch, and departments levels including the managerial positions held by Saudis.
3. Any other particulars requested by SAMA.
Article Fifty-One
The Company shall adhere to minimum coverage issued and/or approved by SAMA for all classes of insurance. The insurance policy must specify all related coverage benefits. The Company must provide the technical and pricing basis for its insurance products. In respect of protection and savings insurance, such technical basis and pricing must be prepared and/or approved by an Actuary.
Article Fifty-two
The Insurance Policy shall be written in a clear way that can be read by the public at large, and shall contain the following:
1. The policy schedule must specify the following as a minimum:
a. Policy number, which must also be provided in all related document to this policy.
b. Policyholder’s name and mailing address.
c. Coverage period.
d. Coverage descriptions and limits.
e. Deductibles and Retentions.
f. Endorsements, Warranties, and Riders.
g. Conditions and Exclusion.
h. Insurance rates and premium amounts, basis of premium calculation and the amount of commission paid under the policy.
i. Identification of the property or activities to be insured.
2. The standard text of the policy shall contain the type of coverages, general terms, conditions, and exclusions.
3. Endorsements and riders shall indicate additional coverages, conditions, and exclusions not mentioned above and which are different from the main agreement.
4. The Company’s signature and seal shall be on the policy and its attachments.
Article Fifty-Three
1. The Company shall, before issuing an insurance policy, give the policyholder access to the terms, conditions and exclusions of the policy.
2. Upon acceptance of the insurance application, the Company shall issue the client a binder/cover note as a temporary insurance document until the policy is issued. The Binder shall reflect all insurance coverages provided by the policy for a period not exceeding thirty (30) days from the commencement of coverage.
3. An insurance policy shall be amended by virtue of a written request submitted by the policyholder followed by an addendum issued by the Company.
Article Fifty-Four
1. The Company shall not cancel a valid insurance policy except for conditions stated in the policy cancellation clause. In case of a cancellation of the policy, the company shall refund the premium on a pro-rata basis. The company shall afford the policyholder a minimum period of thirty days (30) before the effective date of cancellation by the company.
2. The policyholder may cancel the insurance policy and recover part of the paid premium, on a short rate basis, provided there are no unpaid or outstanding claims.
Article Fifty-Five
The basis of the information provided in the policy shall be the application submitted by the policyholder. When completing the insurance application, the following must be taken into consideration:
1. Insurable interest.
2. Providing all material facts related to the insurance policy.
3. Indemnification of the policyholder based on the insurance policy shall be the purpose of the insurance and/or reinsurance policy.
4. Insurance provided must not violate any rules, regulations, and directives.
Article Fifty-Six
The Company shall provide credible reasons for denying, canceling, and non-renewing insurance policies without discrimination and unfair treatment between policyholders, and shall not rely on decisions of other companies for its actions.
Article Fifty-Seven
The Company shall notify SAMA of all insurance related benefits and incentives schemes provided to its employees.
Statutory Deposit
Article Fifty-Eight
The statutory deposit shall be ten percent (10%) of the paid up capital. SAMA, where the risk profile of the Company’s business warrants it, shall increase this percentage to a maximum of fifteen percent (15%). The Company shall place the statutory deposit amount, within three (3) months period from the date of issuing the license, in a bank designated by SAMA. SAMA shall invest the statutory deposit and shall be entitled to its earnings.
Investment
Article Fifty-Nine
The Company shall:
1. Formulate a written investment policy, approved by the Board of Directors, which governs its investment operations and the methods of managing its investment portfolios.
2. The company shall invest 50% of its total invested assets in Saudi Riyals. SAMA’s written approval is required if the Company wishes to reduce this percentage.
Article Sixty
The Company shall have a written investment diversification policy taking into consideration all risks faced by the company and the environment that it operates under. The Company shall take the necessary measures to manage the following risks as a minimum:
1. Market risk.
2. Credit risk.
3. Interest rate risk.
4. Currency exchange risk.
5. Liquidity risk.
6. Operations risk.
7. Country risk.
8. Regulatory and legal risk.
9. Re-insurance risk.
10. Technology Risk.
Article Sixty-One
1. The Company shall, when formulating its investment policy, take into consideration that the maturity of its invested assets is in concurrence with its liabilities according to the issued policies. The Company shall provide SAMA with an investment policy inclusive of assets distribution. If such investment policy was not approved by SAMA, the Company shall adhere to the investment standards in Table (1), provided that investments outside the Kingdom shall not exceed 20% of the total investment and in accordance with Article 59 (2).
2. The Company shall take in consideration the investment concentration risks. Concentration in an investment instrument shall not exceed 50% in one investment instrument mentioned in table (1).
Article Sixty-Two
The Company shall not use financial instruments, such as derivatives and off-balance-sheet items, other than for efficient portfolio management and with SAMA’s written approval. The Company is permitted to invest in such instruments when these conditions are met:
1. Such derivatives must be listed on a financial exchange, are capable of being readily closed out, are based on underlying admissible assets and have a prescribed pricing basis.
2. The company has set aside assets that can be used to settle any obligations under these derivatives and set adequate provisions for any adverse changes on the derivatives and their coverage.
3. The counter party must be reputable and in an acceptable financial condition.
Asset Valuation and Solvency Margin
Article Sixty-Three
Whereby a Company conducts general insurance business and protection and saving insurance business, the assets of each class of insurance must be considered separately.
Article Sixty-Four
The Company shall not consider assets obtained from the issuance of bonds or from obtaining loans in its solvency margin calculations without SAMA’s written approval.
Article Sixty-Five
The Company’s shall value its assets for the purpose of calculating the solvency margin according to Table (2) provided that the following are observed:
1. Market value shall not be exceeded in the valuation process and all assets linked to the Investment part of the Protection and Savings insurance policy shall be excluded.
2. Maximum limit of 20% of the total assets value in any one-asset category.
Article Sixty-Six
1. The Company, in respect to its general and health insurance business, shall maintain a margin of solvency equivalent to the highest of the following three amounts:
a. Minimum Capital Requirement.
b. Premium Solvency Margin.
c. Claims Solvency Margin
As an exception to the preceding, Premium Solvency Margin, method shall be used to calculate the solvency margin for the first three years of the company’s registration.
2. Solvency Margin calculations:
First: Premium Solvency Margin:
a. Dividing gross premiums written into the categories set out in Table (3).
b. Deducting the outwards reinsurance relating to the gross premiums determined in (1) above, provided that in all cases the net premiums written is not less than 50% of gross premiums written.
c. Multiplying the net premiums written for each category by relevant factors set out in Table 3 and aggregating the result for each category to come out with the appropriate solvency margin.
Second: Claims Solvency Margin:
a. Dividing average gross claims incurred over the three most recent financial claims into categories set out in Table 4 of this Article.
b. Deducting the outwards reinsurance relating to the gross claims determined in (1) above, provided that in all cases the net claims amount is not less than 50% of gross claims amount.
c. Multiplying the net claims by (2) above for each category by the relevant factors set out in Table 4 and aggregating the result for each category to come out with the appropriate solvency margin.
Article Sixty Seven
The solvency margin for the Protection and Saving Insurance business shall be determined by taking the aggregate of the results arrived through the calculation described below:
1. Four percent (4%) of the technical provisions for the protection and saving direct insurance.
2. Three per thousand (3/1000) of the Capital at Risk for individual policies after the deduction of reinsurance cessions, provided that the reinsurance amount do not exceed 50% of the total Capital at Risk.
3. One per thousand (1/1000) of the Capital at Risk For group policies after the deduction of reinsurance cessions, provided that the reinsurance amount do not exceed 50% of the total Capital at Risk.
Article Sixty-Eight
1. The Company shall complete all forms related to the actual and required solvency margin calculations.
2. The Company shall maintain a solvency margin according to the standards specified, and implement the following measures when its solvency margin falls below the required margin (s):
a. The Company shall restore, in a period not exceeding the next financial quarter, its solvency margin when it falls between the ranges of 75% to 100% of the required solvency margin.
b. The Company shall restore its solvency margin when it falls between 50% and 75% of the required margin. The company shall apply measures stated in paragraph (a) of this Article. If the required solvency margin is not restored to its appropriate level for two consecutive financial quarters, the company shall formulate and provide SAMA with a corrective action plan to be taken and the period necessary to restore its solvency.
c. The Company shall restore its solvency margin when it falls between 25% and 50% of the required margin. The Company shall apply measures stated in paragraph (b) of this Article. If the required solvency margin is not restored to its appropriate level for two consecutive quarters, the company will be required by SAMA to take all or any of the following measures immediately:
1. Increase the Company’s capital.
2. Adjust insurance premiums
3. Reduce costs;
4. Stop underwriting business.
5. Assets liquidation.
6. Any other measures deemed appropriate by the Company and approved by SAMA.
d. SAMA shall appoint an advisor to provide consultation and advice to the company or issue a cease and desist order to the Company and recommend the withdrawal of it license if the solvency margin falls below 25% and/or the Company fails to act appropriately to rectify its financial situation.
Technical Provisions
Article Sixty-Nine
1. Technical provisions must be calculated in accordance with acceptable accounting standards, and approved by an actuary reflecting the company’s obligations, and shall include the following technical provisions as a minimum:
a) Unearned Premium Reserves
b) Unpaid Claim Reserves
c) Claims Expense Reserves.
d) Incurred but not reported Claims Reserves.
e) Unexpired Risk Reserves.
f) Catastrophe Risk Reserves.
g) General Expense Reserves.
h) Reserves related to protection and savings insurance, such as disability, old age, health, death, medical expenses…etc.
2. Reserves shall be calculated, as a minimum, in the following manner:
a. Unearned Premium Reserves shall represent the unearned portion of gross premiums at the time of valuation and shall be calculated according to the following:
1. Last three months for marine transport.
2. 365 days pro rata calculations for all other classes of insurance or 40% of gross premiums.
b. Unpaid and Expense Claims Reserves shall be determined as a total value of all outstanding claims and related expenses for each class of insurance business.
c. Incurred but not reported Claims Reserves shall be calculated from the total outstanding claims after deducting the reinsurance portion of claims proceeds and according to the following:
1. Fifteen percent (15%) of motor insurance, medical insurance, property insurance, engineering, energy and general accident insurance (excluding liability and personal injuries).
2. Twenty percent (20%) of liability and other insurance.
3. Twenty-five percent (25%) of reinsurance accepted from other insurance companies.
In case of non-compliance, SAMA shall be provided with actuarially justified methods to determine these reserves listed in this article.
d. Doubtful debt reserves shall be calculated as follow:
1. Ten percent (10%) of the total amounts due from reinsurers exceeding 180 days.
2. Fifteen percent (15%) of the total amounts due from the insured exceeding 90 days.
3. Twenty-five percent (25%) of the total amounts due from the insured exceeding 180 days.
4. Seventy-five percent (75%) of the total amounts of uncollected receivables exceeding 360 days.
5. One hundred percent (100%) of any disputed and uncollected receivables.
3. General reserves specified in view of the company’s experience.
Distribution Of Surplus
Article Seventy
1. The Company’s financial statements, at a minimum, shall consist of; statements of financial position for insurance operations and shareholders accounts, profit and loss statements for insurance operations, shareholders’ income statements, statement of shareholders’ equity, statements of cash flows for insurance operations and shareholders’ cash flow statement.
2. The following shall be regarded by the Company upon preparation of the statements of insurance operations:
a. Determine earned premiums, and income generated from reinsurance commissions, and other insurance operations revenues.
b. Determine the incurred indemnification.
c. At the end of each year, the total surplus representing the difference between (a) and (b), less any marketing, administrative expenses, the necessary technical provisions, and other general expenses related to the operation of insurance shall be specified.
d. Company’s net surplus shall be determined by adding or subtracting the investment return of the policyholder’s invested funds, and subtracting the general expenses related to the policyholder’s portion of the investment activities.
e. 10% of the net surplus shall be distributed to the policyholders directly, or in the form of reduction in premiums for the next year. The remaining 90% of the net surplus shall be transferred to the shareholders’ income statement.
f. The shareholder’s net income shall be transferred to the statement of shareholders’ equity.
g. Twenty percent (20%) of the net shareholders’ income shall be set aside as a statutory reserve until this reserve amounts to 100% of the paid capital, and
3. SAMA’s written approval must be obtained for policyholders’ net surplus distribution and timing.
Registers
Article Seventy-One
The Company shall maintain separate registers for each class of insurance as follows:
1. Policy Register: such register shall include the following particulars:
a. Policy number and issuance date.
b. Policy period (effective and expiration date)
c. Insured’s name and address.
d. Property or activity to be insured.
e. Type of risk.
f. Insurance premium.
g. Paid premium.
h. Endorsements, riders, warranties, and amendments made to the policy.
i. Other particulars deemed necessary by the Company.
2. Claims Register: such register shall include the following particulars:
a. Claims number and date reported.
b. Policy number and period of insurance.
c. Insured’s name.
d. Date and place of the loss and the type of claim.
e. Technical reserves estimated and any other changes.
f. Claims payments date and amount.
g. Closed claims and the reasons for such closure.
h. Unpaid (outstanding) claims.
i. Disputed claims and any action taken in respect thereof.
j. Subrogation recoveries, salvage return, or any other recoveries excluding reinsurance.
k. Other particulars deemed necessary by the Company.
3. Reinsurance Register: such register shall include the following particulars:
a. Reinsurance treaties and agreements given that; the period for each agreement and the changes made thereto shall be stated separately with the capacity and type of each agreement, the names and ceded percentage or amount for each reinsurer and the company’s retention percentage or amount for each class of insurance, and summary of all reinsurance agreements and other particulars deem necessary by the company.
b. Reinsurance ceding statements.
c. Claims register for reinsurance paid and outstanding claims.
4. The Company shall maintain an underwriting register for each class of insurance.
5. Insurance Professions Register: It shall include names of any Person engaged in insurance activities that the company is dealing with, their commercial registration, period of contacts, and the nature of the agreement and any other particulars deemed necessary by the Company.
Statements And Reports
Article Seventy-Two
The Company and the Insurance and Reinsurance Services Provider shall provide SAMA with all particulars and information in accordance with SAMA’s published guidelines to effectively conduct its supervisory duty.
Article Seventy-Three
1. The Company and the Insurance and Reinsurance Services Provider shall provide SAMA with financial statements audited by licensed certified public accountant in the Kingdom within 90 days from the end of the financial year of the company including as minimum income statement, financial position and cash flow statement.
2. The Company and the Insurance and Reinsurance Services Provider shall provide SAMA with the report of the certified public accountant and the financial statements within a maximum period of 60 days from the end of the financial year of the company for approval before publication.
3. The Company and the Insurance and Reinsurance Services Provider shall direct their auditors to submit to SAMA the management letter before publication of the financial statements.
Article Seventy-Four
Insurance Brokerage and Insurance Agency shall provide SAMA with the following particulars and information:
1. Semi-annual statement of all underwriting transactions and premium generated through their insurance and reinsurance business.
2. Detailed semi-annual statement reflecting the Company’s uncollected premium.
3. Semi-annual statement of earned commissions and fees.
Cease and Desist Orders
Article Seventy-Five
1. The Company and the Insurance and Reinsurance Services Provider shall submit in writing to SAMA its intentions to cease its insurance activities in any one class or classes of insurance in the Kingdom accompanied the following particulars:
a. Reasons for such cessation
b. Evidence that they have fully discharged their obligation toward their clients and policyholders, they have set aside adequate reserves to meet their obligations, and they have transferred all policies in force to another Company or Insurance and Reinsurance Services Provider.
c. The wording of the cessation notice before publishing in two of the local newspapers that shall state their intention to cease operations in one class or classes of insurance and that policyholder’s and interested parties shall file their objections to SAMA within a period not exceeding three months from the publishing date of the notice.
2. SAMA’s written approval shall be obtained before cessation of operations.
Article Seventy-Six
1. SAMA shall request the license withdrawal of the Company or the Insurance and Reinsurance Services Provider in the following cases:
a. No business activities for a period of six months from the issuance date of the license.
b. None compliance with the Law and this Implementing Regulations.
c. Providing SAMA with false information in its licensing application
d. Conducting its business and affairs in a manner that threatens to make it insolvent or that it is hazardous to its policyholders, stockholders, or the public.
e. Insolvency, or its assets are not sufficient for carrying on its business.
f. The business is fraudulently conducted.
g. The paid up capital falls below the prescribed minimum limit or failure to fulfill the provisions of Article 68.
h. The business or volume of activities falls to a limit that SAMA finds unviable to operate under.
i. Refusal or delay of payments due to beneficiaries without just cause.
j. Refusal to be examined or to produce its accounts, records, or files for examination by SAMA.
k. Failure to pay a final judgment against it related to its insurance operation.
2. In case of license withdrawal, the Company’s or the Insurance and Reinsurance Services Provider’s responsibility towards its policyholders shall be transferred to another licensed entity chosen by the beneficiaries with the approval of SAMA.
3. SAMAshall supervise all settlements related to existing insurance policies where a Company’s business activities and status fall under this Article.
Qualification and Training
Article Seventy-Seven
The Company and Insurance and Reinsurance Services Provider shall qualify their employees to undertake duties related to insurance work.
Article Seventy-Eight
SAMA shall set the minimum educational requirements related to the licensing and examination of a Person Providing Insurance and Reinsurance Services.
General Provisions
Article Seventy-Nine
The percentage of Saudi Employees shall not be less than 30% at the end of the first year, and this percentage shall increase annually according to a Saudization plan submitted to SAMA.
Article Eighty
The Company and Insurance and Reinsurance Services Provider’s advertising materials shall not contain any false, deceptive or misleading representations, whether they are related to price or their financial and economical position. They shall not include statements in their advertisement material that would appear to defame and cause prejudice to the interests, products and services of others.
Article Eighty-One
No Person shall introduce a pension plan, or a reciprocal exchange, or a Self-Insurance scheme without the prior written approval of SAMA.
Article Eighty-Two
The Governor shall issue all insurance related regulatory and supervisory instructions and procedures.
Article Eighty-Three
A technical Committee or Committees may be formed to improve the development of the insurance sector by a decision from the Governor.
Article Eighty-Four
This Implementing Regulations shall be effective from its publishing date in the official Gazette. SAMA shall review and recommend amendments thereof every three years or when such amendments are deemed necessary.
Table (1)
Investment Type Percentage for Protection and Savings Insurance Percentage for General Insurance Saudi Authorized Banks (minimum) 10% 20% Saudi Government Bonds (minimum) 10% 20% Saudi Riyals Denominated Investment Funds (maximum) 15% 10% Foreign Currency Denominated Investment Funds (maximum) 10% 10% Foreign Government’s Bonds (Zone A) (maximum) 5% 5% Bonds Issued By Domestic Companies (maximum) 5% 5% Bonds Issued By Foreign Companies (maximum) 5% 5% Equities (maximum) 15% 15% Real Estate in Saudi Arabia (maximum) 5% 0% Loans Secured by Real estate Mortgages (maximum) 5% 0% Loans Secured by Policies Issued by the Insurer (maximum) 5% 0% Other Investments (maximum) 15% 15% Table (2)
Type of Assets Admissible% Land and properties as evaluated by a qualified real estate agency by the end of the financial year as it relate to protection and savings insurance only. 5% Land and properties as evaluated by a qualified real estate agency by the end of the financial year as it relate to general insurance only. 0% Securities issued by one of the shareholding companies listed on a Saudi Stock Exchange. 5% Securities issued by one of the shareholding companies not listed on a Saudi Stock Exchange. 1% Saudi Government Development Bonds. (SGDB) 100% Government bonds issued by (A) rated countries. 100% Bonds issued by one financial institution. 5% Deposits with any one of the financial institutions licensed in the Kingdom. 10% Loans secured by policies of insurance issued by the insurer. 5% Rights under derivative contracts. 1% Reinsurance balances. 100% All debts due or to become due from individual other than those relating to loans secured by mortgages. 5% Cash in hand 1% Accrued interest and rent. 2.5% Cash in banks. 100% Other pre-payments and accrued income. 2.5% Deferred acquisition costs. 100% Prepaid expenses. 2.5% Premiums due within 90 days for general insurance companies. 100% Premiums due for protection and savings insurance companies. 100% Tangible assets (i.e. office furniture, equipment, vehicles, computers, etc, excluding rare art work). 2.5% Intangible assets (i.e. good will, incorporation expenses, registered mark, etc). 0% Personal loans or benefits for employees and managers. 0% Treasury stock’s. 0% Table (3)
Description Factor Health insurance 16% Motor insurance 20% Fire insurance 16% Transport Insurance (Liability) 30% Other Insurance Liability (Liability) 30% Engineering Insurance 30% Marine Insurance (vessels, goods) 30% Aviation Insurance 30% Energy Insurance 30% Other classes of insurance except protection and savings insurance 16% Facultative and treaty re-insurance for all other classes of insurance 30% Table (4)
Description Factor Health insurance 24% Motor insurance 25% Fire insurance 20% Transport Insurance (Liability) 35% Other Insurance Liability (Liability) 35% Engineering Insurance 30% Marine Insurance (vessels, goods) 30% Aviation Insurance 30% Energy Insurance 30% Other classes of insurance except protection and savings insurance 30% Facultative and treaty re-insurance for all other classes of insurance 30% Regulation of Reinsurance Activities
Part 1: Introduction
Purpose
1. This Code presents the general principles and standards that should be met by insurance and reinsurance companies, including branches of foreign insurance and reinsurance companies, and insurance related service providers with regard to their reinsurance practices.
2. The objective of This Code is to promote high standards of reinsurance practices within the insurance industry in accordance with the best international practices.
3. This Code must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations.
Definitions
4. The term “Companies” in This Code is intended to include: insurance and reinsurance companies and insurance related service providers including insurance and reinsurance brokerages. The rest of the terms used in This Code shall have the same meaning as per article one (1) of the Implementing Regulations.
5. The term “Related Company” in this code means: a company (or one of several companies that SAMA may consider to be acting in concert) holding a shareholding of 10% or more of the equity of the licensed insurer, or a company in which the licensed insurer (either alone or with other companies that SAMA may consider to be acting in concert) holds a shareholding of 10% or more.
Scope
6. This Code applies to insurance and reinsurance companies, and insurance related service providers including insurance and reinsurance brokerages.
Compliance Measures
7. Companies must establish appropriate internal controls and procedures to ensure and monitor compliance with This Code, including the compliance of all contracted parties.
8. Companies must maintain adequate records to demonstrate compliance with This Code, including but not limited to, reinsurance strategy, reinsurance transaction records, scenario testing reports, and financial implications report.
Part 2: General Requirements
Reinsurance Strategy
9. The Boards of Directors of insurance and reinsurance companies must supervise the definition of the reinsurance strategy, to be approved, documented and implemented within 3 months of the company’s authorization.
10. The reinsurance strategy must be submitted to SAMA to obtain SAMA's no objection on it. It must be updated at least annually and submitted to SAMA by April 30th each year.
11. The company’s reinsurance strategy should include:
a) Statement of the per risk retention for each risk type on each product.
b) Statement of the per event retention for each risk type on each product .
c) Description of the treatment of known accumulations, where relevant, for each risk type on each product.
d) Description of the treatment of unknown accumulations, where relevant, for each risk type on each product.
For each product, a statement of whether the risk exposure will be protected by treaty reinsurance, facultative reinsurance, both, or neither should be made.
Internal Control
12. The reinsurance strategy must set a well-defined control structure to monitor the company's reinsurance arrangements and report its performance.
The monitor and review functions must, at minimum, cover the following:
a) The identification and recording of polices underwritten, to which reinsurance is attached.
b) The identification of dates when an obligation to pay reinsurance premium arises.
c) The identification of cases where a company has suffered from a loss under a policy against which a reinsurance recovery can be made.
d) The time management of payments to, and collection from, reinsurance counterparties.
e) The credit standing and capacity of reinsurance counterparties to meet obligations.
f) The concentration of reinsurance programs with reinsurance counterparties, which would create large exposure.
g) The impact of adverse trends in estimated insurance liabilities on reinsurance and implications for the capacity of the insurer to meet its current/ future policyholders claims.
h) Follow up on the developments in these areas.
Reinsurance Treaties
13. Reinsurance treaties must be submitted to SAMA to obtain SAMA's no objection as per Article 18 of the Implementing Regulations.
The submission of copies to SAMA should be made within two month of the renewal date.
SAMA must be notified within 7 days in case of cancellation or termination of any reinsurance treaty for any reason.
Reinsurance Officer
14. The company must appoint a reinsurance officer. The reinsurance officer must be notified to the Board of Directors and to SAMA. The role of the reinsurance officer should not conflict or overlap with any other role within the company’s organization.
The reinsurance officer shall be responsible for:
a) The updating of the reinsurance strategy.
b) The handling of the reinsurance registers required by the Implementing Regulations.
c) All facultative reinsurance ceded records, and submission of a quarterly report to the Board of Directors and to SAMA on the facultative reinsurance ceded.
d) Follow up on any developments regarding his role.
If, in any way the company does not comply with its written reinsurance strategy, the reinsurance officer should report the compliance failure to the compliance officer, who in turn must inform the internal audit and the audit committee. All non-compliance must be notified to the Board of Directors and to SAMA.
If the company is licensed to write protection and savings insurance, it must appoint a separate reinsurance officer for this business as per Article 21 of the Implementing Regulations.
Reinsurance officers must possess adequate experience in reinsurance arrangements.
Product Approval
15. All products approved by SAMA are subject to satisfactory reinsurance arrangements being in place to protect the insurer and its policyholders. If, in the opinion of SAMA, the licensed insurer does not have adequate reinsurance protections in place, then product approvals granted may be withdrawn.
Part 3: Reinsurance Principles
Ratings
16. All local and foreign reinsurers used by the company must have any of the following minimum ratings:
a) A.M. Best Company: B+; or
b) Fitch Ratings: BBB; or
c) Moody's Investors Service: Baa; or
d) Standard & Poor's Corporation: BBB
Accepted ratings should fall under the following criteria:
a) The rating must be based on full information (i.e., ratings based on publicly available information only will not be accepted).
b) Written approval from SAMA must be obtained if the reinsurer is located in a country with a sovereign debt rating from Standard & Poor of less than "BBB" or an equivalent rating from one of the above listed rating companies, or a country that is not rated.
If the rating of an adopted reinsurer falls below the required rating, the insurance company using that reinsurer must notify SAMA immediately and take necessary actions to protect policyholders.
Insurance Policies
17. Policy terms and conditions on insurance policies provided by the licensed insurance company must be no wider than those on its relevant reinsurance arrangements. Any exclusion on the reinsurance treaties must be taken into account in the policy terms and conditions provided by the company. As per Article 41 of the Implementing Regulations, a report on any discrepancies must be submitted to SAMA within one month of the end of each quarter.
Financial Implications
18. The financial implications of the components of a reinsurance treaty noted below should be analyzed. A report on the implications should be submitted to the Board of Directors and to SAMA. This report should include:
a) Profit sharing mechanism or variable commissions.
b) Loss sharing mechanism.
c) Any caps on the reinsurers' total exposure under the treaty.
d) Any caps on the reinsurers' exposure to single events, incidents or claims causes.
e) Any swing rates where reinsurance premium are adjusted based on the results of the reinsurance.
f) The possible impacts of reinstatements or annual aggregates on excess of loss treaties.
19. No forms of finite reinsurance may be carried out.
20. Reinsurance must be of risk only. No investments held under protection & savings contracts may be reinsured.
Per Risk Retention
21. Per risk retentions should be set in line with generally accepted insurance principles.
The per risk retention for each product should be set taking into account:
a) The pricing expertise of the company.
b) The anticipated premium volumes.
c) Correlations with other insurance risks accepted.
d) Treatment of known and unknown accumulations.
e) Per event exposures.
The business model adopted by the licensed insurer may also affect the per risk retention selected. For instance, if greater profit sharing with policyholders is put in place, a lower per risk retention may be considered suitable.
The form of the reinsurance arrangement may affect the level of the retention. For instance, a per risk retention under a quota share arrangement may be higher than that under an excess of loss.
The expected volatility of the company’s results under its business plan should be taken into account. If the company believes that there is a material chance that its loss ratio will fall outside its range of business plan results, then it should present a report setting out the expected range of results to its shareholders, Board of Directors, and SAMA.
Per Event Retention and Scenario Testing
22. For each risk on each approved product, the company should consider the impact of multiple claims arising from a single event.
Per event retentions should be set for each risk type. The annual probability of the per event retention being exceeded should be set at one half of one percent.
The company must produce an annual scenario testing report for their Board of Directors and SAMA. These scenarios will be standardized and set by SAMA each year. If the company is not sufficiently resilient to the defined scenarios, it will be required to take appropriate actions to mitigate the risks faced.
If a company has a proportional reinsurance treaty in place that imposes limits on the protection provided in the event of a natural catastrophe, then the amount of risk accepted by the licensed insurer should be strictly limited. The company should make a proposal to SAMA showing how it will limit and control the risks accepted under the treaty. Further restrictions may be imposed by SAMA.
The scenarios to be tested will include, but will not necessarily be restricted to, the following:
a) An earthquake or flood affecting the Red Sea/Arabian Gulf.
b) A large scale terrorist attack, or war.
c) A widespread epidemic or pandemic.
d) A Hurricane in the Red Sea/ Arabian Gulf.
e) Large drops in asset values particularly property and equities.
f) The impact of any severe unexpected change in currency exchange rates
g) Motor accidents involving multiple fatalities.
h) Serious Transport accidents.
Placing of Facultative Reinsurance
23. It is anticipated that most reinsurance will be placed into treaties in line with best international practice.
Facultative reinsurance may be placed when the size of the risk exceeds the capacity of the company’s treaty, or where no treaty is in place.
The company should seek SAMA's no objection if it wishes to write a risk that exceeds the capacity of its relevant treaty by more than 3 times.
The company may use facultative reinsurance subject to the premium charged being fully compliant with Article 46 of the Implementing Regulations if it accepts a risk that cannot be placed in its proportional reinsurance treaty due to the premium rates not being acceptable to its treaty reinsurers. For all policies written in this basis it must then:
a) Produce a formal report setting out the pricing basis adopted, and showing that it is compliant with Article 46 of the Implementing Regulations.
b) Within one month of the end of each quarter, provide to the Board of Directors and SAMA full copies of all pricing reports for all risks that are not acceptable under the insurer’s proportional treaties.
A licensed broker may not approach the facultative reinsurance market either inside or outside the Kingdom without written instructions and agreement of commission levels with the primary insurer.
The insurer may only allow the same broker to be used to place the reinsurance as well as the primary insurance, if full commission disclosure is made to the client of all direct and reinsurance commissions earned. The company must obtain a copy of a statement signed by the client expressing full awareness of all commissions earned by the broker before proceeding to write the insurance.
If a broker wishes to place facultative reinsurance on a risk where it has placed the direct insurance then it must at minimum:
a) Document why it does not believe there is any conflict of interest.
b) Provide full commission disclosure to its client.
c) Justify the use of facultative reinsurance rather than coinsurance.
If a Broker wishes to place both Insurance and Reinsurance on the same risk, this introduces some conflict of interest that cannot be entirely avoided. The minimum Professional Indemnity cover required under Article 9 of the Implementing Regulations must be increased to SR 12 million for any broker that wishes to place both insurance and reinsurance on the same risk.
Risk Management and Other Reinsurance Processes
24. A reinsurance claims register in accordance with Article 71, section 3c) of the Implementing Regulations should be in place to ensure that reinsurance recoveries are identified and appropriately recorded on a timely basis.
A reinsurance documentation register must be maintained in accordance with Article 71 item 3a) of the Implementing Regulations. This should include reinsurance agreements given the following:
a) The period for each agreement and the changes made thereto shall be stated separately with the capacity and type of each agreement.
b) The names and ceded percentage or amount for each reinsurers and the company’s retention percentage or amount for each class of insurance.
c) Summary of all reinsurance agreements and other particulars deemed necessary by the company.
A reinsurance accounts register shall be maintained in accordance with Article 71 section 3b) of the Implementing Regulations. It should contain all ceding statements to reinsurers.
Procedures should be in place to allow management to evaluate and monitor the application (and hence the effect) of the reinsurance program to the gross provision for claims outstanding (including claims incurred but not reported).
Appropriate systems should be in place to evaluate and monitor the company's credit risk exposure to individual reinsurers.
Management should update the provision for reinsurance bad and doubtful debts on a regular basis in accordance with Article 69 of the Implementing Regulations.
Further detailed recommendations on risk management and governance and their interrelationship with reinsurance will be issued in separate regulatory guidance notes.
Accounting for Reinsurance
25. All proportional reinsurance premiums must be accounted in line with the corresponding direct insurance premiums.
All fixed proportional reinsurance commissions must be earned in line with the corresponding reinsurance premiums.
Any variable reinsurance commissions, or other profit sharing mechanisms, on proportional treaties should be accrued during the year taking into account the expected gross results, allowing fully for claims reserves including IBNRs.
Any reinsurance treaties which include “swing rates”, where the reinsurance premium is adjusted based on the experience under the treaty, should accrue the reinsurance premium based on the expected ultimate results allowing fully for claims reserves including IBNRs.
Acceptance of Reinsurance by a Licensed Reinsurer
26. A company accepting a facultative reinsurance risk should, at minimum, ensure that:
a) It is authorized by SAMA to write inwards reinsurance.
b) Where the original product being reinsured is written in Saudi Arabia, that product has been approved by SAMA for sale in Saudi Arabia.
c) It is approved to write similar products by SAMA, unless it is licensed to accept reinsurance risks only.
d) It is able to place the risk accepted within its own reinsurance treaties if its retention is exceeded.
e) Any catastrophe protections on its net retention will cover the risk accepted.
f) It has some mechanism in place to protect it from any claims excluded under its treaty if any exclusions on its treaty are not present in the terms and conditions of the original policy that is to be reinsured.
g) For any risks from outside Saudi Arabia, where the risk is not written by a related company, the reinsurer must have an explicit no objection from SAMA to accept risks from that country.
h) For any risks which are written by a related company, full details of the original insurance and the facultative reinsurance must be referred to SAMA for individual no objection.
27. Treaty reinsurance could be written if the authorization granted to the company by SAMA includes writing reinsurance only.
Non-Compliance
28. Non-compliance with the requirements set forth in This Code will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and licensing conditions and will subject companies to enforcement action.
Insurance Market Code of Conduct Regulation
Part 1: Introduction
Purpose
1. This Code presents the general principles and minimum standards that should be met by insurance and reinsurance companies, including branches of foreign insurance and reinsurance companies, and insurance related service providers in their dealings with their existing and potential customers.
2. The objective of This Code is to promote high standards of business conduct within the insurance industry.
3. This Code must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations, in particular articles 12, 15, 16, 19, 22, 24, 25, 26, 37, 43, 44, 45, 46, 49, 51, 52, 53, 54, 55, 56, 71, 77, 78, and 80.
Definitions
4. The term “Companies” in This Code is intended to include: insurance companies, and insurance related service providers including insurance brokerages, insurance agencies, insurance claims settlement specialists, loss assessors (loss adjusters), and insurance advisors. The rest of the terms used in This Code shall have the same meaning as per article one (1) of the Implementing Regulations.
Scope and Exemptions
5. This Code applies to insurance and reinsurance companies, and insurance related service providers including insurance brokerages, insurance agencies, insurance claims settlement specialists, loss assessors (loss adjusters), and insurance advisors.
6. Reinsurance activities are exempted from the provisions of This Code.
Compliance Measures
7. Companies must establish appropriate internal controls and procedures to ensure and monitor compliance with This Code, including the compliance of all contracted parties, in particular when there is clear evidence of a breach in the market conduct regulation.
8. Companies must maintain adequate records to demonstrate compliance with This Code, including but not limited to, reasons for early termination or non-renewal of insurance policies, claims records and complaints records for a minimum period of ten (10) years.
Supervision of Other Contracted Companies
Non-Compliance
9. Non-compliance with the requirements set forth in This Code will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and the licensing conditions and may subject the companies to enforcement action.
Structure of This Code
10. The market conduct requirements are outlined in Parts 2 and 3 of this Code:
a) Part 2 – General Requirements, which are principle-based.
b) Part 3 – Market Conduct Standards, which stipulate the companies’ minimum conduct requirements across the customer relationship lifecycle, which includes pre-sale, sale, and post-sale conduct guidelines.
Part 2: General Requirements
Integrity
11. Companies must act in an honest, transparent and fair manner, and fulfill all of their obligations to customers, which they have under the laws, regulations, and SAMA guidelines. Where these obligations have not been fully codified, companies may follow internationally accepted best practices.
Skill, Care, and Diligence
12. Companies must act within their area of competence in dealing with customers. For this purpose, competence is acquired through training, experience, and working with experts in the field. Also, it is the duty of each company to keep their, and their employees’ skills and knowledge of the insurance business up-to-date and be informed of the products and services offered by the company, or companies, they represent and the intended use of these products and services.
Non-Discrimination
13. Companies should not unfairly discriminate between customers; treatment should not differ based on customer (exiting or potential) race or gender. Companies must provide credible reasons for denying, canceling, and not renewing insurance policies. Furthermore, these reasons should be detailed in the customer’s file and be made available to SAMA upon request.
Adequate Resources
14. Companies must take reasonable care in maintaining adequate managerial, financial, operational, and human resources to carry out their business and serve their customers.
Disclosure Information to Customers
15. Companies must communicate all relevant information to customers in a timely manner to enable them to make informed decisions.
16. Companies must take reasonable measures to ensure the accuracy and clarity of the information provided to customers and make such information available in writing.
Data Protection
17. Companies must, at all times, ensure that customer personal data is protected. This means that the data:
a) Must be obtained and used only for specified and lawful purposes.
b) Must be kept by the company in the Kingdom.
c) Must be kept secure (e.g., original hard copies or scanned copy of the original hard copies saved in electronic files) and up to date for a period of ten (10) years.
d) Must be provided to the customer upon his written request.
e) Must not be disclosed to any third party, without prior authorization from SAMA, other than the companies’ auditors, actuaries, reinsurers, and co-insurers.
When dealing with a third party (e.g., outsourcing), the company must set up data confidentiality agreements with the third party before initiating the business relationship.
Security of Customer’ Assets
18. Companies must ensure the security of customers’ assets held on their behalf. Any premiums collected by the broker or agent must either be placed in a separate bank account (the premium account) that has been established for that purpose, or passed directly to the insurance company as is required under the contractual arrangement with the insurance company. The only payments that can be deducted from the premium account are:
a) Premium payments to an insurance company.
b) Commission payments where the insurance company authorizes the broker or agent to make premium payments net of commission.
The premium account must not be treated as the property of the broker or agent in any sense. In particular, it must not be used as security for any loan, and it must be clearly beyond the reach of the broker or agent’s creditors.
Conflict of Interest
19. Companies should take reasonable measures to identify and address conflicts of interest to ensure fair treatment to all customers. Where conflicts of interest arise, the companies must disclose such conflicts to the customer and must not unfairly place its interests above those of its customer.
Contracting Service Providers
20. Companies that use the services of other parties, including other companies, must have a contract in place setting out the terms and conditions for the provision of services, the rights and responsibilities of each party and the extent of the liability that each party has to the other, on a case by case basis.
Part 3: Market Conduct Standards
Section A: Policy Forms and Rates
Policy Wording and Packaging
21. The wording of the insurance policy application and contract forms must adhere, at a minimum, to the following:
a) Written in Arabic and be made available in English upon customer request.
b) Use simple language and sentence structure, when possible.
c) Printed in clear, readable text, with no fine print.
22. The printed insurance policy application and contract forms must adhere to requirements set in article 52 of the Implementing Regulations, and include:
a) A disclosure statement indicating that the policy contract is the entire contract.
b) A description of the insured’s duties after a loss has been incurred.
c) A description of the claims handling and dispute handling procedures as well as the documentation required for each.
d) Any other written endorsements, supplements, or documents.
Policy Amendments
23. An insurance policy contract shall be amended only after a written and signed request submitted by the policyholder by mail or fax, and to which the insurance company agrees followed by an endorsement issued by the insurance company to the policyholder.
24. For spelling mistakes and changes in the regulations, the policy contract can be modified without a written request as long as the customer is notified in writing.
Policy Cancellation
25. Companies should include cancellation terms that are fair to customers and are reasonable and appropriate with regard to the product. The cancellation conditions must be clearly stated in the policy contract, including:
a) Conditions permitting the insurance company to cancel the policy.
b) Conditions permitting the policyholder to cancel the policy.
c) Cancellation notice requirements, including notice period. In any case, excluding emergency cases such as war, riots, strikes, and terrorist attacks, the policyholder should be afforded a minimum period of thirty (30) days before the effective date of cancellation by the companies (as per article 54 of the Implementing Regulations).
d) A description of the refund of premium due to the policyholder on cancellation of the policy and when it would be payable.
e) For Protection and Savings insurance, in addition to (d) above, a description and illustration of the cash surrender value, if applicable, for each year of the plan.
“Free Look” Clause (Protection & Savings Insurance Products)
26. Every policy for protection and savings insurance should provide at least a twenty-one (21) day Free Look period from the date of delivery of the insurance contract for the policyholder to review the contract to assess its suitability and whether it provides the benefits described by the agent or broker. The policy will be deemed to be fully in force and this provision will be deemed to be waived by the policyholder, if the policyholder does not inform the insurance company within the period that the policy will be returned. If the policyholder deems the policy unsuitable, the insurance company must be notified in writing within the Free Look period and a refund of premiums paid to the customer subject only to the following:
a) Deduction of the expenses incurred by the insurance company on medical examination of the customer.
b) Deduction of a proportionate risk premium for the period of cover.
c) In respect of a unit linked plan, the insurance company shall also be entitled to make an appropriate adjustment to take account of changes in the unit price.
Pricing
27. Companies must apply the pricing structure submitted to and approved by SAMA as part of the product approval application.
Section B: Advertising and Promotion
Honest Representation
28. Companies must not communicate any statements or advertising, directly or indirectly, that are inaccurate, misleading, exaggerated, or deceptive, including but not limited to information on:
a) Name of the company issuing the insurance policy.
b) Financial status of the insurance company issuing the policy.
c) Coverage of the policy.
d) Benefits or advantages promised by the policy.
e) If the advertising includes the policy pricing, then it should indicate whether the price is inclusive of all fees.
Defamatory Statements
29. Companies should not include in their advertising any false, defamatory, or negative statements on other companies.
Section C: Pre-sale Customer Contact
Information about the Companies’ Offering
30. Companies must disclose, at a minimum, the following information to each customer prior to accepting an application for an insurance contract:
a) Whether they are an insurance company, or are acting on behalf of an insurance company, or acting on behalf of the customer.
b) Any financial relationship between a broker and the insurance company other than the normal commission agreements. In particular if there is any cross-ownership, or both parties have owners in common, the customer should be informed.
c) The nature and range of products and services they can provide.
Customer Needs Assessment
31. Companies must seek information from customers as might reasonably be expected to assess their insurance needs in relation to the products and services in which they indicated an interest. Companies are not required to determine customers’ insurance needs beyond the specific products and services in which customers have indicated an interest, except with regard to protection and savings contracts (see article 38 below).
32. Customers should be informed of their duty to disclose relevant and accurate information at every stage of the business relationship (e.g., applications, renewal, claim requests, etc.).
Advice to Customers
33. Companies must ensure that the advice given to clients adequately meets their needs.
34. Companies must provide sufficient information to enable customers to make informed decisions when purchasing insurance products and services, including:
a) An explanation of how the proposed advice meets their needs.
b) If different options are identified, the difference in the benefits, coverage, and costs of such options.
Avoidance of Churning
35. Companies should not advise a customer to replace an existing protection and savings policy with a new one, unless it fully justifies the recommendation and makes it clear that a second set of initial charges will be incurred, and the agent or broker will earn initial commissions on the new product.
Quotations to be Obtained from More than One Insurance Company
36. Insurance brokers must make reasonable efforts to obtain quotations from several insurance companies, and indicate the reasons for recommending any particular insurance company. For contracts other than protection and savings, if the insurance company recommended by the broker has not provided the cheapest quotation, the broker must provide details of the cheapest quotation to the customer, and a full justification for his recommendation. The justification should include a comparison of the terms and conditions, as well as the clarification of the difference in coverage and compensation offered by each insurance company, and if the broker would earn more commission on the recommended contract this must be explained to the customer.
Section D: Sale of Insurance Products and Services
Disclosure to Customers
37. Prior to accepting an application for an insurance policy, the companies must provide customers, upon their request, with the key terms and conditions of the product and service to be purchased, including but not limited to:
a) The name of the insurance company underwriting the policy.
b) Benefits, exclusions, and deductibles.
c) The coverage period.
d) All related costs, including premiums and any other fees.
e) The terms of payment covering the periodicity of payment, grace period, implications of discontinuing the premium and any other related details.
f) The claims handling procedure.
g) The complaints handling procedures.
h) The obligations of each party under the insurance policy.
i) The cancellation rights and conditions.
j) The renewal date and contract clauses to be renegotiated (if any).
k) The requirements for carrying out policy alterations.
l) Any aspect of the policy where the insurance company has the right to change something once cover has commenced such as benefit charges and policy fees on protection and savings business.
m) Any unusual restriction or condition attaching to the customer.
n) The postal address, telephone, fax and email contact details of the insurance company.
38. In addition to the above, companies must provide the following information with regard to protection and savings insurance products:
a) Whether the plan is participating, non-participating or an investment linked plan.
b) In case of participating, the basis of participation in profits i.e., cash bonus, deferred bonus, reversionary bonus, terminal bonus etc.
c) Plan illustration providing the sum insured, surrender value and paid-up value over the term of the plan. The illustration should show these values at the end of each of the first five (5) policy years, five (5) yearly thereafter, and at maturity date if appropriate or up to age eighty-five (85) if not.
d) If benefits are not fully guaranteed, the customer should be provided with three illustrations with gross investment return rates of 3%, 5% and 7% p.a.
e) The extent of any investment or expense guarantees. It should be clearly stated that values shown are for illustrative purposes only unless the investment and expense charges are fully guaranteed.
f) For non-linked plans, where applicable, a breakdown of the premiums and charges by main cover, supplementary cover and any other cover or services provided.
g) When presenting information related to past performance, the basis on which the performance was calculated together with a statement that past performance is not indicative of future performance.
h) If the policyholders’ funds may be invested in a range of linked investment funds, a description of the investment funds, which should include, at a minimum:
1. A description of the asset classes the fund may invest in.
2. A risk or volatility rating for each fund.
3. If the fund is measured against a benchmark, details of that benchmark.
4. Geographical spread of the investments.
5. A statement of any concentration of investments into particular types of investments.
6. The currency that the fund is priced in.
7. The frequency that the fund is priced.
8. The name of the fund manager, if the fund is external to the insurance company.
9. Past performance of the fund, subject to the same comments as stated in (g) above.
39. Companies selling protection and savings contracts should complete a client fact find containing sufficient information to fully back-up the product recommendation made. The fact find must be signed by the client, and retained on the clients file. In the event of any dispute over the appropriateness of the contract sold, the contents of the fact find will be taken fully into account. If the fact find is not on the file, or is poorly or partially completed, this is likely to lead to the dispute being resolved in favor of the client.
40. Insurance service providers arranging the insurance contact must disclose to the customer at the point of sale the full commissions and/or fees earned for the services provided from all sources.
41. Insurance cover may not be back-dated on any compulsory insurance product.
No insurance company, or employee of an insurance company may provide evidence of cover on a product unless the customer has committed to taking out a full annual policy that complies with the minimum standards set for that policy.
Customer Obligations
42. Prior to entering into an insurance contract, the companies must inform customers of their key obligations under the insurance contract to pay premiums in a timely manner and to provide full and honest disclosure of all relevant information needed to determine the insurance needs and underwrite the risk. The customer should only be expected to advise the companies of information that a reasonable person would regard to be relevant.
Confirmation of Coverage
43. Upon entering into an insurance contract, companies must promptly provide customers with official written confirmation of the insurance coverage. In case the full documentation is not available, the companies must issue temporary evidence of coverage confirmation, which can be legally used as a proof of coverage.
44. When an application for a compulsory insurance product such as motor or health is taken with a premium payment, a receipt should be provided to the customer indicating that coverage commences at an agreed upon date on or after the application date.
45. When an application for insurance is taken without a premium payment, a receipt should be provided to the customer indicating that coverage will commence at the date stated in the policy provided the first premium has been paid by that date. If the premium is not paid by the commencement date stated in the policy, then the company must have received a written and binding commitment from either the applicant or the agent or broker to pay the premium, in order for the company to initiate cover.
Documentation
46. Companies must promptly provide the full policy documentation to customers after entering into an insurance contract.
Related Parties
47. No insurance policy shall be issued or renewed by an insurance company to any of its owners or members of the Board of Directors, Senior and Executive Managers, and their related parties except after the payment of the full premium (as per article 49 of the Implementing Regulations). Related parties shall be taken to mean close family members, wives, husbands, children, parents, brothers, sisters, and any establishment in which any member of the Board of Directors has more than 5% interest.
Premium Collection
48. Companies must not collect premiums or fees for transactions that are not in the process of being provided or have not yet been provided.
49. Insurance companies are considered to have received the premiums once the premiums are received by the agents.
Section E: Post-sale Customer Servicing
After-Sale Service
50. Companies must provide after sales services to customers in a timely and appropriate manner, including responding to their inquiries, administrative requests, and requests for amending the insurance policies. In particular, companies must:
a) Provide certificates of coverage when requested by the customer.
b) Provide written confirmation of any amendments to the policy and any additional amounts due.
c) Issue receipts for any amounts received, unless payment is made by credit card or other form of automated bank transfer when the bank records will suffice.
d) Issue refunds or other charges due to customers.
51. Companies must promptly notify customers of any changes in the disclosures or conditions made to the customers at the time of entering into the insurance contract. This includes changes in the companies’ contact details and changes in the claims filing procedure.
Claims Handling
52. For companies whose licensed activities includes claims handling, they must:
a) Respond to claims filing in a prompt manner.
b) Provide claims forms showing all the information or steps required by the customer (including the beneficiary under a protection and savings policy) to file the claim.
c) Acknowledge to the insured customer the receipt of the claim and any missing information and documents within seven (7) calendar days from receiving the claim’s application form.
d) Provide adequate guidance to the insured customer in filing the claim and information on the claims handling process.
e) Inform insured customers of the progress of filed claims, at least every fifteen (15) working days (as per article 44 of the Implementing Regulations).
f) Handle claims in a fair manner.
g) Appoint a claims or loss adjuster when necessary, and notify the customer of such an appointment within three (3) working days.
h) Conduct a reasonable investigation of claims within a time period not exceeding ten (10) days for individual policyholders and thirty (30) days for commercial entities.
i) Notify the customer in writing of the claim acceptance or refusal promptly after completing the investigation, stating the following:
1. For accepted claims (full or partial acceptance):
- Settlement amount.
- How the settlement amount was reached.
- Justification if reduced settlement is offered or any part of the claim is not accepted.
2. For denied claims:
- Written reason for denying the claim under question.
- Copies of documents or information that were used in reaching the decision, if requested.
j) Explain the appeal or complaints process, if the settlement is not accepted by the customer.
k) For accepted claims, forward the claims settlement payment without undue delay upon receiving all required information and documentation (as per article 44 of the Implementing Regulations).
Claims Settlement
53. Insurance companies must settle claims within the time period indicated in article 44 of the Implementing Regulations, and when that is not possible, provide an explanation, with reason(s) for such delay.
Credit Control
54. Companies may not provide excessive credit to customers. Full payment terms must be agreed in writing at the outset of the policy, and the insurance company is allowed to cancel a policy promptly if payments are not made on time. In all cases, the company should promptly cancel a policy, after appropriate warnings, and thirty (30) days notice, if payments are not made. Premiums must be paid separately from, and may not be offset from, claims payments.
Complaints Handling
55. Companies must put in place a fair, transparent, and accessible complaints handling process and controls, and inform customers of the complaints filing procedures.
56. Upon receiving a complaint, companies must carryout the following:
a) Acknowledge the receipt of the complaint.
b) Provide an estimate of the time to address the complaint.
c) Provide the customer with the contact reference to follow up on the filed complaint.
d) Inform customers on the progress of the filed complaint.
e) Address the complaints in a prompt and fair manner within ten (10) working days of receiving the complaint.
f) Notify the customer, in writing, whether the complaint or the claim is accepted or rejected, and the underlying reasons for the decision and, if applicable, any offered compensation.
g) Explain the dispute filing process to escalate the complaint or the claim to the committees established by article 20 of the law on supervision of cooperative insurance companies.
Cancellation
57. Cancellation of policies must conform to the cancellation conditions specified in the policy terms and conditions referred to in article 25. Cancellations by the insurance company must be notified to customers in writing, including a reference to the relevant contractual cancellation condition and explanation of the underlying reasons for the cancellation.
58. Amounts due to customers as a result of the cancellation of a policy must be paid without undue delay, and must be calculated in accordance with the provisions of article 54 of the Implementing Regulations.
Renewal and Expiry
59. Companies must inform customers of the policy renewal or expiry date in a timely manner to allow customers to arrange continuing insurance coverage.
60. For all protection and savings contracts, insurance companies should provide an annual statement to their customers which includes the following information:
a) Projected maturity value, or policy value at the age of eighty-five (85).
b) Current sum insured on main and supplementary benefits.
c) Total premiums paid in the previous year.
d) Policies linked to investment funds should show the value of the units in each fund.
Distribution of Surplus
61. An insurance company must document the mechanism it will put in place to comply with article 70 of the Implementing Regulations, and submit this document to SAMA for approval. This document should then be freely available to customers and members of the public.
ANTI FRAUD REGULATION 18 12 2008
This section is currently available only in Arabic, please click here to read the Arabic version.Part 1: Introduction
Purpose
- This Code presents the general principles and minimum standards that should be met by insurance and reinsurance companies, including branches of foreign insurance and reinsurance companies, and insurance related service providers to prevent or at least minimize the occurrence of fraud.
- The objective of This Code is to promote high standards of fraud detection and prevention.
- This Code must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations, in particular articles 2, 10, 12, 15, 19, 25, 28, 31, 43, 56, 71, 76 and 77.
Definitions
- The term “Companies” in This Code is intended to include: insurance and reinsurance companies, and insurance related service providers including insurance brokerages, insurance agencies, reinsurance brokerages, and reinsurance agencies. The rest of the terms used in This Code shall have the same meaning as per article one (1) of the Implementing Regulations.
Insurance fraud is defined1 as an act or omission of an act intended to gain dishonest or unlawful advantage for the party committing the fraud or for other parties. This may, for example, be achieved by means of:
a) Misappropriating assets. b) Deliberately misrepresenting, concealing, suppressing or not disclosing one or more material facts relevant to a financial decision, transaction or perception of the insurer's status. c) Abusing authority, a position of trust or a fiduciary relationship.
1 Source: IAIS guidance paper on preventing, detecting and remedying fraud in insurance, October 2006
Scope and Exemptions
- This Code applies to insurance and reinsurance companies, and insurance related service providers including insurance brokerages, insurance agencies, reinsurance brokerages, and reinsurance agencies.
Companies can be subjected to multiple forms of fraudulent activities from inside or outside the company. However, most of these activities fall under three overarching categories:
a) Internal fraud: fraud perpetrated by a company's employee. b) Intermediary fraud: fraud by insurance service providers against the companies or policyholders. c) Policyholder fraud: fraud committed in the purchase or execution of an insurance product to obtain an illegitimate coverage or payment.
Compliance Measures
- Companies must establish appropriate internal controls and procedures to monitor and ensure compliance with This Code, including the compliance of all contracted parties, in particular when there is clear evidence of a breach in the regulation.
- Companies must maintain adequate records to demonstrate compliance with This Code, including but not limited to, fraud detection, measure, mitigation and monitoring procedures.
Non-Compliance
- Non-compliance with the requirements set forth in This Code will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and the licensing conditions and may subject the company to enforcement action.
Structure of This Code
11. The Anti Fraud requirements are outlined in Parts 2 and 3 of This Code: a) Part 2 - General Requirements, which are principle-based b) Part 3 - Anti Fraud Standards, which stipulate the anti fraud requirements companies must adhere to in order to combat: i. Internal fraud. ii. Insurance service provider fraud. iii. Policyholder fraud. Part 2: General Requirements
Strategy
12. Companies should have a well defined fraud management strategy aligned with their overall vision, risk profile, business plan and objectives. 13. Companies fraud management strategies should include: a) A clear definition of the companies' level of fraud tolerance. b) A list detailing internal policies, procedures and controls intended to detect, measure, mitigate and monitor fraud. c) An outline of the renewal, validation and implementation processes of the fraud management strategy. 14. The fraud management strategy should be approved by the board of directors and updated on a yearly basis to ensure its alignment with companies' evolving business environment. Organizational Structure
15. Companies organizational structure should be designed to: a) Facilitate communication between staff, department heads and senior management. b) Provide a suitable environment for the execution and supervision of its fraud management strategy. 16. The company's board of directors is responsible for the management of fraud risk. Its activities should include: a) The approval of the fraud management strategy. b) The mobilization of required internal resources to enable proper detection, measurement, mitigation and monitoring of fraud risk in all market segments. c) The promotion of the company's anti fraud values and strategy across the organization and to the market. 17. If deemed necessary by its senior management or by SAMA, the company should consider establishing a fraud management department. This department will report all types of fraud to the senior management except for management fraud which will be reported directly to the board of directors, and will be responsible for the compliance of the company's fraud management strategy. 18. The company's board of directors and senior management should identify organizational functions and processes that are subject to a high risk of fraud and design and implement preventive measures to counter that risk accordingly. Policies and Procedures
- Companies should establish clear policies and procedures to implement the fraud management strategy, such as procedures to detect, measure, mitigate and monitor risks of fraud as well as procedures to report and log fraud incidents.
- Companies' fraud policies and procedures should be communicated across the organization and to SAMA upon request.
Contingency Plan
- Companies should design and document a recovery plan to address small and large- scale fraud, and assign a middle-level manager to be in charge of its implementation. In particular, this plan should:
a) Detail the escalation steps of the fraud. b) Stress the need to preserve evidence. c) Require to bring in an external expert if necessary (e.g., auditor, IT specialist, etc.).
Training
22. Companies should provide anti-fraud training to staff, management and members of the board of directors, and to new recruits as part of their induction programs. 23. The scope of the training will vary depending on the role and responsibilities of individuals but should include at an introductory level an overview of the company's fraud management strategy and a detailed review of the policies, procedures and internal controls implemented. 24. Employees holding key positions (e.g. premium collectors, claims settlers, internal auditors, etc.) should be dispensed more comprehensive fraud training, covering in addition to topics stated above: a) Overviews of the relevant laws and regulations. b) Workshops using real fraud cases and examples. c) Reviews of internal and external fraud reporting procedures. Reporting
Companies should have internal procedures to report fraudulent and suspicious activities to designated members within the organization and law enforcement agencies, while guaranteeing anonymity and confidentiality of the denunciations. A reference to these procedures should be made in the contingency plan.
In addition, these procedures should be communicated to new recruits upon induction and be made readily available to staff (e.g., on the company's intranet).
- Companies should communicate their reporting policies and procedures internally and externally (e.g., on the company's website).
Information Exchange
- Companies should share information on incodences of fraud as well as fraudsters with relevant authorities and with SAMA.
Part 3: Anti Fraud Standards
Section A: Internal Fraud
Detection
Internal fraud can be committed by the company board members, management, and staff in any of the business activities of the company. Fraud can be detected in overall business practices as well as personal conduct or attitude.
Typical internal fraud indicators are provided in Table I.
Measure
- Companies should define clear and well documented policies and procedures to measure internal fraud. The implementation and efficiency of these procedures should be verified by internal auditors yearly and a report regarding fraud occurrence, trends and mitigation efficiency should be submitted to the board of directors.
Mitigation
30. Companies should define transparent and comprehensive policies when dealing with internal fraud, highlighting in particular: a) The role of the board, management and staff when dealing with internal fraud. b) The enforcement measures to be taken against fraudsters. c) The relevant law enforcement authorities notification procedure. 31. Companies should restrict the access to cash and electronic transfers by: a) Setting up physical and procedural security measures over the availability and use of cash, assets and information systems. b) Arranging for cash and electronic transfers to be dealt with by more than one person. 32. Companies should enforce strict information technology rules, including but not limited to: a) Restricting the physical access to computer server rooms. b) Monitoring access rights to networks. c) Limiting and monitoring remote accesses to networks. d) Controlling and renewing network passwords on a regular basis. e) Implementing network security and auditing trail. 33. Companies should, prior to hiring permanent or temporary personnel, thoroughly screen and perform background checks to ensure the integrity and the proper moral values of potential recruits. 34. Companies should promote a culture of integrity and accountability within their organizations, e.g., by developing an internal ethical behavior manual that promotes proper conduct and good values. 35. The organizational structure of companies should be built around the following principles: a) Job descriptions should be defined clearly across the organization, detailing roles and responsibilities of management and staff. b) Functions that might be susceptible to conflict of interest should be separated. c) Vacations and job rotations for management and staff in key sensitive positions should be mandatory. 36. Companies should maintain comprehensive and complete personnel records for a sufficient amount of time after the personnel's departure. These records can be accessed by SAMA examiners upon request. Monitoring
- Companies should enforce thorough management and staff supervision policies, particularly for key positions within the organization.
- Sensitive activities should be subject to the dual verification principle, i.e., be submitted for verification by another staff member from a different department within the organization.
Section B: Service Provider Fraud
Detection
39. Since they handle most market-facing activities (e.g., distribution and claims settlement), insurance service providers are at the heart of the relationship with the policyholder. Consequently, insurers should enhance close collaboration with insurance service providers to detect and combat internal and policyholder fraud at their level, while monitoring the insurance service providers themselves for insurance service provider fraud. 40. Typical insurance service provider fraud includes: a) Withholding premiums collected by policyholders until a claim is reported. b) Insuring fictional policyholders while paying a first premium, collecting the commission and ceasing the insurance. c) Conspiring with policyholders to commit fraud. Typical insurance service provider fraud indicators are provided in Table II Measurement
- Insurers' internal auditors should assess the fraud risk of all contracted insurance service providers on an annual basis in a report to be submitted to the board of directors. In particular, this report should contain for each insurance service provider:
a) A review of the business (e.g., volume, nature of transactions, trends, etc.) of the insurance service provider. b) An assessment of the risk level, trend, and occurrence of fraud (if any). c) An overview of the insurance service provider's key processes which represent the highest risk of fraud. d) A profile of staff members handling key market-facing activities, e.g., sales and claims managers. Mitigation
42. Insurers should take the necessary fraud risk mitigation measures to select and deal with reputable insurance service providers. These measures include but are not limited to: a) Enforcing a well defined and documented screening procedure for the appointment of new insurance service providers. Such a procedure should require applicants to disclose all relevant information about their business and contain steps to: i. Evaluate the references and reputation of potential new insurance service providers. ii. Assess their financial situation and solvency. b) Setting fraud management agreements with each contracted insurance service provider. Such agreements should: i. Require the insurance service provider to comply with the insurer's anti-fraud policies, procedures and controls. ii. Stress the enforcing sanctions in case of non-compliance. 43. To minimize the risk of fraud, insurers should: a) Avoid paying a commission before the first premium is collected. b) Avoid paying commissions beyond a certain percentage of premiums paid. c) Keep parts of the commission in a temporary deposit account when dealing with unknown or new insurance service providers. d) Send policies and renewal documents directly to policyholders. e) Request from insurance service providers not to accept cash payments of premiums. Monitoring
- Insurers should define appropriate indicators to flag insurance service providers with higher risk of fraud.
Section C: Policyholder Fraud
Detection
45. Policyholder fraud is committed by policyholders and/or third parties mainly at the policy setup and claims management stages of the client relationship. Consequently, companies should design and implement procedures to combat the main types of policyholder fraud, which include but are not limited to: a) At the policy setup stage: withholding or providing incorrect personal or background information. b) At the claims filing stage: i. Submitting claims for fictitious damage or loss. ii. Misrepresenting facts to include the claim in the coverage. iii. Overstating cost of damage. Typical policyholder fraud indicators are provided in Table III. Measurement
46. Companies should maintain detailed records of occurrence of policyholder fraud. These records should detail at a minimum: a) The type of fraud. b) The technique and/or technology used to commit the fraud. c) The weaknesses in internal control procedures and deficiencies in processes. d) The fraudsters' profiles and backgrounds. e) The amount of the fraud. These records are to be communicated to SAMA upon request. 47. Internal auditors (or fraud function officer if existent) should prepare and submit to the board of directors on a yearly basis, comprehensive reports detailing fraud occurrence, description, trends, and an assessment of the efficiency of anti-policyholder fraud measures. Mitigation
- Companies should design their policies to minimize the occurrence of fraud. Based on internal auditors' yearly reports and under the supervision of the board of directors, senior managers should implement new anti-fraud measures, procedures and policies and improve existing ones.
- Companies should clearly define and document client filtering policies and set, for each insurance business class and product, the conditions required to accept new clients. These conditions should be subject to the board of directors' approval, and reviewed on an annual basis.
- Companies should define for each insurance product clear and comprehensive claims assessment procedures, detailing in particular the steps to verify the claim's facts and validity and to check for fraud indicators (see Table III).
- Companies should inform policyholders about their anti-fraud policies and the consequences of providing false or inaccurate information. Furthermore, an information section can be included in the text of the policy itself to ensure policyholders read and agree to the measures in place.
- Since insurance business development and customer relationship requirements can conflict with fraud minimizing requirements, companies should determine the right balance between development targets, customer satisfaction, and fraud detection. Consequently, operational and fraud reduction targets should be combined and approved by the board of directors on an annual basis.
Monitoring
- Companies must establish, for each business class and product, appropriate policyholder fraud indicators, trigger levels, and responses.
Table I: Typical Internal Fraud Indicators
Table I: Typical Internal Fraud Indicators
Business practices and conditions Governance
and
Organizational
Structure◄ Single individual or group of individuals acting together drive operations and/ or financial decisions ◄ Company’s strategy changes suddenly ◄ Organizational structure is complex ◄ Executive directors are numerous ◄ Directors, managers, members of staff, external businesses and contractors have conflict of interest ◄ Commission structures are unusual Operational
Management◄ Training programs are weak ◄ Transaction time, place, and parties are unusual ◄ Activities are inconsistent with the insurer’s stated policy ◄ Management turnover is high ◄ Staff turnover is high in financial and/ or accounting departments ◄ Obsoleteness or lack of procedural manuals ◄ Documentation for transactions, processes or expenses is limited ◄ Tasks and transactions are complex and require special skills Accounting
and Finance◄ Assets are restructured without justification ◄ Accounting procedures are weak ◄ Financial results and ratios are uncorrelated ◄ Share value changes without explanation ◄ Costs rise unjustifiably or are high compared to competitors ◄ Financial issues emerge Internal
Control◄ Internal control structure is weak Internal Audit ◄ Information from prior audits is insufficient ◄ Internal audits are weak or non-existing Information
Technology◄ Data and asset security system is weak Complaints ◄ Number of complaints received from external parties is high Conduct Governance
and
Management
Matters◄ Board of directors emphasizes unduly on meeting earning projections ◄ Board of directors and management take undue risks ◄ Board, managers, or members of staff have insufficient levels of income to meet personal debts or financial losses ◄ Board, managers, or members of staff appear to be living beyond their means ◄ Board, managers, or members of staff change lifestyles suddenly ◄ Board, managers, or members of staff display marked personality changes or intense family pressure ◄ Board, managers, or members of staff have a feeling of unfair treatment ◄ Board, managers, or members of staff display extreme greed for personal gain ◄ Board members and managers incur significant increase of expenses ◄ Board of directors and/ or management provide unsatisfactory answers to the supervisor’s or auditor’s questions ◄ Directors and/ or management have a poor reputation in the business community ◄ Board of directors and/ or management display overly aggressive attitude toward financial reporting ◄ Board of directors and/ or management place undue pressure on the auditors ◄ Board of directors and/ or management do not comply with laws and regulations ◄ Board of directors and/ or management display dominant management style, discouraging critical or challenging views from others such as members of staff Working
Environment◄ Morale is low within the insurer or within certain departments of the insurer ◄ Relationships at work are inappropriate or acting of individuals is unusual ◄ Earning ability is lower than that of other comparable insurers ◄ Company faces adverse legal conditions ◄ Managers or members of staff work late, are reluctant to take vacations and display signs of stress Operational
Management◄ Staff recruiting processes contain problems ◄ Management fails to follow proper policies and procedures in making accounting estimates ◄ Processing of payments is done at odd times (e.g., late in the day, after business hours, etc.) ◄ Insiders reduce holdings of insurer’s stock Table II: Typical Insuarance Service Provider Fraud Indicators
Table II: Typical Insuarance Service Provider
Fraud IndicatorsFinance ◄ Intermediary is in financial distress Portfolio ◄ Portfolio is small but has high insured amounts ◄ Number of insurance policies where the commission is higher than the first premium is high ◄ Portfolio contains an arrear of premium payments ◄ Portfolio displays high amount of claims fraud or a disproportionate number of high risk insured individuals, (e.g., elderly people) Operations ◄ Intermediary operates outside the region of the policyholder ◄ Intermediary asks for an immediate or in advance payment of commission ◄ Intermediary asks the policyholder to make payments via the intermediary himself which is an unusual business practice ◄ Intermediary receives premiums and pays commissions that are above or below the industry norm for the type of policy ◄ Intermediary has a relatively high claims ratio ◄ Intermediary has an exceptional increase in production without
apparent reason◄ Intermediary has a high level of early cancellations ◄ Intermediary has a high number of unsettled claims ◄ Intermediary insists on using certain loss adjusters and/ or contractors for repairs ◄ Intermediary changes control or ownership frequently Conduct ◄ Intermediary has a personal or a close relationship with the client ◄ Intermediary changes name and address frequently ◄ Intermediary has a number of complaints or regulatory inquiries Table III: Typical Policyholder Fraud Indicators
Table III: Typical Policyholder Fraud Indicators
General Indicators Claimant’s Behavior General
Conduct◄ Claimant doesn’t do anything to prevent or limit the damage ◄ Claimant provides evasive answers and does not cooperate during a reconstruction ◄ Claimant gives inconsistent statements to the police, experts, and third parties ◄ Claimant hides details of claim to other people (e.g., family, friends, neighbors, etc.) ◄ Claimant handles business in person or by phone, while avoiding written communication ◄ Claimant displays detailed knowledge about insurance terms and claims processes ◄ Claimant checks the insurance coverage shortly before the claimed event ◄ Claimant modifies address, bank or telephone details shortly before a claim is made ◄ Claimant insists on using certain contractors, engineers, or medical practitioners without a convincing reason ◄ Claimant avoids giving information concerning denial of previous insurance when applying for a new insurance Coverage ◄ Policyholder possesses several policies with the same insured object and coverage ◄ Policyholder changes insurers frequently ◄ Policyholder insists on changing terms and conditions ◄ Claimant does remarkable filing of the claim (e.g., claimant seeks help of a lawyer or other professional advice in reporting the claim) Payment ◄ Claimant requests that payment is made in cash ◄ Claimant requests that payment is made into different accounts ◄ Claimant requests that payment is made to a third party ◄ Claimant insists that the payment exceeds the value of the damaged goods Speed of
Settlement◄ Claimant insists on quick settlement of a claim ◄ Claimant threatens to bring in a lawyer if the claim is not settled swiftly ◄ Claimant enquires frequently about the progress of the claim ◄ Claimant accepts a low payment to settle the claim quickly Claimant’s Characteristics Background
Information◄ Claimant provides vague information regarding identity of policyholder and/ or beneficiary ◄ Claimant uses a post office box or hotel as an address, moves repeatedly, gives false addresses, or has a non-matching telephone number and address ◄ Claimant refuses the disclosure of claims history with other insurers Personal and
Financial
Situation◄ Claimant has an usual and/ or difficult occupational situation (e.g., unemployed, self-employed, frustrated with job, facing disciplinary action, seasonal worker, or in an industry experiencing downsizing and lay-offs) ◄ Claimant is experiencing a bad financial situation ◄ Claimant faces a difficult family situation (e.g., divorce) ◄ Claimant has a relationship with known fraudsters or criminals ◄ Claimant has a history in bad claims ◄ Insurer is experiencing difficulties reaching the claimant ◄ Claimant lives in a known fraud area Documents Forms ◄ Application forms are incomplete and/ or unsigned ◄ Claim forms are incomplete and/ or unsigned ◄ Claim forms are modified frequently ◄ Application form and the inception date of the cover are different ◄ Application form and claim form are inconsistent Receipts and
Reports◄ Minor losses are sufficiently documented while major ones are not ◄ Documents/ receipts are unspecific, modified, or unreadable ◄ Original documents/ receipts are missing; only copies are provided ◄ Receipts are new (e.g., not wrinkled, clean) for old events or products ◄ Receipts contain different handwritings ◄ Documents display odd dates (e.g., during holidays, after business hours etc.) ◄ Doubtful receipts are provided, from companies that do not exist, have ceased operations, or are insolvent ◄ Doubtful receipts are provided, with differing dates but with successive numbering ◄ Foreign receipts contain unspecified currency ◄ Reports from medical practitioners or other authorities (e.g., police) are inconsistent ◄ Documentation from foreign countries is different from the expected format or content (e.g., use of incorrect language) Claims’ Characteristics Submission of
Claim◄ Claims are submitted by a third party without proper power of attorney ◄ High claims are submitted frequently ◄ Claims submitted display prevailing connections Timing of
Claim◄ Claim is filed in one of the following cases:
- Shortly after coverage becomes effective.
- Just before cover ceases.
- Shortly after the cover has been increased or the contract provisions are changed.
◄ Loss occurs just after payment of premiums that were long overdue ◄ Damage occurs in the period of provisional cover Size of Claim ◄ Loss is actually far higher than first reported ◄ Loss claimed is just below the threshold that causes additional checks by the insurer ◄ Amounts insured and the characteristics (e.g., age, profession) or life style of the policyholder are inconsistent Indicators Specific to Business Classes Property claims (including disaster fraud) General
Property
Losses and
Claims◄ Losses and the characteristics (e.g., residence, occupation, income, lifestyle, etc.) of the policyholder are inconsistent ◄ Claimed losses and the findings in the police report are inconsistent ◄ Damaged items cannot be/ are not examined by loss adjusters ◄ Destroyed items are in bad shape ◄ Large amount of cash is stolen Fire ◄ Fire affects a single property or building without affecting others ◄ Policyholder, family and pet are absent during a fire ◄ Items of sentimental value (e.g., photograph albums) or family heirlooms are not lost or damaged during fire ◄ Absence of physical evidence of the place where heavy items were located (e.g., indentations in the carpet from furniture ◄ There are multiple sources of fire ◄ Origin of fire is unknown ◄ There is no evidence of burglary in case of arson ◄ Building is unoccupied and without surveillance at the time of fire ◄ Building is disconnected from public utilities at the time of fire ◄ Fire is not detected by fire alarm ◄ Fire alarm is switched off coincidently ◄ Fire alarm is switched on, but blocked by objects ◄ Fire is detected shortly after people leave the building Car Accidents ◄ Car damage and/ or injuries are exaggerated, claims are fabricated or accident is staged ◄ Circumstances of accident are identical as a previous claim or with the same lawyer ◄ Blame on the accident is accepted too easily ◄ Police and/or emergency services are not contacted immediately after an accident with substantial damage ◄ Claim for recovery damage is not made immediately after an accident with substantial damage ◄ Relationship exists between the people involved (e.g., between passengers of the different vehicles, between patient and doctor, etc.) ◄ One of the individuals involved has a rental car ◄ Driver of the rental car accepts blame easily ◄ Eye witness is very cooperative ◄ One of the vehicles involved in the accident is old and the other is new ◄ Severe damage occurs without a collision (e.g., swerving) ◄ Both people involved are foreigners from the same country ◄ Claim involves victims with no own damage insurance and/or one who would be at risk if found at fault ◄ Testimonies are very similar or strikingly different after an accident ◄ Reported injuries are remarkably similar ◄ Damage does not match the injuries (e.g., little physical damage but severe personal injuries) ◄ Inconsistencies in the damage of the cars involved (e.g., one with minor damages, the other with severe damages) ◄ Injuries are difficult to observe objectively (e.g., headaches or whiplash) ◄ Marks at the location of the accident are absent or difficult to find ◄ Accident occurs in a deserted location Car Theft ◄ Vehicle has an unusual registration number ◄ Vehicle has been registered very recently ◄ Vehicle is stolen just after the end of the “new-value period” ◄ Registration certificate is inside the vehicle or is lost before the theft ◄ Vehicle keys are not the original ones ◄ Vehicle alarm is switched on but does not work ◄ Stolen vehicle is recovered completely undamaged ◄ Stolen vehicle is recovered with valuables/ documents ◄ Age or social position of the insured and the make and model of the vehicle are inconsistent Claimants
Conduct and
Employment
Information◄ Losses are described vaguely ◄ Claim is filed with delay ◄ Items are over-insured substantially ◄ Claimant gives very detailed description of the property or a detailed photo report at the preliminary stages of the claim ◄ Lists of property in the claimant’s and the loss adjuster’s reports are in the same order ◄ Items insured are new according to the claimant ◄ Inconsistencies exist in the claimant’s account ◄ Claimant does not want the claim handler to contact his employer directly ◄ Claimant’s employment information is suspicious ◄ Claimant started his employment shortly before the accident occurred Police Reports ◄ Police report is not provided when expected ◄ Discrepancies exist between the claimed losses and the findings in the police report Travel Timing ◄ Loss is reported a long time after the trip ◄ Mismatch exists between insurance term and holiday period Life Policyholder
Information
and Conduct◄ Relationship between the policyholder, the insured and the payer of the premiums is unclear ◄ Policyholder or beneficiary owns several policies with different addresses ◄ Policyholder accepts unfavorable conditions ◄ Insured amount and standard of living of the policyholder are inconsistent Payments and
Beneficiaries◄ Payments are requested to be made to others rather than the policyholder or the beneficiary ◄ Premium is paid in cash ◄ Premium is made in foreign currencies or from a foreign bank account ◄ Payment is made to unrelated third parties ◄ Policyholder and beneficiary have a significant age difference ◄ Beneficiaries of policy are frequently changed ◄ Beneficiary’s name and account number are inconsistent Cancellation
of Policy◄ Request for cancellation of policy or refund of premiums are made shortly after the cooling off period ◄ Request for cancellation is not signed or signed by an unauthorized third party Time and
Place of Death
or Claim◄ Claim of suicide or a criminal offence is made shortly after inception of the policy ◄ Change of policy provisions or beneficiary is made just before death or disability ◄ Insured is claimed dead while abroad ◄ Disability claim is made just after a premium default Missing Death
Information◄ Body of deceased is missing or unidentified ◄ Original death certificate is unavailable ◄ Cause of death or disability is suspicious Transport Operations ◄ Weighbridge is non-calibrated ◄ Goods are delivered after theft ◄ Drivers are paid per trip ◄ Documents are handled without sufficient supervision (e.g., in hotels, restaurants) ◄ Goods are transported to a destination that does not have a market or proper processing facilities ◄ Goods are repacked to larger volume entities ◄ Goods destined to developing countries are over evaluated Inconsistencies ◄ Inconsistencies exist between insured volume/weight and the real weight ◄ Inconsistencies exist between the insured volume/ weight and the type of goods ◄ Inconsistencies exist between the insured amount and market prices Related Parties ◄ Parties involved have a bad reputation in the business ◄ Endorser is different from claimant ◄ Intermediaries are non-cooperative Healthcare Conduct of
Claimant◄ Physicians are changed frequently ◄ Claimant has multiple disability policies ◄ Claimant claims a disability and is involved in active employment or in a physical sport or hobby ◄ Claimant develops additional injuries allegedly related to the initial injury or illness when it appears that the claim will be terminated ◄ Claimant’s illness or injury occurs shortly before an employment problem (e.g., disciplinary action, demotion, layoff, strike, termination, or down sizing) ◄ Claimant visiting more than two medical providers for the same case Conduct of
Physicians◄ Emergency services are not contacted ◄ Prescriptions are cut or altered ◄ Documents contain misspelling or misusing of medical terminology ◄ Improper identification numbers are used ◄ Attending physician is not in the same geographic region as the claimant ◄ Incorrect or conflicting diagnosis from different medical providers are given ◄ Treatment provided to the claimant is inconsistent with the report diagnosis ◄ Treatment is scheduled on holidays or other days when medical facilities are normally closed ◄ Attending physician’s specialty is not consistent with the diagnosis Definitions and Scope of Applicability
Licensing Provisions
Licensing Requirements
Licensing Conditions
Licensing Fees
Application Process
Prohibited Activities
Withdrawal of a License
Cyber risk control
Cyber Resilience
Cyber Security Framework
With reference to Circular Number (381000091275) dated 28\08\1438 titled Cyber Security Framework “CSF” in the financial sector, and in pursuit by the Central Bank “SAMA” to enhance cyber security standards for financial institutions within the insurance sector, please be informed that the following financial institutions.
Insurance Brokerage Companies holding SAMA’s approval for electronic sales. Insurance Aggregators. Medical Claims Settlement Companies.
Must adhere to implement the CSF as follows
First: Conduct an in-depth and accurate assessment of the current status of cyber security at the financial institution. This should be compared against the requirements stated within the CSF to identify weaknesses and assess the level of maturity as described within the CSF under the definition of "Maturity Level".
Second: Develop a business plan to meet all requirements of the third maturity level, as mentioned in the CSF, as a minimum.
Third: Present the business plan to the board of directors/managers or general manager, for their review, approval and for seeking any further necessary support.
Fourth: Send the approved business plan to the SAMA within ninety working days of the date of publication of this Circular.
Fifth: Provide SAMA with quarterly reports starting from the end of the first quarter of the year 2023 until full compliance with the CSF.
Sixth: Fully comply with the requirements stated in the CSF within (18) months.
Seventh: The Cyber Security Committee –or equivalent- of the financial institution must follow up on the implementation of the CSF to ensure full support and resources are provided where necessary. Further to ensure timely escalation of obstacles and other related hindrances to the competent authority that may prevent complete implementation of the CSF.
The business plan and quarterly reports to be sent through mail.
To be informed and complied with.
Governance and Internal Control
Corporate Governance
Prudential and Supervisory Requirements
Capital Requirements and Solvency
Statutory Deposit
Accounting Standards
Risk Management, Investment Policies and Asset Allocation
Key Investment Restrictions
Disclosure and Prudential Returns
Business Activities and Market Conduct
Permissible and Prohibited Activities
Underwriting Practices
Insurance Products
Insurance Products Approval
Health Insurance
Motor Insurance
Other Insurance Products
Unified Forms and Policies
Online Insurance Activities
Claims Settlement
Other Provisions
Financial Reporting, Disclosures, and External Audit
Disclosure
Accounting Standards
Reports Requirements
Actuarial Reports
External Auditors Reports
Financial Reports
Reserving Reports
Persistency Reports
Audit Committee
Insurance-Related Professionals and Activities
Reinsurance
Brokers and Insurance Agents
Actuaries
Loss Adjusters & Loss Assessors
Insurance Claims Settlement Professionals
Insurance Consultants
Points of Sale
Insurance Producers
Enforcement, Sanctions, and Financial Penalties
Miscellaneous Regulations (General Rules and Provisions)
Replacement Plan of the Unified Number Strating with Number (7) Replacing Commercial Register
This circular is currently available only in Arabic, please click here to read the Arabic version.Business Continuity Management Framework
In continuation to the Central Bank’s pursuit to enhance standards within the insurance sector, and with regards to the business continuity mechanism in the event of accidents or disasters, the Central Bank stresses the importance of an effective, applied and tested mechanism based on best practices to ensure business continuity without interruptions or disruptions of importance services.
Please be informed the insurance and/or reinsurance companies must comply with the Business Continuity Management Framework "BCMF" (attached), by following the guidelines below:
First: Gap Assessment; conduct an assessment of the current situation of business continuity at the company. This should be compared against the requirements stated within the “BCMF” to identify areas of weaknesses. A business plan should be developed to comply with requirements of the Central Bank after assessing the current situation and sending it to the Central Bank within ninety working days of the date of publication of this circular.
Second: Provide the Central Bank with quarterly reports starting from the end of the first quarter of the year 2023 until full compliance with the “BCMF”.
Third: The company must fully comply with the requirements stated in the “BCMF” within one year of the date of publication of this circular.
The business plan and quarterly reports to be sent through email.
To be informed and complied with.
Follow-up circular – Regarding Uploading Motor Insurance Policies to the Najm Net system
This circular is currently available only in Arabic, please click here to read the Arabic version.Actuarial Submissions for Year 2023
Reference is made to the Actuarial Work Rules for Insurance issued by the Governor’s Decision No. (441/186) dated 06/07/1441H.
We inform you that the Actuarial Reports Schedule for the Year 2023 have been issued in accordance with the above Rules.
Accordingly, all insurance and reinsurance companies shall comply with the attached Schedule and submit the Actuarial Reports prepared in line with the relevant instructions issued by SAMA.
To be informed and complied with.
Linking and Dealing with Electronic Platforms
With regards to the Central Bank’s “SAMA” supervisory responsibility over the insurance sector in the Kingdom, and in reference to the objectives of the Cooperative Insurance Companies Control Law and its implementing regulation to protect the policyholders as well as enhancing the stability of the insurance market. Also, with respect to SAMA’s keenness to ensure data protection related to the insurance business in the Kingdom. And with reference to SAMA’s circular number (43045328) dated 19/05/1443 H, wherein SAMA referred to the Personal data protection law (issued by Royal Decree No. (M/19) dated 09/2/1443H), that imposed steps that the financial institutions shall adhere in order to ensure fully compliance with its provisions.
Accordingly, and in order to enhance the protection of the personal date for the financial institutions clients within the insurance sector. Please be informed that all companies working within the insurance sector must adhere to the following:
- Do not link with any electronic platform without obtaining SAMA’s prior non-objection. Companies whom already linked with electronic platforms must review their regulatory statue and submit to SAMA for correction within (30) days from the date of this Circular.
- Do not provide any electronic platforms with any data or information related to insurance business without obtaining SAMA’s prior non- objection.
- Fully comply with the relevant procedures and instructions issued by SAMA before linking or exchanging data with licensed or authorized platforms by SAMA.
These provisions shall not prejudice any previous authorizations or licenses previously issued by SAMA for linking with electronic platforms.
Reinsurance Cession to the Local Reinsurance Market
In continuation to the Central Bank “SAMA” pursuit to enhance the insurance sector in the Kingdom, and with the aim to foster the development of the sector, and ensure alignment with the objectives of the Saudi Vision; alongside with increasing the insurance sector’s contribution to the local content in covering the risks, and based on article (2) of the Cooperative Insurance Companies Control Law, and articles (26) and (40) of its Implementing Regulation.
Therefore, the following should be complied with:
- The insurance companies shall, during the negotiation of concluding reinsurance treaty (proportional and non-proportional) for all classes of business, offer a percentage of their reinsurance treaties to the local reinsurance market, either directly or through reinsurance brokerage companies, as specified below:
- Twenty percent (20%) at least commencing on 01/01/2023 and thereafter.
- Twenty five percent (25%) at least commencing on 01/01/2024 and thereafter.
- Thirty percent (30%) at least commencing on 01/01/2025 and thereafter.
- Insurance companies and reinsurance brokerage companies must maintain the documentation showing that the required treaty shares –as per section (1) above- are offered to the local reinsurance market.
- The Insurance Company must notify SAMA within (20) business days after the end of each calendar year, in case of failure to comply with the mentioned shares in section (1) above, along with providing the reasons for such non-compliance and its documentation.
- The insurance companies must ensure that reinsurance brokerage companies offer to place reinsurance business with local reinsurance market first, before placement with international reinsurers.
- The insurance companies must maintain records of all treaty arrangements concluded, and must include the share of the local reinsurance market in those treaty arrangements, or, where applicable, the
6. documents showing the reasons for refusal of the local reinsurance market to participate in those treaty arrangements. a- Reasons of not participation, or participation at lower shares than stated in section (1) above. b- Details of the size of the reinsurance premium that has been retroceded. - Insurance companies must update their reinsurance strategies to reflect the mechanism stipulated in this Circular and submit it to SAMA to obtain no objection within thirty (30) business days from the date of this Circular.
The provisions of the Circular shall apply on all treaties starting from 01/01/2023.
Formation of Insurance Monitoring Department
This circular is currently available only in Arabic, please click here to read the Arabic version.SAMA Approval for Inclusion of New Board Members
This circular is currently available only in Arabic, please click here to read the Arabic version.Updating the Insurance Claim Form for Compulsory Motor (Third Party) Insurance for Individual and Corporates
Reference to the Central Bank’s “SAMA” circular number (98/201612) dated 02/03/1438H regarding the claim form “Form” for compulsory motor (third party) insurance for individuals, and in reference to SAMA’s supervisory responsibility over the insurance sector in the Kingdom, and its effort to protect the rights of the insureds and beneficiaries, in particular the development of claims settlement methods.
It is to be informed that the Form for compulsory motor (third party) has been updated in alignment with the regulatory updates by relevant bodies, along with expanding the scope of its implementation to cover all compulsory motor vehicle (third party) claims filed by either individuals or corporates, based on the wording attached to this Circular. In addition to the ability to digitalize the Form to keep pace with the technology transformation.
Therefore, all companies providing motor insurance shall comply with the updated
Form attached to this Circular. SAMA also emphasis on the importance of complying with all of the Form’s provisions and the guidelines for claim settlements provided by SAMA. This Circular shall replace the Circular number (98/201612), while the attached Form shall be effective from 14/08/2022G.
Appendix to the Circular No. (67/48007) About Customer Service Channels
Reference is made to the Circular No. (67/48007) dated on 02/08/1440H, and the Circular No. (43002199) dated on 08/02/1443H in regard to the clients service channels; and based on Article (2) in Cooperative Insurance Companies Control Law;
We inform you that the scope of the aforementioned circulars – with regard to insurance sector- shall include to all insurance companies, insurance agents, insurance brokers, insurance aggregators and insurance claims settlements companies.
To be informed and complied with.
Medical Expenses Insurance - Pricing & Underwriting Instructions
With reference to Actuarial Work Rules for Insurance and/or Reinsurance Companies, and to the circular number (165) dated 13/08/2018, titled Medical Expenses Insurance – Pricing & Underwriting Instructions 2018.
Please be informed that The Medical Expenses Insurance – Pricing & Underwriting Instructions “the Circular” has been issued as a full replacement of the above-mentioned circular.
Accordingly, please find attached the Circular and related documents.
To be informed and complied with.
Adopting the Amendments on International Accounting Standard 12.
Reference is made to the limited amendments made by the International Accounting Standard Board “IASB” on to the International Accounting Standard 12 (“IAS 12”), approved by the Saudi Organization for Chartered and Professional Accountants. Accordingly, the initial recognition exemption does not apply to transactions in which equal amounts of deductible and taxable temporary differences arise on initial recognition.
All companies operating in the insurance sector shall must comply with the above amendments as applicable to their business. The updates to IAS 12 can be viewed by visiting the website of the Saudi Organization for Chartered and Professional Accountants - International Standards page -.
Approval of IFRS 17 amendments
This circular is currently available only in Arabic, please click here to read the Arabic version.Pricing Adequacy Report Instructions
With reference to Article (53) of the Actuarial Work Rules for Insurance issued by the Governor’s decision number (441/186) dated 06/07/1441H, wherein the Appointed Actuary of an Insurance Company “Company” is required to submit periodic pricing adequacy reports “Report” to SAMA, the Company’s Senior Management, and its Board of Directors.
The Report shall be produced on a quarterly basis and submitted to SAMA at a frequency specified in the Schedule of Actuarial Submissions, issued by SAMA, in respect of each calendar year.
The Report is required in respect of the Medical Expense and Motor classes of business of the Company.
Report
The Company shall prepare and submit the Report according to the following requirements at a minimum:
First: for the purpose of this Report the following terms shall have the meanings below:
- The ‘Technical price’ defined as the price for a policy determined using the actuarial basis set by the Appointed Actuary as applicable at the time of issuing/renewing the policy; this price shall be before any adjustments made by underwriters or other authorized individuals at the Company.
- The ‘Selling price’ defined as the actual price at which a policy is sold.
Second: the Company shall comply with the following:
- In order to avoid any distortions to the comparison made. Both the Technical price and Selling price must include the same components, including at least the risk premium, commissions, expenses, profit margin, and contingency margin, Effect of any mid-term adjustments due to endorsements, additions, subtractions, etc. shall be ignored.
- Technical prices generated at the time of selling the policies must be preserved and recorded in the Company’s systems in a reliable manner.
- The Company must provide the Appointed Actuary with all data and other information required by the Actuary in order to produce the Report. Data must be provided in the format required by the Actuary.
- The Appointed Actuary shall state all data deficiencies observed (if any), discussions held with the Chief Underwriting Officer (or equivalent) to address those deficiencies, and remedial actions proposed by the Appointed Actuary.
- Assumptions (if any) used in the Pricing Adequacy analysis must be clearly stated in the Report, along with stating justifications for the assumptions and methodologies used.
- The Appointed Actuary shall quantify the impact of any deviations from Technical prices on the Company’s profitability by stating the following for each segment of underwritten policies:
- Expected Loss Ratio based on the Technical price.
- Expected Loss Ratio based on the Selling price.
- Expected Combined Ratio based on the Technical price.
- Expected Combined Ratio based on the Selling price.
- Expected Gain or Loss due to deviation from the Technical price.
- In the Report, the Chief Underwriting Officer (or equivalent) must state the following:
- For any data deficiencies observed by the Appointed Actuary, a remediation plan with clear timelines in respect of each data deficiency.
- Confirmation that deviations from the Technical price, as observed in the Report, are in line with the Underwriting Authority Statement approved by the Board of Directors.
- For each layer of authority mentioned in the Underwriting Authority Statement, state the average and maximum discount percentages applied in respect of the policies sold during the period of the Report.
- Confirmation that the Board of Directors has been or will be made aware of the projected financial impact of deviations from the technical price as quantified by the Appointed Actuary in this Report
- The granularity of analysis must be commensurate with the nature of business written by the Company. At a minimum, the policies underwritten shall be segmented as provided in the MS Excel templates for Motor (Appendix 1) and Medical (Appendix 2).
Submission
- Each Report and the data contained in the MS Excel template must be signed-off jointly by the Chief Underwriting Officer (or equivalent) and the Appointed Actuary.
- A scanned copy of the signed Excel template must be submitted, together with the Report and MS Excel template, to SAMA via RMS.
Moreover, the Company must seek to automate the production of above reports in order to minimize the need for manual intervention and, hence, enhance the reliability of these reports.
Actuarial Reserve Report Submission
Reference is made to the Actuarial Reserve Report “Report” and the associated Reserve Reporting Template “Template” as at 31/12/2021, due for submission as per the Schedule of Actuarial Submissions issued by SAMA for each calendar year. For the purpose of the Quarterly Reserve reporting, the Report shall be replaced by an Actuarial Reserve Certificate “Certificate” for the year 2022.
Accordingly, the Appointed Actuary shall prepare the above Report or Certificate and Template in adherence to the following:
- The instructions contained in Circulars (173) “Circular” dated 16/01/2019, with the following considerations:
- The first paragraph of the Circular, with reference to Article (28) of ‘Actuarial Work Regulation’ shall be replaced with Article (50) of the ‘Actuarial Work Rules for Insurance’ dated 01/03/2020.
- With regards to the Unearned Premium Reserve, in paragraph (3g) of the Circular, the phrase “For Visitor-visa Medical Expense insurance policies with policy term in excess of one year . . .” shall be read as “For Visitor-visa Medical Expense insurance policies, Medical Malpractice insurance policies, and Inherent Defects insurance policies with policy term in excess of one year . . .”.
- With regards to the Expense Analysis mentioned in paragraph (4b) and (4c), and investigations regarding mortality, disability and expenses mentioned in sub-paragraph (g)(v) and (g)(vi) of paragraph (8) “Protection and Savings (P&S) Insurance” in the Circular, these requirements shall be deemed to have been met through the submission of the last annual Experience Studies Report. In case of any differences between the assumptions recommended in the above Experience Study Report and those used in the Actuarial Reserve Report, a summary of the changes in assumptions and their justification shall be attached as an appendix to the Actuarial Reserve Report.
- With regards to the Salvage and Subrogation (S&S) reserves, comply with paragraph (5e) of the Circular by projecting salvage and subrogation separately, and projecting subrogation separately for policyholders and insurance companies.
- Continue to report separately on the claims related to COVID19.
- For Motor and Medical lines of business, estimate the ultimate frequency, ultimate severity and ultimate burning cost of claims, both gross and net of reinsurance.
- Report on the claims provisions made, separately in Incurred but not reported (IBNR) and Premium Deficiency Reserve (PDR), for regulatory and environmental changes, covering at least the following:
Impact of Article (11) of Implementing Regulation the Cooperative Health Insurance Law.
Impact of COVID 19 on Health insurance claims provision.
Submission:
The Report or Certificate, along with a duly filled Template (attached) shall be submitted to SAMA as per the submission deadlines set by SAMA.
- The instructions contained in Circulars (173) “Circular” dated 16/01/2019, with the following considerations:
Claims Settlement Companies’ Services
This refers to the Central Bank’s “SAMA” supervisory responsibility over the insurance sector in the Kingdom, the objectives of the Cooperative Insurance Companies Control Law and its Implementing Regulation to support fair and effective competition in the sector, and SAMA’s effort to limit practices that may lead to conflict of interests when considering the responsibilities of Insurance Claims Settlement Companies licensed by SAMA.
Accordingly, effective 01 March 2022, all Insurance Claims Settlement Companies must adhere to the following:
- Not accept any financial compensation in any form, whether as administrative fees or as commissions from services providers in return for the tasks carried out on behalf of an insurance company.
- Must receive a payment order from the insurance company assigning the Insurance Claims Settlement tasks before making any direct payment to the services providers, which shall only be made by using an independent (Escrow Account) for each insurance company contracted with.
- Provide the insurance company, on a quarterly basis, with data of insurance claims related to the health insurance policy for the employees and owners of the Insurance Claims Settlement Company where the insurer is the insurance company that assigned the Insurance Claims Settlement task.
SAMA also emphasizes upon all insurance companies to take all necessary measures to ensure that the Insurance Claims Settlement Companies, which act on their behalf in settling insurance claims, adhere to the standards of fairness and integrity in settling claims.
Annual Experience Studies Report Instructions
These instructions are issued with reference to Article (61), Article (62) and Article (65) of the Actuarial Work Rules for Insurance issued by the Governor’s decision number (441/186) dated 06/07/1441H, wherein the Appointed Actuary of an Insurance or Reinsurance Company “Company” is required to carry out annual Experience Studies Report “Report”.
The report shall be produced by the Company as per the timetable specified in the Schedule of Actuarial Submissions, issued by SAMA, in respect of each calendar year.
Purpose
- Enable the Company’s management to understand the extent and drivers of expenses for each line of business.
- Enable the Company’s management to understand the trends in mortality and morbidity under protection & savings business, both individual and group segments.
- Enable the Company’s management to understand the level and drivers of persistency for individual protection & savings business.
- Derive expense, mortality, morbidity and persistency assumptions for the purpose of actuarial reserve calculations.
Report
The Report shall be prepared and comprise the following sections, at a minimum:
First: Expense Study:
Data: The data shall cover general insurance, health insurance, short term protection and savings products. This shall include, at a minimum, the following:
a) Detailed description of the data used, including the source(s) of data, data validation performed, and any limitations of the data. b) Data excluded from the analysis, if any, along with its justification. c) Reconciliation checks performed, and plans for remediation where differences are observed (if any). Methodology & Assumptions, This shall cover the following:
a) Analysis of Premium Deficiency Reserve (PDR). b) Analysis of Unallocated Loss Adjustment Expenses (ULAE). c) Analysis of first year and renewal expenses for individual’s protection & savings business. - All assumptions and methodologies, including those used for allocating expenses to each line of business, shall be described in detail. The Report shall also state justifications for the assumptions and methodologies used. The expense analysis shall be carried out at a sufficient level of granularity. - The analysis performed shall draw on the latest experience of the Company and leading professional practices (such as activity-based cost analysis). Results and Recommendations, This shall include, at a minimum, the following:
a) Expense ratios derived for the purpose of Premium Deficiency Reserve calculations for each line of business. b) Expense ratios derived for the purpose of Unallocated Loss Adjustment Expense Reserve calculations for each line of business. c) Expense ratios derived for the purpose of individual’s protection & savings’ reserve calculations.
Second: Persistency Study:
The Report shall separately consider all material individual long-term protection and savings products written by the Company, and shall comprise the following sections, at a minimum:
Data The data shall cover individual protection & savings business for a minimum of five years or since the time the Company started selling the protection & savings portfolio (if less). This shall include, at a minimum, the following:
a) Detailed description of the data used, including the source(s) of data, data validation performed and any limitations of the data. b) Data excluded from the analysis, if any, along with its justification. c) Reconciliation checks performed, and plans for remediation where differences are observed (if any). Methodology & Assumptions. This shall cover the following at a minimum:
a) Approach to calculating risk Exposure. b) Description of Lapse event. c) Treatment of Waiver of Premium (WOP) claims. d) Treatment of over-due premiums. e) Any simplifications used along with their justification. f) Treatment of policies cancelled during the Free-Look Period. g) Treatment of policy options, including but not limited to, partial surrenders, policy loans, paid-up option, premium decrements. Results and Recommendations. This shall include, at a minimum, the following:
a) Result of the study conducted. b) Clear recommendations based on the study. c) Detailed rationale supporting the recommendations.
The results shall be shown separately for each category mentioned in the Template provided by SAMA.
Third: Mortality & Morbidity Study:
The Report shall comprise the following sections, at a minimum:
Data This shall include, at a minimum, the following:
a) Detailed description of the data used, including the source(s) of data, data validation performed and any limitations of the data. b) Data excluded from the analysis, if any, along with its justification. c) Reconciliation checks performed, and plans for remediation where differences are observed (if any). Results and Recommendations. This shall include, at a minimum, the following:
a) Result of the study conducted. b) Clear recommendations based on the study. c) Detailed rationale supporting the recommendations.
Submission
- A duly filled Experience Studies Template ‘attached’, which captures the summary of the data, methodology and results, shall be prepared by the Appointed Actuary and be submitted along with the Report.
- The Report and the Template must be submitted via RMS.
To be informed and complied with.
Investment and Asset Liability Management Report’s Instructions
These instructions are issued with reference to Article (60) of the Actuarial Work Rules for Insurance issued by the Governor’s decision number (441/186) dated 06/07/1441H, wherein the Appointed Actuary of an Insurance Company “Company” is required to submit investment and asset liability management report “Report” to SAMA, the Company’s Senior Management, and its Board of Directors.
The Company shall produce the report as per the timetable specified in the Schedule of Actuarial Submissions, issued by SAMA, in respect of each calendar year.
Purpose
- Enable the Company’s Senior Management and Board of Directors to make informed decision on the Company’s investments and assets liability management.
- Provide recommendations to the Company’s Senior Management and Board of Directors regarding the Company’s investment policy and asset liability management strategy, keeping in view the nature and timing of insurance contract assets and liabilities and the availability of appropriate assets.
Report
The Report shall, at a minimum, comprise the following sections:
Data
This shall include, at a minimum, the following:
a) Detailed description of the data used for the analysis, including the source(s) of data, and data validation performed. b) Limitations of data, if any, and plans for remediation. c) Description of the Company’s Investment Policy approved by SAMA. Methodology & Assumptions
The analysis shall include, at a minimum, the following:
a) Methodology used for the calculation of the duration of assets and liabilities. b) Methodology for assessing the suitability of the Investment Policy. c) Assumptions used, along with their justification. If an assumption is based on external sources, those external sources shall be identified. d) Assessment of compliance of the Company’s current investments with its Investment Policy as well with SAMA’s Investment Regulations. Results and Recommendations
This shall include, at a minimum, the following:
a) Recommendations regarding the Investment Policy. b) Recommendations regarding the Asset-Liability management strategy. c) Detailed rationale supporting the above recommendations.
In addition, the Appointed Actuary shall fill out the spreadsheet template “Template” provided in Appendix (1) which is designed to capture the summary of the above Report.
Appointed Actuary and Board of Directors Responsibilities
The Appointed Actuary must present his recommendations stated in the Report to the Board of Directors within two months of the date of producing the Report. The relevant extract from the minutes of the Board meeting, clearly identifying whether the Board accepted or rejected the above recommendations, in part or in full, must be submitted to SAMA within one month of the date of holding the Board meeting.
Submission
The Report and the Template shall be submitted via RMS.
To be informed and complied with.
Follow-up Circular Regarding the Electronic Addresses of the Administrative Units of the General Directorate of Insurance Control
This section is currently available only in Arabic, please click here to read the Arabic version.Obligation to Obtain a Professional Test Certificate for the Compliance Officer in the Insurance Sector
This circular is currently available only in Arabic, please click here to read the Arabic version.Circular (225) Procedures for Reporting and Due Diligence for Financial Account Information (CRS)
This section is currently available only in Arabic, please click here to read the Arabic version.Quarterly Reserves Template
This refers to the quarterly reporting of actuarial reserves, due for submission to SAMA as per the Schedule of Actuarial Submissions for Year 2021 circulated by SAMA on 22nd December 2020.
For the above submission, the Appointed Actuary shall follow the instructions contained in SAMA’s Circular (207) dated 14/01/2021. Also, the Company shall replace the ‘Actuarial Reserve Report’ with the ‘Actuarial Reserve Certificate’. A template for the Actuarial Reserve Certificate is attached.
Accordingly, the Company must submit a completed Reserve Reporting Template along with the Actuarial Reserve Certificate as per the submission deadline for each quarterly submission; according to Circular (205) dated 22/12/2020.
An updated Reserve Reporting Template to be used by the Company for quarterly submissions is also attached, All submissions must be made through RMS.
Sports Facilities Insurance (219)
This section is currently available only in Arabic, please click here to read the Arabic version.Regulating the Integrated Logistics Special Zone
This section is currently available only in Arabic, please click here to read the Arabic version.Providing After-Sale Electronic Services
This section is currently available only in Arabic, please click here to read the Arabic version.Application of the Provisions of the Multilateral Agreement between Competent Authorities on the Automatic Exchange of Financial Account Information (CRS
This section is currently available only in Arabic, please click here to read the Arabic version.The Required Due Diligence Under the Common Reporting Standard CRS (211)
Referring to the Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information (CRS) and the attached Common Reporting Standard for Financial Account Information Reporting and Due Diligence (CRS), approved under Royal Decree No. (M/125) dated 1/12/1438H and its regulations issued by Council of Ministers Resolution No. (706) dated 30/11/1438H, and in preparation for the evaluation of the compliance of financial institutions in the Kingdom with CRS standards scheduled for this year:
We would like to inform you that the self-certification form has been updated to align with the requirements of the Automatic Exchange of Information Agreements (attached).
Accordingly, all insurance companies subject to the provisions of the agreement are required to review the form and ensure customer data is updated in accordance with this new form.
Appendix to Circular on the Compulsory Acquisition of the Insurance Fundamentals General Certificate (IFCE)
This section is currently available only in Arabic, please click here to read the Arabic version.Appendix to Circular on Limiting Advertising on Tadawul to Products that are Expected to Generate more than (5%) of the Company's Sales
This section is currently available only in Arabic, please click here to read the Arabic version.Common Reporting Standard (CRS) Status Message XML Schema: User Guide for Tax Administrations
This section is currently available only in Arabic, please click here to read the Arabic version.Applying Suitability Standards for the Appointment of Board Members, Senior Management, Key Persons in Control Functions
This section is currently available only in Arabic, please click here to read the Arabic version.Representing Juristic Entity before Judicial Authority
This section is currently available only in Arabic, please click here to read the Arabic version.Mechanism of Correspondence with Civil Defence
This section is currently available only in Arabic, please click here to read the Arabic version.Updating Websites and Verifying Social Media Accounts
This section is currently available only in Arabic, please click here to read the Arabic version.Automated Connectivity with Companies working in the Insurance Sector
This section is currently available only in Arabic, please click here to read the Arabic version.Submitting Motor Insurance Information on Najim Net System
This section is currently available only in Arabic, please click here to read the Arabic version.Grant a Discount for the 'Named Driver'
This section is currently available only in Arabic, please click here to read the Arabic version.Instructions on Insurance Renewal Messages
This section is currently available only in Arabic, please click here to read the Arabic version.Governor Decision on Seperation between Insurance Brokerage and Reinsurance Brokerage
This section is currently available only in Arabic, please click here to read the Arabic version.Updated Articles of Association Form of Insurance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Encouraging Optional Insurance for Saudi Families
This section is currently available only in Arabic, please click here to read the Arabic version.Obtaining SAMA's non-Objection before Providing Governmental and non-Governmental Agencies with Supervisory and Statistical Data and Information
This section is currently available only in Arabic, please click here to read the Arabic version.Follow Up Gross Written Premiums Data in the Sectoral Disclosure within the Financial Statements
This section is currently available only in Arabic, please click here to read the Arabic version.Gross Written Premiums Data in the Sectoral Disclosure within the Financial Statements
This section is currently available only in Arabic, please click here to read the Arabic version.Remuneration of Chairman of the Board of Directors of Insurance and Reinsurance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Saudi Arabia Insurance Market Report for 2018
This section is currently available only in Arabic, please click here to read the Arabic version.FATCA – Registration and GIIN
We refer to SAMA’s circular No. (351000112701) dated 28/8/1435H, related to Foreign Account Tax Compliance Act (USA(, in which SAMA had informed you that the Governments of the Kingdom of Saudi Arabia and the United States of America had reached an Agreement in Substance and that KSA had consented to be included on the list of jurisdictions treated as having a Model 1 Inter Governmental Agreement (IGA) in substance.
We have now received communication from the US Department of Treasury through the Ministry of Finance that the extension given to countries that have an agreement in substance to sign an IGA does not include any extension of deadline for their financial institutions to register with the IRS. After reviewing the registration form and based on external legal advice, SAMA does not have any objection for Saudi Insurance and/or Reinsurance Companies to register with the IRS and obtain a Global Intermediary Identification Number (GIIN), if the company is subject to FATCA.
If you have any question in this regard, you may contact SAMA.
Updating Information for Communication with SAMA
This section is currently available only in Arabic, please click here to read the Arabic version.Delay in Uploading Customer Information for Vehicle Insurance on Najm Net
This section is currently available only in Arabic, please click here to read the Arabic version.Transferring Ownership of Totaled Vehicles
This section is currently available only in Arabic, please click here to read the Arabic version.Reminder of the Circular Pertaining to Recommendations for the Vehicles Affected by Floods
This section is currently available only in Arabic, please click here to read the Arabic version.Recommendations for the Vehicles Affected by Floods
This section is currently available only in Arabic, please click here to read the Arabic version.Outsourcing Risks That Can not be Covered in the Local Market to Foreign Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Easing the Process of Receiving Insurance Claims
This section is currently available only in Arabic, please click here to read the Arabic version.Provide the Customer with a Letter of Rejection When Rejecting Claims
This section is currently available only in Arabic, please click here to read the Arabic version.Providing Incorrect Information regarding Motor and Health Insurance Products Prices
This circular is currently available only in Arabic, please click here to read the Arabic version.Compliance With the Prices Set by the Actuary for Vehicle and Medical Insurance
This section is currently available only in Arabic, please click here to read the Arabic version.Warning of Dealing Without a Mediator
This section is currently available only in Arabic, please click here to read the Arabic version.Warning of Dealing With Unauthorized Persons
This section is currently available only in Arabic, please click here to read the Arabic version.Application of the Second Phase of the E-link Project
This section is currently available only in Arabic, please click here to read the Arabic version.Disclosure of Conflicts of Interest to the BOD
This section is currently available only in Arabic, please click here to read the Arabic version.Delivery of Confidential Requests
This section is currently available only in Arabic, please click here to read the Arabic version.Renewal of Insurance Permit Issued by the SAMA for Insurance Companies and / or Reinsurance
This section is currently available only in Arabic, please click here to read the Arabic version.Quarterly Insurance Sector Data
This section is currently available only in Arabic, please click here to read the Arabic version.Employees Working in Insurance Sector Must Obtain the General Certificate for Insurance Basics IFCE
This section is currently available only in Arabic, please click here to read the Arabic version.Announcing the Annual and Quarterly Financial Results
This section is currently available only in Arabic, please click here to read the Arabic version.Insurance Coverage on Actual User in Leasing Motors and Motors Financially Leased to Individuals
This section is currently available only in Arabic, please click here to read the Arabic version.Governer's Resolution Following up the Governor's Resolution No. (439-61) 01-03-1439H
This section is currently available only in Arabic, please click here to read the Arabic version.Governor Decision on Amending the Online Insurance Activities Regulation
This section is currently available only in Arabic, please click here to read the Arabic version.Nationalizing Insurance Products Sales Positions (for Individuals)
This section is currently available only in Arabic, please click here to read the Arabic version.Amendments to Malpractice Insurance policies
This section is currently available only in Arabic, please click here to read the Arabic version.Issuance of Electronic Mails for the Insurance Supervision Department Units
This section is currently available only in Arabic, please click here to read the Arabic version.Follow Up - Requiring Surveillance Cameras in Stores before the Sell or Issuance of Insurance Policy
This section is currently available only in Arabic, please click here to read the Arabic version.Follow up- Underwriting Instructions for Motor Insurance 2016
This section is currently available only in Arabic, please click here to read the Arabic version.Unified Pricing Form for Individuals Motor Insurance
This section is currently available only in Arabic, please click here to read the Arabic version.Execution of Judicial Decisions against the Insured
This section is currently available only in Arabic, please click here to read the Arabic version.Application of the Provisions of the Regulation for Treatment of Non-Disclosure of Information for Tax Purposes
This section is currently available only in Arabic, please click here to read the Arabic version.Refund the Paid Premium for the Uncovered Period in Motor Insurance for Individuals
This section is currently available only in Arabic, please click here to read the Arabic version.National Address of Companies Working in the Insurance Sector
This section is currently available only in Arabic, please click here to read the Arabic version.National Address Linkage with Selling or Issuing Insurance Policy
This section is currently available only in Arabic, please click here to read the Arabic version.Governor's Resolution - Prohibition of Cash Dealing in Financial Transactions Related to Insurance Sector
This section is currently available only in Arabic, please click here to read the Arabic version.Requiring Surveillance Cameras in Stores Before the Sell or Issuance of Insurance Policy
This section is currently available only in Arabic, please click here to read the Arabic version.Transfer the Amount of Compensation of Finance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Follow up - on the RBS
This section is currently available only in Arabic, please click here to read the Arabic version.Claims Settlement of Traffic Cases Based on Final Judicial Decisions
This section is currently available only in Arabic, please click here to read the Arabic version.Inclusion of Insurance Coverage against Catastrophes in Comprehensive Motor Insurance Policies
This section is currently available only in Arabic, please click here to read the Arabic version.Risk Based Supervision Framework
This section is currently available only in Arabic, please click here to read the Arabic version.Adding Price Details for Motor Insurance Policies in Najm Net
This section is currently available only in Arabic, please click here to read the Arabic version.Nationalizing Insurance Products Sales Positions (for Individuals)
This section is currently available only in Arabic, please click here to read the Arabic version.Follow up with SAMA's Website Regarding Announcements of Insurance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Follow Up- Underwriting Motor Insurance 2016
This section is currently available only in Arabic, please click here to read the Arabic version.Rules for Establishing a Customer Care Department in Insurance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Follow Up - Nationalizing Motor Claims Departments and Customer Care Departments in Insurance Companies and Insurance Services Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Refusal of Some Insurance Companies to Provide Insurance Coverage to a Class of Applicants in Compulsory Motor Insurance
This section is currently available only in Arabic, please click here to read the Arabic version.Refusal of some Insurance Companies to Offer Travel Insurance Coverage to the Seniors
This section is currently available only in Arabic, please click here to read the Arabic version.Nationalizing Motor Claims Departments and Customer Care Departments in Insurance Companies and Insurance Services Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Submission of Annual Financial Statements and Quarterly Financial Statements
This section is currently available only in Arabic, please click here to read the Arabic version.Enabling Insurance Companies to Use the Bank Accounts Verification System When Paying Motor Insurance Claims or Recovering Part of the Insurance Premium Via IBAN Deposit
This section is currently available only in Arabic, please click here to read the Arabic version.Settlement of Motor Insurance Claims of Third-Party's Vehicles for Individuals for Claims not Exceed the Amount of 2000 Riyals
This section is currently available only in Arabic, please click here to read the Arabic version.Payment of Insurance Claims of the Compulsory Third Party (for individuals) by Depositing the Compensation Amount Into the Beneficiary's Bank Account Directly Via IBAN
This section is currently available only in Arabic, please click here to read the Arabic version.Uploading Motor Insurance Policies on NAJM Net
This section is currently available only in Arabic, please click here to read the Arabic version.Emphasis on Provide a Copy of Consumers Protection Principles of Insurance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Reliance on the Gregorian Calendar to Determine the Effective and End Date of Insurance Coverage Period
This section is currently available only in Arabic, please click here to read the Arabic version.Assertion on Obtaining Customer's Contact Information
This circular is currently available only in Arabic, please click here to read the Arabic version.Rules of Requesting Cancellation of Motor Insurance Policy Upon Transferring of Ownership of the Vehicle
This section is currently available only in Arabic, please click here to read the Arabic version.Statutory Deposit Account
This section is currently available only in Arabic, please click here to read the Arabic version.Article (150) of the Companies Law
This section is currently available only in Arabic, please click here to read the Arabic version.Surplus Distribution Policy
No: 201503000058 Date(g): 2/3/2015 | Date(h): 12/5/1436 Rules Governing Insurance Aggregation Activities
Saudi Central Bank has issued this Rules according to the Governor’s Decision number (441/4) dated 25/06/1441H, based on the powers vested to Saudi Central Bank by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
The Standard Insurance Policy of Medical Malpractice
The Saudi Central Bank has issued this Rules according to the Governor’s Decision number (1/S/443) dated 20/02/1443H based on the powers vested to SAMA by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
The Standard Insurance Policy of Professional Indemnity for Auditors of the Entities Supervised by the Capital Market Authority
The Saudi Central Bank has issued this Policy in accordance to the Governor’s Decision number (4/S/443) dated 14/12/1443H based on the authority vested to Saudi Central Bank by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
The Standard Policy of Inherent Defects Insurance (IDI)
The Saudi Arabian Monetary Authority has issued this Policy according to the Governor’s decision number (441/187) dated 05/08/1441H, based on the powers vested to Saudi Central bank by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
Insurance Corporate Governance Regulation
Online Insurance Activities Regulation
This regulation has been issued in both Arabic and English. In the event of discrepancy between the two contexts, the Arabic text takes priority over the English text.
Taking into Account the Issuance of Checks Payable to People (Heirs) in the Name of the Deceased
This circular is currently available only in Arabic, please click here to read the Arabic version.Follow up - Establishing Customer Care Department in Insurance Companies
This circular is currently available only in Arabic, please click here to read the Arabic version.Amendment of Motor Insurance Commission
This circular is currently available only in Arabic, please click here to read the Arabic version.Purpose
This Policy presents general principles for “distribution of surplus” to policyholders in accordance with Article 70 (2e) of the Implementing Regulations of the Law on Supervision of Cooperative Insurance Companies promulgated by Royal Decree No. (M/32) dated 2.6.1424 H. The above article states that “10% of the net surplus shall be distributed to the policyholders directly, or in the form of reduction in premiums for the next year. The remaining 90% of the net surplus shall be transferred to the shareholders’ income statement,”.
A written approval from Saudi Arabian Monetary Agency (herein after referred to as Agency) must be obtained for surplus distribution and timings.
- The senior management of the insurance company and the company’s Board of Directors should be fully conversant with the contents of the Policy and ensure implementation of the policies and procedures contained herein in totality and in accordance with applicable regulations.
- This Policy should be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations.
- The company should apply this Policy for 2015 financial year and the following years.
- The company shall maintain separate registers for each class of insurance (General Insurance, Health Insurance, and Protection and Saving Insurance). However, if the company is selling only Group Protection products, the company should include these products within the Health Insurance or General Insurance register for the purpose of calculation the surplus.
- This Policy is applicable for General Insurance and Health Insurance classes, and Group protection products if the company is selling only these products of the Protection and Saving Insurance class.
Article One Definitions
The terms and phrases used in these Rules shall have the same meaning as defined in the Implementing Regulation of the Cooperative Insurance Companies Control Law and the Online Insurance Activities Regulation.
For the purpose of applying the provisions of these Rules, the following terms and phrases, wherever mentioned herein, shall have the meanings assigned thereto, unless the context otherwise requires:
1.1 Central bank: Saudi Central Bank*. 1.2 Law: Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated2/6/1424H (corresponding to31/7/2003), amended by Royal Decree No. (M/30) dated 27/05/1434H (corresponding to 8/4/2013). 1.3 Rules: The Rules Governing Insurance Aggregation Activities. 1.4 Insurance Company: the company licensed to practice insurance business in accordance with the provisions of the Cooperative Insurance Companies Control Law. 1.5 Insurance Aggregator: A company licensed/approved by Saudi Central Bank to practice Insurance Aggregation Activities. 1.6 Insurance Aggregation Activities: Online insurance brokerage activities carried out to complete the purchase of insurance policies for the insured, including comparison of coverage and prices offered by Insurance Companies and facilitating the sale and purchase of policies. 1.7 Electronic Platform: Any electronic means used to conduct Insurance Aggregation Activities for example a website and application. * The Saudi Arabian Monetary Agency was replaced by the name of Saudi Central Bank in accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding in 26/11/2020AD.
Saudi Central Bank The Standard Insurance Policy of Medical Malpractice
Saudi Central Bank The Standard Insurance Policy of Professional Indemnity for Auditors of the Entities Supervised by the Capital Market Authority
Saudi Arabian Monetary Authority The Standard Policy of Inherent Defects Insurance (IDI)
Part 1: Introduction
- This Regulation enumerates Saudi Central Bank's corporate governance requirements that must be met by insurance and/or reinsurance companies.
- The objective of This Regulation is to set high standards of corporate governance within the insurance industry in accordance with the recognized best international practices.
- Saudi Central Bank may, at any time, require any of the insurance service providers to comply with some or all of the requirements of this Regulation.
- This Regulation shall be read in conjunction with the following:
- The Law on Supervision of Cooperative Insurance Companies promulgated by Royal Decree M/32 dated 2/6/1424 H and its Implementing Regulations
- The Companies Law
- The Corporate Governance Regulations in the Kingdom of Saudi Arabia and the Listing Rules, issued by the Board of the Capital Market Authority (CMA)
- The Insurance Market Code of Conduct Regulation, the Risk Management Regulation, the Antifraud Regulation, the Anti-money Laundering and Combating Terrorism Financing Rules, the Regulation of Reinsurance Activities, the Insurance Intermediaries Regulation, the Online Insurance Activities Regulation, the Investment Regulation the Outsourcing Regulation, the Insurance Audit Committee Regulation, the Actuarial Work Regulation for Insurance and Reinsurance Companies, the Requirements for Appointments to Senior Positions in Financial Institutions Supervised by the Saudi Arabian Monetary Agency, and any other regulations and relevant directives and circulars and resolutions issued by Saudi Central Bank.
5. This regulation has been issued in both Arabic and English. In the event of discrepancy in the interpretation of the two texts, the Arabic text prevails.
Introduction
Article One Introduction
This Policy shall specify the minimum limits of Medical Malpractice liability coverage in accordance with the terms, conditions and exceptions provided herein or attached hereto. In consideration of the Insured having paid the premium to the Company, the Company agrees to provide insurance coverage subject to the terms, conditions and exclusions of this Policy, and shall provide coverage up to the amounts and limits stated in this Policy, or as amended by Endorsement
The Company and the Insured shall not be entitled to agree on liability limits lower than those set herein. However, the Company and the Insured may agree on additional coverage not specified herein.
Article One Introduction
This Policy specifies the minimum limits of Professional Indemnity coverage raising from Professional Failures of the auditors of the entities supervised by CMA; in accordance with the terms, conditions and exclusions provided herein or attached hereto, and the Company agrees to provide insurance coverage up to the amounts and limits stated in this Policy, or as amended by endorsement in consideration of the Insured having paid the Premium to the Company.
The Company and the Insured shall not be entitled to agree on liability limits lower than those set herein. However, the Company and the Insured may agree on additional coverage not specified herein.
Preamble
1. This Policy shall specify the minimum coverage of compulsory Insurance on Inherent Defects that may discovered on Premises and constructions after occupation in nongovernmental construction projects, in accordance with the terms, conditions and exceptions provided herein or attached hereto. In consideration of the Insured having paid the premium to the Insurer, the Insurer agrees to provide insurance subject to the terms, conditions and exclusions of this Policy, and shall provide coverage up to the amounts and limits detailed in the Schedule, or as amended by Endorsement, as Limits of Indemnity during the Period of Insurance. The Insurer and the Insured may not agree on amending the insurance coverage or terms and conditions than what is set herein unless prior written approval is obtained from Saudi Central Bank.
2. This Policy and its Schedule, the Proposal Form, Endorsements and the Certificate of Approval shall be read as one document and any word or expression to which a specific meaning or definition has been given shall have such specific meaning wherever it may appear, unless specifically restated purely for the purposes of individual endorsements.
First Purpose
- This regulation specifies the requirements and provisions for conducting insurance activities by insurance companies, insurance brokers and agents over the internet.
- This regulation specifies the requirements and provisions for conducting insurance activities by insurance companies, insurance brokers and agents over the internet.
- This regulation must be complied with in conjunction with the Law on Supervision of Cooperative Insurance Companies promulgated by Royal Decree M/32 dated 2/6/1424 H and its Implementing Regulations, and the Online Regulation promulgated by Royal Decree M/18 dated 8/3/1428 H and its Implementing Regulations, and the Anti-Cyber Crime Law promulgated by Royal Decree M/17 dated 8/3/1428 H in addition to any Regulations or other instructions issued by Saudi Central Bank and specially the Anti Money Laundering & Combating Terrorism Financing Regulation, the Anti-Fraud Regulation, the Market Code of Conduct Regulation, the Outsourcing Regulation for Insurance and/or Reinsurance Companies and Insurance service providers. In addition to other relevant laws, regulation, instructions and decisions.
Article Two Definitions
The following words and phrases, wherever they occur herein, shall have the meanings assigned thereto, unless the context requires otherwise:
1- The Company: The licensed Insurance Company that practices insurance businesses in
accordance with Cooperative Insurance Companies Control Law.
2- Policy: The Standard Insurance Policy of Medical Malpractice.
3- The Insured: the medical
practitioner as defined in Law of Practicing Healthcare Professions, who has entered into an insurance contract.
4- Medical Malpractice: Any bodily, physical injury or mental injury, sickness, illness, disease, or death of any patient caused by the Insured’s negligent act, error or omission during ordinary, Emergency Medical Treatment, home medical visits and telehealth care within the scope of the job or profession during the presence in the Kingdom of Saudi Arabia.
5- Other Emergency Medical Treatment: medical treatment provided by the Insured at the scene of the sudden event, who was present either by coincidence or in response to an emergency call following the sudden event.
6- Claim: A Claim for Indemnity of damages or losses caused by Medical Malpractice covered under the Policy.
7- Defense Costs: All cost, fees, and expenses incurred in defending the Insured or for the purpose of settling any Claim within the limits of coverage stated in the Policy Schedule.
8-Products: Any solid, liquid or
gaseous substance or component part thereof.
9- Extended Reporting Period: the benefit, which provides the Insured with an extended period to report any Claims occurring during the Policy period, which start from the expiry date of the Policy or the date of cancelation till the end of the Extended Reporting Period.
10- Administration Fees: The
amount charged towards the administrative costs for the issuance of the Policy.
11- Premium: Amount paid by the Insured to the Company in exchange for the Company’s acceptance to indemnify the Insured; in accordance with insurance coverage stated in the Policy.
12- Deductible: The portion of the loss amount mentioned in the Policy Schedule, which is to be borne by the Insured.
13- Indemnity: The amount to be paid by the Company based on a verdict against the Insured due to Medical Malpractice including Defense Costs in accordance to the limit insurance coverage.
14- Compulsory Retroactive Insurance: Compulsory Coverage for a period prior to the inception date the Policy.
15- Additional Retroactive Insurance: the coverage that the Company decided to provide to the Insured for a period prior to the inception date of the Policy.
16- Retroactive Date: the inception date of either Compulsory or Additional Retroactive Insurance.
17- Material Fact: Any information, which may affect the Company’s decision in specifying the Premium amount by 25% or more, or the terms of the Policy, or the Claim approval.
18- Policy Schedule: The schedule annexed to the Policy containing information about the Insured; which is considered an integral part of the Policy.
Article Two Definitions
The following words and phrases, wherever occurred herein, shall have the meanings assigned thereto, unless the context requires otherwise:
1- The Company: The licensed
Insurance Company that practices insurance businesses in accordance with Cooperative Insurance Companies Control Law.
2- Policy: The Standard Insurance Policy of Professional Indemnity for Auditors of Entities Supervised by Capital Market Authority
3- The Insured: Auditing firms of the entities supervised by CMA.
4- Authority: Capital Market Authority.
5- Professional Services: Auditing the financial statements of the entities supervised by CMA in accordance to the audit criteria approved by the Saudi Organization for Charted and Professional Accountants (SOCPA) for the purpose of expressing an opinion on whether these financial statements show the fairness of the financial position of the entity on a given date and the results of its operation for a specific financial period, or examine the initial financial statements prepared by the entity, for the purpose of concluding whether anything leads to believe that the financial statements are not prepared from all fundamental aspects in accordance with the framework of the applicable financial statements.
6- Professional Failure: Negligent act, error and omission in providing Professional Services.
7- Claim: A Claim for indemnity of damages or losses caused by Professional Indemnity covered by this Policy.
8- Defense Costs: All cost, fees, and expenses incurred in defending the Insured and/or for settling any Claim within the limits of coverage stated in the Policy Schedule.
9- Extended Reporting Period: The benefit that provides the Insured with an extended period to report any Claims occurring during the Policy period, which start from the expiry date of the Policy or the date of cancelation until the end of the Extended Reporting Period.
10-Administration Fees: The amount charged against the administrative costs for the issuance of the Policy.
11-Premium: Amount paid by the Insured to the Company in exchange for the Company’s acceptance to indemnify the Insured; in accordance with insurance coverage stated in the Policy.
12-Deductible: The amount borne by the Insured from the indemnity, as mentioned in the Policy Schedule
13-Indemnity: The amount to be paid by the Company based on a verdict against the Insured due to Professional Failure including Defense Costs, and in accordance to the limit of the insurance coverage.
14- Retroactive Insurance: a Coverage for a period prior to the inception date of the Policy.
15- Retroactive Date: The inception date of the Retroactive Insurance.
16- Material Fact: any information requested by the Company from the insurance applicant during the conclusion of the Policy, which may affect the Company’s decision in accepting the insurance or accepting the insurance with different conditions.
17-Policy Schedule: The schedule annexed to the Policy containing information about the Insured; which is considered an integral part of the Policy.
Definitions
For the purposes of this Policy, the following definitions shall apply:
1. Policy
The Policy of Inherent Defects Insurance.
2. Building Contract
The contract or contracts for the design and construction of the Premises and the contract’s documents.
3. Certificate of Approval
The Certificate(s) issued by the Technical Inspection Service to the Insurer at the same time as or following practical completion under the Building Contract, and any supplementary certificate issued by the Technical Inspection Service to the Insurer to certify continuing integrity of the Premises in respect of any re-examination in accordance with the Operative Clause.
4. Occupancy Certificate
A permission to occupy the building to be issued by the concerned authority confirming substantial completion of the Premises.
5. Date of Inception
The Date of Inception will be the date shown on the policy schedule.
6. Total Sum Insured
The sum shown in the Schedule representing the full rebuilding costs of the Premises at the Date of Inception and/or adjusted in accordance with Clauses (7) and/or (11) of General Conditions.
7. Deductible
The first amount of any claim, as stated in the Policy Schedule, which remains at the Insured’s own risk and is not payable by the Insurer.
8. Inherent Defect
Any defect in the Structural Works or the Envelope weakening the strength and steadiness or stability of the Premises and attributable to a fault, error or omission in design, materials, geological investigation or construction which was undiscovered at the date of issue of the Occupancy Certificate.
9. Insurer
The Insurance Company that provides insurance services as per this Policy.
10. Insured
The party or parties named in the Schedule, their successors in title and their assignees (subject to Insurer’s agreement in writing) to the extent of their respective rights and interests in the Premises. For the purpose of this Policy, the Contractor shall be the Insured before the start of the Period of Insurance, and the owner of the Premises shall be the Insured during the Period of Insurance as stated in clause (3) of Article (3) of this Policy.
11. Contractor
Natural or juristic person licensed to undertake construction works, engaged pursuant to Building Contract, and mandated by the concerned authority to obtain Inherent Defect Insurance.
12. Damage /Loss
The cost of reinstatement of physical loss or damage of total or partial collapse, or destruction of Insured Premises caused by an Inherent Defect.
13. Premises
The whole and each part of the Works at the address stated in the Schedule and which is the subject of:
•The Occupancy Certificate.
•The Certificate of Approval issued by the Technical Inspection Service attached to and forming an integral part of this Policy.
Comprising:
a. Structural Works
All internal and external load-bearing structures essential to the stability or strength of the Premises including but not limited to foundations, columns, walls, floors, beams.
b. Envelope
All works forming part of external walls and roofing of the Premises but excluding:
1. Moveable elements of external windows, doors, skylights.
2. External cladding unless it is essential for the stability of the building.
3. Equipment, Fixtures and Fittings.
c. Non Structural Works
All non-load bearing parts of the Premises other than those works described in Definition No 13 (b) and 13(d) including but not limited to floor coverings, ceilings, partitions, internal windows and doors,
d. Equipment, Fixtures and Fittings
All non-loading bearing parts of the Premises other than those works described in Definition No. 13 (c) above as Non Structural Works including but not limited to:
Electrical wiring and connections, all fixtures and fittings, all equipment and fixtures for the collection and distribution of gas, water, heating and ventilation. All permanent mechanical and electrical apparatus including boilers and similar plant included in the Building Contract irrespective of whether such equipment, fixtures and fittings are fixed to or incorporated in any part of the Structural Works.
e. External Works
All external non-structural works owned by the Insured and the subject to the Building Contract, including but not limited to pavement, cross-over, paved areas, pedestrian and vehicular landscaping and all external drains, sewers, pipes, cables, wires and other service media.
14. Technical Inspection Service
The party or parties appointed by the Insurer at the expense of the Insured, to provide such examination of plans, specifications, bills of quantities and other documentation in relation to the Works and such inspections as the Technical Inspection Service and Insurer shall require.
15. Works
The works completed under the Building Contract.
16. Waterproofing
Part of the Works serving to protect the Premises from the ingress of water of any kind originating externally to the Premises. For the avoidance of doubt, this definition does not extend to any part of the Works serving to protect the Premises against the effects of humidity or condensation.
17. Policy Schedule
The Schedule annexed to the Policy containing information required to be imbedded in the Schedule.
Definitions
Without prejudice to the provisions of article (1) of the Implementing Regulations of the Law on Supervision of Cooperative Insurance Companies issued by decision of H.E. the Minister of Finance No. 1/596 dated 01/03/1425H, the following terms and expressions wherever mentioned in this Regulation shall have the meanings shown assigned thereto unless the context requires otherwise:
Central Bank: The Saudi Central Bank*.
Board of Directors (the Board): the Company's Board of Directors as accepted by the laws in the Kingdom of Saudi Arabia.Chairman of the Board (Chairman): a Non-executive Board Member elected by the Board to preside over its meetings and organize its activities.
Chief Executive Officer (CEO): the officer with highest rank in the senior executive management of the Company, who is in charge of its daily management, regardless of the title of his or her position.
Company (Companies): the insurance and/or reinsurance company licensed by Saudi Central Bank under the Law of Supervision of Cooperative Insurance companies and its Implementing Regulations (or the insurance service provider required by Saudi Central Bank to comply with some, or all of the requirements of this Regulation based on Article (3) of this Regulation).
Related Company: a company (or one of several companies that Saudi Central Bank may consider to be acting in concert) holding a shareholding of 5% or more of the equity of the Company, or a company in which the Company (either alone or with other companies that Saudi Central Bank may consider to be acting in concert) holds a shareholding of 5% or more.
Related Persons: close family members of parents, spouse, descendants; any person with a business relationship that might influence the decision making process; and any establishment in which any member of the Board of Directors has more than 5% interest.
Significant Shareholders: natural or legal persons that, directly or indirectly, alone or in association, controls 5% or more of the Company's shareholding.
Executive Board Member: a member of the Board of Directors who is also a member of the executive management of the company and participates in the daily affairs of the company and earns a monthly salary in return thereof.
Non-executive Board Member: a member of the Board who provides opinions and technical advice and is not involved in any way in the management of the company and does not receive a monthly or an annual salary.
Independent Board Member: a member of the Board who enjoys complete independence. This means that the member is fully independent from management and the company. Independence is the ability to judge things after taking into account all relevant information without undue influence from management or from other external entities.
Independence cannot be attained by a Board member in the following situations, including but not limited to:
- Being a Significant Shareholder in the Company, or in a Related Company, working for or representing a Significant Shareholder
- Being a member of the Board in a Related Company or one of its subsidiaries, or having been one during the past two years
- Being a member of the Board of the Company for more than nine years
- Holding a Senior Management position in the Company, or in a Related Company, or having held one during the past two years
- Being an employee with the Company, with a Related Company, or with a company that provides services to the Company (e.g., external auditors, consulting firms, etc.) or having worked with any one of the above during the past two (2) years
- Being a Related Person of a member of the Board or Senior Management of the Company or of a Related Company
- Having a contractual or business relationship with the Company (either directly or through an entity in which he or she is a Significant Shareholder, a Board member, or a manager) which resulted in paying to, or receiving from, the Company the equivalent of two hundred and fifty thousand (250,000) Saudi riyal or more (other than his or her remuneration as a director of the Board and amounts related to insurance contracts) during the past two (2) years
- Being under any financial obligation towards the Company or any members of its Board or Senior Management that might limit the exercise of independence in judgment and decision making
Senior Management (Management): the Managing Director, Chief Executive Officer, General Manager, their deputies, Chief Financial Officer, Managers of key departments, officers of risk management, internal audit, and compliance functions, and similar positions in the Financial Institution, in addition to incumbents of any other positions determined by Saudi Central Bank.
Senior Positions: Members of the board and senior management.
Stakeholders: the persons or parties who have an interest in the company, including shareholders, policyholders, claimants, employees, reinsurers, regulatory and supervisory bodies.
The rest of the words and statements used in this Regulation shall have the same meaning as per Article (1) of the Implementing Regulations of the Law on Supervision of Cooperative Insurance Companies unless the context requires otherwise.
* The Saudi Arabian Monetary Agency was replaced by the name of Saudi Central Bank in accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding in 26/11/2020AD.
Second Definitions
The following terms and statements in this regulations refers to the meanings explained here, unless stated otherwise:
Central Bank: refers to Saudi Central Bank*.
Regulation: refers to the online insurance activities regulation.
Company: refers to the insurance companies, insurance brokers and agents licensed by Saudi Central Bank to conduct business in the Kingdom.
Customer: refers to the insured, the web site user, or any person who submits a request to get an insurance cover through the web site.
Online transactions: refers to any exchange, contract, communication or other procedure conducted or executed— fully or in part— online.
Online Statements: refers to online statements in the form of text, symbols, pictures or drawings or other form of online formats combined or in parts.
Online Insurance Activities: refers to any business conducted by the company through the internet, including, but not limited to, selling insurance policies, collecting premiums, receiving claims, and receiving and handling with complaints.
Website: refers to the company's web site address that is licensed by the designated authority and used on the company's prints and advertisements.
Hard copy: refers to the output of computer in printed form.
Soft Copy: refers to any document stored in the memory of the computer, or on a hard disc (internal or external), or any other electronic storage mean, the content of which can be viewed on a computer and transferred electronically through, but not limited to, email.
Unauthorized Access: refers to the access of a person on purpose to a computer or website or an information system or network, without authorization.
The remaining terms used in this regulation have the same meaning as stated in article 1 of the Implementing Regulations of the Law on Supervision of Cooperative Insurance Companies.
* The Saudi Arabian Monetary Agency was replaced by the name of Saudi Central Bank in accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding in 26/11/2020AD.
Article Three Insurance Coverage
First: Insurance coverage period starts in accordance to Policy terms and conditions- without prejudice to the transitional provisions issued by SAMA- as follows:
1. In case the Policy being issued and renewed by the same Company without interruption in the insurance coverage: The Company must provide Compulsory Retroactive Insurance starting from the inception date of the coverage under the first Policy being issued by the Company till the expiry date of the last Policy being issued by the Company.
2. In case the Policy being issued by a new Company or being renewed by current company with interruption not more than 14 calendar days :
The Company must provide Compulsory Retroactive Insurance starting from the inception date of the coverage Under the first Policy being issued either by the current Company or by previous Company (ies) of the Insured.
3. In case the Policy being issued by a
new Company, or being renewed by
current Company: with interruption
for more than 14 calendar days :
The insurance coverage shall start from the inception date of the coverage being issued by the Company, however, the Company may elect to provide Additional Retroactive Insurance staring from the inception date of the first Policy being issued for the Insured either by current Company or previous Company ( ies) or otherwise as agreed.
- In any of the above cases, The Company must state the type of Retroactive Insurance (Compulsory or additional)provided and Retroactive Date in Policy Schedule.
- The Company shall not be obliged – at the time of concluding the policy- to cover the Additional Retroactive Insurance which have been provided to the Insured by previous Policies
- The Company is not obliged to indemnify for any Medical Malpractice occurred within either Compulsory or Additional Retroactive Insurance unless it is unknown to the insured at the time the policy is being concluded .
Second: this Policy covers, as specified herein, the following:
a- Indemnity for all amounts for which the Insured is legally liable to pay to others, due to Medical Malpractice based on a final verdict issued by judicial component body.
b- Indemnity of Defense Costs.
The total Indemnity stated in subtitle (a) and (b) of this article shall not exceed the limit of insurance coverage stated in the Policy Schedule
Third: Limit of Insurance Coverage The Company and the Insured must agree on the maximum limit of insurance coverage provided that it should not be less than the limit stated in the Policy Schedule.
Article Three Insurance Coverage
First: Insurance coverage period shall start in accordance to the Policy’s terms and conditions as follows:
1. In case the Policy is being issued and renewed by the same Company without interruption to the insurance coverage:
The Company must provide Retroactive Insurance coverage starting from the inception date of the first Policy being issued by the Company until the expiry date of the last Policy being issued by the Company.
2. In case the Policy is being issued by a new Company without interruption in the insurance coverage :
a. In case there are previous insurance coverage for a period less than three years:
The Company must provide Retroactive Insurance coverage starting from the inception date of the first policy issued by the previous company/companies; provided that no known
Professional Failure at the time of concluding the insurance contract.
b. In case there are previous insurance coverages for a period exceeding three years:
The Company must provide Retroactive Insurance for a minimum of three years prior to the inception date of the current insurance coverages provided that there is no known Professional Failure at the time of concluding the insurance contract.
Second: This Policy covers, as the following:
A. Indemnity for all the amounts the Insured is legally liable to pay to others, due to any Professional Failure committed while providing Professional
Services within the Kingdom of Saudi Arabia and based on final verdict issued by judicial component body.
B. Indemnity of Defense Costs.
C. Indemnity in accordance to any additional coverage stated in the Fourth point of this article.
The total Indemnity stated in subtitle (A) and (B) & (C) of this article shall not exceed the limit of insurance coverage stated in the Policy Schedule.
Third: Limit of Insurance Coverage The Company and the Insured may agree on a higher limit of insurance coverage; provided that it should not be less than the limit stated in the Policy Schedule.
Fourth : Additional Coverage The Company must provide the following coverages:
1. Fraud and dishonesty (up to 10% of the Limit of Insurance Coverage).
2. Liable and slander (up to 10% of the Limit of Insurance Coverage).
3. Unintentional breach of confidentiality (up to 10% of the Limit of Insurance Coverage).
4. Loss of documents (up to 10% of the Limit of Insurance Coverage).
5. Infringement of copyright (up to 10% of the Limit of Insurance Coverage).
6. Intellectual Property infringement (up to 10% of the Limit of Insurance Coverage).
Insuring Agreement
1. Operative Clause
The Insurer shall indemnify the Insured against the cost of repairing, replacing and/or strengthening the Premises following and consequent upon an Inherent Defect which is discovered and is notified to the Insurer during the Period of Insurance and not excluded herein causing any of the following events:
a. Physical damage to the Premises; or
b. The threat of imminent collapse to the Premises, which requires immediate remedial measures for the prevention of an actual collapse within the Period of Insurance.
2. Additional Benefits
In addition to and consequent upon the above indemnity, and in connection with events (a) or (b) described above in (1) of this Article, the Insurer will indemnify:
a. The cost of demolishing the Premises and/or the removal of debris from the Premises incurred by the Insured up to the Limit of Indemnity prescribed in the Schedule.
b. The legal, professional or consultants’ fees incurred by the Insured up to the Limit of Indemnity prescribed in the Schedule. The Insurer will not be liable to the Insured for fees incurred for the purpose of preparing a claim under this Policy.
c. The additional costs of repair or replacing and/or strengthening which arise out of alterations in design, use or application of improved materials, improved or altered methods of working or construction incurred solely in compliance with or consequent upon any building or other regulations under or in pursuance of any related law and regulations. This does not include the costs of complying with such requirements where such requirements have come to the attention of the Insured before the events (a) or (b) described in clause (1) of this Article become manifest, or such costs which relate to undamaged or unaffected parts of the Premises.
3. Period of Insurance
a. The period of Ten years (calculated using the Gregorian Calendar) commencing on the Date of Inception and expiring at midnight on the Date of Expiry as shown in the Schedule, provided that:
1. The Occupancy Certificate has been issued.
2. The premiums due have been paid to Insurer in accordance with Premium Payments clause provided in Article (5).
3. Insurer has received the Certificate of Approval.
4. Insurer has issued an endorsement indicating that the Policy is in force.
b. The Period of Waterproofing coverage is the period commencing 12 months after the Date of Inception and expiring at midnight on the Date of Expiry as shown in the Schedule, provided that:
1. The Insurer has received a supplementary Certificate of Approval from the Technical Inspection Service for the Waterproofing works.
2. The additional premiums have been paid to the Insurer if the supplementary Certificate of Approval is not unqualified.
3. Insurer has issued an endorsement indicating that the Waterproofing coverage is in force.
c. In those cases where the Building Contract provides for more than one Occupancy Certificate:
1. Inception shall take place in respect of Premises which consist of a single building following issuance of the Occupancy Certificate for the Premises as a whole unless otherwise agreed in writing by the Insurer.
2. Inception shall take place in respect of Premises which consist of more than one building following the issuance of the Occupancy Certificate for each building unless otherwise agreed in writing by the Insurer.
4. Under Insurance
If an Inherent Defect has been discovered, and the full rebuilding costs of the Premises is greater than the Total Sum Insured or adjusted in accordance with Clauses (7) and/or (11) of General Conditions, the insured will be entitled to compensation according to the Total Sum Insured specified in the Policy Schedule to the full rebuilding costs.
5. Limits of Indemnity
The liability of the Insurer shall not exceed the Limit of Indemnity shown in the Schedule for the Period of Insurance unless cover has been increased by endorsement and the appropriate additional premium paid to the Insurer but excluding in respect of each and every claim the amount specified in the Schedule as the Deductible. If the Insured comprises more than one party, the total liability of the Insurer shall not exceed the amount for which the Insurer would have been liable as if there had been a claim by only one Insured.
6. Application of Deductible
The amount of the Deductible specified in the Schedule shall apply to each Inherent Defect, after the application of all other Terms and Conditions of the Policy, and not to the aggregate of claims arising during the Period of Insurance. Multiple claims arising from the same Inherent Defect shall be treated as one claim for purposes of application of the Deductible.
Compliance Measures
7.Companies must establish appropriate internal controls and procedures to ensure and monitor compliance with this Regulation and any related laws and regulations. In case the company contracts with other parties, it must ensure the compliance of all contracted parties with the provisions of this Regulation and any related laws and regulations.
8.Companies must maintain adequate records to demonstrate compliance with this Regulation and with any related laws and regulations, including but not limited to the Company's code of corporate governance, remuneration policy, code of ethics, disclosure policies and procedures, terms of reference for the Board and its committees, organizational charts, charters of control functions, detailed job descriptions of managers, minutes of the meeting of the Board of Directors and its committees, minutes of the general assembly meetings, and internal and external Board communications.
Non-Compliance
9.Non-compliance with the requirements set forth in this Regulation will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and the licensing conditions and may expose violating Companies to enforcement actions.
Third Compliance Measures
- The company must establish appropriate internal controls and procedures to ensure and monitor compliance with this regulation and any related laws. In case the company contracts with other parties, it must ensure the compliance of all parties with the provisions of this regulation and any related laws.
- The company must maintain adequate records to demonstrate compliance with this regulation and any related laws, including—but not limited to—online activities business plan, outsourcing contracts to external parties, website hosting contracts.
- The company must publish this regulation, along with all any related laws and regulations on its website.
- The company must comply with the provisions of this regulation within 6 months from the date of issuance of this regulation.
Article Four Exclusions
The insurance coverage of the Policy does not include the following:
- Any Medical Malpractice from the Insured who does not hold a valid and proper license during the Policy period.
- The Deductible(s) stated in the Policy Schedule
- Any Medical Malpractice, Claim or Lawsuit instituted outside of the Kingdom of Saudi Arabia
- Any Claim arising out of a specific liability assumed by the Insured under contract which goes beyond the duty to use such skill and care as is usual in the exercise of the Insured’ activities stated in the registration card issued by the component authority and/or job contract.
Any claim arising out of Medical Malpractice occurred :
A) Prior to inception date of the Policy stated in the Policy Schedule if Compulsory or Additional Retroactive Insurance is not applicable.
B) Prior to Retroactive Insurance Date stated in the Policy Schedule if Compulsory or Additional Retroactive Insurance is applicable.
- Any Claim arising out of the manufacture of any Products, or the construction, alteration, repair, repacking, servicing or treating of any Products sold, supplied or distributed by the Insured, or any Claim arising out of the failure of any product to fulfil the purpose for which it was designed, or to perform as specified, warranted or guaranteed.
- Any Medical Malpractice occurred during the performance of experiments, or academic research, or the prescription of drugs or medicines or use of drugs or medicines for the purposes of clinical trials, or for testing the effectiveness or otherwise of such drugs or medicines.
- Any Medical Malpractice arising out of the performance of general anesthesia unless performed by anesthesia specialist / consultant.
Any Medical Malpractice directly or indirectly caused by or contributed to:
a. Any act in violation of any Saudi laws or regulations, any fines, penalties, punitive or exemplary damages.
b. Any dishonest, fraudulent or criminal act or willful misconduct of the Insured.
c. The performance of the activities of the Insured whilst under the influence of alcohol, drugs, or medical medications that are not medically permitted to perform duties after taking them.
- Any Claim directly or indirectly caused by, or contributed to by, or arising from ionizing radiation(s) or contamination by radioactivity from any nuclear fuel or from any nuclear waste from the combustion of nuclear fuel or from the radioactive, toxic, explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof. However, this exclusion does not apply to the use of radioactive substances or radiation as far as they are only needed for customary medical treatment or examination , provided that it is kept and used with the usual standard precautions for these hazardous substances.
- Any Claim arising out of war, invasion, acts of foreign enemies, hostilities, (whether war be declared or not), civil war, rebellion, revolution, insurrection, mutiny, civil commotion, military or usurped power, riot, strike, lockout, military popular uprising or confiscation or nationalization or requisition or destruction of or damage to property by, or under the order of, any government or public or local authority.
- Any Medical Malpractice arising out of the performance of procedures or operations for non- emergency case in a place medically unqualified -except home medical visits and telehealth care- subject to adherence of the component authorities’ standards & regulations
- Claims arising from the patient's dissatisfaction in the results of plastic/aesthetic surgery and/or silicon implants due to the lack of improvement in his/her aesthetic appearance.
- The procedures of blood banks except where these are purely providing blood or blood products for any medical procedures undertaken by the Insured.
- Any Claims arising out of possession, application, use, handling, or maintenance of asbestos or asbestos containing products.
- Any Medical Malpractice during abortions, unless in compliance with competent authorities.
- Genetic damages/manipulation.
Article Four Exclusions
The insurance coverage of the Policy does not include the following:
1. Any Professional Failure that goes beyond the scope of the Professional Services defined in the Policy.
2. The Deductible(s) stated in the Policy Schedule.
3. Any Known Claim arising from Professional Failure occurred prior to the inception date of the coverage or the retroactive date.
4. Any Claim /suitcase brought outside the Kingdom of Saudi Arabia.
5. Any Claim related to material damage or bodily injury/death or consequential losses.
6. Any fines, penalties, punitive or exemplary damages imposed on the Auditor.
7. Cyber Attacks.
8. Liability of the Directors and officers of the Insured other than the Professional services.
Policy Exclusions
This Policy does not cover the cost of repairing, replacing and/or strengthening the Premises following any physical damage or threat of imminent collapse caused by, arising from or consequent upon:
1. Alterations of Geological Conditions
Including but not limited to changes of the groundwater level or flow, whether due to a natural event or man-made, suffered after the date of issue of the Occupancy Certificate.
2. Capital Appreciation Taxes and Similar Charges
The amount of any tax, duty, charge, rate or levy arising out of capital appreciation;
3. Certificate of Approval Reservation
Any matter notified to the Insurer by the Technical Inspection Service and referred to as a reservation in the Certificate of Approval or recorded in the Occupancy Certificate unless subsequently rectified and approved in writing by the Insurer;
4. Deductible
5. Other Perils
Fire, lightning, explosion, earthquake, storm, tempest, flood, frost, bursting or overflowing of water tanks, pipes or other apparatus, water discharged or leaking from an automatic sprinkler installation, pressure waves caused by aircraft or other aerial devices travelling at sonicor supersonic speeds or the impact of aircraft or other aerial devices or Articles dropped or falling therefrom.
6. Failure or Omission to Repair
The failure or omission of the Insured to commence or substantially undertake the repair, replacement or strengthening of the Premises for which indemnity is provided under this Policy within the period agreed in writing with the Insurer.
7. Economic Loss
Any direct or indirect economic loss, such as loss of enjoyment, use, income, business opportunity, inconvenience, distress or any other indirect or economic loss of any kind or description whatsoever other than as provided elsewhere in this Policy. Any consequential or economic loss or damage of any kind or description whatsoever including but not limited to loss, costs, damages, expenses or penalties as a result of delay.
8. Fungi, Insect, Animal or Vermin Damage
Any cost or expense incurred to clean up, remove or remediate, or any cost or expense incurred to test for, monitor or assess the existence concentration of effects of fungi, insect, animal or vermin damage.
9. Maintenance or Use
Inadequate maintenance or abnormal use of the Premises or the imposition of any load greater than that for which the structure of the Premises was designed or the use of the Premises for any purpose other than that for which they were intended and as stated in the Schedule.
10. Non-Structural Works, Equipment, Fixtures and Fittings, and External Works
Any fault, defect, error or omission in the design, workmanship, or materials of any of the following:
a. Non Structural Works
b. Equipment, Fittings and Fixtures.
c. External Works.
11. Radioactivity
Ionizing radiation or contamination by radioactivity from any nuclear waste or from the combustion of nuclear fuel or the radioactive toxic explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof;12. Structural Changes
Any structural alterations, repairs, modifications or additions to the Premises during the Period of Insurance unless the Insurer has been informed, the Policy endorsed, and any appropriate additional premium paid to the Insurer;
13. War and other Hostilities / Terrorism Including:
a. War, invasion, act of foreign enemy, hostilities (whether war be declared or not), civil war, rebellion, revolution, insurrection, mutiny, riot, strike, lock-out, civil commotion, military or usurped power, acts of a group of malicious persons or persons acting on behalf of or in connection with any political organization, conspiracy, confiscation, commandeering, requisition or destruction of or Damage to property.
b. Any act of terrorism For the purpose of this exclusion an act of terrorism means an act, including but not limited to the use of force or violence and/or the threat thereof, of any person or group(s) of persons, whether acting alone or on behalf of or in connection with any organization(s) or government(s), committed for political, religious, ideological or similar purposes including the intention to influence any government and/or to put the public, or any section of the public, in fear.
This exclusion also excludes damage cost or expense of whatsoever nature directly or indirectly caused by, resulting from or in connection with any action taken in controlling, preventing, suppressing or in any way relating to (a) and/or (b) above. If the Insurer alleges that by reason of this exclusion, any damage, cost or expense is not covered by this Policy the burden of proving the contrary shall be upon the Insured. In the event any portion of this exclusion is found to be invalid or unenforceable, the remainder shall remain in full force and effect.
14. Wear and Tear or Discoloration Including:
a. Wear and tear or other gradual deterioration;
b. Erosion;
c. Any change in color, texture, opacity or staining or superficial deterioration or marring of finishings or surface appearance or ageing processes;
d. Natural shrinkage, distortion, or other gradually developing condition, unless caused by an otherwise indemnifiable claim.
15. Willful Acts or Omissions of the Insured
16. Corrosion
Corrosion or oxidation of structural steel elements, rebars, pre-stressing or post-tensioning bars caused by:
a. Attacks of contaminates such as but not limitedto chlorides, sulphates, marine salts in seawater, spray or vapour, de-icing salts, or
b. An aggressive environment such as but not limited to high humidity, polluted atmospheres or aggressive soil
17. Insured’s Professional Advisors or Contractors responsibility
Defects which are the responsibility of the insured’s professional advisors or Contractors whether within the terms of the Building Contract or otherwise identified and notified to the Insured before issue of the Occupancy Certificate unless subsequently rectified and approved in writing by the Insurer;
18. Subsidence, heave or landslip unless due to an Inherent Defect.
19. Faulty or deficient Waterproofing
Faulty or deficient Waterproofing in those parts of the Premises below ground level. Unless this cover is requested by the owner of the Premises
20. Liability for personal injury or bodily injury.
21. Landscaping, including but not limited tovegetation and seeds.
Fourth Non-Compliance
- Non-compliance with the requirements set forth in this regulation will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and licensing conditions and may subject Companies to enforcement action.
Article Five Notifications & Claims Settlements
1- Notification
A- In case of any accident or circumstance that may give rise to an admissible Claim, the Insured must notify the Company as soon as possible, provided that notification shall be during the Policy period based on the provisions of the Extended Reporting Period stated in this Policy and the Policy Schedule.
B- The Insured shall notify the Company –from the date of knowledge- in any of the cases below:
- The receipt of notice from any person of an intention to hold the Insured responsible for any Medical Malpractice; or
- Any conduct or circumstance which is likely to give rise to a Claim for Medical Malpractice being made against the Insured.
- Every Claim, summons, or warrant.
Any change in Material Fact.
2- Claims Settlement:
A. Defense Costs:
1- The Company has the right to defend and to appoint a lawyer for the Insured in any lawsuit arising out of Medical Malpractice covered by the Policy. And the Insured may appoint the lawyer after agreeing with the Company; whereas the Company shall bear the Defense Costs paid by the Insured.
2- The Company may sue in the name of the Insured or for its own benefit to Claim any Indemnity raising from the Policy.
3- The Company shall have the right to conduct any negotiations or proceedings on the settlement of any Claim subject to the consent of the Insured who has the right to refuse any settlement recommended by the Company or its legal representatives and elects to continue any legal procedures.
However, in such a case, the liability of the Company shall not exceed the sum of settlement proposed, in addition to the Defense Costs or other costs agreed with the Company till the date of the Insured objection on the settlement subject to the limit of insurance coverage stated in the Policy Schedule
4- The Insured shall assist and cooperate in the defense of any Claim.
B. The Company shall not be obligated to indemnify, or to continue undertaking defense of any suit or proceeding after the limit of insurance coverage stated in the Policy Schedule has been exhausted.
C. Series of Claims:
If series of Claims arising from one Medical Malpractice have been submitted, it shall be considered as one Claim, and one Deductible shall apply.
Article Five Notifications & Claims Settlements
1- Notification
A- In case of any accident or circumstance that may give a rise to an admissible Claim, the Insured must notify the Company as soon as possible, provided that a notification should be during the Policy period or based on the provisions related to the Extended Reporting Period stated in this Policy and the Policy Schedule.
B- The Insured shall notify the Company –from the date of knowledge- with any of the cases below:
1. The receipt of notice of an intention to hold the Insured responsible for any Professional Failure.
2. Any conduct or circumstance which is likely to give rise to a Claim for Professional Failure being made against the Insured.
3. Every Claim, summons, or warrant.
4. Any change in Material Fact.
2- Claims Settlement:
A. Defense Costs:
1. The Company has the right to defend and to appoint a lawyer for the Insured in any lawsuit arising from Professional Indemnity covered by the Policy. And the Insured may appoint the lawyer after agreeing with the Company; whereas the Company shall bear the Defense Costs paid by the Insured.
2. The Company may sue in the name of the Insured or for its own benefit to Claim any Indemnity raising from the Policy.
3. The Company shall have the right to conduct any negotiations or proceedings to the settlement of any Claim subject to the consent of the Insured who has the right to refuse any settlement recommended by the Company or its legal representatives and to continue any legal procedures.
However, in such a case, the liability of the Company shall not exceed the sum of settlement proposed, in addition to the Defense Costs or other costs agreed upon with the Company until the date of the objection; given that is subject to the limit of insurance coverage stated in the Policy Schedule.
4. The Insured shall assist and cooperate in the defense of any Claim.
5. The Insured has the right to acquire from the Company all information and/or documentation related to the defense, investigation, settlement of any Claim and/or investigation in any circumstances.
B. The Company shall not be obligated to Indemnify, or to continue undertaking defense of any suit or proceeding after the limit of insurance coverage stated in the Policy Schedule has been depleted.
C. Series of Claims:
If series of Claims arising from one Professional Failure have been submitted, it shall be considered as one Claim, and one time Deductible shall apply.
General Conditions
1. Duties of the Insured
The Insured will:
a. Supply the Insurer with a copy of the Occupancy Certificate once issued.
b. At their own expense, or through occupiers of the Premises, take all reasonable precautions to prevent physical damage or threat of collapse to the Premises and shall comply with any law and regulations which relate to the Premises.
2. Premium Calculation and Payments
a. Deposit Premium:
- The deposit premium is calculated based on the estimated Total Sum Insured as specified in the Policy Schedule.
- The Insured shall pay the deposit premium upon acceptance of the Policy, and The Insurer shall issue the Policy accordingly.
b. Final Premium:
- The final premium is calculated after the completion of constructions and issuance of the Certificate of Approval, the Insured shall provide the Insurer with the final Total Sum Insured (actual cost of the Premises constructions).
- The Insured shall pay the balance of final premium minus the deposit premium before the issuance of the Occupancy Certificate.
c. The Insured shall pay any additional premium due or for modifications applied on the Policy to the Insurer within 30 days of notification of the Insured of the amount due.
d. In case of non-payment of the premium, the Insurer may include the Contractor’s name in the records of the authority mandating Inherent Defect insurance and the entity authorized to collect and record credit information
immediately after the expiration of (30) days from the date of notification of the amount due.
3. Assignment
The Insured shall not assign this Policy without the prior written consent of the Insurer and at the same time as any permitted assignment, the Insured shall insofar as they are able to assign to the assignee of the Policy all its rights, title and interest in and to contracts in respect of the supply of materials for, design and construction of the Premises.
4. Fraudulent Acts
If any claim is fraudulent or dishonest or if any fraudulent or dishonest means or devices are used by the Insured or any person acting on behalf of the Insured in order to obtain any benefit under this Policy or if any damage is occasioned by the willful act of or with the connivance of the Insured, all benefit under this Policy will be forfeited.
5. Change in Risk
If any material change shall occur varying any of the circumstances disclosed to or known to the Insurer whether occurring before or after the date of this Policy which, had it been known to Insurer, would have influenced their acceptance of the risk or the premium at which they would have accepted it, the Insured shall immediately give notice to Insurer of such change with full particulars thereof and the Insurer shall have the right to vary the insurance premium in accordance with this change of risk.
6. Misdescription, Error or Omission
All benefits under this Policy will be voidable in the event of misrepresentation, misdescription, error, omission or non-disclosure by or on behalf of the Insured with intention to defraud.
7. Total Sum Insured Alteration
The Insured may at any time during the Period of Insurance, request an increase in the Total Sum Insured by written application to the Insurer and if the increase is accepted, cover will commence upon payment to the Insurer of such additional premium as they may require. Before agreeing to such increase, the Insurer has the right to request the Insured to arrange an examination of the Premises by the Technical Inspection Service at the expense of the Insured.
8. Insurance of Deductible
No insurance may be contracted by the Insured to cover the amount or part of the amount of the Deductible.
9. Law and Jurisdiction
Any dispute that arises concerning this Policy shall be subject to laws and regulations in force in the Kingdom of Saudi Arabia and shall be settled by the Committees for Resolution of Insurance Disputes and Violations, as set forth under Article 20 of the Cooperative Insurance Companies Control Law.
10. Surplus Distribution
The Insurer will comply with distribution of surplus provisions provided in the Implementing Regulation of Cooperative Insurance Companies Control Law between policyholders and shareholders or in accordance with rules, regulations and instructions issued by SAMA.
11. Actual Full Rebuilding Cost of the Premises(Actual Total Sum insured) Deviating from the Estimated Full Rebuilding Cost of the Premises(provisional Total Sum insured):
a. Both the actual and provisional Total Sum Insured must be as per Building Contract value.
b. At any time before the Date of Inception, the insurer has to clarify to the Insured that the actual full rebuilding cost of the Premises at the Date of Inception may deviate from the estimated full rebuilding cost of the Premises.
c. The Insured shall after the completion of Premises constructions and before issuance of Occupancy Certificate, notify the Insurer of the actual full rebuilding cost of the Premises and the reasons of its increase or decrease by providing full documents on such deviation. Coverage will begin on express written confirmation and on terms and conditions agreed by Insurer.
12. Waterproofing & Period of Waterproofing Coverage
a. This coverage does not indemnify the Insured in respect of any defects or deficiencies in waterproofing first discovered during the (12) Months period after the Date of Inception.
b. The Insurer indemnifies the Insured against the cost of:
1. Repairing or replacing that part of the Waterproofing of the roof and/or the external walls of the Premises damaged by an inherent Defect in such Waterproofing;
2. Repairing or replacing those parts of the Premises damaged as a result of an Inherent Defect in the Waterproofing of the roof and/or the external walls.
c. Provided that such Inherent Defect is first discovered and notified to the Insurer during the Period of Waterproofing Insurance.
d. Inspections have been carried out during the period of construction and during the period of execution of the Waterproofing works and (12) months after the Date of Inception and that Insurer has received a supplementary Certificate of Approval from the Technical Inspection Service following such inspections. If the Certificate of Approval issued (12) months after the Date of Inception is not unqualified, the Insurer may review the Insurance premium or delay the beginning of the Period of Waterproofing Coverage.
Article Six Extended Reporting Period
1. The Company must offer the Insured the benefit of Extended Reporting Period and explain its importance specially in the following cases:-
A. Retirement of the Insured
B. Expiry or termination of the Insured’s license
C. Expiry or termination of the Insured’s contract with medical service providers.
D. Cancellation of the policy.
2. In case the Extended Reporting Period has been added and the Insured concludes the policy with new Company without interruption exceeding 2 months, the Company who issued the policy including Extended Reporting Period is responsible for Indemnity provided that Medical Malpractice has been occurred within the policy period of the Company who issued the policy with the benefit.
Article Six Extended Reporting Period
1. The Company must offer the Insured the benefit of Extended Reporting Period for a period no less than Six months and shall explain its importance; especially in the following cases:
A. Discontinuing or suspension the Insured from providing Professional Services.
B. Cancellation of the Policy.
C. The Insured register cancelation at the CMA.
2. In case the Extended Reporting Period benefit has been added; and the Insured concludes the Policy with a new Company, the Company who issued the policy including Extended Reporting Period is responsible for Indemnity provided that Professional Failure has occurred within the Policy period of the Company who issued the Policy with the benefit.
Claims Conditions
1. Claims Procedure
a. Upon discovery of an Inherent Defect which may give rise to a claim under this Policy or the occurrence of any damage not covered under this Policy but which may threaten the stability of the Premises, the Insured will at their own expense:
1. Notify the Insurer as soon as reasonably practical;
2. Take all necessary precautions to prevent further or any damage;
3. Within (60) days of such discovery submit in writing details of the claim.
4. Supply or to the extent this is not possible, assist in procuring all reports, certificates, plans, specifications, quantities information and assistance as may reasonably be required by the Insurer.
b. The Insured shall not be entitled to abandon any property to the Insurer, whether taken possession of by the Insurer or not.
2. Access to Premises
The Insured will allow the Insurer or their representatives to access the Premises at all reasonable times. Furthermore the Insurer and any person authorized by the Insurer may enter the Premises for the purposes of investigations related to claims without diminishing any of the Insurer’s rights under this Policy.
3. Basis of Claim Settlement:
a. In respect of an Inherent Defect causing:
1. Physical damage to the Premises, the basis of settlement of the claim shall be the cost of repairing the damage to the Premises or renewing, replacing and/or strengthening those parts of the Premises thereby directly affected to a condition substantially the same to their condition when new except insofar as it is necessary to alter the condition of the Premises to relieve the effects of the Inherent Defect directly causing the said physical damage.
2. The threat of imminent collapse, the basis of settlement of the claim shall be the costs necessarily incurred by way of remedial measures to prevent an actual collapse of the Premises within the Period of Insurance.
b. But not exceeding the Limit of Indemnity stated in the Schedule any one claim and in the aggregate.
c. The cost of any temporary and/or provisional repairs will be met by the Insurer provided their consent has been granted in writing to such repairs and that these repairs either constitute part of the final repairs or reduce the risk of further damage to the Premises.
d. The cost of any other alteration, additions and/or improvements shall not be recoverable under this Policy except as provided for in Clause 2(c) of Article (3) of the Policy.
4. Payments on Account
At the request of the Insured, the Insurer will subject to liability having been accepted and application of the Deductible provide payment on account in respect of any claim subject to compliance with the terms and conditions of the Policy. The Insured shall provide the Insurer with what may be required by the Insurer to provide such payment on account.
5. Primary Insurance
In the event of a Damage indemnified by this Policy, which is also indemnifiable either in whole or in part under any other policy or policies of insurance, effected by or on behalf of any of the parties comprising the Insured. The Insurer will indemnifythe Insured as if such other policy or policies of insurance were not in force.
6. Reinstatement of Sum Insured
The Total Sum Insured is reduced by the amount of each and every claim in excess of the Deductible from the date of first notification of each and every claim to the Insurer. The Insured has the option, subject to the agreement in writing of the Insurer, to reinstate the Total Sum Insured on payment of the appropriate additional premium.
7. Subrogation:
Any claimant under this Policy will at the request and at the expense of the Insurer, cooperate with the Insurer and issue powers of attorney enabling the Insurer to carry out the proceedings, defending and settlement procedures on behalf of the Insured, and perform all required actions to guarantee the Insurer's right to recover, from any other party, any amounts due as a result of indemnity paid by the insurer under this Policy.
Article Seven Cancelation
1. In Case the Insurance is mandatory:
The Insured and the Company shall not cancel the Policy except in the following cases:
1- The existence of an alternative Policy that covers the remaining period of the Policy to be cancelled.
2- Expiry or Termination of practitioner’s license for any reason.
2. In case the insurance is not mandatory:-
The Insured has the right to cancel the policy anytime.
In both cases the refunded premium to be calculated as follows:-
In the event of cancelation, the Company shall refund the Insured the due amount payable for the uncovered period by depositing the remaining amount to their bank account via IBAN, within three working days from the date on which the Company becomes aware of the occurrence of any of the cases mentioned above. The due amount payable to the Insured for the uncovered period is calculated by subtracting the elapsed days from the total Policy term (in days) and then dividing the result by the total Policy term. The result is then multiplied by the insurance Premium less Administrative Fees and the cost of Extended Reporting Period benefit to determine the return Premium:
(365 - elapsed days) /365 ×insurance Premium less administrative fees and the cost of Extended Reporting Period benefit( if any) = return Premium
The Company is exempted from its obligation to pay the due amount in the case that there is a Claim related to the Policy to be cancelled with a value exceeding the amount to be refunded as per the calculation formula mentioned above.
Article Seven Cancelation
The Insured and the Company shall not cancel the Policy except in the following cases:
1. The existence of an alternative Policy that covers the remaining period of the Policy to be cancelled.
2. Discontinuing or suspension of the Insured from providing Professional Services.
3. The Insured register cancelation at the CMA
In the event of cancelation, the Company shall refund the Insured the due amount payable for the uncovered period by depositing the remaining amount to their bank account via IBAN, within three working days from the date on which the Company becomes aware of the occurrence of any of the cases mentioned above. The due amount payable to the Insured for the uncovered period is calculated by subtracting the elapsed days from the total Policy term (in days) and then dividing the result by the total Policy term. The result is then multiplied by the insurance Premium less Administrative Fees and the cost of Extended Reporting Period benefit to determine the return Premium:
(365 - elapsed days) /365 × insurance Premium less administrative fees and the cost of Extended Reporting Period benefit( if any) = return Premium
The Company is exempted from its obligation to pay the due amount in the case that there is a Claim related to the Policy to be cancelled with a value exceeding the amount to be refunded as per the calculation formula mentioned above.
Cancellation
Neither the Insurer nor the Insured has the right to cancel this Policy during the Period of Insurance except in the following situations:
- A paid claim(s) up to the Limit of Indemnity stated in the Policy Schedule where the Insured did not request to apply Reinstatement as in Clause (6) of the Claims Conditions.
- Total destruction of the Premises unless caused by an Inherent Defect.
Policy Schedule
-Policy Schedule - The Standard Policy of Inherent Defects Insurance
الصيغة النموذجية لوثيقة التأمين على العيوب الخفية -جدول الوثيقة –
Policy Number:
رقم الوثيقة
XXX Policy Issue Date:
تاريخ إصدار الوثيقة
DD/MM/YYYY Insured
المؤمن له
Premises Owner
مالك المباني
[Owner Name]
[اسم المالكا
National Address of the Owner
العنوان الوطني للمالك
Contractor:
المنفذ(المقاول)
[Contractor Name]
[اسم المنفذ]
National Address of the Contractor:
العنوان الوطني للمنفذ (المقاول)
Insured Premises
المباني المؤمن عليها
Name of Project:
اسم المشروع
[Name of Project]
[اسم المشروعا
Premises Location:
موقع المباني
[Premises Location]
[موقع المباني)
Project Description and/or Use:
وصف المشروع و/أو استخداماته
[Project Description]
[وصف المشروع)
Estimated Full Rebuilding Cost of the Premises at the Policy Signing Date:
التكلفة المقدرة لإعادة بناء المباني في تاريخ توقيع الوثيقة
[Estimated Value]
[التكلفة المقدرة]
Period of Insurance
فترة التغطية التأمينية
Ten (10) years from the Date of Inception
عشرة (10) سنوات من تاريخ سريان الوثيقة
Date of Inception
تاريخ سريان الوثيقة
Estimated Date of Issue of the Occupancy Certificate:
التاريخ المتوقع لإصدار شهادة الإشغال
DD/MM/YYYY Estimated expiry date
تاريخ الانتهاء المتوقع
DD/MM/YYYY (Date of Inception and expiry date are to be adjusted by endorsement upon issuance of the Occupancy Certificate)
(تاريخ سريان الوثيقة وانتهاءها يعدلان من خلال ملحق عند إصدارشهادة الإشغال)
Sum Insured
القيمة التأمينية
Final Full Rebuilding Cost of the Premises
التكلفة النهائية لإعادة بناء المباني
[Sum Insured]
[القيمة التأمينية]
Deductible
مبلغ التحمل
For Residential Premises:
المباني السكنية
5% of Claim amount with a minimum SAR 25,000 and maximum SAR 3,000,000.
%5 من مبلغ المطالبة، (25،000) ريال سعودي كحد أدني و (3،000،000) ريال سعودي كحد أقص ى.
For other non-Residential Premises:
المباني غير السكنية
0.1% of Total Sum Insured with a minimum of SAR 25 000.
%0.1 من القيمة التأمينية، (25،000) ريال سعودي كحد أدنی.
Limit of Indemnity
حدود التعويض
Physical Damage/Threat of Imminent Collapse/Waterproofing
الأضرار المادية/ التهديد بوقوع انهيار وشيك/ العزل المائي
[Limit of Indemnity]
[حدود التعويضا
Cost of Demolishing the Premises and/or the Removal of Debris
تكلفة هدم المبنى أو إزالة المخلفات
10% of claim amount
%10 من مبلغ المطالبة
Legal, professional or consultants’ fees
الرسوم القانونية أو المهنية أو الاستشارية
[xxx] Premium
الأقساط
Provisional Premium Equivalent to a Premium Rate applicable on the estimated full rebuilding cost of the Premises
القسط المتوقع ما يساوي معدل أقساط تنطبق على التكلفة المقدرة لإعادة بناء المباني
[Prov Premium]
[القسط المتوقع)
Deposit Premium equivalent to X % of the Provisional Premium:
قسط الضمان ما يعادل * % من القسط المبدئي
[Deposit Premium]
[قسط الضمانا
Final Premium is due before issuance of the Occupancy Certificate.
يستحق مبلغ القسط النهائي قبل إصدار شهادة الإشغال
Final premium is calculated based on the actual Full Rebuilding Cost of the Premises(Actual Total Sum insured)
يتم احتساب القسط الغهائي بناء على التكلفة الفعلية لإعادة البناء (القيمة التأمينية النهائية )
Technical Inspection Services Company
شركة الفاحص الفني
The following company (s) shall be appointed to carry out the Technical Inspection Service:
تعين الشركة أو الشركات الأتية للقيام بالفحص الفني
[Company Name]
[اسم الشركة]
Endorsements
الملاحق
[No]
[رقم]
[Title]
[العنوان]
[No]
[رقم]
[Title]
[العنوان]
[No]
[رقم]
[Title]
[العنوان]
For and on Behalf of the Insurance Company
لشركة التأمين ونيابةً عنها
Date
التاريخ
Place
الموقع
Signature
التوقيع
Company Seal
ختم الشركة
Article Eight General Conditions
1- The Insured obligations:
a. Maintain accurate descriptive records of all professional services used in procedures, which shall be available for inspection and use by the Company or their duly appointed representatives in so far as they pertain to any Claim hereunder.
b. Provide the Company or their duly appointed representative such information, assistance, signed statements or depositions as the Company may require within the scope of this Policy.
c. Not to claim responsibility with the intention of harming the Company, pay, undertake, or propose to pay any amount to any party harmed from the Medical Malpractice without obtaining an approval from the Company.
2- Fraud:
The Insured must provide and declare a correct statement. The rights and benefits arising from this Policy shall be forfeited if the Claim involves proven fraud or it was submitted or used false statements, or if the Insured or his representative used fraudulent approaches or methods to gain benefit from this Policy or if the liability or damage results from a deliberate act by, or collusion with, the Insured.
3- Judicial Jurisdiction and Governing law:
The Policy and any dispute that arises concerning this Policy shall be subject to the laws and regulations in force in the Kingdom of Saudi Arabia and shall be settled by the Committees for Resolution of Insurance Disputes and Violations.
جدول وثيقة الـتأمين ضد الأخطارالمهنية الطبية
Policy Schedule of Medical Malpractice Insurance
Policy issuance date
تاريخ إصدار الوثيقة
Policy Number
رقم الوثيقة
Insured
المؤمن لھ
National Address of the Insured
العنوان الوطني للمؤمن لھ
Scope of Medical Practice
مجال الممارسة الطبية
Limit of Insurance Coverage
حد التغطية التأمينية
Professions Limit any one occurrence and aggregate ( annually)
حد المسؤولية لكل واقعة وفي الإجمالي ( سنويا)
التخصصات Nurse SAR 100,000/- التمریض Technician الفنیون Medical Assistant المساعدون الصحيون Pharmacist صيادلة Physicians (Non- Surgical) SAR 300,000/- طبيب غير جراح Dentists أطباء الأسنان Surgeons SAR 500,000/- طبيب جراحة Anesthetist التخدير Obstetrician & Gynecologist النساء والولادة Pediatrician طبيب أطفال inception date of insurance coverage
تاريخ بدء سريان التغطية التأمينية
Extended Reporting Period ( if any):
تمديد مدة التبليغ عن المطالبات ( ان وجدت)
Retroactive type
نوع الأثر الرجعي
Retroactive Date ( Compulsory / Additional)
تاريخ الأثر الرجعي الالزامي/ الاضافي
Period of Insurance
مدة التغطية التأمينية
Deducible
التحمل
Premium
القسط
لشركة التأمين أو من ينوب عنها
For and on behalf of the Insurance Company
Date
التاريخ
Signature
التوقيع
Company Seal
ختم الشركة
Article Eight General Conditions
1. The Insured obligations:
a. Maintain accurate descriptive
records of all Professional Services used in conducting his/her business which shall be available for inspection and used by the Company or their duly appointed representatives in so far as they pertain to any Claim hereunder.
b. Provide the Company or their duly appointed representative with all information, assistance, signed statements or depositions as the Company may require within the scope of this Policy.
c. Not to Claim responsibility with the intention of harming the Company, pay, undertake, or propose to pay any amount to any party harmed from the Professional Failure without obtaining an approval from the Company.
2- Fraud:
The Insured must provide and declare a correct statement. The rights and benefits arising from this Policy shall be forfeited if the Claim involves proven fraud or if it is submitted or used false statements, or if the Insured or his/her representative used fraudulent approaches or methods to gain benefit from this Policy or if the liability or damage results from a deliberate act by, or collusion with, the Insured.
3- Judicial Jurisdiction and Governing law:
The Policy and any dispute that arises concerning this Policy shall be subject to the laws and regulations in force within the Kingdom of Saudi Arabia and shall be settled by the Committees for Resolution of Insurance Disputes and Violations.
Policy Schedule for Professional Indemnity for Auditors of Entities Supervised by Capital Market Authority
Policy issuance date
Policy Number
Insured name
Insured information
National
address
City
branch
National address
Head
quarter
First
branch
Second branch
Commercial
registration number
Registration number at CMA
Scope of
Professional Services
Limit of
Insurance Coverage
Minimum limit for coverage (for one Claim or multiple Claims during the period of the Policy)
Auditing fees
25,000,000 Saudi Riyal up to 10,000,000 37,500,000 Saudi Riyal more than 10,000,000 SAR to 15,000,000 50,000,000 Saudi Riyal more than 15,000,000 SAR to 20,000,000 62,500,000 Saudi Riyal more than 10,000,000 SAR to 15,000,000 75,000,000 Saudi Riyal more than 25,000,000 SAR to 30,000,000 87,500,000 Saudi Riyal more than 30,000,000 SAR to 35,000,000 100,000,000 Saudi Riyal more than 10,000,000 SAR to 15,000,000 Total auditing fees carried out by the Insured for the last
fiscal year
Estimated
Turnover for
the Insured for the current
year
Other info of turnover for
the Insured for previous years
Period of Insurance
Inception date of the insurance coverage:
from: 00/00/0000 to: 00/00/000
Retroactive Date
from: 00/00/0000
Extended
Reporting
Period (if any):
SAR....................................
SAR....................................
SAR....................................
SAR....................................
SAR.....................................
SAR.....................................
☐
☐
Additional
coverage
(limited to 10%
of the
Insurance
coverage)
Additional
coverage
(limited to 10%
of the
Insurance
coverage)
☐
☐
☐
Intellectual Property infringement Deducible
Premium
For and on behalf of the Insurance Company
Date
Signature
Company Seal
General Definitions
A. Change in gross unearned premium reserve: refers to the difference between the balance of gross unearned premium reserve at the end of the period and the balance of the gross unearned premium reserve at the beginning of the period. B. Current Reporting Period: refers to the current financial period/year unless mentioned otherwise. C. Insurance company: refers to all insurance companies. D. Gross claims incurred: refers to all claims reported to the company during the current period, including claims applicable to insurance placed directly, reinsurance accepted, and reinsurance ceded, and claims that have been incurred but not reported at the reporting date. E. Gross claim IBNR reserve: refers to the amount set aside by the insurer for claims that have been incurred but not reported at the reporting date. F. Gross claims paid: refers to all claims paid (i.e., released) directly or through reinsurance agreements, including lawyer fees, adjustment fees, and all other expenses related to settlement of claims. G. Gross earned premiums: refers to the difference between the gross written premium and the change in Gross unearned premium as of the accounting date for which it is calculated. H. Gross Outstanding claims reserve: refers to the amount set aside by the insurer for claims that have been reported but not settled. I. Unexpired risk reserve (URR): refers to a prospective assessment of the amount that needs to be set aside in order to provide for claims and costs that will result out of unexpired future periods of cover. J. Gross Unearned premium reserve: refers to the portion of premiums which is matched to a future period in accordance with the related policy risk and is unearned as of the end of the reporting period. K. Gross written premiums: refers to all premiums for insurance business accepted directly and reinsurance assumed/accepted. L. Other reserves: refers to reserves set aside by an insurance company other than those mentioned above. M. Prior Reporting Period: refers to the corresponding period from the prior calendar year. N. Protection and Savings Insurance: provides individual or group coverage for death related consequences, and permanent and partial disability with a saving/ retirement plan for an additional premium paid by the insured. 7. The remaining terms used in this Policy have the same meaning as stated in Article 1 of the Implementing Regulations of the Law on Supervision of Cooperative Insurance Companies. Article Two Scope of Application
These Rules shall apply to Insurance Aggregation Activities.
Part 2: General Provisions
- The Company’s Board must put in place and develop a code of corporate governance in accordance with this Regulation and make it available to the Company’s shareholders within three hundred and sixty (360) calendar days from the issuance date of this Regulation for licensed companies, and from the date of issuing the license for other companies. The Board must present the code to the General Assembly for
approval in the first meeting thereafter and submit a copy thereof to Saudi Central Bank within twenty-one (21) working days from the date of its approval by the General Assembly. In addition, the Board must review the Company's code of corporate governance at least on an annual basis and recommend any necessary amendments to the General Assembly. All amendments must be submitted to Saudi Central Bank within twenty-one (21) working days from the date of the amendment. - The Company must put in place a remuneration and compensation policy in accordance with this Regulation, duly approved by its Board of Directors, and submit a copy of the policy to Saudi Central Bank within one hundred and eighty (180) calendar days from the date of issuance of this Regulation for licensed companies, and from the date of issuance of license for other companies. In addition, the Board must review the Company's remuneration policy and consider any necessary amendments on an annual basis, as a minimum. All subsequent amendments thereon must be submitted to Saudi Central Bank within twenty-one (21) working days from the date of the amendment.
- The Company must put in place a code of ethics after duly approved by its Board of Directors, to ensure that the Company's activities are conducted in a fair and ethical manner. The code of ethics shall at least address the following:
- Conflict of interest
- Integrity and honesty
- Compliance with applicable laws and regulations
- Confidentiality of information
- Fair dealing
- Protection of Company’s assets
- Guidelines for ethical behavior
- Mechanism for reporting illegal or unethical behavior (i.e., whistle blowing)
- The Company shall provide Saudi Central Bank with a copy of the organizational structure approved by the Board, and any updates on it thereafter, within twenty-one (21) working days from the date it is approved by the Board.
- The Company’s Board must put in place and develop a code of corporate governance in accordance with this Regulation and make it available to the Company’s shareholders within three hundred and sixty (360) calendar days from the issuance date of this Regulation for licensed companies, and from the date of issuing the license for other companies. The Board must present the code to the General Assembly for
Part 1 General Provisions
Accountability
- The governance structure of the Company should reflect the accountability of the Senior Management to the Board and the accountability of the Board to the shareholders and other Stakeholders, through relevant internal systems and policies.
- The Board of Directors is ultimately accountable and responsible for the performance, conduct, and regulatory compliance of the Company. Delegating authority to Board committees or Senior Management shall not absolve the Board of its responsibilities. Furthermore, the Board is responsible for the performance of third parties engaged to perform jobs or manage functions.
First Business Plan
- The company must, prior to requesting Saudi Central Bank's approval for conducting online insurance activities, develop a business plan specific to the online insurance business activities. The business plan must be reviewed by the Board of Directors before being submitted to Saudi Central Bank and should include but not be limited to:
- Analysis of the forecasted volume of online insurance activities over the next 3 years.
- Analysis of the risks associated with online business and the measures that will be taken to mitigate these risks, including but not limited to adverse selection risks, money laundering, strategic risks, and potential website unauthorized access.
- Contingency plan documenting the actions to be taken in the event of a failure of one or several components of the online system, including corrective and business continuity measures, as well as the obligation to report the event to the proper authorities within the Company and Saudi Central Bank.
- The company must obtain Saudi Central Bank's written approval before adopting its online business plan. In addition, the company must obtain Saudi Central Bank's written approval on any significant amendments or modifications to the business plan and Saudi Central Bank might require a modification or change to the business plan when it sees necessary.
- The business plan of online insurance activities must be approved and set by the board of directors after obtaining Saudi Central Bank's written approval and must be reviewed annually, or when making any fundamental change to the company's strategy related to online insurance activities.
- The company must, prior to requesting Saudi Central Bank's approval for conducting online insurance activities, develop a business plan specific to the online insurance business activities. The business plan must be reviewed by the Board of Directors before being submitted to Saudi Central Bank and should include but not be limited to:
Disclosure and Transparency
16. The Board shall lay down written formal policies and procedures for disclosure, specifying, at minimum, the types of information to be disclosed, means and frequency of disclosing information, and the process to ensure the quality, adequacy, and timeliness of disclosure, in accordance with the requirements of applicable laws and regulations.
17. The Board is responsible for ensuring an appropriate level of transparency and timely and adequate disclosure of material events relating to the Company's financial situation and performance, risk exposures and risk management, and corporate governance.
18. The Company shall ensure that the disclosed information is comprehensive, meaningful, relevant, timely, consistent, reliable, and accessible by public without undue expense or delay.
19. The Board shall provide the general assembly with a report containing comprehensive and objective assessment of the Company's situation and performance, at least on an annual basis, including but not limited to the following:
a) Analytical review of the Company's financial performance during the last period
b) Key decisions made and their impact on the Company's performance and position
c) Assessment of the Company's strategy and financial position
Names of any joint stock company(ies) in which a member of thed) Company's Board is a board member
e) Any punishment, preventive restriction or penalty imposed on the company by any judiciary, supervisory or regulatory body
f) Any punishment, preventive restriction or penalty imposed on any board member by any judiciary, supervisory or regulatory body if it is related to the company
a) Assessment of potential risks and how such risks are being managed
b) Projections of future performance
20. In addition to any other applicable disclosure requirements by Saudi Central Bank or other regulatory bodies, the Company's annual report shall include the following information (regardless of order):
i) For the Board: functions, composition, names of the chairman and vice-chairman, dates of current term start and end, number of Nonexecutive Independent Board Members, number of meetings held during the period, date and attendance of each meeting, and details of remuneration for each of the Board members
j) For each Board member: name, classification (Executive, Non-Executive, or Independent), other companies in which he or she acts as a Board member, represented entity (if applicable), other positions held within the Company (if applicable)
k) For each Board committee: name of the committee, its functions, its members (classified as Chairman, Executive Board Member, Nonexecutive Non-independent Board Member, Non-executive Independent Board member, or non-Board member), number of meetings held during the period, date and attendance of each meeting, members’ remuneration for serving in the committee
l) Profiles of members of senior management (including name, position, qualifications, and experience of each senior manager)
m) Total compensation and remuneration paid to the Board members, five highest-paid members of Senior Management (the executive chairman and the financial director if they are among those highest paid members) during the period (divided into salaries, allowances, bonuses, and any other components), in addition to a description of any performance-linked incentives available for members of Senior Management
n) Ownership in the Company (direct and indirect) by Board members and members of Senior Management, and any changes of their ownership over the last year as listed in the approved shareholders' register.
o) Descriptions of transactions with any related parties, including Significant Shareholders and members of the Board and Senior Management, that took place during the period, and how such transactions are or were approved
p) Any potential cases of conflict of interest and how they were addressed
q) Names of all Significant Shareholders and their ownership in the Company
r) Results of the annual audit of the effectiveness and efficiency of the internal control system of the Company
s) Statement on the Company’s compliance with the requirements of this Regulation and with the Company’s code of corporate governance, along with the justification for any instances of noncompliance
21. The Company shall make available to its shareholders, and on the internet, its code of corporate governance and annual reports.
22. The Company shall not announce any anticipated actions that require Saudi Central Bank’s prior approval or non-objection, before obtaining the actual approval or non-objection, taking in consideration all related laws and regulations.
Second Insurance Products
- The company should submit a request to Saudi Central Bank for obtaining an approval on its insurance products that will be sold on its website, taking into consideration the Not selling any Protection and Savings Insurance policies on its website or any other website.
Fitness and Propriety
- Members of the Board, Board committees, and Senior Management shall be trustworthy and shall have the integrity, competency, knowledge, and experience to fulfill their respective roles and shall comply with all laws, regulations, and rules issued by Saudi Central Bank at all times.
- Significant Shareholders shall be of good conduct and reputation, financially sound, with no convictions related to committing any action involving moral dishonesty or contravention of laws in the Kingdom of Saudi Arabia or any other jurisdiction.
- All appointments to senior positions including as members of the Board of Directors and its committees shall be made in accordance with Saudi Central Bank's Requirements for Appointments to Senior Positions in the Financial Institutions.
- The nomination and remuneration policy followed by the Company shall have formal and rigorous standards and procedures to continuously monitor and assess the fitness and propriety of Board members, members of Board committees, members of Senior Management, in accordance with the requirements of Article (23) of this Regulation, and shall immediately notify Saudi Central Bank of any information or circumstances that may be relevant to assessment of fitness and propriety of these persons within a maximum period of (3) three business days from the day of obtaining the information or from the day of change occurrence.
- Members of the Board, Board committees, and Senior Management shall be trustworthy and shall have the integrity, competency, knowledge, and experience to fulfill their respective roles and shall comply with all laws, regulations, and rules issued by Saudi Central Bank at all times.
Third Management of the Website
- The company must establish a unit within the IT department to be in charge of the website and its operational aspects including but not limited to posting content, monitoring performance, handling customer inquiries, tracking key performance indicators, measuring the traffic of data, and handling maintenance.
- The company must obtain Saudi Central Bank's written approval before signing a contract for outsourcing the management of the website to any third party.
- After obtaining Saudi Central Bank's written approval for outsourcing the management of the website to a third party, the company must check the compliance of that party with the articles of this regulation and other related laws and regulations.
- In case of outsourcing the management of the website to a third party that approved to work in the Kingdom according to the relevant laws, the company must appoint a communication officer in charge of the relation with the third party to whom the management of the website has been outsourced. The communication officer's responsibilities include but are not limited to monitoring the content of the website, answering customer inquiries and requests, ensuring that the third party meets the conditions and standards defined in the outsourcing agreement, and ensuring compliance of the third party with the relevant laws and regulations.
Independence
- The governance structure of the company shall support independent decision making throughout the organization by, for example, establishing clear separation of duties between the Board and the Management, enhancing the independence of control functions, and controlling the risk of conflict of interest.
- The Board should leverage the services of independent external parties to provide assurance on the adequacy and effectiveness of the governance structure and processes of the Company and on other technical areas, where the Board might lack relevant expertise.
- The governance structure of the company shall support independent decision making throughout the organization by, for example, establishing clear separation of duties between the Board and the Management, enhancing the independence of control functions, and controlling the risk of conflict of interest.
Fourth Transparency and Disclosures
- The company must provide and clarify on its website the information that is necessary for customers who want to have an insurance cover through its website.
- The company must ensure that the information presented on its website is correct, accurate, clear, up-to-date, and comprehensive.
Conflict of Interest
- The Company shall take reasonable measures to identify cases of potential conflict of interest and have clear written procedures for dealing with those cases in a fair and transparent manner.
- Members of the Board and Senior Management shall not have any interest, directly or indirectly, in the Company’s business and contracts, without a prior authorization from the general assembly, to be renewed each year. The activities to be performed through general bidding, where the member is the best bidder, shall constitute an exception to this rule, subject to Saudi Central Bank's non-objection. Members of the Board and Senior Management shall notify the Board of any personal interest they may have in the business and in contracts entered into by the Company. The notification shall be noted in the minutes of the Board meeting. Board members with a personal interest in specific Company’s businesses or contracts shall not vote, neither in the general assembly nor in the Board meeting, on the resolution to be adopted with regards to their personal interests. The Chairman of the Board shall notify the general assembly, when convened, of the activities and contracts
where a member of the Board and Senior Management may have a personal interest and their amounts, and shall attach to such notification a special report prepared by the Company’s external auditors. - No member of the Board or Senior Management shall, without a prior authorization of the general assembly, to be renewed annually, participate in any activity which may likely compete with the activities of the Company, or trade in any branch of the activities carried out by the Company.
Members of the Board and Senior Management who own an interest in an Insurance Service Provider (e.g. brokers, agents, etc.) shall:
- disclose to the Board their interest in the insurance-related company, in writing, at the earliest opportunity
- never encourage or solicit dealings with the company in which they hold an interest
- refrain from voting in decisions related to dealings with the company in which they hold an interest
Additionally, the Company shall notify the general assembly, when convened, of all businesses with any insurance-related company in which a member of the Board or Senior Management has an interest, and shall attach to such notification a special report prepared by the company's external auditors.
- The Chairman shall provide the general assembly with details of insurance contracts in which members of the Board or Senior Management or their related parties have an interest, including the line of business, size, and associated losses, if any.
Fifth Security and Safety of Data
- The company must ensure the confidentiality of all information collected through its website and not disclose such information to any party without the written approval of Saudi Central Bank. And it is the responsibility of the company to establish appropriate procedures and controls to secure the confidentiality of information.
- The company commits at all times to ensure the security and safety of information provided on its website , this includes—but is not limited to— information provided to customers, information collected and stored through the company or the third party contracted by the company whether this party is responsible to connect the internet service, host, or manage the website. And the company must, in particular, ensure the protection of customers' personal information from loss or unauthorized access, this includes—but is not limited to -the use, edit or disclosure of information.
- The company must set different levels of control and supervision on insurance activities that are practiced on its website as follows:
- The company must implement the minimum required security procedures to prevent unauthorized changes to the basic content of information displayed on its website.
- The company must take additional security procedures to protect exchanged information, with customers or website visitors, from editing, theft, or unauthorized use.
- The company must implement the maximum procedures and provide up to- date techniques and IT programs to ensure the protection and safety of payments made on its website. This includes—but is not limited to—using the payment systems adopted and licensed by Saudi Central Bank for payments related to issuance or renewal of an insurance policy.
- The unit responsible for the website must supervise the design, execution, follow up, and update of the security system of the website.
- Without prejudice to Article (10/c) of this regulation and to avoid the failure of the website's system or any related part, the company must establish the appropriate procedures to face emergency or catastrophe cases. This includes—but is not limited to— keeping backup copies for all information and data displayed by the company, issued to customers, or submitted to the company's website, and setting a clear procedure to restore systems on the website in the case of damage to a part or more of the system.
- The company must ensure the confidentiality of all information collected through its website and not disclose such information to any party without the written approval of Saudi Central Bank. And it is the responsibility of the company to establish appropriate procedures and controls to secure the confidentiality of information.
Remuneration
- The Company’s articles of association shall specify the remuneration for the Chairman and Board members for their services. Board members remuneration can be modified only by the extraordinary general assembly.
The Board shall propose the remuneration package for the Board, based on the recommendations of the Nomination and Remuneration Committee, in accordance with applicable laws, regulations and rules and with the conditions set by the general assembly, subject to the approval by the general assembly.
The Company shall ensure that all written details of the proposed remuneration and considerations are accessible to the Shareholders prior to the general assembly at which the remuneration and considerations shall be put to voting.
- The Company shall have a remuneration policy, as per Article (11) of this Regulation, covering all levels and categories of employees, whether regular or contractual. The remuneration policy shall address the following at minimum:
- Objectives of the compensation scheme (with focus on promoting effective risk management and achieving financial soundness and stability of the Company)
- Structure of the compensation system (including key determinants of compensation, alignment of compensation with risk taking, etc.)
- Determinants of the mix of remuneration components (fixed and variable components; cash and noncash benefits, etc.)
- Linking compensation with performance
- The Board shall be responsible to ensure that the compensation level and structure:
- are fair
- are aligned with the Company’s objectives
- encourage prudent behaviors and does not induce taking high risk transactions to achieve short-term profits, and it complies with the Company's risk management policy approved by the Board
- do not cause any conflict of interest that might negatively impact the Company’s performance
- achieve the interests of policyholders, shareholders and the Company’s long-term objectives
- The Company shall have a performance measurement system in place to evaluate and measure the performance of its employees at various levels, in an objective and formal manner. The performance measurement of Senior Management, in particular, shall be based on the longer-term performance of the Company, and not based on only one year's performance.
- The nomination and remuneration committee shall ensure that an annual remuneration review (internally through the internal audit function or externally commissioned by a specialized firm) is conducted independently of executive management.
- The remuneration structure of employees working in control functions (such as internal audit, and compliance) shall be designed to ensure objectivity and independence of these functions. In this regard, it should be ensured that the executive management of the company is not intervening in the process of performance measurement and compensation determination of such employees.
- Members of the Board and Senior Management (except sales managers) shall not receive any commission or rewards on sales-related activities (e.g. production). Furthermore, no variable component of the compensation for members of the Board and Senior Management (except for sales managers) shall be directly based on premium volume.
Sixth Size of the Website
- The company must verify the capacity of its website to be expanded and to assimilate any additions that might arise in the future this includes—but is not limited to—capacity of the website to assimilate any increase in the number of users, and assimilate the online insurance activities resulting from sales of insurance policies, receiving claims and handling complaints.
Seventh Website Accessibility
The company's website must be accessible twenty-four hours a day during the whole year and the website's unit must monitor the website's availability.
In case the website is undergoing maintenance procedures, the website's unit must ensure that it does not exceed twenty-four hours as a maximum. In case the maintenance procedures are not finalized within the set period (i.e., twenty-four hours), the company must notify Saudi Central Bank in writing about the reasons that caused the damage to the website and specify the timeframe expected to reactivate the website.
Eighth Outsourcing the Online Insurance Activities
- The company must—after applying the procedures included in this regulation— when outsourcing online insurance activities to another party or outsourcing the development, hosting, management, or maintenance of its website or any other work related to the website, include a specific text in the outsourcing contract that obliges the other party to abide by the rules set in this regulation, the Outsourcing Regulation to Insurance and/or Reinsurance and Insurance service providers, the Market Code of Conduct Regulation and other regulations related to the content specified in Article (3) of this regulation.
- A company, wishing to sell its insurance products through a third-party website licensed to do so, must obtain Saudi Central Bank's prior written approval. The company must also verify that the third party's website meets the following conditions:
- If the same third party's website is used to sell insurance products related to other companies, each insurance product offered must be clearly linked to the company offering it.
- Include all information and statements that the company must disclose, this includes—but is not limited to—the name of the company, its address, its licensing status, the nature of its insurance activities, and the contact details of the company.
- The third party must clarify, on its website, the role it undertakes and its obligations with respect to the users such as the insured. It must also specify whether it is an agent, or a broker licensed by Saudi Central Bank.
Compliance Requirements
- The company should establish appropriate written internal controls and procedures to ensure and monitor compliance with this Policy.
- The company shall deposit the Policyholders' Surplus amounts in a separate bank account.
- The company should maintain adequate records to demonstrate compliance with this Policy.
- The financial function should be vested with the responsibility of monitoring the process of surplus distribution and review it with the external auditors prior to distribution and the internal audit function should ensure compliance with this Policy and report to the company’s Audit Committee the status of surplus distribution to policyholders.
- The company should inform policyholders who are not entitled to the distribution of surplus.
- Internal audit function should report any violation of this Policy to the company’s audit committee and provide the compliance function with a copy of the report.
- The company should ensure a proper technology and information supporting mechanism is in place to enable a transparent system of computation of surplus, which should be subject to audit and compliance review.
Article Three Purpose
The Rules set out the requirements and controls necessary for granting the license to carry out online Insurance Aggregation Activities in Saudi Arabia, in addition to the rules concerning the relationship between the Insurance Aggregator and Insurance Companies.
Part 3: Specific Provisions
Part 2 Special Provisions
Section 1: Shareholders
42.The Company shall provide shareholders with comprehensive, adequate, accurate, and timely information to enable them to exercise their rights efficiently, and ensure that all shareholders receive equitable treatment.
43.The company should enable shareholders to be briefed on the minutes of the General Assembly.
44.The Company shall take available procedures to encourage minority shareholders and non-institutional shareholders to fulfill their roles as shareholders of the Company.
45.Shareholders must be granted the opportunity to communicate their opinions and concerns to the Board and Senior Management on a regular basis (e.g. through the general assembly).
First Pre-Sale Provisions
Advertisement/ Promotion
- The company or the party for which any online activity is being outsourced must, when promoting or advertising online, abide by Articles (28) and (29) set forth in the Insurance Market Code of Conduct Regulation.
Insurance Policy Terms
- The company or the party for which any online business is outsourced must inform any person requesting an insurance cover, about the entire policy including—but not limited to—the full wording of the terms and conditions of the policy and the coverage and benefits provided by this policy.
- The company or the party for which any online activity is outsourced must abide by Article (37) set forth in the Insurance Market Code of Conduct Regulation.
Identification of the Customer
- Before selling or issuing any online policy, the company must verify the authenticity of its customers' identity and the documents submitted, and set the verification procedures appropriate for this purpose.
- Without any prejudice of the Anti-Money Laundering & Combating Terrorism Financing Regulation issued by Saudi Central Bank, the company must inform Saudi Central Bank and provide a report to the Financial Investigation Unit (FIU) in the Ministry of Interior concerning any suspicious activity through its website.
- The company must keep records of all customers' policies and identification documents, received from its website.
As indicated in Articles (20), (21) and (22) of this regulation, The company must create an electronic record for every customer and set up the following procedures and measures as a minimum to:
a Changing customers' passwords periodically.
b Requiring customers to reenter their password after specific period of not using the website.
c Verifying the accuracy of the customers' email by sending a verification (activation) link.
Section 2: Board of Directors
Second Sale Roles
Insurance Policy
- The company must issue all online insurance policies in a dated and complete version with all contents, including—but not limited to—the policy's proposal, terms and conditions, coverage limits and endorsements. In addition the company must provide the customer with a copy of the complete insurance policy through all available methods and means, and as a minimum the company must provide a soft copy in Portable Document Format (PDF) sent by email upon issuance whereby the dates of inception and expiry of the coverage are clearly stated.
- The company must ensure the customer is able to view, print and download a complete copy of the insurance policy from his account on the company's website, at any time. In case the online insurance policy requires any special program, the company must provide the necessary programs on its website.
- The company must, upon the customer's request, provide a hard copy of the insurance policy issued online signed and stamped by the company, or any other Document related to this policy, immediately from any of the company's branches or its agents' branches or by sending the requested documents by post within seven working days from the date of the customer's request.
Chairman of the Board
- The Board must choose a Non-Executive Director as Chairman of the Board, and also the Board may select a nonexecutive member as Vice-Chairman (after obtaining "no-objection" from Saudi Central Bank).
- The Board shall authorize the Chairman to organize its activities and grant him or her the necessary powers to discharge his or her responsibilities.
The Company's code of corporate governance shall define the roles and responsibilities of the Chairman.
In addition to any other regulatory or supervisory requirements and to the duties of Board members, the duties of the Chairman shall include but not be limited to the following:
- Organizing the Board's activities, including setting the agenda for Board meetings in consultation with the CEO and other Board members, presiding over Board meetings, and overseeing the process of providing the Board with information and reports
- Representing the Company before judicial bodies and supervising the relationships between the Board and internal and external parties
- Supporting the Board's efforts in promoting higher standards of corporate governance and ensuring compliance with applicable laws and regulations at all times
- The Chairman's responsibilities shall not overlap with those of the CEO. The responsibilities of the Chairman of the Board shall be restricted to his or her supervisory role and shall not extend to the executive responsibilities reserved for the CEO.
- It is prohibited to conjoin the position of the Chairman of the Board with any other executive position in the company, such as the Chief Executive Officer (CEO) or the managing director or the general manager.
- The Chairman shall ensure that the Board conducts its activities responsibly, without unduly interfering with the Company's operational activities.
- The Board can, by a majority vote of all Board members, dismiss its elected Chairman at any time.
Members of the Board
- The Board shall be of an efficient size. The number of Board members must not be more than eleven (11) or less than five (5) members on a permanent basis.
- The Board composition shall reflect sufficient representation of Nonexecutive Independent Members, and in all cases, Non-executive Independent Members shall not be less than two (2), or a third of the Board, whichever is greater.
- Members of the Board shall collectively have the appropriate diversity with respect to qualifications, knowledge, experience, and skills in the various areas of the Company's business and operations. In addition, each individual Board member must possess the appropriate level of qualifications, knowledge, experience, skills, and the integrity to effectively perform his or her role and discharge his or her responsibilities.
- A Board member shall not be a member of a board of another local insurance and/or reinsurance company, or any other board committees, or occupying a leadership position in such companies.
- The Company shall have formal and transparent policies, standards and procedures for Board nomination, which are approved by the general assembly and communicated to Saudi Central Bank.
The Board nomination process shall take into account the following:
t) Allowing sufficient time for receiving nomination proposals for Board memberships
u) Reviewing nomination proposals for Board memberships by the nomination and remuneration committee and documenting any findings and recommendations
v) Obtaining Saudi Central Bank's written non-objection prior to the appointment of any Board member
w) Providing shareholders with adequate information on the candidates' qualifications and relationships with the Company prior to voting
x) Applying the Cumulative Voting Method when voting in the general assembly for appointing Board members
- The Company must notify Saudi Central Bank when a nomination proposal for Board membership has been rejected and must specify the reasons for the rejection.
The number of Board candidates presented to the general assembly for voting shall exceed the number of available seats in order - to provide the general assembly the opportunity to select among several candidates.
The Board can engage the services of an independent specialized external party to identify additional candidates for Board membership when the number of Board candidates is insufficient.
- If the position of a Board member becomes vacant, the Board can, after obtaining Saudi Central Bank's prior written non-objection, temporarily appoint a new member to the vacant position for the remainder of his or her predecessor's term, provided that such appointment is presented for approval at the next general assembly.
- Members of the Board shall undergo an induction program once they join the Board. Each member shall be provided with a letter of appointment outlining his or her roles and responsibilities, and comprehensive information on the Company's business and strategic plans and on applicable laws and regulations.
- Members of the Board shall endeavor to educate themselves on, and be regularly updated of, regulatory developments and to undergo periodic training, as needed, on relevant areas and topics, including but not limited to corporate governance, risk management, finance, solvency, insurance, internal control, law, regulatory compliance, and any other important topics.
The code of corporate governance of the Company shall define the roles and responsibilities of Board members.
In addition to any other regulatory or supervisory requirements, the duties of the Board shall include but not be limited to the following:
- Providing strategic guidance to the Company, including setting objectives and formulating strategic plans
- Supervising the implementation of strategic plans and major transactions
- Approving key policies and procedures and regularly reviewing and updating them
- Establishing and monitoring the Company's internal control system and ensuring its adequacy and effectiveness
- Establishing and monitoring a risk management system, where risks are assessed, managed, and monitored on a continuous basis
- Selecting and changing (if needed) executives in key positions, and ensuring that the Company has an appropriate replacement policy for their replacement by an appropriate alternative with the necessary skills and eligibility for the office
- Supervising Senior Management and monitoring the Company's performance against the performance objectives set by the Board
- Ensuring the integrity of the Company's accounting and financial reporting system and the appropriateness of its disclosure process
- Ensuring that the interests of the policyholders are being protected at all times
- Promoting higher standards of corporate governance and ensuring compliance with applicable laws and regulations at all times
- The Board shall establish written policies and procedures to organize its activities in a formal and transparent manner.
- The Board shall grant the audit committee the appropriate level of authority to investigate any matter within its mandate and shall ensure that the internal audit function is autonomous and is granted full access to all the information it needs to conduct its activities. In addition, the Board should take all necessary measures to ensure the responsiveness of Senior Management to internal auditors' queries and recommendations.
- The Board is responsible for promoting a culture of good corporate governance and high ethical standards.
- All individual members of the Board shall have the same proportionate control and influence over the decisions of the Board.
- Members of the Board shall always be fully informed of the course of business and act in good faith; with due diligence; in compliance with the applicable laws and regulations; and in the best interest of the Company's shareholders, policyholders, and other Stakeholders.
- Members of the Board shall perform their duties free from any external influence, whether from within or outside the Company. Members of the Board shall not allow their own personal interest, or the interest of the parties they represent, to come before, or in conflict with, that of the Company, its shareholders, and other Stakeholders.
- Members of the Board and its committees are prohibited from disclosing to shareholders or the public any confidential information obtained as they perform their role, other than in the general assembly, and must not use such information for their own benefit and personal gain.
- The Board's meetings shall be held on a regular basis and as needed. The Board shall hold at least four (4) meetings every year and at least one every quarter.
- Non-executive members of the Board shall hold closed meetings, without the presence of Management members, at least once every year. Staff of the control functions can be invited to attend these meetings, upon the request of the non-executive members holding the meeting.
- Minutes of the Board meetings shall be recorded, signed by the Chairman and the Secretary of the Board, and entered into an official register.
- Minutes of the Board meetings shall indicate the meeting's attendance, topics discussed, major deliberations, voting process, objections and abstentions from voting (with reasons if any), decisions taken, and reservations. All records and documents reviewed during the meeting and/or referred to in the minutes shall be attached to the minutes.
- Members of the Board shall be granted unrestricted access to any relevant information regarding the Company.
- The Board shall be able to seek external independent advice, when necessary, at the Company's expense.
- The nomination and remuneration committee shall evaluate the performance of the Board (i.e. overall and individual performance) at least annually, using formal, transparent, and objective criteria.
- Membership of the Board shall be terminated upon:
- Expiration of the appointment term
- Resignation of the Board member
- Death of the Board member
- Becoming physically or mentally impaired in a way that could severely limit his or her ability to properly perform his or her role
- Being declared bankrupt or insolvent or making a settlement request with creditors or ceasing to pay debts
- Being convicted of an offence involving moral dishonesty or contravention of laws in the Kingdom of Saudi Arabia or any other jurisdiction
- Failure to fulfill the Board member's obligations in a way that harms the Company (in which case the termination of the Board member must be approved by the general assembly)
- Failing to attend three (3) meetings that were held within one year without a legitimate and acceptable reason
- Inability to continue performing their role based on any of the applicable laws and regulations in the Kingdom of Saudi Arabia
- Subject to the applicable disclosure requirements, Saudi Central Bank must be notified when a member of the Board resigns or when his or her membership is being terminated for any reason other than the end of appointment term within (5) business days from the date on which the member leaves.
- The Board is accountable to the shareholders, regulatory and supervisory bodies, and other Stakeholders.
Secretary of the Board
- The Board shall appoint a Secretary of the Board, for its term, to arrange the Board activities and provide support and assistance to Board members. The Secretary can be a member of the Board or of Company's staff.
- The Secretary of the Board shall have adequate experience and knowledge of the Company's business and activities, possess strong communication skills, and be well-informed of applicable laws and regulations and best practices in corporate governance.
The code of corporate governance of the Company shall define the roles and responsibilities of the Secretary of the Board.
In addition to any other regulatory or supervisory requirements, the Secretary of the Board of Directors shall conduct his/her responsibilities as directed by the Chairman of the Board. His/Her responsibilities include, but are not be limited to, the following: arranging meetings of the Board; in addition to ensuring the availability of appropriate means of communication for the exchange and recording of information between the Board and its committees and between members of senior management and non-executive board members; in addition to maintaining minutes of the Board meetings. The minutes are the permanent official record of the work and decisions taken by the Board and its subcommittees. The Minutes shall be accurate and shall clearly reflect all the items and topics discussed during the meetings of the Board of Directors and shall record all decisions taken and any other matters discussed at the meetings.
- The Board's minutes shall document any votes made during the meetings, including objections or abstention from voting. Any documents referred to during the meetings shall be attached and referred to in the minutes. A comprehensive statement shall be prepared containing the names of the present and absent members, and a list of committees approved and any case of abstention (if any) by any member and the reasons thereof.
- The secretary shall give advance notices, send meeting agendas with any relevant materials to Board members and ensure their delivery within a period of (10) working days prior to the meeting.
- Minutes of the meetings shall be distributed to the parties concerned within a period not exceeding fifteen (15) days. The person or entity responsible for implementing the resolutions taken shall be determined. The Board should, at the beginning of each year, set a specific timetable for receiving reports from the committees concerned and internal and external auditors, and shall ensure that the mechanism for the collection, preparation and submission of reports and data is in place and in line with the internal adopted policy. It shall also ensure the preparation of important information and its presentation to the Board on a timely basis.
- The compensation of the secretary for performing this role shall be determined by the Board.
Section 3: Board's Committees
- The Board shall establish specialized Board committees to extend its oversight into particular areas of the Company's activities, such as nomination and remuneration, audit, risk management, investment, regulatory compliance, disclosure, governance, human resource, strategic development, etc., and delegate the necessary powers to its committees and monitor their performance.
- At a minimum, the Board shall establish an executive committee, an audit committee, a nomination and remuneration committee, a risk management committee, and an investment committee.
- The Board of Directors shall approve the by-laws of all committees of the Board. Each committee should have general procedures laid down by the Board, specifying its functions, its duration, scope of its work, its powers and duties, and the mechanism through which the Board monitors its activities.
- Board committees shall operate in a manner similar to that of the Board. In particular, Articles 68, 69, 70, 71, 74, 75, 86 and 87 of this Regulation shall apply to Board committees as they apply to the Board.
- The Board shall carefully review the meeting minutes and recommendations of its committees.
- The committees shall be able to seek external professional advice, when necessary, to perform its role, at the Company's expense, after obtaining the Board's approval.
Third Post-Sale Provisions Services
- The company must, when selling any insurance policy on its website, abide by Articles (50) and (51) of the Insurance Market Code of Conduct Regulation specific to post-sale.
- The company must put in place clear procedures for the cancelation of insurance policies, issued online, through its website. The procedures must ensure the confirmation and willingness of the customer to cancel the policy. In case of cancellation of the online insurance policy due to deficiency or ambiguousness in the systems, parts, components or programs of the website, the company must reimburse the customer for any damage incurred from the policy cancellation. In the case where the customer maliciously cancels the policy, the company must prove it and provide the customer in writing with the reasons for refusing to pay any future claims related to the cancelled policy.
- The company must communicate with customers using at least two available communication means. Which include— but are not limited to—emails, recorded mail, text messages, phone, etc.
- The company must, when sending a notice or advertisement to two or more customers via email or any other communication means, verify and ensure that the notice or advertisement does not contain any personal information related to the customer, and it must ensure that none of the recipients becomes aware of the identity of any other recipient.
Once the company issues an insurance policy through its website, it must provide a particular section for after-sale services on its website. This section must include but not limited to the following services:
a Obtaining any additional type of services related to the policy in force.
b Performing any endorsement on the policy such as additions, renewals, or cancelations.
c Verifying the status of the policy (i.e., valid, expired, canceled).d Checking the date of inception and expiry of coverage.
e Checking a schedule of the dates for premiums payments.
f Checking paid premiums and the dates of payments and values.
- The company must notify the customer in advance of the upcoming expiry of the insurance policy. The notification should be done within a timespan sufficient to allow the customer to renew the policy or obtain an insurance cover from another insurance company. In addition, the notification should be done through all communication means stated in Article (41) of this regulation.
- The company must put in place necessary procedures to ensure the compliance of the cancelation process of compulsory insurance policies, through the website, with the provisions and instructions regulating the process of cancelation for this type of policies.
- The company must notify the customer through email upon expiry of the cover of an insurance policy issued online. In addition, the company must notify the customer through email of the cancelation of an insurance policy issued online, and the company must include in the notification the date and reason of cancelation.
Dealing with Claims
- The company must provide on its website to the customers or third party (harmed) electronic forms to report claims and upload copies of the claims' documents. After accepting the electronic claims form, the company must provide the applicant a reference number, and before paying the amount due through its website the company may receive original copies of the claim documentation to confirm and validate it.
Complaints
The company must, without prejudice to Articles (55) and (56) of the Insurance Market Code of conduct Regulations, provide on its website, all the information necessary for the customer or third party (harmed) to file a complaint and follow up on its status. The information must include as a minimum:
a The complaint forms.
b Contact information of the complaint handling department.
c Appropriate contacts to inquire about complaints, (e.g., emails, fax, mailing address).
d An overall description of the complaint handling procedures including estimated time to process complaints.
e The contact details of the General Secretariat of the Committee for the Resolution of Insurance Disputes and Violations.
Executive Committee
- The Board shall form an executive committee and appoint its members in accordance with the Company's articles of association and any rules issued by the general assembly.
- The code of corporate governance of the Company shall define the roles and responsibilities of the executive committee, its composition, and the rules governing its activities.
- The executive committee may be composed of executive and nonexecutive members. It shall include between three (3) to five (5) members.
- The executive committee meetings shall be held on a regular basis and as needed, such that the committee meets at least six (6) times every year.
- The executive committee reports to the Board.
Nomination and Remuneration Committee
- The Board shall form a nomination and remuneration committee and appoint its members in accordance with the rules it issues based on the proposal of the general assembly, provided that the rules shall include their terms and the committee work mechanism.
The code of corporate governance of the Company shall define the roles and responsibilities of the nomination and remuneration committee.
In addition to any other regulatory or supervisory requirements, the duties of the nomination and remuneration committee shall include but not be limited to the following:
a) Making recommendations to the Board on the nomination of Board members and Board committee members in accordance with regulatory requirements and approved policies and standards
b) Reviewing the requirement of suitable skills for membership of the Board and its committees on an annual basis and preparing descriptions of the required capabilities and qualifications for such memberships, including the time that a member should reserve for the activities of the Board and/or Board committees
c) Regularly evaluating the structure and composition of the Board and its committees and determining their points of weakness and recommending remedies
d) Assessing and monitoring the independence of Board and Board committee members and ensuring the absence of any conflict of interest, including ensuring the independence of the independent members, at least on an annual basis
e)Drawing up clear policies regarding the compensations and remunerations of members of the Board, the Board committees, and Senior Management
f) Evaluating the performance of the Board and Board committee members on a regular basis
g) Making recommendations to the Board with regards to selecting and dismissing members of Senior Management
h) Establishing a succession policy and procedures for the CEO and other key members of Senior Management and monitoring the implementation of the succession plans and process
i) Reviewing the compensation plans for members of Senior Management
j) Supervising the compensation plans for members of Senior Management
k) Making recommendations to the Board on various issues related to nomination and remuneration
- The nomination and remuneration committee shall be composed of three (3) members as a minimum, two of these must be independent members. The Chairman of the Board cannot chair this committee.
- The nomination and remuneration committee meetings shall be held on a regular basis and as needed, such that the committee meets at least twice every year.
- The nomination and remuneration committee reports to the Board.
Audit Committee
- The Board shall form an audit committee and appoint its members in accordance with the requirements of the Insurance Audit Committee Regulation issued by Saudi Central Bank. The audit committee reports to the Board.
- The code of corporate governance of the Company shall define the roles and responsibilities of the audit committee and the manner in which it discharges its responsibilities in accordance with the requirements of the Insurance Audit Committee Regulation issued by Saudi Central Bank and other applicable laws, regulations, and rules.
Risk Management Committee
- The Board shall form a risk management committee and appoint its members in accordance with the rules issued by the general assembly.
The code of corporate governance of the Company shall define the roles and responsibilities of the risk management committee.
In addition to any other regulatory or supervisory requirements, the duties of the risk management committee shall include but not be limited to the following
a) Identifying risks that may imperil the Company and maintaining an acceptable risk profile for the Company
b) Overseeing the risk management system and assessing its effectiveness
c) Defining a comprehensive risk management strategy for the Company, overseeing its implementation, and reviewing and updating it on a regular basis by taking into account developments that are internal and external to the Company
d) Reviewing risk management policies
e) Re-evaluating the Company's tolerance for, and exposure to, risk on a regular basis (e.g., through stress testing exercises).
f) Reporting to the Board details of risk exposures and recommending actions to manage them
g) Advising the Board on issues related to risk management
- The risk management committee shall be composed of at least (3) members headed by a non-executive member, its members have with an appropriate financial and risk management knowledge.
- The risk management committee reports to the Board.
Investment Committee
- The Board shall form an investment committee and appoint its members in accordance with the rules issued by the general assembly.
The code of corporate governance of the Company shall define the roles and responsibilities of the investment committee.
In addition to any other regulatory or supervisory requirements, the duties of the investment committee shall include but not be limited to the following:
a) Formulating the investment policy and reviewing its implementation on a quarterly basis
b) Reviewing the performance of each asset class
c) Monitoring the overall risks of the investment policy
d) Submitting a performance review report to the Board of Directors
e) Ensuring the compliance of all investment activities with the requirements of the Investment Regulation issued by Saudi Central Bank and any other applicable laws and regulations
- The investment committee shall be composed of at least three (3) members and in accordance to article thirty-four (34) of the Investment Regulation.
- The investment committee reports to the Board.
Section 4: Control Functions
Risk Management Function
- The risk management function is in charge of identifying, assessing, quantifying, controlling, mitigating, and monitoring the Company's risks, on a continuous basis and at an individual and aggregate level.
The code of corporate governance of the Company shall define the roles and responsibilities and structure of the risk management function.
In addition to any other regulatory or supervisory requirements, the duties of the risk management function shall include but not be limited to the following:
a) Implementing the risk management strategy
b) Monitoring the Company's risk profile
c) Developing effective risk management policies and procedures to identify, assess, quantify, control, mitigate, and monitor risks
d) Identifying emerging risks and recommending remedial actions to mitigate and control them
e) Regularly evaluating the Company's tolerance for, and exposure to, risks (e.g., through stress testing exercises)
f) Establishing a contingency plan
g) Coordinating with Senior Management to ensure the effectiveness and efficiency of the risk management system
- The risk management function shall conduct its activities in accordance with the risk management regulation and any other regulatory or supervisory requirements issued by Saudi Central Bank.
- The risk management function must be independent from the underwriting function.
- The number, knowledge, and experience of employees within the risk management function shall be commensurate with the nature, scale and complexity of the Company's business. Notwithstanding, the Company shall at least have two (2) risk management officers: one for general and health insurance and one for protection and saving insurance. Companies that write only general and health insurance, or only protection and saving insurance can have one risk management officer.
- The risk management function may report to the CEO or other senior management, the risk management officer should also report and have direct access to the risk committee without impediment.
Internal Audit Function
- The internal audit function is responsible for evaluating, and recommending actions to improve the adequacy and effectiveness of internal controls, policies, processes, and reporting procedures, and the extent of adherence to them.
- The code of corporate governance of the Company shall define the roles and responsibilities and structure of the internal audit function.
- The internal audit function is responsible for evaluating, and recommending actions to improve the adequacy and effectiveness of internal controls, policies, processes, and reporting procedures, and the extent of adherence to them.
Compliance Function
- The compliance function is responsible for monitoring the Company's compliance, at all times, with all applicable laws, regulations, and rules issued by Saudi Central Bank and other related regulatory bodies, and to take necessary actions to enhance the regulatory compliance.
The code of corporate governance of the Company shall define the roles and responsibilities and structure of the compliance function.
Section 5: Appointed Actuary
- The Appointed Actuary shall discharge his or her responsibilities as stipulated in Article (20) of the Implementing Regulations of the Law on Supervision of Cooperative Insurance Companies and in accordance with the requirements of the Actuarial Work Regulation for Insurance and Reinsurance Companies issued by Saudi Central Bank.
- The code of corporate governance of the Company shall define the roles and responsibilities of the Appointed Actuary and the manner in which he or she discharges his or her responsibilities in accordance with the requirements of the Actuarial Work Regulation for Insurance and Reinsurance Companies issued by Saudi Central Bank and other applicable laws, regulations, and rules.
Section 6: Senior Management
- The Senior Management are responsible for supervising the day-to-day activities of the Company.
The code of corporate governance of the Company shall define the roles and responsibilities, structure, and reporting lines of the Senior Management members.
In addition to any other regulatory or supervisory requirements, the duties of the Senior Management shall include but not be limited to the following:
a) Implementing the strategic plans of the Company
b) Managing the day-to-day activities
c) Setting procedures for identifying, measuring, mitigating and monitoring risks
d) Setting policies, procedures, and controls to ensure the adequacy and effectiveness of the internal control system
e) Record keeping and audit trails
f) Acting on the Board's instructions and reporting to the Board
g) Ensuring that regulatory and supervisory requirements are met to the highest extent possible
- Each Senior Management position shall have a documented and detailed job description specifying its roles and responsibilities, specifications or qualifications, reporting lines, key role interactions, authority, and authority limits.
- Members of the Senior Management must possess the skills, knowledge, and experience needed for effective and prudent management of the Company. Proof of the qualifications of senior managers shall be provided to Saudi Central Bank upon request.
- Senior Management shall provide the Board with a comprehensive overview of its performance in every board meeting at least.
- Priority shall be given to Saudis for senior management positions. Before appointing non-Saudis in senior positions, the Company shall prove the lack of available qualified Saudi personnel for the required position, in accordance with the Saudi Central Bank's Requirements for Appointments to Senior Positions in Financial Institutions, issued in July 2013.
Basis For Distribution
- As per Part (2/e) of the Article (70) of the Implementing Regulations, 10% of the net surplus from insurance operations should be distributed to the policyholders directly (“Surplus Amount”) or in the form of reduction in premium for next year. This surplus amount is separately shown in the Statement Income of Insurance Operation.
- The realized surplus is for a current reporting period (i.e. January-December), it means that only the premiums that have participated in the earnings of that financial year should qualify for surplus distribution. Such premiums are not necessarily the same as the full underwriting year’s premiums. For example, policies underwritten in the prior reporting period do not provide gross premiums but earned premiums.
- Inwards reinsurance is not entitled to surplus distribution. The gross earned premiums, after excluding the Inwards reinsurance premium, should be the basis of calculation of surplus distribution.
Article Four General Provisions
- Without prejudice to the provisions of the Law, the insurance aggregator license application shall be submitted to Saudi Central Bank in accordance with the requirements and procedures set forth in these Rules along with the instructions issued by Saudi Central Bank in this regard from time to time.
- The provisions of the Law and its Implementing Regulation, Insurance Intermediaries Regulation, Online Insurance Activities Regulation and Saudi Central Bank’s relevant rules and instructions and relevant laws and regulations issued by other authorities shall govern whatever is not provided for therein and to the extent possible.
Calculation of the Gross Earned Premiums
Obtain a listing of all individual policies that have participated in gross earned premium during the current reporting period in respect of which the distribution is being made.
The listing should include:
- Customer ID
- Policy Number
- Endorsements Certificates
- Name of Insured as stated in the Policy
- Line of Business
- Coverage Period
- Issue Date
- Gross Earned Premium
- Investment Share of Premium (Protection & Savings)
- Unearned Premium
- Gross Claims Incurred
- Outstanding Claims
- Invoice/Debit/Credit Note Number.
This listing assures that no policy or gross premium earned during the year has been missed.
- For each individual policy in the above listing, the gross earned premium in current reporting period equals to the gross written premiums in current reporting period plus the change of unearned premiums reserves (UPR) for those policies. The list also include policies written in a previous year with an unearned premium reserve at the beginning of the year.
Article Five License Requirements
1.
The applicant for insurance aggregator license shall:
a)
be a joint stock or limited liability company licensed to operate in Saudi Arabia; and
b)
have a minimum capital of:
-
Five hundred thousand Saudi Riyals (500,000) for an Insurance Aggregator only.
-
Three million Saudi Riyals (3,000,000) for an insurance broker conducting Insurance Aggregation Activities.
-
Saudi Central Bank shall determine the additional minimum capital required based on the insurance lines and products as specified by the applicant in the business plan referred to in subsection (2) of this article.
2.
The application shall include a specific business plan for Insurance Aggregation Activities. The plan shall, as a minimum, include the following:
a)
Insurance lines and products to be displayed on the Electronic Platform, and analysis of the volume of online insurance transactions expected over the next three years;
b)
Analysis of the risks related to web transactions and precautionary measures and actions necessary to reduce such risks, including, money laundering crimes, strategic risks and illegal access to the data; and
c)
Emergency plan that includes actions to be taken if one or more components of the Electronic Platform go down. The plan must include corrective measures to ensure business continuity and reporting mechanisms to Saudi Central Bank and the company.
3.
The application submitted to Saudi Central Bank shall include all regulatory requirements and documents required by Saudi Central Bank to examine the application.
4.
The license shall not be granted unless the applicant presents a professional liability insurance policy covering negligence, errors and omissions from an Insurance Company. The insurance coverage shall not be less than (5,000,000) five million Saudi riyals.
Calculation of Gross Claims Incurred
- For each individual policy, the gross claims incurred in current reporting period equals to the gross claim paid in current reporting period plus the outstanding claims during the current reporting period plus the portion of other reserves during the current reporting period (e.g. IBNR, URR) that are related to the individual policy.
- The other reserves for each individual policy shall be calculated as follow:
Other Reserves x ((individual gross earned premiums as calculated in Article (17) of this policy /(total gross earned premiums after excluding the Inwards reinsurance premium))
Article Six Licensing phases
Insurance aggregator’s license shall be granted as follows:
Phase one: Submit the application to Saudi Central Bank in accordance with the procedures set forth in the Implementing Regulation of the Law and the instructions issued by Saudi Central Bank in this regard. Phase two: Subject to the fulfilment of the requirements referred to in Article (5) “License Requirements”, the applicant may be provided with Saudi Central Bank’s initial non- objection . Phase three: Upon receiving Saudi Central Bank’s initial non-objection, the applicant shall link with at least (5) Insurance Companies within (60) business days from the date of the initial non-objection issuance. Phase four: The applicant shall launch the pilot Electronic Platform within a period specified by Saudi Central Bank. Phase five: Upon verification of the applicant’s compliance with the requirements set forth herein, Saudi Central Bank shall issue the insurance aggregator license. Surplus Eligibility
- For each individual policy, the company should calculate the ratio of the gross claims incurred over the gross earned premiums. The company should eliminate policies with ratio of 70% or above.
- Individual policies, where the ratio is greater than the specified percentage (e.g. 70%), should be excluded from distribution surplus calculation without combining them with other policies for other lines of business that one client may be having in his name. However, subject to practicality, if a client buys a number of separate policies to cover a number of similar risks in the same line of business, all such policies in the name of the same client should be combined to arrive at the ratio for determining the surplus eligibility.
- The company should eliminate all policies that were cancelled during the current reporting period.
- The company should eliminate fronting policies, which an insurance company acts as the insurer of record by issuing a policy, but then passes the entire risk to a reinsurer in exchange for a commission. For the purpose of this Policy, any issued policy with retained risks of 1% or less of the sum insured is considered a fronting policy.
- The company then should eliminate policies, where the policyholders are not entitled to the surplus distribution.
- The resulting list, after elimination of excluded policies indicated, contains all policies that are eligible for the distribution of the surplus amount for the current reporting period.
Article Seven Technical Requirements for Linking with Insurance Companies
7.1
The Insurance Aggregator shall improve and operate the Electronic Platform to carry out Insurance Aggregation Activities and develop standard technical interfaces through Web Services to ensure the following:
a)
Exchange of information and electronic communication with the Insurance Companies' technical systems in order to exchange basic client information with Insurance Companies.
b)
Enable companies to assess insured risks.
c)
Provide the client with insurance quotes online, the payment method and procedures and policy information once issued by the Insurance Company.
d)
Perform any operations required by Insurance Aggregation Activities.
7.2
Insurance requests, offers and policies shall be submitted, received and issued instantly through the Web Services “API” linked between the Electronic Platform and the technical systems of the Insurance Companies.
7.3
Prior to linking with an Insurance Company the Insurance Aggregator shall ensure that the Insurance Company’s IT infrastructure is ready and equipped to allow information exchange and electronic communication through the web services and Electronic Platform, as per the communication mechanism agreed on and set forth in Paragraph (7.1) above.
Distribution Scheme Per Policy
All policies that are identified as ineligible according to the Articles mentioned in Surplus Eligibility Section should be excluded from the policyholders' surplus distribution. The total gross earned premiums of all eligible policies after excluding the Inwards reinsurance premium will be the base on which the policyholders’ surplus (“Surplus Amount”) will be distributed.
The share of surplus for each eligible policy shall be based on the ’contribution’ of such eligible policies. The Contribution from an eligible policy shall be calculated as:
(Gross Earned Premium less Gross Incurred Claim)
- Then, the share of the eligible individual policy in the surplus amount will be calculated by multiplying Contribution per Eligible Policy multiplied by Total Share Surplus and divided by Total Contribution from all Eligible Policies.
- Where a client holds a number of participating policies, a statement should be prepared for his total entitlement, summarizing the entitlement from individual policies held by that Client.
Article Eight Obligations to Ensure Accuracy and Protection of Information Provided
8.1
The Insurance Aggregator shall ensure the validity and accuracy of the insurance offers and establish the necessary validation procedures.
8.2
The Insurance Aggregator shall verify the identity of the client, ensure the validity of the information and documents provided by the Client online, through the use of documents, data or information are obtained from reliable and independent sources before providing them to Insurance Companies. The insurance aggregator shall be responsible for the validation. The Insurance Company may electronically verify the information and request any information using any other electronic services.
8.3
The Insurance Aggregator shall keep electronic records of client’s documents and identities obtained through its Electronic Platform.
8.4
In accordance with the instructions issued to ensure security and integrity of the information, the Insurance Aggregator shall establish an electronic record for each client and set the following procedures and measures, as a minimum, to protect the client record:
a.
Verify the client email address and phone number by sending an authentication link; and
b.
Develop the procedures necessary to ensure that information provided is up to date, for example, using the national address.
Article Nine Obligations of Insurance Aggregator and Insurance Company
9.1 The electronic linkage between Insurance Companies and Insurance Aggregators shall be for the purpose of conducting Insurance Aggregation Activities only and shall not be used for any other purposes. 9.2 Comply with Saudi Central Bank instructions with respect to commission rates. 9.3 Inform the clients of any matter related to the insurance process through email and text messages. 9.4 Set a mechanism to prevent fraud incidents that might occur while selling insurance products through the platform. The mechanism shall include but not limited to the following: a) The Insurance Aggregator shall not insure more than five vehicles belonging to the same insured. If the maximum number of vehicles is exceeded, the Insurance Aggregator shall notify the insurance applicant to refer to the Insurance Company’s point of sale. b) the insurance policy shall be linked with the insured’s personal data and information after verifying it through an approved, reliable and independent source; c) The national address shall be directly and automatically linked. Manual insertion of the national address shall not be allowed. The Insurance Company shall:
9.5 Offer insurance products’ prices in accordance with the approved underwriting guidelines. 9.6 Notify the Insurance Aggregator through the Electronic Platform once the insurance policy is issued, providing the Insurance Aggregator with all policy information, including the duration of the policy and coverage limits, as well as an electronically signed and dated digital copy of the insurance policy. 9.7 If disclosure of insurance policy information is required in accordance with applicable laws and regulations: a) Disclose the required information related to the insurance policies it issued. b) Ensure compliance with all legal procedures of disclosure. c) Take all necessary procedures to protect the confidentiality of such information. The Insurance Aggregator shall:
9.8 Adopt a business plan approved by a resolution of the company’s Board of Directors after obtaining Saudi Central Bank's non-objection. The plan shall be reviewed annually by the Board and Saudi Central Bank’s non-objection shall be obtained when making any material change to the strategy of the Insurance Aggregator. Moreover, Saudi Central Bank shall have the right to request an amendment to or a change of the plan, if deemed necessary. 9.9 Clarify the nature of services provided for clients through its Electronic Platform and ensure that the nature of the relation between the parties is clear. 9.10 Disclose license information to clients. 9.11 Obtain appropriate approvals and acknowledgements from the clients before using the Electronic Platform. 9.12 Provide a list of insurance companies that have been linked to through the Electronic Platform. Such list serves as a reference for clients. In addition, the Insurance Aggregator shall not participate in any marketing campaigns for companies to which the Insurance Aggregator is linked. Further, the Insurance Aggregator shall not prefer an Insurance Company to another in order to prevent any potential conflict of interest. 9.13 The Insurance Aggregator shall clarify and provide on the Electronic Platform all terms and conditions of the Electronic Platform, security instructions, payment methods, information confidentiality, other instructions pertaining to the use of the Platform and all data that must be legally disclosed. 9.14 Provide a website feature that enables the clients to upload photos and files in order for the Insurance Company to accurately price the insurance policy. 9.15 Apply Two-Factor Authentication (2FA) process to finalize the insurance policy purchase. Text message based two factor authentication shall be supported as one of the 2FA methods. The Insurance Aggregator shall also notify clients through email or text message once the insurance policy is issued.3 9.16 Disclose data of commissions received as a result of the insurance policies. 9.17 Notify clients of any fees or extra charges in exchange for any related services. 9.18 Send an email or text message to the clients with the insurance premium and the phone number of complaint management department or client service department at the Insurance Company. 9.19 Notify the clients of any changes in disclosure and conditions. 9.20 Notify the client in case the Insurance Company refuses to issue the policy or if additional documents are requested through email and text message. 9.21 Provide a feature on the Electronic Platform that enables clients to contact the Insurance Aggregator’s client service representatives directly through the platform. 9.22 Not receive any insurance premiums on behalf of the Insurance Company as such premiums shall be collected by the Insurance Company directly. 9.23 Notify the clients before the expiration of the insurance policy within reasonable time, in not less than 15 days. Payment
- Surplus payment should be made by credit note, to offset against future premium, or cheque/bank transfer sent directly to the policyholder. The surplus amount that is below S.R. 500 does not have to be send by cheque/bank transfer.
- Policyholders should have the choice to have a cash or cheque/bank transfer or seek rebate in the renewal amount(s) due.
- The client’s share of the surplus is subject to the settlement of all due premiums, irrespective of the year in which such premiums incepted and therefore could be offset against such due premiums.
- If the policyholder chooses to come to the company’s offices to collect their surplus amount even if it is below S.R. 500, the company is required to pay by form of cheque this amount within 5 working days from the date of notification.
- Surplus amount that remain unclaimed for more than 5 years will be written back to the Income Statement of Insurance Operation. If a customer makes a claim after five years, the same will be honored and charged to the Statement Income of Insurance Operation. The company will maintain the records of the surplus payable for a period of ten years. After ten years, the company must seek SAMA approval for dealing with any outstanding amounts within the Income Statement of Insurance Operation.
- The Company should inform its policyholders through short message service (SMS), email, or a formal letter about the distribution of surplus and the company's methodology to distribute the surplus amount within (15) business days from the date of annual general assembly that approved the annual financial statements.
- The distribution of surplus should be made within six months from the date of annual general assembly that approved the annual financial statements.
The company can give the surplus amount to authorized charities if the company obtains the policyholder’s written permission.
Article Ten Concluding Provisions
10.1
The Insurance Aggregator shall establish appropriate internal controls and procedures to ensure compliance with these Rules. In case of contracting with third parties to provide services related to Insurance Aggregation, the Insurance Aggregator shall ensure that all parties comply with these Rules.
10.2
The Insurance Aggregator shall keep sufficient electronic records to confirm compliance with the Rules and other relevant laws and regulations. Such records include, the business plan of Insurance Aggregation Activities and supporting documents of its implementation, outsourcing contracts and web hosting contracts.
10.3
The Insurance Aggregator shall publish these Rules and any other laws or regulations governing its business on the Electronic Platform.
10.4
Non-compliance with these Rules shall be deemed a violation of the Law and its Implementing Regulation and may subject the company to regulatory penalties.
Financial Sector’s Cyber Threat
Based on the supervisory role of the Saudi Central Bank on the financial sector, and in reference to the Cybersecurity strategy for the financial sector which aims at creating a secure and reliable financial sector that enables growth and prosperity. And taking into consideration the changes in business models of financial institutions, relying on technology in financial transactions, and attracting emerging and modern technologies.
Whereas a change has been observed in the level of Threat Landscape to the financial sector, which resulted in a rapid and noticeable development by the Advance Persistence Threat “APT” groups targeting the financial sector for different purposes on several levels such as their Tactics, Techniques, and Procedures; which requires the development of proactive detection and analysis capabilities for financial institutions to work proactively in line with the development of the threat actors.
Accordingly, the Financial Sector Cyber Threat Intelligence Principles "Principles" had been adopted, which aims to establish scientific and practical foundations for proactive detection and analysis of the cyber threats as well as enhancing the practices of financial institutions with regard to cyber threat intelligence; to take precautionary measures and feed the various technical, operational and business
departments with Threat Intelligence appropriate to the work of these departments, the Principles are divided on several levels, as follows:
- Core principles - required basis activities needed to perform planning, production and dissemination of threat intelligence.
- Strategic principles - strategic level cyber intelligence focused on the objectives, motivations and intent of threat actors.
- Operational Principles - to produce information about modus operandi, behavior and classification of the different stages of attacks (Taxonomization).
- Tactical principles - includes information about technical elements and components of cyber attacks
Accordingly, to enhance the cyber resilience of the financial sector and raise the maturity level of threat intelligence capability; The financial institutions shall be guided by these principles. In case of implementing the principles, we recommend that the stages of implementation are as following:
Conducting a gap assessment of the current status of Threat Intelligence management, compared to what is stated in the principles, with its various levels, to identify the gaps.
Develop a roadmap for full compliance with the Principles as of this circular date, according to the following periods:
Six months for core, operational and tactical principles.
Twelve months for strategic principles.
Present the prepared Roadmap to the Board of Directors, inform them of it, and obtain approval of the plan and the necessary support for its implementation.
The cyber security committee in the financial institution shall follow up the implementation of the principles and the extent of commitment to the approved plan and provide full support to solve the obstacles and challenges facing the competent teams in the financial institution; while escalating internally to the authorized person on anything that may affect or obstruct the implementation of the principles.
Provide the necessary support to the Cyber Security Department to fully implement the principles,
enhance the role of cyber threat intelligence, and ensure that they are provided with competency and trained national human resources, technological tools and appropriate training to carry out their tasks to the fullest.
If there are inquiries in this regard, you can contact the General Department of Cyber Risk Control represented by the Cybersecurity Fusion Center at the e-mail.
To be informed and complied with.
Follow-up circular - Regarding FATCA instructions if the TIN is not available for the financial account
Following up to the Central Bank Circular No. (216) dated 11/04/2021 referred to the Agreement between the Government of the Kingdom of Saudi Arabia and the Government of the United States of America issued regarding applying Foreign Account Tax Compliance Act (“FATCA”) to improve tax compliance, ratified by Royal Decree No. (M/52) dated 10/05/1438H. And reference to the updates made to the Agreement regarding the mechanism for disclosing tax figures.
Therefore, we would like to emphasize that all insurance companies subject to the provisions of the agreement must review and comply with updated instructions and apply them when submitting reports for the final period 2023 at the end of September 2024 in the event that the U.S.Tax Identification Number (TIN) is not available for the reportable account. By accessing the link below, which explains the updates to the mechanism for disclosing tax numbers in the reporting section.
Frequently Asked Questions FAQs FATCA Compliance
Compliance Legal | Internal Revenue Service
For more information, you can contact the Zakat, Tax and Customs Authority through email.
To be informed and complied with.
Follow-up circular - NCD
With regards to the Central Bank’s “SAMA” role in supervising the insurance sector in the Kingdom, and in reference to the objectives of the Cooperative Insurance Companies Control Law and its implementing regulation to protect the policyholders as well as enhancing the stability of the insurance market. Also, with reference to SAMA’s circular number (156) dated 27/06/1439 H, and Circular number (161) dated 1439/11/06. Which laid down the rules for determination of ‘No Claim Discount’ (NCD).
We inform you that all Insurance Companies, and NAJM for Insurance Services must comply with the NCD rules explained in above mentioned circulars, as well as the following:
- Maintain a Master NCD record of every policyholder and named driver as a primary reference for the deduction entitlement mechanism for all insured vehicles.
- A Master NCD record shall not be affected by any temporary reduction for NCD.
- The reduction of NCD mechanism shall be made on the following basis:
3,1 In the event of a claim: a) For a policyholder with a single insured vehicle, the reduction shall be calculated on a policy year basis. b) For a policyholder with multiple insured vehicles, the reduction shall be calculated on a calendar year basis. c) The reduction in NCD shall be made only once during a year, i.e., policy year or calendar year as per clauses (a and b) above, even if the number of claims exceed one. d) For the purposes of implementing the NCD mechanism, the claim is considered as happening in the year in which the claim is filed. 3,2 In the event of discontinuation of the insurance: a) Where the period during which a vehicle remains uninsured exceeds (30) days but is less than (180) days, Master NCD record shall not be affected. However, until the vehicle remains uninsured, all other vehicles of the policyholder will get ‘nil’ NCD. b) Where the period during which a vehicle remains uninsured exceeds (180) days, the NCD for all the vehicles shall be canceled for the current insurance year, and the Master NCD record shall be reset to ‘nil’. c) If an individual who happened to be policyholder or a named driver on a policy in the past does not appear as an insured for a period exceeding 12 months, the Master NCD record of the individual shall be set to ‘nil’. Accordingly, all companies shall implement and comply with it as of 21/02/2023.
Circular (233) Third Party VAT Compensation Mechanism
In line with SAMA's role in protecting the interests and rights of policyholders and beneficiaries of insurance services, and with reference to the Third-Party Compensation Mechanism outlined in the Unified Compulsory Motor Insurance Policy issued under Governor's Decision No. (439/93) dated 17/10/1439H, as amended by Governor's Decision No. (441/1) dated 02/01/1441H, and to ensure the fairness of the third-party compensation mechanism in accordance with the VAT-related provisions issued by the competent authorities
Insurance companies must, when settling motor vehicle claims for third parties, clarify their entitlement to compensation for the VAT amount and explain the mechanism for such compensation. They must adhere to the following when compensating:
- Compensation based on the repair costs provided by the entity responsible for assessing vehicle damage.
- Compensation for the VAT amount based on repair invoices issued in accordance with the requirements of the competent authority.
For your information and act accordingly.
Cooperative Insurance Companies Control Law
The Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003) amended by the Royal Decree No. (M30) dated 27/5/1434H (corresponding to 08/04/2013), and amended in accordance to the Royal Decree No. (M/12) dated 23/1/1443H (corresponding to 01/09/2021).
Article 1
Insurance in the Kingdom of Saudi Arabia shall be provided by insurance companies registered in the Kingdom operating in accordance with the practice of cooperative insurance in line with the provisions of the Articles of Incorporation of the National Company for Cooperative Insurance issued by Royal Decree No (M/5) dated 17/4/1405H, and not inconsistent with the provisions of Shari’ah
Article 2
Subject to the provisions of the Law of Cooperative Health Insurance issued by Royal Decree No. (M/10) dated 1/5/1420H, the Saudi Central Bank shall have the power to:
1. Receive and review incorporation requests of cooperative insurance and reinsurance companies and insurance related services providers; to assure fulfilment of requests to the licensing requirements set out by the Saudi Central Bank, and issue the initial approval in order to refer the requests to the competent authority to complete incorporation procedures.
2. Issue licenses, supervise, control, and regulate the activities of insurance and reinsurance companies and insurance-related service providers, and shall exercise its powers as stated under the provisions of this Law and its Implementing Regulation, and notably to:
a. Regulate and approve rules for investment of insurance and reinsurance premiums, and design a formula for distribution of insurance and reinsurance surplus among shareholders and policyholders, provided that separate accounts are kept for shareholders, policyholders and insurance operations.
b. Determine the sums of money required to be deposited in one of the local banks in order to practice each of the different classes of insurance.
c. Approve standard forms of insurance and reinsurance policies, and determine the minimum insurance amount for third party liability coverage, subject to the provisions of laws applicable in this regard.
d. Set rules determining the method of investing the assets of insurance and reinsurance companies.
e. Set general rules determining the assets each company shall allocate inside and outside the Kingdom, the minimum and maximum assets required for each class of insurance and the conditions that shall be observed in each class, and the minimum and maximum underwriting premiums in relation to the capital and reserves of the company.
f. Set rules protecting the rights of beneficiaries, and ensure the ability of the insurance companies to fulfil the claims and obligations.
3. Obtain fees of licenses and provided services, and such fees shall be determined by the Governor.
Article 3
1. No person in the Kingdom shall conduct insurance or reinsurance activities or provide insurance related services without obtaining the license from the Saudi Central Bank.
2. Subject to Paragraph (1) of this Article, the insurance and reinsurance company shall comply with the following:
a. The company shall be a joint-stock company.
b. The principal purpose of the company shall be to conduct insurance or reinsurance activities, and the company shall not undertake other activities unless they are necessary or complementary to its principal purpose.
3. Insurance and reinsurance companies may not submit a request for initial public offering to sell any of its stocks without obtaining the prior approval of the Saudi Central Bank, which shall set the rules for such approval.
4. Insurance companies shall not directly own insurance brokerage companies or establishments, and reinsurance companies shall not own reinsurance brokerage companies or establishments.
5. The capital of the insurance or reinsurance company shall only be amended upon approval of the Saudi Central Bank and pursuant to the provisions of the Companies Law. The Implementing Regulation shall determine the minimum paid-up capital for insurance or reinsurance company, which shall not be less than three hundred million Saudi riyals.
Article 4
The implementing regulation shall specify the insurance operations governed by this Law, and each insurance company shall specify the classes of insurance it shall provide.
Article 5
An insurance or re-insurance company - upon commencing business - may not suspend its insurance activities without the prior approval of the Saudi Central Bank. This is to ensure that insurance companies take all necessary measures to safeguard the rights of the policyholders and the investors.
Article 6
Nomination of members of the board of directors of insurance and reinsurance companies and insurance-related service providers, members of audit committees, committees emerging from the board, managers and senior positions specified by the Saudi Central Bank shall be subject to the approval of the Saudi Central Bank. The Saudi Central Bank shall set the rules of their appointment.
Article 7
The chairman of the board of directors of an insurance or re-insurance company, managing director, a member of the board of directors and general manager shall be liable, each within the limits of his authority, for the company’s violation of any of the provisions of this Law or its implementing regulation.
Article 8
The Saudi Central Bank may inspect the records and accounts of any insurance or re-insurance company through the Saudi Central Bank’s employees or auditors appointed by it, provided that the inspection be carried out at the site of the insurance or re-insurance company. In this case the employees of the company shall submit whatever is in their possession or under their authority or records, data, and documents requested from them, and disclose any information they have, relating to the company, to the employees of the Saudi Central Bank or whoever it may appoint as auditors.
Article 9
An insurance or re-insurance company may not open any branch or office inside or outside the Kingdom, agree to merge with, own any insurance or banking activity, have control thereof, or own shares of another insurance or re-insurance company without the written approval of the Saudi Central Bank.
Article 10
1. The general assembly of the insurance or reinsurance company shall annually appoint two auditing offices from among the certified accountants licensed to practice the profession in the Kingdom and shall determine their fees.
2. The auditors shall include in their annual report presented to the general assembly– in addition to the data provided for in the Companies Law– their opinion as to whether the financial statements of the company correctly reflect its true financial position on the date of the balance sheet and the results of its activities during the fiscal year which expires on that date, and as to whether the preparation, presentation and audit of these statements conform to the generally accepted accounting principles applied in the Kingdom.
3. Financial statements and the auditors’ report shall be published within three months from the date of the end of the company’s fiscal year.
Article 11
The Saudi Central Bank may at any time request any insurance or re-insurance company to submit to it– at the time and in the form it determines– any information it deems necessary to fulfill the purposes of this Law. It shall also send to the Saudi Central Bank at its request the following:
1. A statement of the revenues and expenses for each insurance class.
2. A detailed statement of the insurance activities carried out by the company during the stated period.
3. Statistical statements and general information about the activities of the company.
4. A statement of the investments of the company.
5. Any other information requested by the Saudi Central Bank.
Article 12
It is prohibited for any person who obtains any information, while carrying out any work related to the application of the provisions of this Law, to disclose or benefit from it in any way.
Article 13
All insurance and re-insurance companies shall submit to the Department of Zakat and Income Tax their zakat or tax returns, the audited financial statements and any other information or documents which the Department deems necessary for the purpose of determining the amount subject to zakat or taxation in accordance with the provisions of the Tax Law, the Zakat Collection Law and their implementing regulation and payment of the sums due, within the times specified by the Law.
Article 14
Insurance and re-insurance companies governed by this Law shall deposit in one of the local banks, a statutory deposit to the order of the Saudi Central Bank, and the implementing regulation shall determine the rules relating to this deposit.
Article 15
The insurance and re-insurance companies shall allocate a part of their annual profits, not less than 20%, as a statutory reserve, until the total reserve amounts to 100% of the capital paid.
Article 16
All insurance and re-insurance companies shall set up the required reserves for their insurance classes, and other reserves as provided for in the implementing regulation of this Law.
Article 17
All insurance and re-insurance companies governed by the provisions of this Law shall keep a separate account for each class of insurance as specified in the implementing regulation of this Law. They shall also keep records and books to record insurance policies issued by the company, names and addresses of the holders of such policies and the date of concluding each policy, its effectiveness, prices and conditions provided for in it. Any change or amendment occurring in such policies shall also be recorded in these records and books. The Saudi Central Bank may issue the decisions it deems necessary to compel insurance companies to record in the books and records any data it deems necessary to exercise its authority of control and supervision. The data contained in the records and books mentioned above may be entered in the computer in accordance with the rules and procedures provided for in the implementing regulation of the Law of Commercial Books.
Article 18
Officers of the Saudi Central Bank appointed by a decision of the Saudi Central Bank’s Governor, shall be responsible to carry out activities of inspection, supervision, and restrain of violations of the provisions of this Law or its Implementing Regulation. The responsibilities and framework of those officers shall be determined in the Implementing Regulation. At the discretion of the Governor; supporting tasks of inspection, supervision and restrain may be referred to the private sector.
Article 19
1. If the Saudi Central Bank finds that any insurance or reinsurance company or insurance-related service provider has followed a policy to which it may adversely affect its ability to fulfill its obligations, has violated professional standards, or has violated the provisions of this Law or its Implementing Regulation, the Saudi Central Bank may impose one or both of the two following penalties:
a. Fine stipulated in Article (21) of this Law.
b. Cancellation of the issued license, provided that such cancellation is supported by the committee referred to in Article (20) of this Law.
2. In addition to provisions of Sub-Paragraph (a) of Paragraph (1) of this Article, the Saudi Central Bank may take against the insurance or reinsurance company or insurance-related service provider stated in paragraph (1) of this Article any of the following actions:
a. Issue a warning.
b. Require presenting an appropriate program that explains the corrective measures to be taken.
c. Compel to stop practicing all or some activities.
d. Prevent distribution of profits to meet the solvency margin requirements.
e. Suspend the person responsible for the violation from work and suspend their powers.
f. Suspend any of the persons referred to in Article (6) of this Law from work.
g. Appoint one or more consultants to provide them with consultation regarding the management of its activities at their expense.
h. Any other action specified in the Implementing Regulation.
3. The Saudi Central Bank may, instead of imposing the penalty stipulated in Sub-Paragraph (b) of Paragraph (1) of this Article, take against the entities stated in Paragraph (1) of this Article any of the actions stipulated in Paragraph (2) of this Article.
4. The Saudi Central Bank may announce the penalties it imposes based on Paragraph (1) of this Article when they are final, and may also announce the actions taken based on Paragraph (2) of this Article as it deems necessary to protect the insureds and the stability of the insurance sector, and the Saudi Central Bank shall set the necessary rules for such announcements.
Article 20
One or more preliminary committees shall be formed by resolution of the Council of Ministers. The committee(s) shall be composed of not less than three specialized members, working full-time if possible, and at least one of them must be a regulatory consultant. The Committee members shall maintain a three-year membership subject to renewal. The committee(s) shall be responsible for:
1. Settling all disputes arising from insurance contracts, including disputes arising between insurance companies and their clients and beneficiaries of the insurance coverages, or between insurance companies and third party in case of subrogation, and disputes arising between insurance-related service providers and their clients.
2. Settling all disputes arising among insurance companies, reinsurance companies, and insurance related services providers.
3. Settling grievances filed against the penalties and actions imposed by the Saudi Central Bank in accordance with Article (19) of this Law, provided that the grievance is filed to the committee within (30) days from the date of notification of action. The committee may issue decisions awarding damages, requesting to revert to the original status or issuing any other decisions as appropriate to protect the rights of the aggrieved.
4. Looking into decision of license cancellation issued by the Saudi Central Bank.
Article 21
1. Without prejudice to any harsher punishment provided for in any other law, anyone who conduct insurance activities or insurance related service activities without a license from the Saudi Central Bank shall be punished by a fine of no more than two million Saudi riyals and imprisonment for a period not exceeding four years, or by either.
2. Subject to Paragraph (1) of this Article, anyone who violates any of the provisions of this Law shall be punished by a fine of no more than two million Saudi riyals. In case of continuation of violation, a fine of no more than (10,000) Saudi riyals shall be imposed for each day the violation continues.
3. The decision issued for the penalty to be imposed may include a statement for the publication of the summary of the decision at the expense of the violator in a local newspapers or in any other appropriate channel; depending on the type, gravity and effect of the violation committed. Decisions shall only be published after being final.
Article 22
1. An Appeal Committee shall be formed of not less than three consultants, working full-time if possible, who are specialized and knowledgeable about the jurisprudence of transactions and insurance. The Committee is responsible for looking into grievances raised by concerned parties against the rulings of the Committees set forth in Article (20) of this Law, and its decisions shall be final and not open to appeal.
2. The chairman and members of the Appeal Committee shall be appointed by a royal order. Their membership shall be for a three- year renewable term.
3. Rules and regulation governing the business of the Committees set forth in this Law and governing prosecution before these Committees shall be issued by the Council of Ministers.
4. Remuneration of members of the Committees set forth in this Law shall be determined by the Minister of Finance.
Article 23
The implementing regulation of this Law shall be issued by a decision of the Minister of Finance, shall be published within sixty days from the date of publication of this Law, and shall come into effect on the date of the enforcement of this Law.
Article 24
Subject to what is stated in Article One of this Law whatever is not provided for therein shall be governed by the Companies Law to the extent permitted by the nature of such type of companies.
Article 25
This Law shall be published in the Official Gazette and shall come into effect after ninety days from the date of its publication.
Actuarial Work Rules for Insurance
The Saudi Arabian Monetary Authority has issued these Rules according to the Governor’s decision number (441/186) dated 06/07/1441H, to replace the Actuarial Work Regulation for Insurance and/or Reinsurance Companies issued according to the Governor’s Decision number (72/437) dated 25/03/1437H, based on the powers vested to SAMA by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
Introduction and Definitions
Article 1
These Rules shall be complied with in conjunction with the Cooperative Insurance Control Law and its Implementing Regulation and SAMA’s Instructions.
Article 2
Definitions: the following terms and phrases, wherever mentioned herein, shall have the meaning assigned thereto, unless the context otherwise requires:
1. SAMA: Saudi Arabian Monetary Authority.
2. The Law: the Cooperative Insurance Companies Control Law.
3. Implementing Regulation: the Implementing Regulation of the Cooperative Insurance Companies Control Law.
4. Kingdom: the Kingdom of Saudi Arabia.
5. Rules: Actuarial Work Rules for Insurance.
6. Person: A natural person or juristic entity.
7. Insurance: Mechanism of contractually shifting burdens of pure risks by pooling them.
8. Reinsurance: Transfer of the Insured’s risk from the Insurance Company to the Reinsurance Company and to indemnify the Insurance Company by the Reinsurance Company for any payments made to the Insured policyholder against damages or loss.
9. Insurance Company: A company that accepts Insurance contracts directly from Insured(s).
10. Reinsurance Company: An Insurance or Reinsurance Company that accepts Insurance contracts from another Insurance Company.
11. Insured: A natural person or juristic entity, which has entered into an Insurance contract with an Insurance Company.
12. Beneficiary: A natural person or juristic entity, to whom the benefit(s) under the Insurance policy is assigned as a result of a covered loss.
13. Retention: The amount of risk kept by an Insurance company in its own books, in comparison with Insurance risks ceded to a Reinsurance company.
14. Technical Provisions (Reserves): Insurance liabilities i.e. the value set aside to cover expected losses arising on a book of Insurance policies and its financial obligations.
15. Company: A company conducting Insurance and/or Reinsurance activities that has been approved by SAMA to conduct such business.
16. Actuary: Person who conducts various statistical and probability theories whereby services are priced; liabilities are assessed and provisions calculated.
17. Actuarial Candidate: A natural person who either holds an actuarial degree or is actively studying for actuarial examinations set by an Actuarial Association.
18. Associate Actuary: A natural person who is qualified as an Associate member of an Actuarial Association.
19. Qualified Actuary: A natural person who is qualified as a Fellow of an Actuarial Association.
20. Appointed Actuary: The Qualified Actuary who is appointed by the Company to undertake the responsibilities specified in these Rules and the Implementing Regulation and SAMA’s instructions.
21. Actuarial Function: The department of a Company that consists of one or more Qualified Actuaries, Associate Actuaries and Actuarial Candidates and other natural persons to assist and support the actuarial work of the Company as required in these Rules.
22. Actuarial Services: The rendering of advice, recommendations, findings, and opinions by Appointed Actuaries to Companies in connection with these Rules.
23. Actuarial Services Provider: A juristic person that provides Actuarial Services in accordance with these Rules, employing Qualified Actuaries who may be permitted to act as an Appointed Actuary in accordance with these s Rules
24. Actuarial Association: An accepted association or organization by SAMA of Qualified and Associate Actuaries and Actuarial Candidates which is a member of the International Actuarial Association, admitting its members through a program of professional examinations.
25. Insurance Contract Assets and Liabilities: For the purposes of these Rules, the assets and liabilities in accordance with applicable financial reporting standards in the Kingdom.
26. Peer Review: Reviewing the work of an Appointed Actuary for the purposes of these Rules to ensure it complies with these Rules and the professional standards of the Actuarial Association of which the Appointed Actuary is a member.
27. SAMA’s Instructions: Regulations, rules, instructions and circulars issued by SAMA.
28. Senior Management: The Managing Director, Chief Executive Officer, General Manager, their deputies, Chief Financial Officer, Managers of key departments, officers of risk management, internal audit, and compliance functions, and similar positions in the financial institution, in addition to incumbents of any other positions determined by SAMA, excluding only for the purpose of these Rules, the Head of the Actuarial Function.
29. Technical Price: The price for an insurance policy determined by the Appointed Actuary using the actuarial basis applicable at the time of issuing/ renewing the policy.
Scope
Article 3
These Rules apply to Companies, their Boards of Directors and Senior Management, Appointed Actuaries or those whom are entrusted to carry out the work on their behalf, Heads and staff of Actuarial Function and Actuarial Services Providers.
Objectives
Article 4
The objectives of these Rules are to regulate the following:
1. Minimum standards for the licensing of Actuarial Services Providers.
2. Minimum standards of actuarial work within the Kingdom.
3. Minimum standards for the role and responsibilities of Appointed Actuaries, and procedures for their appointment.
4. Minimum standards for the Actuarial Function of Insurance and/or Reinsurance companies within the Kingdom, and where relevant, the Head of Actuarial Function.
5. Responsibilities of the Company, Board of Directors and Senior Management in respect of the Appointed Actuary and Actuarial Function’s work.
Compliance Measures
Article 5
In conjunction with the provisions of the Law and its Implementing Regulation, no Person shall act as an Appointed Actuary or Head of Actuarial Function or act as an Actuarial Services Provider in the Kingdom unless the Company or Actuarial Services Provider obtains SAMA’s prior statement of non-objection.
Article 6
1. Companies, Appointed Actuaries and Actuarial Service Providers must establish appropriate written internal controls and procedures to ensure and monitor their compliance with these Rules.
2. These internal controls and procedures should ensure that all required tasks are carried out and reports submitted to SAMA by prescribed deadlines.
3. This does not replace the professional standards of the Appointed Actuary’s Actuarial Association.
4. Companies, Appointed Actuaries and Actuarial Service Providers must maintain adequate records that demonstrate their compliance with these Rules.
Article 7
The records maintained by the Company to demonstrate compliance with these Rules, include but not limited to documents indicating the appointment or change of Appointed Actuaries and Heads of Actuarial Function, agreements with Appointed Actuaries clarifying their roles and responsibilities and details of qualifications and experience of Appointed Actuaries and Heads of Actuarial Function.
Licensing of Actuarial Services Providers
Article 8
An Actuarial Services Provider licensed in the Kingdom, must meet the requirements of SAMA’s Instructions before commencing activities subject to these Rules.
Article 9
If the Appointed Actuary is not licensed in the Kingdom, the Appointed Actuary has to be an employee, director or partner of an Actuarial Service Provider and the Company must provide required information to obtain SAMA’s statement of non-objection.
Article 10
All Appointed Actuaries who are not Company employees must, either;
1. Be licensed as an Actuarial Service Provider under Article (8) of these Rules or be a partner, director or employee of an Actuarial Service Provider licensed under Article (8) of these Rules, or be licensed as Qualified Actuary in the Kingdom, or;
2. Be licensed or permitted to provide services of an actuarial nature outside the Kingdom under Article (9) of these Rules.
Requirements and Procedures to Appoint and Terminate the Appointed Actuary and Minimum Requirements for the Actuarial Function within Companies
Article 11
The Appointed Actuary appointment requirements:
The Company shall, after obtaining SAMA`s statement of non-objection, appoint a Qualified Actuary to act as its Appointed Actuary who meets the requirements of these Rules and SAMA’s Instructions and has adequate experience in the types of business written by the Company, being at least a Fellow of an Actuarial Association with relevant post-qualification experience.
Article 12
A Company must take steps through its contract with its Appointed Actuary to ensure that the Company, its Board of Directors and Senior Management can consult the Appointed Actuary as needed on matters relating to his or her responsibilities in accordance with these Rules throughout the year.
Article 13
The Appointed Actuary shall not hold any position which may conflict with their role as Appointed Actuary, including a member on the Board of Directors, Senior Management or Chief Executive Officer in the Company or related Company or any other Insurance and/or Reinsurance Company in the Kingdom.
Article 14
Members of the Board of Directors and the Chief Executive Officer of the Company shall not act as the Appointed Actuary to the Company nor as a member of its Actuarial Function .
Article 15
Any non-Saudi Actuary works with a Company or Actuarial Service Provider in the Kingdom shall obtain SAMA’s statement of non-objection.
Article 16
Minimum Requirements of Actuarial Function within Companies:
The Company shall establish an Actuarial Function commensurate with the scale and complexity of its business, consisting of Actuaries and other individuals as prescribed in the Appendix (1) of Establishing the Actuarial Function within the Re/Insurance Company, to ensure compliance with SAMA's requirements in respect of Insurance Contract Assets and Liabilities, Technical Prices, monitoring the adequacy of premiums, experience studies, capital adequacy, Reinsurance and quantitative aspects of risk management, and to support actuarial works of the Company.
Article 17
The Company shall facilitate the Actuarial Function in fulfilling a significant role in a Company’s systems of financial management, risk management and internal control and take steps to ensure that the Actuarial Function is properly authorized and staffed commensurate with the sound operation of the Company and the safeguarding of the interests of its policyholders and Beneficiaries.
Article 18
For the purpose of implementing these Rules, the Appointed Actuary and Head of the Actuarial Function shall liaise with the Board of Directors, Senior Management and the Company’s internal and external auditors and direct the activities of the Actuarial Function, including providing oversight of the provision of training and professional development for the Actuarial Function.
Article 19
Procedure to Appoint and termination of an Appointed Actuary and/or Head of Actuarial Function:
Prior to seeking SAMA’s statement of non-objection to the appointment of the Appointed Actuary and Head of Actuarial Function, the Company’s Senior Management must satisfy itself that the proposed Appointed Actuary and Head of Actuarial Function are experienced in the lines of Insurance and or Reinsurance transacted by the Company, and are fit and proper and meet the requirements of SAMA’s Instructions, making a recommendation to the Board of Directors accordingly and providing SAMA with evidence that the requirements of SAMA’s Instructions are met.
Article 20
The contract between a Company and its Appointed Actuary must ensure that the Company has sufficient notice of any intention of the Appointed Actuary to terminate his or her contractual relationship with the Company through the use of an appropriate notice period in order to enable the Company to fulfil its obligations under these Rules.
Article 21
A Company must inform SAMA of any potential future change in its Appointed Actuary of which it becomes aware at least (60) calendar days ahead of such change taking effect.
Article 22
A Company shall certify to SAMA each year by a date to be set by SAMA’s Instructions that the Company have considered whether the Appointed Actuary remains a fit and proper person and has no conflicts of interest in order to hold the role of Appointed Actuary for the forthcoming calendar year.
Article 23
SAMA may require a Company to appoint an appropriately experienced Qualified Actuary who is not the Company’s Appointed Actuary or appoint an appropriately experienced Qualified Actuary directly to produce a report on specified matters on a case by case basis at the expense of the Company to which it relates.
Article 24
Termination of the Appointed Actuary:
1. A Company must inform SAMA of any resignation, dismissal, cancellation or termination of its Appointed Actuary and the reasons for this within (5) calendar days of it taking effect.
2. If the Appointed Actuary is an employee of the Company, the role of the Appointed Actuary at the Company shall end in any of the following cases:
a. Resignation or dismissal of the Appointed Actuary.
b. Cancellation or termination of the contract governing the employment the Appointed Actuary.
3. If the Appointed Actuary is not an employee of the Company the role of the Appointed Actuary shall end in any of the following cases:
a. Resignation or dismissal of the Appointed Actuary by the Actuarial Services Provider in the Kingdom of which they are a partner, director or employee. In case of dismissal SAMA shall be notified of the reason(s) for the dismissal by the Actuarial Services Provider within (5) calendar days of it taking effect, and where the Actuarial Service Provider is outside the Kingdom, the Company must notify SAMA within (5) calendar days of it taking its effect.
b. Upon the expiry, cancellation or termination of the contract governing the provision of Actuarial Services.
Article 25
If SAMA finds that an Appointed Actuary is unfit or incapable of undertaking his or her responsibilities, SAMA may notify the Company to replace the Appointed Actuary with another competent Qualified Actuary, who can better fulfil the role of the Appointed Actuary. The role of the Appointed Actuary will end if SAMA notifies the Company to replace him or her.
Article 26
If a Company becomes aware that its Appointed Actuary wishes to resign from his or her position, the Company must commence the procedures to appoint a replacement immediately, and such procedures must reasonably take into account the time required by SAMA to issue or not as the case may be a statement of non-objection for the replacement Appointed Actuary, such that at no time is the Company without an Appointed Actuary.
Article 27
In case the Company fails to appoint a replacement Qualified Actuary to act as its Appointed Actuary, SAMA shall appoint an Appointed Actuary at the Company's expense if considered appropriate on a case by case basis.
Article 28
A Company must make appropriate provisions in its contract with its Appointed Actuary such that on prior to ceasing to hold the role of the Appointed Actuary, the former Appointed Actuary must provide all information and explanations as the successor Appointed Actuary, Senior Management and Board of Directors of the Company may reasonably require, at the Company’s expense, within no more than (30) calendar days of appointment of the successor Appointed Actuary.
Article 29
Following appointment of a replacement Appointed Actuary he or she shall obtain all required information and explanations from the Company and its previous Appointed Actuary, and the Company shall take all reasonable steps to facilitate the discharge of this responsibility within no more than (30) calendar days of appointment of the replacement Appointed Actuary.
Article 30
On termination or cessation of office as Appointed Actuary, the Appointed Actuary shall notify the Board of Directors and SAMA within (10) calendar days of whether there are any disagreements or matters associated with their termination or ceasing to hold office that, in their professional opinion, SAMA and the board should be aware of.
Article 31
The Company may inform the Actuarial Association of its Appointed Actuary of any observations on the proficiency of the Appointed Actuary.
Role and Responsibilities of the Appointed Actuary
Article 32
For the purpose of providing unbiased and objective advice in accordance with these Rules, the Appointed Actuary shall act in good faith, honestly and reasonably, exercise due care and diligence and independent judgement in the best interests of the Company and its policyholders, putting the interests of the Company and its policyholders ahead of any personal interests and avoiding conflicts of interest with the exercise of his or her responsibilities.
Article 33
The Appointed Actuary shall:
1. Perform the work entrusted to them in accordance with actuarial principles and standards issued by the Actuarial Association of which they are a member and be accountable to that Actuarial Association as regards compliance with that Actuarial Association’s professional standards as well as to SAMA as regards compliance with these Rules and SAMA’s Instructions.
2. Perform their duties with honesty, integrity and competence, avoiding conflicts of interest and providing unbiased and objective advice, and shall not conceal any facts relating to the Company's financial or technical position or knowingly provide incorrect information.
3. Not disclose the Company's confidential information, or information obtained during the performance of his or her work while he or she is fulfilling his or her responsibilities or after its completion except that this disclosure is to SAMA, or an application of relevant regulations or SAMA’s Instructions.
4. Review and take responsibility for all work carried out on their behalf.
5. Keep records of their work subject to strict data confidentiality, organized according to their Actuarial Association’s professional standards. The records shall include the copies of the documents that must be provided to the Company and to SAMA, and the base data from which the documents have been derived and all supporting calculations.
6. Where the Appointed Actuary is not an employee of the Company, the records referred to in Item )5( above must be held within the Company and retained by the Company for at least ten years within the Company after the date of the report to which the records or documentation relates, and must be accessible only to the Appointed Actuary and his or her delegates, the Company and SAMA.
7. Perform Actuarial Services where competent and appropriately experienced to do so.
8. Ensure consistency of their work with applicable financial reporting standards in the Kingdom.
9. Advise on any other matters as instructed by the Board of Directors and Senior Management, provided that this does not conflict with his or her responsibilities as set out in these Rules and SAMA’s Instructions.
Article 34
In addition to the roles and responsibilities set out in these Rules, the Appointed Actuary of a Company authorized to transact Protection and Savings insurance business shall undertake the following:
1. Perform a profit test of the adequacy of premium rates at the introduction of new products and whenever it is proposed that premium rates shall be revised, and advise on Technical Prices.
2. Advise on the terms and conditions of insurance policies, including the fairness of expenses charged and investment returns allocated to policyholders.
3. Determine and ensure the adequacy of insurance contract Assets and Liabilities including Mathematical Reserves, based on appropriate experience studies.
4. Advise on the determination of the allocation of surplus, profits or bonuses to the with-profits Protection and Savings insurance policyholders.
Article 35
The Appointed Actuary shall have the right to access the board papers, accounting books and other records and documents, business plans, supporting analyses and schedules deemed necessary for the carrying out of their duties and be entitled to obtain from the Board of Directors and Senior Management of the Company the information and explanations the Appointed Actuary deems necessary, subject to appropriate controls to maintain the confidentiality of the Company’s information by the Appointed Actuary, and all those who assist the Appointed Actuary in the discharge of his or her responsibilities.
Role and Responsibilities of the Board of Directors and Senior Management as Regards the Appointed
Article 36
The Board of Directors and Senior Management of the Company must ensure that the responsibilities of the Appointed Actuary can be carried out without delay. This includes:
1. Providing the Appointed Actuary with direct access to the Board of Directors and Senior Management and internal and external auditors of the Company.
2. Providing the Appointed Actuary with access to such information and explanations as needed to comply with these Rules.
3. Responding to requests for information from the Appointed Actuary in an accurate, comprehensive and timely manner.
4. Considering and taking such actions as they consider appropriate based on the recommendations included in all reports provided by the Appointed Actuary.
5. Ensure the effectiveness, adequacy and objectivity of the Appointed Actuary, for instance, ensuring the appropriate performance of his role, and the adequacy and effectiveness of the internal procedures and systems, technical program used, and human resources.
Article 37
If the Appointed Actuary is unable to obtain such information, explanations and resources from the Board of Directors and Senior Management as they reasonably require to carry out their responsibilities the Appointed Actuary shall report the matter to SAMA if appropriate action is not taken within (10) working days of reporting such matter to the Board of Directors in writing.
Reporting by the Appointed Actuary
Article 38
The Appointed Actuary must ensure that each actuarial report they produce in accordance with these Rules and SAMA’s Instructions is clear, comprehensive and presented by him or her in a manner which adequately explains and gives sufficient prominence to issues and developments which have material implications for the Company, or the interests of its policyholders or Beneficiaries, so that another Qualified Actuary can follow the report and come to a consistent conclusion.
Article 39
Each actuarial report produced in accordance with these Rules and SAMA’s Instructions should, as a minimum:
1. Contain an executive summary setting out its results and key findings.
2. Set out in an introduction the purpose of the report, the credentials of the Appointed Actuary, and a description of the subject business and the risks this gives rise to, relevant summary information on the Company’s system of risk management, and any other relevant background information in the judgement of the Appointed Actuary.
3. Contain a clear statement that the report is made by an individual acting in a formal capacity as the Appointed Actuary.
4. State the actuarial guidance and financial reporting standards that are being followed.
5. Set out any reliances and limitations including commentary on materiality, areas of uncertainty and any restrictions that the Company or any other party has imposed that prevents full access to the information required, so that a suitably informed reader can form a view on the weight to be attached to the reported findings.
6. Any reliance on an external source should be cited.
7. Refer to the results of the previous report on the same subject matter explaining key differences from the results previously reported, including providing appropriate details of all key changes with regard to data, methodology, assumptions and results.
8. Contain an explanation of the data received and checks performed on the data to check its veracity and comprehensiveness. Any data-specific limitations should be listed.
9. Explain the approach and methodology adopted including an explanation of the choice of methodology and assumptions and an explanation of why these are considered appropriate, addressing both the subject matter of the report and its results, and any specific matters that have affected the approach to the analysis.
10. Summarize and highlight any changes to the methodology and assumptions from the previous report, and the reasons for such changes should be fully explained to supplement the summary of changes provided at (7) above.
11. Provide evidence of sufficient analysis and details of calculations (including Appendices) together with the calculations and other workings to enable a suitably informed reader to reproduce the analysis in order to check the results. These calculations should be consistent with current financial reporting standards in the Kingdom where applicable.
12. Set out results and conclusions clearly and comprehensively including any required explanations and commentary.
13. Explain the scope of the Peer Review process and the identity and credentials of the peer reviewer and their conclusions.
14. Set out a glossary of terms used that may not be clear to the reader.
15. Disclose any other relevant matters.
Article 40
The Appointed Actuary shall comply with the Peer Review requirements of their Actuarial Association in carrying out their responsibilities in accordance with these Rules and SAMA’s instructions, having satisfied themselves that the peer reviewer is independent of the subject matter to be reviewed and appropriately qualified and experienced.
Article 41
1. The Appointed Actuary must take appropriate steps to effectively engage the Board of Directors and Senior Management in the findings of his or her reports, presenting and discussing findings directly with the Board of Directors and with the Audit and/or Risk Committee and, where relevant, the Company’s internal and external auditors.
2. Communication between the Appointed Actuary and the Senior Management and Board of Directors on actuarial matters shall be timely and the method of communication must be appropriate, having regard to the purpose and significance of the subject matter.
Article 42
The Appointed Actuary must take reasonable steps to ensure that any report or communication with which he or she is associated is effective, not misleading and cannot reasonably be misinterpreted. The technical components of actuarial reports shall be presented in a manner that can be understood and acted upon by a suitably informed reader to support effective and informed decision-making by the Board of Directors and Senior Management.
Article 43
The Appointed Actuary shall report on an urgent basis (known as an Urgent Interim Report) directly to the Company’s Board of Directors and the Compliance Function in the Company in the following cases, notwithstanding that the Appointed Actuary may not have completed their analysis and investigations:
1. If there are immediate or future threats facing the Company that may significantly adversely affect it, including but not limited to the following:
a. Solvency
b. Obligations of Reinsurance Companies and the Company's obligations to its Reinsurance Companies
c. Risk Retention levels
d. Profitability of the Company's products
e. Pricing of the Company's products
f. Adequacy of Insurance contract liabilities.
2. If the Company has evidently breached the provisions of the Law and its Implementing Regulation or these Rules or SAMA’s Instructions about the Company’s financial position, Insurance Contract Assets and Liabilities (including where relevant Technical Provisions), or any matter that may affect the interests of the policyholders or the Beneficiaries of Insurance policies or future policyholders or future Beneficiaries of Insurance policies.
3. If the Company does not allow the Appointed Actuary to perform the duties and responsibilities assigned to them under the Law and its Implementing Regulation, these Rules and SAMA’s Instructions.
Article 44
The Board of Directors shall examine any Urgent Interim Report and recommend and implement corrective actions, and forward such measures and all related information on actions taken and planned to the Appointed Actuary and SAMA no later than (10) working days of receiving any Urgent Interim Report.
Article 45
If the Appointed Actuary is not reasonably satisfied with the response of the Board of Directors to any Urgent Interim Report they shall send a copy of their report to SAMA within (15) working days of its issue.
Article 46
SAMA may provide observations and questions on any actuarial reports that are submitted by an Appointed Actuary and such actuarial reports must be resubmitted to address any such observations and questions raised by SAMA.
The Appointed Actuary’s Responsibilities in Respect of the Data
Article 47
1. The Appointed Actuary must take all reasonable steps to ensure the consistency, accuracy and completeness of the data used in their analysis. All reports required by these Rules and SAMA’s instructions should contain, as a minimum, the following:
a. Confirmation that the available data allows the desired analysis to be completed in the Appointed Actuary’s professional judgement and with due regard to professional standards.
b. Disclosure of known material data limitations and their implications, and how allowance has been made for the data limitations in the results presented and analysis performed.
c. A full description of the data that was used.
d. A full description of all data validations carried out.
e. The precise period of investigation that the data is derived from must be stated.
f. Reasonableness checks against data in the most recent prior report should be described.
g. An explanation of any adjustments or filtering of the raw data, and the impact estimated.
2. An Appointed Actuary’s report shall not include caveats that seek to place full reliance on others for data quality. The Appointed Actuary shall carry out sufficient checks to satisfy himself or herself as to the results of the report presented.
3. Data limitations are to be remediated by the Company in full in the period in which they are identified. Where full remediation is not possible the timing for remediation is to be estimated by the Appointed Actuary and reported in the current report immediately following the identification of the data limitations, appropriate provision made to account for such data limitations in the subject report and progress reported in all future relevant reports until such data limitations are remediated and the provisions for data limitations are released.
Data Confidentiality
Article 48
Companies must establish a documented code of conduct, internal policies, procedures and controls and sufficient safeguards to ensure the confidentiality of all data within the scope of these Rules, whether in written, electronic, or other digital form, and to monitor and ensure compliance with that code of conduct and applicable data privacy or confidentiality obligations.
As a minimum, the code of conduct, internal policies, procedures and controls must address:
1. The physical, electronic and cyber security of data:
a. Within the Company,
b. When data is being exchanged and reports transmitted to and from the Appointed Actuary, where the Appointed Actuary is not an employee of the Company,
c. Held by the Appointed Actuary, where the Appointed Actuary is not an employee of the Company, and
d. Reports being transmitted to SAMA.
2. Whether data may be transmitted outside the Kingdom, and what additional safeguards are required if this is the case (such as encryption or requiring Actuarial Services to be carried out on the Company’s premises and using its information technology systems).
3. Compliance with the Company’s code of conduct and the effectiveness of controls over the confidentiality of data within the scope of these Rules must be tested at least annually.
Article 49
The Company, the Appointed Actuary and the Actuarial Service Provider shall comply with all relevant data confidentiality and protection laws and regulations of the Kingdom.
The Appointed Actuary’s Role in Respect of Reserving
Article 50
Annually and for each reporting period as specified by SAMA the Appointed Actuary shall:
1. Determine and recommend to the Board of Directors and Senior Management the Company's Insurance Contract Assets and Liabilities (including where relevant Technical Provisions), using appropriate methodologies and assumptions for their determination, consistent with current financial reporting standards applicable in the Kingdom.
2. Perform actual versus expected analysis by comparing actual experience with previous relevant estimates of claims and other liabilities where relevant.
3. Prepare the appropriate reports in accordance with SAMA instructions.
4. In respect of Protection and Savings insurance business,:
a. Determine and ensure the adequacy of the Insurance Contract Assets and Liabilities (including where relevant) Mathematical Reserves).
b. Advise on the determination of the allocation of surplus, profits or bonuses to the policyholders.
The Appointed Actuary’s Role in Respect of Pricing and Pricing Adequacy
Article 51
The Appointed Actuary shall, as a minimum, in respect of every Company that is an Insurer:
1. Investigate, advise and report to Senior Management, the Board of Directors and to SAMA in the form of a Pricing Report at least annually on the Technical Pricing of the risks in the insurance company’s Medical Expense, Motor and Protection and Savings products and such other classes of business as are required by SAMA’s instructions; and,
2. In respect of Protection and Savings Insurance business:
a. Perform a profit test of the premium rates.
b. Review and advise on product development and design, including the terms and conditions of Insurance contracts and pricing, along with the estimation of the capital required to underwrite the products
3. Report to Senior Management, the Board of Directors and to SAMA on the above in accordance with SAMA’s Instructions to be known as the Pricing Report/s and Pricing Adequacy Report/s and as per the Board of Directors’ and Senior Management’s instructions.
Article 52
1. A Company and its Appointed Actuary should derive Technical Prices using the Company’s own experience where this information is available and reliable.
2. In the absence of the Company’s own experience, for example when entering a new line of business, Technical Prices may be developed from other sources, but appropriate allowance should be made for any differences between the Company’s data and the source from which the information has been derived.
Article 53
The Appointed Actuary of an Insurance Company shall submit such periodic pricing adequacy reports, comparing actual selling prices for its Insurance contracts with the relevant Technical Prices, to SAMA, the Company’s Senior Management, Board of Directors, in respect of its Medical Expense and Motor classes of business, and such other classes of business as are required by SAMA’s Instructions.
Article 54
SAMA may require an Insurance Company to submit to SAMA a supplementary pricing report or pricing adequacy report from its Appointed Actuary in such form and at such timing as it prescribes on a case by case basis at the expense of the Insurance Company.
Article 55
SAMA may require a Reinsurance Company to submit to SAMA such information on the Technical Pricing of the risks it accepts and retains, as SAMA shall from time to time prescribe.
The Appointed Actuary’s Role in Assessing Solvency and Capital
Article 56
1. The Appointed Actuary shall investigate and provide advice to the Company on its current solvency position and the adequacy of the capital that it holds by projecting the Company’s solvency position into the future under varying assumptions in order to assess its financial strength and identify the major risk factors affecting the Company.
2. The Appointed Actuary shall investigate and provide advice to the Company on its prospective solvency position by conducting stress tests and scenario analysis under various assumptions and performing capital adequacy assessments, evaluating the relative impact of the output from such tests and analysis on the Company’s assets, liabilities, and actual and future capital levels and business plans, and shall investigate and advise on the development and use of models for these purposes. These investigations should be consistent with current financial reporting standards applicable in the Kingdom and take into consideration any of SAMA’s Instructions issued from time to time.
3. The results of these investigations are to be reported to Senior Management, the Board of Directors and SAMA in a form and at dates as prescribed by SAMA.
The Appointed Actuary’s Role in Risk Management
Article 57
The Appointed Actuary shall:
1. Coordinate with the Company’s risk management officers on estimating the impact of material risks and identifying appropriate mitigation techniques for those risks and provide input into SAMA’s risk management requirements.
2. In respect of an Insurance Company, assess the appropriateness of Reinsurance arrangements and risk Retention levels for each line of business having regard to the Company’s risk appetite, making recommendations to Senior Management and the Board of Directors in a form and at dates as prescribed by SAMA.
3. In respect of a Reinsurance Company, assess the appropriateness of Retrocession arrangements and risk Retention levels for each line of business having regard to the Company’s risk appetite, making recommendations to Senior Management and the Board of Directors in a form and at dates as prescribed by SAMA.
4. Coordinate with the Investment Committee and investment manager to provide recommendations to the Company’s Senior Management and Board of Directors regarding the Company’s investment policy and asset liability management strategy, keeping in view the nature and timing of Insurance Contract Assets and Liabilities and the availability of appropriate assets in a form and at dates as prescribed by SAMA.
Article 58
1. The Appointed Actuary of an Insurance Company shall submit a Reinsurance report to the Company’s Senior Management, Board of Directors and SAMA. The report shall be submitted in a form and at dates to be prescribed by SAMA’s instructions
2. This report shall assess the appropriateness of Reinsurance arrangements and risk Retention levels for each line of business having regard to the Company’s risk appetite, capital adequacy and the total exposure currently underwritten and expected to be underwritten in the following financial year and provide observations on risk Retention levels, considering:
a. Profit sharing mechanisms or variable commissions.
b. Loss sharing mechanisms.
c. Any caps on the Reinsurance Companies’ total exposure under Reinsurance treaties.
d. Any caps on the Reinsurance Companies’ exposure to single events, incidents or claims.
e. Any swing rates where Reinsurance premiums are adjusted based on the results of the Reinsurance.
f. The possible impacts of reinstatements or aggregate deductibles on excess of loss treaties.
g. How Reinsurance arrangements are expected to operate under stress scenarios.
3. The Appointed Actuary shall review and comment on the effectiveness of the Company’s procedures to assess whether or not any Reinsurance contracts transfer significant Insurance risk to the Reinsurance Company, particularly in conjunction with any side letters or other arrangements, and report accordingly.
Article 59
1. The Appointed Actuary of a Company that is a Reinsurance Company may be required to submit a Retrocession report to the Company’s Senior Management, Board of Directors and SAMA in a form and at dates to be specified by SAMA covering as a minimum the appropriateness of Retrocession arrangements and risk retention levels for each line of business having regard to the Company’s risk appetite, capital adequacy and the total exposure currently underwritten and expected to be underwritten in the following financial year and providing observations on the Reinsurance Company’s risk Retention levels.
2. The Appointed Actuary shall review and comment on the effectiveness of the Company’s procedures to assess whether or not any Reinsurance contracts issued or Retrocession arrangements entered into transfer significant Insurance risk, particularly in conjunction with any side letters or other arrangements, and report accordingly.
Article 60
1. The Appointed Actuary of a Company shall submit an investment and asset liability management report to the Company’s Senior Management, Board of Directors and SAMA in a form and at dates to be prescribed by SAMA.
2. This report shall assess the suitability of the Company’s investment policy and asset liability management strategy, having regard to the total exposure currently underwritten and expected to be underwritten in the following financial year, addressing the nature and timing of Insurance Contract Assets and Liabilities and the availability of appropriate assets, coordinating with the Investment Committee and investment manager for the purposes of its production.
The Appointed Actuary’s Role in Performing Experience Studies
Article 61
The Appointed Actuary shall carry out such experience studies as are prescribed by SAMA’s Instructions addressing, as a minimum, expense analysis and, for Companies transacting Protection and Savings Insurance, persistency, mortality experience and, where relevant, morbidity experience, reporting to SAMA in accordance with SAMA’s Instructions.
Article 62
The Appointed Actuary should report on expenses, drawing on experience to date and leading professional practice such as activitybased cost analysis, sufficient to support the assumptions and related Insurance Contract Assets and Liabilities in accordance with financial reporting standards applicable in the Kingdom which may, for example, include:
1. Premium deficiency analysis for all general Insurance products and short term Protection and Savings insurance.
2. Analysis of unallocated loss adjustment expenses.
3. Renewal expense assumptions.
4. Insurance acquisition cash flows.
5. Any provisions for expense overruns for Protection and Savings business. Such provisions may only be adopted for the first three years’ valuations after the Company commences writing Protection and Savings business except with prior statement of nonobjection from SAMA.
Article 63
The Appointed Actuary should analyze and report on the persistency rates of all long-term Protection and Savings products, analyzing the persistency and lapse experience of each separate distinct product type as compared with the assumptions previously made, in a form and at a frequency to be determined by way of SAMA’s Instructions.
Article 64
The Appointed Actuary should analyze and report on the mortality experience for all Protection and Savings products, analyzing the mortality experience of each separate distinct product type as compared with the assumptions previously made, in a form and at a frequency to be determined by way of SAMA’s Instructions.
Article 65
The Appointed Actuary should analyse and report on the morbidity experience for all Protection and Savings products where benefits, including waivers of premium, are determined based on morbidity experience, analysing the morbidity experience of each separate distinct product type as compared with the assumptions previously made, in a form and at a frequency to be determined by way of SAMA’s Instructions.
Non-Compliance
Article 66
Non-compliance with the requirements set forth in these Rules will be deemed a breach of the Law and its Implementing Regulation and licensing conditions or SAMA’s statement of non-objection and may subject Companies and/or Appointed Actuaries or Actuarial Services Providers to regulatory actions.
Article 67
In the case of non-compliance by the Appointed Actuary with the requirements set forth in the Law and its Implementing Regulation, these Rules, or the Actuarial Association’s professional code of conduct and technical standards of practice, the Company shall inform its Board of Directors and SAMA in this regard within 24 hours of becoming aware of the non-compliance, and provide SAMA with the details of actions taken within (10) working days from the date of discovering the violation.
Closing Provisions
Article 68
Any disputes or conflicts arising in respect of the contract between the Company and the Appointed Actuary or the Actuarial Service Provider, or in respect of the implementation of these Rules, are to be subject to the Laws and regulations of the Kingdom.
Appendix (1)
Provision No. Instructions of Establishing the Actuarial Function within the Re/Insurance Company
Taking into consideration Article (16) of the Actuarial Work Rules for Insurance and/or Reinsurance Companies, the Company shall establish an Actuarial Function commensurate with the scale and complexity of its business, within six months of the issuance the Rules, taking into account all of the following:
1 The actuarial function shall constitute of at least three (3) Saudi Actuaries within one year of the issuance of the Rules .
2 The Company shall appoint internal Qualified Actuary within two years of the date of issuance of the Rules.
3 The Company must appoint an internal Qualified Actuary who is Saudi within seven years of the issuance of the Rules.
4 The Actuarial Function shall be headed by a sufficiently experienced natural person employed by the Company to fulfil the role of Head of the Actuarial Function after obtaining SAMA’s statement of nonobjection.
5 The head of the Actuarial Function shall comply with minimum standards prescribed by SAMA.
6 The Head of the Actuarial Function shall report directly to the Chief Executive Officer of the Company.
7 The company must update its code of governance to reflect the role and responsibilities of the Actuarial Function.
8 The Board of Directors and Senior Management of the Company must provide the Actuarial Function with sufficient resources commensurate with the scale and complexity of the Company’s business, including sufficient human resources as well as access to information technology and other appropriate systems, training and professional development.
9 The Company shall issue a training and development policy for professional actuarial certifications, to ensure that Saudi Actuarial Candidates obtain the fellowship of an Actuarial Association within a reasonable period, and submit the policy to SAMA within six months of the issuance of these Rules.
10 The Company shall provide SAMA with an annual report on the Actuarial Function that includes as a minimum the followings:
a. The training and development policy referred to in Provision (9) above indicating what has been applied within the giving period.
b. Number of Actuaries and their experiences according to the classification of these Rules.
c. Expansion plan of the Actuarial Function in regard to employment for the next 5 years taking in consideration the scale and complexity of actuarial work of the Company.
d. Number of actuarial examinations taken and percentage of passes.
e. Knowledge transfer activities conducted by the Appointed Actuary within the given period.
Insurance Intermediaries Regulation
Part 1: Introduction
Purpose:
1- This regulation presents the general principles and minimum standards that should be met by insurance agents and (re)insurance brokers when dealing with insurance companies and their existing and potential clients.
2- The objective of this regulation is to promote appropriate standards in the business of insurance services provision.
3- This regulation must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations, as well as Saudi Central Bank’s Market Code of Conduct and any other regulation issued by Saudi Central Bank.
Definitions
4- The term “Intermediaries” in this Regulation is intended to include insurance agents and (re)insurance brokers.
An Insurance agent is defined as a juristic entity that for compensation represents the insurance company to solicit, procure and negotiate insurance contract.
An Insurance broker is defined as a juristic entity that for compensation negotiates with the insurance company in order to conduct insurance services for policyholders.
A Reinsurance broker is defined as a juristic entity that negotiates contracts of reinsurance between an insurance company and a reinsurance company on behalf of the insurance company, receiving commission for placement and other services rendered from the reinsurance company.
The term “Clients” is defined as the existing and potential recipients who request or acquire an insurance product or service.
The rest of terms which are not mentioned above and used in this regulation shall have the same meaning as per article one of the Implementing Regulations.
Compliance Measures:
5- Intermediaries must establish appropriate internal controls and procedures to ensure and monitor compliance with this regulation, including controls and procedures of their contracts with insurance companies, with other insurance service providers and with Clients.
6- Intermediaries must maintain adequate records to demonstrate compliance with this regulation, including, but not limited to, compliance reports, policy records, claims records and complaints records.
Non-Compliance:
7- Non-compliance with the conditions and requirements set forth in this regulation will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and licensing conditions and may subject Intermediaries to enforcement action.
Part 2: Rules of professional conduct.
8- Intermediaries shall comply with the rules of professional conduct by fulfilling the following requirements:
a) Act in an honest, transparent and fair manner, and fulfill all of their obligations towards Clients and insurance and reinsurance companies, as stipulated by Saudi Arabian laws and regulations. Where these obligations have not been fully codified, intermediaries should abide by internationally accepted best practices.
b) Act within reasonable competence when dealing with Clients and insurance and reinsurance companies. For this purpose, competence shall be acquired through training, experience, and consulting with experts when needed.
c) Keep the employees’ skills and knowledge about the insurance business up-to-date and be informed of the products and services available on the market.
d) Take reasonable care in maintaining adequate managerial, financial, operational, and human resources to carry out their business and serve Clients.
e) Communicate all relevant information including coverage details, conditions, exceptions and restrictions of the insurance policy to Clients in a timely manner, and ensure that Clients are aware of the commitment they are about to make to enable them to make a suitable decision.
f) Take reasonable measures to ensure the accuracy and clarity of the information provided to and from Clients and make such information available in writing.
g) Treat all data and information acquired about the insurance company and Clients with utmost confidentiality, and take appropriate measures to maintain the secrecy of confidential documents in their possession. This means that the data:
- Must be obtained and used only for specified and lawful purposes.
- Must be kept secure and up-to-date.
- Must commit to provide data about insurance coverage to Clients upon their written request.
- Must not be disclosed to any third party without prior authorization from Saudi Central Bank, with the exception of the companies’ external auditors.
h) Must not motivate Clients to revoke a valid insurance policy, and must not motivate Clients to refuse a quotation given by a competitor using false or unfair evaluation in order to merely increase commissions.
i) Ensure that Clients fully understand the services provided by the Intermediaries and the nature of the relationship between both parties.
j) Notify the insurance company of any information or documents related to Clients which might affect the decision of the insurance company to provide the coverage and at which rates and conditions.
k) Immediately notify Clients about the acceptance or rejection of the coverage by the insurance company.
l) Explain to Clients the mechanism of paying the insurance premiums and any other additional proceeds the insurance company is entitled to.
9- In addition to the general rules, brokers shall comply with the following:
a) Take reasonable measures to identify and address conflict of interest to ensure fair treatment to all Clients. Where conflict of interest arises, brokers must not unfairly place their interests above those of their clients.
b) Present to each client a comparison between the prices and coverage of insurance policies tailored to the client’s needs and offered by different insurance companies, then recommend an insurance policy and explain to the client the reason for choosing it and the conditions, benefits, and exclusions it includes.
c) Do not favor companies they are associated with.
d) Do not choose or recommend insurance coverage from an insurance company based on the commissions granted to the broker.
Part 3: Requirements for Opening Branches
10- Brokers shall not have more than one branch in each province in the Kingdom, and shall not exceed a total of five branches within the Kingdom.
11- Agents shall have a maximum of five branches when their capital is of SR 500,000. Agents must increase their capital by SR 100,000 for every additional branch.
12- Agents must obtain the approval of the represented insurance company for their branch expansion plan. Insurance companies, in turn, must regularly oversee and review the operations of these branches, and are held accountable in case of the agent’s non-compliance with the professional standards, requirements and criteria set forth in this regulation.
13- In addition, Intermediaries looking to open new branches must meet the following requirements:
a) Obtain Saudi Central Bank’s approval for the location of the new branch.
b) Provide Saudi Central Bank with a list of addresses of all branches to be opened, the names of the employees that will work at these branches, their qualifications, and experience.
c) Provide Saudi Central Bank with the objectives and reasons behind opening the new branch.
d) Complete all regulatory licenses, records, and certifications required to open a new branch, e.g., license from the municipality, the Civil Defense, the Ministry of Commerce and Industry and any other licenses required.
e) Meet the Saudization requirements, stipulated in the Implementing Regulations, in each branch.
f) Have an information system at the branch that is connected to the intermediary’s IT system.
g) Have internal control measures to oversee the operations of each branch.
h) Have an adequate and secure system to retain money at the branch.
i) Have a system to document and maintain data related to the insurance policies underwritten by the branch, e.g., policyholders’ names, addresses, as well as, insurance policies’ dates, durations, premium rates and conditions.
j) Ensure that branch employees possess adequate qualifications to deal with, combat, and report financial crimes.
k) Ensure that the branch customer service employees apply the required customer due diligence in knowing their clients.
Part 4: Requirements for Bancassurance activities
14- Bancassurance activities must be conducted through licensed insurance agents, i.e., Bancassurance agents, which are subject to all applicable regulations thereof.
15- The Bancassurance agency and the bank must sign a distribution agreement. Prior approval on the distribution agreements must be obtained from Saudi Central Bank. The agreement must include but is not limited to:
a) Insurance products to be marketed.
b) Allocation of expenses to the agency.
c) Trainings of bank staff.
d) Cash collection procedures.
16- The Bancassurance agency should submit a request to Saudi Central Bank for obtaining an approval on its insurance products that will be sold in Banks.
17- The bancassurance agency must obtain Saudi Central Bank’s approval before introducing an approved insurance product to any new bank branch.
18- Insurance products must be sold and marketed independently from banking products, as such:
a) Insurance products must not be marketed or sold by staff involved in selling or marketing banking products.
b) Insurance products must not be bundled with banking products for marketing and selling purposes.
19- All bank staff involved in selling insurance products must pass the Insurance Foundation Certificate Exam.
20- The Bancassurance agency must submit to Saudi Central Bank, on a yearly basis, a training plan for the Bank’s staff involved in selling insurance products. The plan should cover as a minimum the following:
a) Selling techniques trainings.
b) Product specific trainings.
c) Anti-money laundering and combating terrorism finance.
d) Applicable laws and regulations.
21- The Bancassurance agency must appoint a Bancassurance supervisor. The roles and responsibilities of the supervisor should include as a minimum:
a) Supervise Bancassurance sales activities in bank branches by conducting regular visits to branches.
b) Conduct ongoing trainings to bank staff on insurance products and sales.
c) Put in place all the proper controls, and validation to ensure delivery of insurance products in an honest, transparent and fair manner.
22- The bancassurance agency is fully responsible to:
a) Ensure compliance with controls, policies and procedures in bank branches in order to sell insurance products in an honest, transparent, and fair manner.
b) Ensure that the insurance company’s copy of client records is delivered securely and in a timely manner
c) Prepare and review monitoring reports for the bancassurance activities.
d) Follow up on cash collection.
Part 5: Requirements for Dealing With Insurance and Reinsurance Companies.
Section A: General Requirements
Documentation:
23- Intermediaries shall document in books and records all data, information and documents related to the business they conduct with (re)insurance companies and policyholders including the following:
a) Name and address of the represented party:
- Insurance company in the case of an agent and reinsurance broker.
- Client in the case of a broker.
b) A copy of the agreement executed with the represented party:
- Agency agreement in the case of an agent.
- Broker client agreement in the case of a broker.
c) Copy of Clients’ insurance policies.
d) Business related memorandums and correspondences.
e) Insurance proposal forms received on behalf of insurance companies.
f) Clients names as well as the date of issuance of the insurance policy and the collection of premiums.
g) Book keeping related to premiums received or claims paid or any other financial transaction related to the insurance business.
h) Bank accounts related to the insurance business.
24- Intermediaries shall keep the books and records for a period of no less than ten years from the date of termination or end of the concerned insurance policy.
Premium Collection and Segregation of Accounts:
25- Insurance companies are considered to have received the premiums once the premiums are received by their agents.
26- Intermediaries must ensure the security of clients’ assets held on their behalf. Any premiums collected by Intermediaries must be either placed in a separate bank account (the premium account) that has been established for that purpose, or passed directly to the insurance company. Cash payments must generate a receipt to the client and must go immediately into the premium account.
27- Intermediaries must not treat the premiums account as their own in any sense; in particular, as security for any loan.
28- Intermediaries shall remit all the premiums collected from insurance contracts concluded on behalf of the insurance company, to the insurance company's account in a period not exceeding 7 working days from the date of collection from Clients, as well as, providing the insurance company with a detailed report of these premiums.
29- The intermediary is responsible to carry out all necessary efforts to collect premiums from policyholders. In case the policyholder fails to pay, the intermediary must immediately notify the insurance company.
Agreements Between Intermediaries and Insurance Companies:
30- The agency or brokerage agreement concluded between the intermediary and the insurance company shall determine the rights and obligations of each of them, including the following:
a) Type and classes of insurance in which the intermediary is allowed to practice the insurance business.
b) Duration of the agreement and possible causes of termination.
c) Means for calculating the commission of Intermediaries for the service provided.
d) The limit per insurance policy that the agent is allowed to sell.
e) The standards to be followed and complied with by the intermediary.
f) The rights of the insurance company to review the intermediary’s books and records related to its accounts.
Section B: Requirements for agents
Obligations of an Agent Towards the Represented Insurance Company:
31- Agents shall:
a) Note on all official papers, correspondences and documents their license number, as well as the name of the represented insurance company.
b) Comply with the insurance policy limits that they are authorized to sell as set in the contract binding the agent to the represented insurance company.
c) Not represent more than one insurance company without obtaining the prior approval of Saudi Central Bank.
d) Provide to the insurance company their compliance and internal control manuals if requested to do so.
e) Obtain the approval of Saudi Central Bank for any changes occurring on the agency agreement with the represented insurance company.
32- Agents must request Saudi Central Bank’s prior approval to terminate the agency agreement with a represented insurance company and sign a new agency agreement to represent another insurance company. To request such approval, agents must provide Saudi Central Bank with:
a) Reasons for terminating the agency agreement with the current insurance company.
b) Insurance company that the agent plans to sign an agreement with and a draft of the agency agreement.
c) Commissions rates to be received from the insurance company.
33- After obtaining Saudi Central Bank’s approval to terminate the agency agreement, the agent shall:
a) Sign a financial settlement of accounts with the current insurance company.
b) Inform the public of ceasing the agreement through announcements in local newspapers.
c) Stop selling insurance products for a transitory period of 60 days and take all necessary measures to terminate the association with the insurance company, including: removing the company’s signboards from its branches, delivering sales registers, and names of users and passwords of electronic systems related to the company and settle all pending financial matters between both parties.
Section C: Requirements for Brokers
Obligations of a Broker Towards the Insurance Company:
34- Brokers shall:
a) Note their license number on all papers, correspondences and documents.
b) Provide the insurance company with information that enables it to assess the risk to be insured or renew its insurance with the knowledge and approval of Clients.
c) Be knowledgeable about insurance markets, insurance law and prevailing regulations, and follow-up on the developments occurring therein.
d) Provide assistance in negotiations between the insurance company and Clients concerning claims arising from the risk insured.
h) Obtain written approval from Saudi Central Bank prior to placing risks with foreign insurance companies to cover risks that cannot be covered through a licensed company in the Kingdom.
Part 6: Requirements for Dealing With Policyholders.
Section A : Pre-Sale Client Contact
Advertising:
35- Intermediaries shall:
a) Ensure that advertisements are not misleading, over-stated or offensive.
b) Ensure in the case of an insurance broker that advertisements are not restricted to the policies of one insurance company.
c) Ensure that advertisements neither contain anything which is in breach of the law nor omit anything which the law requires.
d) Ensure that advertisements do not abuse the trust of Clients or exploit their lack of experience or knowledge.
e) Proper written approval should be obtained from the relevant insurance company if the advertisement has any reference to that insurance company.
Advice:
36- Intermediaries shall provide advice on the matters within their field of expertise and seek or recommend specialists if necessary.
37- Insurance brokers shall provide advice, technical consultation and the most suitable policy conditions and prices for Clients by contacting a number of insurance companies.
Client Service:
38- Intermediaries shall:
a) Understand the terms and conditions of all policies offered to Clients.
b) Understand Clients’ profile, coverage needs, and appetite for risk.
Legal Requirements:
39- Intermediaries shall ensure that any documents issued comply with all statutory and regulatory requirements.
40- Brokers shall obtain a written approval to represent Clients with the (re)insurance company.
Documentation:
41- Intermediaries shall:
a) Ensure that all written terms and conditions are fair in substance and that the Clients' rights and responsibilities are set out, clearly and in plain and understandable language.
b) Send policy documentation to Clients without avoidable delay.
c) Send a written advice along with the policy documentation stressing on the importance of reading it carefully.
d) Ensure that instruction letters, policies and renewal documents contain details of complaints handling procedures.
Reinsurance:
42- Reinsurance brokers shall:
a) Maintain proper records of the insurance company's business to be used by reinsurance companies.
b) Render advice based on knowledge of the reinsurance coverage available in the reinsurance markets.
c) Maintain a database with the ratings of (re)insurance companies.
d) Select and recommend a (re)insurance company or a group of (re)insurance companies.
e) Assist in the update of (re)insurance contracts.
f) Exercise due care and diligence with the selection of (re)insurance companies taking into consideration their respective ratings.
Section B: Sale of Insurance Products and Services
Sales Practices:
43- Intermediaries shall:
a) Ensure Clients understand the type of service being offered.
b) Ensure that the policy proposed is suitable for the Clients’ needs.
c) Provide Clients with comparisons in terms of price, coverage and services offered when choice among several products is available.
d) Notify Clients promptly if unable to obtain the requested insurance.
e) State the period for which the quotation remains valid if the proposed contract is not entered into immediately.
f) Explain to Clients their obligation to notify claims promptly and to disclose all material facts relevant to the coverage.
Information Furnishing:
44- Intermediaries shall:
a) Request Clients to make true, fair and complete disclosure and ensure that the consequences of non-disclosure of information and inaccuracies are pointed out to clients.
b) Avoid influencing and pressuring Clients and make it clear that all the answers or statements given are his/ her own responsibility.
c) Require Clients to carefully check the information given in the documents.
d) Explain to Clients the importance of disclosing all subsequent changes that might affect the coverage throughout the duration of the policy.
e) Disclose on behalf of Clients all material facts within their knowledge and give a fair presentation of the risk profile of Clients to the insurance company.
Contract Explanation:
45- Intermediaries shall:
a) Explain all the essential provisions of the coverage provided by the policy to Clients.
b) Quote terms exactly as provided by the insurance company.
c) Draw attention to any warranty imposed under the policy, major or unusual restrictions, exclusions, and explain how the contract may be cancelled.
d) Provide a list of insurance companies participating in the coverage and advice of any subsequent changes thereafter. (Applicable for brokers only)
Remuneration:
46- Intermediaries must obtain Saudi Central Bank’s approval to receive a commission rate that exceeds the rates specified in Appendix A (Maximum Commission Rates Permitted) of this regulation.
47- Intermediaries shall:
a) Disclose to Clients the amount of proceeds and commissions they are receiving for the policy being contracted by Clients.
b) Inform Clients in writing of any additional fees or charges for any related services.
48- (Re)insurance brokers who have established a business relationship with an insurance company and have identified potential clients are entitled to receive their commission proportionally to the paid premiums once the contract is entered into. Any attempt by the insurance company to bypass the broker and deal with the client directly is considered an act of unauthorized disintermediation and is strictly prohibited. Such act should be reported to Saudi Central Bank directly with supporting evidence.
Section C: Post-Sale Client Servicing
Data Confidentiality:
49- Intermediaries shall:
a) Ensure that Clients data and confidential documents are stored safely with restricted access.
b) Ensure that Clients data is transferred only to relevant stakeholders (e.g., insurance companies, Intermediaries’ auditors).
Client Notification:
50- Intermediaries shall:
a) Promptly notify Clients, using a written confirmation that the insurance contract has been entered into.
b) Notify Clients with the changes made to the terms and conditions of an insurance contract and give reasonable notice before any change takes effect.
c) Inform Clients of any termination of coverage or potential problems within the duration of policy coverage.
Policy Renewal:
51- Intermediaries shall:
a) Ensure that renewal notices include Clients’ duties to disclose changes affecting the policy, which have occurred since the policy inception or the last renewal date.
b) Ensure that renewal notices contain a requirement for keeping records, including copies of letters, of all information supplied to the insurance company for the purpose of renewal of the contract.
c) Ensure that Clients are aware of the expiry date of the insurance contract even if no further coverage is granted.
d) Ensure that Clients receive insurance company's renewal invitations well in time before the expiry date.
Claims Handling:
52- Intermediaries are not allowed to approve and settle claims but shall:
a) Respond to claims filing in a prompt manner.
b) Provide claims forms showing all the information or steps required by Clients to file a claim.
c) Provide adequate guidance to Clients in filing the claim and information on the claims handling process.
d) Acknowledge to Clients the receipt of the claim and any missing information and documents within seven (7) calendar days from the reception of the claim application form.
e) Inform Clients of the progress of filed claims, at least every fifteen (15) working days.
f) Notify Clients in writing of the claim acceptance or refusal.
g) Explain the complaints and disputes process if the settlement is not accepted by Clients.
53- Intermediaries must transfer claims amounts to policyholders within a period of 3 working days from the date of receipt from insurance companies.
Client Complaints:
54- Intermediaries shall:
a) Accept complaints either by phone or in writing (e.g., letters, emails, and fax).
b) Explain the procedures to be followed when filing a complaint.
c) Provide Clients with the contact reference to follow up on the filed complaint.
d) Inform Clients on the progress of the filed complaint.
e) Respond to policyholder’s complaints within fifteen 15 calendar days from the reception of correspondence.
f) Have in place an electronic system for recording and monitoring complaints.
Financial Reporting:
55- Intermediaries shall complete and submit the set of intermediaries’ financial reporting forms to Saudi Central Bank according to the financial reporting forms guidelines.
Appendix A: Maximum Commission Rates Permitted
Classes of Business Commission Rate Accident & Liability Insurance 15% Personal Accident 15% Work Related 15% Employer's Liability 15% Third Party Liability 15% General Liability 15% Product Liability 15% Medical Liability 15% Professional Liability 15% Theft & Burglary 15% Fidelity 15% Safe Burglary 15% Any Other Liability 15% Motor Insurance - Compulsory 2%* Motor Insurance - Compulsory + Others 15% Property Insurance 15% Fire Insurance 15% Marine Insurance - Hull 15% Marine Insurance - Cargo 15% Aviation Insurance 15% Energy Insurance 15% Engineering Insurance 15% Other General Insurance Classes 15% Health Insurance - Compulsory 8% Health Insurance - Compulsory + Other 10% Protection Insurance 15% Protection & Savings Insurance 15% Other Protection & Savings Insurance 15% FATCA Updated Instructions on TIN
This circular is currently available only in Arabic, please click here to read the Arabic version.IFCE update
This section is currently available only in Arabic, please click here to read the Arabic version.Follow Up Motor Insurance Pricing and Underwriting Instructions 2018
This section is currently available only in Arabic, please click here to read the Arabic version.Motor Insurance – Pricing & Underwriting Instructions 2018
This section is currently available only in Arabic, please click here to read the Arabic version.Quarterly Reserves
Based on Article (11) of the Law on Supervision of Cooperative Insurance Companies, which grants SAMA the right to require insurance and/or reinsurance companies to provide it with any information its sees necessary to realize the objective of the law.
SAMA requires each insurance and/or reinsurance company to submit, going forward, the results of its quarterly reserving exercise in the attached format ("reserving template”) in order to assess the adequacy of technical reserves held by insurance and/or reinsurance companies in quarterly financial statements. The reserving template must be submitted for every quarter, except for Q4 when a separate detailed template will be required.
Below is the submission schedule for the above information:
- Q1 reserving template will be due by 30th April. - Q2 reserving template will be due by 31st July (for year 2018. this is extended to 30th Aug). - Q3 reserving template will be due by 31st October.
SAMA requires strict adherence to the instructions contained within the reserving template.
SAMA may update the above reserving template from time to time, in which case a revised template will be shared in advance of the due date.
Medical Expenses Insurance, Pricing Adequacy Report 2017
With reference to SAMA Circular "Medical Expenses Insurance - Actuarial Pricing 2017", dated 14 Aug 2017, SAMA requires all insurance companies writing Medical Expenses Insurance business to submit a 'Pricing Adequacy Report', as mentioned in Clause 3 ("Discretionary Reductions in Premium for specific quotations") of the above circular.
At a minimum, the report should meet the following requirements:
• The analysis should cover all policies issued/renewed during the year 2017 with the policy effective date in 2017. • Companies must provide the Appointed Actuary with all data or other information required by the Actuary in order to produce the report. Data must be provided in the format required by the Actuary. • Any deficiencies in the data used for the analysis should be clearly mentioned in the report. • It is expected that each insurance company will be able to carry out this analysis at a level of granularity aligned with the Appointed Actuary's pricing analysis. For the purpose of this report though, it is also acceptable to produce the results of the above analysis at an aggregate level aligned with the segments used by the Appointed Actuary for Claims Reserving. • For each segment analysed, the report should mention the 'selling price' and the 'technical price' at an aggregate level for that segment, where 'technical price' is defined as the price determined using the actuarial basis applicable at the time of issuing/renewing the policy. Both prices should include the same components, i.e. risk premium, commissions, expenses, profit margin, etc. in order to avoid any distortions to the comparison made. • Assumptions (if any) used in the above analysis should be clearly mentioned in the report, along with their justification. • The report should be signed jointly by the Chief Underwriting Officer (or equivalent) and the Appointed Actuary.
SAMA expects that the above report, excluding any appendices, will not exceed five pages. The Excel template attached as Appendix 1 should be submitted along with the report.
The above report and Excel template should be submitted to SAMA by 25th January 2018.
Principles to be Applied to the Regulation of Branches of Foreign Insurance Companies Established in Saudi Arabia
This working document sets out the approach that will be applied to the regulation of branches of foreign insurance companies wishing to operate in Saudi Arabia. The overall approach that will be taken is that there should be a level playing field, between branches of foreign insurance companies and locally incorporated public joint stock companies. Saudi Central Bank is requesting from interested foreign insurance companies who are seeking to operate as a branch in Saudi Arabia a written response/comments to this consultation document within 60 days of its publication on its website. The written response should be sent to Saudi Central Bank and should be addressed to: Mr. Mohammad Al Shayea, Director of Banking Inspections, Insurance, and Financial Leasing.
1. New regulations that will amend the Implementing Regulations will be prepared. The new regulations and Saudi Central Bank circulars will have the effect of implementing the approach that Saudi Arabia will apply to branches of foreign insurance companies that is set out in this document and will cover the full details of the regulatory regime that will apply.
2. Saudi Central Bank will assess whether an applicant that is a foreign insurance company will as a whole satisfy, and continue to satisfy, the conditions for authorization. Saudi Central Bank will assess the circumstances of the company as a whole and not just those of any proposed branch in Saudi Arabia. In making its assessment, Saudi Central Bank will take into account all relevant matters, including the nature and extent of the regulation and supervision to which the applicant is subject in its home country and whether the company as a whole meets Saudi Central Bank solvency requirements. Saudi Central Bank will seek to liaise with any home country supervisory authority and will take into account any information received from it with respect to the applicant, including the adequacy of the applicant’s resources and the applicant’s suitability for authorization, having regard to the need to ensure that the applicant’s affairs are conducted soundly and prudently. Saudi Central Bank will not authorize a foreign insurance company to operate an insurance branch in Saudi Arabia without:
2.1 Confirmation from the home supervisory authority that the applicant is authorised to carry on the types of insurance business proposed in its home country.
2.2 Confirmation from the home supervisory authority that the applicant has been writing the same lines of business in its home country for the past five years.
2.3 Confirmation from the home supervisory authority that the applicant is solvent and meets all the regulatory requirements in the home jurisdiction.
2.4 Confirmation by Saudi Central Bank that the foreign insurance company meets the capital and solvency requirements that would apply if the company were based in Saudi Arabia.
2.5 Confirmation that the branch will possess assets in excess of liabilities in respect of business written in Saudi Arabia amounting to at least SR 100m for an insurer and SR 200m for a reinsurer. When assessing the net assets in Saudi Arabia in respect of the business written in Saudi Arabia, the technical provisions, asset values and admissibility of assets will be determined in accordance with the Implementing Regulations. The net assets of the Saudi Arabian branch should not be used to cover solvency requirements of business written outside Saudi Arabia.
2.6 The total invested assets of the branch shall be held by a Saudi licensed bank as custodian.
2.7 Confirmation that the branch will make a statutory deposit of SR 10m for an insurer or SR 20m for a reinsurer, which may be part of the net assets referred to in paragraph 2.5 above. Where Saudi Central Bank concludes that the risk profile of the applicant’s business warrants it, the statutory deposit may be increased up to a maximum of SR 15m for an insurer or SR 30m for a reinsurer. The branch shall place the statutory deposit amount, within three (3) months of the date of issuing the license, in a bank designated by Saudi Central Bank. The Agency shall invest the statutory deposit and shall be entitled to its earnings.
2.8 Confirmation that the branch in Saudi Arabia will operate in accordance with the Cooperative Insurance Law and its implementing regulations.
2.9 Confirmation that the branch in Saudi Arabia will not engage in any activities other than insurance and reinsurance activities for which it is authorised by Saudi Central Bank.
3. Saudi Central Bank will not authorize a branch of a foreign insurance company or a branch of a foreign reinsurance company to operate in Saudi Arabia unless:
3.1 It maintains a presence and premises in the Kingdom appropriate to the nature and scale of its activities in Saudi Arabia.
3.2 It establishes appropriate management and accounting procedures in Saudi Arabia, which will enable the preparation of its accounts concerning its business, carried on in Saudi Arabia and keep in Saudi Arabia all the necessary records for this business.
3.3 It designates the General Manager for the branch, who is resident in Saudi Arabia, authorised to act generally, and to accept service of any document, on behalf of the applicant company.
3.4 All managerial roles defined by the Implementing Regulations and Saudi Central Bank are carried out by designated individuals resident in Saudi Arabia.
3.5 The General Manager for the branch, controllers and managers of the applicant company are fit and proper persons.
4. A foreign insurance company wishing to obtain a licence to operate an insurance branch in Saudi Arabia must make an application to Saudi Central Bank which contains information similar to that required under Article 4 of the Implementing Regulations. The information should be in respect of the business as a whole for paragraphs 1 to 4 and the Saudi operation for paragraphs 4 to 7 of the First part of Article 4. The bank guarantee in paragraph 8 of the First part of Article 4 must cover the excess assets referred to in paragraph 2.5 above.
5. In addition to the information required under paragraph 4 above, a foreign insurance company wishing to obtain a licence to operate an insurance branch in Saudi Arabia must also supply the following:
5.1 A projection of world-wide premium income both gross and net of reinsurance ceded in each of the first five financial years following authorisation and broken down between Saudi Arabia and elsewhere.
5.2 A summary of the risks the company will underwrite outside Saudi Arabia.
5.3 A summary of the reinsurance arrangements for the business of the company written outside Saudi Arabia including the company's maximum retention per risk or event after all reinsurance ceded and the names of the principal reinsurers.
5.4 A statement showing the current margin of solvency of the company (after application of valuation regulations), the margin of solvency required and how both have been calculated on both a home country and Saudi Central Bank basis.
5.5 Balance sheets and profit and loss accounts of the company for each of the last five financial years.
6. In deciding whether to authorize a branch of a foreign insurance company in Saudi Arabia, Saudi Central Bank will pay close regard to the company's activities elsewhere and how these activities are regulated. Saudi Central Bank may consider reports produced by the IMF/World Bank, such as their Financial Sector Assessment Program (FSAP) for any particular territory. If the applicant is not regulated elsewhere (e.g. some countries do not regulate reinsurance firms) or if the applicant is regulated in a jurisdiction not substantially compliant with IAIS Core Principles or FATF standards, then the application can only be considered after exhaustive enquiries into the firm’s shareholders, management structure and financial position. Saudi Central Bank will need an assurance that it may exchange and share relevant supervisory information with the home supervisory authority.
7. Where a foreign insurance company operates an insurance branch in Saudi Arabia, a minimum of 10% of the net surplus arising from the business written in Saudi Arabia must be distributed to the policyholders directly, or in the form of reduction in premiums for the next year.
8. Where a foreign insurance company operates an insurance branch in Saudi Arabia, 20% of the net shareholders’ income in respect of the branch, determined in accordance with Article 70 of the Implementing Regulations, shall be set aside to increase the excess assets of the branch in respect of the business written in Saudi Arabia until the excess assets amount to SR 200m for an insurer and SR 400m for a reinsurer. When assessing the net assets in Saudi Arabia in respect of the business written in Saudi Arabia for the purpose of meeting this requirement, the technical provisions, asset values and admissibility of assets will be determined in accordance with the Implementing Regulations in respect of the business written in Saudi Arabia. The assets of the Saudi Arabian branch should not be used to cover solvency requirements of business written outside Saudi Arabia as in paragraph 2.5 above.
9. Where a foreign insurance company operates an insurance branch in Saudi Arabia, it shall invest its assets matching its liabilities (including technical provisions) in respect of business written in Saudi Arabia in accordance with Articles 59 to 63 of the Implementing Regulations.
10. Where a foreign insurance company operates an insurance branch in Saudi Arabia, it shall comply with Article 40 of the Implementing Regulations in respect of its reinsurance arrangements in respect of business written in Saudi Arabia.
11. The Saudi Central Bank fee of 0.5% of total underwritten premiums under Article 36 of the Implementing Regulations will be levied only in respect of business written in the Saudi Arabian branch.
Accuracy of Claims Experience Data
Further to SAMA’s circular # 122 on 'Medical Expenses Insurance - Actuarial Pricing 2017’, it has been brought to SAMA’s attention that the claims experience data being provided by insurance companies (or on their behalf by Third Party Administrators) to policyholders is sometimes not consistent with the actual claims experience. SAMA considers this as inappropriate and anti-competitive, and where it becomes aware of such instances, SAMA will be taking vigorous action against such companies.
In order to promote accuracy of the above claims experience data, each company must adhere to the following procedures:
1. The Company’s hierarchy for signing off on the Claims Experience Form (attached) should be clearly documented and approved by the Company management. 2. The Internal Audit function must carry out a quarterly assessment of the accuracy of the Claims Experience Forms provided by the Company to policyholders. The findings of the Internal Audit must be properly documented, and must be submitted to the Company management. 3. SAMA will perform spot-checks to assess the accuracy of the Claims Experience Forms provided by the Company to policyholders. During these visits, the findings of the Internal Audit must be made available to SAMA’s inspection team. 4. SAMA expects that the Company will introduce measures to automate the completion of the Claims Experience Form in order to reduce the risk of errors or omissions.
FSB Document: Principles for an Effective Risk Appetite Framework
The Financial Stability Board (FSB) published the above document on November 18, 2013. The document sets out key elements for an effective risk appetite framework, an effective risk appetite statement, risk limits, and defining the roles and responsibilities of the board of directors and senior management in establishing the approved risk appetite statement. The document can be obtained from FSB website: financialstabiIityboard.org.
By January 1, 2017, each insurance company shall have met the standard represented by the above document. In addition, each insurance company has to submit progress reports to SAMA on July 1, 2016 and October 1, 2016 respectively.
Collecting and Recording Vital Characteristics Data for Non-Employees of the Company
This circular is currently available only in Arabic, please click here to read the Arabic version.Underwriting Instructions of Motor Insurance 2016
This section is currently available only in Arabic, please click here to read the Arabic version.Medical Expenses Insurance - Pricing Adequacy Report
With reference to SAMA Circular number (122) ‘Medical Expenses Insurance- Actuarial Pricing 2017’ dated 14 August 2017 and to SAMA Circular number (142) ‘Medical Expense Insurance - Pricing Adequacy Report 2017’ dated 14 December 2017, wherein SAMA required all insurance companies writing Medical Insurance Business to submit a ‘Pricing Adequacy Report’ for the business written in year 2017. Going forward, SAMA requires each insurance company to submit a 'Pricing Adequacy Report' at least twice every year.
The first pricing adequacy report for the year to cover the period from 1st January to 30th June and will be due by 15th Aug. The second pricing adequacy report for the year to cover the period from 1st January to 31st December and will be due by 25th January of the following year.
At a minimum, the report should meet the following requirements:
• The analysis must cover all policies issued/renewed during the period covered in the year with the policy effective date in that year. • Companies must provide the Appointed Actuary with all data and relevant information required by the Actuary in order to produce the report. Data must be provided in the format required by the Actuary. • In his report, the Appointed Actuary must highlight if any data deficiencies were observed, discussions held with the Company management to address those deficiencies, remedial action taken or planned to be taken in the future along with clear timelines. • The granularity of analysis must be commensurate with the nature of business written by each company. At a minimum, the policies underwritten shall be segmented as follows: ○ Experience-rated Group business ○ Book-rated Group business (including SMEs) ○ Family (including parents and newly-wed couples) ○ Domestic workers (driver, maid, etc.) ○ Visitors’ visa ○ Others
• For the purpose of this report, ‘technical price’ is defined as the price for a policy determined using the actuarial basis applicable at the time of issuing/renewing the policy, whereas ‘selling price’ represents the actual price at which the policy is sold. Both prices must include the same components, i.e. risk premium, commissions, expenses, profit margin, etc. in order to avoid any distortions to the comparison made. • Assumptions (if any) used in the above analysis should be clearly mentioned in the report, along with their justification. • The report should be signed jointly by the Chief Underwriting Officer (or equivalent) and the Appointed Actuary.
The Excel template attached at Appendix 1 to this Circular must be submitted along with the above reports. SAMA may update the template from time to time and share the updated template in advance of the deadline.
Moreover, since SAMA will require periodic submission of the pricing adequacy reports, it is expected that each company will automate the production of future reports in order to minimize the time and effort required for submission.
Actuarial Report on Appropriateness of Reinsurance/Retrocession Arrangements and Risk Retention Levels
With reference to Actuarial Work Rules for Insurance, Article 58 and Article 59, this circular contains instructions for the insurance company “Company” for submission of annual reinsurance report, hereinafter called “Report”. Where the Company writes inwards reinsurance business, all references to insurance and reinsurance in these instructions shall be deemed to read as reinsurance and retrocession respectively.
Purpose
The purpose of the Report is for the Appointed Actuary to:
- Enable the Company management and the Board of Directors to make informed decision on the Company’s reinsurance arrangements - Assess the appropriateness of existing reinsurance treaty (“Treaty”) arrangements of the Company, of existing risk retention levels under each line of business, of Treaty features (e.g., profit sharing mechanisms, variable commission, loss sharing mechanisms, etc.), using sound actuarial techniques - Make clear recommendations to the Company management and the Board of Directors on the improvements required to be made to the Treaty type, retention levels, and/or Treaty features, with due regard to the Company’s risk appetite, capital adequacy and exposures underwritten - Comment on the effectiveness of the Company’s procedures to assess whether or not any Treaty transfers significant insurance risk to the reinsurer
Report
The Report shall comprise the following sections, at a minimum:
1. Data
This shall include, at a minimum, the following:
a) Current Treaty arrangement for each line of business b) Historical reinsurance performance under both Treaty and Facultative arrangements c) Gross exposures currently underwritten and that expected to be underwritten next year d) Existing panel of reinsurers, their ratings, Treaty share, and ceded reserves e) Results of data reconciliation performed
2. Methodology
This shall include, at a minimum, the following:
a) Detailed description of methodologies used for each line of business, each treaty type, and each Treaty layer where non-proportional, including
i. Claim Distributions used for claims frequency, claims severity, and aggregate claims ii. Goodness-of-fit tests performed iii. Exposure curves used
b) Assumptions used, also identifying where those were based on external sources c) Adjustments made to the above analysis due to issues (if any) identified in data reconciliation d) Definition of ‘significant insurance risk’ and approach used to determine the effectiveness of the Company’s internal process for assessing whether or not any Treaty transfers significant insurance risk to the reinsurer
3. Results and Recommendations
This shall include, at a minimum, the following:
a) Clear recommendation on the appropriate Treaty arrangement, including risk retention levels and Treaty features, in respect of each line of business b) Detailed rationale supporting the above recommendation, also demonstrating consideration of the Company’s risk appetite, solvency position, and exposures underwritten at present and those expected to be written next year c) Recommendations on improving the Company’s internal process for assessing whether or not any Treaty transfers significant insurance risk to the reinsurer
A reinsurance template (“Template”), designed to capture a summary of the above Report, shall also be filled by the Appointed Actuary. The Template is attached as Appendix 1.
Submission
The Report and the Template 'attached' must be submitted via RMS as well as via email. For the purpose of this year submission only, the submission deadline will be postponed to 31st of October 2020, rather than 30th of September, which was instructed by SAMA; as per the issued circular dated 26/03/2020.
Scope of Actuarial Modelling
For this year only (2020), the scope of actuarial modelling has been reduced to cover i) at least 50% of reinsurance premium for the year 2020, or ii) a minimum of two lines of business, whichever is higher. To meet these criteria, the Appointed Actuary shall select the lines of business in agreement with Company management.
Board and Management Responsibilities
The Appointed Actuary must present his recommendations stated in the above Report to the Board of Directors within two (2) months of producing the Report, or before the Board's decision on next year's Treaty arrangements, whichever is earlier. The relevant minutes of the Board meeting, clearly identifying whether the Board accepted or rejected the above recommendations, in part or in full, must be submitted to SAMA within one month of holding the Board meeting.
For any clarifications, you may approach SAMA at IC.Tec@sama.gov.sa.
Appendix 1
Reinsurance Template (Attached)
Actuarial Report on Solvency and Capital
With reference to Article (56) of The Actuarial Work Rules for Insurance dated 06/07/1441H, wherein the Appointed Actuary shall investigate and provide advice to the insurance company on its solvency position and the adequacy of the capital that it holds.
This circular contains instructions for the insurance company “Company” for submission of the Solvency and Capital report, hereinafter called “Report”.
Purpose
The purpose of this report is for the Appointed Actuary to:
1) Enable the Company’s management and Board of Directors to understand the implications of the latest business plan on the future solvency position of the Company . 2) Determine significance of each risk faced by the Company through stress testing and scenario analysis, in order to facilitate informed decision-making by the Company management, its Board of Directors, and its various functions. 3) Make clear recommendations for consideration of the Company management and its Board of Directors to improve the Company’s risk profile, risk mitigation strategies, and its solvency position. Report
The report shall comprise of the following three sections:
A) Business Plan and Projected Solvency Position This section shall consist of the following:
1) Historical and Projected Income Statement 2) Historical and Projected Balance Sheet 3) Historical and Projected Solvency Ratio
B) Stress Testing For each stress test listed in Appendix 1, this section shall consist of the following:
1) Data used, including reconciliations performed and deficiencies observed 2) Assumptions made 3) Results of the stress test
C) Scenario Analysis For each scenario listed in Appendix 1, this section shall consist of the following:
1) Data used, including reconciliations performed and deficiencies observed 2) Assumptions made 3) Results of the scenario test
The stress tests and scenario analysis mentioned in Appendix 1 are the minimum required. The Company is encouraged to run additional stress tests and scenario analysis relevant for its risk profile. The outcome of these additional stress tests and scenario analysis shall be clearly documented in the report.
A Capital and Solvency template (“Template”), designed to capture a summary of the above Report, shall also be filled by the Appointed Actuary. The Template is attached as Appendix 2.
Submission
The Report and the Template must be submitted via RMS as well as via email by 24 December 2020.
Presentation to the Board of Directors
The Appointed Actuary must present his recommendations stated in the above Report to the Board of Directors within two (2) months of producing the Report. The relevant extracts from the minutes of the Board meeting must be submitted to SAMA within one month of holding the Board meeting.
Appendix 1 – Specifications for Stress and Scenario Tests
Stress Tests
Risk Sub risk Change in solvency Market Interest rate A 2% up and down stress on interest rate sensitive assets and liabilities; downward stress is subject to a floor of 0% Equity Reduction in of equity values :
50% decrease in equities listed on Tadawal or equities listed in OECD countries
60% decrease in Other equities (including those listed on Nomu and unlisted equities)
Property A decrease of 25 % in the value of investments in real estate, taking account of all direct and indirect exposures to property prices. Currency The maximum capital requirement of the following: scenario upward shock is an instantaneous rise in the value of 25% of the currency C against the local currency.
The scenario downward shock is an instantaneous fall of 25% in the value of the currency C against the local currency
Concentration The scope of this risk sub-module extends to assets considered under the equity risk and interest rate risk, and excludes assets covered under the counterparty default risk; stress applies to the exposure value in each category in excess of the threshold; property assets excluded due to current regulatory limits and hence lack of materiality; exclude Government bonds from the scope of this stress Counterparty Default Type 1: Reinsurers & Banks Captures the change in solvency ratio due to default of counterparties, including reinsurers, banks, brokers, agents, TPAs, policyholders, etc. Type 2: Other Counterparties Life Underwriting Mortality Increase of 15% in mortality rates for each age and each policy where the payment of benefits (either lump sum or multiple payments) is contingent on mortality risk Lapse 5 percentage point yearly increase/decrease (the decrease has a floor of 0%) in lapse rate over that assumed Expenses Increase in future inflation rate compared to best estimate assumption, where the Inflation Rate increases by 1 percentage point per annum over that assumed Non life Underwriting Premium Risk Increase in the projected net loss ratio, with low volatility lines of business experiencing 10% percentage points increase and high volatility lines experiencing 20% percentage points increase Reserves Risk Short fall in the net reserves, with short tail lines experiencing 10% shortfall and long tail lines experiencing 20% shortfall Scenario analysis
Scenario title Scenario description Health Pandemic Health Insurance: 2% of insureds are infected, of which - 10% of insureds require Hospitalization - 30% of insureds requiring Testing and Physician Consultation 25% of insureds get vaccinated Protection & Savings Insurance: 0.06% of insureds die (where policy terms do not exclude death due to pandemic) Natural CAT - Flood, hail etc. Cloudbursts over Jeddah city causing flooding affecting property and motor vehicles Manmade CAT - Energy Explosion and Fire in the oil refineries in the company's largest concentration of energy gross risk exposures (e.g. Ras Tanura) covered under a treaty (excluding facultative risks); consider both onshore and offshore exposures for identifying the largest concentration Manmade CAT - Property Consider a fire results in damage to the largest gross single property risk covered under a reinsurance treaty (excluding facultative risks) and in case if Health and P&S coverages apply to the same affected property, then there are 5% deaths and 25% injuries requiring hospital treatment Manmade CAT - Motor Liability Consider a major collision between your insured car and a passenger coach permanently disabling 5 passengers on board the coach. Assume coach passengers are European football league players travelling to a football match in Saudi Arabia; the football match gets cancelled as a result Manmade CAT - Marine A collision between an oil tanker and a cruise ship causing 50 deaths and 500 seriously injured people; the oil tanker is insured by your insurance company and is held responsible for the collision; all passengers of cruise ship are US citizens, so legal proceedings are held in US courts; the claims are in respect of marine hull and marine liability, including removal of wreckage and pollution Manmade CAT - Aviation Assume a collision of two passenger aircraft with full occupancy over Riyadh airport. One aircraft belongs to Saudi Airlines and the other one belongs to Fly Nas.
The collision causes 500 deaths (350 Saudia + 150 Fly Nas) and causes closure of Riyadh Airport for a number of days. The pilot of the aircraft insured by your company is held responsible for the accident.
Operational-cum-Cyber risk Your insurance company's systems get attacked by a ransomware (e.g. WannaCry, Petya) by international hackers from outside the Kingdom, causing all systems to come to a halt and policyholder data to be accessed illegally. This happens during the peak of renewal period (e.g., in December). The systems remain down for two weeks, leading to loss of renewals/new business. Eventually, the systems get restored after payment of ransom. Global recession Low economic activity leading to lower oil demand, causing the oil price to drop, many government/private projects to stall, economic activities to slow down causing recession, mas exodus of expatriates from Saudi Arabia, liquidity severely affected, policyholders pursue claims vehemently, fraud activities increase, all affecting the revenue and claims of insurance companies Appendix 2 - Solvency and Capital Template
(attached)
Persistency Report 2017
No: 201705000117 Date(g): 31/5/2017 | Date(h): 6/9/1438 This circular refers to the Persistency Report as required in the Actuarial Work Regulation.
A copy of this circular should be passed on to the Company’s Board of Directors, Audit Committee, Appointed Actuary, Risk Management officers and Compliance Officer.
Reference is made to Article (32) of the Actuarial Work Regulation.
Persistency Report
If the Insurance Company writes Savings products, then the Appointed Actuary shall submit an annual Persistency Report to the Company’s Management, Board of Directors and SAMA by the end of the fifth month of the financial year. For the year 2017, this deadline has been revised to 31 July 2017.
The report, at the minimum, shall cover the following:
a. The report should separately consider all material individual long-term Protection and Savings products written by the Company including, but not limited to, the following product types:
i. Term ii. Universal Life iii. Unit-linked
Group business should be excluded from the persistency study. b. Persistence Rates should be determined on a monthly basis for the first three policy years of the product from inception, and annually for policy year four onwards. c. Persistency Rates should be determined both by annualised premium and by numbers of policies. d. Persistency rates should be determined separately for each distribution channel including, but not limited to, the following:
i. Bancassurance ii. Agency iii. Broker iv. Direct v. Online
e. Persistency Rates should be determined separately by the frequency of premium payment.
i. Monthly ii. Quarterly iii. Semi-annual iv. Annual v. Single premium (only by number of policies)
f. Persistency Rates should be determined separately by region. g. The Period of Investigation must be stated explicitly.
i. All data up to December 31, 2016, should be included in the persistency report. ii. It is important that lapse rates are derived separately for policies issued in each calendar year. iii. The Period of Investigation shall be a minimum of 5 years or since the time the Company started selling the Savings portfolio if less.
h. A precise statement of how the Exposure has been determined should be stated. It is expected that exposures will be determined using the precise number of days to which all policies are in-force and paying premiums.
i. Show all policy status to be included in the exposure calculation Refer to Appendix 1. ii. Exclude policies cancelled during the ‘Free Look’ period from the persistency analysis.
i. A precise definition of the lapse event considered should be stated.
i. Show all policy status included in the lapse event. ii. Lapses should include all policyholder selected options that lead to all premium payments under the contract ceasing permanently. iii. Each type of lapse should be identified separately. Refer to Appendix 1. iv. Exclude policies cancelled during the 'Free Look' period from the persistency analysis. v. Explain treatment of Waiver of Premium (WOP) claims.
j. The number of policies and total annualized premiums that are cancelled within the "Free Look” period permitted by Article (26) of the Insurance Market Code of Conduct Regulation should be stated. k. The report should also consider all other events that represent a reduction in the policyholders' commitment to paying regular premiums at the initial contracted level. This would include partial surrenders, policy loans, policies being made paid up either through the choice of the policyholder or due to premiums ceasing, and premium decrements to a lower level than the initial level of the annualised premium. l. The Company’s process for lapsing policies should be set out in detail. In particular, the process when a premium is not received should be stated. Full details should be provided of all policies with outstanding premiums on the final day of the Period of Investigation. Late premiums should be subdivided by the number of weeks those are over-due by. m. The Appointed Actuary should investigate the Company’s history of collecting premiums from policies where premiums are over-due. n. In addition to the calculation of the lapse rates, the Appointed Actuary should also show the in-force rates, that is, the proportion of policies, by number and annualised premiums, where full premiums have been received by the Company. o. The Appointed Actuary should compare the persistency rates determined with the in-force rates. Differences may arise from pipeline delays in processing lapse events after premium due dates. Where there are material differences in the in- force rates and the persistency rates, the Appointed Actuary should investigate further to analyse the proportion of policies which resume paying premiums when payments are overdue. p. If the Company has more than one distinct portfolio of Protection & Savings business, then the Appointed Actuary should produce separate persistency reports for each portfolio. q. The Appointed Actuary is not required to sub-divide his analysis beyond the level of materiality. However, any simplifications in the analysis must be justified in numerical terms. r. The Appointed Actuary should consider whether there is sufficient data to be able to assess useful confidence intervals around the lapse rates determined. If there is sufficient data, then confidence intervals should be shown as appropriate. s. Use of an automated IT system to perform the persistency analysis is highly encouraged to enable the Company to generate persistency reports periodically. t. Refer to Appendix 1 for a table of contract statuses showing exposures and lapse types that should be considered.
Furthermore, some considerations to be addressed are discussed below:
Reports
The Appointed Actuary must ensure that the actuarial report is clear and comprehensive so that another experienced Actuary can follow the report and come to a similar conclusion as recommended by the Appointed Actuary. The report must contain, as a minimum, the following:
a. A clear statement that he or she is acting in a formal capacity as the Appointed Actuary. b. A description of the actuarial guidance that is being followed. c. Dates of all prior reports on persistency prepared by the Appointed Actuary in relation to the Company. d. Comments on all related reports from other actuaries that were produced for the client Company. e. If the prior actuarial reports were not reviewed or considered, full justification should be provided for the lack of such review. f. Material changes to the methodology and assumptions from prior reports should be summarised and highlighted, and the reasons for such changes should be explained. g. Explanation of the selection of all material assumptions and the reason for their choice provided. Any reliance on an external source should be documented. h. An explanation of the methodology adopted by the Appointed Actuary should be included. The formulae used should be clearly documented. i. Other actuaries who worked on the report should be identified. j. Any financial, organizational or other dependency concerning any matter related to the subject of the report, and any relevant information that is not apparent should be disclosed k. A glossary of terms used. l. The Appointed Actuary may show smoothed results for persistency, provided he also shows results using raw data. m. A statement that the lapse rates determined are consistent with other financial modelling carried out. n. A comparison between the new set of results and the previous set from the last persistency analysis. o. For internal reporting, a persistency study should be performed at least twice a year or more frequently at the discretion of the Company and the Appointed Actuary. p. Commentary on the persistency results and recommendations for management to be included in order to provide a better understanding of the results.
Data
The Appointed Actuary must take all reasonable steps to ensure the consistency, accuracy and completeness of the data used in the analysis. All formal reports should contain, as a minimum, the following:
a. Confirmation that the available data allows the desired analysis to be completed in the Appointed Actuary’s professional judgment. b. Disclosure of known material data limitations and their implications. c. A full description of the data that was used. d. A full description of all data validations carried out. e. The precise Period of Investigation that the data is derived from must be stated. f. Reasonableness checks against data in the most recent prior reports should be described. g. Any adjustments or filtering of the raw data should be explained, and an attempt made to measure the impact. h. if the Appointed Actuary decides that performing a data review is not possible, the report should indicate that such a review has not be carried out (and the reason behind that) and should disclose any resulting limitation on the use of the actuarial work produced. i. It is not acceptable for an Appointed Actuary’s report to include caveats that seek to place full reliance on others for data quality issues. The Appointed Actuary is expected to carry out sufficient checks to satisfy himself or herself in the results of the report presented.
Appendix 1: Contract Status
Below is the table of contract statuses showing exposures and lapse types that should be considered:
Contract Status Exposure Lapse Identify Rates Separately Cancelled During ‘Free Look' period Exclude Exclude In-Force Include full period Exclude Death or other risk claim leading to policy termination Include to event Exclude Expired Include to event Exclude Maturity Include to event Exclude Lapse without value Include to event Include Yes Surrendered with a payment made Include to event Include Yes Paid Up - Policyholder request Include to event Include Yes Paid Up - Lost contact with Policyholder Include to event Include Yes Conversion of product to type requiring no future premium payments Include to event Include Yes Premium Holiday Include full period Exclude Yes Policy Loan (if permitted) Include full period Exclude Yes Premium Decrement Include full period Exclude Yes Partial Surrender Include full period Exclude Yes Conversion of product to type requiring lower future premium payments Include full period Exclude Yes Waiver of Premium on Disability Include to event Exclude Persistency Report
This circular refers to the Persistency Report as required in the Actuarial Work Regulation.
A copy of this circular should be passed on to the Company’s Board of Directors, Audit Committee, Appointed Actuary, Risk Management officers and Compliance Officer.
Reference is made to Article (32) of the Actuarial Work Regulation.
Persistency Report
If the Insurance Company writes Savings products, then the Appointed Actuary shall submit an annual Persistency Report to the Company’s Management, Board of Directors and SAMA by the end of the fifth month of the financial year.
The report, at the minimum, shall cover the following:
a. The report should separately consider all material individual long-term Protection and Savings products written by the Company including, but not limited to, the following product types:
i. Term ii. Universal Life iii. Unit-linked
Group business should be excluded from the persistency study. b. Persistence Rates should be determined on a monthly basis for the first three policy years of the product from inception, and annually for policy year four onwards. c. Persistency Rates should be determined both by annualised premium and by numbers of policies. d. Persistency rates should be determined separately for each distribution channel including, but not limited to, the following:
i. Bancassurance ii. Agency iii. Broker iv. Direct v. Online
e. Persistency Rates should be determined separately by the frequency of premium payment.
i. Monthly ii. Quarterly iii. Semi-annual iv. Annual v. Single premium (only by number of policies)
f. Persistency Rates should be determined separately by region. g. The Period of Investigation must be stated explicitly.
i. All data up to December 31 of the preceding year should be included in the persistency report. ii. It is important that lapse rates are derived separately for policies issued in each calendar year. iii. The Period of Investigation shall be a minimum of 5 years or since the time the Company started selling the Savings portfolio if less.
h. A precise statement of how the Exposure has been determined should be stated. It is expected that exposures will be determined using the precise number of days to which all policies are in-force and paying premiums.
i. Show all policy status to be included in the exposure calculation. Refer to Appendix 1. ii. Exclude policies cancelled during the ‘Free Look’ period from the persistency analysis.
i. A precise definition of the lapse event considered should be stated.
i. Show all policy status included in the lapse event. ii. Lapses should include all policyholder selected options that lead to all premium payments under the contract ceasing permanently. iii. Each type of lapse should be identified separately. Refer to Appendix 1. iv. Exclude policies cancelled during the ’Free Look’ period from the persistency analysis. v. Explain treatment of Waiver of Premium (WOP) claims.
j. The number of policies and total annualized premiums that are cancelled within the “Free Look” period permitted by Article (26) of the Insurance Market Code of Conduct Regulation should be stated. k. The report should also consider ail other events that represent a reduction in the policyholders’ commitment to paying regular premiums at the initial contracted level. This would include partial surrenders, policy loans, policies being made paid up either through the choice of the policyholder or due to premiums ceasing, and premium decrements to a lower level than the initial level of the annualised premium. l. The Company’s process for lapsing policies should be set out in detail. In particular, the process when a premium is not received should be stated. Full details should be provided of all policies with outstanding premiums on the final day of the Period of Investigation. Late premiums should be subdivided by the number of weeks those are over-due by. m. The Appointed Actuary should investigate the Company's history of collecting premiums from policies where premiums are over-due. n. In addition to the calculation of the lapse rates, the Appointed Actuary should also show the in-force rates, that is, the proportion of policies, by number and annualised premiums, where full premiums have been received by the Company. o. The Appointed Actuary should compare the persistency rates determined with the in-force rates. Differences may arise from pipeline delays in processing lapse events after premium due dates. Where there are material differences in the in-force rates and the persistency rates, the Appointed Actuary should investigate further to analyse the proportion of policies which resume paying premiums when payments are overdue. p. If the Company has more than one distinct portfolio of Protection & Savings business, then the Appointed Actuary should produce separate persistency reports for each portfolio. q. The Appointed Actuary is not required to sub-divide his analysis beyond the level of materiality. However, any simplifications in the analysis must be justified in numerical terms. r. The Appointed Actuary should consider whether there is sufficient data to be able to assess useful confidence intervals around the lapse rates determined. If there is sufficient data, then confidence intervals should be shown as appropriate. s. Use of an automated IT system to perform the persistency analysis is highly encouraged to enable the Company to generate persistency reports periodically. t. Refer to Appendix 1 for a table of contract statuses showing exposures and lapse types that should be considered.
Furthermore, some considerations to be addressed are discussed below:
Reports
The Appointed Actuary must ensure that the actuarial report is clear and comprehensive so that another experienced Actuary can follow the report and come to a similar conclusion as recommended by the Appointed Actuary. The report must contain, as a minimum, the following:
a. A clear statement that he or she is acting in a formal capacity as the Appointed Actuary. b. A description of the actuarial guidance that is being followed. c. Dates of all prior reports on persistency prepared by the Appointed Actuary in relation to the Company. d. Comments on all related reports from other actuaries that were produced for the client Company. e. If the prior actuarial reports were not reviewed or considered, full justification should be provided for the lack of such review. f. Material changes to the methodology and assumptions from prior reports should be summarised and highlighted, and the reasons for such changes should be explained. g. Explanation of the selection of all material assumptions and the reason for their choice provided. Any reliance on an external source should be documented. h. An explanation of the methodology adopted by the Appointed Actuary should be included. The formulae used should be clearly documented. i. Other actuaries who worked on the report should be identified. j. Any financial, organizational or other dependency concerning any matter related to the subject of the report, and any relevant information that is not apparent should be disclosed. k. A glossary of terms used. l. The Appointed Actuary may show smoothed results for persistency, provided he also shows results using raw data. m. A statement that the lapse rates determined are consistent with other financial modelling carried out. n. A comparison between the new set of results and the previous set from the last persistency analysis. o. For internal reporting, a persistency study should be performed at least twice a year or more frequently at the discretion of the Company and the Appointed Actuary. p. Commentary on the persistency results and recommendations for management to be included in order to provide a better understanding of the results.
Data
The Appointed Actuary must take all reasonable steps to ensure the consistency, accuracy and completeness of the data used in the analysis. All formal reports should contain, as a minimum, the following:
a. Confirmation that the available data allows the desired analysis to be completed in the Appointed Actuary’s professional judgment. b. Disclosure of known material data limitations and their implications. c. A full description of the data that was used. d. A full description of all data validations carried out. e. The precise Period of Investigation that the data is derived from must be stated. f. Reasonableness checks against data in the most recent prior reports should be described. g. Any adjustments or filtering of the raw data should be explained, and an attempt made to measure the impact. h. If the Appointed Actuary decides that performing a data review is not possible, the report should indicate that such a review has not be carried out (and the reason behind that) and should disclose any resulting limitation on the use of the actuarial work produced. i. It is not acceptable for an Appointed Actuary’s report to include caveats that seek to place full reliance on others for data quality issues. The Appointed Actuary is expected to carry out sufficient checks to satisfy himself or herself in the results of the report presented.
Appendix 1: Contract Status
Below is the table of contract statuses showing exposures and lapse types that should be considered:
Contract Status Exposure Lapse Identify Rates Separately Cancelled During ‘Free Look’ period Exclude Exclude In-Force Include full period Exclude Death or other risk claim leading to policy termination Include to event Exclude Expired Include to event Exclude Maturity Include to event Exclude Lapse without value Include to event Include Yes Surrendered with a payment made Include to event Include Yes Paid Up - Policyholder request Include to event Include Yes Paid Up - Lost contact with Policyholder Include to event Include Yes Conversion of product to type requiring no future premium payments Include to event Include Yes Premium Holiday Include full period Exclude Yes Policy Loan (if permitted) Include full period Exclude Yes Premium Decrement Include full period Exclude Yes Partial Surrender Include full period Exclude Yes Conversion of product to type requiring lower future premium payments Include full period Exclude Yes Waiver of Premium on Disability Include to event Exclude Financial Condition Report “FCR” Submission for 2018
This circular refers to the Insurance and/or Reinsurance Company’s ‘‘Company” annual Financial Condition Report “FCR” submission for 2018. Reference is made to Cooperative Insurance Companies Control Law’s Implementing Regulation Article (20) part “Second” and “Third”, Article (69) Part (1), and Article (28) of the Actuarial Work Regulation.
Submission Deadlines
The Company must submit the FCR to SAMA by 28 February 2019 along with the FCR Reporting Template. However, the following documents shall be submitted as per the below timelines:
a. 31 January 2019 - Reserving section of FCR Reporting Template duly filled in, based on the results of the reserving exercise as at 31 December 2018 - Appendix 1
b. 7 February 2019 - Actuarial Reserve Report as at 31 December 2018 (this will be a subset of the FCR)
FCR Contents
1. Data:
a) A description of the data used in the analysis should be included in the report. b) Adjustments to the raw data by the Company or the Appointed Actuary should be explained. c) Any issues regarding consistency, completeness, or accuracy of data should be documented. Data validation checks carried out should be described. The report should clearly identify the data issues resolved and those still outstanding when the report was produced. d) Reconciliations should be carried out, at a minimum, for Gross Written Premium, Net Written Premium, Gross Earned Premium, Net Earned Premium, Gross Claims Paid, Gross Claims Outstanding, Net Claims Paid and Nel Claims Outstanding, Salvage and Subrogation. Reconciliations should be against financial data, the previous years' FCR, and pricing report data where applicable. e) It is not sufficient to rely on Reconciliations in validating the data. Other data checks to be carried out are left to the professional judgement of the Appointed Actuary. In particular, the Appointed Actuary should comment on
a. the accuracy of data relating to Outstanding Salvage & Subrogation recoveries, and all validation performed should be documented. b. the claims backlog and its comparison with historical trend
f) A statement on the overall quality of data, encompassing its accuracy, appropriateness and completeness should be included.
2.
Data Deficiency Reserve
a) All companies are required to provide the required data to their Appointed Actuary in a format that allows sufficiently detailed analysis to be carried out. b) Medical Expense Insurance claim data must be provided to the Appointed Actuary in a format that allows monthly paid and incurred claims delay tables to be constructed. The Appointed Actuary should use professional judgement to decide on the appropriate granularity of data to use. c) If the Company is unable to provide medical claims data in a format that allows monthly paid and incurred claims delay tables to be constructed, then it must establish a Data Deficiency Reserve of 5% of Medical Expenses Insurance Net Written Premium. d) For all other products, except for long term Protection and Savings business, data must be provided to the Appointed Actuary in a format that allows quarterly paid and incurred claims delay tables to be constructed. The Appointed Actuary should use professional judgement to decide on the appropriate granularity of data to use. e) If the Company is unable to provide data for any other products or lines of business, except for long term Protection and Savings business, in a format that allows quarterly paid and incurred claims delay tables to be constructed for that product or line of business, then it must establish a Data Deficiency Reserve of 5% of the relevant Net Written Premium.
3. Unearned Premium Reserve (UPR)
a) For all one-year policies, except for Marine Cargo Open Cover policies, the UPR must be determined on a 1/365th basis, based on the assumption that the risk is uniform over the policy year. b) For Marine Cargo Open Cover policies, where dates of voyages are usually not available, UPR shall be estimated using the last three months’ premium for the relevant period as per Article 69(2) of Implementing Regulation. c) For shorter-than-one-year Marine Cargo policies, UPR shall be determined:
i. Using straight-line method over the policy term as in (a) above; or ii. In the absence of data required for (i) above, using the last three months’ premium for the relevant period as per Article 69 (2) of Implementing Regulation.
d) For Engineering Construction projects with policy terms in excess of one year, the Appointed Actuary shall assume that the risk will increase linearly over the policy term in determining the UPR. Companies shall continue to adopt the spreadsheet provided by SAMA with the 2013 FCR to support the calculations, unless the Appointed Actuary has sufficient claims data to carry out full analysis of the incidence of risk. In such cases, the premium earnings pattern may be derived based on this analysis, subject to full documentation of the analysis performed. e) The Company should note that for policies covering Engineering Construction projects with policy terms in excess of one year, premiums should be assumed due on the dates agreed with the Policyholder for the purpose of establishing Doubtful Debt Reserves according to Article 69(2)(d) of the Implementing Regulation. f) For Extended Warranty policies with terms in excess of one year, the Appointed Actuary shall assume that the risk will increase linearly over the policy term in determining the UPR. The spreadsheet, referred to under Item (d) above, should be used for this purpose, unless the Appointed Actuary has sufficient claims data to carry out full analysis of the incidence of risk. In such cases, the premium earnings pattern may be derived based on this analysis, subject to full documentation of the analysis performed. g) For Visitor-visa Medical Expense insurance policies with policy term in excess of one year, the Appointed Actuary shall assume that the risk is uniform over the policy term. h) For the purpose of reporting in the FCR Reporting Template, the UPR in items (d) and (f) must be split into two components as below:
i. UPR determined based on the assumption that the risk is uniform over the policy term. ii. Additional UPR determined reflecting the difference between the UPR determined assuming a linearly increasing risk (as per items (d) and (f) above) and sub-para (i) above.
4. Premium Deficiency Reserve (PDR)
a) If the Company has insufficient unearned premium reserve against the corresponding projected claims and expenses under a line of business, then it must hold a Premium Deficiency Reserve for that line of business. b) For the purpose of PDR calculation, allocation of expenses to individual lines of business must be supported by a comprehensive expense analysis. This expense analysis must form a part of the Actuarial Reserve Report as an appendix. For the purpose of this expense analysis, where the Appointed Actuary relies on the outputs produced by other functions (e.g., Finance) of the Company, the Appointed Actuary must satisfy himself/herself with the completeness, accuracy and appropriateness of that analysis, including the input data used for that analysis. c) Where certain expenses are treated as ‘non-recurring’, it must be documented in the Actuarial Reserve Report along with the justification for this treatment.
5. Claim Reserves - all lines (excluding long-term Protection & Savings)
a) Full claims triangles used to determine the claims reserves must be shown in the Appointed Actuary's report. b) 'Actual v Expected’ analysis showing the deviation of the projected claims development based on data as at 31 December 2017 from the actual claims developments during the year 2018 for each prior accident period. The report should clearly state the treatment of the above deviations for the purpose of determining the claims reserves as at 31 December 2018. This analysis is required for all lines of business, unless the Appointed Actuary considers a line of business to be immaterial. c) The report should clearly identify all material assumptions used and judgments made, along with their justification, so that another actuary with appropriate skills can reproduce the results independently. d) Claims reserves analysis must consider more than one reserving methodology. For Motor and Medical Expenses lines of business written on a direct basis, both ‘paid claims-based’ and ‘incurred claims-based’ methods must be used. For other lines of business, it is preferred that the Appointed Actuary considers both ‘paid claims-based’ and ‘incurred claims-based’ methods. The Appointed Actuary should use his professional judgment when selecting results based on a particular methodology or a combination of methodologies. The justification for this selection must be documented. e) All reserve projections must be carried out on a Gross-of-recoverables basis, and where possible, all recoverables (i.e., reinsurance, salvage, and subrogation) must be projected separately. The method of estimating the reserves for recoverables must be fully described. f) Claims reserves must not be discounted, unless required by the nature of those claims, e.g., annuity payments under a liability claim. Where discounted, the discount rate assumed must be clearly stated in the report. g) Methodology for estimating the ‘Unallocated’ Loss Adjustment Expense reserves must be fully described. Where incurred-but-not- reported claims reserves are inclusive of the ‘Allocated’ Loss Adjustment Expenses, it must be documented accordingly.
6. Claim Reserves - Additional Requirements for Motor
a) In the past, SAMA had expressed concerns over the reliability of outstanding Salvage & Subrogation claims data. Where the Appointed Actuary intends to use the outstanding Salvage & Subrogation claims data for projecting future recoveries, this must be supported by a detailed analysis of historical recoveries. b) Generally, SAMA expects that, at a minimum, the reserving analysis for motor class will be split by claim-type (i.e., own damage, third party property damage, and bodily injury/death) and by policyholder-type (i.e., corporate and retail), unless the Appointed Actuary can demonstrate that a higher level of data aggregation does not distort the reserve estimates.
7. Claim Reserves Uncertainty
a) The Appointed Actuary must estimate the uncertainty around his/her estimate of the claim reserves. The analysis of reserve uncertainty should be carried out separately for each line of business, and, preferably, also at the portfolio level. b) The Appointed Actuary should use standard actuarial methodologies to estimate the above uncertainty. This may include Bootstrapping techniques, Mack Method, or simply a range of results under various reserving methodologies.
8. Protection & Savings (P&S) Insurance
Detailed instructions for Protection & Savings Insurance are shown below.
a) Method of calculation of the Mathematical Reserves of P&S business
i. The determination of the amount of Mathematical Reserves in respect of the liabilities in the P&S Class, (other than liabilities which have fallen due for payment before the valuation date) shall be made on actuarial principles which have due regard to the reasonable expectations of Policyholders and shall make proper provision for all liabilities on a best estimate basis . ii. The determination shall take account of all prospective liabilities as determined by the policy conditions for each existing contract, taking credit for premiums payable after the valuation date. iii. Allowance should be made for future bonuses, guaranteed benefits including guaranteed surrender values and options, if any. iv. The method of calculation of the amount of the Mathematical Reserves and the assumptions used shall be such as to recognise the distribution of profits in an appropriate way over the duration of each policy. v. The method of calculation of the amount of the Mathematical Reserves and the assumptions used shall not be subject to discontinuities from year to year, unless it can be fully justified. Where any changes are made to the method of calculation or the assumptions used, the impact of each change must be estimated individually in comparison with the method and assumptions used for the previous valuation. vi. All assumptions must be appropriately justified and documented in the Actuarial Reserve Report.
b) Acquisition expenses
i. In order to reduce the reserve strain during the first policy year, the Company may use Zillmer Reserve Method. ii. The increase permitted by subparagraph (a) above shall be subject to the limitation that the amount of the future premium valued shall not in any event be greater than the amount of the premium actually payable by the policyholder.
c) Unit-linked contracts
i. Where the benefits payable under a contract are wholly or in part unit- linked benefits, the amount of the Mathematical Reserves determined in respect of those linked benefits shall not be less than the value of the underlying assets. ii. The Appointed Actuary should consider whether any reserves additional to the unit liability should be held for unit-linked policies. In particular, possible future shortfalls in expense margins should be considered by projecting future cash-flows on each unit-linked policy, using appropriate assumptions.
d) Mathematical Reserves on Group Life business
It should be noted:
i. The Mathematical Reserve for Employer Sponsored Group Life contracts written on a unit-rated basis where the premium for each individual is not known should be valued by calculating an Unearned Premium Reserve (UPR) for the proportion of the Gross total premium under the contract relating to the remaining period from the valuation date until the expiry of the current period of insurance. ii. The Appointed Actuary should consider carefully whether the premiums for the class of group protection business taken as a whole (with due account being taken of reinsurance arrangements) is adequate, in light of actual experience to date and expected future experience, and if necessary determine an Unexpired Risk Reserve in addition to the UPR. It is acceptable for an Unexpired Risk Reserve to be held at the Company-level so that the Company’s overall experience is taken into account. iii. Deferred acquisition costs arising from group business may not be used as an asset to offset the Mathematical Reserve.
e) Mathematical Reserves on Group Credit Life business
i. The Mathematical Reserve for Group Credit Life contracts covering customers of banks and finance companies, and written on a unit-rated basis should be set separately for each policy based on its own historical and projected future experience. ii. The Company must provide the Appointed Actuary with all quotation data received in respect of any Credit Life scheme that has been in-force with the Company for less than three full policy years. iii. Loss rates per mille of Sum Insured should be considered for at least the past three years. iv. If there has been a material increase in in-force business over the year, then in the absence of individual age data, the Appointed Actuary should make appropriate assumption on the average age of new joiners. v. Where disability cover is provided with a deferred period then it should be assumed that the insurance company will not be advised of any claim until the end of the deferred period.
f) Outstanding claims (including IBNR)
i. The Appointed Actuary should identify the reserves that are held in respect of outstanding claims and confirm that the accounts accurately reflect them. ii. Outstanding Claims (including IBNR) may assume claims reporting delay patterns are homogenous for all Protection & Savings business except Group Credit Life. iii. Outstanding claims (including IBNR) for Group Credit Life should be determined on a scheme-by-scheme basis taking into account the slower claims reporting characteristic of this product, and the historic experience available.
g) Contents of the Report to SAMA, certificates and signatures
The Appointed Actuary’s report must include, at a minimum:
i. A brief description of each of the main types of contract, sufficient so that the methods and assumptions used in the valuation can be understood. Particular reference should be made to any options and guarantees under the contracts. For unit-linked contracts, full details of the charges made to Policyholders should be set out. Full details of each Group Credit Life scheme insured by the Company should be included within the report. ii. A statement describing the valuation method for contracts that are not unit-linked contracts. iii. Where a retrospective valuation method has been used, a statement giving details of the tests carried out to ensure that the resulting amount of the Mathematical Reserves are no lower than that required if a prospective calculation is used. iv. A statement of all the rates of interest assumed in the valuation, and the types of contracts that each rate applied to. v. A statement of all the rates of mortality and disability assumed in the valuation, the types of contract that each rate applied to and full details of the investigations undertaken to validate the assumptions made. Where standard tables are used, reference must be made to those standard tables. vi. A detailed description of the investigations undertaken to analyse the expenses of the Company between acquisition expenses and renewal expenses, and between different categories of product, together with all the relevant information used in the analysis. vii. A description of how the valuation allows for voluntary discontinuation, together with a justification for the assumptions used. viii. A detailed description of how the valuation allows for the Company’s expected future expenses, showing how the expense allowances in the valuation relate to the actual renewal expenses incurred as determined in sub-paragraph (f) above. ix. A description of the way in which the valuation makes proper provision, either explicitly or implicitly, for future bonuses for participating contracts in a manner consistent with the other assumptions on future experience and with the current method of distribution of bonuses. x. A description of the way in which the valuation makes provision for options and guarantees. xi. A description of all changes in the method of calculation of the Mathematical Reserves or in the assumptions used, together with the full justification and the impact of each change individually. xii. Where additional amounts have been set aside on an aggregated basis for general risks that are not individually assessed, a statement giving details of the additional amounts, the justification and methodology for calculation.
9. Reinsurance Accruals
a) Where any reinsurance treaty includes Swing Rates, or any adjustment reinsurance premium or commissions based on the claims experience under the treaty or a loss participation clause, then the Appointed Actuary is required to determine an explicit Reinsurance Accrual Reserve. The results of the calculation must be provided to the Finance function in order to book those amounts under appropriate categories within the Company’s Financial Statement (e.g. amount payable to or receivable from reinsurers, etc.). b) For any treaty where the reinsurance premium or reinsurance commissions are adjusted based on claims experience, the Reinsurance Accrual Reserve should be based on the projected ultimate loss ratio.
10. Reinsurance Adequacy Analysis
a) The Appointed Actuary must review all effective reinsurance treaties. The Appointed Actuary must comment on the value for money provided by each treaty and its appropriateness given the risks underwritten by the Company. In addition, the Appointed Actuary is required to comment on the amount of risk transfer under the treaty, and as to why it should not be considered as Finite Reinsurance.
11. Other Contents of FCR
a) The Appointed Actuary must ensure that, in addition to the above, the FCR produced covers all other requirements as per the regulations and meets the applicable professional standards of the relevant actuarial organisation.
Board and Management Responsibilities
a) The Company’s Board of Directors and management are ultimately responsible for ensuring that the reserves booked in the financial statements are adequate. SAMA expects that the Company will book reserves equal to or higher than those recommended by the Appointed Actuary.
b) In those rare circumstances, where the Company intends to book reserves lower than those recommended by the Appointed Actuary, it has to be approved by the Board of Directors, and the CEO of the Company must inform SAMA immediately, along with an appropriate justification, including the external auditor’s views on the proposed reserves. In such cases, it is likely that SAMA will require additional evidence that may include an independent reserving exercise as at 31 December 2018 carried out at the Company’s expense. Until the Company has obtained clearance from SAMA, the Company must not publish its financial statements.
c) The Appointed Actuary must, in addition, prepare a short summary document highlighting the key findings in the FCR. This should be no more than five pages in length, and should be submitted to the Board of Directors of the Company as a Board paper, with the Appointed Actuary’s full report being an appendix to the Board paper.
d) SAMA requires that the Appointed Actuary present his findings and recommendation at a Board Meeting, to be held before 30April 2019.
Compliance
a) A copy of this Circular should be shared with the Company’s Board of Directors, Audit Committee, Chief Financial Officer, Appointed Actuary, External and Internal Auditors,. Risk Management officers and Compliance Officer.
b) If, in SAMA’s view, the Actuarial Reserve Report does not meet generally accepted professional standards, then SAMA may require that an independent reserving exercise as at 31 December 2018 be carried out at the Company’s expense for submission to SAMA at a date decided by SAMA.
Appendix 1
FCR Reporting Template (attached)
All data and reports, including the above template, must be submitted via RMS.
Renewal of Permit Issued by SAMA for Liberal Professions Pertaining to Insurance and / or Reinsurance Activities
This section is currently available only in Arabic, please click here to read the Arabic version.Dedicated Account for Doubtful Debts
In reference to paragraph (d) of Article Sixty-Nine of the Implementing Regulations of the Cooperative Insurance Companies Control Law, which stipulates that " doubtful debts reserves shall be calculated, at a minimum, as follows:
1- Ten percent (10%) of the total amounts due from reinsurers exceeding 180 days. 2- Fifteen percent (15%) of the total amounts due from the insured exceeding 90 days. 3- Twenty-five percent (25%) of the total amounts due from the insured exceeding 180 days. 4- Seventy-five percent (75%) of the total amounts of uncollected receivables exceeding 360 days. 5- One hundred percent (100%) of any disputed and uncollected receivables. " I inform you that the insurance premiums amounts for policies issued to the insured are fully due as of the date of commencement of insurance coverage for policies, (The Inception Date), and the provision for doubtful debts must be calculated on this basis and according to the percentages mentioned in the text of the aforementioned article. We hope to correct the provision for doubtful debts to the company if it is not in accordance with the text of the article, and to fully comply with the above as of 1/1/2011.
Submitting Financial Results, External Auditors' Reports, and Advertisement Forms
This section is currently available only in Arabic, please click here to read the Arabic version.Benefiting From the "Maher" Program Graduates 12/12
I would like to inform that the Human Resources Development Fund "Hadaf" launched the "Maher 12/12" program to train and qualify human cadres in programs approved by training bodies in many professions required for the labor market. The program aims to train (12,000) job seekers in several professions by 2012.
Since a number of trainees graduated from the insurance program to work in insurance-related jobs such as underwriting, claims settlement, marketing, sales, risk management, health insurance and customer service, and in order to provide them with job opportunities in insurance companies in addition to providing job resources for insurance companies, I hope to communicate with the Human Resources Development Fund and benefit from the graduates of the program. You can contact the General Administration of the King Fahd National Employment Center.
Financial Condition Report (FCR) for 2017
This circular refers to the company’s Financial Condition Report (FCR) for 2017. Reference is made to part “Second” of Article (20), part “Third” of Article (20), Part (1) of Article (69) of the Implementing Regulations, and Article (28) of the Actuarial Work Regulations.
Submission Deadlines
The Company must submit the required documents to SAMA according to the following schedule:
• 1 February 2018 - Reserving section of FCR Reporting Template duly filled in based on the results of the reserving exercise as at 31 December 2017 — Appendix 1 • 11 February 2018 — Actuarial Reserve Report as at 31 December 2017 (this will be a subset of the Financial Condition Report) • 31 March 2018 - Financial Condition Report as at 31 December 2017, along with the FCR Reporting Template
Financial Condition Report Contents
1. Data
a) A description of the data used in the analysis should be included in the report. b) Adjustments to the raw data by the Company or the Appointed Actuary should be explained. c) Any issues regarding consistency, completeness, or accuracy of data should be documented. Data validation checks carried out should be described. The report should clearly identify the data issues resolved and those still outstanding when the report was produced. d) Reconciliations should be carried out, at a minimum, for Gross Written Premium, Net Written Premium, Gross Earned Premium, Net Earned Premium, Gross Claims Paid, Gross Claims Outstanding, Net Claims Paid and Net Claims Outstanding, Salvage and Subrogation. Reconciliations should be against financial data, the previous years’ FCR, and pricing report data where applicable. e) It is not sufficient to rely on Reconciliations in validating the data. The other data checks to be carried out are left to the professional judgement of the Appointed Actuary. f) Data checks carried out for 31 December 2017 should build on those carried out as at 30 September 2017 (see below).
2. Data Deficiency Reserve
a) All companies are required to provide the required data to their Appointed Actuary in a format that allows sufficiently detailed analysis to be carried out. b) Medical Expense Insurance claim data must be provided to the Appointed Actuary in a format that allows monthly paid and incurred claims delay tables to be constructed. The Appointed Actuary is not necessarily required to use monthly data, but he/she should use professional judgement to decide on the appropriate granularity of data to use. c) If the company is unable to provide medical claims data in a format that allows monthly paid and incurred claims delay tables to be constructed, then it must establish a Data Deficiency Reserve of 5% of Medical Expenses Insurance Net Written Premium. d) For all other products, except for long term Protection and Savings business, data must be provided to the Appointed Actuary in a format that allows quarterly paid and incurred claims delay tables to be constructed. The Appointed Actuary is not necessarily required to use quarterly data, but he/she should use professional judgement to decide on the appropriate granularity of data to use. e) If the company is unable to provide data for any other products or lines of business, except for long term Protection and Savings business, in a format that allows quarterly paid and incurred claims delay tables to be constructed for that product or line of business, then it must establish a Data Deficiency Reserve of 5% of the relevant Net Written Premium.
3. Unearned Premium Reserve (UPR)
a) For all one-year policies, except for Marine Cargo Open Cover policies, the UPR must be determined on a 1/365th basis, assuming the risk is uniform over the policy year. b) For Marine Cargo Open Cover policies, where dates of voyages are usually not available, UPR should be estimated using the last three months' premium for the relevant period as per Article 69(2) of Implementing Regulations. c) For shorter-than-one-year Marine Cargo policies, UPR should be determined:
i. Using straight-line method over the policy term as in (a) above; or ii. In the absence of data required for (i) above, using the last three months’ premium for the relevant period as per Article 69 (2) of Implementing Regulations
4. Unexpired Risk Reserve (URR)
a) It should be noted that any Premium Deficiency Reserve is part of the Unexpired Risk Reserve. These should be shown as additional Premium Reserves in the Financial Statements and should not be included within Earned Premium or the UPR. The gross URR must be shown in Column E of Form 62, the reinsurance share in Column P of Form 62, and the net URR in Column AA of Form 62 of the Reporting Forms. b) For Engineering Construction projects with policy terms in excess of one year, the Appointed Actuary shall assume that the risk will increase linearly over the policy term in determining the URR. SAMA had previously provided a spreadsheet to all companies and actuaries to support the calculations for the 2013 FCR. which should continue to be adopted, unless the Appointed Actuary has sufficient claims data to carry out full analysis of the incidence of risk. In such cases, the premium earnings pattern may be derived based on this analysis, subject to full documentation of the analysis performed. c) The Company should note that for policies covering Engineering Construction projects with policy terms in excess of one year, premiums should be assumed due on the dates agreed with the Policyholder for the purpose of establishing Doubtful Debt Reserves according to Article 69(d) of the Implementing Regulations. This is subject to premiums being due on a uniform basis and the annual premium being constant over the period of the contract. d) For Extended Warranty policies with terms in excess of one year, the Appointed Actuary must assume that the risk will increase linearly over the policy term in determining the URR. The spreadsheet, referred to under item (b) above, should be used for this purpose, unless the Appointed Actuary has sufficient claims data to carry out full analysis of the incidence of risk. In such cases, the premium earnings pattern may be derived based on this analysis, subject to full documentation of the analysis performed.
5. Premium Deficiency Reserve (PDR)
a) If the Company has insufficient unearned premium reserve against the corresponding projected claims and expenses under a line of business, then it must hold a Premium Deficiency Reserve for that line of business. b) All expenses must be assigned to individual lines of business, supported by a comprehensive expenses analysis. This must be explicit for commissions, both direct and reinsurance, and claims management expenses. Other Expenses must be allocated appropriately, e.g., in proportion to GWP or GEP, and must be treated consistently year on year. c) Other Expenses must include all expense items allocated to both Policyholders and Shareholders, including Zakat and Income Tax. The only expenses that may be excluded are the investment expenses for both Policyholders and Shareholders. d) All expenses referred to under items (b) & (c) above should be sourced from audited statements of the Company, using the calculation method shown in Appendix 2. Where the calculation of PDR precedes the audit of the above expenses, any material changes in those expenses as a result of the audit exercise should lead to a change in the PDR. e) Any expenses that may be subject to unusual fluctuations may be smoothed. In particular, the change in Doubtful Debt Reserve must be considered as part of the Company’s expenses, but consideration should be given to smoothing this item.
6. Claim Reserves - all lines of business (excluding life insurance)
a) Full claims triangles used to determine the claims reserves must be shown in the Appointed Actuary’s report. b) ‘Actual v Expected' analysis showing the deviation of the projected claims development based on data as at 31 December 2016 from the actual claims developments during the year 2017 for each prior accident period. The report should clearly state the treatment of the above deviations for the purpose of determining the claims reserves as at 31 December 2017. This analysis is required for all lines of business, unless the Appointed Actuary considers a line of business to be immaterial. c) The report should clearly identify all material assumptions used and judgments made, along with their justification, so that another actuary with appropriate skills can reproduce the results independently. d) Claims reserves analysis must consider more than one reserving methodology.. For Motor and Medical Expenses lines of business written on a direct basis, both ‘paid claims-based’ and ‘incurred claims- based’ methods must be used. For other lines of business, it is preferred that the Appointed Actuary considers both ‘paid claims-based’ and ‘incurred claims-based’ methods. The Appointed Actuary should use his professional judgment when selecting results based on a particular methodology or a combination of methodologies. This selection should be justified. e) It is expected that all reserve projections will be carried out on a gross- of-recoverables basis, and all recoverables (i.e., reinsurance, salvage, and subrogation) will be projected separately. The method of estimating the reserves for recoverables must be fully described. f) Claims reserves should not be discounted, unless required by the nature of those claims, e.g., annuity payments under a liability claim. Where discounted, the discount rate assumed should be clearly stated in the report. g) Methodology for estimating the Claims Expense (i.e., ALAE and ULAE) reserves should be fully described.
7. Claim Reserves - Motor-specific Requirements
a) In the past, SAMA had expressed concerns over the reliability of outstanding Salvage & Subrogation claims data. Where the Appointed Actuary intends to use the outstanding Salvage & Subrogation claims data for projecting future recoveries, this must be supported by a detailed analysis of historical recoveries. b) In general, the Appointed Actuary should pay extra attention when selecting results based on the incurred claims data, and make adjustments as appropriate. c) The Company should hold a provision of 100% for all outstanding amounts of Salvage/Subrogation recoveries where the date of reporting of an accident was more than one year ago.
8. Claim Reserves Uncertainty
a) The Appointed Actuary must estimate the uncertainty around his/her estimate of the claim reserves. The analysis of reserve uncertainty should be carried out separately for each line of business, and, preferably, also at the portfolio level. b) SAMA expects that the Appointed Actuary will use standard actuarial methodologies to estimate the above uncertainty. This may include Bootstrapping techniques, Mack Method, or simply a range of results under various reserve methodologies.
9. Reinsurance Accruals
a) Where any reinsurance treaty includes Swing Rates, or any adjustment reinsurance premium or commissions based on the claims experience under the treaty or a loss participation clause, then the Appointed Actuary is required to determine an explicit Reinsurance Accrual Reserve. The results of the calculation should be provided to the Finance function in order to book those amounts under appropriate categories within the Company’s Financial Statement (e.g. amount payable to or receivable from reinsurers, etc.). b) For any treaty where the reinsurance premium or reinsurance commissions are adjusted based on claims experience, the Reinsurance Accrual Reserve should be based on the projected ultimate loss ratio. c) In addition, for any open treaties that include Swing Rates, or any adjustment reinsurance premium or commissions based on the claims experience under the treaty or a loss participation clause, then the Appointed Actuary should adjust the Net Unexpired Risk Reserve, as appropriate.
10. Protection & Savings Insurance
a) Detailed instructions for Protection & Savings Insurance are shown in Appendix 3 to this Circular. b) It should be noted that all Group Life and Group Credit Life must be shown as Protection & Savings business within the Reporting Forms and in the Financial Statements. c) In addition, all insurance companies writing either of these products must complete Form 33 showing the Solvency Margin in respect of Protection & Savings business. d) Particular attention should be paid to the Group Credit Life section of the above Appendix.
11. Other Contents of FCR
a) The Appointed Actuary should review any treaty put in place to protect Medical Expense Insurance business or Motor Insurance business. The Appointed Actuary should comment on the value for money provided by the treaty. In addition, the Appointed Actuary is required to comment on the amount of risk transfer under the treaty, and as to why it should not be considered as Finite Reinsurance. The Appointed Actuary may refer to the “Guidance Paper on Risk Transfer, Disclosure and Analysis of Finite Reinsurance” published by the International Association of Insurance Supervisors (IAIS)1, first published in year 2006, and most recently updated in year 2014. b) The Appointed Actuary must ensure that, in addition to the above, the FCR produced covers all other requirements as per the regulations.
Board Reporting
a) The Appointed Actuary must, in addition, prepare a short summary document highlighting the key findings in the FCR. This should be no more than five pages in length, and should be submitted to the Board of Directors of the Company as a Board paper, with the Appointed Actuary’s full report being an appendix to the Board paper. b) SAMA requires that the Appointed Actuary present his findings and recommendation at a Board Meeting, to be held before 30 April 2018.
Compliance
a) A copy of this Circular should be shared with the Company’s Board of Directors, Audit Committee, Chief Financial Officer, Appointed Actuary, External and Internal Auditors, Risk Management officers and Compliance Officer. b) The Company’s CEO should provide confirmation within seven days of the date of this Circular confirm that that copies have been passed to all those mentioned above. c) If, in SAMA’s view, the Actuarial Reserve Report does not meet generally accepted professional standards, then SAMA may require that an independent reserving exercise as at 31 December 2017 be carried out at the Company’s expense for submission to SAMA at a date decided by SAMA. d) The Company management is ultimately responsible for ensuring that the reserves booked in the financial statements are adequate. SAMA expects that the Company will book reserves equal to or higher than those recommended by the Appointed Actuary. Where the Company booked reserves higher than those recommended by the Appointed Actuary, it must inform SAMA immediately about the additional reserves booked. e) In those rare circumstances, where the Company management intends to book reserves lower than those recommended by the Appointed Actuary, the CEO of the Company must inform SAMA immediately, along with an appropriate justification, including the external auditor’s views on the proposed reserves. In such cases, it is likely that SAMA will require additional evidence, including possibly an independent reserving exercise as at 31 December 2017 carried out at the Company’s expense. Until the Company has obtained clearance from SAMA, the Company shall not be able to publish its financial statements.
Appendix 1
FCR Reporting Template (attached)
Starting from year-end 2018 FCR, SAMA will require all data, including the above template, to be submitted via RMS.
Appendix 2 - Expense Ratio Definition
For the Expense Ratio, the Numerator is:
Commission Incurred (*) (Form 21, Line 38, Column E)
Minus Reinsurance Commissions Earned (Form 21, Line 18, Column E)
Minus Other Underwriting Income (Form 21, Line 19, Column E)
Plus Policy Acquisition Costs (Form 21, Line 39, Column E)
Plus Other direct underwriting Expenses (Form 21, Line 40, Column E)
Plus Doubtful Debt Expense (Form 21, Line 41, Column E)
Plus Operational and Technical Expenses (Form 21, Line 51, Column E)
Plus Shareholders Expenses (Form 22, Line 39, Column A)
Plus Zakat (Form 22, Line 51, Column A)
Plus Taxes (Form 22, Line 52, Column A)
* The item “commission incurred (Form 21, Line 38, Column E)” should be replaced with the ‘expected’ commission at the portfolio level for the business to be underwritten.
The Denominator is the Net Earned Premium plus any ‘Other Income’ other than that arising from investments and underwriting activities:
Net Earned Premium (Form 21, Line 17, Column E) +
Other Income (Form 21, Line 71, Column E) +
Other Income - Shareholders (Form 22, Line 19, Column A)
If a Company has incorrectly treated movements in Premium Deficiency Reserves as part of its earned premium for accounting purposes, then it should reverse these movements out for the purposes of calculating the Denominator above.
Appendix 3 - Protection and Savings (P&S)
1. This Appendix is included in the FCR letter for actuaries preparing technical provisions for Protection and Savings business for the year-end Financial Statements of companies in Saudi Arabia. 2. The technical provisions shown in this Appendix should always be prepared in Saudi Riyals.
Method of calculation of the Mathematical Reserves of P&S business
3. (a) The determination of the amount of Mathematical Reserves in respect of the liabilities in the P&S Class, (other than liabilities which have fallen due for payment before the valuation date) shall be made on actuarial principles which have due regard to the reasonable expectations of Policyholders and shall make proper provision for all liabilities on prudent assumptions that shall include appropriate margins for adverse deviation of the relevant factors. (b) The determination shall take account of all prospective liabilities as determined by the policy conditions for each existing contract, taking credit for premiums payable after the valuation date. (c) Without prejudice to the generality of subparagraph (a) above, the amount of the Mathematical Reserves shall be determined in compliance with each of paragraphs 4 to 19 below and shall take into account, among other things, the following factors:
i) all guaranteed benefits, including guaranteed surrender values; ii) vested, declared or allotted bonuses to which Policyholders are already either collectively or individually contractually entitled; iii) all options available to the Policyholder under the terms of the contract; iv) expenses, including commissions; v) all discretionary charges and deductions; vi) any rights under contracts of reinsurance in respect of business in the P&S Class.
4. (a) Subject to subparagraphs (b), (c) and (d) below, the amount of the Mathematical Reserves shall be determined separately for each contract by a prospective calculation. (b) A retrospective calculation may be applied to determine the Mathematical Reserves where a prospective method cannot be applied to a particular type of contract or benefit, or where it can be demonstrated that the resulting amount of the Mathematical Reserves would be no lower than would be required by a prudent prospective calculation. (c) Appropriate approximations or generalisations may be made where they are likely to provide the same, or a higher, result than individual calculations of the same amount of the Mathematical Reserves in respect of each contract. (d) Where necessary, additional amounts shall be set aside on an aggregated basis for general risks that are not individualised. (e) The method of calculation of the amount of the Mathematical Reserves and the assumptions used shall not be subject to discontinuities from year to year arising from arbitrary changes and shall be such as to recognise the distribution of profits in an appropriate way over the duration of each policy. (f) The Mathematical Reserves for contracts under which the Policyholder is eligible to participate in any established surplus shall have regard to the level of the premiums under the contracts, to the assets held in respect of those liabilities, and to the custom and practice of the insurance company in the manner and timing of the distribution of profits or the granting of discretionary additions, as the case may be.
5. The amount of the Mathematical Reserve determined in respect of a group of contracts shall not be less than such amount as, if the assumptions adopted for the valuation were to remain unaltered and were fulfilled in practice, would enable Mathematical Reserves similarly determined at all times in the future to be covered from resources arising solely from the contracts and the assets covering the amount of the Mathematical Reserve determined at the current valuation.
Net premium reserves
6. (a) Where further specified premiums are payable by the Policyholder under a contract (not being a unit linked contract) under which benefits (other than benefits arising from a distribution of profits) are determined from the outset in relation to the total premiums payable there-under, then, subject to subparagraph (c) and paragraph 7 below,
(i) where the premiums under the contract are at a uniform rate throughout the period for which they are payable, the premiums to be valued shall be not greater than such level premiums as, if payable for the same period as the actual premiums under the contract and calculated according to the rates of interest and rates of mortality or disability which are to be employed in calculating the Mathematical Reserve under the contract, would have been sufficient at the outset to provide for the benefits under the contract according to the contingencies upon which they are payable, exclusive of any additions for profits, expenses or other charges; (ii) where the premiums under the contract are not at a uniform rate throughout the period for which they are payable, the premiums to be valued shall be not greater than such premiums as would be determined on the principles set out in sub-paragraph 6(a)(i) above modified as appropriate to take account of the variations in the premiums payable by the Policyholder in each year;
provided that a premium to be valued shall in no year be greater than the amount of the premium payable by the Policyholder. (b) Where the initial terms of the contract have changed since the contract was first made, then for the purposes of the subparagraph (a) above, it shall be assumed that those changes, from the lime they occurred, were provided for in the contract at the time it was made. For the purposes of this paragraph, the terms of the contract are taken to change if the change is indicated in an endorsement on the policy but not if a new policy is issued. (c) An alternative valuation method to that described in subparagraphs (a) to (b) above may be used where it can be demonstrated that the alternative method results in reserves no less, in aggregate, than would result from the use of the method described in those subparagraphs.
Acquisition expenses
7. (a) In order to reduce the reserve strain during the first policy year, the Company may use Zillmer Reserve Method (b) The increase permitted by subparagraph (a) above shall be subject to the limitation that the amount of the future premium valued shall not in any event be greater than the amount of the premium actually payable by the policyholder.
Rates of interest
8. (a) The rates of interest to be used in calculating the present value of future payments by or to an insurance company shall be no greater than the rates of interest determined from a prudent assessment of the yields on existing assets attributed to the P&S Class business and. to the extent appropriate, the yields which it is expected will be obtained on sums to be invested in the future. (b) For the purposes of subparagraph (a) above, the assumed yield on an asset attributed to the P&S Class business, before any adjustment to take account of the effect of taxation and Zakat, shall not exceed the yield on that asset calculated in accordance with subparagraphs (c) to (e) below, reduced by 5 per cent of that yield. For the purpose of calculating the yield on an asset, the asset shall be valued in accordance with Article 65 of the Implementing Regulations, subject to the additional rules in this Appendix. (c) For fixed interest investments the yield on an asset, subject to subparagraph (e) below, shall be that annual rate of interest which, if used to calculate the present value of future payments of interest before the deduction of tax and Zakat and the present value of repayments of capital, would result in the sum of those amounts being equal to the value of the asset. (d) For equity shares or immovable property, the yield on an asset, subject to subparagraph (e) below, shall be the ratio to the value of the asset of the income before deduction of tax and Zakat which would be received in the period of twelve months following the valuation date on the assumption that the asset will be held throughout that period and that the factors which affect income will remain unchanged, taking into account any changes in those factors known to have occurred by the valuation date. (e) In calculating the yield on an asset under this paragraph -
i) if the asset does not consist of equity shares or immovable property -
• a prudent adjustment shall be made to exclude that part of the yield estimated to represent compensation for the risk that the income from the asset might not be maintained or that capital repayments might not be received as they fall due, and • in making that adjustment, regard shall be had wherever possible to the yields on risk-free investments of a similar term in the same currency:
ii) for assets which are equity shares or immovable property, adjustments to yields shall be made as appropriate to exclude that part, if any, of the yield from each category of asset that is needed to compensate for the risk that the aggregate income from that category of asset, taking one year with another, might not be maintained. For the purposes of this subparagraph, a "category of asset" comprises assets of a similar nature, type and degree of risk.
(f) In no case shall a rate of interest determined for the purposes of subparagraph (a) above exceed the adjusted overall yield on assets calculated as the weighted average of the reduced yields on the individual assets arrived at according to the provisions of subparagraph (b) above; and when that weighted average is calculated -
i) the weight given to each investment shall be its value as an asset determined in accordance with Article 65 of the Implementing Regulations, subject to the additional rules in this Appendix, and ii) except in relation to the rate of interest used in valuing payments of unit linked benefits, both the yield and the value of any linked assets shall be omitted from the calculation.
(g) The maximum rate of interest to be applied before any adjustment which takes into account the effect of taxation and Zakat shall be the lesser of:
i) the yield as calculated in subparagraph (b) above, and ii) the yield available on long term Saudi Government sukuks or bonds, where “long term” is specified as the maximum duration of the available Saudi Government sukuks or bonds in issue, but not exceeding 15 years, with a maximum rate of six per cent (6.0%) per annum.
(h) For the purpose of determining the rates of interest to be used in valuing a particular category of contracts the assets may, where appropriate, be notionally apportioned between different categories of contracts. (i) Where the Mathematical Reserves are denominated in currencies other than Saudi Riyals, the yield shall be determined on assumptions that are as prudent as those made under subparagraphs (c) to (h) above, interpreted in the context of the jurisdiction relevant to that currency.
Rates of mortality and disability
9. The amount of the Mathematical Reserves in respect of any category of contract shall, where relevant, be determined on the basis of prudent rates of mortality and disability. The rates used shall be based on relevant tables of mortality and disability published internationally, adjusted, where appropriate, to represent the experience of the company and the market in which the contract is written.
Provision for expenses
10. (a) Provision for expenses, whether implicit or explicit, shall be not less than the amount required, on prudent assumptions, to meet the total net cost, after taking account of the effect of taxation and Zakat, that would be likely to be incurred in fulfilling all contracts then in force if the company were to cease to transact new business twelve months after the valuation date. (b) The provision mentioned in subparagraph (a) above shall have regard to, among other things, the company's actual expenses in the last twelve months before the valuation date and to the effects of inflation on future expenses on prudent assumptions as to the future rates of increase in prices and earnings. (c) Where the company writes short term Protection & Savings, General and/or Health insurance, the expense provision should allow for all projected expenses over the run-off period for all in-force contracts, not just those for Protection & Savings contracts.
Future bonuses
11. Account shall be taken either explicitly or implicitly of future bonuses for participating contracts in a manner consistent with the other assumptions on future experience and with the current method of distribution of bonuses.
Options
12. (a) Provision shall be made on prudent assumptions to cover any increase in liabilities caused by Policyholders exercising options under their contracts. (b) Where a contract includes an option whereby the Policyholder could secure a guaranteed cash payment within twelve months following the valuation date, the provision for that option shall be such as to ensure that the value placed on the contract is not less than the amount required to provide for the payments that would have to be made if the option were exercised. (c) Where the surrender value of a contract is guaranteed, the provision for the contract at any time shall be at least as great as the value guaranteed at that time.
Contracts not to be treated as an asset
13. No contract shall be treated as an asset.
Unit-linked contracts
14. Where the benefits payable under a contract are wholly or in part unit-linked benefits, the amount of the Mathematical Reserves determined in respect of those linked benefits shall not be less than the value of the underlying assets. 15. The Appointed Actuary should ensure that the number of units allocated to policies is correct and that the calculation of the unit prices is correct. Unit prices should be calculated using asset values consistent with the way that assets are valued in the balance sheet. 16. The Appointed Actuary should consider whether any reserves additional to the unit liability should be held for unit-linked policies. In particular, possible future shortfalls in expense margins should be considered by projecting future cashflows on each unit-linked policy, using the following guideline assumptions:
a) The assessment of appropriate assumptions for future experience should have regard to past, current and expected future experience and to any other relevant data. b) Economic assumptions regarding future investment yields on various classes of investment and inflation must be internally consistent and should be consistent with observable, reliable market data. c) The mortality rates and other claim incidence rates (such as Permanent Total Disability, Accidental Death Benefit etc.) should be based on the company’s recent experience, over at least the last three years, if sufficient data are available for statistically credible rates, otherwise standard published tables (adjusted if appropriate) should be used. The Appointed Actuary should ensure that any investigation of these rates is carried out rigorously. The Appointed Actuary should report to SAMA full details of the investigations carried out into these rates. d) Subject to paragraph 17 below, discontinuance rates should be based on the company’s recent experience. The Appointed Actuary should check that any investigation of discontinuance rates has been carried out rigorously and that, in particular, delays in identification of lapses are not undermining the statistics. Discontinuance rates normally vary by type of policy and the duration that the policy has been in force, and the investigation should take this into account. The Appointed Actuary should provide full details to SAMA of the investigations carried out into discontinuance rates. e) Per policy expense assumptions should be based on an analysis of the company’s actual expenses. It is essential that all expenses of the company are included in the expense analysis and that the analysis of the expenses into the different categories of acquisition and renewal expenses is rigorous and appropriate. The Appointed Actuary should report to SAMA the full details of the expense analysis carried out. f) If the calculation produces a negative result for any contract, it should be set to zero.
Allowance for voluntary discontinuance
17. Allowance shall not be made in the valuation for the voluntary discontinuance of any contract if the amount of the Mathematical Reserves so determined would thereby be reduced. Where allowance for voluntary discontinuance increases the reserve required, prudent rates of discontinuance should be allowed for, based on the company's recent experience.
Mathematical Reserves on Group Life business
18. It should be noted:
a) The Mathematical Reserve for Employer Sponsored Group Life contracts written on a unit-rated basis where the premium for each individual is not known should be valued by calculating an Unearned Premium Reserve (UPR) for the proportion of the gross total premium under the contract relating to the remaining period from the valuation date until the expiry of the current period of insurance. b) The Appointed Actuary should consider carefully whether the premiums for the class of group protection business taken as a whole (with due account being taken of reinsurance arrangements) is adequate, in light of actual experience to date and expected future experience, and if necessary determine an Unexpired Risk Reserve in addition to the UPR. It is acceptable for an Unexpired Risk Reserve to be held at the company level so that the company’s overall experience is taken into account. c) Deferred acquisition costs arising from group business may not be used as an asset to offset the Mathematical Reserve.
Mathematical Reserves on Group Credit Life business
19. (a) The Mathematical Reserve for Group Credit Life contracts covering customers of banks and finance companies, and written on a unit-rated basis should be set separately for each policy based on its own historical and projected future experience. (b) The company must provide the Appointed Actuary with all quotation data received in respect of any Credit Life scheme that has been in-force with the company for less than three full policy years. (c) Loss rates per mille of Sum Insured should be considered for at least the past three years. Where there is any indication of deteriorating experience the Appointed Actuary should make a prudent allowance for ongoing deterioration in experience. (d) If there has been a material increase in in-force business over the year, then in the absence of individual age data, the Appointed Actuary should make a prudent assumption on the average age of new joiners. (e) Where disability cover is provided with a deferred period then it should be assumed that the insurance company will not be advised of any claim until the end of the deferred period.
Outstanding claims (including IBNR)
20. (a) The Appointed Actuary should identify the reserves that are held in respect of outstanding claims and confirm that the accounts accurately reflect them. Both Gross claims and reinsurance recoveries should be checked, paying particular attention to any single value in excess of SR100k. (b) Outstanding Claims (including IBNR) may assume claims reporting delay patterns are homogenous for all Protection & Savings business except Group Credit Life. (c) Outstanding claims (including IBNR) for Group Credit Life should be determined on a scheme-by-scheme basis taking into account the slower claims reporting characteristic of this product, and the historic experience available.
Contents of the Report to SAMA, certificates and signatures
21. SAMA will largely leave the Appointed Actuary to write his own report on the methods, assumptions and calculations of the technical provisions, but SAMA will specify some matters that must be included, namely the data, methods, assumptions and calculations used in calculating the Mathematical Reserves at the end of each year. 22. The Appointed Actuary’s report should include:
a) A certificate signed by the Appointed Actuary certifying, if such is the case, that the Mathematical Reserves have been determined in accordance with Appendix 3 of SAMA’s FCR letter for 2017, and stating the total amount of the Mathematical Reserves at 31 December 2017. b) A brief description of each of the main types of contract, sufficient so that the methods and assumptions used in the valuation can be understood. Particular reference should be made to any options and guarantees under the contracts. For unit-linked contracts, full details of the charges made to Policyholders should be set out. Full details of each Group Credit Life scheme insured by the company should be included within the report. c) Where a retrospective method has been used in accordance with paragraph 4(b) of this document, a statement giving details of the tests carried out to ensure that the resulting amount of the Mathematical Reserves would be no lower than would be required by a prudent prospective calculation. d) Where additional amounts have been set aside on an aggregated basis for general risks that are not individualised in accordance with paragraph 4(d) of this document, a statement giving details of the additional amounts, the reasons for them and how they were calculated. e) A statement, if such is the case, that the method of calculation of the amount of the Mathematical Reserves and the assumptions used were not subject to discontinuities from year to year arising from arbitrary changes and were such as to recognise the distribution of profits in an appropriate way over the duration of each policy. f) A statement describing the valuation method for contracts that are not unit- linked contracts, if this was not the net premium method implied by paragraph 6 of this document. g) A statement describing the allowance for acquisition expenses, if any, made in accordance with paragraph 7 of this document. h) A statement of all the rates of interest assumed in the valuation in accordance with paragraph 8 of this document, and the types of contracts that each rate applied to. i) A statement of all the rates of mortality and disability assumed in the valuation in accordance with paragraph 9 of this document, the types of contract that each rate applied to and full details of the investigations undertaken to validate the assumptions made. Where standard tables are used reference may be made to the standard tables. j) A detailed description of the investigations undertaken to analyse the expenses of the company between acquisition expenses and renewal expenses, and between different categories of product, together with all the relevant information used in the analysis. k) A detailed description of how the valuation allows for the company’s expected future expenses, in accordance with paragraph 10 of this appendix, showing how the expense allowances in the valuation relate to the actual renewal expenses incurred as determined in sub-paragraph (j) above. l) A description of the way in which the valuation makes proper provision, either explicitly or implicitly, for future bonuses for participating contracts in a manner consistent with the other assumptions on future experience and with the current method of distribution of bonuses in accordance with paragraph 11 of this document. m) A description of the way in which the valuation makes prudent provision for options and guarantees in accordance with paragraph 12 of this document.
23. The admissible value of the assets for regulatory purposes is restricted by Article 65 of the Implementing Regulations and Table (2) of those regulations sets maximum admissibility percentages for each type of asset. 24. The amount of the regulatory capital will be equal to the Solvency Margin for Protection and Saving Insurance business calculated in accordance with Article 67 in the Implementing Regulations, plus the amount of solvency capital for General and Health Insurance business calculated in accordance with Article 66 in the Implementing Regulations.
Underwriting Practices
SAMA has noticed alarming market practices in underwriting, especially for medical expenses and motor insurance, which are not in line with international practice, and are damaging the functioning of the market; these practices are:
• Insurance companies are prepared to quote for schemes without enough claims experience being provided. • Premium rates being guaranteed for periods in excess of one year for medical expenses and motor insurance. • Insurance companies are managing insurance claims (e.g. medical expenses) without taking on the risk. Under this type of arrangement, the risk is not covered/shouldered by the insurance company, but the company administers the insurance claims of the client, and is acting purely as a TPA.
SAMA introduced requirements for insurance companies to obtain and submit actuarial pricing reports for medical expenses and motor businesses late in 2012 and to be implemented starting from 1 January 2013 for medical expenses insurance business and from 1 April 2013 for motor insurance business. The submitted actuarial medical and motor pricing reports should be updated to fully take into account the recent claims experience of insurance companies.
This letter (Circular) details SAMA’s instructions with respect to the above mentioned issues.
1. Claims Experience Requirements
1.1 Underwriting
No insurance company should ever provide a quotation without having adequate underwriting information on which to scientifically determine the premium rates appropriate for policy terms & conditions offered.
The following requirements must be adhered to in all circumstances:
• During 2014, quotations may only be provided if at least one or more years’ claims experience is provided. • During 2015, quotations may only be provided if at least two or more years’ claims experience is provided. • From 2016 onwards, quotations may only be provided if at least 3 or more years’ claims experience is provided. • If a risk is entirely new, the insurance company may only quote the book rates, which have been submitted to SAMA. The insurance company is not allowed to apply any discounts to these rates. • If the risk has been in existence for less than 3 years from 2016, or 2 years from 2015, then the insurance company may quote provided they receive full claims experience for the time the risk has been in existence. • No insurance company is allowed to provide any quotation for medical expenses or motor business unless it has received claims experience as above. • An insurance company can provide a quotation as illustration only based on the information provided to it. However, the insurance company must amend the quotation based on full underwriting data. It may not issue a policy on quoted rates until it has full data to provide an accurate quotation. Under no circumstances may an insurance company provide actual rates, unless it has sufficient data subdivided according to the rating factors it will adopt in its underwriting manual. • For medical expenses insurance full demographic data must be provided before any quotation may be provided.
1.2 Nature of the Claims Experience to be Required
Insurance companies must require that the claims experience consists, at a minimum, of the following:
• Number of claims paid by policy year • Amount of claims paid by policy year • Numbers of claims reported but not yet settled by policy year • Claim amount of claims reported but not yet settled by policy year • Deductible or excess applied for each policy year. • The date the claims data was provided and the precise period of the claims experience. • The provided data for the in-force policy year should represent enough claims experience for the policy within six months before the renewal date (i.e. at least 6 months claims paid).
For motor insurance:
• Information should be provided as to how depreciation provision is applied when settling a claim for comprehensive coverage. • The amounts should be net of any allowance for salvage and/or subrogation for motor claims. • The number of vehicles covered at each renewal date and at the date of the claims data should be provided for fleet or leasing schemes.
For medical expenses insurance:
• The number of lives covered at each renewal date, and at the date the claims data should be provided and separated by age, gender and employee or dependent status. • The amounts should be the actual ones payable to the medical service providers at the time of the claim, and therefore gross of any bulk discount applied in arrears for medical expenses claims.
It should be noted that all claims dates referred to in this Circular are accident or treatment dates. For the definitions of the terminology mentioned in this Circular with respect to the claims experience, please refer to the Financial Reporting Forms - Guidelines published by SAMA.
The insurance industry has proposed that it should develop a standardised form to ensure that the claims experience data provided is consistent across all insurers. SAMA has no objection to any standard form being developed, but the above information must be used to provide from the effective date of this Circular, whether or not a standard form has been agreed by then.
1.3 Responsibility for Providing Claims Experience
The key relationship is between the policyholder and the insurance company. SAMA requires that the insurance company provides the policyholder, upon his written request or his representative’s written request (i.e. broker), within 15 working days of making the request with sufficient and accurate information of his claims experience. It is the responsibility of the policyholder to provide the insurance company with sufficient and accurate information for it to price and underwrite the risk it is taking on.
Where the insurance company outsources its claims administration to a TPA, then the TPA is required to provide the data requested to the insurance company within 10 working days of its request.
The claims experience report issued by either the insurance company or its TPA must be stamped & signed by the authorised person and the report must be printed on the issuer heading letters (insurance company or its TPA).
After receiving the claims experience, the policyholder should review the report and confirm in writing that he reviewed it and that all information included within the report is accurate to the best of his knowledge.
With respect to the personal lines of the business, the insurance company is not required to obtain the policyholder’s claims experience in a report format from policyholder or the existing insurance company; instead the insurance company should ensure that its proposal form asks about all material facts including the policyholder’s claims experience.
If it is found that inaccurate claims experience was provided then the insurance company should have the right to review the premium rate charged, and take appropriate actions. These could include adjusting the premium, or requiring that any commission paid to the broker be refunded if due to broker misrepresentation or non-disclosure.
In extreme circumstances where evidence has been obtained that claims data provided to the insurance company in order to quote was misstated with fraudulent intent, then the insurance company may cancel the policy and take the proper actions against the parties who are responsible for that.
1.4 Role of Brokers
A broker may collect the claims experience and provide it to the insurance company. It should be noted that brokers must act on behalf of the policyholder and conduct their business according to professional and ethical standards and as per the applicable laws and regulation, including the provisions of the Implementing Regulations of the Law on Supervision of Co-operative Insurance Companies, Insurance Intermediaries Regulation, Market Code of Conduct Regulation and Regulation of Reinsurance Activities Regulation.
Using a broker to collect this data does not in any way reduce the responsibility of the policyholder to ensure that accurate information is provided to the insurance company.
1.5 Pricing of Group Medical or Motor Fleet/Leasing Risks
Insurance companies should comply with the following instructions when applying the claims experience:
1. Apply an experience rating approach for group or fleet/leasing risks, and must supply a fully justified credibility formula set out and signed off by the company’s Appointed Actuary. 2. A form or Excel spreadsheet should be produced which ensures that the pricing mechanism adopted complies with the credibility formula that is signed off by the company’s Appointed Actuary. A copy of the form or Excel spreadsheet should be provided to SAMA. 3. The Appointed Actuary should determine the annual increase in the burning costs allowing for claims trends, inflation to be built in the credibility formula calculation mechanism. 4. The Appointed Actuary’s pricing report should specify the size of schemes for which this blended pricing approach must be adopted. It must define the size of smaller schemes where book rates should be used. 5. The insurance company may request that its Appointed Actuary assist with individual quotations for a particular scheme if it considers that there are reasons why the scheme falls outside the standard pricing process. All such individual quotations must be fully documented, auditable, and made available to SAMA on request. The Appointed Actuary should ensure that these individual quotations fall outside the standard pricing process before providing his/her recommendation, and he/she may be held liable if he/she quotes rates for individual schemes which are later shown to be too low resulting in losses to the company.
2. Premium Rate Guarantees
It is not permitted for any insurance company to enter into any arrangement with any insured for a period in excess of one year for medical expenses insurance or for motor insurance with rates guaranteed for more than one year. Policyholders can choose to renew their annual policy with the same insurance company, but this must be on terms negotiated and agreed at renewal.
3. Insurance Companies Acting as Third Party Administrator (TPA’S)
SAMA noticed that there are some insurance companies manage insurance expenses claims (e.g. medical costs) without taking on the risk. Under this type of arrangement, the risk is not covered/shouldered by the insurance company, but the company administers the insurance claims of the client. This service represents claims administration services, or acting as a TPA, without bearing the insurance risk, which insurance companies are not licensed to do.
Article 3-2 of the Law On Supervision of Cooperative Insurance Companies does not permit insurance companies to carry out any activities other than insurance. Insurance companies are not allowed to provide claims administration services without bearing insurance risk, and insurance companies should comply with this instruction by 1 July 2014 if they do have any agreement in place.
4. Medical & Motor Pricing Report
SAMA is requiring all insurance companies to provide a full actuarial pricing update for medical and motor products on at least an annual basis, and will consider requiring more frequent updates if necessary.
SAMA requires all companies approved to sell medical or motor products to provide full updated reports as follows:
1) Medical, by 1 June 2014 2) Motor, by 1 July 2014
For any medical/motor pricing reports, the Appointed Actuary must use up to date complete data to determine the premium rates. The data used in the report must be up to date when the report is submitted to SAMA. Specifically if a report is submitted between:
1) 1 March to 31 May: it must use complete data up to at least 31 December of the previous year. 2) 1 June to 31 August: it must use complete data up to at least 31 March of the same year 3) 1 September to 30 November: it must use complete data up to at least 30 June of the same year. 4) 1 December to 31 December: it must use complete data up to at least 30 September of the same year. 5) 1 January to 28 February: it must use complete data up to at least 30 September of the previous year.
Medical/Motor products approval may be withdrawn if the updated actuarial pricing reports are not submitted or are not compliant with SAMA’s instructions.
The insurance company’s Appointed Actuary should prepare the medical and motor pricing reports that are to be submitted to SAMA unless the insurance company has obtained SAMA’s no objection to ask another actuary to prepare the pricing reports at least three months before the date of the actuarial report submission. It should be noted that SAMA will only allow another actuary to be used only if it is justified, and SAMA will require a report to be submitted from the Appointed Actuary in addition to those prepared by the other actuary. It should be noted that there are no restrictions on the preparation of technical or actuarial reports that are not submitted to SAMA.
The insurance company should note that it is acceptable to provide partial submissions to SAMA from the Appointed Actuary in respect of
a. Revisions to credibility formula b. Changes to recommended loadings c. Pricing of a single product within the medical or motor class
The insurance company may seek SAMA’s approval to submit partial pricing submissions from the Appointed Actuary in other circumstances.
SAMA’s written no objection is needed before any actuarial pricing report or partial submission is implemented. It is, however, always acceptable to charge higher premium rates than those determined by the Appointed Actuary, subject to such rates being fully documented and justified and in line with Article (46) of Implementing Regulations.
It should be noted that there is no requirement for the company to submit any actuarial pricing report to SAMA unless required by this Circular, or the company wishes to amend its rating structure.
If the company makes any material alteration in its reinsurance arrangements for medical or motor insurance, then it must consult with its Appointed Actuary to determine whether the recommended loadings in the premium rates remain adequate, and must amend its rates as appropriate.
Minimal Requirements And Considerations For The Medical And Motor Pricing Reports must be followed in all subsequent reports. These are set out in an Appendix to this Circular.
It should be noted that the Appointed Actuary must recommend premium rates with no cross subsidies between the rating factors, in line with Article 46 of the Implementing Regulations. However if, for competitive purposes, the company wishes to charge rates which have some element of cross-subsidisation, then it may ask the Appointed Actuary to prepare an additional report setting out the risks of applying the cross-subsidies, based on expected portfolios of business written which may not be too dissimilar to the in-force portfolio. SAMA will review the cross-subsidy report separately.
The company should submit a corresponding underwriting manual, rating structure and premium rates that meet the Minimal Requirements And Considerations For The Medical And Motor Pricing Reports. The rating structure and premium rates should be in Excel spreadsheet format.
The Appointed Actuary is responsible to ensure a comprehensive and concise report is provided to SAMA as to minimize the extent of required follow-up queries from SAMA.
In addition, the Appointed Actuary must prepare a short summary document highlighting his key findings for each actuarial pricing report. This should be no more than 5 pages in length, and should be submitted to the Board of Directors of the company as a Board paper within five working days of the Appointed Actuary’s submission, with the Appointed Actuary’s full report being an appendix to the Board paper.
The actuarial pricing reports submitted to SAMA cannot be preliminary or initial and are required to be the final reports. The reports should clearly summarize and compare the Company’s current premium rates (loads and discounts) and the new premium rates (loads and discounts) calculated by the Appointed Actuary.
5. Compliance
A copy of this Circular should be passed to the Company’s Board of Directors, Audit Committee, Internal Auditors, Risk Management officers, Compliance Officer, Appointed Actuary and External Auditors.
The Appointed Actuary must prepare a short summary document highlighting the key recommendations of the pricing report. This should be submitted to the internal control functions (internal audit, risk management, and compliance functions) with the pricing report submission. The purpose of this document is to ensure that:
• The internal control functions understand the Appointed Actuary’s recommendations. • There are internal controls in place to ensure the company is following the Appointed Actuary’s recommendations. • The internal control functions, set up a meeting with the Appointed Actuary to understand his/her recommendations and how to ensure that the company is following his/her recommendations.
The compliance function should report to SAMA any material lack of compliance with SAMA’s instructions. This should be based on the reports of the Internal Audit function and the Risk Management function, and should include an action plan for addressing the key issues identified.
The Internal Audit function should carry out a continuous audit, at least on quarterly basis, of the underwriting function to assess compliance with company’s internal procedure and guidelines as defined in the underwriting manual submitted to SAMA.
The Risk Management function should carry out quarterly assessment of the underwriting risks, and recommend improvements to processes, and address any other weaknesses which should be improved such as any need for additional training of underwriting staff.
The internal control functions (internal audit, risk management, and compliance functions) should provide the Audit Committee on a quarterly basis with a report on their findings and suggested corrective actions. Moreover, on quarterly basis the compliance function should provide SAMA with a copy of the minutes of the Audit Committee meeting in which the report was discussed. The minutes should summarize the findings and any corrective action that should be taken by the company.
6. Implementation of New Rates
Any proposed premium rate increases may be introduced on a File & Use basis, which means the insurance company files the new actuarial report with SAMA and implements the new proposed premium rate, subject to such rates being in line with Article (46) of the Implementing Regulations. However, all premium rate reductions may only be implemented subject to receiving a no objection letter from SAMA.
Any other changes in the premium rating basis that do not clearly represent an increase in the rates to be charged may also only be implemented once SAMA has issued a no objection letter to the company.
Insurance companies should not expect to be able to implement any proposed rate reductions until at least 3 months after they have submitted the report to SAMA, and should not expect any response from SAMA within 2 months.
Where the Appointed Actuary, who has prepared the pricing report is different from the Actuary who prepared the previous pricing report which was accepted by SAMA, then the company should not expect to be able to implement any proposed rate reductions for at least 4 months, after they have submitted the report to SAMA, and should not expect any response from SAMA within 3 months.
7. Regulatory Action for Non Compliance
It should be noted that if an insurance company, broker, insurance agent or insurance claims settlement specialist (third party administrator) is not in compliance with this Circular, SAMA will take the regulatory/legal actions as stipulated in the Law on Supervision of Co-operative Insurance Companies and its Implementing Regulations.
Thus, SAMA instructs the insurance company to do the following:
1. Provide SAMA with the updated underwriting manuals, which reflects the instructions stated in Sections 1, 2, 3 and 4 of this Circular, for medical expenses and motor insurance. These should be provided with the actuarial pricing reports. 2. Provide SAMA with an unprotected soft copy of the Excel spreadsheets that set out the blended credibility approach that the insurance company is going to adopt to price group medical expenses and fleet/leasing motor risks which are in compliance with instructions stated in this Circular. These should be provided with the actuarial pricing reports. 3. Immediately provide insurance company’s employees who are in charge of underwriting with a copy of this Circular. 4. The requirements set out in Section 1 of this Circular will be effective from 1 April 2014. 5. The requirements set out in Section 2 of this Circular will be effective immediately. 6. The requirements set out in Sections 3 of this Circular will be effective from 1 July 2014. 7. The requirements set out in Section 4 of this Circular will be effective as detailed in Section 4. 8. Provide confirmation from the insurance company’s CEO/GM within seven days of the date of this Circular of adherence to the instructions stated in this Circular. 9. Copies of this Circular should be provided to the full Board of Directors of the company. Minutes of the Board meeting on the adherence to the requirements set out in this Circular should be provided to SAMA within 90 days of the date of this Circular. 10. SAMA requires that the Appointed Actuary attends Board Meetings to present his Board Pricing papers, and take questions on his full pricing reports. The company should provide minutes of the relevant Board meetings to SAMA, and copies of the Appointed Actuary’s Board papers within 10 business days of the meeting.
Appendix - Minimal Requirements and Considerations for the Medical and Motor Pricing Reports
Insurance Supervision Department
No: ______________________________
Date: _______________________
Attachments: _________________
Date (G): ___________________
Summary
It should be noted that whilst these instructions have largely been issued in previous SAMA letters, there are some minor updates, and the Appointed Actuary should comply with the instructions below.
Professional Guidance
The report shall comply with relevant guidance and standards issued by actuarial societies such as the Institute and Faculty of Actuaries in the UK, the American Academy of Actuaries in the US, the Canadian Institute of Actuaries or the Australian Institute of Actuaries. Reports must state which Guidance they are complying with.
SAMA requires that the following professional standards be followed:
1) Knowledge and Experience - An actuary shall perform professional services only if the actuary is competent and appropriately experienced to do so. 2) Values and Behaviour - An actuary shall act honestly, with integrity and competence, and in a manner that fulfills the professions responsibility to the public and upholds the reputation of the actuarial profession. 3) Professional Accountability - An actuary shall be accountable to a professional actuarial association, or similar professional oversight organization.
The actuarial pricing reports should contain dates of all prior reports produced by the Appointed Actuary in relation to the specific company. The Appointed Actuary should also comment on all related reports from other actuaries that were produced for the specific Company. If the prior actuarial reports were not reviewed or considered, reasons should be provided for the lack of such review. Material changes to the methodology and assumptions should be summarized and highlighted, and the reasons for such changes should be explained.
Data
The Appointed Actuary should use available data that in the Appointed Actuary’s professional judgment allow the desired analysis to be performed. Known material data limitations should be disclosed and their implications discussed.
A full description of the data used in the pricing analysis should be included in the report, noting any deficiencies, and fully describing all data validations carried out.
Data quality issues generally fall into three categories:
• Consistency - i.e. whether data is consistent and collected in a standard format; • Complseteness - i.e. an assessment of data thoroughness, taking into consideration the importance of missing data (e.g. is data missing for large limit/high hazard locations); and • Accuracy - i.e. an assessment of data correctness.
Details of validation checks should be provided.
The precise period of investigation that the data is derived from must be stated. Data used should be as up to date as possible. A reasonable check should be carried out against the data used in the most recent prior report. Any adjustments or filtering of the raw data should be explained. An attempt should be made to measure the impact of such adjustment. If the Appointed Actuary decides that to perform a data review is not appropriate, the report should indicate that such a review has not be carried out (and why) and should disclose any resulting limitation on the use of the actuarial work product.
It should be noted that it is not acceptable to exclude any schemes with poor claims histories from the analysis without SAMA’s explicit permission, which will only be granted only if it is justified.
Consistency with Reserving
All analysis shall make an appropriate and fully justified allowance for IBNR and IBNER. The IBNR & IBNER’s used in pricing shall be determined in a consistent manner with the actuarial estimate of the Company reserves, unless any differences in approach are fully explained and justified. However, detailed reserving calculations will not normally be required.
Risk Rates Analysis
The Company’s experience shall be analysed at the level of the rating factors adopted by the Company in pricing its risks. If the Appointed Actuary’s review of the data and experience indicates that other rating factors should be considered and reviewed for the Company’s underwriting and pricing, the report should contain the relevant analysis and comments.
The treatment of any cells which have insufficient data to be fully credible should be described.
All premium rates used by the company within its pricing must be considered by Appointed Actuary. The Appointed Actuary should comment on proposed deviations from filed rates, and also on all credits/discounts and loads in the rating programme.
Changes in product terms, distribution methods, commission terms
Full allowance should be made for any changes in areas such as:
• Policy terms and Conditions • Distribution Methods such as changes in the proportion of business written through different channels • Commission rates payable
Blending Book Rates with Experience for Larger Schemes
The Appointed Actuary should define the minimum size of a scheme where book rates shall be blended with the claims experience of the scheme itself (the Burning Cost).
The Company must apply an experience rating approach for group medical and fleet/leasing motor risks over the size defined by the Appointed Actuary, and a fully justified credibility formula should be set out and signed off by the Appointed Actuary.
This approach should take into account burning costs over a three year period, where available, and the Appointed Actuary should specify in detail how burning costs are to be calculated.
An Excel spreadsheet should be produced which ensures that the pricing mechanism adopted complies with the formula.
The Appointed Actuary should note that SAMA imposes no restrictions on his/her choice of rating factors. It is permissible to use the size of scheme as a rating factor if there is adequate data to support it.
However, it is not permissible to use arbitrary discounts for large schemes without analysis of the experience.
The report should include a list and comments on:
• The 10 largest policies (by premium volume) for the most recent completed 3 policy periods and their premium and losses (paid and incurred). • The 5 worst performing policies (by loss ratio) for the most recent completed 3 policy periods and their premium and losses (paid and incurred). • The 5 best performing policies (by loss ratio) for the most recent completed 3 policy periods and their premium and losses (paid and incurred).
Trends
The Appointed Actuary should consider any trends in underlying experience both in the determination of personal lines rates, and in setting rating mechanism for group medical and fleet/leasing motor risks.
Examples of trends to be considered are:
• Claims cost inflation • Changes in claims costs as result of increased awareness of insurance in the population. • Changes in regulations
As well as trends over a period, the Appointed Actuary may need to consider the impact of seasonality on claims experience within each year.
Loadings
An allowance for expenses shall be made at a level which is consistent with the Company’s expenses experienced in the last two years. Significant deviations from actual experience should be fully justified. The exact source of the expense components used in the calculations should be referenced.
Benchmarking
It should be noted that Article 46(3) of the Implementing Regulations states that the prices used by each company should not rely upon other Company’s pricing.
SAMA has accepted the use of Benchmarks in the first pricing round, and will continue to accept their use where the company’s own data is insufficient.
However SAMA’s expectation is that Appointed Actuary’s will seek to comply with this legal requirement as soon as is practical, and it expects that the use of benchmarks will be phased out over time as the company has more of its own data to derive prices.
Use Requirements
The Company must make use of the premium rates determined by the Appointed Actuary.
All premiums charged by the Company must be at least those set out by the Appointed Actuary, unless explicit permission has been obtained from SAMA.
This explicit permission to vary from the Appointed Actuary’s premium rates may follow from SAMA’s approval of the separate cross-subsidisation report prepared by the Appointed Actuary or any partial submissions from the Appointed Actuary in respect of
a. Revisions to credibility formula b. Changes to recommended loadings c. Pricing of a single product within the medical or motor class
Compliance with the Prior Actuarial Pricing Reports
The Appointed Actuary should review the company’s records to determine the extent to which the recommended minimum rates were, in fact, implemented, and report on the same in the pricing report, and determine any impact on the company’s performance as a result of this variation.
The Appointed Actuary should comment on the actual experience of the company since the previous report, and if applicable how that experience would have changed if the company had fully implemented the pricing basis recommended by the Appointed Actuary at the last pricing date.
In order to investigate the compliance with the experience rating basis recommended, the Appointed Actuary should take samples of the top five groups/fleets by premium income from the insurance company’s portfolio and derive the experienced-rated premium rate. This can then be compared with the actual rate charged for each of the top five groups.
The Appointed Actuary is required to provide with his pricing report an Excel workbook to validate compliance with previous submitted pricing reports. The Excel workbook provided by SAMA (“ComplianceWithActuarialRates.xlsx”) can be used to validate compliance for medical business, and modified to be applicable for motor business. The insurance company should provide SAMA with copies of Excel workbooks.
Other components of the report
The reports should be a comprehensive analysis of the Company’s most recent experience. The report should be clear and comprehensive so that another experienced Appointed Actuary can follow the report and come to a conclusion. Examples of other components to be analysed and commented on are:
> Clear summary of the proposed premium rates, the percentage change from the most recent approved rate for each component and the overall percentage impact of the proposed rates on the total premium for the Company’s motor book of business. > Assumptions should be explained and the reason for their selection provided. If they rely on an external source, that source should be provided. > Other actuaries who worked on the report should be identified. The process of peer review of the report should be explained and the peer reviewer of the report identified. > The specific proposed effective date of the filed rates should be presented. > Material judgmental adjustments or assumptions that the Appointed Actuary applied to the data or are known by the Appointed Actuary to have been applied to the data. > Limitations on the use of the actuarial work product due to uncertainty about the quality of the data. > Any unresolved concerns the Appointed Actuary may have about the data that could have a material effect on the actuarial report. > Considerations of cautions regarding possible uncertainty or risk in results. > Any financially, organizationally, or other dependency concerning any matter related to the subject of the report and any such relevant information that is not apparent should be disclosed. > Identify parties responsible for each material assumption and method that are not the Appointed Actuary’s. > If the report includes materially different results or expresses a different opinion from the most recent former report of the Appointed Actuary, the report should make it clear that the earlier results or opinion are no longer valid and explain why they have changed.
Medical Expenses - Underwriting Practices 2016
SAMA issued the original Underwriting Circular on 25/5/1435.
At the request of the Insurance Executive Committee (IEC) SAMA subsequently issued standard claims experience forms for medical and motor insurance on 1 December 2014 to come into effect on 1 January 2015. These forms included clarifications, corrections and updates to the original Underwriting Circular.
The Underwriting Practices 2015 update was issued on 24/6/2015.
SAMA issued Property Instructions on 20/10/2015.
SAMA has noted that underwriting and other practices in the medical and motor classes are now diverging as the market develops. In future SAMA will issue Circulars and Instructions separately by Class of Insurance as defined in Article 33 of the Implementing Regulations.
This Circular refers to health insurance only.
An updated version of the claims experience forms for medical expenses was issued on 9 June 2016, with an implementation date of 1 September 2016.
SAMA has noted that underwriting practices in the market remain out of line with international practice in some respects that are damaging the functioning of the market. These practices include:
• Limited rating factors being used to price individual medical risks, with such risks being treated as commodity products.
SAMA introduced requirements for insurance companies to obtain and submit actuarial pricing reports for medical expenses businesses late in 2012 and to be implemented starting from 1 January 2013 for medical expenses insurance business.
These actuarial pricing reports were required to be updated by June 2014. and then by August 2015.
The submitted actuarial medical pricing reports must be updated to fully take into account the recent claims experience of insurance companies.
The technical instructions for actuarial pricing reports have now been included within SAMA’s Actuarial Work Regulations, and these Regulations should be read in conjunction with this Circular.
This Circular details SAMA's instructions with respect to the above mentioned issues.
No insurance company shall ever provide a quotation without having adequate underwriting information, including claims experience, on which to scientifically determine the premium rates appropriate for the policy terms & conditions offered. It should be noted that this applies to all insurance policies of all classes.
1. Claims Experience Requirements
1.1 Medical Underwriting
SAMA has developed claims experience forms and quotation instructions at the request of the industry.
These have been updated following feedback from the industry, and the 2016 version was issued on 9 June 2016.
1.2 Nature of the Claims Experience to be Required for Medical Insurance
At the request of the industry SAMA developed standard forms to be used by all insurers. These were issued in December 2014. and came into effect from 1 January 2015.
SAMA notes that sometimes the completion of these forms may not be as required, and would clarify that:
a) The company providing the claims experience must always provide data that is as up-to-date as possible. The claims experience provided should at a minimum include all claims processed more than 3 months before the claims experience reporting date. b) The monthly data provided for the most recent underwriting year is for claims paid in each month, and claims outstanding at the end of each month. All data must be shown. c) The Policy Year is the year from the last renewal data of the policy. If, for instance, a policy renews on 1 July, then the 2016 Policy Year is the period from 1 July 2016 to 30 June 2017. d) Full benefit information must be provided as staled in the experience form instructions.
1.3 Responsibility for Providing Claims Experience
The key relationship is between the policyholder and the insurance company. SAMA requires that the insurance company provides the policyholder, upon his written request or his representative's written request (i.e. broker), within 15 working days of making the request with sufficient and accurate information of his claims experience, including up-to-date incurred claims. It is the responsibility of the policyholder to provide the insurance company with sufficient and accurate information for it to price and underwrite the risk it is taking on.
Where the insurance company outsources its claims administration to a I PA, then the TPA is required to provide the data requested to the insurance company within 10 working days of its request.
The claims experience report issued by either the insurance company or its TPA must be stamped & signed by the authorised person and the report must be printed on the issuer heading letters (insurance company or its TPA).
After receiving the claims experience, the policyholder should review the report and confirm in writing that he reviewed it and that all information included within the report is accurate to the best of his knowledge.
If the insurance company fails to obtain the policyholder's confirmation that the claims experience is accurate then it should note that it may not be able to take any action if it subsequently discovers it has charged an inadequate premium rate based on the data provided.
With respect to personal lines business, the insurance company is not required to obtain the policyholder’s claims experience in a report format from the policyholder or the existing insurance company; instead the insurance company should ensure that its proposal form asks about all material facts including the policyholder's claims experience.
If it is found that inaccurate claims experience was provided then the insurance company shall have the right to review the premium rate charged, and take appropriate actions. These include adjusting the premium, or requiring that any commission paid to the broker be refunded if due to broker misrepresentation or non-disclosure.
In extreme circumstances where evidence has been obtained that claims data provided to the insurance company in order to quote was misstated with fraudulent intent, then the insurance company may cancel the policy and take the proper actions against the parties who are responsible.
1.4 Role of Brokers
A broker may collect the claims experience and provide it to the insurance company. It should be noted that brokers must act on behalf of the policyholder and conduct their business according to professional and ethical standards and as per the applicable laws and regulations, including the provisions of the Implementing Regulations of the Law on Supervision of Co-operative Insurance Companies, Insurance Intermediaries Regulation, Market Code of Conduct Regulation and Regulation of Reinsurance Activities Regulation.
Using a broker to collect this data docs not in any way reduce the responsibility of the policyholder to ensure that accurate information is provided to the insurance company.
1.5 Pricing of Group Medical Insurance
Insurance companies must comply with the following instructions when applying the claims experience:
1. Apply an experience rating approach for group risks, and they must also supply a fully justified credibility formula recommended, and signed off, by the Company’s Actuary. 2. A form or Excel spreadsheet shall be produced which ensures that the pricing mechanism adopted complies with the credibility formula that is recommended by the Company’s Actuary. A copy of the form or Excel spreadsheet must be provided to SAMA. 3. The Actuary shall determine the annual increase in the burning costs allowing for claims trends, inflation to be built in the credibility formula calculation mechanism. 4. The Actuary’s Pricing Report shall specify the size of schemes for which this blended pricing approach must be adopted. It must define the size of smaller schemes where book rates shall be used. 5. The Insurance Company may request that its Actuary assists with individual quotations for a particular scheme if it considers that there are reasons why the scheme falls outside the standard pricing process. All such individual quotations must be fully documented, auditable, and made available to SAMA on request. The Actuary should ensure that these individual quotations fall outside the standard pricing process before providing his/her recommendation. 6. The Actuary is required to specify in his pricing report the range of discounts that companies can adopt in their pricing based on discounts received on the existing portfolio. Companies should use the discount that they expect to receive from the Medical Service Providers in their quotation. The underwriters justification for the discount used should be fully documented, and provided to SAMA and the internal control functions on request.
It should be noted that SAMA imposes no restrictions on the form of the credibility formula to be adopted by each company, provided that it has been recommended by the Actuary. For instance, the Actuary may choose to vary the credibility formula by class of insurance, own or other insurer’s experience, good or poor experience. SAMA may challenge the credibility formula adopted if it considers that it has not been fully justified technically.
1.6 Pricing of Individual Medical Risks for Employed Expatriates and Dependents
Individual or Retail Medical Policies for employed expatriates and their dependents are being phased out for renewals with effect from 1 July 2016.
The employer will be required to replace them with corporate policies.
It may not he possible for an employer to obtain reliable claims experience if his employees have been covered by individual policies. In such cases insurance companies must price the policy using their corporate book rates.
Any corporate policy written without claims experience should be endorsed to make it clear that not disclosing claims experience may invalidate the contract, and entitle the Insurance company to charge more if it is subsequently finds that claims experience was available from a prior corporate policy.
Before issuing any quotation, the insurance company must verify whether or not the client has been insured under a corporate policy in the past, by utilizing the authorized access to data that will be provided by CCHI.
1.7 Other Individual Policies
Other individual policies are unaffected by the changes to medical expenses products for employed expatriates and their dependents.
It is expected that special consideration will need to be given to products for Saudi Arabian individuals and their families, as this market develops.
2. Premium Rate Guarantees
It is not permitted for any insurance company to enter into any arrangement with any insured for a period in excess of one year for medical expenses insurance with rates guaranteed for more than one year. Policyholders can choose to renew their annual policy with the same insurance company, but this must be on terms negotiated and agreed at renewal.
It should be noted that the use of prescribed formula for renewals, even if it takes into account the loss experience for the first year is not acceptable. Full allowance for current inflation and future trends expectations must be made for all quotations at the time of the renewal.
3. Insurance Companies Other than Leading a Medical Policy
3.1 Acting as Co-Insurer not Leading the Policy
Any insurer participating in a panel of insurers, or following a lead co-insurer must ensure that they obtain full exposure and claims data to underwrite the policy fully. It is not permitted to place full reliance on a lead insurer.
4. Medical Pricing Report
4.1 General Requirements
SAMA is requiring all insurance companies to provide a lull actuarial pricing update for medical products on at least an annual basis, and will consider requiring more frequent updates if necessary.
SAMA requires all companies approved to sell medical products to provide lull updated reports by 30 September 2016.
For any medical pricing reports, the Appointed Actuary must use up to date complete data to determine the premium rates. The data used in the report must be up to date when the report is submitted to SAMA. Specifically, if a report is submitted between:
1) 1 March to 31 May: it must use complete data up to at least 31 December of the previous year. 2) 1 June to 31 August: it must use complete data up to at least 31 March of the same year 3) 1 September to 30 November: it must use complete data up to at least 30 June of the same year. 4) I December to 31 December: it must use complete data up to at least 30 September of the same year. 5) 1 January to 28/29 February: it must use complete data up to at least 30 September of the previous year.
Medical products approval may be withdrawn if the updated Actuarial Pricing Reports arc not submitted or are not compliant with SAMA's instructions.
The Insurance Company's Appointed Actuary shall prepare the medical pricing reports that are to be submitted to SAMA unless the Insurance Company has obtained SAMA's no objection to ask another actuary to prepare the pricing reports at least three months before the date of the actuarial report submission. It should be noted that SAMA will only allow another actuary to be used only if it is justified, and SAMA will require a report to be submitted from the Appointed Actuary in addition to those prepared by the other actuary. It should be noted that there are no restrictions on the preparation of technical or actuarial reports that are not submitted to SAMA.
If a company submits two actuarial reports to SAMA then it must implement the one prepared by its Appointed Actuary. It may only implement the premium rates in the other actuary's report if and when it receives SAMA's noobjection.
The Insurance Company should note that it is acceptable to provide partial submissions to SAMA from the Actuary in respect of
a. Revisions to credibility formula b. Changes to recommended loadings c. Pricing of a single product within the medical class d. Introduction of a new rating factor e. A new network option f. Other amendments to the pricing basis that the actuary recommends, subject to these not leading to a reduction in premium rates for retail/individual medical
The Insurance Company may seek SAMA's approval to provide partial pricing submissions from the Actuary in other circumstances.
It is always acceptable to charge higher premium rates than those determined by the Actuary, subject to such rates being fully documented, justified, and in line with Article (46) of Implementing Regulations.
It should be noted that there is no requirement for the Company to submit any actuarial pricing report to SAMA unless required by this Circular, or the Company wishes to amend its premium rates or rating structure. The Company must never charge rates lower than those that have been submitted to SAMA. It is always permitted to charge higher rates than those in the Actuary's report, provided the rates charged are fair, reasonable and technically justified.
If the Company makes any material alteration in its reinsurance arrangements for medical insurance, then it must consult with its Actuary to determine whether the recommended loadings in the premium rates remain adequate, and must amend its rates as appropriate.
It should be noted that the Actuary must recommend premium rates with no cross subsidies between the rating factors, in line with Article 46 of the Implementing Regulations. However if, for competitive purposes, the Company wishes to charge rates which have some element of crosssubsidisation, then it may ask the Actuary to prepare an additional report setting out the risks of applying the cross-subsidies, based on the expected portfolios of business written, which may not be too dissimilar to the in-force portfolio. SAMA will review the cross-subsidy report separately.
It should be noted that cross-subsidies are only permitted within the same class of insurance. In addition, no cross-subsidies are permitted between retail and corporate business.
The Actuary is responsible to ensure that a comprehensive and concise report is provided to SAMA, so as to minimize the extent of required follow-up queries from SAMA.
In addition, the Actuary must prepare a short summary document highlighting his key findings for each Actuarial Pricing Report. This shall be no more than five (5) pages in length, and must be submitted to the Board of Directors of the Company as a Board paper within five working days of the Actuary's submission, with the Actuary’s full report being an appendix to the Board paper.
The Actuarial Pricing Reports submitted to SAMA cannot be preliminary or initial and are required to be the final reports. The reports shall clearly summarize and compare the Company's current premium rates (loads and discounts) and the new premium rates (loads and discounts) calculated by the Actuary.
4.2 Mandatory Loading Requirements
The Actuary is required to include the following loadings within the gross premium rates:
1) An Expense Loading covering all of the Company’s expenses, both tor policyholders and shareholders, allocated appropriately to each class of insurance. A Company may use projected expenses if it meets the criteria set out in Section 4.3 2) A Commission Loading covering any direct payments made in respect of the acquisition of a policy, whether to intermediaries or to internal staff. 3) A Profit Loading that must be explicitly approved by the Board of Directors of the Company. 4) A Contingency Loading set at 2.5% of premium for medical expenses. 5) A Financial Condition Loading to allow for the lower risk capacity of any insurance company that is not able to cover its solvency margin fully. This is defined fully in Appendix Three.
Detailed requirements for the calculation of these loadings are shown in Appendix Two.
SAMA has noted that there is some confusion in the industry about the correct definitions of Loss Ratio. Expense Ratio and Combined Ratios, so these are set out in Appendix Four.
a. Use of Projected Expense Loadings
If a Company has cover for its statutory solvency margin in excess of 125% as at 31 December 2015. and it docs not have product approval for any Savings products, then it may adopt projected expense loadings for medical insurance.
The pricing report should provide justification lor the proposed expense loadings by including a prudent business projection showing the legal solvency margin of the Company as at the end of 2016, 2017 and 2018.
In addition, in order to use projected expense loadings a Company must demonstrate that it has been achieving economies of scale over 2014 and 2015. In particular:
1) The Company must have had more than 100% growth in Medical Insurance Gross Written Premium from 2014 to 2015. 2) The Company must have had no increase in loss ratio in 2015 from that experienced in 2014. 3) The Loss Ratio in 2014 must be no higher than 80%.
If this business projection does not sufficiently demonstrate that the Company will have 110% cover for its statutory solvency margin as at the end of 2016. 2017 and 2018, then SAMA will require the Company to increase its expense loadings.
By 2018 the projection must show that the Company is fully covering all of its allocated expenses to the medical class by its premium loadings from medical business written.
In addition:
• Medical premium income and expenses must be projected based on stated and justified assumptions. • The allocation of expenses to the medical line of business must be based on slated and justified assumptions.
If al any quarter end, the cover for the legal solvency margin is below 110% then the Company must immediately increase its expense loadings lor medical expenses business to those determined according to the mandatory loadings section, with all expenses being covered by premiums written.
5. The Underwriting Manual
5.1 Submission to SAMA
The Company must submit a corresponding Underwriting Manual, rating structure and premium rates.
The rating structure and premium rates must be in Excel spreadsheet format.
5.2 Contents of the Underwriting Manual
Underwriting Manuals must contain sufficient information so that an external party can follow any quotation produced by an Insurance Company tor a risk in that Class of Insurance.
Underwriting Manuals must:
• be consistent with the pricing reports • be comprehensive and cover all risks • be clear and user-friendly • fully describe the quotation process • include the Underwriting Authority Statement, fully described • be consistent with reinsurance arrangements • where appropriate, they must be consistent with TPA agreements • where appropriate, they must be consistent with CCHI requirements
All premium rates to be charged must be approved by the Actuary. Any adjustments to be made to the base rates determined by the Actuary must be documented in the Underwriting Manual.
The Underwriting Manual shall be signed off by the Chief Underwriter or Chief Technical Officer for the class of insurance, as designated by the Company.
The Actuary should review the Underwriting Manual (excluding the Underwriting Authority Statement) for technical accuracy and consistency with the pricing report, and highlight any inaccuracies.
The Risk Manager shall also sign off the Underwriting Manual (including the Underwriting Authority Statement) from the process perspective.
Il should be noted that the Company is fully responsible for the accuracy, clarity and comprehensiveness of the Underwriting Manual.
SAMA requires that companies commit to translating their Underwriting Manual and Underwriting Authority Statement into Arabic by 31 December 2016.
5.3 The Underwriting Authority Statement
The Underwriting Authority Statement must set out fully the levels to which each Underwriter may quote.
This could be measured by Gross Written Premium. Sum Insured, or Number of Lives for Medical, or a combination of these.
5.4 Discretionary Reductions in Loadings for Individual Quotations
This section sets out the requirements to fully document in the Underwriting Authority Statement any discretion to reduce loadings for individual quotations. This is distinct from section 4.4 which sets out when and how the Insurance Company can apply to SAMA to be allowed to reduce loadings for all quotations.
Any discretion to reduce Loadings for a particular quote would normally only lie with the Chief Underwriter or Chief Technical Officer. The scope to which this discretion extends must be fully documented.
Any additional discretion to reduce Loadings, for individual quotations, that lies with the Chief Executive Officer must be fully documented.
The Minimum Loadings that must be applied for all quotations must be clearly stated, The Minimum Loadings, net of commission, must be no less than 75% of the total loadings, net of commission, recommended by the Actuary.
No discretion to reduce loadings to a particular quotation may be applied until the Underwriting Authority Statement has been approved by the Board of Directors, and it has been submitted to SAMA.
5.5 Training on the Updated Underwriting Manual and Underwriting Tools
Everyone who has any level of authority to underwrite must be trained in the use of the Underwriting Manual and the Underwriting Tools.
Records must be maintained of formal training undergone.
The Company must provide a quarterly update to SAMA of the underwriting training undertaken.
SAMA considers that well trained and competent underwriters are essential to any insurance company writing medical expenses insurance.
If an Insurance Company has been authorised to write medical expenses insurance for more than three years, but does not have suitably skilled underwriters in place then SAMA will consider taking action, including the suspension of product approvals, until the situation is resolved.
6. Compliance and Record Keeping
A copy of this Circular must be passed to the Company’s Board of Directors, Audit Committee. Internal Auditors, Risk Management officers. Compliance Officer. Responsible Actuary and External Auditors.
The Actuary must prepare a short summary document highlighting the key recommendations of the pricing report. This shall be submitted to the Board of Directors and the internal control functions (internal audit, risk management, and compliance functions) with the pricing report submission.
The purpose of this document is to ensure that:
• The internal control functions understand the Actuary's recommendations. • There arc internal controls in place to ensure the Company is following the Actuary's recommendations. • The internal control functions set up a meeting with the Actuary to understand his/her recommendations and how to ensure that the Company is following his/her recommendations.
The Compliance function must report to SAMA any material lack of compliance with SAMA's instructions. This shall be based on the reports of the Internal Audit function and the Risk Management function, and shall include an action plan for addressing the key issues identified.
The Internal Audit function must carry out a continuous audit, at least on a quarterly basis, of the underwriting function to assess compliance with the Company’s internal procedures and guidelines as defined in the Underwriting Manual submitted to SAMA.
The Risk Management function must cany out a quarterly assessment of the underwriting risks, and recommend improvements to processes, and address any other weaknesses that should be improved such as any need for additional training of underwriting staff.
The internal control functions (internal audit, risk management, and compliance functions) must provide the Audit Committee on a quarterly basis with a report on their findings and suggested corrective actions. Moreover, on a quarterly basis the Compliance function must provide SAMA with a copy of the minutes of the Audit Committee meeting in which the report was discussed. The minutes must summarize the findings and any corrective action that should be taken by the Company.
The Underwriting Authority Statements for Medical products must be formally approved by the Board of Directors within 60 days of the required submission dates of the Actuarial Pricing Reports to SAMA.
The Compliance Officer must ensure that all those mentioned in the first paragraph of this section receive copies of the Actuary’s Pricing Reports, the Board Summary documents and the Underwriting Manuals.
In addition, all members of staff who have a designated underwriting authority level must be passed copies of the Underwriting Manual by the Compliance Officer.
The Company must ensure that it has in place a central database accessible by Senior Management and all Internal Control functions containing lull records of all quotations issued by the Company, and all backing data.
Companies are required to have a centralised quotations database in place by 1 July 2016.
7. Implementation of New Rates
7.1 File and Use
Any proposed revisions to premium rates, rating structure and credibility formula may be introduced on a File & Use basis, which means the insurance Company files the new actuarial report with SAMA and implements the new proposed premium rate, subject to such rates being in line with Article (46) of the Implementing Regulations.
The proposed revisions must be implemented within one month of the date the report is submitted to SAMA.
One specific exception is that, for Individual/Rctail Medical, premium rates may not be introduced on a File & Use basis, if the premium rates for more than 50% of the business that the Company expects to write are to be reduced. Any proposed reductions in retail premium rates may only be introduced if SAMA provides its no-objection. However, if SAMA has not provided a response to the Company within three months of its submission of reduced rates, then it may assume that SAMA has no objection to its introduction of the rates.
7.2 SAMA’s Review Process
SAMA’s review of the Actuarial Pricing Reports will be split into two parts:
a) A review of the loadings for expenses, contingency, profit and any financial condition loading to be applied to ensure that these are compliant with requirements. b) A technical review of the methodology adopted.
If non-compliant loadings arc being applied the Company will be required to correct these within five working days of SAMA's letter to the Company.
SAMA will also review
c) The Underwriting Manual to check that it is complete and consistent with the Actuarial Pricing Report. d) The Excel pricing tool provided to check that it is compliant with the Actuarial Pricing Report, and that it is documented in the Underwriting Manual.
SAMA's reviews must not be regarded as reducing in any way the responsibility of the Company and the Actuary to comply with regulatory requirements.
If SAMA discovers that any company or actuary has abused the File and Use process, then appropriate regulatory actions will be taken.
7.3 Regular Rate Increases
All companies are required to increase their medical rates on a quarterly basis to allow for inflation and anticipated future trends in experience, as recommended in the Actuary’s report.
Any Company that is required to apply a Financial Condition Loading must update that loading quarterly based on the Quarterly Reporting Forms. It must submit a brief note to SAMA setting out and justifying the revised Financial Condition Loading.
The exception to this is that the Financial Condition Loading must not be reduced at any quarter unless the Company has used reserves that have been determined by its Appointed Actuary.
7.4 Regulatory Action for Non Compliance
It should be noted that if an insurance company, broker, insurance agent or insurance claims settlement specialist (third party administrator) is not in compliance with this Circular. SAMA will take the regulatory/legal actions as stipulated in the Law on Supervision of Co-operative Insurance Companies and its Implementing Regulations.
Thus. SAMA instructs the Insurance Company to do the following:
1. Submit the 2016 pricing report by 30 September 2016. 2. Implement the new premium rating basis by 31 October 2016, provided it fits the File & Use requirements. 3. Provide SAMA with a copy of the five-page Board summary report by 30 September 2016. 4. Provide SAMA with the updated Underwriting Manuals, including the Underwriting Authority Statement, which reflects the instructions stated in Sections 1, 2, 3, 4 and 5 of this Circular, for medical expenses insurance. These must be provided within 60 days alter the deadline for the submission of the Actuarial Pricing Reports. 5. Provide SAMA with an unprotected soft copy of the Excel spreadsheets that set out the blended credibility approach that the Insurance Company is going to adopt to price group medical expenses which are in compliance with instructions stated in this Circular. These must be provided with the Actuarial Pricing Reports. 6. Provide SAMA with copies of the minutes of the Audit Committee meetings in which quarterly internal auditor reports are discussed. 7. Provide SAMA with a quarterly summary of training undergone by Underwriting staff. 8. Immediately provide the Insurance Company’s employees who are in charge of underwriting with a copy of this Circular. 9. The requirements set out in this Circular will be effective immediately. 10. Provide confirmation from the Insurance Company’s CEO/GM within seven days of the date of this Circular of adherence to the instructions stated in this Circular. 11. Copies of this Circular must be provided to the full Board of Directors of the Company. Minutes of the Board meeting on the adherence to the requirements set out in this Circular must be provided to SAMA within 90 days of the date of this Circular. 12. SAMA requires that the Actuary attend Board Meetings to present his Board Pricing papers, and take questions on his full pricing report. The Company must provide minutes of the relevant Board meetings to SAMA, and copies of the Actuary’s Board papers within ten business days of the meeting.
Appendix One - Additional Requirements
Blending Book Rates with Experience for Larger Schemes
An Excel spreadsheet must be produced which ensures that the pricing mechanism adopted complies with the credibility formula recommended by the Actuary.
Compliance with the Prior Actuarial Pricing Reports
In order to investigate the compliance with the experience rating basis recommended, the Actuary shall take samples of the top five groups by premium income from the Insurance Company’s portfolio and derive the experienced-rated premium rate. This can then be compared with the actual rate charged for each of the top live groups.
The Actuary is required to provide with his pricing report an Excel workbook to validate compliance with previous submitted pricing reports. The Excel workbook provided by SAMA (“ComplianceWithActuarialRates.xlsx”) can be used to validate compliance for medical business. The Insurance Company must provide SAMA with copies of the Excel workbooks.
Appendix Two - Mandatory Loading Requirements - Details
The Actuary is required to include at least the following loadings within the Office Premium rates:
1) An expense loading (e) 2) A commission loading (c) 3) A profit loading (p) 4) A contingency loading (co) 5) A financial condition loading (f).
That is
Office Premium >= Risk Premium / (1 - e - c - p - co - f)
1. Expense Loading
The expense loading must cover all of the Company’s expenses, both for policyholders and shareholders. The Actuary should develop an appropriate allocation of expenses for the medical line of business.
For any Company that was licensed by SAMA to write any class of insurance business as at 1 January 2013. the expense loading is subject to a minimum of the expense ratio of the Company for 2015. For the purposes of this sub- paragraph, expense ratio must be calculated using the formula set out in Appendix Four modified as follows:
• The item “commission incurred (Form 21, Line 38, Column E) should be omitted, as commission is covered by the separate commission loading. • Some companies may have incorrectly reported I PA tees in Forms 81 and 82 on the grounds that they are loss adjustment expenses, as opposed to in line 40 of form 21. Where companies have taken this approach the formula in Appendix Four will need to be adjusted so that 1 PA tees are included in the expense ratio.
For the avoidance of doubt, the Actuary is expected to perform two calculations:
• An expense loading for the medical expenses line of business using an allocation of expenses to that line of business determined by the Actuary, • The expense ratio of the Company using the formula set out in Appendix Four, adjusted as above.
The expense loading is then whichever of these calculations leads to the higher result.
Any Company that was not licensed to write any class of insurance as at 1 January 2013 may calculate the expense loading using a prudent projection of its expenses and premium income for the third calendar year following the date at which it was first licensed to write any class of business.
Any Composite Insurance Company, defined as any company writing general/health insurance and a material amount of long-term Protection & Savings business, must not use the expense ratio for the Company as a whole. Instead, an expense report shall determine a suitable split of expenses between Protection & Savings and General/Health. and the Expense Ratio determined for General/Health only.
Any expenses that may be subject to unusual fluctuations may be smoothed. In particular, the change in Doubtful Debt Reserve must be considered part of the Company's expenses, but consideration should be given to smoothing this item.
2. Commission Loading
The commission loading will normally reflect the actual commission to be paid on a case by case basis.
3. Profit Loading
The profit loading must be at least 2% of gross premium. It must be explicitly- approved by the Board of Directors of the Company.
4. Contingency Loading
The contingency loading must be set at 2.5% of gross premium.
5. Financial Condition Loading
A Financial Condition Loading is required to allow for the lower risk capacity of any insurance company that does not have sufficient Admissible Assets to meet the Required Margin before application of the Minimum Capital Requirement (Reporting Form 31, Line 43, Column A).
The required calculation to be adopted for this loading is set out in Appendix Three.
If a Company is in the process of increasing its capital, then the Actuary must provide two sets of premium rates for the Company to use, one prior to the capital raising exercise, and the other based on the expected solvency position once the additional capital has been raised, allowing for the different Financial Condition Loadings before and after the capital increase.
The rates based on the post capital raising financial condition may only be used once the Company has received the proceeds of the capital raising exercise.
Appendix Three - Financial Condition Loading
All companies that do not hold sufficient Admissible Assets to cover their Total Required Margin before application of the Minimum Capital Requirement must include an additional loading in the medical premium rates that they charge.
This is based on the data presented in Form 31 in the most recent Quarterly or Annual Returns, subject to any amendments required by SAMA.
The Financial Condition Ratio is defined as the Net Admissible Assets / Total Required Margin.
Financial Condition Ratio = (Form 31, Line 39, Column A) / (Form 31, Line 43, Column A)
If the Financial Condition Ratio is greater than or equal to 1 then no loading shall be applied to the premium rates.
If the Financial Condition Ratio is less than 1 then a Financial Condition Loading must be applied
The Financial Condition Loading for Medical Expenses is determined as:
16% x (1- Financial Condition Ratio)
The Financial Condition Loading shall be rounded to the nearest whole percentage point.
Note "Column A" refers to the Form Label, not the Excel Column.
Appendix Four - Standard Income Statement Ratio Definitions
This section sets out the standard definitions of the Loss Ratio. Expense Ratio and Combined Ratio equivalent to those used internationally.
Key points to note are that
1) Combined Ratio = Loss Ratio + Expense Ratio 2) A Combined Ratio in excess of 100% means a Gencral/Health Insurance Company is making Underwriting Losses. These may be mitigated by investment returns. 3) These ratios must not be used for any Company writing material amounts of long term Protection & Savings business.
For all three ratios the Denominator is the Net Earned Premium plus any other income other than that arising from investments:
Net Earned Premium (Form 21, Line 17, Column E) + Other Underwriting Income (Form 21. Line 19, Column E) + Other Income (Form 21, Line 71. Column E) + Other Income - Shareholders (Form 22. Line 19, Column A)
If a Company has incorrectly treated movements in Premium Deficiency Reserves as part of its earned premium for accounting purposes, then it should reverse these movements out for the purposes of calculating its Standard Income Statements Ratios.
For Loss Ratio, the Numerator is the Claims Incurred (in Form 21, Line 37, Column E), adjusted to exclude any changes in Premium Reserves, such as Premium Deficiency Reserves or Catastrophe Reserves.
The adjusted Claims Incurred are then divided by the Denominator to determine the Loss Ratio.
For the Expense Ratio, the Numerator is:
Commission Incurred (Form 21. Line 38, Column E) Minus Reinsurance Commissions Earned (Form 21, Line 18, Column E) + Policy Acquisition Costs (Form 21, Line 39, Column E) + Other direct underwriting Expenses (Form 21, Line 40, Column E) + Doubtful Debt Expense (Form 21. Line 41, Column E) + Operational and Technical Expenses (Form 21, Line 51, Column E) + Shareholders Expenses (Form 22, Line 39, Column A) + Zakat (Form 22. Line 51, Column A) Taxes (Form 22, Line 52, Column A)
The Combined Ratio is defined as the Loss Ratio + Expense Ratio
Underwriting Practices 2015
SAMA issued the original Underwriting Circular on 25/5/1435.
At the request of the Insurance Executive Committee (IEC) SAMA subsequently issued standard claims experience forms for medical and motor insurance on 1 December 2014 to come into effect on 1 January 2015. These forms included clarifications, corrections and updates to the original Underwriting Circular.
With the issue of this Circular, the Claims Experience Forms remain in force. There are some clarifications to the instructions for quotations which are shown in Appendices Four and Five to this Circular.
SAMA has noted that underwriting practices in the market remain out of line with international practice in several respects that are damaging the functioning of the market. These practices include:
• Inadequate loadings being applied to risk premium rates to allow for all expenses, contingencies, profit and the financial condition of the company. • Limited rating factors being used to price individual motor and medical risks, with such risks being treated as commodity products • For property and engineering insurance, and other largely reinsured risks, insurers acting as intermediaries focusing on volume rather than as risk takers.
SAMA introduced requirements for insurance companies to obtain and submit actuarial pricing reports for medical expenses and motor businesses late in 2012 and to be implemented starting from 1 January 2013 for medical expenses insurance business and from 1 April 2013 for motor insurance business. These actuarial pricing reports were required to be updated by June 2014 for medical and August 2014 for motor.
The submitted actuarial medical and motor pricing reports must be updated to fully take into account the recent claims experience of insurance companies.
The technical instructions for the actuarial pricing reports have now been included within SAMA’s Actuarial Work Regulations, and these Regulations should be read in conjunction with this Circular.
This Circular details SAMA’s instructions with respect to the above mentioned issues.
No insurance company shall ever provide a quotation without having adequate underwriting information, including claims experience, on which to scientifically determine the premium rales appropriate for the policy terms & conditions offered. It should be noted that this applies to all insurance policies of all classes.
1. Claims Experience Requirements
1.1 Medical and Motor Underwriting
SAMA has included updated quotation instructions within the claims experience developed at the request of the industry.
These have been further clarified following feedback from the industry, and the current versions are shown in Appendix Four and Appendix Five of this Circular.
1.2 Nature of the Claims Experience to be Required for Medical and Motor
At the request of the industry SAMA developed standard forms to be used by all insurers. These were issued in December 2014, and came into effect from 1 January 2015.
SAMA notes that sometimes the completion of these forms may not be as required, and would clarify that:
a) The company providing the claims experience must always provide data that is as up-to-date as possible.
b) The monthly data provided for the most recent underwriting year is for claims paid in each month, and claims outstanding at the end of each month. All data must be shown.
c) The Policy Year is the year from the last renewal data of the policy. If, for instance, a policy renews on 1 July, then the 2015 Policy Year is the period from 1 July 201 5 to 30 June 2016.
d) Full benefit information must be provided as stated in the experience form instructions.
1.3 Responsibility for Providing Claims Experience
The key relationship is between the policyholder and the insurance company. SAMA requires that the insurance company provides the policyholder, upon his written request or his representative’s written request (i.e. broker), within 15 working days of making the request with sufficient and accurate information of his claims experience, including up-to-date incurred claims. It is the responsibility of the policyholder to provide the insurance company with sufficient and accurate information for it to price and underwrite the risk it is taking on.
Where the insurance company outsources its claims administration to a TPA, then the TPA is required to provide the data requested to the insurance company within 10 working days of its request.
The claims experience report issued by either the insurance company or its TPA must be stamped & signed by the authorised person and the report must be printed on the issuer heading letters (insurance company or its TPA).
After receiving the claims experience, the policyholder should review the report and confirm in writing that he reviewed it and that all information included within the report is accurate to the best of his knowledge.
If the insurance company fails to obtain the policyholder’s confirmation that the claims experience is accurate then it should note that if may not be able to lake any action if it subsequently discovers it has charged an inadequate premium rate based on the data provided.
With respect to the personal lines of the business, the insurance company is not required to obtain the policyholder’s claims experience in a report format from the policyholder or the existing insurance company; instead the insurance company should ensure that its proposal form asks about all material facts including the policyholder’s claims experience.
If it is found that inaccurate claims experience was provided then the insurance company shall have the right to review the premium rate charged, and take appropriate actions. These include adjusting the premium, or requiring that any commission paid to the broker be refunded if due to broker misrepresentation or non-disclosure.
In extreme circumstances where evidence has been obtained that claims data provided to the insurance company in order to quote was misstated with fraudulent intent, then the insurance company may cancel the policy and take the proper actions against the parties who are responsible.
1.4 Role of Brokers
A broker may collect the claims experience and provide it to the insurance company. It should be noted that brokers must act on behalf of the policyholder and conduct their business according to professional and ethical standards and as per the applicable laws and regulation, including the provisions of the Implementing Regulations of the Law on Supervision of Co-operative Insurance Companies, Insurance Intermediaries Regulation, Market Code of Conduct Regulation and Regulation of Reinsurance Activities Regulation.
Using a broker to collect this data does not in any way reduce the responsibility of the policyholder to ensure that accurate information is provided to the insurance company.
1.5 Pricing of Group Medical or Motor Fleet/Leasing Risks
Insurance companies must comply with the following instructions when applying the claims experience:
1. Apply an experience rating approach for group or fleet/leasing risks, and must supply a fully justified credibility formula recommended, and signed off, by the company’s Actuary. 2. A form or Excel spreadsheet shall be produced which ensures that the pricing mechanism adopted complies with the credibility formula that is recommended by the company’s Actuary. A copy of the form or Excel spreadsheet must be provided to SAMA. 3. The Actuary shall determine the annual increase in the burning costs allowing for claims trends, inflation to be built in the credibility formula calculation mechanism. 4. The Actuary’s pricing report shall specify the size of schemes for which this blended pricing approach must be adopted. It must define the size of smaller schemes where book rates shall be used. 5. The insurance company may request that its Actuary assists with individual quotations for a particular scheme if it considers that there are reasons why the scheme falls outside the standard pricing process. All such individual quotations must be fully documented, auditable, and made available to SAMA on request. The Actuary should ensure that these individual quotations fall outside the standard pricing process before providing his/her recommendation.
It should be noted that SAMA imposes no restrictions on the form of the credibility formula to be adopted by each company, provided that it has been recommended by the Actuary. For instance, the Actuary may choose to vary the credibility formula by class of insurance, own or other insurer’s experience, good or poor experience. SAMA may challenge the credibility formula adopted if it considers that it has not been fully justified technically.
1.6 Pricing of Individual Medical Risks
SAMA notes that many of these products are issued solely in order for expatriates to obtain, or renew, their residence permit (Iqama) to live in Saudi Arabia.
This situation is not sustainable indefinitely, with claims rates at their currently low levels.
SAMA will seek to work with the Insurance Industry, and other Government agencies, to ensure that all insurance products sold provide genuine benefits to the consumer, and are not just put in place to comply with other regulatory requirements.
1.7 Pricing of Individual Motor Risks
This class of business has been unprofitable for many in the market, partially due to limited data collection and the use of insufficient rating factors.
SAMA will seek to work with the Industry to agree minimum data collection and rating factors to be used, by each individual company.
It should be noted that an industry database would primarily be used for fraud detection, and not for setting prices.
It may be possible to use some rating factors from industry data, but these would need to be used within the pricing framework set out in the actuary’s pricing report.
Under no circumstances may companies use premium rates derived entirely from industry data.
1.8 Underwriting of Property Insurance
SAMA intends to issue quotation instructions for Property Insurance in 2015.
These should be considered to be part of this Circular, and in particular Section 6 on Compliance fully applies to these Instructions.
1.9 Underwriting of Engineering Insurance
SAMA intends to issue quotation instructions for Engineering Insurance in 2015.
These should be considered to be part of this Circular, and in particular Section 6 on Compliance fully applies to these Instructions.
1.10 Underwriting of Other Insurance Risks
SAMA will continue to review the state of the market for all insurance classes, together with the effectiveness of the measures undertaken for Medical, Motor. Property and Engineering risks.
Measures on other classes may be taken following detailed consultation with the industry.
2. Premium Rate Guarantees
It is not permitted for any insurance company to enter into any arrangement with any insured for a period in excess of one year tor medical expenses insurance or for motor insurance with rates guaranteed for more than one year. Policyholders can choose to renew their annual policy with the same insurance company, but this must be on terms negotiated and agreed at renewal.
It should be noted that the use of prescribed formula for renewals, even if it takes into account the loss experience for the first year is not acceptable. Full allowance for current inflation and future trends expectations must be made for all quotations at the time of the renewal.
3. Insurance Companies Other than Leading a Medical or Motor Policy
3.1 Acting as Third Party Administrator (TPA’S)
SAMA noticed that there are some insurance companies that manage insurance expenses claims (e.g. medical costs) without taking on the risk. Under this type of arrangement, the risk is not covered/shouldered by the insurance company, but the company administers the insurance claims of the client. This service represents claims administration services, or acting as a TPA, without bearing the insurance risk, which insurance companies are not licensed to do.
Article 3-2 of the Law On Supervision of Cooperative Insurance Companies does not permit insurance companies to carry out any activities other than insurance. Insurance companies are not allowed to provide claims administration services without bearing insurance risk.
3.2 Acting as Co-Insurer Not Leading the Policy
Any insurer participating in a panel of insurers, or following a lead co-insurer must ensure that they obtain full exposure and claims data to underwrite the policy fully. It is not permitted to place full reliance on a lead insurer.
4 Medical & Motor Pricing Report
4.1 General Requirements
SAMA is requiring all insurance companies to provide a full actuarial pricing update for medical and motor products on at least an annual basis, and will consider requiring more frequent updates if necessary.
SAMA, requires all companies approved to sell medical or motor products to provide full updated reports as follows:
1) Medical, by 31 August 2015 2) Motor, by 30 September 2015
For any medical/motor pricing reports, the Responsible Actuary must use up to date complete data to determine the premium rates. The data used in the report must be up to date when the report is submitted to SAMA. Specifically if a report is submitted between:
1) 1 March to 31 May: it must use complete data up to at least 31 December of the previous year. 2) 1 June to 31 August: it must use complete data up to at least 31 March of the same year 3) 1 September to 30 November: it must use complete data up to at least. 30 June of the same year. 4) 1 December to 31 December: it must use complete data up to at least 30 September of the same year. 5) 1 January to 28 February: it must use complete data up to at least 30 September of the previous year.
Medical/Motor products approval may be withdrawn if the updated actuarial pricing reports are not submitted or are not compliant with SAMA’s instructions.
The insurance company’s Responsible Actuary shall prepare the medical and motor pricing reports that are to be submitted to SAMA unless the insurance company has obtained SAMA’s no objection to ask another actuary to prepare the pricing reports at least three months before the date of the actuarial report submission. It should be noted that SAMA will only allow another actuary to be used only if it is justified, and SAMA will require a report to be submitted from the Responsible Actuary in addition to those prepared by the other actuary. It should be noted that there are no restrictions on the preparation of technical or actuarial reports that are not submitted to SAMA.
If a company submits two actuarial reports to SAMA then it must implement the one prepared by its Responsible Actuary. It may only implement the premium rates in the other actuary’s report if and when it receives SAMA's no- objection.
The insurance company should note that it is acceptable to provide partial submissions to SAMA from the Actuary in respect of
a. Revisions to credibility formula b. Changes to recommended loadings c. Pricing of a single product within the medical or motor class d. Introduction of a new rating factor e. A new network option for medical expenses f. Other amendments to the pricing basis that the actuary recommends, subject to these not leading to a reduction in premium rates for retail/individual medical or retail/individual motor business
The insurance company may seek SAMA’s approval to provide partial pricing submissions from the Actuary in other circumstances.
It is always acceptable to charge higher premium rates than those determined by the Actuary, subject to such rates being fully documented, justified, and in line with Article (46) of Implementing Regulations.
It should be noted that there is no requirement for the company to submit any actuarial pricing report to SAMA unless required by this Circular, or the company wishes to amend its premium rates or rating structure. The company must never charge rates lower than those that have been submitted to SAMA. It is always permitted to charge higher rates than those in the actuary's report, provided the rates charged arc fair, reasonable and technically justified.
If the company makes any material alteration in its reinsurance arrangements for medical or motor insurance, then it must consult with its Actuary to determine whether the recommended loadings in the premium rates remain adequate, and must amend its rates as appropriate.
It should be noted that the Actuary must recommend premium rates with no cross subsidies between the rating factors, in line with Article 46 of the Implementing Regulations. However if, for competitive purposes, the company wishes to charge rates which have some element of cross-subsidisation, then it may ask the Actuary to prepare an additional report setting out the risks of applying the cross-subsidies, based on expected portfolios of business written which may not be too dissimilar to the in-force portfolio. SAMA will review the cross-subsidy report separately.
It should be noted that cross-subsidies are only permitted within the same class of insurance. In addition no cross-subsidies are permitted between retail and corporate business for either medical or motor.
The Actuary is responsible to ensure a comprehensive and concise report is provided to SAMA as to minimize the extent of required follow-up queries from SAMA.
In addition, the Actuary must prepare a short summary document highlighting his key findings for each actuarial pricing report. This shall be no more than five (5) pages in length, and must be submitted to the Board of Directors of the company as a Board paper within five working days of the Actuary’s submission, with the Actuary’s full report being an appendix to the Board paper.
The actuarial pricing reports submitted to SAMA cannot be preliminary or initial and are required to be the final reports. The reports shall clearly summarize and compare the Company’s current premium rates (loads and discounts) and the new premium rates (loads and discounts) calculated by the Actuary.
4.2 Mandatory Loading Requirements
The actuary is required to include the following loadings within the gross premium rates:
1) An Expense Loading covering all of the company’s expenses, both policyholders and shareholders, allocated appropriately to each class of insurance. As medical and motor insurance are resource intensive products, the loading for expenses (including commissions) must be set at a minimum of the expense ratio for 2014 provided the company has been writing business for three full years. If a company was licensed by SAMA to write any class of insurance business as at 1 January 2012, it must cover all of its 2014 expenses in the Expense Loading. Only insurance companies that were not licensed to write any class of insurance as at 1 January 2012 may adopt prudent project projections in order to set their expense loadings. 2) A Profit Loading that must be explicitly approved by the Board of Directors of the company. This must be at least 2% of premium. 3) A Contingency Loading set at 2.5% of premium for medical expenses and 5% of premium for motor business. 4) A Financial Condition Loading to allow for the lower risk capacity of any insurance company that does not have sufficient Admissible Assets to meet the Required Margin before application of the Minimum Capital Requirement (Reporting Form 31, Line 43. Column A), The required calculation to be adopted for this loading is set out in Appendix Two.
SAMA has noted that there is some confusion in the industry about the correct definitions of Loss Ratio, Expense Ratio and Combined Ratios, so these are set out in Appendix Three.
Any Composite Insurance Company, defined as any company writing general/health insurance and a material amount of long-term Protection & Savings business, must not use the expense ratio for the company as a whole. Instead, an expense report shall determine a suitable split of expenses between Protection & Savings and General/Health, and the Expense Ratio determined for General/Health only.
If a company has not been writing any business for three full years then the actuary may estimate the expense ratio for its third year of writing business based on prudent assumptions.
If a company is in the process of increasing its capital then the actuary must provide two sets of premium rates for the company to use, one prior to the capital raising exercise, and the other based on the expected solvency position once the additional capital has been raised. The rates based on the post capital raising financial condition may only be used once the company has received the proceeds of the capital raising exercise.
Any expenses that may be subject to unusual fluctuations may be smoothed. In particular the change in Doubtful Debt Reserve must be considered part of the company’s expenses, but consideration should be given to smoothing this item.
5. The Underwriting Manual
5.1 Submission to SAMA
The company must submit a corresponding underwriting manual, rating structure and premium rates.
The rating structure and premium rates must be in Excel spreadsheet format.
5.2 Contents of the Underwriting Manual
Underwriting Manuals must contain sufficient information so that an external party can follow any quotation produced by an Insurance Company for a risk in that Class of Insurance.
Underwriting Manuals must:
• be consistent with the pricing reports • be comprehensive and cover all risks • be clear and user-friendly • fully describe the quotation process • include the Underwriting Authority Statement, fully described • be consistent with reinsurance arrangements • for medical, where appropriate, they must be consistent with TPA agreements • for medical, where appropriate, they must be consistent with CCHI requirements • for motor, where appropriate, they must be consistent with Najm procedures
All premium rates to be charged must be approved by the actuary. Any adjustments to be made to the base rates determined by the actuary must be documented in the Underwriting Manual.
The Underwriting Manual shall be signed off by the Chief Underwriter or Chief Technical Officer for the class of insurance, as designated by the company.
The Actuary should review the Underwriting Manual (excluding the Underwriting Authority Statement) for technical accuracy and consistency with the pricing report, and highlight any inaccuracies.
The Risk Manager shall also sign off the Underwriting Manual (including the Underwriting Authority Statement) from the process perspective.
It should be noted that the Company is fully responsible for the accuracy, clarity and comprehensiveness of the Underwriting Manual.
SAMA requires that companies commit to translating their Underwriting Manual and Underwriting Authority Statement into Arabic by 31 December 2016. The extended timetable granted for this is in order to ensure that the English documents are of a high standard before they are translated.
5.3 The Underwriting Authority Statement
The Underwriting Authority Statement must set out fully the levels to which each Underwriter may quote.
This could be measured by Gross Written Premium, Sum Insured, Number of Lives for Medical or Number of Vehicles for Motor for standard risks, or a combination of these.
Any discretion to reduce Loadings for a particular quote would normally only lie with the Chief Underwriter or Chief Technical Officer. The scope to which this discretion extends must be fully documented.
Any additional discretion to reduce Loadings that lies with the Chief Executive Officer must be fully documented.
The Minimum Loading that must be applied for all quotations must be clearly stated. The Minimum Loading, net of commission, must be no less than 75% of the total loading, net of commission, recommended by the Actuary.
No discretion to reduce loadings to a particular quotation may be applied until the Underwriting Authority Statement has been approved by the Board of Directors, and it has been submitted to SAMA.
5.4 Training on the Updated Underwriting Manual
Everyone who has any level of authority to underwrite must be trained in the use of the Underwriting Manual and the Underwriting Tools.
Records must be maintained of formal training undergone.
6. Compliance and Record Keeping
A copy of this Circular must be passed to the Company’s Board of Directors, Audit Committee, Internal Auditors, Risk Management officers, Compliance Officer, Responsible Actuary and External Auditors.
The Actuary must prepare a short summary document highlighting the key recommendations of the pricing report. This shall be submitted to the Board of Directors and the internal control functions (internal audit, risk management, and compliance functions) with the pricing report submission.
The purpose of this document is to ensure that:
• The internal control functions understand the Actuary’s recommendations. • There are internal controls in place to ensure the company is following the Actuary’s recommendations. • The internal control functions set up a meeting with the .Actuary to understand his/her recommendations and how to ensure that the company is following his/her recommendations.
The compliance function must report to SAMA any material lack of compliance with SAMA’s instructions. This shall be based on the reports of the Internal Audit function and the Risk Management function, and shall include an action plan for addressing the key issues identified.
The Internal Audit function must carry out a continuous audit, at least on a quarterly basis, of the underwriting function to assess compliance with the company’s internal procedures and guidelines as defined in the underwriting manual submitted to SAMA.
The Risk Management function must carry out a quarterly assessment of the underwriting risks, and recommend improvements to processes, and address any other weaknesses that should be improved such as any need for additional training of underwriting staff.
The internal control functions (internal audit, risk management, and compliance functions) must provide the Audit Committee on a quarterly basis with a report on their findings and suggested corrective actions. Moreover, on a quarterly basis the compliance function must provide SAMA with a copy of the minutes of the Audit Committee meeting in which the report was discussed. The minutes must summarize the findings and any corrective action that should be taken by the company.
The Underwriting Authority Statements for Medical and Motor products must be formally approved by the Board of Directors within 60 days of the required submission dates of the actuarial pricing reports to SAMA.
The Compliance Officer must ensure that all those mentioned in the first paragraph of this section receive copies of the Actuary’s Pricing Reports, the Board Summary documents and the Underwriting Manuals.
In addition all members of staff who have a designated underwriting authority level must be passed copies of the Underwriting Manual by the Compliance Officer.
The company must ensure that it has in place a central database accessible by Senior Management and all Internal Control functions containing full records of all quotations issued by the company, and all backing data.
Companies are required to have a centralised quotations database in place by 1 July 2016.
7. Implementation of New Rates
7.1 File and Use
Any proposed revisions to premium rates, rating structure and credibility formula may be introduced on a File & Use basis, which means the insurance company files the new actuarial report with SAMA and implements the new proposed premium rate, subject to such rates being in line with Article (46) of the Implementing Regulations.
The proposed revisions must be implemented within one month of the date the report is submitted to SAMA.
One specific exception is that, for both Individual/Retail Motor and Individual/Retail Medical, premium rates may not be introduced on a File & Use basis, if the premium rates for more than 50% of the business that the company expects to write are to be reduced. Any proposed reductions in retail premium rates may only be introduced if SAMA provides its no-objection However if SAMA has not provided a response to the company within 3 months of its submission of reduced rates, then it may assume that SAMA has no objection to its introduction of the rates.
7.2 SAMA’s Review Process
SAMA’s review of the actuarial pricing reports will be split into two parts:
a) A review of the loadings for expenses, contingency, profit and any financial condition loading to be applied to ensure that these are compliant with requirements. b) A technical review of the methodology adopted.
If non-compliant loadings are being applied the company will be required to correct these within 5 working days of SAMA’s letter to the company.
SAMA will also review
c) The Underwriting Manual to check that it is complete and consistent with the actuarial pricing report. d) The Excel pricing tool provided to check that it is compliant with the actuarial pricing report, and that it is documented in the underwriting manual.
SAMA’s reviews must not be regarded as reducing in any way the responsibility of the company and the actuary to comply with regulatory requirements.
If SAMA discovers that any company or actuary has abused the File and Use process then appropriate regulatory actions will be taken.
7.3 Regular Rate Increases
All companies are required to increase their medical and motor I PL rates on a quarterly basis to allow for inflation and anticipated future trends in experience, as recommended in the actuary’s report.
Where comprehensive motor premiums are expressed as a percentage of the sum insured, quarterly rate increases are not required unless the actuary has recommended increases be applied.
Any company that is required to apply a Financial Condition Loading must update that loading annually based on the Year End position, unless there has been a material change in the cover for its solvency. It must submit a brief note to SAMA setting out and justifying the revised Financial Condition Loading.
8. Regulatory Action for Non Compliance
It should be noted that if an insurance company, broker, insurance agent or insurance claims settlement specialist (third party administrator) is not in compliance with this Circular, SAMA will take the regulatory/lcgal actions as stipulated in the Law on Supervision of Co-operative Insurance Companies and its Implementing Regulations.
Thus, SAMA instructs the insurance company to do the following:
1. Provide SAMA with the updated Underwriting Manuals, including the Underwriting Authority Statement, which reflects the instructions stated in Sections 1, 2, 3, 4 and 5 of this Circular, for medical expenses and motor insurance. These must be provided within 60 days after the deadline for the submission of the actuarial pricing reports. 2. Provide SAMA with an unprotected soft copy of the Excel spreadsheets that set out the blended credibility approach that the insurance company is going to adopt to price group medical expenses and fleet/leasing motor risks which are in compliance with instructions stated in this Circular. These must be provided with the actuarial pricing reports. 3. Immediately provide insurance company’s employees who are in charge of underwriting with a copy of this Circular. 4. The requirements set out in this Circular will be effective immediately. 5. Provide confirmation from the insurance company’s CEO/GM within seven days of the date of this Circular of adherence to the instructions stated in this Circular. 6. Copies of this Circular must be provided to the full Board of Directors of the company. Minutes of the Board meeting on the adherence to the requirements set out in this Circular must be provided to SAMA within 90 days of the date of this Circular. 7. SAMA requires that the Actuary attend Board Meetings to present his Board Pricing papers, and take questions on his full pricing reports. The company must provide minutes of the relevant Board meetings to SAMA, and copies of the Actuary’s Board papers within 10 business days of the meeting.
Appendix One - Additional Requirements
Blending Book Rates with Experience for Larger Schemes
An Excel spreadsheet must be produced which ensures that the pricing mechanism adopted complies with the credibility formula recommended by the Actuary.
Compliance with the Prior Actuarial Pricing Reports
In order to investigate the compliance with the experience rating basis recommended, the Actuary shall take samples of the top five groups/fleets by premium income from the insurance company's portfolio and derive the experienced-rated premium rate. This can then be compared with the actual rate charged for each of the top five groups.
The Actuary is required to provide with his pricing report an Excel workbook to validate compliance with previous submitted pricing reports. The Excel workbook provided by SAMA (“ComplianceWithActuarialRates.xlsx”) can be used to validate compliance for medical business, and modified to be applicable for motor business. The insurance company must provide SAMA with copies of the Excel workbooks.
Appendix Two - Financial Condition Loading
All companies that do not hold sufficient Admissible Assets to cover their Total Required Margin before application of the Minimum Capital Requirement must include an additional loading in the medical and motor premium rates that they charge.
This is based on the data presented in Form 31 in the most recent Quarterly or Annual Returns, subject to any amendments required by SAMA.
The Financial Condition Ratio is defined as the Net Admissible Assets / Total Required Margin.
Financial Condition Ratio = (Form 31, Line 39, Column A) / (Form 31, Line 43, Column A)
If the Financial Condition Ratio is greater than or equal to 1 then no loading shall be applied to the premium rates.
If the Financial Condition Ratio is less than 1 then a Financial Condition Loading must be applied
The Financial Condition Loading for Medical Expenses is determined as:
16% x (1- Financial Condition Ratio)
The Financial Condition Loading for Motor is determined as:
20% x (1- Financial Condition Ratio)
Both Loadings shall be rounded to the nearest whole percentage point.
Note “Column A" refers to the Form Label, not the Excel Column.
Appendix Three - Standard Income Statement Ratio Definitions
This section sets out the standard definitions of the Loss Ratio. Expense Ratio and Combined Ratio equivalent to those used internationally.
Key points to note are that
1) Combined Ratio = Loss Ratio + Expense Ratio 2) A Combined Ratio in excess of 100% means a General/Health Insurance company is making Underwriting Losses. These may be mitigated by investment returns. 3) These ratios must not be used for any company writing material amounts of long term Protection & Savings business.
For all three ratios the Denominator is the Net Earned Premium plus any other income other than that arising from investments:
Net Earned Premium (Form 21, Line 17, Column E) + Other Underwriting Income (Form 21, Line 19, Column E) + Other Income (Form 21, Line 71, Column E) + Other Income - Shareholders (Form 22, Line 19, Column A)
If a company has incorrectly treated movements in Premium Deficiency Reserves as part of its earned premium for accounting purposes, then it should reverse these movements out for the purposes of calculating its Standard Income Statements Ratios.
For Loss Ratio, the Numerator is the Claims Incurred (in Form 21, Line 37, Column E), adjusted to exclude any changes in Premium Reserves, such as Premium Deficiency Reserves or Catastrophe Reserves
The adjusted Claims Incurred are then divided by the Denominator to determine the Loss Ratio.
For the Expense Ratio, the Numerator is:
Commission Incurred (Form 21, Line 38, Column E) Minus Reinsurance Commissions Earned (Form 21, Line 18, Column E) + Policy Acquisition Costs (Form 21, Line 39, Column E) + Other direct underwriting Expenses (Form 21, Line 40, Column E) + Doubtful Debt Expense (Form 21, Line 41, Column E) + Operational and Technical Expenses (Form 21, Line 51, Column E) + Shareholders Expenses (Form 22, Line 39, Column A) + Zakat (Form 22, Line 51, Column A) Taxes (Form 22, Line 52, Column A)
The Combined Ratio is defined as the Loss Ratio + Expense Ratio
Appendix Four - Quotation Instructions for Medical Insurance
INSTRUCTIONS FOR HEALTH QUOTATIONS 1 This sheet contains clarifications on the quotation process required by the Underwriting Circular. 2 All insurance companies must, in addition to this experience form, obtain full exposure data at the inception date of the policy in order to finalise a quotation. 3 The required exposure data must be consistent with the company's underwriting manual. 4 Exposure Data must show all lives to be covered, and should show the rating factors used by the company for every life. Data may be used in quotations aggregated by age bands, provided these age bands are shown. 5 Full demographic data must be provided before any quotation may be provided. Age and sex of lives to be covered may be provided on an individual basis, or may be age banded. 6 Any health insurance quotation must be age, sex, employee/dependent status and benefit level dependent, at a minimum. Benefit levels must take into account provider classes and network options. It is not permitted to quote a flat fixed cost applicable to all lives covered. 7 Companies must quotes premium rates sub-divided by rating factors, and these should be in proportion to the company's book rates. Exceptions to this may only be adopted where the claims experience for the group is highly credible, and the mechanism for setting the rates is defined fully in the company's Underwriting Manual. 8 The Insurance Company must determine Book Rates for all health insurance quotations, unless the amount of claims experience is sufficient to be fully credible. The amount of experience needed for full credibility must be defined by the actuary, and documented in the Underwriting Manual. 9 The Insurance Company must determine Experience or Burning Cost Rates for all health insurance quotations, unless the number of lives is below the threshold set by the actuary The threshold must be documented in the Underwriting Manual. 10 It should be noted that the Insurance Company is required to collect experience data even when the number of lives is below the threshold. The company's underwriters should consider whether claims on small groups are indicative of issues that may merit individual underwriting. 11 Where Book Rates and Experience / Burning Cost Rates have been determined, the company must determine a Blended Rate using the credibility formulae approved by the actuary. The credibility formulae must be fully documented in the Underwriting Manual. 12 This Blended Rate represents the minimum rate that the company may quote. It is fully acceptable to quote higher rates if the Underwriter is not comfortable with the Blended Rate. 13 All loadings for expenses and profit determined by the actuary, and documented in the Underwriting Manual must be included in the Gross Premium Rates. It is only necessary to quote the Gross Premium Rates to the client. 14 Lower quotations may only be prepared to the extent that these are fully defined within the company's Underwriting Authority Statement, which must be included in the Underwriting Manual, approved by SAMA. 15 For Medical Expenses groups, it is not permitted for an Insurance Company to offer profit sharing arrangements. 16 17 During 2015, quotations may only be provided if at least two or more years' claims experience is provided. 18 From 2016 onwards, quotations may only be provided if at least 3 or more years’ claims experience is provided. 19 If a risk is entirely new, the insurance company may only quote the book rates, which have been submitted to SAMA. The insurance company is not allowed to apply any discounts to these rates. 20 If the risk has been in existence for less than 3 years from 2016, or 2 years from 2015, then the insurance company may quote, provided they receive full claims experience for the time the risk has been in existence. 21 No insurance company is allowed to provide any quotation for medical expenses unless it has received claims experience, except if the risk is entirely new 22 Risks may be referred to the company's Responsible Actuary to quote, provided there is some claims experience. Entirely new risks with no claims experience may not be referred to the actuary. 23 An insurance company can provide a quotation as illustration only based on the information provided to it. However, the insurance company must amend the quotation based on full underwriting data. It may not issue a policy on quoted rates until it has full data to provide an accurate quotation. Under no circumstances may an insurance company provide actual rates, unless it has sufficient data, subdivided according to the rating factors it will adopt in its Underwriting Manual Appendix Five - Quotation Instructions for Motor Insurance
INSTRUCTIONS FOR MOTOR QUOTATIONS 1 This sheet contains clarifications on the quotation process required by the Underwriting Circular. 2 All insurance companies must, in addition to this experience form, obtain full exposure data at the inception date of the policy in order to finalise a quotation. 3 The required exposure data must be consistent with the company's underwriting manual 4 Exposure Data must show all vehicles to be covered, and should show the rating factors used by the company for every vehicle. 5 It is not the responsibility of any insurance company to provide exposure data to any other party unless this has been explicitly agreed between the Insurance Company and the policyholder. 6 Any motor Third Party Liability (TPL) insurance quotation must be vehicle type dependent, at a minimum. It is not permitted to quote a flat fixed cost applicable to all vehicles covered 7 The Insurance Company must determine Book Rates for all motor insurance quotations, unless the amount of claims experience is sufficient to be fully credible. The amount of experience needed for full credibility must be defined by the actuary and documented in the Underwriting Manual. 8 The Insurance Company must determine Experience or Burning Cost Rates for all motor insurance quotations, unless the number of vehicles is below the threshold set by the actuary. The threshold must be documented in the Underwriting Manual. 9 It should be noted that the Insurance Company is required to collect experience data even when the number of vehicles is below the threshold. The company's underwriters should consider whether claims on small schemes are indicative of fraudulent activity, or of issues that may merit individual underwriting. 10 Where Book Rates and Experience / Burning Cost Rates have been determined, the company must determine a Blended Rate using the credibility formulae approved by the actuary. The credibility formulae must be fully documented in the Underwriting Manual. 11 This Blended Rate represents the minimum rate that the company may quote it is fully acceptable to quote higher rates if the Underwriter is not comfortable with the Blended Rate. 12 All loadings for expenses and profit determined by the actuary, and documented in the Underwriting Manual must be included in the Gross Premium Rates. It is only necessary to quote the Gross Premium Rates to the client. 13 Lower quotations may only be prepared to the extent that these are fully defined within the company's Underwriting Authority Statement, which must be included in the Underwriting Manual, approved by SAMA. 14 15 During 2015, quotations may only be provided if at least two or more years' claims experience is provided. 16 From 2016 onwards, quotations may only be provided if at least 3 or more years’ claims experience is provided 17 If a risk is entirely new, the insurance company may only quote the book rates, that have been submitted to SAMA. The insurance company is not allowed to apply any discounts to these rates. 18 For motor schemes, an insurance company may provide a quotation with a profit sharing element. These may only be quoted if the actuary has defined how profit sharing mechanisms may work in the pricing report, and any profit sharing must follow the format set out by the actuary. 19 If the risk has been in existence for less than 3 years from 2016, or 2 years from 2015, then the insurance company may quote provided they receive full claims experience for the time the risk has been in existence. 20 No insurance company is allowed to provide any quotation for motor business unless it has received claims experience. 21 If a quotation is required for Comprehensive cover where the scheme has only been insured for Third Party cover in the past, then the existing experience should be used to determine the Third Party component of the rates. Book rates must be used to determine the Own Damage part of the premium rates. 22 If a quotation is required for Third Party cover only, where the scheme has only been insured for Comprehensive cover in the past, then experience for Third Party claims only must be obtained, and used to determine the rates. 23 An insurance company can provide a quotation as illustration only based on the information provided to it. However, the insurance company must amend the quotation based on full underwriting data. It may not issue a policy on quoted rates until it has full data to provide an accurate quotation. Under no circumstances may an insurance company provide actual rates, unless it has sufficient data, subdivided according to the rating factors it will adopt in its underwriting manual. All Rules and Regulations
Commencement of the Actual Implementation of SAMANet System
A Press Release of 15 February 2013 Concerning a Near - Final Second Consultative Paper of Basel Committee and IOSCO Regarding "Margin Requirements for Non-Centrally Cleared Derivatives"
38399/MAF/588
This Circular has been superseded by the Initial Public Offering (IPO) Rules for Receiving and Lending Banks, ((43060832), dated 08/07/1443 H, Corresponding To 09/02/2022 G.MAF/337
This Circular has been superseded by the Initial Public Offering (IPO) Rules for Receiving and Lending Banks, ((43060832), dated 08/07/1443 H, Corresponding To 09/02/2022 G.Circulars re. Regulations
Article 1
The financial activities or transactions referred to in Article 1(14) of the Law are:
1. accepting deposits and other payable funds, including private banking services; 2. lending, finance leasing, or any other financing activity; 3. providing wire transfer or currency exchange services; 4. issuing and managing payment instruments, including: credit cards, debit cards, checks, traveler’s checks, payment orders, bank transfers, and electronic currency; 5. issuing letters of guarantee or other securities; 6. engaging in foreign currency exchange; 7. participating in the issuance of securities and the provision of financial services; 8. managing investment portfolios; 9. maintaining and managing cash or securities on behalf of others; 10. concluding contracts of protection, savings, or other investment-related types of insurance, in the capacity of an insurer, broker, or agent in an insurance contract or any insurance company product; 11. investing and managing funds on behalf of others; and 12. engaging in activities related to securities, as provided in the Capital Market Law and its Regulations, or the following trading activities: a. certificates of deposit, derivatives, and other instruments; b. currencies; c. currency exchange instruments, interest rates, and financial indicators; d. tradable securities and financial derivatives; and e. commodity futures contracts. Article 2
Commercial or professional activities referred to in Article 1(15) of the Law are:
1. real estate brokerage; 2. trading in gold, precious stones, or metals where the value of the transaction exceeds 50,000 Saudi riyals, whether said transaction is carried out in a single transaction or seemingly-linked multiple transactions, and whether carried out through a sole proprietorship or a commercial company; and 3. legal or accounting services relating to any of the following activities that are provided by lawyers, accountants, or other persons in the practice of their profession: a. customer’s purchase, sale, or lease of real property; b. management of a customer's funds, including his bank or investment accounts or his other assets; c. establishment, operation, or management of entities with legal personality or subject to a legal arrangement, or the organization of subscriptions related thereto; and d. customer’s acquisition or sale of commercial companies. Article 3
Activities that a customer conducts or attempts to conduct with a financial institution or a non-financial business and profession, referred to in Article 1(17) of the Law are:
1. arranging or performing any transaction or business relationship, or opening an account for the customer; 2. signing an approval of any transaction, business relationship, or account; 3. designating an account for a certain transaction; 4. transferring an account, rights, or liabilities pursuant to a certain transaction; and 5. authorizing the customer to conduct a transaction or control a business relationship or an account. Article 4
The term monitoring agency referred to in Article 1(22) of the Law shall include the following agencies, each within its jurisdiction:
1. Ministry of Justice; 2. Ministry of Labor and Social Development; 3. Ministry of Trade and Investment; 4. Saudi Arabian Monetary Authority; and 5. Capital Market Authority. Article 5
1. For purposes of applying Article 5 of the Law, the Public Prosecution shall be immediately notified upon arresting a suspect for committing one of the crimes stipulated in the Law, and the suspect shall be brought before it upon completion of the pre-investigation proceedings within seven days from the date of his arrest. 2. If the pre-investigation proceedings and examination of the suspect require extension of the period referred to in Article 5 of the Law, the Presidency of State Security shall file a reasoned request to the Public Prosecutor or his designee to issue a written order extending such period for a period or periods not exceeding seven days in aggregate. Article 6
1. Upon receipt of a request in accordance with the provisions of Article 6 of the Law, the agency monitoring a financial institution shall immediately refer such request to the financial institution without giving notice to the concerned party, to submit required records, documents, or information to the monitoring agency within the period and manner specified in the request. 2. Any person, designated non-financial business and profession, or nonprofit organization shall, upon receiving a request for providing any records, documents, or information in accordance with Article 6 of the Law, execute the request within the period and manner specified in the request. 3. The monitoring agency shall, upon receiving the required records, documents, or information, immediately notify the requesting agency and provide it with such records, documents, or information within the period and manner specified in the request. Article 7
In implementation of Article 7 of the Law:
1. A warrant to enter and search residences shall be issued by the head of the public prosecution branch in the area or his designee. 2. A warrant to enter and search non-residential premises shall be issued by an investigator having territorial and subject-matter jurisdiction. 3. A warrant to enter and search residences, offices, or buildings shall be in writing. The warrant shall be reasoned and shall include the name, signature, and capacity of the person who issued it; date and time of issuance; and scope of the search. 4. The exigent circumstances referred to in Article 7(3) of the Law, where no warrant is required to enter and search residences, offices, or buildings shall include: a. Cases of flagrante delicto in crimes stipulated in the Law. b. If, based on field or technical investigation, it is established that failure to respond promptly might result in the escape of wanted persons; destruction, disposition of, or removal of evidence relating to any of the crimes stipulated in the Law; or loss of crime funds, proceeds, means, documents, possessions, and the like.
Reasons and findings of the search shall be submitted to the Public Prosecution within a period not exceeding 24 hours from completion of such search.
Article 8
1. If proceedings in a case are stayed in accordance with the provisions of Article 11 of the Law, the Public Prosecution may refer the case to the pre-investigation agency , and it may resume the case if the need arises. 2. If the stay of proceedings does not apply to other accused persons in the same case, the Public Prosecution may assign separate papers for those against whom the proceedings are stayed. Article 9
This Article has been deleted in accordance to the Royal Decree Royal Order No. (637) dated 17/10/1441H (corresponding to 09/06/2020).Article 10
The terms and conditions of provisional release referred to in Article 13 of the Law shall be as follows:
1. the provisional release does not entail any security concerns; 2. the provisional release shall be granted for social or health reasons, or reasons relating to a pre-investigation procedure; and 3. the released person shall comply with procedures and restrictions stipulated in the provisional release order. Article 11
1. The Saudi Customs shall, in accordance with its powers, apply the provisions stipulated in Article 17 of the Law, in cases of suspicion of terrorism financing, whether or not a true or false declaration is submitted. 2. The Saudi Customs shall require any person carrying currencies, bearer negotiable instruments, gold bars, precious metals or stones, or jewelry suspected to be used in financing terrorism, if any, to provide any information relating to the source and purpose of such items, or any other information it deems necessary. 3. The Saudi Customs shall prepare a report stating grounds for suspicion, a list of seized items, any other relevant information, and action taken . 4. The Saudi Customs shall take any additional measures in the carrying out of its duties relating to the combating of terrorism financing. Article 12
1. If the interest of the investigation requires the detention of the person accused of committing any of the crimes stipulated in the Law, the investigator shall issue a warrant for his detention for a period not exceeding 30 days from the date of referral to the Public Prosecution. If the investigator decides to extend such period, he shall, prior to its expiry, refer the case to the head of the Public Prosecution branch or his designee from among the heads of departments within his jurisdiction, to issue an order extending his detention for a period or successive periods, none of which exceeds 30 days and the aggregate of the successive periods does not exceed 180 days from the date of referral to the Public Prosecution. In cases requiring longer detention periods, the matter shall be referred to the Public Prosecutor, or his designee from among his deputies, to issue an order extending detention for a period or successive periods, none of which exceeds 30 days, and the aggregate of which does not exceed 12 months from the date of referral to the Public Prosecution. 2. The detention department shall coordinate with the Public Prosecution in ample time prior to the expiry of the period or periods stated in the detention warrant, and the accused may not be released except pursuant to an order issued by the Public Prosecution. Article 13
An order issued by the Public Prosecution in accordance with Article 20 of the Law banning contact with the accused shall specify the persons covered by such order.
Article 14
Final foreign judgments relating to terrorist crimes or its financing, including judgments relating to the confiscation of funds, proceeds, or means associated with any crimes referred to in Article 24(3) of the Law shall be enforced in accordance with the Kingdom’s laws. To consider a request from a foreign state, the following must be satisfied:
1. attachment of an official copy of the judgment and the legal basis upon which it was based, along with proof that the judgment is final and that it was rendered by a competent court in the requesting state; 2. the person against whom the judgment was rendered was summoned to appear before the court and was duly represented and given the opportunity to defend himself; 3. the judgment shall not conflict with the provisions of Sharia and public order in the Kingdom; 4. the judgment shall be enforceable; 5. the judgment shall not conflict with a judgment previously rendered by a court in the Kingdom in the same case; 6. the judgment sought to be enforced does not relate to a crime being considered by a court in the Kingdom; 7. attachment of a list of procedures and measures taken by the requesting state for the protection of bona fide persons; and 8. attachment of a description of the funds subject of enforcement, estimate of their value, their potential location, information relating to any person holding or in possession of such funds, and a statement of the facts upon which the request is based. Article 15
The competent authority referred to in Article 62 of the Law, in charge of the recovery and division of confiscated funds, proceeds, or means among states that are signatories to valid treaties and agreements with the Kingdom, is the Standing Committee for Legal Assistance Requests at the Ministry of Interior.
Article 16
Upon assessment of risks of terrorism financing in accordance with the provisions of Article 63 of the Law, financial institutions, designated nonfinancial businesses and professions, and non-profit organizations shall observe the following:
1. risk factors associated with customers and factors associated with the beneficial owner or the beneficiary of the transactions; 2. risk factors arising from countries or geographic areas where the customers conduct their business, or from the source or purpose of the transaction; 3. risks arising from the nature or channels of delivery of the products, services, or transactions offered; and 4. any risks identified at the national level, or any variables that may increase or decrease risks of terrorism financing, the purpose of the account or business relationship, the volume of deposits or transactions carried out by the customer, the frequency of his transactions, or the duration of the business relationship. Article 17
1. Financial institutions and designated non-financial businesses and professions shall apply the due diligence measures referred to in Article 64 of the Law in the following cases: a. prior to opening an account or establishing a business relationship; b. prior to conducting a transaction for the benefit of a customer with whom they have no business relationship, whether such transaction is conducted only once or through multiple transactions where they appear to be linked; c. prior to conducting a wire transfer for the benefit of a customer with whom they have no business relationship; d. upon suspicion of a terrorism financing transaction, regardless of the amount; and e. upon suspicion of the accuracy or adequacy of their customer’s particulars. 2. Financial institutions and designated non-financial businesses and professions shall, in the absence of suspicion of terrorism financing, apply due diligence measures based on the type and level of the risk posed by the customer or the business relationship associated therewith, in proportion to the specified risks. Due diligence measures shall be strengthened or mitigated depending on the levels of risks posed. In cases of suspicion of terrorism financing, enhanced due diligence measures shall be applied. 3. Financial institutions and designated non-financial businesses and professions shall apply due diligence measures, including, at a minimum, the following: a. verifying the customer’s identity by using documents, data, or information from a reliable and independent source, as follows: i. for a natural person: obtaining and verifying his full name as stated in official records, residence address or registered national address, place and date of birth, and nationality. ii. for a person with legal personality or subject to a legal arrangement: obtaining and verifying its name, legal structure, proof of incorporation, powers, names of directors and senior staff, registered official address, and the place of business, if different from the registered official address. iii. requesting and verifying any additional information according to the risks posed by the customer. b. verifying that the person acting on behalf of the customer is authorized to act in such capacity and verifying his identity, in accordance with the procedures stipulated in paragraph (a) of this Article; c. verifying the identity of the beneficial owner by using documents, data, or information from a reliable and independent source, as follows: i. verifying the identity of the person who owns or controls (25%) or more of the legal person. ii. in the absence of ownership or controlling share as stipulated in paragraph (1) above, or suspicion that the controlling shareholder is not the beneficial owner, the identity of the natural person exercising control over the legal person shall be verified by all means possible. iii. verifying the identity of the originator or administrator of the legal arrangement, the beneficiaries or classes of beneficiaries, and any other natural person exercising actual and ultimate control over the legal arrangement or holding a position similar to other types of legal arrangements. d. determining the purpose and nature of the business relationship and obtaining any additional information as needed. e. determining the structure of ownership and control over the customer, whether a person having a legal personality or subject to a legal arrangement; and f. any other measures imposed by the monitoring agency on financial institutions and designated non-financial businesses and professions. 4. To avoid any interruption of the normal conduct of business, financial institutions and designated non-financial businesses and professions may postpone the verification of the identity of the customer or the beneficial owner until after the establishment of the business relationship, provided the following are promptly taken: a. appropriate and effective measures to control risks of terrorism financing; and b. taking appropriate risk management measures if the customer is permitted to benefit from the business relationship prior to the verification process. 5. Financial institutions and designated non-financial businesses and professions shall apply due diligence measures to all business relationships according to risk level, audit transactions conducted during the business relationship to verify their consistency with the customer’s information, activities, and the risks posed by him. They shall also verify that documents, data, and information gathered while exercising due diligence are relevant and up to date through auditing their records, particularly those relating to high risk customers, and applying measures of due diligence to current customers and beneficial owners at appropriate times based on their importance and the risks associated with them. 6. Financial institutions and designated non-financial businesses and professions shall, in cases where application of due diligence measures is not feasible, take the following: a. refuse to open an account for a new customer, establish a business relationship with him, or execute any transaction for his benefit; and b. terminate the business relationships they have with their customers or existing business relationships.
In all cases, they shall report the matter to the General Directorate of Financial Intelligence.
7. Due diligence measures may not be applied in cases where the financial institutions and designated non-financial businesses and professions suspect that a terrorism financing operation is underway and they believe that exercising due diligence may alert the customer of such suspicion. In such case, they shall promptly file a report of the suspicious operation to the General Directorate of Financial Intelligence and state the reasons as to why due diligence was not applied. Article 18
1. In setting the policies, procedures, and rules referred to in Article 67 of the Law, financial institutions, designated non-financial businesses and professions, and non-profit organizations shall include therein the following: a. provisions relating to the measures provided in the Law and Regulations, including those relating to risk management procedures of business relationships taken prior to completion of customer verification; b. procedures for reporting suspicious transactions; c. appropriate measures for the compliance department for combating terrorism financing, including the appointment of a compliance officer at the senior management level; d. any additional measures adopted by the monitoring agency for the combating of terrorism financing; e. adequate screening procedures to ensure that recruitment meets high standards; f. continuing employee training programs; g. an independent audit procedure to test the effectiveness and adequacy of policies, procedures, and rules for combating terrorism financing; and h. risk management obligations associated with the operations of their subsidiaries outside the Kingdom and limitation thereof, as appropriate.
It shall be taken into account, upon setting such policies, procedures, and rules, that they comply with the nature and volume of their business.
2. Financial institutions and designated non-financial businesses and professions shall ensure that all of their branches and subsidiaries in a foreign country, in which they hold a majority share, comply with the requirements set forth in the Law and Regulations in cases where the requirements of combating terrorism financing in a foreign country are less stringent than those provided for in the Law and Regulations. If this is not permitted by the foreign country, the financial institutions and designated non-financial businesses and professions shall notify the monitoring agency in the Kingdom of the same, and shall comply with any instructions received from the competent monitoring agency in this regard. 3. Based on the outcomes of risk assessment, financial institutions, designated non-financial businesses and professions, and non-profit organizations shall implement and update, monitor, and enhance, when necessary, internal rules, policies, and procedures for combatting terrorism financing. This shall include determining the risk level and proper measure for the effective management and mitigation of such risk. Article 19
The legal arrangement provided for in these Regulations shall include any legal relationship established between multiple parties under an agreement, such as trust funds or other similar arrangements.
Article 20
The receiving, sending, or intermediary financial institutions of wire transfers shall comply with the requirements issued by the Standing Committee for Combating Terrorism and its Financing.
Article 21
1. The competent agencies provided for in Article 72 of the Law are the Public Prosecution and the Presidency of State Security, each within its jurisdiction. Said agencies shall coordinate with relevant agencies, when necessary. 2. Requests for controlled delivery of funds shall be executed in accordance with the provisions of the Procedures for the Implementation of the International Convention for the Suppression of Financing of Terrorism. 3. The Presidency of State Security may, in assisting investigations, allow funds, proceeds, or means likely to be used in any of the crimes stipulated in this Law into or through the Kingdom’s territory, in order to identify persons related to the commission of any of the crimes stipulated in the Law. Article 22
1. The extradition referred to in Article 73 of the Law shall be governed by the bilateral agreements signed between the Kingdom and other states and the Kingdom's obligations under international conventions or protocols to which the Kingdom is party, or subject to the principle of reciprocity. 2. The act for which the extradition request is made must constitute a crime in the Kingdom and the requesting state . 3. An extradition request shall not be considered unless the following requirements are satisfied: a. the request shall be in writing and delivered through official channels; b. attachment of the original or a true copy of the conviction judgment or the detention order issued against the person sought to be extradited; c. a list of crimes for which the extradition request is made as well as detailed information of such crimes, including time and place of commission; d. all necessary information to identify the person sought; and e. any other information the competent agencies deem necessary for the execution of the request . 4. An extradition request, whether for nationals or residents, may be rejected. In cases of rejection, the matter shall be immediately referred to the Public Prosecution for the prosecution of the crime stated in the request. Article 23
1. To carry out its duties, the General Directorate of Financial Intelligence may take all necessary measures, including the following: a. use of modern technology; and b. development and update of forms for reporting suspicious transactions to be used by financial institutions, designated nonfinancial businesses and professions, and non-profit organizations. 2. Upon receiving reports and information relating to a crime of terrorism financing, the General Directorate of Financial Intelligence shall conduct the following: a. operational analysis: the use of information to identify specific targets, to track certain activities or transactions, and to determine links between such targets and potential proceeds of terrorism financing crimes; and b. strategic analysis: the use of information, including data submitted by other competent agencies, to identify the trends and patterns of terrorism financing crimes. Article 24
1. In cases where the monitoring agency obtains information from a foreign counterpart for monitoring purposes in accordance with Article 82(5) of the Law, such agency shall obtain the consent of the counterpart foreign agency prior to the transfer or use of such information. In the case where the monitoring agency is required to disclose or report such information, it shall immediately inform the foreign counterpart of such requirement. 2. The agency monitoring financial institutions may, in implementation of Article 82(5) of the Law, conduct inquiries on behalf of counterpart foreign agencies, and may, at its discretion, authorize such agencies to conduct the inquiries or facilitate the same, for purposes of consolidated monitoring at the level of the financial group supervised by the monitoring agency. Article 25
1. The rights of victims and persons of similar status referred to in Article 85(1) of the Law shall be protected by raising their awareness of their rights and providing them with the assistance and support needed, including the hiring of lawyers. 2. Protection of persons referred to in Article 85(2) of the Law through one or more of the following: a. provision of personal protection; b. provision of temporary residence; c. non-disclosure of identity information; d. designation of a telephone number for reporting a situation where the protected person is exposed to danger or harm; e. monitoring the means of communication upon obtaining the written consent of the protected person; f. recommending the assignment of the protected person to work at another place upon obtaining his written consent; and/or g. concealing the particulars of the witness or the informant in a manner that does not reveal their identity.
The relevant agencies may take other measures to ensure the safety of persons referred to hereinabove.
Article 26
These Regulations shall enter into force on the day following the date of its publication in the Official Gazette.
Main Rules and Regulations (Draft)
Cyber Security Framework
Translation of this section is for demo purposes only.Foreword
In view of the ever-growing seriousness of cyber-attacks, we are conscious of the need to stay one-step ahead. The issuance of a Cyber Security Framework (“CSF”) seeks to support our regulated entities in their efforts to have an appropriate cyber security governance and to build a robust infrastructure along with the necessary detective and preventive controls. The Framework articulates appropriate controls and provide guidance on how to assess maturity level.
The adoption and implementation of the Framework is a vital step for ensuring that Saudi Arabian Banking, Insurance and Financing Companies sectors can manage and withstand cyber security threats. In designing the Framework, we have considered the ways that our regulated entities are leveraging technology and felt that each entity will be able to adopt a common approach for addressing cyber security. This will ensure cyber security risks are properly managed throughout the sectors.
Financing Companies must adhere to implement the Cyber Security Framework as follows:
First: Conduct an in-depth and accurate assessment of the current status of cyber security at the financial institution. This should be compared against the requirements stated within the CSF to identify weaknesses and assess the level of maturity as described within the CSF under the definition of "Maturity Level".
Second: Develop a business plan to meet all requirements of the third maturity level, as mentioned in the CSF, as a minimum.
Third: Present the business plan to the board of directors/managers or general manager, for their review, approval and for seeking any further necessary support.
Fourth: Send the approved business plan to the SAMA by the end of the fourth quarter of the year 2019*.
Fifth: Provide SAMA with quarterly reports starting from the end of the second quarter of the year 2019* until full compliance with the CSF.
Sixth: Fully comply with the requirements stated in the CSF by the end of the fourth quarter of the year 2019*.
Seventh: The Cyber Security Committee –or equivalent- of the financial institution must follow up on the implementation of the CSF to ensure full support and resources are provided where necessary. Further to ensure timely escalation of obstacles and other related hindrances to the competent authority that may prevent complete implementation of the CSF.
To achieve the above, the full support and oversight from the Board of Directors and Senior Management are required for its implementation.
The Information Technology Risk team within the Deputyship of Supervision is at your disposal for any clarifications and we remain committed to guiding our regulated entities in creating a safer cyber environment.
The business plan and quarterly reports to be sent to: (CRC.Compliance@SAMA.GOV.SA)
*Amended in accordance to SAMA circular No (51610/99) dated 17/08/1440H.
1 Introduction
1.1 Introduction to the Framework
The current digital society has high expectations of flawless customer experience, continuous availability of services and effective protection of sensitive data. Information assets and online services are now strategically important to all public and private organizations, as well as to broader society. These services are vital to the creation of a vibrant digital economy. They are also becoming systemically important to the economy and to broader national security. All of which underlines the need to safeguard sensitive data and transactions, and thereby ensure confidence in the overall Saudi Financial Sector.
The stakes are high when it comes to the confidentiality, integrity and availability of information assets, and applying new online services and new developments (e.g. Fintech, block chain); while improving resilience against cyber threats. Not only is the dependency on these services growing, but the threat landscape is rapidly changing. The Financial Sector recognizes the rate at which the cyber threats and risks are evolving, as well as the changing technology and business landscape.
SAMA established a Cyber Security Framework (“the Framework”) to enable Financial Institutions regulated by SAMA (“the Member Organizations”) to effectively identify and address risks related to cyber security. To maintain the protection of information assets and online services, the Member Organizations must adopt the Framework.
The objective of the Framework is as follows:
1. To create a common approach for addressing cyber security within the Member Organizations.
2. To achieve an appropriate maturity level of cyber security controls within the Member Organizations.
3. To ensure cyber security risks are properly managed throughout the Member Organizations.
The Framework will be used to periodically assess the maturity level and evaluate the effectiveness of the cyber security controls at Member Organizations, and to compare these with other Member Organizations.
The Framework is based on the SAMA requirements and industry cyber security standards, such as NIST, ISF, ISO, BASEL and PCI.
The Framework supersedes all previous issued SAMA circulars with regard to cyber security. Please refer to ‘Appendix A - Overview previous issued SAMA circulars' for more details.
1.2 Definition of Cyber Security
Cyber security is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the member organization's information assets against internal and external threats.
The general security objectives comprise the following:
• Confidentiality - Information assets are accessible only to those authorized to have access (i.e., protected from unauthorized disclosure or (un)intended leakage of sensitive data).
• Integrity - Information assets are accurate, complete and processed correctly (i.e., protected from unauthorized modification, which may include authenticity and non-repudiation).
• Availability - Information assets are resilient and accessible when required (i.e., protected from unauthorized disruption).
1.3 Scope
The Framework defines principles and objectives for initiating, implementing, maintaining, monitoring and improving cyber security controls in Member Organizations.
The Framework provides cyber security controls which are applicable to the information assets of the Member Organization, including:
• Electronic information.
• Physical information (hardcopy).
• Applications, software, electronic services and databases.
• Computers and electronic machines (e.g., ATM).
• Information storage devices (e.g., hard disk, USB stick).
• Premises, equipment and communication networks (technical infrastructure).
The Framework provides direction for cyber security requirements for Member Organizations and its subsidiaries, staff, third parties and customers.
For business continuity related requirements please refer to the SAMA Business Continuity Minimum Requirements.
The Framework has an interrelationship with other corporate policies for related areas, such as physical security and fraud management. This framework does not address the non-cyber security requirements for those areas.
1.4 Applicability
The Framework is applicable to all Member Organizations regulated by SAMA, which include the following:
• All Banks operating in Saudi Arabia;
• All Insurance and/or Reinsurance Companies operating in Saudi Arabia;
• All Financing Companies operating in Saudi Arabia;
• All Credit Bureaus operating In Saudi Arabia;
• The Financial Market Infrastructure
All domains are applicable for the banking sector. However, for other financial institutions the following exceptions apply:
• Sub-domain (3.1.2) the alignment with cyber security strategy of banking sector is mandatory when applicable.
• Exclude sub-domain (3.2.3). However, if the organization store, process or transmit cardholder data or deal with SWIFT services, then PCI standard and/or SWIFT Customer Security Controls Framework should be implemented.
• Exclude sub-domain (3.3.12).
• Exclude sub-domain (3.3.13). However, if the organization provides online services for customers, a Multi Factor Authentication capability should be implemented.
1.5 Responsibilities
The framework is mandated by SAMA. SAMA is the owner and is responsible for periodically updating the Framework.
The Member Organizations are responsible for adopting and implementing the Framework.
1.6 Interpretation
SAMA, as the owner of the Framework, is solely responsible for providing interpretations of the principles, objectives and control considerations, if required.
1.7 Target Audience
The Framework is intended for senior and executive management, business owners, owners of information assets, CISOs and those who are responsible for and involved in defining, implementing and reviewing cyber security controls within the Member Organizations.
1.8 Review, Updates and Maintenance
The Framework will be reviewed and maintained by SAMA.
SAMA will review the Framework periodically to determine the Framework's effectiveness, including the effectiveness of the Framework to address emerging cyber security threats and risks. If applicable, SAMA will update the Framework based on the outcome of the review.
If a Member Organization considers that an update to the Framework is required, the Member Organization should formally submit the requested update to SAMA. SAMA will review the requested update, and when approved, the Framework will be adjusted.
The Member Organization will remain responsible to be compliant with the Framework pending the requested update.
Please refer to ‘Appendix B - How to request an Update to the Framework’ for the process of requesting an update to the Framework.
Version control will be implemented for maintaining the Framework. Whenever any changes are made, the preceding version shall be retired and the new version shall be published and communicated to all Member Organizations. For the convenience of the Member Organizations, changes to the Framework shall be clearly indicated.
1.9 Reading Guide
2 Framework Structure and Features
2.1 Structure
The Framework is structured around four main domains, namely:
• Cyber Security Leadership and Governance.
• Cyber Security Risk Management and Compliance.
• Cyber Security Operations and Technology.
• Third Party Cyber Security.
For each domain, several subdomains are defined. A subdomain focusses on a specific cyber security topic. Per subdomain, the Framework states a principle, objective and control considerations.
• A principle summarizes the main set of required cyber security controls related to the subdomain.
• The objective describes the purpose of the principle and what the set of required cyber security controls are expected to achieve.
• The control considerations reflects the mandated cyber security controls that should be considered.
Control considerations have been uniquely numbered throughout the Framework. Where applicable, a control consideration can consist of up to 4 levels.
The control considerations are numbered according to the following numbering system:
Figure 1 - Control consideration numbering system
The figure below illustrates the overall structure of the Framework and indicates the cyber security domains and subdomains, including a reference to the applicable section of the Framework.
Figure 2 - Cyber Security Framework2.2 Principle-Based
The Framework is principle based, also referred to as risk based. This means that it prescribes key cyber security principles and objectives to be embedded and achieved by the Member Organization. The list of mandated control considerations provides additional direction and should be considered by the Member Organization in achieving the objectives. When a certain control consideration cannot be tailored or implemented, the Member Organization should consider applying compensating controls, pursuing an internal risk acceptance and requesting a formal waiver from SAMA.
Please refer to Appendix D for details for the - How to request a Waiver from the Framework - process.
2.3 Self-Assessment, Review and Audit
The implementation of the Framework at the Member Organization will be subject to a periodic self-assessment. The self-assessment will be performed by the Member Organization based on a questionnaire. The self-assessments will be reviewed and audited by SAMA to determine the level of compliance with the Framework and the cyber security maturity level of the Member Organization.
Please refer to ’2.4 Cyber Security Maturity Model’ for more details about the cyber security maturity model.
2.4 Cyber Security Maturity Model
The cyber security maturity level will be measured with the help of a predefined cyber security maturity model. The cyber security maturity model distinguishes 6 maturity levels (0, 1, 2, 3, 4 and 5), which are summarized in the table below. In order to achieve levels 3, 4 or 5, a Member Organization must first meet all criteria of the preceding maturity levels.
Maturity Level Definition and Criteria Explanation 0
Non-existent
- No documentation.
- There is no awareness or attention for certain cyber security control.
- Cyber security controls are not in place. There may be no awareness of the particular risk area or no current plans to implement such cyber security controls.
1
Ad-hoc
- Cyber security controls is not or partially defined.
- Cyber security controls are performed in an inconsistent way.
- Cyber security controls are not fully defined.
- Cyber security control design and execution varies by department or owner.
- Cyber security control design may only partially mitigate the identified risk and execution may be inconsistent.
2
Repeatable but informal
- The execution of the cyber security control is
- based on an informal and unwritten, though standardized, practice.
- Repeatable cyber security controls are in place. However, the control objectives and design are not formally defined or approved.
- There is limited consideration for a structured review or testing of a control.
3
Structured and formalized
- Cyber security controls are defined, approved and implemented in a structured and formalized way.
- The implementation of cyber security controls can be demonstrated.
- Cyber security policies, standards and procedures are established.
- Compliance with cyber security documentation i.e., policies, standards and procedures is monitored, preferably using a governance, risk and compliance tool (GRC).
- key performance indicators are defined, monitored and reported to evaluate the implementation.
4
Managed and measurable
- The effectiveness of the cyber security controls are periodically assessed and improved when necessary.
- This periodic measurement, evaluations and opportunities for improvement are documented.
- Effectiveness of cyber security controls are measured and periodically evaluated.
- key risk indicators and trend reporting are used to determine the effectiveness of the cyber security controls.
- Results of measurement and evaluation are used to identify opportunities for improvement of the cyber security controls.
5
Adaptive
- Cyber security controls are subject to a continuous improvement plan.
- The enterprise-wide cyber security program focuses on continuous compliance, effectiveness and improvement of the cyber security controls.
- Cyber security controls are integrated with enterprise risk management framework and practices.
- Performance of cyber security controls are evaluated using peer and sector data.
Table 1 - Cyber Security Maturity Model
The objective of the Framework is to create an effective approach for addressing cyber security and managing cyber security risks within the Financial Sector. To achieve an appropriate cyber security maturity level, the Member Organizations should at least operate at maturity level 3 or higher as explained below.
2.4.1 Maturity Level 3
To achieve level 3 maturity, a Member Organization should define, approve and implement cyber security controls. In addition, it should monitor compliance with the cyber security documentation .
The cyber security documentation should clearly indicate “why”, “what” and “how” cyber security controls should be implemented. The cyber security documentation consists of cyber security policies, cyber security standards and cyber security procedures.
Figure 3 - Cyber Security Documentation Pyramid
The cyber security policy should be endorsed and mandated by the board of the Member Organization and stating “why” cyber security is important to the Member Organization. The policy should highlight which information assets must be protected and “what” cyber security principles and objectives should be established.
Based on the cyber security policy, cyber security standards must be developed. These standards define “what“ cyber security controls must be implemented, such as security and system parameters, segregation of duties, password rules, monitoring events and back-up and recovery rules. The standards support and reinforce the cyber security policy and are to be considered as cyber security baselines.
The step-by-step tasks and activities that should be performed by staff, third parties or customers of the Member Organization are detailed in the cyber security procedures. These procedures prescribe “how” the cyber security controls, tasks and activities have to be executed in the operating environment and support the safeguarding of the information assets of the Member Organization according to the cyber security policy and standards.
The process in the context of this framework is defined as a structured set of activities designed to accomplish the specified objective. A process may include policies, standards, guidelines, procedures, activities and work instructions, as well as any of the roles, responsibilities, tools and management controls required to reliably deliver the output.
The actual progress of the implementation, performance and compliance of the cyber security controls should be periodically monitored and evaluated using key performance indicators (KPIs).
2.4.2 Maturity Level 4
To achieve maturity level 4, the Member Organization should periodically measure and evaluate the effectiveness of implemented cyber security controls. In order to measure and evaluate whether the cyber security controls are effective, key risk indicators (KRIs) should be defined. A KRI indicates the norm for effectiveness measurement and should define thresholds to determine whether the actual result of measurement is below, on, or above the targeted norm. KRIs are used for trend reporting and identification of potential improvements.
2.4.3 Maturity Level 5
Maturity level 5 focuses on the continuous improvement of cyber security controls. Continuous improvement is achieved through continuously analyzing the goals and achievements of cyber security and identifying structural improvements. Cyber security controls should be integrated with enterprise risk management practices and supported with automated real-time monitoring. Business process owners should be accountable for monitoring the compliance of the cyber security controls, measuring the effectiveness of the cyber security controls and incorporating the cyber security controls within the enterprise risk management framework . Additionally, the performance of cyber security controls should be evaluated using peer and sector data.
3 Control Domains
3.1 Cyber Security Leadership and Governance
The ultimate responsibility for cyber security rests with the board of the Member Organization. The board of the Member Organization can delegate its cyber security responsibilities to a cyber security committee (or a senior manager from a control function). The cyber security committee could be responsible for defining the cyber security governance and setting the Member Organization's cyber security strategy. The cyber security committee can also be responsible for defining a cyber security policy and ensuring the operational effectiveness of this cyber security policy.
To develop and maintain the cyber security policy and to execute the cyber security activities across the Member Organization, an independent cyber security function should be established.
3.1.1 Cyber Security Governance
Principle
A cyber security governance structure should be defined and implemented, and should be endorsed by the board.
Objective
To direct and control the overall approach to cyber security within the Member Organization.
Control considerations
1. A cyber security committee should be established and be mandated by the board.
2. The cyber security committee should be headed by an independent senior manager from a control function.
3. The following positions should be represented in the cyber security committee:
a. senior managers from all relevant departments (e.g., COO, CIO, compliance officer, heads of relevant business departments);
b. Chief information security officer (CISO);
c. Internal audit may attend as an “observer.
4. A cyber security committee charter should be developed, approved and reflect:
a. committee objectives;
b. roles and responsibilities;
c. minimum number of meeting participants;
d. meeting frequency (minimum on quarterly basis).
5. A cyber security function should be established.
6. The cyber security function should be independent from the information technology function. To avoid any conflict of interest, the cyber security function and information technology function should have separate reporting lines, budgets and staff evaluations.
7. The cyber security function should report directly to the CEO/managing director of the Member Organization or general manager of a control function.
8. A full-time senior manager for the cyber security function, referred to as CISO, should be appointed at senior management level.
9. The Member Organization should :
a. ensure the CISO has a Saudi nationality;
b. ensure the CISO is sufficiently qualified;
c. obtain no objection from SAMA to assign the CISO.
10. The board of the Member Organization should allocate sufficient budget to execute the required cyber security activities.
3.1.2 Cyber Security Strategy
Principle
A cyber security strategy should be defined and aligned with the Member Organization's strategic objectives, as well as with the Banking Sector's cyber security strategy.
Objective
To ensure that cyber security initiatives and projects within the Member Organization contribute to the Member Organization's strategic objectives and are aligned with the Banking Sector's cyber security strategy.
Control considerations
1. The cyber security strategy should be defined, approved, maintained and executed.
2. The cyber security strategy should be aligned with:
a. the Member Organization's overall objectives;
b. the legal and regulatory compliance requirements of the Member Organization;
c. the Banking Sector's cyber security strategy.
3. The cyber security strategy should address:
a. the importance and benefits of cyber security for the Member Organization;
b. the anticipated future state of cyber security for the Member Organization to become and remain resilient to (emerging) cyber security threats;
c. which and when cyber security initiatives and projects should be executed to achieve the anticipated future state.
3.1.3 Cyber Security Policy
Principle
A cyber security policy should be defined, approved and communicated.
Objective
To document the Member Organization's commitment and objectives of cyber security, and to communicate this to the relevant stakeholders.
Control considerations
1. The cyber security policy should be defined, approved and communicated.
2. The cyber security policy should be reviewed periodically according to a predefined and structured review process.
3. The cyber security policy should be:
a. considered as input for other corporate policies of the Member Organization (e.g., HR policy, finance policy and IT policy);
b. supported by detailed security standards (e.g., password standard, firewall standard) and procedures;
c. based on best practices and (inter)national standards;
d. communicated to relevant stakeholders.
4. The cyber security policy should include:
a. a definition of cyber security;
b. the Member Organization's overall cyber security objectives and scope;
c. a statement of the board's intent, supporting the cyber security objectives;
d. a definition of general and specific responsibilities for cyber security;
e. the reference to supporting cyber security standards and procedures;
f. cyber security requirements that ensure:
1. information is classified in a way that indicates its importance to the Member Organization;
2. information is protected in terms of cyber security requirements, in line with the risk appetite;
3. owners are appointed for all information assets;
4. cyber security risk assessments are conducted for information assets;
5. relevant stakeholders are made aware of cyber security and their expected behavior (cyber security awareness program);
6. compliance with regulatory and contractual obligations are being met;
7. cyber security breaches and suspected cyber security weaknesses are reported;
8. cyber security is reflected in business continuity management.
3.1.4 Cyber Security Roles and Responsibilities
Principle
Responsibilities to implement, maintain, support and promote cyber security should be defined throughout the Member Organization. Additionally, all parties involved in cyber security should understand and take their role and responsibilities.
Objective
To ensure that relevant stakeholders are aware of the responsibilities with regard to cyber security and apply cyber security controls throughout the Member Organization.
Control considerations
1. The Board of Directors has the ultimate responsibility for cyber security, including:
a. ensuring that sufficient budget for cyber security is allocated;
b. approving the cyber security committee charter;
c. endorsing (after being approved by the cyber security committee):
1. the cyber security governance;
2. the cyber security strategy;
3. the cyber security policy.
2. The cyber security committee should be responsible for:
a. monitoring, reviewing and communicating the Member Organization's cyber security risk appetite periodically or upon a material change in the risk appetite;
b. reviewing the cyber security strategy to ensure that it supports the Member Organization objectives;
c. approving, communicating, supporting and monitoring:
1. the cyber security governance;
2. the cyber security strategy;
3. the cyber security policy;
4. cyber security programs (e.g., awareness program, data classification program, data privacy, data leakage prevention, key cyber security improvements);
5. cyber security risk management process;
6. the key risk indicators (KRIs) and key performance indicators (KPIs) for cyber security.
3. The senior management should be responsible for:
a. ensuring that standards, processes and procedures reflect security requirements (if applicable);
b. ensuring that individuals accept and comply with the cyber security policy, supporting standards and procedures when they are issued and updated;
c. ensuring that cyber security responsibilities are incorporated in the job descriptions of key positions and cyber security staff.
4. The CISO should be responsible for:
a. developing and maintaining:
1. cyber security strategy;
2. cyber security policy;
3. cyber security architecture;
4. cyber security risk management process;
b. ensuring that detailed security standards and procedures are established, approved and implemented;
c. delivering risk-based cyber security solutions that address people, process and technology;
d. developing the cyber security staff to deliver cyber security solutions in a business context;
e. the cyber security activities across the Member Organization, including:
1. monitoring of the cyber security activities (SOC monitoring);
2. monitoring of compliance with cyber security regulations, policies, standards and procedures;
3. overseeing the investigation of cyber security incidents;
4. gathering and analyzing threat intelligence from internal and external sources;
5. performing cyber security reviews;
f. conducting cyber security risk assessments on the Members Organization's information assets;
g. proactively supporting other functions on cyber security, including:
1. performing information and system classifications;
2. determining cyber security requirements for important projects;
3. performing cyber security reviews.
h. defining and conducting the cyber security awareness programs;
i. measuring and reporting the KRIs and KPIs on:
1. cyber security strategy;
2. cyber security policy compliance;
3. cyber security standards and procedures;
4. cyber security programs (e.g., awareness program, data classification program, key cyber security improvements).
5. The internal audit function should be responsible for:
a. performing cyber security audits.
6. All Member Organization's staff should be responsible for:
a. complying with cyber security policy, standards and procedures.
3.1.5 Cyber Security in Project Management
Principle
Cyber security should be addressed in project management and project governance.
Objective
To ensure that the all the Member Organization's projects meet cyber security requirements.
Control considerations
1. Cyber security should be integrated into the Member Organization's project management methodology to ensure that cyber security risks are identified and addressed as part of a project.
2. The Member Organization's project management methodology should ensure that:
a. cyber security objectives are included in project objectives;
b. the cyber security function is part of all phases of the project;
c. a risk assessment is performed at the start of the project to determine the cyber security risks and to ensure that cyber security requirements are addressed either by the existing cyber security controls (based on cyber security standards) or to be developed;
d. cyber security risks are registered in the project-risk register and tracked;
e. responsibilities for cyber security are defined and allocated;
f. a cyber security review is performed by an independent internal or external party.
3.1.6 Cyber Security Awareness
Principle
A cyber security awareness program should be defined and conducted for staff, third parties and customers of the Member Organization.
Objective
To create a cyber security risk-aware culture where the Member Organization's staff, third parties and customers make effective risk-based decisions which protect the Member Organization's information.
Control considerations
1. The cyber security awareness programs should be defined, approved and conducted to promote cyber security awareness and to create a positive cyber security culture.
2. A cyber security awareness program should be defined and conducted for:
a. staff of the Member Organization;
b. third parties of the Member Organization;
c. customers of the Member Organization.
3. The cyber security awareness program should target cyber security behaviors by tailoring the program to address the different target groups through multiple channels.
4. The activities of the cyber security awareness program should be conducted periodically and throughout the year.
5. The cyber security awareness program should at a minimum include:
a. an explanation of cyber security measures provided;
b. the roles and responsibilities regarding cyber security;
c. information on relevant emerging cyber security events and cyber threats (e.g., spear-phishing, whaling).
6. The cyber security awareness program should be evaluated to:
a. measure the effectiveness of the awareness activities;
b. formulate recommendations to improve the cyber security awareness program.
7. Customer awareness should address for both retail and commercial customers and, at a minimum, include a listing of suggested cyber security mechanisms which customers may consider implementing to mitigate their own risk(s).
3.1.7 Cyber Security Training
Principle
Staff of the Member Organization should be provided with training regarding how to operate the Member Organization's systems securely and to address and apply cyber security controls.
Objective
To ensure that staff of the Member Organization are equipped with the skills and required knowledge to protect the Member Organization's information assets and to fulfil their cyber security responsibilities.
Control considerations
1. Specialist or security-related skills training should be provided to staff in the Member Organization's relevant functional area categories in line with their job descriptions, including:
a. key roles within the organization;
b. staff of the cyber security function;
c. staff involved in developing and (technically) maintaining information assets;
d. staff involved in risk assessments.
2. Education should be provided in order to equip staff with the skills and required knowledge to securely operate the Member Organization's information assets.
3.2 Cyber Security Risk Management and Compliance
Risk management is the ongoing process of identifying, analyzing, responding and monitoring and reviewing risks. The cyber security risk management process focusses specifically on managing risks related to cyber security. In order to manage cyber security risks, Member Organizations should:
• identify their cyber security risks - cyber security risk identification;
• determine the likelihood that cyber security risks will occur and the resulting impact - cyber security risk analysis;
• determine the appropriate response to cyber security risks and select relevant controls - cyber security risk response;
• monitor the cyber security risk treatment and review control effectiveness - cyber security risk monitoring and review.
The compliance with the cyber security controls should be subject to periodic review and audit.
3.2.1 Cyber Security Risk Management
Principle
A cyber security risk management process should be defined, approved and implemented, and should be aligned with the Member Organization's enterprise risk management process.
Objective
To ensure cyber security risks are properly managed to protect the confidentiality, integrity and availability of the Member Organization's information assets, and to ensure the cyber security risk management process is aligned with the Member Organization's enterprise risk management process.
Control considerations
1. The cyber security risk management process should be defined, approved and implemented.
2. The cyber security risk management process should focus on safeguarding the confidentiality, integrity and availability of information assets.
3. The cyber security risk management process should be aligned with the existing enterprise risk management process.
4. The cyber security risk management process should be documented and address:
a. risk identification;
b. risk analysis;
c. risk response;
d. risk monitoring and review.
5. The cyber security risk management process should address the Member Organization's information assets, including (but not limited to):
a. business processes;
b. business applications;
c. infrastructure components.
6. The cyber security risk management process should be initiated:
a. at an early stage of the project;
b. prior to critical change;
c. when outsourcing is being considered;
d. when launching new products and technologies.
7. Existing information assets should be periodically subject to cyber security risk assessment based on their classification or risk profile.
8. The cyber security risk management activities should involve:
a. business owners;
b. IT specialists;
c. cyber security specialists;
d. key user representatives.
9. The result of the risk assessment should be reported to the relevant business owner (i.e., risk owner) within the Member Organization;
10. The relevant business owner (i.e., risk owner) within the Member Organization should accept and endorse the risk assessment results.
11. The Member Organization's cyber security risk appetite and risk tolerance should be clearly defined and formally approved.
3.2.2 Regulatory Compliance
Principle
A process should be established by the Member Organization to identify, communicate and comply with the cyber security implications of relevant regulations.
Objective
To comply with regulations affecting cyber security of the Member Organization.
Control considerations
1. A process should be established for ensuring compliance with relevant regulatory requirements affecting cyber security across the Member Organization. The process of ensuring compliance should:
a. be performed periodically or when new regulatory requirements become effective;
b. involve representatives from key areas of the Member Organization;
c. result in the update of cyber security policy, standards and procedures to accommodate any necessary changes (if applicable).
3.2.3 Compliance with (Inter)national Industry Standards
Principle
The Member Organization should comply with mandatory (inter)national industry standards.
Objective
To comply with mandatory (inter)national industry standards.
Control considerations
1. The Member Organization should comply with:
a. Payment Card Industry Data Security Standard (PCI-DSS);
b. EMV (Europay, MasterCard and Visa) technical standard;
c. SWIFT Customer Security Controls Framework - March 2017.
3.2.4 Cyber Security Review
Principle
The cyber security status of the Member Organization’s information assets should be subject to periodic cyber security review.
Objective
To ascertain whether the cyber security controls are securely designed and implemented, and the effectiveness of these controls is being monitored.
Control considerations
1. Cyber security reviews should be periodically performed for critical information assets.
2. Customer and internet facing services should be subject to annual review and penetration tests.
3. Details of cyber security review performed should be recorded, including the results of review, issues identified and recommended actions.
4. The results of cyber security review should be reported to business owner.
5. Cyber security review should be subject to follow-up reviews to check that:
a. all identified issues have been addressed;
b. critical risks have been treated effectively;
c. all agreed actions are being managed on an ongoing basis.
3.2.5 Cyber Security Audits
Principle
The cyber security status of the Member Organization’s information assets should be subject to thorough, independent and regular cyber security audits performed in accordance with generally accepted auditing standards and SAMA cyber security framework.
Objective
To ascertain with reasonable assurance whether the cyber security controls are securely designed and implemented, and whether the effectiveness of these controls is being monitored.
Control considerations
1. Cyber security audits should be performed independently and according to generally accepted auditing standards and SAMA cyber security framework.
2. Cyber security audits should be performed according to the Member Organization’s audit manual and audit plan.
3.3 Cyber Security Operations and Technology
In order to safeguard the protection of the operations and technology of the Member Organization’s information assets and its staff, third parties and customers, the Member Organizations have to ensure that security requirements for their information assets and the supporting processes are defined, approved and implemented.
The compliance with these cyber security requirements should be monitored and the effectiveness of the cyber security controls should be periodically measured and evaluated in order to identify potential revisions of the controls or measurements.
3.3.1 Human Resources
Principle
The Member Organization should incorporate cyber security requirements into human resources processes.
Objective
To ensure that Member Organization staff’s cyber security responsibilities are embedded in staff agreements and staff are being screened before and during their employment lifecycle.
Control considerations
1. The human resources process should define, approve and implement cyber security requirements.
2. The effectiveness of the human resources process should be monitored, measured and periodically evaluated.
3. The human resource process should include:
a. cyber security responsibilities and non-disclosure clauses within staff agreements (during and after the employment);
b. staff should receive cyber security awareness at the start and during their employment;
c. when disciplinary actions will be applicable;
d. screening and background check;
e. post-employment cyber security activities, such as:
1. revoking access rights;
2. returning information assets assigned (e.g., access badge, tokens, mobile devices, all electronic and physical information).
3.3.2 Physical Security
Principle
The Member Organization should ensure all facilities which host information assets are physically protected against intentional and unintentional security events.
Objective
To prevent unauthorized physical access to the Member Organization information assets and to ensure its protection.
Control considerations
1. The physical security process should be defined, approved and implemented.
2. The effectiveness of the physical security process should be monitored, measured and periodically evaluated.
3. The physical security process should include (but not limited to):
a. physical entry controls (including visitor security);
b. monitoring and surveillance (e.g., CCTV, ATMs GPS tracking, sensitivity sensors);
c. protection of data centers and data rooms;
d. environmental protection;
e. protection of information assets during lifecycle (including transport and secure disposal, avoiding unauthorized access and (un)intended data leakage.
3.3.3 Asset Management
Principle
The Member Organization should define, approve, implement, communicate and monitor an asset management process, which supports an accurate, up-to-date and unified asset register.
Objective
To support the Member Organization in having an accurate and up-to-date inventory and central insight in the physical / logical location and relevant details of all available information assets, in order to support its processes, such as financial, procurement, IT and cyber security processes.
Control considerations
1. The asset management process should be defined, approved and implemented.
2. The effectiveness of the asset management process should be monitored, measured and periodically evaluated.
3. The asset management process should include:
a. a unified register;
b. ownership and custodianship of information assets;
c. the reference to relevant other processes, depending on asset management;
d. information asset classification, labeling and handling;
e. the discovery of new information assets.
3.3.4 Cyber Security Architecture
Principle
The Member Organization should define, follow and review the cyber security architecture, which Outlines the cyber security requirements in the enterprise architecture and addresses the design principles for developing cyber security capabilities.
Objective
To support the Member Organization in achieving a strategic, consistent, cost effective and end-to-end cyber security architecture.
Control considerations
1. The cyber security architecture should be defined, approved and implemented.
2. The compliance with the cyber security architecture should be monitored.
3. The cyber security architecture should include:
a. a strategic outline of cyber security capabilities and controls based on the business requirements;
b. approval of the defined cyber security architecture;
c. the requirement of having qualified cyber security architects;
d. design principles for developing cyber security controls and applying cyber security requirements (i.e., the security-by-design principle);
e. periodic review of the cyber security architecture.
3.3.5 Identity and Access Management
Principle
The Member Organization should restrict access to its information assets in line with their business requirements based on the need-to-have or need-to-know principles.
Objective
To ensure that the Member Organization only provides authorized and sufficient access privileges to approved users.
Control considerations
1. The identity and access management policy, including the responsibilities and accountabilities, should be defined, approved and implemented.
2. The compliance with the identity and access policy should be monitored.
3. The effectiveness of the cyber security controls within the identity and access management policy should be measured and periodically evaluated.
4. The identity and access management policy should include:
a. business requirements for access control (i.e., need-to-have and need-to-know);
b. user access management (e.g., joiners, movers, leavers):
1. all identified user types should be covered (i.e., internal staff, third parties);
2. changes of job status or job positions for internal staff (e.g. joiner, mover and leaver) should be instigated by the human resources department;
3. changes for external staff or third parties should be instigated by the appointed accountable party;
4. user access requests are formally approved in accordance with business and compliance requirements (i.e., need-to-have and need-to-know to avoid unauthorized access and (un)intended data leakage));
5. changes in access rights should be processed in a timely manner;
6. periodically user access rights and profiles should be reviewed;
7. an audit trail of submitted, approved and processed user access requests and revocation requests should be established;
c. user access management should be supported by automation;
d. centralization of the identity and access management function;
e. multi-factor authentication for sensitive and critical systems and profiles;
f. privileged and remote access management, which should address:
1. the allocation and restricted use of privileged and remote access, specifying:
a. multi-factor authentication should be used for all remote access;
b. multi-factor authentication should be used for privilege access on critical systems based on a risk assessment;
2. the periodic review of users with privileged and remote accounts;
3. individual accountability;
4. the use of non-personal privileged accounts, including:
a. limitation and monitoring;
b. confidentiality of passwords;
c. changing passwords frequently and at the end of each session.
3.3.6 Application Security
Principle
The Member Organization should define, approve and implement cyber security standards for application systems. The compliance with these standards should be monitored and the effectiveness of these controls should be measured and periodically evaluated.
Objective
To ensure that sufficient cyber security controls are formally documented and implemented for all applications, and that the compliance is monitored and its effectiveness is evaluated periodically within the Member Organization.
Control considerations
1. The application cyber security standards should be defined, approved and implemented.
2. The compliance with the application security standards should be monitored.
3. The effectiveness of the application cyber security controls should be measured and periodically evaluated.
4. Application development should follow the approved secure system development life cycle methodology (SDLC).
5. The application security standard should include:
a. secure coding standards;
b. the cyber security controls implemented (e.g., configuration parameters, events to monitor and retain [including system access and data], identity and access management);
c. the segregation of duties within the application (supported with a documented authorization matrix);
d. the protection of data aligned with the (agreed) classification scheme (including privacy of customer data and, avoiding unauthorized access and (un)intended data leakage);
e. vulnerability and patch management;
f. back-up and recovery procedures;
g. periodic cyber security compliance review.
3.3.7 Change Management
Principle
The Member Organization should define, approve and implement a change management process that controls all changes to information assets. The compliance with the process should be monitored and the effectiveness should be measured and periodically evaluated.
Objective
To ensure that all change in the information assets within the Member Organization follow a strict change control process.
Control considerations
1. The change management process should be defined, approved and implemented.
2. The compliance with the change management process should be monitored.
3. The effectiveness of the cyber security controls within the change management process should be measured and periodically evaluated.
4. The change management process should include:
a. cyber security requirements for controlling changes to information assets, such as assessing the impact of requested changes, classification of changes and the review of changes;
b. security testing, which should (if applicable) include:
1. penetration testing;
2. code review if applications are developed internally;
3. code review of externally developed applications and if the source code is available
4. a code review report (or equivalent, such as an independent assurance statement) in case the source code cannot be provided;
c. approval of changes by the business owner;
d. approval from the cyber security function before submitting to Change Advisory Board (CAB);
e. approval by CAB;
f. post-implementation review of the related cyber security controls;
g. development, testing and implementation are segregated for both the (technical) environment and involved individuals;
h. the procedure for emergency changes and fixes;
i. fall-back and roll-back procedures.
3.3.8 Infrastructure Security
Principle
The Member Organization should define, approve and implement cyber security standards for their infrastructure components. The compliance with these standards should be monitored and the effectiveness should be measured and periodically evaluated.
Objective
To support that all cyber security controls within the infrastructure are formally documented and the compliance is monitored and its effectiveness is evaluated periodically within the Member Organization.
Control considerations
1. The infrastructure security standards should be defined, approved and implemented.
2. The compliance with the infrastructure security standards should be monitored.
3. The effectiveness of the infrastructure cyber security controls should be measured and periodically evaluated.
4. The infrastructure security standards should cover all instances of infrastructure available in the main datacenter(s), the disaster recovery data site(s) and office spaces.
5. The infrastructure security standards should cover all instances of infrastructure (e.g., operating systems, servers, virtual machines, firewalls, network devices, IDS, IPS, wireless network, gateway servers, proxy servers, email gateways, external connections, databases, file-shares, workstations, laptops, tablets, mobile devices, PBX).
6. The infrastructure security standard should include:
a. the cyber security controls implemented (e.g., configuration parameters, events to monitor and retain [including system access and data], data-leakage prevention [DLP], identity and access management, remote maintenance);
b. the segregation of duties within the infrastructure component (supported with a documented authorization matrix);
c. the protection of data aligned with the (agreed) classification scheme (including privacy of customer data and, avoiding unauthorized access and (un)intended data leakage);
d. the use of approved software and secure protocols;
e. segmentation of networks;
f. malicious code/software and virus protection (and applying application whitelisting and APT protection);
g. vulnerability and patch management;
h. DDOS protection (where applicable); this should include:
1. the use of scrubbing services;
2. specification of the bandwidth agreed;
3. 24x7 monitoring by Security Operating Center (SOC), Service Provider (SP) and scrubbing provider;
4. testing of DDOS scrubbing (minimum twice a year);
5. DDOS services should be implemented for the main datacenter(s) as well as the disaster recovery site(s);
i. back-up and recovery procedures;
j. periodic cyber security compliance review.
3.3.9 Cryptography
Principle
The use of cryptographic solutions within the Member Organizations should be defined, approved and implemented.
Objective
To ensure that access to and integrity of sensitive information is protected and the originator of communication or transactions can be confirmed.
Control considerations
1. A cryptographic security standard should be defined, approved and implemented.
2. The compliance with the cryptographic security standard should be monitored.
3. The effectiveness of the cryptographic security controls should be measured and periodically evaluated.
4. The cryptographic security standard should include:
a. an overview of the approved cryptographic solutions and relevant restrictions (e.g., technically,legally);
b. the circumstances when the approved cryptographic solutions should be applied;
c. the management of encryption keys, including lifecycle management, archiving and recovery.
3.3.10 Bring Your Own Device (BYOD)
Principle
When the Member Organization allows the use of personal devices (e.g., smartphones, tablets, laptops) for business purposes, the use should be supported by a defined, approved and implemented cyber security standard, additional staff agreements and a cyber security awareness training.
Objective
To ensure that business and sensitive information of the Member Organization is securely handled by staff and protected during transmission and storage, when using personal devices.
Control considerations
1. The BYOD cyber security standard should be defined, approved and implemented.
2. The compliance with the BYOD cyber security standard should be monitored.
3. The effectiveness of the BYOD cyber security controls should be measured and periodically evaluated.
4. The BYOD standard should include:
a. responsibilities of the user (including awareness training);
b. information regarding the restrictions and consequences for staff when the Member Organization implements cyber security controls on their personal devices; for example when using modified devices (jailbreaking), terminating the employment or in case of loss or theft of the personal device;
c. the isolation of business information from personal information (e.g., containerization);
d. the regulation of corporate mobile applications or approved “public” mobile applications;
e. the use of mobile device management (MDM); applying access controls to the device and business container and encryption mechanisms on the personal device (to ensure secure transmission and storage).
3.3.11 Secure Disposal of Information Assets
Principle
The information assets of the Member Organization should be securely disposed when the information assets are no longer required.
Objective
To ensure that the Member Organization’s business, customer and other sensitive information are protected from leakage or unauthorized disclosure when disposed.
Control considerations
1. The secure disposal standard and procedure should be defined, approved and implemented.
2. The compliance with the secure disposal standard and procedure should be monitored.
3. The effectiveness of the secure disposal cyber security controls should be measured and periodically evaluated.
4. Information assets should be disposed in accordance with legal and regulatory requirements, when no longer required (i.e. meeting data privacy regulations to avoid unauthorized access and avoid (un)intended data leakage).
5. Sensitive information should be destroyed using techniques to make the information non-retrievable (e.g., secure erase, secure wiping, incineration, double crosscut, shredding)
6. The Member Organization should ensure that third party service providers used for secure disposal, transport and storage comply with the secure disposal standard and procedure and the effectiveness is periodically measured and evaluated.
3.3.12 Payment Systems
Principle
The Member Organization should define, approve, implement and monitor a cyber security standard for payment systems. The effectiveness of this process should be measured and periodically evaluated.
Objective
To ensure the Member Organization safeguards the confidentiality and integrity of shared banking systems.
Control considerations
• For Saudi Arabian Riyal Interbank Express (SARIE) information, please refer to the SARIE Information Security Policy, Version Issue 1.0 - June 2016.
• For mada information, please refer to the following sections in the mada Rules and Standards Technical Book (see appendix A):
• Part IIIa - Security Framework, Version Issue 6.0.0 - May 2016
• Part IIIb - HSM Requirements, Version Issue 6.0.0 - May 2016
• SAMA CA IPK Certificate Procedures, Version Issue 6.0.1 - October 2016
3.3.13 Electronic Banking Services
Principle
The Member Organization should define, approve, implement and monitor a cyber security standard for electronic banking services. The effectiveness of this standard should be measured and periodically evaluated.
Objective
To ensure the Member Organization safeguards the confidentiality and integrity of the customer information and transactions.
Control Considerations
1. The cyber security standards for electronic banking services should be defined, approved and implemented.
2. The compliance with cyber security standards for electronic banking services should be monitored.
3. The effectiveness of the cyber security standard for electronic banking services should be measured and periodically evaluated.
4. Electronic banking services security standard should cover:
a. use of brand protection measures to protect online services including social media.
b. online, mobile and phone banking:
1. use of official application stores and websites (applicable for online and mobile banking);
2. use of detection measures and take-down of malicious apps and websites (applicable for online and mobile banking);
3. use of sandboxing (applicable for online and mobile banking);
4. use of non-caching techniques (applicable for online and mobile banking);
5. use of communication techniques to avoid ‘man-in-the-middle'-attacks (applicable for online and mobile banking);
6. use of multi-factor authentication mechanisms:
a. multi-factor authentication should be used during the registration process for the customer in order to use of electronic banking services;
b. multi-factor authentication should be implemented for all electronic banking services available to customers;
c. the use of hard and soft tokens should be password protected;
d. revoking the access of customers after 3 successive incorrect passwords or invalid PINs;
e. the process for changing the customer mobile number should only be done from either a branch or ATM;
f. the processes for requesting and activating of the multi-factor authentication should be done through different delivery channels;
g. multi-factor authentication should be implemented for the following processes:
1. sign-on;
2. adding or modifying beneficiaries;
3. adding utility and government payment services;
4. high-risk transactions (when it exceeds predefined limits);
5. password reset;
7. the processes for adding and activating beneficiaries should be done through different delivery channels (applicable for mobile and online banking);
8. high availability of the electronic banking services should be ensured;
9. scheduled downtime of the electronic banking services should be timely communicated to SAMA and customers;
10. contractual agreements between the Member Organization and the customer addressing the roles, responsibilities and liabilities for both the Member Organization and the customers;
11. obtaining approval of SAMA before launching a new electronic banking service.
c. ATMs and POSs:
1. prevention and detection of exploiting the ATM/POS application and infrastructure vulnerabilities (e.g., cables, (USB)-ports, rebooting);
2. cyber security measures, such as hardening of operating systems, malware protection, privacy screens, masking of passwords or account numbers (e.g., screen and receipt), geo-blocking (e.g., disable cards per default for outside GCC countries, disable magnetic strip transactions), video monitoring (CCTV), revoking cards after 3 successive invalid PINs, anti-skimming solutions (hardware/software), and PIN-pad protection;
3. remote stopping of ATMs in case of malicious activities.
d. SMS instant notification services:
1. SMS messages should not contain sensitive data (e.g., account balance - except for credit cards);
2. SMS alert should be sent to both mobile numbers (old and new) when the customer’s mobile number has been changed;
3. SMS notification should be sent to the customer’s mobile number when requesting a new multi-factor authentication mechanism.
4. SMS notification should be sent to the customer’s mobile number for all retail and personal financial transactions.
5. SMS notification should be sent to the customer’s mobile number when beneficiaries are added, modified and activated.
3.3.14 Cyber Security Event Management
Principle
The Member Organization should define, approve and implement a security event management process to analyze operational and security loggings and respond to security events. The effectiveness of this process should be measured and periodically evaluated.
Objective
To ensure timely identification and response to anomalies or suspicious events within regard to information assets.
Control considerations
1. The security event management process should be defined, approved and implemented.
2. The effectiveness of the cyber security controls within the security event management process should be measured and periodically evaluated.
3. To support this process a security event monitoring standard should be defined, approved and implemented.
a. the standard should address for all information assets the mandatory events which should be monitored, based on the classification or risk profile of the information asset.
4. The security event management process should include requirements for:
a. the establishment of a designated team responsible for security monitoring (i.e., Security Operations Center (SOC));
b. skilled and (continuously) trained staff;
c. a restricted area to facilitate SOC activities and workspaces;
d. resources required continuous security event monitoring activities (24x7);
e. detection and handling of malicious code and software;
f. detection and handling of security or suspicious events and anomalies;
g. deployment of security network packet analysis solution;
h. adequately protected logs;
i. periodic compliance monitoring of applications and infrastructure cyber security standards
j. automated and centralized analysis of security loggings and correlation of event or patterns (i.e., Security Information and Event Management (SIEM));
k. reporting of cyber security incidents;
l. independent periodic testing of the effectiveness of the security operations center (e.g., red- teaming).
3.3.15 Cyber Security Incident Management
Principle
The Member Organization should define, approve and implement a cyber security incident management that is aligned with the enterprise incident management process, to identify, respond to and recover from cyber security incidents. The effectiveness of this process should be measured and periodically evaluated.
Objective
To ensure timely identification and handling of cyber security incidents in order to reduce the (potential) business impact for the Member Organization.
Control considerations
1. The cyber security incident management process should be defined, approved, implemented and aligned with the enterprise incident management process.
2. The effectiveness of the cyber security controls within the cyber security incident management process should be measured and periodically evaluated.
3. The standard should address the mandatory and suspicious security events which should be responded to.
4. The security incident management process should include requirements for:
a. the establishment of a designated team responsible for security incident management;
b. skilled and (continuously) trained staff;
c. sufficient capacity available of certified forensic staff for handling major incidents (e.g., internal staff or contracting an external forensic team);
d. a restricted area to facilitate the computer emergency response team (CERT) workspaces;
e. the classification of cyber security incidents;
f. the timely handling of cyber security incidents, recording and monitoring progress;
g. the protection of relevant evidence and loggings;
h. post-incident activities, such as forensics, root-cause analysis of the incidents;
i. reporting of suggested improvements to the CISO and the Committee;
j. establish a cyber security incident repository.
5. The Member Organization should inform ‘SAMA IT Risk Supervision' immediately when a medium or high classified security incident has occurred and identified.
6. The Member Organization should obtain ‘no objection' from ‘SAMA IT Risk Supervision' before any media interaction related to the incident.
7. The Member Organization should submit a formal incident report ‘SAMA IT Risk Supervision' after resuming operations, including the following incident details:
a. title of incident;
b. classification of the incident (medium or high);
c. date and time of incident occurred;
d. date and time of incident detected;
e. information assets involved;
f. (technical) details of the incident;
g. root-cause analysis;
h. corrective activities performed and planned;
i. description of impact (e.g., loss of data, disruption of services, unauthorized modification of data, (un)intended data leakage, number of customers impacted);
j. total estimated cost of incident;
k. estimated cost of corrective actions.
3.3.16 Threat Management
Principle
The Member Organization should define, approve and implement a threat intelligence management process to identify, assess and understand threats to the Member Organization information assets, using multiple reliable sources. The effectiveness of this process should be measured and periodically evaluated.
Objective
To obtain an adequate understanding of the Member Organization’s emerging threat posture.
Control considerations
1. The threat intelligence management process should be defined, approved and implemented.
2. The effectiveness of the threat intelligence management process should be measured and periodically evaluated.
3. The threat intelligence management process should include:
a. the use of internal sources, such as access control, application and infrastructure logs, IDS, IPS, security tooling, Security Information and Event Monitoring (SIEM), support functions (e.g., Legal, Audit, IT Helpdesk, Forensics, Fraud Management, Risk Management, Compliance);
b. the use of reliable and relevant external sources, such as SAMA, government agencies, security forums, (security) vendors, security organizations and specialist notification services;
c. a defined methodology to analyze the threat information periodically;
d. the relevant details on identified or collected threats, such as modus operandi, actors, motivation and type of threats;
e. the relevance of the derived intelligence and the action-ability for follow-up (for e.g., SOC, Risk Management);
f. sharing the relevant intelligence with the relevant stakeholders (e.g., SAMA, BCIS members).
3.3.17 Vulnerability Management
Principle
The Member Organization should define, approve and implement a vulnerability management process for the identification and mitigation of application and infrastructural vulnerabilities. The effectiveness of this process should be measured and the effectiveness should be periodically evaluated.
Objective
To ensure timely identification and effective mitigation of application and infrastructure vulnerabilities in order to reduce the likelihood and business impact for the Member Organization.
Control considerations
1. The vulnerability management process should be defined, approved and implemented.
2. The effectiveness of the vulnerability management process should be measured and periodically evaluated.
3. The vulnerability management process should include:
a. all information assets;
b. frequency of performing the vulnerability scan (risk-based);
c. classification of vulnerabilities;
d. defined timelines to mitigate (per classification);
e. prioritization for classified information assets;
f. patch management and method of deployment.
3.4 Third Party Cyber Security
When Member Organizations do rely on, or have to deal with third party services, it is key to ensure the same level of cyber security protection is implemented at the third party, as within the Member Organization.
This paragraph describes how the cyber security requirements between the Member Organization and Third Parties should be organized, implemented and monitored. Third Parties in this Framework are defined as, information services providers, outsourcing providers, cloud computing providers, vendors, suppliers, governmental agencies, etc.
3.4.1 Contract and Vendor Management
Principle
The Member Organization should define, approve, implement and monitor the required cyber security controls within the contract and vendor management processes.
Objective
To ensure that the Member Organization's approved cyber security requirements are appropriately addressed before signing the contract, and the compliance with the cyber security requirements is being monitored and evaluated during the contract life-cycle.
Control Considerations
1. The cyber security requirements should be defined, approved, implemented and communicated within the contract and vendor management processes.
2. The compliance with contract and vendor management process should be monitored.
3. The effectiveness of the cyber security controls within the contract and vendor management process should be measured and periodically evaluated.
4. These contract and vendor management processes should cover:
a. whether the involvement of the cyber security function is actively required (e.g., in case of due diligence);
b. the baseline cyber security requirements which should be applied in all cases;
c. the right to periodically perform cyber security reviews and audits.
5. The contract management process should cover requirements for:
a. executing a cyber security risk assessment as part of the procurement process;
b. defining the specific cyber security requirements as part of the tender process;
c. evaluating the replies of potential vendors on the defined cyber security requirements;
d. testing of the agreed cyber security requirements (risk-based);
e. defining the communication or escalation process in case of cyber security incidents;
f. ensuring cyber security requirements are defined for exiting, terminating or renewing the contract (including escrow agreements if applicable);
g. defining a mutual confidentiality agreement.
6. The vendor management process (i.e., service level management) should cover requirements for:
a. periodic reporting, reviewing and evaluating the contractually agreed cyber security requirements (in SLAs).
3.4.2 Outsourcing
Principle
The Member Organization should define, implement and monitor the required cyber security controls within outsourcing policy and outsourcing process. The effectiveness of the defined cyber security controls should periodically be measured and evaluated.
Objective
To ensure that the Member Organization's cyber security requirements are appropriately addressed before, during and while exiting outsourcing contracts.
Control Considerations
1. The cyber security requirements within the outsourcing policy and process should be defined, approved, implemented and communicated within Member Organization.
2. The cyber security requirements regarding the outsourcing policy and process should be measured and periodically evaluated.
3. The outsourcing process should include:
a. the approval from SAMA prior to material outsourcing;
b. the involvement of the cyber security function;
c. compliance with the SAMA circular on outsourcing.
3.4.3 Cloud Computing
Principle
The Member Organization should define, implement and monitor the required cyber security controls within the cloud computing policy and process for hybrid and public cloud services. The effectiveness of the defined cyber security controls should periodically be measured and evaluated.
Please note that this requirement is not applicable to private cloud services (= internal cloud).
Objective
To ensure that all functions and staff within the Member Organization are aware of the agreed direction and position on hybrid and public cloud services, the required process to apply for hybrid and public cloud services, the risk appetite on hybrid and public cloud services and the specific cyber security requirements for hybrid and public cloud services.
Control Considerations
1. The cyber security controls within the cloud computing policy for hybrid and public cloud services should be defined, approved and implemented and communicated within Member Organization.
2. The compliance with the cloud computing policy should be monitored.
3. The cyber security controls regarding the cloud computing policy and process for hybrid and public cloud services should be periodically measured and evaluated.
4. The cloud computing policy for hybrid and public cloud services should address requirements for:
a. the process for adopting cloud services, including that:
1. a cyber security risk assessment and due diligence on the cloud service provider and its cloud services should be performed;
2. the Member Organization should obtain SAMA approval prior to using cloud services or signing the contract with the cloud provider;
3. a contract should be in place, including the cyber security requirements, before using cloud services;
b. data location, including that:
1. in principle only cloud services should be used that are located in Saudi Arabia, or when cloud services are to be used outside Saudi Arabia that the Member Organization should obtain explicit approval from SAMA;
c. data use limitations, including that:
1. the cloud service provider should not use the Member Organization’s data for secondary purposes;
d. security, including that:
1. the cloud service provider should implement and monitor the cyber security controls as determined in the risk assessment for protecting the confidentiality, integrity and availability of the Member Organization’s data;
e. data segregation, including that:
1. the Member Organization’s data is logically segregated from other data held by the cloud service provider, including that the cloud service provider should be able to identify the Member Organization’s data and at all times should be able to distinguish it from other data.
f. business continuity, including that:
1. business continuity requirements are met in accordance with the Member Organization’s business continuity policy;
g. audit, review and monitoring, including that:
1. the Member Organization has the right to perform a cyber security review at the cloud service provider;
2. the Member Organization has the right to perform a cyber security audit at the cloud service provider;
3. the Member Organization has the right to perform a cyber security examination at the cloud service provider;
h. exit, including that:
1. the Member Organization has termination rights;
2. the cloud service provider has to return the Member Organization’s data on termination;
3. the cloud service provider has to irreversibly delete the Member Organization’s data on termination.
Appendices
Appendix A - Overview Previous Issued SAMA Circulars
Appendix B - How to Request an Update to the Framework
Below the illustration of the process for requesting an update to the Framework.
• Detail information supported by pros and cons about the suggested update.
• The request should first be approved by CISO before submitting to cyber security committee.
• The request should be approved by Member Organization's cyber steering committee.
• The request should be sent formally in writing to SAMA via the Member Organization's CEO or managing director to the deputy governor of Supervision.
• ‘SAMA IT Risk Supervision' will evaluate the request and informs the Member Organization.
• The current Framework remains applicable while the requested update is being considered, processed and if applicable is approved and processed.
Appendix C – Framework Update Request Form
Request to Update the SAMA Cyber Security Framework
A submission to the deputy governor of SAMA IT Risk Supervision
The Saudi Arabian Monetary Authority (SAMA) will consider requests from a member organization (MO) to update its Cyber Security Framework based on the information submitted using the form below. A separate form must be completed for each requested update. Please note that all required fields must be properly filled in before SAMA will begin the review process
Requestor Information
REQUESTOR'S SIGNATURE*
xREQUESTOR'S POSITION* DATE* REQUESTOR'S NAME*
MEMBER ORGANIZATION OF REQUESTOR*
FRAMEWORK SECTION*:
PURPOSE OF REQUESTED UPDATE (including detailed information on its pros and cons)*:
PROPOSAL*:
Approvals
1. MO’s CISO APPROVAL*
DATE*
2. MO’S CYBER SECURITY COMMITTEE APPROVAL*
APPROVER’S POSITION*
DATE*
* Denotes required fields
Appendix D - How to Request a Waiver from the Framework
Below the illustration of the process for requesting a waiver from the Framework.
• Detail description about the reasons that the bank could not meet the required control.
• Details description about the available or suggested compensating controls.
• The waiver request should first be approved by CISO before submitting to cyber security committee.
• The waiver request should approved by the members of Member Organization's cyber security committee.
• The waiver request should be signed by the CISO and relevant (business) owner.
• The waiver request should be formally issued in writing to SAMA via the Member Organization's CEO or managing director to the deputy governor of Supervision.
• ‘SAMA IT Risk Supervision' will evaluate the waiver request and informs the Member Organization.
• The current Framework remains applicable while the requested waiver is being evaluated and processed, until the moment of granting the waiver.
Appendix E – Framework Waiver Request Form
Request for Waiver from the SAMA Cyber Security Framework
A submission to the deputy governor of SAMA IT Risk Supervision
The Saudi Arabian Monetary Authority (SAMA) will consider requests for waiver from a member organization (MO) from its Cyber Security Framework based on the information submitted using the form below. A separate form must be completed for each requested waiver. Please note that all required fields must be properly filled in before SAMA will begin the review process.
Requestor Information
REQUESTOR'S SIGNATURE*
xREQUESTOR'S POSITION* DATE* REQUESTOR'S NAME*
MEMBER ORGANIZATION OF REQUESTOR*
FRAMEWORK CONTROL*:
DETAILED DESCRIPTION OF WHY CONTROL CANNOT BE IMPLEMENTED*:
DETAILED DESCRIPTION OF AVAILABLE OR SUGGESTED COMPENSATING CONTROLS*:
Approvals
1. MO’s CISO APPROVAL*
DATE*
2. MO’S CYBER SECURITY COMMITTEE APPROVAL*
APPROVER’S POSITION*
DATE*
* Denotes required fields
Appendix F - Glossary
Term
Description Access management
Access management is the process of granting authorized users the right to use a service, while preventing access to non-authorized users. Anti-skimming solution
A solution that monitors an ATM or POS environment for illegally mounted intrusion mechanisms (both hard- and software). Application whitelisting
A list of applications and application components (libraries, configuration files, etc.) that are authorized to be present or active on a host according to a well- defined baseline. Application whitelisting technologies are intended to stop the execution of malware and other unauthorized software. Unlike security technologies such as antivirus software, which use blacklists to block known bad activity and permit all other, application whitelisting technologies are designed to permit known activity and block all other. (NIST SP 800-167 Guide to Application Whitelisting) APT
An advanced persistent threat (APT) is an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. (NISTIR 7298r2 Glossary of Key Information Security Terms) Asset management
The systematic process of deploying, operating, maintaining, upgrading, and disposing of assets in a safe, secure and cost effective manner. Assurance
Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. “Adequately met” includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass. (NISTIR 7298r2 Glossary of Key Information Security Terms) Audit trail
A record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period. (NISTIR 7298r2 Glossary of Key Information Security Terms) Authorization matrix
A matrix that defines the rights and permissions a specific role needs for information. The matrix lists each user, the business process tasks he or she performs, and the affected systems. Availability
Ensuring timely and reliable access to and use of information. (NISTIR 7298r2 Glossary of Key Information Security Terms) Business applications
Any software or set of computer programs that are used by business users to perform various business functions. Business continuity
The capability of an organization to continue delivery of IT and business services at acceptable predefined levels following a disruptive incident. (ISO 22301:2012 Societal security -- Business continuity management systems) BYOD
Bring your own device (BYOD) refers to personally owned devices (laptops, tablets, and smart phones) that employees and contractors are permitted to use to carry out business functions. CCTV
Closed-circuit television (CCTV) is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. CEO
The Chief Executive Officer (CEO) is the executive with the chief decision-making authority in an organization. CERT
A computer emergency response team (CERT) is a group of experts that handle computer security incidents. Change management
The controlled identification and implementation of required changes within a business or information systems. CIO
Chief information officer (CIO). A senior-level executive responsible for the information technology and computer systems that support enterprise goals. CISO
Chief information security officer (CISO). A senior-level executive responsible for establishing and maintaining the enterprise cyber security vision, strategy, and program to ensure information assets and technologies are adequately protected. Classification scheme
Refer to 'Data classification'. Cloud computing
A model for enabling on-demand network access to a shared pool of configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them. This cloud model is composed of five essential characteristics (on-demand self-service, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service); three service delivery models: (Cloud Software as a Service [SaaS], Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]); and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud). (NISTIR 7298r2 Glossary of Key Information Security Terms) Compensating Security Control
A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in place of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. (NISTIR 7298r2 Glossary of Key Information Security Terms) Confidentiality
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (NISTIR 7298r2 Glossary of Key Information Security Terms) Containerization
A virtualization method for deploying and running distributed applications without launching a virtual machine for each application. Instead, multiple isolated systems run on a single control host and access a single kernel. Control effectiveness
The measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance. (NISTIR 7298r2 Glossary of Key Information Security Terms) COO
Chief Operating Officer. A senior-level executive responsible for the daily operation of the organization. Cryptographic solutions
Solutions pertaining to cryptography. Refer to 'Cryptography'. Cryptography
The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification. (NISTIR 7298r2 Glossary of Key Information Security Terms) Custodianship
Responsibility for controlling the access to and the accounting, safeguarding, and destruction of information according to an organization's security policy . Cyber risk
The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. (NISTIR 7298r2 Glossary of Key Information Security Terms) Cyber security
Cyber security is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the member organization's information assets against internal and external threats. An embedded, integral part of the enterprise architecture that describes the structure and behavior for the enterprise's security processes, cyber security systems, personnel and organizational sub-units, showing their alignment with the enterprise's mission and strategic plans. (NISTIR 7298r2 Glossary of Key Information Security Terms) Independent review and examination of security-related records and activities to provide reasonable assurance that system controls are adequate and that established policies and operational procedures are compliant. (NISTIR 7298r2 Glossary of Key Information Security Terms) Activities which seek to focus an individual's attention on a cyber security issues. (NISTIR 7298r2 Glossary of Key Information Security Terms) Cyber security awareness program
A program that explains proper rules of behavior for the safe and secure use of IT systems and information. The program communicates cyber security policies and procedures that need to be followed. Cyber security control
The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (NISTIR 7298r2 Glossary of Key Information Security Terms) Cyber security examination
A review of security-related records and activities of records and activities to assess the adequacy of system controls and to ensure compliance with established policies and operational procedures. An examination does not provide assurance. Cyber security function
A function, independent from the information technology function, that is headed by a CISO and that reports directly to the CEO/managing director of the Member Organization or general manager of a control function.
The information security function is responsible for:
– supporting information security policies, defining information security roles and responsibilities, and setting information security goals for implementation; – providing information security and information risk management frameworks; – identifying known and emerging information security issues; – identifying shifts in the organization's implicit information risk appetite; – assisting management in developing information security processes and controls to manage information security risks and information security issues; – providing guidance and training on information security and information risk management processes; – facilitating and monitoring implementation of effective information security and information risk management practices by operational management; – alerting operational management to emerging information security issues and changing regulatory and information risk scenarios; – monitoring the adequacy and effectiveness of internal control, accuracy and completeness of reporting, compliance with laws and regulations in connection with information security , and timely remediation of deficiencies. A set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction for cyber security, ensuring that cyber security objectives are achieved, ascertaining that cyber risks are managed appropriately and verifying that the enterprise's resources are used responsibly. Cyber security incident
An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. (NISTIR 7298r2 Glossary of Key Information Security Terms) The monitoring and detection of security events on an information systems and the execution of proper responses to those events. A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data. (NISTIR 7298r2 Glossary of Key Information Security Terms) Cyber security program
Top-down management structure and mechanism for coordinating security activities throughout the organization. Independent review and examination of security-related records and activities to provide limited assurance that system controls are adequate and that established policies and operational procedures are compliant. (NISTIR 7298r2 Glossary of Key Information Security Terms) Cyber security risk assessment
The process of identifying risks to organizational operations, organizational assets, individuals, other organizations, and the nation, arising through the operation of an information system. A part of risk management, it incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. (NISTIR 7298r2 Glossary of Key Information Security Terms) The process of managing risks to organizational operations, organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and consists of (i) a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system. (NISTIR 7298r2 Glossary of Key Information Security Terms) A high-level plan, consisting of projects and initiatives, to mitigate cyber security risks while complying with legal, statutory, contractual, and internally prescribed requirements. Cyber security threat
Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (NISTIR 7298r2 Glossary of Key Information Security Terms) Data classification
The conscious decision to assign a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted. The classification of the data should then determine the extent to which the data needs to be controlled / secured and is also indicative of its value in terms of business assets. Double crosscut
A technique using saws or blades to cut media into confetti-sized bits. Enterprise architecture
The description of an enterprise's entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise's boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise's overall security posture. (NISTIR 7298r2 Glossary of Key Information Security Terms) Enterprise risk management
The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary. (NISTIR 7298r2 Glossary of Key Information Security Terms) Fall-back
Business procedures and measures, undertaken when events have triggered the execution of either a business continuity plan or a contingency plan. Forensics
The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. (NISTIR 7298r2 Glossary of Key Information Security Terms) Formally documented
Documentation that is written, approved by the senior leadership and disseminated to relevant parties. Gateway server
Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures. It directs, but does not filter, connections between networks. See also ‘Proxy server’. GCC countries
Members of the Gulf Cooperation Council (GCC), a political and economic alliance of the Kingdom of Bahrain, the State of Kuwait, the Sultanate of Oman, the State of Qatar, the Kingdom of Saudi Arabia and the United Arab Emirates. Geo-blocking
A form of internet censorship where access to content is restricted based upon the user's geographical location. Hard token
A hard token (a.k.a. an 'authentication token') is a hardware security device that is used to authorize a user to a system. Some hard tokens are used in combination with other security measures to further enhance security (known as multi-factor authentication). See also 'Soft token'. Hybrid cloud services
A cloud computing service that is composed of some combination of private, public and community cloud services, from different service providers. (Gartner) Identity management
The process of controlling information about users on computers, including how they authenticate and what systems they are authorized to access and/or what actions they are authorized to perform. It also includes the management of descriptive information about the user and how and by whom that information can be accessed and modified. Managed entities typically include users, hardware and network resources and even applications. IDS
An intrusion detection system (IDS) is a hardware or software product that gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organizations) and misuse (attacks from within the organizations). (NISTIR 7298r2 Glossary of Key Information Security Terms) Incident management
Refer to 'Cyber security incident management'. Incident management plan
The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an organization's information system(s). Also Refer to 'Cyber security incident management'. (NISTIR 7298r2 Glossary of Key Information Security Terms) Incineration
A method of media and device destruction using high heat. Indicator of compromise
A forensic artifact or remnant of an intrusion that can be identified on a host or network. (RSA) Integrity
Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. (NISTIR 7298r2 Glossary of Key Information Security Terms) IPS
An intrusion prevention system (IPS) can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets. (NISTIR 7298r2 Glossary of Key Information Security Terms) Irreversibly delete
See 'Secure erase' Jailbreaking
A form of privilege escalation that removes software restrictions imposed by the software manufacturer and often results in unlimited privileges on the device. Key performance indicator
A type of performance measurement that evaluate the success of an organization or of a particular activity in which it engages. Numerical threshold(s) are typically used to categorize performance. Key risk indicator
A measure used to indicate the probability an activity or organization will exceed its defined risk appetite. KRIs are used by organizations to provide an early signal of increasing risk exposures in various areas of the enterprise. Likelihood
A weighted factor based on an analysis of the probability that a given threat is capable of exploiting a given vulnerability. Malware
A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim's data, applications, or operating system or of otherwise annoying or disrupting the victim. (NISTIR 7298r2 Glossary of Key Information Security Terms) MDM
Mobile device management (MDM) is an industry term for the administration of mobile devices. Member organization
Organizations affiliated with SAMA. Mobile device
Portable cartridge/disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards or drives that contain nonvolatile memory).
Portable computing and communications device with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices). (NISTIR 7298r2 Glossary of Key Information Security Terms)
Multi-factor authentication
Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). (NISTIR 7298r2 Glossary of Key Information Security Terms) NIST
The (U.S.) National Institute of Standards and Technology (www.nist.gov) Non-repudiation
Protection against an individual falsely denying having performed a particular action. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. (NISTIR 7298r2 Glossary of Key Information Security Terms) Patch
An update to an operating system, application, or other software issued specifically to correct particular problems with the software. (NISTIR 7298r2 Glossary of Key Information Security Terms) Patch management
The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. (NISTIR 7298r2 Glossary of Key Information Security Terms) PBX
A private branch exchange (PBX) is a telephone exchange or switching system that serves a private organization and performs concentration of central office lines and provides intercommunication between a large number of telephone stations within the organization. PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary cyber security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. Penetration testing
A test methodology in which assessors, working under specific constraints and optionally using all available documentation (e.g., system design, source code, manuals), attempt to circumvent the security features of an information system. (NISTIR 7298r2 Glossary of Key Information Security Terms) Personal devices
Devices, like a smart phone, that are not owned or issued by the organization. Physical security
The physical protection of facilities that host information assets against intentional and unintentional security events. PIN
A password consisting only of decimal digits. (NISTIR 7298r2 Glossary of Key Information Security Terms) Privileged account / access
An information system account with approved authorizations to perform security- relevant functions that ordinary users are not authorized to perform. (NISTIR 7298r2 Glossary of Key Information Security Terms) Proxy server
A server that services the requests of its clients by forwarding those requests to other servers. It directs and filters connections between networks. See also ‘Gateway server’. Public cloud service
Services that are rendered over a network that is open to the public. Public cloud providers own and operate the infrastructure at their data center and access is generally via the Internet. Red-teaming
An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization. Resilience
The ability to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs. Risk
A measure of the extent to which an organization is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (NISTIR 7298r2 Glossary of Key Information Security Terms) Risk appetite
The amount and type of risk that an organization is willing to take in order to meet their strategic objectives. Also refer to 'Risk tolerance'. (ISO/Guide 73:2009 Risk management — Vocabulary) Risk profile
A description of any set of risks that relate to the whole organization, part of the organization, or as otherwise defined. The risk profile will outline the number of risks, type of risk and potential effects of risks. (ISO/Guide 73:2009 Risk management — Vocabulary) Risk register
Risk register is a table used as a repository for all risks identified and includes additional information about each risk, e.g. risk category, risk owner, and mitigation actions taken. Risk tolerance
The acceptable variation relative to performance to the achievement of objectives. Also refer to 'Risk appetite'. (COSO Internal Control — Integrated Framework) Risk treatment
A process to modify risk that can involve avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; taking or increasing risk in order to pursue an opportunity; removing the risk source; changing the likelihood; changing the consequences; sharing the risk with another party or parties; and retaining the risk by informed decision. Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk elimination”, “risk prevention” and “risk reduction”. Risk treatments can create new risks or modify existing risks. (ISO/Guide 73:2009 Risk management — Vocabulary) Risk-aware culture
The shared values, beliefs, knowledge, attitudes and understanding about risk within an organization. In a strong risk culture people proactively identify, discuss and take responsibility for risks. (Institute of Risk Management) Root-cause analysis
A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks. (NISTIR 7298r2 Glossary of Key Information Security Terms) Sandboxing
A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. (NISTIR 7298r2 Glossary of Key Information Security Terms) Scrubbing services
A service that analyzes an organization's network traffic and removes malicious traffic (DDoS, known vulnerabilities and exploits). SDLC
A system development lifecycle (SDLC) describes the scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation. (NISTIR 7298r2 Glossary of Key Information Security Terms) Secure coding standard
A document that describes a uniform set of rules and guidelines for developing computer software that protects against the accidental introduction of security vulnerabilities. Examples includes OWASP's Secure Coding Practices and the Software Engineering Institute's Secure Coding Standards. Secure disposal
The disposing of equipment and media that minimizes the risk of unwanted disclosure. See also 'Secure erase', 'Secure wiping', 'Incineration', and 'Double crosscut'. Secure erase
An overwrite technology using a firmware-based process to overwrite a hard drive. (NISTIR 7298r2 Glossary of Key Information Security Terms) Secure wiping
Refer to 'Secure erase'. Security architecture
Refer to 'Cyber security architecture'. Security control
Refer to 'Cyber security control' Security testing
Examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. (NISTIR 7298r2 Glossary of Key Information Security Terms) Sensitive information
Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the organizational affairs, or the privacy to which individuals are entitled. Additionally, sensitive information is the information deemed sensitive according to the organizational data classification policy (see 'Data classification'). (NISTIR 7298r2 Glossary of Key Information Security Terms) SIEM
A security information and event management (SIEM) tool is a system that provides the ability to gather security data from information system components and presents that data as actionable information via a single interface. (NISTIR 7298r2 Glossary of Key Information Security Terms) SLA
A service level agreement (SLA) defines the specific responsibilities of the service provider and sets the customer expectations. (NISTIR 7298r2 Glossary of Key Information Security Terms) SOC
A security operations center (SOC) is a specialized location (and team) where security-related data from enterprise information systems (e.g., web sites, applications, databases, servers, networks, desktops and other devices) is monitored, assessed and actioned. The SOC is often dedicated to the detection, investigation and potential response to indicators of compromise. The SOC works closely with, and disseminates, collated security-related information to other areas of the organization (e.g., the cyber security function, incident management team and IT service owners). Soft token
A soft token (a.k.a. a virtual token) is a software version of a hard token. Soft tokens are typically generated by a central server that runs security software and sent to users' devices. Some hard tokens are used in combination with other security measures to further enhance security (known as multi-factor authentication). See also 'Hard token'. Strategy
Refer to 'Cyber security strategy'. Threat
Refer to 'Cyber security threat' Threat intelligence
Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. (Gartner) Threat landscape
1. An overview of threats, together with current and emerging trends. 2. A collection of threats in a particular domain or context, with information on identified vulnerable assets, threats, risks, threat actors and observed trends. (ENISA) Token
Something that the user possesses and controls (typically a key or password) that is used to authenticate the user's identity. (NISTIR 7298r2 Glossary of Key Information Security Terms) Vendor management
The practice of ensuring that third-party service providers adhere to the same information security standards that an organization must comply with and includes periodic security assessments. Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (NISTIR 7298r2 Glossary of Key Information Security Terms) Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Also refer to 'Vulnerability'. Page Not Available
This Page is Currently not available
All Circulars
Compliance of Financial Institutions with the Circulars Issued by SAMA
Based on the supervisory and regulatory role of the Saudi Central Bank (SAMA) over the financial institutions under its oversight, and in its effort to promote transparency and educate those dealing with financial institutions, the public, and those interested in the regulatory and supervisory instructions issued by SAMA.
We would like to inform you about the launch of the "SAMA Circulars Portal," where SAMA aims to provide the circulars issued by SAMA to the public, interested parties, and specialists to achieve a high level of transparency and enhance financial awareness.
SAMA also asserts that this portal does not absolve any financial institution from the obligation to comply with SAMA's instructions that are sent to financial institutions through official written correspondence or the official email of the administrative units of SAMA.
Approval of Companies Articles of Incorporation and its Amendments
Reference is made to the Ministry of Commerce’s letter No. (41/33380) dated 04/03/1443AH, regarding the approval of companies’ articles of incorporation and its amendments, through which the Ministry seeks to ease and facilitate the procedures for establishing companies and any amendments that may occur to it, in line with the provisions of the Companies Law.
Accordingly, we inform you that the Ministry will approve the articles of incorporation and its amendments while clarifying that the shareholders will bear the responsibility for what is submitted and shall be obligated to it, in accordance with the Companies’ Law.
In this regard, SAMA emphasize that companies operating within the Insurance sector shall comply with the relevant regulations and instructions issued by SAMA.
Articles of Association Form of Insurance Companies
This section is currently available only in Arabic, please click here to read the Arabic version.Audit committee regulation for insurance and reinsurance companies - 21 10 2015
This section is currently available only in Arabic, please click here to read the Arabic version.Part 1: Introduction
First: Purpose
- This Regulation enumerates SAMA’s requirements in terms of organizing Audit Committees' activities in Insurance and/or Reinsurance Companies.
- The objective of this Regulation is to compel Insurance and/or Reinsurance Companies to apply high standards to Audit Committees' activities.
- Insurance and/or Reinsurance Companies shall comply with this Regulation in conjunction with the Supervision of Cooperative Insurance Companies Control Law promulgated by Royal Decree M/32 dated 2/6/1424 H and its Implementing Regulations, and the Insurance Corporate Governance Regulations and the Requirement for Appointments to Senior Positions in Financial Institutions Supervised by the Saudi Arabian Monetary Authority and relevant Laws, Regulations, Instructions and Decisions.
Second: Definitions
Without prejudice to the provisions of article one of the Implementing Regulations of Supervision of Cooperative Insurance Companies Control Law, the following terms used in this Regulation shall have the meanings shown below unless the context otherwise requires:
a. SAMA: Saudi Arabian Monetary Authority. b. Regulation: The Audit Committee Regulation in Insurance and/or Reinsurance Companies. c. Company or Companies: Insurance and/or Reinsurance Companies. d. Board of directors: Board of Directors of the Insurance and / or Reinsurance Company. e. Senior Management: the Managing Director, Chief Executive Officer, General Manager, and their deputies; Chief Financial Officer; Managers of key departments; and officers of Risk Management, Internal Audit, and Compliance Departments, and in addition to occupants of any other positions determined by SAMA. f. Audit Committee (The Committee): an independent committee that reports directly to the Company’s Board. The committee's mandate includes monitoring the performance and implementation of the internal control systems of the Company, ensuring the effectiveness and efficiency of those systems, verifying the implementation of internal control decisions and actions, and ensuring compliance with the Supervision of Cooperative Insurance Companies Control Law and its Implementing Regulations, other applicable Laws, Regulations, and Instructions in addition to the requirements set forth in this Regulation. g. Compliance Control Department (Compliance Department):an independent department that reports to the Audit Committee and administratively to the Chief Executive Officer (CEO). Its mandate is to ensure the Company’s compliance with the laws, regulations, instructions issued by SAMA and the other Regulatory Bodies. The department submits, to the audit committee, reports on the company’s violations of the Laws, Regulations, and Instructions. This definition applies to the Compliance Officer. h. Internal Audit Department: an independent department that reports to the Audit Committee and administratively to the Chief Executive Officer (CEO). Its mandate is to set the audit action plan for the Company, to monitor the Company’s performance through evaluating and verifying the operations to ensure that there are no financial or non-financial violations of the Company’s bylaws, to ensure the compliance with the internal control systems, to ensure effectiveness and efficiency of those systems, and to verify the implementation of internal audit decisions. The department submits its reports to the Audit Committee. This definition applies to the Internal Auditor.
Third: Scope
- This Regulation applies to Insurance and/or Reinsurance Companies and SAMA is entitled to compel any Insurance Service Providers to abide by this Regulation when it is necessary.
Fourth: Compliance requirements
- Companies must establish written procedures for internal control to ensure and monitor compliance with this Regulation. Companies shall also ensure compliance of contracted parties with this Regulation.
- Companies must maintain adequate records to demonstrate compliance with this Regulation, including but not limited to, the Audit Committee’s minutes of meetings, reports and recommendations.
Fifth: Non-Compliance
- Non-compliance with the provisions set forth in this Regulation will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulation and the licensing terms and may subject the Company to regulatory penalties.
Part 2 : General Provisions
First: Board of Directors Responsibilities
- The Board of Directors is fully responsible for the Audit Committee’s businesses in pursuance of the regulations and instructions under which the Company operates.
- The Board of Directors is responsible for ensuring the efficiency and effectiveness of the controls and financial reports and for safeguarding the assets of the Company.
Second: Board of Directors’ Obligations
Taken into consideration that the Audit Committee formed by the Board of Directors and delegated to carry out specific actions, therefore, the Board of Directors obligations shall include but not be limited to the following:
- The Board of Directors and senior management of the Company shall provide all that is required from them in order to facilitate the work of the Audit Committee, Internal Audit Department and Compliance Control Department.
- The Board of Directors shall ensure that the Company has in place an appropriate organizational structure, internal policies and regulations that must be periodically reviewed, and the system and methodology for reporting within the company on the different issues that fall within the remit of the Audit Committee.
- The Board of Directors shall formulate the responsibilities and functions of the Audit committee and incorporate them in the minutes of a board meeting, including the authority to investigate any activity within its terms of reference and have access to any information it may need.
- The Board of Directors shall select the Audit Committee members in accordance with Selecting Procedures of the Audit Committee’s members, manner in which the Audit Committee monitors its activities and the duration of the Audit Committee issued by the General Assembly upon a recommendation of the Board. In addition, the Board of Directors shall fix their duration terms, schedule their rotations and ensure their meetings are held on a sufficient periodic basis.
- The Board of Directors shall follow up the Audit Committee's work, ensure that it performs its assigned responsibilities and duties and discuss relevant issues with it, including reports prepared by the Audit Committee. The Board shall also ensure that the Audit Committee follow up with the local and international developments in accounting standards.
- The Board of Directors shall ensure that the Audit Committee plays an oversight and supervisory role and does not exercise executive functions or make administrative decisions.
Part 3: Specific Provisions
First: Scope of Authority
- The Audit Committee is entitled to contact directly the Board of Directors, senior management of the Company, all employees, committees, and legal advisors, internal and external auditors in the Company’s Head Office and/or branches and other parties related to the Company. It may also review all private and confidential records and documents necessary to perform its activities. The Audit Committee also has the right to seek the assistance of any external consultant to do specific tasks in order to assist it in performing its work.
Second: Confidentiality
- All Audit Committee’s members shall maintain the confidentiality of all the topics related to the Audit Committee’s activities, even after he/she vacates the Audit Committee membership.
Third: Conflict of Interests
- An Audit Committee’s member shall not have any direct or indirect interest in the Company’s business and contracts concluded by it.
- An Audit Committee’s member shall not take part in any business that might compete with the Company or trade in the activities performed by the Company. The Company has the right to claim indemnification for any losses caused by such business or act.
Fourth: Financial Transactions with the Company
- The Company shall not issue or renew any insurance policy for any of the Audit Committee’s members or parties related thereto before the full payment of the due premium. If any of the Audit Committee’s members submits a request for the payment of a claim under a policy issued to him or her by the Company, the claim should be treated in accordance with procedures and rules set forth by the company without any exception or preference. The Compliance Officer should be notified of any payment due to the member.
Part 4: Setting up the Audit Committee and Organizing its Activities
First: Committee Formation
- The Audit Committee shall be formed in accordance with Audit Committee’s Selecting Procedures, the duration of its term and the monitors of its activities that issued by the General Assembly upon a recommendation of the Board.
Second: Member Appointment and Term
- The Board of Directors, after obtaining SAMA’s written non-objection, shall appoint the Audit Committee's Chairman and members for a three-year term.
- The Board may renew the term of the Audit Committee or a member thereof for another three-year term for one time only.
- The Board may appoint new Audit Committee members in case of electing a new Board of Directors after obtaining SAMA’s written non-objection.
- SAMA is entitled to withdraw its non-objection of any member or members of the Audit Committee in case of any violation by any of them of the provisions of this Regulation, the Supervision of Cooperative Insurance Companies Control Law and its Implementing Regulation and any relevant Regulations or Instructions, and take actions it deems appropriate against the Company and the persons concerned.
- The Board of Directors, after obtaining SAMA's written non-objection, may dismiss an Audit Committee member if he or she ceases to satisfy membership terms or violates the provisions of this Regulation, the Supervision of Cooperative Insurance Companies Control Law and its Implementing Regulation or any relevant Regulations and Instructions.
- An Audit Committee member has the right to resign, after providing the resignation request to the Board one month before its resignation becomes effective. The Company shall notify SAMA in writing of the resignation of a member of the Audit Committee and the reasons thereof and provide SAMA with a copy of the resignation request within five (5) working days from the date of the resignation.
- An Audit Committee member shall be deemed resigned if he or she fails to attend any meetings of the Audit Committee for more than three consecutive times without presenting an excuse acceptable to the Board.
- If there is a vacant seat in the Audit Committee during the membership term, the Board, after obtaining SAMA’s written non-objection, shall appoint another member within a month of the vacancy date to fill the vacant position. The new member shall complete his or her predecessor’s term.
The membership of an Audit Committee member shall terminate automatically upon the occurrence of any change that would breach the membership's terms set forth in this Regulation or any other Regulations,
Instructions or Decisions issued by SAMA. The Audit Committee member shall immediately inform the Company in writing upon the occurrence of such a change and he/she shall not attend any meeting of the Audit Committee held after the date of the change.
Third: Membership Organization
- The Audit Committee shall consist of at least three members and at most five members, the majority of which shall be from outside the Board.
- The Audit Committee members shall not include the Company’s executives, employees, or consultants.
The Audit Committee members shall not include board members, executives, employees, consultants, representatives of any parties connected to the Company, including but not limited to:
a. Major shareholders and founders.
b. External auditors.
c. Suppliers.
d. The Company’s customers.
e. The legal persons who have first-degree relationships with the Company’s Board of Directors or executives or have any
financial or business relationship therewith.
- An Audit Committee member shall not be a member of a Board or an Audit Committee of any other company operating in the insurance sector in the Kingdom of Saudi Arabia.
- The Audit Committee member shall not be one of the executive members of the Board.
- The Audit Committee member nominated for membership shall be independent.
- No Audit Committee Member shall simultaneously serve on the audit committees of more than four public companies.
- The Board shall ensure that the members of the Audit Committee are appropriately qualified to discharge their responsibilities. At least two Audit Committee members, including the AC Chairman, have recent and relevant accounting or financial management expertise or experience.
Fourth: Appointing the Chairman and the Secretary of the Committee
- The Board of Directors shall, after obtaining SAMA’s written no-objection, shall appoint one of the Audit Committee’s members as a Chairman thereof.
- The Chairman of the Board shall not be a member or Chairman of the Audit Committee.
- The Chairman of the Audit Committee shall not be related to the other members of the Board or have any financial or business relationship with any members of the Board.
- The Chairman of the Audit Committee of the Board shall not have a relationship with Senior Management of the company that could affect his independence.
- The Audit Committee shall appoint a Committee Secretary from the Company's staff to handle its administrative tasks, prepare meeting minutes and ensure that its Chairman signs these minutes, and schedule the Audit Committee’s meetings in coordination with its Chairman.
- The Audit Committee Secretary must document and keep meeting minutes in a special register.
- The Secretary of the Audit Committee shall not be a Secretary of any other board committee.
Fifth: Committee Members’ Remuneration
- Every member of the Audit Committee shall be eligible for remuneration for each Committee meeting attended. The amount of such remuneration shall be determined under a policy approved by the Board of Directors and shall be reasonable in comparison with the board members' remuneration.
- The Secretary of the Audit Committee shall be eligible for remuneration for carrying out his or her functions for each Committee meeting. The amount of such compensation shall be determined by a decision issued by the Board of Directors.
Sixth: Committee’s Tasks
The tasks of the Audit Committee shall include but not be limited to the following:
a. Recommending to the Board to approve the appointment or reappointment of external auditors. This may include ensuring that the nominated external auditors have the necessary experience in auditing Insurance and/or Reinsurance Companies. b. Appointing or dismissing the head of the Compliance Control Department or the Compliance Officer after obtaining SAMA’s written non-objection. c. Appointing or dismissing the head of the Internal Audit Department or the Internal Auditor after obtaining SAMA’s written non-objection. d. Ensuring the independence of external auditors from the Company, the Board members and the senior management of the Company. e. Ensuring the independence of the internal audit department or the internal auditor in performing their tasks, and ensuring that there are no restrictions on their scope of work or any impediments that might negatively affect their work. f. Ensuring the independence of the Compliance Control Department or the Compliance Officer in performing their tasks, and ensuring that are no restrictions on their scope of work or any impediments that might negatively affect their work. g. Discussing the annual and interim quarterly financial statements with the external auditors and the Company's Senior Management before the issuance thereof. h. Reviewing and auditing annual and interim quarterly financial statements and making recommendations thereon for the Board. i. Reviewing the audit plan of the internal and external auditors. j. Reviewing, approving, and monitoring the implementation of the compliance plan. k. Reviewing critical accounting policies and procedures as well as the modifications that might be introduced thereto. l. Coordinating between internal and external auditors. m. Reviewing the external auditors' reports and making recommendations thereon for the Board. n. Reviewing the reports of the Internal Audit Department or the Internal Auditor and submitting the related recommendations to the Board. o. Reviewing the reports of the Compliance Control Department or the Compliance Officer and making recommendations thereon for the Board. p. Assessing the efficiency, effectiveness and objectivity of work performed by the external auditors, the Internal Audit Department or the Internal Auditor, and the Compliance Control Department or the Compliance Officer. q. Reviewing the comments of SAMA and other relevant supervisory and control entities related to any regulatory violations or corrective actions requested and making recommendations thereon for the Board. r. Reviewing the internal and external auditors' assessment of internal control procedures. s. Reviewing intra-group transactions and related parties transactions. t. Reviewing the Actuary reports and making recommendations thereon for the Board. u. Ensuring the Company's compliance with the Actuary’s proposals and recommendations, where these are mandatory and required by Regulations or SAMA’s instructions. v. Following-up the reports issued by SAMA and other relevant supervisory and control entities and making recommendations thereon for the Board. w. Determining the monthly salary, bonus and other remuneration of the Internal Audit Department or the Internal Auditor in accordance with the Company’s internal by-laws approved by the Board. x. Determining the monthly salary, bonus and other remuneration of the Compliance Control Department or the Compliance Officer In accordance with the Company’s internal by-laws approved by the Board. y. Ensuring the Company has a written code of conduct duly approved by its Board of Directors to ensure that the Company’s activities are conducted in a fair and ethical manner. z. Following-up on the important lawsuits filed by or against the Company and submitting periodic reports thereon to the Board. aa. Ensuring the optimal use and controls of information technology necessary to generate accurate and reliable information and data are in place.
Seventh: Committee’s Responsibility
- The Audit Committee members are accountable to SAMA, the Company’s shareholders and the Board for implementing the provisions of this Regulation and executing the Audit Committee’s action plan issued by a Board's decision.
- The committee members should, while performing their tasks, give priority to the company’s interest against any other considerations that might affect their work or decisions.
Eighth: Committee’s Meetings
- The Audit Committee meetings shall not be held without the presence of at least half of its members.
The Audit Committee shall meet at least six times a year, include an annual meeting with the Board of Directors. The Audit Committee is entitled, if the need arises, to hold other meetings in response to any of the following cases including but not limited to:
a. Upon the request of the Chairman of the Board.
b. Cases in which the External Auditor, Internal Auditor, Compliance Officer or Actuary requests a Committee meeting due to reason that requires so.
c. Meetings on other issues such as:
- Financial and audit issues
- Compliance issues
- Conflicts of interest
- Professional and ethical codes of conduct
Ninth: Committee’s Decisions
- The Audit Committee’s decisions shall be determined by the majority of the members’ votes. In case of equal votes, the Committee’s Chairman shall have the casting vote, provided that the Audit Committee’s Secretary shall record the views of all sides in the meeting minutes.
- Voting on the Audit Committee’s decisions on behalf of, or by proxy from, any other member is not allowed.
Tenth: Committee’s Meetings Attendance
- The Audit Committee is entitled to invite, if the need arises, whomever it deems relevant from inside or outside the Company to attend its meetings.
Eleventh: Audit Committee Action Plan
- The Audit Committee shall develop its charter that shall be approved by the Board’s decision. This charter shall include the Audit Committees’ rules, responsibilities and obligations. In addition, the Audit Committee shall develop a detailed annual action plan that includes the key topics to be discussed during the year and meeting dates.
Twelfth: Committee Connection with the External Auditors
The relevant issues between the Audit Committee and the external auditors shall include as a minimum:
a. Key amendments made by the Company to its accounting policies. b. Material conflicts with the management regarding any issue pertaining to the safeguarding of invested assets. c. Violations of Laws, Regulations and Instructions issued by the supervisory and control entities or non-compliance with the Company’s policies and procedures. d. Comments of other auditors (of external, non-Saudi Arabian, branches) on accounting procedures, reports and professional conduct. e. Deficiencies in the general structure and performance of internal control systems. f. Material errors in financial statements. g. Management decisions and the basis on which the external auditors relied to validate critical accounting estimates, such as technical provisions and reserves. h. Accounting principles and standards and disclosure decisions related to extraordinary transactions. i. Adequacy of technical provisions and reserves set by the Actuary. j. Actuary’s Reports relevant to the Financial Statements. k. Any major problems in dealing with the management that affected the working of the audit. l. Internal control and the assessment of the Company’s assets and solvency. m. Any other issues that the committee is aware of and falls within its responsibilities. n. Any amendments introduced to the audit scope and the reasons thereof. o. Reviewing letters to management prepared by the external auditors and the Company's management comments thereon.
Clarification of Circular No. (60/201503) Regarding the Non Obligatory of Photocopy or Retaining Personal Documents of Citizens
This section is currently available only in Arabic, please click here to read the Arabic version.Compliance With CRS Report Requirements
This section is currently available only in Arabic, please click here to read the Arabic version.Contents of the Insured Field
This section is currently available only in Arabic, please click here to read the Arabic version.Follow Up to the Boards of Directors of Insurance Companies on Technical Provisions
This section is currently available only in Arabic, please click here to read the Arabic version.GDBC-161000000173-1416H
The Office of The Governor
No. 4369/BC/173
Date: 3-4-1416 H
Attachments : 3
Circular to all Local Banks & SAMA Branches
HE The Manager
Greetings,
Reference to the Upgraded Clearing System applied in all SAMA branches in Riyadh, Jeddah and Dammam, and further to circulars No. BC/108, dated 6/3/1415 H and No. 2820/BC, dated 2/3/1415 H, and pursuant to the agreement with all local banks at the meeting of the Banking Operations Managers Committee on 3/4/1995 A.D, The amendment of the regional clearing system (Transfer time) is hereby approved, whereby transfer time of all checks drawn at regional cities (Riyadh, Jeddah and Dammam) or at other cities shall become zero, as of Saturday 7/4/1416 H. (2/9/1995 A.D.) in accordance with the attached procedures.
For your info and acting accordingly
Regards,
The Governor
Hamad S. Al-Sayari
GDBC-161000000253-1416H
Banking Control
No.: 6496/BCP/253
Date: 21-5-1416 H
Circular to All Banks Operating in The Kingdom
Greetings,
SAMA was informed that some local bank branches are cashing the salaries of some government employees through checks that carry the seal of the government agency but not signed by hand.
Since this action is in violation of our circular No. 12655/BC/633 dated 21-10-1415 H. which states in the 4th paragraph that 'commercial banks ought not to accept any check that carries a single signature or seal and is not signed by hand', SAMA would like you to comply with this circular and notify all your branches to act accordingly.
Regards,
Assistant Director General of Banking Control
M. A. Nashar
GDBC-161000000274-1416H
GDBC-161000000951-1416H
Deputy Governor
No. 4132/BC/951
Date : 27/3/1416 H
Attachment : 1
Circular to All Local Banks
Greetings,
Subj.: Consolidation of your SAMA Accounts
In preparation for the implementation of the Electronic Funds Transfer system, agreement has been reached at the Bank Operations Officers Committee to implement the following :
- Close all your current accounts at the SAMA branches on Thursday 14 September 1995 A.D. at the end of the work day. Banks will transfer all their balances to one account at the SAMA Head Office.
- Instruct your Regional Offices to reconsolidate your account with our SAMA Branches. All claims must be settled within 15 days of receiving your account statement. If no claims are brought forward, the balances will be final.
- All correspondence and instruction relating to your account at SAMA Head Office should be addressed to Government Accounts Department (Bank Account Section) starting from Saturday, 16 September 1995 A.D.
- Provide Government Account Department, Bank Account Section at SAMA Head Office a list of authorized names at signatures of each your Regional Office specifying maximum amount that each Regional Offices can transact at each of the SAMA branches.
- Cash withdrawal transactions from your SAMA account must be by cheques drawn on your account at SAMA Head Office and within the authorized limit of your Regional Offices.
- All government revenues collected by your Banks and deposited at SAMA branches should be via cheques drawn on your consolidated account at SAMA Head Office. These cheques should be accompanied by a letter stating the type and revenue collecting government agency and beneficiary.
- All cash deposits at SAMA Branches will be credited to your consolidated account after inspection and count.
All government cheques presented to the SAMA Branches will be cleared through the clearing house.
Please follow the above.
Best regards,
Deputy Governor
Jammaz Al Suhaimi
GDBC-191000000320-1419H
Banking Control
No.: 7764/BCL/320
Date: 1-6-1419 H
Circular to All Banks Operating in The Kingdom
Greetings,
SAMA has received a copy of the circular letter of HE the Minister of Finance and National Economy No. 3/5338 dated 16-5-1419H, attached thereto a copy of a circular from HRH the Minister of Interior No. A/5180/2 dated 8-5-1419H, which forbids the printing of any booklet or poster that contains the map of the Kingdom or information about its borders with neighboring countries without the approval of the Ministry of Interior (the Coast Guard).
Please be informed, comply and notify your branches accordingly.
Regards
Vice Governor
Dr. M. S. Al-Jasir
Investment Regulation
Part 1: Introduction
Purpose
- This Code presents the general principles and standards that should be met by insurance companies, including branches of foreign insurance companies, and reinsurance companies licensed by SAMA to manage their investments.
- The objective of This Code is to promote high standards of investment practices within the insurance industry in accordance with the best international practices.
- This Code must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and other regulations and instructions issued by SAMA, particularly articles 21, 59, 60, 61, 62, and 65 The Risk Management Regulation, The Code of Corporate Governance, and The Outsourcing Regulation.
Definitions
The term “Company” or "Companies" used in This Code is intended to include insurance and reinsurance companies.
The term “investment policy” used in This Code is intended to include any written document that governs the Company's investment operations and the methods of managing its
investment portfolio.The term “investment activities” used in this code stands for providing consultation particularly on the company's investment policy, implementing the investment activities and transactions, managing asset allocations and custodian activities on behalf of the company.
The term “investment companies” used in this code stands for investment companies licensed by CMA handling all or part of the insurance and reinsurance's investment activities.
The term “ALM” used in this code stands for Asset Liability Management and is intended to include the ongoing process of formulating, implementing, monitoring and revising strategies related to assets and liabilities in order to achieve an organization's financial objectives, given the organization's risk tolerances and other constraints. The rest of the terms used in This Code shall have the same meaning as per article (1) of the Implementing Regulation and the terms included in the other regulations mentioned in article (3) of This Code.
Scope and Exemptions
This Code applies to insurance and reinsurance companies.
Compliance Measures
- Companies must establish appropriate internal controls and procedures to ensure and monitor compliance with This Code, including the compliance of all related counterparties.
- Companies must maintain adequate records to demonstrate compliance with This Code, including but not limited to the investment policy and investment agreements.
- Companies shall adopt an investment policy that complies with the Law on Supervision of Cooperative Insurance Companies, its Implementing Regulations and all other related regulations mentioned in article (3) part 1 of this regulation.
- Companies should seek SAMA's approval of their investment policy and any material changes that might apply to it.
- Companies' investment policy must be consistent with their internal risk management guidelines, business plans and strategic objectives.
Non-Compliance
- Non-compliance with the requirements set forth in This Code will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and licensing conditions and may subject companies to enforcement action
- The company should promptly inform SAMA of any circumstances that may restrict their ability to adhere to the requirements set herein.
Structure of This Code
- The Investment requirements are outlined in Parts 2, 3, 4, and 5 of This Code:
- Part2: Investment Policy Requirements.
- Part3:Organizational and Administrative Requirements.
- Part 4: Technical Requirements.
- Part 5: Compliance and Control Requirements.
- The Investment requirements are outlined in Parts 2, 3, 4, and 5 of This Code:
Part 2: Investment Policy
Section A: Investment Policy Contents
- Companies should submit to SAMA for approval an investment policy detailing the following:
- Definition of a strategic investment policy by the Board of Directors, based on an assessment of the risks incurred by the Company and its risk appetite.
- The role of the Board, investment committee and senior management in overseeing, and being accountable for, investment activities.
- Comprehensive, accurate and flexible systems which allow the identification, measurement and assessment of investment risks, and the aggregation of those risks at various levels.
- Key control structures, such as the segregation of duties, approvals, verifications, and reconciliations.
- Adequate procedures for the measurement and assessment of investment performance.
- Procedures for adequate and timely communication of information on investment activities between all appropriate levels within the Company.
- Procedures to identify and control the dependence on and vulnerability of the Company to key personnel and systems
- In addition to article (14), the investment policy, which should be communicated to and understood by all staff involved either directly or indirectly in the investment activities, should in principle address the following main elements:
- The determination of the strategic asset allocation, that is, the long-term asset mix over the main investment categories.
- The establishment of limits for the allocation of assets by geographical areas, markets, sectors, counterparties and currencies.
- Identification of asset classes that may be managed actively and those where only passive implementation is permitted.
- The extent to which the holding of some types of assets is ruled out or restricted where, for example, the disposal of the asset could be difficult due to the illiquidity of the market or where independent (i.e., external) verification of pricing is not available.
- Investment performance measurement by applying bench mark to each asset class invested.
- The investment policy shall assign personnel responsible for implementing, conducting, monitoring, controlling and reporting investment activities. The Company shall make sure that these personnel are qualified and experienced.
- Companies should submit to SAMA for approval an investment policy detailing the following:
Section B: Investment Policy Requirements
- SAMA requires Companies to recognize the range of risks that they face and to assess and manage them effectively, as outlined in the Risk Management Regulation.
- Companies should ensure that their investment management policies and risk control systems are appropriate to the complexity, size and nature of their business.
- Companies' systems need to provide accurate and timely information on investment and risk exposures and be capable of responding to ad-hoc requests, if needed. Companies' employees responsible of investment activities should be qualified and competent to successfully execute the investment policy.
- Companies conducting mixed insurance operations, protection and savings, in addition to general and health activities, are required to have
different investment objectives and strategies appropriate for both classes of business, as well as different books for each of them. - The investment policy shall segregate policyholders' funds from shareholders' funds since each fund is classified by different objectives and targets. Each fund will have its own strategic asset allocation target that reflects each fund's objectives and risk tolerance. The objective of policyholders' fund is to ensure appropriate level of liquidity and protect policyholder interest in terms of ability to meet liabilities; while the objective of shareholders' fund is to ensure the business meets the minimum level of capital requirement and ensure the business is achieving its strategic targets set by the shareholders and is aligned with the business plan of the Company.
- The investment policy should foster transparency and coordination among the Company's departments regarding investment issues such as reporting liquidity and operating matters.
Part 3: Organizational & Administrative Requirements
Section A: Responsibility and Authorities
General Requirements
- The Company should disclose qualitative information on investment objectives, policies and practices that allows regulators to form an impression of the broad risk and return behavior of its asset portfolio. Such disclosure should include:
- General investment strategy and objectives including an explanation of the rationale for asset allocation, investment horizon and asset- liability management.
- Performance management including an explanation of the frequency and types of measurement used and methods adopted to monitor performance.
- Types of instruments used, business rationale and risks underlying their usage.
- The approach to risk tolerance and methods used to reduce and/or mitigate investment risks, including any constraints imposed on exposures to investment risks.
- Companies which decide not to directly manage the investment operations should outsource their investment functions to external investment manager(s) licensed by its supervisory bodies. Companies should describe their outsourcing policy and maintain control, ownership, and oversight over the outsourced portfolio by following a preset delegation matrix.
Companies should understand and enforce the role of specialists involved in the structure and management of the investment policy. The determination of collaboration between the actuary and the outsourced investment manager should be defined where the actuary is responsible for the following:
- Modeling asset and liability match.
- Liability profile and claim behavior.
- Modeling business plan and cash flow.
- Testing the impact of volatility and fluctuation.
- Assessing risk and risk budget.
Whereas the investment manager should be responsible for:
- Integrating the actuary's models to the objective of the investment policy.
- Providing data to allow decisions to be reached efficiently and accurately.
- Providing market views and recommendations.
- Implementing the investment policy within investment guidelines provided by Investment Committee and approved by the Company's Board of Directors.
- Providing full analysis of investment performance, risk and return dimensions on a regular basis.
- The Company through its investment committee and management team should establish technical standards for its investment activities approved by the Board of Directors.
- The Company should disclose qualitative information on investment objectives, policies and practices that allows regulators to form an impression of the broad risk and return behavior of its asset portfolio. Such disclosure should include:
Board's Responsibilities
- The Board of Directors shall be responsible for the approval of the investment policy, taking into account the analysis of the asset/liability relationship, the Company's overall risk tolerance, its long-term risk-return requirements, its liquidity requirements and its solvency position.
- The Board of Directors shall also be responsible for approving policies on related issues of a more operational nature, including:
- The criteria for selection of the external investment manager(s).
- The selection and use of partners and brokers.
- The nature of custodial arrangements.
- The methodology and frequency of the performance and investment risk measurement and analysis.
- The Board of Directors should authorize the investment committee and the senior management to formulate the investment policy, review it and implement the overall investment activities. The Board of Directors must, however, always retain ultimate responsibility for the Company's investment policy and procedures, regardless of the extent to which associated activities and functions are delegated or outsourced.
- As part of the development of the asset management strategy, the Board of Directors must also ensure that adequate reporting and internal control systems of the Company are in place, and designed to monitor that assets are being managed in accordance with the investment policy, and legal and
regulatory requirements. This should be done by ensuring that:- They receive quarterly information, including feedback from the Company's risk management function, on asset exposures, and the associated risks. Data should be in a form which is understood by them and which permits them to make an informed judgment as to the level of risk on a mark-to- market basis.
- The systems provide accurate and timely information on asset risk exposure and are capable of generating ad-hoc requests.
- Remuneration policies are structured to avoid potential incentives for unauthorized risk taking.
- The Board of Directors must ensure that senior management is in a position to monitor the performance of the external investment manager(s) against Board approved policies and procedures.
- The Board of Directors should review on an annual base the adequacy of its overall investment policy in the light of the Company's activities, and its overall risk tolerance, long-term risk- return requirements, and solvency position.
Investment Committee Responsibilities
- The investment committee shall develop and assess the implementation of the Investment policy. It shall be reviewed and approved yearly by the Board of Directors before its
implementation and shall not be amended or updated without the approval of the Board of Directors. - The investment committee should be formed, upon the Board of Directors' approval, of independent and dependent members and should collectively have sufficient expertise to understand the important issues related to investment policy. The committee should also ensure that all individuals conducting and monitoring investment activities have sufficient levels of knowledge and experience.
- The investment committee shall formulate the investment policy and review the implementation of the investment activities on a quarterly basis. These activities includes but are not limited to:
- Reviewing the performance of each asset class.
- Monitoring the overall risks of the policy.
- Submitting a performance review report to the Board of Directors.
- Investment committee and senior management should prepare a written investment policy including risk limits and delegated authority, and recommend any changes for approval by the Board of Directors. All risk limits and exposures in the investment activities should be reviewed on a regular basis in order to verify their suitability for current market conditions and the Company's overall risk tolerance.
- The investment committee shall develop and assess the implementation of the Investment policy. It shall be reviewed and approved yearly by the Board of Directors before its
Executives Responsibilities
- The Company's senior management must implement the investment policy and its operational policies and procedures for implementing the overall investment policy established by the investment committee and approved by the Board of Directors. The precise content of the policy will be different for each insurance Company but the level of detail should be consistent with the nature of any regulatory constraint, and complexity and volume of investment activity.
- Supporting internal management procedures should be documented, they should include but not be restricted to:
- Procedures for seeking approval for the usage of new types of investment instruments. The desirability of retaining the flexibility to utilize new investment instruments should be balanced with the need to identify the risks inherent in them and ensure that they will be subject to adequate controls before approval is given for their acquisition. The principles for measuring such risk, and the methods of accounting for the new investments should be clarified in detail prior to approval being given for their acquisition.
- Procedures for the selection and approval of new counterparties and investment managers.
- Procedures covering front office, back office, measurement of compliance with quantitative limits, control and reporting.
- Details of the action which will be taken by senior management in cases of noncompliance.
- Valuation procedures for risk management purposes.
- Senior management should ensure that all individuals conducting, monitoring and controlling investment activities are suitably qualified and have appropriate levels of knowledge and experience.
- At least once per year, senior management should review the adequacy of its written operational procedures and allocated resources in the light of the insurance Company's activities and market conditions.
Section B: Delegation and Outsourcing
- Companies outsourcing their investment functions to external investment manager(s) should describe their outsourcing policy and maintain control, ownership, and oversight over the outsourced portfolio by following a preset delegation matrix.
- The Company can assign one or more external investment manager to be responsible for its investment activities. The investment manager shall:
- Oversee all investment transactions conducted on behalf of the Company.
- Analyze the market and provide an assessment of the investment climate.
- Investment managers should be engaged under an investment agreement that, inter alia, sets out the policies, procedures and quantitative limits of the investment policy. The Company must retain appropriate expertise and ensure that, under the terms of the agreement, it regularly receives sufficient information to evaluate the compliance of the external investment manager with the investment policy.
- The investment manager shall objectively ensure the solidity and safety of the Company's investment position during the implementation of the investment policy by:
- Designing a plan to control and limit losses specially for securities trading particularly.
- Abiding by the legal capital restrictions and profit transferring requirements of foreign countries in case of investments in those countries.
- Setting detailed monitoring and control policies as well as reporting processes.
- Once the Company has allocated the external investment manager(s), it shall make sure that a signed outsourcing agreement with the external entity(s) is submitted to SAMA for approval.
- The outsourcing agreement shall be reviewed by the Investment Committee, Risk Management Committee, Executive Committee, and Audit Committee and approved by the Board of Directors.
- The agreement with the external investment manager(s) shall ensure at minimum that:
- The external entity is professional and reputable and licensed by the Capital Market Authority. In case a foreign entity is engaged in part of the investment activities of an insurance company, the company should assure the foreign entity is licensed by the supervisory regulatory body.
- The agreement specifies the objectives and responsibilities of each party.
- The agreement specifies the risk management agreement between the contracting parties.
- The legal status of the external entity is clear, the financial position is sane and standards of professionalism are high.
- The agreement explicitly mentions the commission payments and service benefits of the external entity.
Section C: Reporting
- The Company should develop and implement controls and reporting procedures for its investment policies that are appropriate for its business and the risks to which it is exposed. These should be monitored closely and reviewed regularly.
- Regular and timely reports of investment activity should be produced describing the Company's
exposure in clearly understandable terms and including quantitative and qualitative information. Upward reporting by senior management to Investment Committee should at least be performed on a monthly basis. Reports should at least include the following areas:- Details of, and commentary on, investment activity in the period and the relevant period end position.
- Details of positions by asset type.
- An analysis of risk exposures.
- Details of any regulatory or internal limits breached in the period and the actions taken thereto.
- Planned future activity.
- Details of the relative position of assets and liabilities.
The Company should establish various reporting streams internally and to stakeholders generating information of its investment and asset allocations, and to be disclosed as listed hereunder:
For each asset class, the Company should disclose the following:
- Criteria for recognition as an asset.
- Criteria for classification into that asset class.
- Methods and assumptions used in measuring asset value.
- Significant terms and conditions that may affect the amount, timing and certainty of future cash flows.
- For each asset class that involves equities/ securities, the Company should show a breakdown of listed securities versus unlisted securities, the investment amount at purchasing the securities and their market value, their percentage representation in the portfolio, their unrealized gain/ loss, and their geographic basis.
For asset class that involves Sukuk or bond security, the Company should disclose:
- A breakdown by credit rating of the issue.
- A breakdown among government, semi-government and corporate securities.
- A breakdown by maturity, yield or write-downs if any.
For each asset class that involves property, the Company should disclose reports showing:
- A breakdown by properties according to whether they are held for investment or are owner occupied.
- A breakdown by types of properties (e.g., residential, commercial, etc.).
- A breakdown by geographical location.
For each asset class that involves dividends or funds receivables, the Company should disclose:
- A breakdown by types of counterparties (e.g., reinsurer, cedent, agent/ broker, etc.).
- A breakdown of the ageing of the receivables aggregated by time bands (It is recommended the following time bands be used: up to 3 months; more than 3 months and up to 1 year; and more than 1 year. Narrower time bands may be used where appropriate).
The Company should disclose historical cost of its assets, and the measure of market value and fair value of each type of investment asset.
- The Company should disclose the return on assets, dividends, yields, realized gain and loss, investment expense and any other type of income that is generated from each type of asset investment.
- In an annual reporting, the Company should not limit itself to stating only its exposures at the end of a reporting period. Instead, it should disclose the intra-period high, median, and low and the amount bought and sold during a reporting period as a proxy for turnover. In addition, it should have separate disclosure of risk exposures for each asset class.
Companies should submit to SAMA on a yearly basis some special reports describing the following:
- Statement of investments and income of investments.
- Assets in various funds (shareholders and policyholders' funds).
- Value of various funds (cost of investment, and market value).
- Dividends, yields and any gain or loss (realized or unrealized) for the period.
- Asset allocated from exited investment.
- Statement of nonperforming assets.
- Admissible and non admissible assets.
- The Company's investments future outlook and objectives.
- Any effects expected to impact the value of the investment performance.
SAMA may require the Company to submit supplementary statements and reports on top of the above listed requirements at any time.
Part 4: Technical Requirements
Section A: Technical Constraints
- It is prohibited to invest in derivatives, option contracts, hedge funds, deposits with foreign banks, private equity investments and any off-balance sheet instrument and should not be part of the Company's asset allocation, unless specifically approved by SAMA and based on efficient portfolio management justifications as per Article sixty-two (62) of the Implementing Regulations.
- The Company should conduct on a quarterly basis various testing and valuation analysis methods in order to analyze resilience of the asset portfolio to a range of market scenarios and
investment conditions, and the impact on the Company's solvency position. The policy should then include models of stress testing, scenario testing and sensitivity analysis to measure the fluctuation and volatility of changes in economical figures, security prices etc, and to be elevated to the investment committee. - Sukuk in general is considered a type of investments allowed for the Company to allocate, with no conflict with table (1) of the Implementing Regulation and equivalent to bonds, where the maximum limit of allocating Sukuk that are issued by local companies in which the Government (sovereign) has a significant ownership is 20%, and the solvency margin is equivalent to the Government's participation in capital.
- The investment policy should include efficient models to measure potential financial loss in the Company's investment portfolio or on the whole balance sheet. The policy should include an estimate of the worst expected loss over a certain period of time at a given confidence level to enable sustainability and stability of the business of the Company.
- The investment policy shall contain forms to provide sufficient information about each asset class which may include but may not be limited to:
- Criteria for classification into an asset class.
- Asset valuation methods.
- Important factors that might play a role in the amount and certainty of future cash flows generated by each asset class.
Section B: Asset Liability Management "ALM"
- The investment policy shall monitor the Company's asset-liability matching in its following two dimensions:
- Solvency dimension, where the Company ensures an excess of assets over its liabilities by a required amount relative to the size of the Company as market variables and credit risks fluctuate.
- Liquidity dimension, where the Company ensures the availability of enough funds to meet its financial obligations as they fall due.
- The investment policy shall include qualitative information explaining the appropriateness of the Company's investments in matching its liabilities.
- The fundamental steps in an ALM process are to:
- Set the Company's risk/ return objectives and assess policyholder claims.
- Identify all material risks arising from the Company's assets and liabilities and their interaction; analyze and assess the underlying causes of each risk and the relationships between risks and external factors.
- Apply business and professional judgment to the results in order to formulate and implement optimal ALM strategies and meet risk/return objectives.
- Monitor risk exposures and revise ALM strategies and modeling assumptions as appropriate.
- The Company should examine all risks requiring the coordination of its assets and liabilities. The ones that are significant in terms of their potential impact on economic value should be covered by an ALM framework. These may include, in whole or in part:
Market Risk:
و) Interest rate risk (including variations in market credit spreads).
ي) Equity, real estate and other asset value risks.
أأ) Currency risk.
ب ب) Related credit risk.
- Underwriting Risk.
- Liquidity Risk.
- In setting limits for particular types of risk, the Company should consider its solvency position and its risk tolerance. Limits should be set after careful consideration of corporate objectives and circumstances, and should take into account the projected outcomes of scenarios run using a range of plausible future business assumptions.
- The requirements set out in this section apply to both general insurance class and protection and savings insurance class. Companies should understand the risks they are exposed to and develop ALM policies to manage them
effectively. They should apply techniques appropriate for the nature of their business, the risks they undertake and local market conditions. Every Company should have an appropriate mechanism for ALM management and include it in the investment policy.
- The investment policy shall monitor the Company's asset-liability matching in its following two dimensions:
Part 5: Compliance & Control Requirements
Section A: Controlling, Monitoring and Measurement
- Companies must ensure having in place effective procedures for controlling, monitoring and managing their investment activities and asset positions, and assure those procedures are appropriate to their liability, product mix, solvency position and risk profiles.
- The Company should be capable of identifying, monitoring, measuring, reporting and controlling the risks within their asset liability management.
- The process of monitoring and controlling the investment activities should be performed as follow:
- Monitoring compliance with the approved investment policy.
- Formally noting and promptly reporting breaches.
- Reviewing asset risk management activity and results over the past period.
- Reviewing the asset/liability and liquidity position.
- Adequate systems of internal control must be present to ensure that investment activities are properly supervised and that transactions have been entered into, only in accordance with the Company's approved policies and procedures. Internal control procedures should be documented. The extent and nature of internal controls adopted by each Company will be different, but procedures to be considered should include:
- Reconciliations between front office and back office financial and accounting systems.
- Procedures to ensure that any restrictions on the power of all parties to enter into any particular asset transaction are observed. This will require close and regular communication with those responsible for compliance, legal and documentation issues in the Company.
- Procedures to ensure all parties to the asset transaction agree with the terms of the deal. Procedures for promptly sending, receiving and matching confirmations should be independent of the front office function.
- Procedures to ensure that formal documentation is completed promptly.
- Procedures to ensure reconciliation of positions reported by external investment manager(s).
- Procedures to ensure that positions are properly settled and reported, and that late payments or late receipts are identified.
- Procedures to ensure asset transactions are carried out in conformity with prevailing market terms and conditions.
- Procedures to ensure that all authority and dealing limits are not exceeded and all breaches can be immediately identified.
- Procedures to ensure the independent checking of rates or prices. The internal control systems should not solely rely on dealers for rate/price information.
- The functions responsible for measuring, monitoring, settling and controlling asset transactions should be distinct from the front office functions. These functions should be adequately resourced.
Section B: Auditing
- Companies should have an audit function that performs missions covering all of their investment activities and ensuring timely identification of internal control weaknesses and operating system deficiencies. If the audit is performed internally it must be independent. Concerns with regards to investment activity must be reported to senior management and the Board of Directors.
- Audit coverage should be provided by competent professionals who are knowledgeable of the risks inherent in all assets held.
- Auditors should be expected to evaluate the independence and overall effectiveness of the Company's asset management functions. In this regard, they should thoroughly evaluate the effectiveness of the internal controls relevant to measuring, reporting and limiting risks. Auditors should evaluate compliance with risk limits and the reliability and timeliness of information reported to senior management and the Board of Directors.
- Auditors should also periodically review the Company's asset portfolio and written investment policies and procedures to ensure compliance with the Company's regulatory obligations and SAMA requirements.
- Companies should have an audit function that performs missions covering all of their investment activities and ensuring timely identification of internal control weaknesses and operating system deficiencies. If the audit is performed internally it must be independent. Concerns with regards to investment activity must be reported to senior management and the Board of Directors.
Issuance of Comprehensive Motor Insurance’s Rules - 06 11 2022
The Saudi Central Bank issued these Rules under the Governor's Decision No. (1/S/444) dated 09/04/1444H, based on the powers vested to SAMA under the Cooperative Insurance Companies Control Law issued by Royal Decree No. (M/32) dated 02/06/1424H, and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H.
Article one Definitions
The following words and phrases, wherever they occur herein, shall have the meanings assigned thereto, unless the context requires otherwise:
1.1 SAMA: the Saudi Central Bank. 1.2 Rules: the Comprehensive Motor Insurance Rules. 1.3 Company: the insurance company licensed to practice insurance business in accordance with the provisions of the Cooperative Insurance Companies Control Law. 1.4 Insured: a natural or juristic person who purchased the Policy from the Company and whose name is stated in the Policy Schedule. 1.5 Comprehensive Motor Insurance: The insurance coverage that is based on damages and losses that occur to the Insured Motor Vehicle. 1.6 Motor Vehicle: the Insured transportation means, which is designed to move by wheels or tracks or propelled using mechanical or animal power, as described in the Policy Schedule (trains are excluded). 1.7 Policy: the Comprehensive Motor Insurance Policy whose provisions and coverages are stipulated herein and in the Policy Schedule attached thereto. 1.8 Named Driver: the additional driver licensed to drive the Motor Vehicle and whose name is stated in the Policy Schedule. 1.9 Technical Total Loss: the technically damaged Motor Vehicle, which cannot be repaired to a state legally Cannot be repaired to a state legally fit for driving and is sold for scrap, and is dropped from the registration systems of the General Department of Traffic. 1.10 Economic Total Loss: the damaged Motor Vehicle that can be repaired, but the repair is economically costly; based on the percentage agreed upon between the Company and the Insured and stated in the Policy Schedule. 1.11 Partial Loss: the destruction or damage of parts of the Motor Vehicle which does not exceed the set percentage of Economic Total Loss agreed on between the Company and the Insured which is stated in the Policy Schedule. 1.12 Policy Schedule: the schedule complementing the Policy and its appendix, attached to this Rules. 1.13 Deductible: the amount borne by the Insured for any claim as stipulated in the Policy Schedule. 1.14 Sum Insured: the value of the Motor Vehicle, set in the Policy Schedule. 1.15 Roadside Assistance: a set of various services provided for the Insured, other than towing and storage, when the Motor Vehicle breaks down for any reason. 1.16 Material Fact: any information requested by the Company from the insurance applicant during the conclusion of the Policy that may affect the Company's decision in accepting the insurance or rejecting it or accepting the insurance with different conditions. 1.17 Repairing Party: the approved agency (manufacturer or importer) to repair the damages covered under the Policy, or the auto repair shop approved by the Company to repair the damages covered under the Policy, which is stated in the Policy Schedule. Article Two Purpose and scope
2.1 The Rules aim to regulate the contractual relationship between the Company and the Insured by sitting the minimum coverage of the non-compulsory Comprehensive Motor Insurance. 2.2 The Rules apply to any non-compulsory Comprehensive Motor Insurance. The Rules must be adhered to in conjunction with the Cooperative Insurance Companies Control Law and its Implementing Regulation, the Unified Compulsory Motor Insurance Policy, and the relevant regulations, rules and instructions. Article Three Insurance Coverage
3.1 Under the Policy, the Company shall compensate the Insured for any risk causing damage or loss to the Motor Vehicle, The coverage shall also include any damage caused by fire, theft, lightning or natural disasters such as floods and hail, along with vehicle towing and storage coverage. It also covers third-party civil liability as per the Unified Compulsory Motor Insurance Policy issued by SAMA. 3.2 The maximum limit of the insurance coverage for each covered claim under the Policy should be as follows: 1. Limits of civil liability to third party as per the Unified Compulsory Motor Insurance Policy. 2. Sum Insured of the Motor Vehicle for any risk causing damage or Loss to the Motor Vehicle. 3. Limit of liabilities for other optional insurance coverage stated in the Policy Schedule. 3.3 Optional Insurance coverage: 1. During the negotiation stage and before issuing the Policy, the Company must offer the insurance applicant an insurance coverages for the following: A. Replacement of Motor Vehicles’ rent. B. Roadside Assistance. C. Death and physical injuries’ and medical expenses for the Insured or Named Driver. D. Accidents occurring outside the territory of the Kingdom of Saudi Arabia. E. The driver related to the Insured, such as (parents, spouse, sons, daughters, brother and sister) or the Insured’s domestic worker or someone who work for the Insured based on a labor law. 2. The Company may offer add-ons insurance coverage to the insurance applicant other than coverages stated herein. Article Four Products with Lower insurance coverage
When offering insurance products that include third party insurance and additional coverage the Company must obey the following:
- Not to name the insurance products or describe it in any way as Comprehensive Motor Insurance.
- Comply with the provisions of Article five section (4,5,6) in this Rules.
- In case the insurance coverage includes the provision of applying the deductible on the indemnity due to the use or consumption of the Motor Vehicle during the period prior to the risk, the percentage shall be agreed on with the Insured upon concluding the policy and stated in the Policy Schedule.
Article Five Insurance Coverage Provisions
5.1 Motor Sum Insured:
The Sum Insured shall be agreed between the Company and the Insured and stated in the Policy Schedule, provided that the Company adopts sound methods to determine a fair value of the Sum Insured.
5.2 Indemnity mechanism:
- The Insured must inform the Company of the damage or loss to the Motor Vehicle, associated with a risk covered under the Policy.
- The Company shall receive the Motor Vehicle from the Insured upon the incident of the accident, and deliver the Motor Vehicle to the competent entity in charge of automobile damage appraisal, and then deliver the Motor Vehicle to the Repairing Party specified in the Policy Schedule as per the terms and conditions of the Policy, or compensate the Insured with the Sum Insured in case of Technical Total Loss, or Economic Total Loss.
- The Insured must inform the Company if the damage or loss associated with a risk covered under the Policy was caused by a third party. In this case, the Company shall first compensate the Insured based on the indemnity mechanism stated in article (5) section (5.2) sup-section (2) and then subrogate the Insured against the third party in accordance with Article (8) hereof.
5.3 Indemnity Value:
- Partial Loss: in case of Partial Loss the indemnity shall be to bear the cost of repair at the Repairing Party as specified by the Insured and stated in the Policy Schedule; whereas the repair costs shall be determined by the competent entity in charge of automobile damage appraisal.
- Technical Total Loss: In case of Technical Total Loss the indemnity shall be the amount of the Sum Insured based on the report of the competent entity in charge of automobile damage appraisal, without deducting any expenses incurred by the Company.
- Economic Total Loss: When the Motor Vehicle is considered Economically Total Loss, based on the report of the competent entity in charge of automobile damage appraisal; the Insured shall be compensated with the amount of the Sum Insured, without deducting any expenses incurred by the Company. The Company shall notify the Insured when offering the Motor Vehicle for sale, and the Company and the Insured may agree on a different method to deal with Motor Vehicle when considered an Economic Total Loss.
- The Company shall not deduct an amount from the indemnity due to the Insured's use or consumption of the Motor Vehicle during the period prior to the risk, in case of Partial or Total Economic/ Technical Loss.
5.4 Deductible:
- The Deductible shall be determined by the Insured in agreement with the Company and stated in the Policy Schedule.
- The Company's liability shall starts after deducting the amount of the Deductible, this only applies to damage or loss to the Motor Vehicle and shall not apply to claims arising from third-party civil liability coverage.
- If the Insured or the Named Driver is held partially liable for the accident, the Deductible shall be calculated in proportion to the percentage of liability assigned to the Insured or the Named Driver regarding the accident only.
- The Deductible shall not be charged if the Insured or the Named Driver is not held liable for the accident; according to the report of the competent body attending the accident scene.
- The Company may obligate the Insured to pay the Deductible If there is no other party to the accident and the Insured or the Named Driver held responsible for the accident; based on the report of the competent body attending the accident scene , or The acknowledgement of the Insured or the Named Driver of the liability for the accident.
- The Deductible shall apply for each accident only; even if there are multiple claims resulting from the same accident.
- The amount of the Deductible shall be fixed during the Policy period, and the Company shall not require a different amount irrespective to the accident type or the indemnity value.
5.5 Vehicle Towing and Storage:
- The Company shall pay the expenses incurred by the Insured for towing the damaged Motor Vehicle - determined in Policy Schedule-; due to an accident covered under the Policy, to a secure location, or the competent entity in charge of automobile damage appraisal. When filing the claim, the Insured shall provide the Company with proof of the incurred expenses arising from the Motor Vehicle towing and storage.
- This coverage shall include the expenses that the Company incurred for towing and storage of the Motor Vehicle from and to the competent entity in charge of automobile damage appraisal.
5.6 Replacement of Motor Vehicle:
In case the coverage of compensating the Insured for renting a Motor Vehicle Replacement is added, the Insured must obtain the Company's prior approval for renting the car, and shall provide a proof of renting a Motor Vehicle Replacement for the period agreed upon on the Policy Schedule.
The indemnity shall be in accordance with the maximum indemnity value stated in the Policy Schedule, and the indemnity period shall start from the date of delivering the Motor Vehicle to the Repairing Party.
5.7 Death and Physical Injuries and Medical Expenses for the Insured or Named Driver
If the Insured chooses to include death and physical injuries and medical expenses for the Insured or the Named Driver coverage, the Company shall compensate in accordance with the table of benefits stated in the Policy Schedule.
Article Six Third-Party Civil Liability Coverage
Coverage limits in this section are subject to the Unified Compulsory Motor Insurance Policy issued by SAMA.
Article Seven Exclusions
The following are excluded from the coverage of the Policy:
- The optional Insurance coverages that must be offered by the Company to the insurance applicant as stated in Paragraph (3.3) of this Rules if rejected by Insured.
- A Motor Vehicle found to be driven by a person who does not hold a proper class of license corresponding to the type of vehicle driven; according to the relevant laws and regulations, or in the event that an order was issued by a competent authority for the forfeiture of the Driver's license, or if the license was expired at the time of the accident unless it is renewed within (50) business days from the date of the accident.
- If the Indemnity was less than or equal to the Deductible stated in the Policy Schedule.
- An accident to the Motor Vehicle when driven by a person other than the Insured or Named Driver.
- Manufacturing defects and damage resulting from the use of the Motor Vehicle or from mechanical or electrical malfunctions.
- Damage, loss or theft of tires, rims, hubcaps (wheel covers) and/or exterior mirrors, unless such loss or damage occurred thereto at the time of the covered accident.
- Loss or damage to goods and/or personal belongings while being loaded, unloaded or transported in or on the Motor Vehicle.
- Loss or damage to any trailer, unless stated otherwise in the Policy Schedule.
- Loss or damage to the Motor Vehicle as a result of theft or attempted theft due to leaving the Motor Vehicle running or leaving the keys in the Motor Vehicle, or due to not rolling up the windows or locking the doors.
- All additional Motor Vehicle accessories, apart from those already fitted by the manufacturer and whose price is already included in the original value of the Motor Vehicle, or the type and value of such accessories are explicitly and specifically stated in the Policy.
- If the Motor Vehicle is being used in a way that violates the restrictions of the vehicle use set forth in the Policy.
- The Motor Vehicle carrying passengers beyond its permitted seating capacity or that was overloaded and proven that the accident was caused by such violation.
- If the Motor Vehicle is used for any type of racing, speed trial, or speed or power testing, with the exclusion of the juristic Insured.
- If the Motor Vehicle is driven by a person under the influence of drugs, alcohol, or medicines that affect the ability to drive.
- If the Motor Vehicle is being used as working machinery.
- Car drifting, running a red light or driving against the direction of traffic if it is proven that such violation was the cause of the accident according to the report prepared by the competent body attending the accident scene.
- If the Motor Vehicle is used in areas that are normally off limits to the public, such as airports or seaports.
- Any liabilities or costs that are directly or indirectly incurred due to criminal and hostile acts committed by the Insured and/or the Named Driver.
- If it is proven in the report prepared by the competent body attending the accident scene that the accident was caused deliberately by the Insured or the Named Driver.
Any liability or expenses arising, directly or indirectly, from the following:
a. War, invasion, acts of foreign enemy, hostilities, warlike acts (whether war is declared or not), or civil war. b. Rebellion, military or popular uprising, insurgence, revolution, usurping authority, martial laws, siege, or any events or reasons leading to declaration or continuation of martial laws, siege, or acts of vandalism and terrorism committed by person(s) working individually, on behalf of, or in relation with any terrorist organization. Terrorism means using violence for political, intellectual, philosophical, racial, ethnic, social, or religious purposes. Such use of violence includes putting the public and/or a segment thereof under a state of terror; causing turmoil; affecting and/or intervening in any of the government's operations, activities and/or policies; causing any disturbance that negatively affects the national economy or any of its sectors; and/or carrying out or causing strikes, riots, or civil or labor unrest. c. Damage directly or indirectly caused by nuclear weapons, ionizing radiation, or radioactive contamination resulting from any nuclear fuel or waste, or contamination due to nuclear fuel combustion. For the purposes of this exclusion, combustion shall include any nuclear fission. - Driving the Motor Vehicle in desert areas and unpaved roads unless inside the city.
Article Eight Subrogation
In the event that a party other than the Insured or the Named Driver caused the damage or loss to the Motor Vehicle, and the Company compensated the Insured for this damage or loss or for death and physical injuries and medical expenses -if covered-, the Company has the right to subrogate the Insured and pursue the party causing the accident, or the Company of the party causing the accident for the indemnity incurred on the Motor Vehicle.
Article Nine Change in Material Fact
The Insured shall notify the Company, within (20) business days, of any change in the Material Fact. The Company shall advise the Insured if it intends to increase the premium rate. If no notification is sent to the Insured by the Company within (5) business days, this shall indicate the Company's agreement to continue providing the coverage for the Insured at the premium rate agreed on.
Article Ten Cancellation
10.1 The Insured or the Company may not cancel the Policy, except in the following cases:
- Existence of a valid third-party liability insurance policy or a Comprehensive Insurance Policy.
- Cancellation of the Motor Vehicle's registration.
- Transfer of ownership of the Motor Vehicle to another owner.
10.2 The Company shall refund to the Insured the due amount by crediting the amount to the Insured’s bank account via IBAN, within three business days from the date on which the Company become aware of the occurrence of any of the cases mentioned above. 10.3 The return premium payable to the Insured is calculated by subtracting the elapsed days from the total Policy’s term (in days) and then dividing the result by the total Policy’s term (in days). The result is then multiplied by the insurance premium less commission, and administrative fees (a maximum of SAR 30) in order to determine the return premium payable to the Insured minus the value of claims. To be as shown below:
(365 − elapsed days) /365 × (insurance premium- commission less administrative fees (a maximum of SAR 30) – value of claim) = return premium. 10.4 The Company is exempted from its obligation to pay the return premium in case of a claim — related to the Policy to be cancelled and the Motor Vehicle— with a value exceeds the amount to be refunded as per the calculation formula mentioned above. Notwithstanding the foregoing, the Company, Insured and Named Driver shall remain bound by the provisions of the Policy with respect to the obligations arising prior to its cancellation. Policy Schedule Comprehensive Motor Insurance Policy
Information of the Insured and the Named Driver
Policy No : National ID number for Saudi nationals/ Residence permit (Iqama) number for resident individuals /Commercial Registration No : Name of the Insured: Named Drivers: National ID number: Driver license type: Gender: Age: Marital status: Occupation: Phone Number: National Address: Sum Insured: Premium amount with VAT: Premium amount without VAT: Period of coverage: Percentage to consider the Motor Vehicle an Economic Total Loss:
* The Motor Vehicle will be considered Economic Total Loss if the repair cost exceeds the above percentage based on the Sum Insured.
Repairing Party: (approved agency or auto repair shops) Vehicle towing and storage: Coverage: (500 inside the city and (1000) outside the city for each claim. Parties may agree upon an amount exceeding the Coverage amount for the vehicle and towing storage coverage. Optional insurance coverages that must be offered by the Company to the insurance applicant: Replacement Motor Vehicle rental Replacement Motor Vehicle rental period: Maximum Replacement Motor Vehicle rental amount per day: Death and physical injuries and Medical expenses for the Insured or Named Driver. Roadside Assistance Coverage for accidents occurring outside the territory of the Kingdom of Saudi Arabia. The driver related to the Insured, such as (parents, spouse, sons, daughters, brother and sister) or the Insured’s domestic worker or someone who work for the Insured based on a labor law. Additional coverage: Minimum limit for Death and physical injuries and Medical expenses for the Insured or Named Driver: Type of Benefit
Amount in Saudi Riyals
death 100,000 Permanent disablement from attending any employment or occupation whatsoever 100,000 Total loss by physical severance at or above the wrist or ankle of both hands or both feet 100,000 Total loss by physical severance at or above the wrist or ankle of one hand or one foot 50,000 Permanent total loss of sight in both eyes 100,000 Permanent total loss of sight in one eye 50,000 Reimbursement of Expenses in respect of medical and surgical treatment 25,000 *Parties may agree on limit of indemnification higher than stated above or additional types of coverage Motor Vehicle information
Chassis No. Registration Plate No. Vehicle Registration Expiry Date Vehicle Color Customs Card No. Type of Chassis Year of Manufacture Vehicle Make Use Restraints Vehicle Model Parking location at night Serial Number Purpose of use transmission (automatic/Manual) Motor Vehicle Modification Disclosure
Trailer attached to the Motor Vehicle Using the Motor Vehicle for any type of racing, speed trial, or speed or power testing Other Requested Martial Facts by the Company Linkage of Offering Various Services With the National Address
This section is currently available only in Arabic, please click here to read the Arabic version.Non Obligatory of Photocopy Personal Documents
This section is currently available only in Arabic, please click here to read the Arabic version.OUTSOURCING REGULATION FOR INSURANCE AND REINSURANCE COMPANIESAND INSURANCE SERVICE PROVIDERS
Part 1: Introduction
Purpose
- This regulation enumerates SAMA's requirements for Insurance/Reinsurance Companies and Insurance Services Providers that have entered or are intending to enter Outsourcing arrangements. This regulation is also applicable to any Outsourcing arrangements whether with a domestic or foreign Third Party.
- The objective of this regulation is to set controls to organize the relationship betweenInsurance/Reinsurance Companies and Insurance Services Providers and Third Parties in order to ensure that this relationship does not affect the compliance with laws and regulations governing the Saudi Insurance Market, and that Outsourcing Arrangements do not hinder Policyholders' rights.
- This regulation is applicable to all Outsourcing Arrangements entered into by licensed Insurance/ Reinsurance Companies and Insurance Service Providers under the Law on Supervision of Cooperative Insurance Companies promulgated by Royal Decree M/32 dated 2/6/1424 H including all their branches and subsidiaries licensed in Saudi Arabia (hereinafter referred exclusively as “Insurers and Insurance Services Providers”).
- This regulation should be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations, as well as SAMA's Market Code of Conduct and any other regulation issued by SAMA.
Definitions
5. “Outsourcing” refers to an Arrangement under which a Third Party (Service . Provider) undertakes to provide a service to Insurance Companies and Service Providers previously carried out by itself or a new service to be offered by it. Dealing with Reinsurance Companies and Insurance/ Reinsurance Brokers, Agents, Insurance Claims Settlement Specialists (i.e., Third Party Administrators), Risk Surveyors, Loss Assessors, Loss Adjusters, Actuaries, and Insurance Consultants, is not considered an Outsourcing Arrangement for the purpose of this regulation. In addition dealing with Service Providers that the company is compelled to work with, according to the applicable regulations, is outside the scope
of this regulation.
6. “Insurers and Insurance Service . Providers” refers to any Insurance/
Reinsurance Company and Insurance Service Provider licensed by SAMA under the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations.
7. “Third Party”, refers to any Service Provider to whom an activity is outsourced. A Third Party can be a member of the group to which the institution belongs, related company, or an unrelated Third Party, whether located in Saudi Arabia or elsewhere.
8. “Board” or “Board of Directors” refers to:
a) The Board of Directors, in the case of a company incorporated in Saudi Arabia.
b) A local board, a management committee or a body beyond local management empowered with oversight and supervision responsibilities for the company's operations in Saudi Arabia, in the case of an institution incorporated outside Saudi Arabia.
9. “Material Functions” refer to underwriting, claims handling, investment, risk management, finance, internal audit, compliance, and primary decision-making processes such as policy sales and renewals (for a typical list please refer to the Appendix).
10. “Material Outsourcing” refers to an Outsourcing Arrangement which, if . disrupted, has the potential to significantly impact an institution's business operations, reputation or profitability (for a typical list please refers to the Appendix).
11. “Policyholder Data” refers to any information or document relating to the affairs or policy of a Policyholder (whether kept physically or electronically and whether held by Insurers and Insurance Service Providers themselves or by a Third Party).
12. “Financial Data” refers to all financial data . including books of policies, general and sub-ledger, financial statements and various financial data other than Policyholder Data.
13. “Overseas” refers to locations outside of Saudi Arabia in which entities are subject . to other jurisdictions' laws and regulations.
Compliance Requirement
- Insurers and Insurance Service Providers should establish appropriate internal controls and procedures to ensure and monitor compliance with this regulation.
- Insurers and Insurance Service Providers should maintain adequate records to demonstrate compliance with this regulation, including Outsourcing contracts and an Outsourcing policy.
- Non-Compliance with the requirements set forth in this regulation will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and licensing conditions and subject violating Insurers and Insurance Services Providers in case of non-compliance to enforcement action.
Part 2: Overarching Rules
- Insurers and Insurance Services Providers should ensure that Outsourcing does not reduce the protection available to policyholders and is not used as a way of avoiding compliance with regulatory requirements.
- Insurers and Services Providers have to comply with the following:
- Develop and put in place an Outsourcing policy duly approved by their Board of Directors within 180 days from the date of issuance of this regulation. If such a policy already exists, Insurers and Insurance Services Providers should ensure that it is in compliance with this regulation and provide a copy of the policy to SAMA within 021 days from the date of issuance of this regulation for licensed companies. For unlicensed companies, the Outsourcing policy should be part of the licensing requirements.
- All new Outsourcing Arrangements as well as renewal of existing arrangements must be made in accordance with this regulation.
- Review their existing Outsourcing contracts against this regulation and seek post facto no objection for contracts assessed as Material Outsourcing within 120 days from the date of issuance of this regulation.
- Submit details of all existing Material Outsourcing Arrangements to SAMA within 120 days from the date of issuance of this regulation.
- Notify SAMA in the event of any legal or regulatory violation in their Outsourcing Arrangements.
- Rectify and remove any deficiencies from the existing contracts within 365 days from the date of issuance of this regulation or on renewal date of the contracts, whichever comes first, provided that the renewal is no sooner than 120 days from the date of issuance of this regulation.
Accountability
- The Board of Directors and management of Insurers and Insurance Service Providers retain the ultimate responsibility for all their Outsourcing Arrangements, including compliance with all relevant laws, regulations and instructions.
Obligations
- The Board of Directors and management of Insurers and Insurance Service Providers should ensure that appropriate policies are developed and implemented within the proper risk management framework for Outsourcing arrangements.
- Insurers and Insurance Service Providers should make sure that the process of entering into Outsourcing contracts is free from any conflict of interest.
The Outsourcing policy should provide for the development, implementation and update of detailed procedures for managing Outsourcing Arrangements.
As a minimum the procedures should include the following:
- Roles and responsibilities of the Board of Directors and management.
- Risk identification criteria and risk mitigation measures.
- Systems for monitoring and controlling Outsourcing activities.
- Eligibility and qualification criteria for selection of the Third Party.
- All requirements set forth in this regulation.
- Insurers' and Insurance Service Providers' management and Board of Directors should ensure that all existing and proposed Outsourcing Arrangements have been subject to a comprehensive risk review process at inception and renewal. This process should evaluate key risk factors namely operational, legal, reputation and regulatory risks and risk mitigation strategies for each Outsourcing proposal.
- Before entering into an Outsourcing Arrangement, Insurers and Insurance Service Providers are required to analyze the business case and suitability of the Third Party by conducting due diligence on the following:
- The Third Party's financial, technical and professional background and capabilities.
- Impact of the Outsourcing on the overall risk profile of Insurers and Insurance Service Providers.
- Impact of the Outsourcing on systems and controls within Insurers and Insurance Service Providers.
The level and extent of due diligence will depend on the nature of the Outsourcing Arrangement, i.e., Material Outsourcing will entail a more comprehensive exercise.
Insurers and Insurance Service Providers must establish a method for assessing the Third Party on a yearly basis and retain the necessary expertise to supervise their outsourced functions effectively.
- Insurers and Insurance Service Providers are required to provide the Third Party with a copy of this regulation, and a copy of their Outsourcing policy.
Part 3: Specific Rules
Section A: Contract Wording
- Insurers and Insurance Service Providers should document their Outsourcing Arrangements through a written, legally binding contractual agreement compliant with all applicable regulatory requirements. As a minimum, the contract should incorporate the following:
- Contracted parties.
- Scope of the contract.
- Service levels and performance requirements.
- Audit and monitoring procedures.
- Business continuity plans.
- Default arrangements.
- Pricing and fee structure.
- Dispute resolution mechanisms.
- Liability and indemnity.
- Contract Period.
- Confidentiality, privacy and security of information.
- Any contractual obligations of the Third Party in case of subcontracting all or part of the Outsourcing Arrangement.
- Reporting and escalation mechanisms.
- Commitment from the Third Party to report to Insurers and Insurance Service Providers any control weaknesses or adverse developments in its financial performance.
- Commitment from the Third Party that there are no regulatory impediments for accessing their data and record.
- Commitment from the Third Party to return or destroy all Data upon the termination of the Outsourcing arrangement or contract. As long as there are no regulatory requirements to keep such records.
- The contract should allow for renewal, renegotiation, default termination and early exit so as to enable Insurers and Insurance Service Providers to retain control over the outsourced activity. In addition, SAMA has the right to ask the Insurers and Insurance Service Providers to review, modify, or terminate the Outsourcing contract, in case of noncompliance with This Regulation and other related regulations.
- Furthermore, the contract should incorporate a clause for providing SAMA access to documentation and accounting records in relation to the Outsourcing. The contract should ensure that SAMA, the Insurers' and the Insurance Service Providers' internal and external auditors or any other duly authorized representatives from the Insurance Company or Insurance Service Provider have access to the premises, data, documents, process, etc. of the Third Party.
- The contract should indicate that the Saudi Arabian judicial authorities are the relevant authorities for the settlement of disputes arising from the enactment or the explanation of the Outsourcing contract. Any exception to the requirements of this article is subject to SAMA's prior approval.
- Insurers and Insurance Service Providers should document their Outsourcing Arrangements through a written, legally binding contractual agreement compliant with all applicable regulatory requirements. As a minimum, the contract should incorporate the following:
Section B: Policyholders' rights
- Insurers and Insurance Service Providers should institute a defined internal mechanism for receipt and resolution of any policyholder complaints regarding their outsourced services while the Outsourcing contract should include appropriate clauses to ensure that the Third Party will facilitate the resolution mechanism.
- Insurers and Insurance Service Providers should establish proper safeguards to protect the integrity and confidentiality of Policyholder Data and Financial Data including but not limited to:
- Obtaining non-disclosure agreements.
- Providing Policyholder Data and Financial Data to a Third Party on a need-to-know basis only.
- Requiring the Third Party to segregate their data from other data pools.
- Upon termination of the Outsourcing Arrangement and contract for whatever reason, Insurers and Insurance Service Providers should ensure that all Data of the outsourced activity is either retrieved from the Third Party or destroyed, As long as there are no regulatory requirements to keep such records. Any exceptions should be reported to SAMA.
- In addition to This Regulations, Insurers and Insurance Service Providers should refer to SAMA's Market Code of Conduct Regulation for data confidentiality and security.
Section C: Requirements for Material Outsourcing Arrangements
- Insurers and Insurance Service Provides should seek SAMA's written no objection prior to undertaking any Material Outsourcing.
- Material Functions should be assessed on a case-by-case basis and approved by SAMA before being outsourced.
- Proposals for all Material Outsourcing - should be submitted to SAMA in writing, at least 30 working days for a domestic ' Third Party and 60 working days for a foreign Third Party prior to the proposed date of commencement of the Outsourcing Arrangement.
- The Board of Directors should ensure that senior management has assessed each proposed Outsourcing function qualitatively and quantitatively and classified it as material or non-material prior to submitting to SAMA.
- Insurers and Insurance Service Providers may seek SAMA's guidance if uncertain whether or not an existing or new arrangement is considered material or nonmaterial.
- For Material Outsourcing, the contract should include provisions that prohibit subcontracting without the prior approval of Insurers, Insurance Service Providers and SAMA.
- Insurers and Insurance Service Providers should immediately report to SAMA any breach of legal and/ or regulatory
- requirements or any developments relating to a Material Outsourcing Arrangement. They should also report measures proposed and taken to ensure continuity of service.
Section D: Requirements for Overseas Outsourcing Arrangements
- For any proposed Outsourcing Arrangements involving transmission, processing and retention of Policyholder Data and/ or Financial Data and/ or Material Outsourcing to a Third Party located overseas (including head offices and/ or regional offices and/ or affiliated entities of insurers), Insurers and Insurance Service Providers should provide the following information to SAMA accompanying their request:
- Details of the function to be outsourced.
- Categorization of the function (material or non-material Outsourcing).
- Reason for Outsourcing.
- Details on the Third Party located overseas, e.g., name, country, address, license, activity, etc.
- Details on the nature and disposal of the data to be transferred.
- Details on the confidentiality agreement between Insurers or Insurance Service Providers and the Third Party.
- Confirmation in writing by Insurers or Insurance Service Providers supported by a legal opinion affirming SAMA's right of access to the Outsourcing activity at the Third Party. Alternatively, Insurers and Insurance Service Providers could use a standard clause approved by SAMA in its Outsourcing contract, instead of the legal opinion. The Third Party must guarantee to abide by the legal clause.
- For any proposed Outsourcing Arrangements involving transmission, processing and retention of Policyholder Data and/ or Financial Data and/ or Material Outsourcing to a Third Party located overseas (including head offices and/ or regional offices and/ or affiliated entities of insurers), Insurers and Insurance Service Providers should provide the following information to SAMA accompanying their request:
Section E: Control and Monitoring
Insurers and Insurance Service Providers should ensure that their business continuity is not compromised by any Outsourcing Arrangements. For all material Outsourcing Arrangements, Insurers and Insurance Service Providers should have a contingency plan which outlines the procedures to be followed in the event of sudden termination of an arrangement or the inability of a Third Party to fulfill its obligations under the Outsourcing agreement for any reason.
In addition, Insurers and Insurance Service Providers should document within their business continuity plans the availability of an alternative Third Party or the procedures for bringing the outsourced material function in-house.
- Insurers and Insurance Service Providers should put in place an internal structure to monitor, manage and control all of their Outsourcing activities and to provide timely reports to senior management. The nature and scope of this structure will vary within Insurers and Insurance Service Providers depending on the level, complexity and materiality of the activities.
Appendix: Examples of Material and Non Material Outsourcing Arrangements
- The following are typical examples (non-exhaustive list) of Material Outsourcing arrangements:
- Arrangements involving financial data (e.g., Outsourcing an accounting function).
- Applications processing (e.g., purchasing a new policy).
- Back office management (e.g., funds transfer and payroll processing).
- Underwriting services.
- Complaints handling.
- Investment management(e.g., signed contracts with asset managers).
- Information system management and maintenance (e.g., data entry and processing, data centers, IT hosting, end-user support, and local area networks, production support for technology applications).
- Manpower management (e.g., benefits and compensation administration, staff appointment, and training and development).
- Marketing and Research (e.g., product development, data warehousing and mining, call centers, and marketing and telemarketing of insurance products and services).
- Business continuity and disaster recovery capacity and capabilities.
- The following are typical examples (non-exhaustive list) of non-material Outsourcing Arrangements:
- Utilities such as telephone and electricity.
- Market information services.
- Advisory services (e.g., legal opinions).
- Independent consulting.
- Mail and courier services.
- Printing services (e.g., policy wording, forms, and business cards).
- Purchase of goods including their after sales or other support services, commercially available software, and other commodities.
- Credit and background check and information services.
- Employment of contract or temporary personnel, head hunting services, employee assessment, and consulting on staff development.
- Security services.
- Programming work.
- Building maintenance and cleaning services etc.
- The following are typical examples (non-exhaustive list) of Material Outsourcing arrangements:
Presenting the Statutory Reserves and its Returns in the Financial Statements
This section is currently available only in Arabic, please click here to read the Arabic version.Regulations for Supervision and Inspection Costs
Part 1: Introduction
1-The terms used in These regulations shall have the same meaning as per article one (1) of the Implementing Regulations.
2-The following regulations provide instructions regarding the Supervision and Inspection Costs to be paid by insurance/ reinsurance companies and brokers operating in the Kingdom, as per Article Thirty Six (36) of the Implementing Regulations of the Law of Supervision of Cooperative Insurance Companies promulgated by Royal Decree M/32 dated 2/6/1424 H.
These regulations shall apply to all insurance/ reinsurance companies that have maintained operations in the Kingdom after the end of the grace period granted by the royal decree number 3120 dated 4/3/1426H that ended on 11March 2008. And to all insurance/reinsurance brokers starting from the date of obtaining their license to operate in the insurance brokerage business in the Kingdom.
Part 2: Supervision and Inspection Costs
Article Thirty Six (36) of the Implementing Regulations of the Law of Supervision of Cooperative Insurance Companies promulgated by Royal Decree M/32 dated 2/6/1424 H stipulates that:
The Company and the Insurance Brokerage shall pay the costs of inspection and supervision by paying SAMA the following:
- The Company shall pay five per thousand (0.5%) of total underwritten premiums in a financial year excluding local market share of the reinsurance business.
- The Insurance/Reinsurance Brokerage shall pay an amount representing one percent (1%) from the total commissions and fees earned within an
- accounting year.
Part 3: Payment Timing
- Insurance/ reinsurance companies should pay the supervision and inspection costs to SAMA on a quarterly basis:
- The payment for the first quarter should be made at the latest by the end of the 4th month of the financial year.
- The payment for the second quarter should be made at the latest by the end of the 7th month of the financial year.
- The payment for the third quarter should be made at the latest by the end of the 10th month of the financial year.
- The payment for the fourth quarter should be made at the latest by the end of the 1st month of the next financial year.
- Brokers should pay the supervision and inspection costs to SAMA on a semi-annual basis:
- The payment for the first semester should be made at the latest by the end of the 7th month of the financial year.
- The payment for the second semester should be made at the latest by the end of the 1st month of the next financial year.
- Any delay in the payment of the supervision costs will subject the company to a sanction of 0.25% of the amount due to SAMA for every late day. If the delay period exceeded six months, the delaying company's license might be subject to withdrawal or cancelation.
- Insurance/ reinsurance companies should pay the supervision and inspection costs to SAMA on a quarterly basis:
Part 4: Cost Payment Method
7-Payments of the Supervision and Inspection costs to SAMA shall be paid by a wire transfer to the Saudi Arabian Monetary Authority - Headquarter. Account number, IBAN SA8101100001- (250109000003).
Part 5: Cost Calculation Methodology
- Insurance/ reinsurance companies should perform payments on the basis of the total underwritten premium (after deduction of the local market share of reinsurance) in the first three quarters with no other exclusions, then on the last quarter all other exclusions will be made for the entire financial year.
- Reconciliations for the supervision costs paid to SAMA during a financial year will be made at the end of the year. 14 days at the latest after of the payment of supervision costs and submission of the calculations, SAMA would have sent a letter to the companies if there are any reconciliations to be made. If the reconciliation is to SAMA's benefit then the company should pay the difference to SAMA within a period not exceeding 1 week from receiving the letter. If the reconciliation is to the company’s benefit then the amount will be deducted from the subsequent payment.
- Any Gross Written Premium refunds made to the policyholders on account of cancellations or surrenders, during the financial year for which the supervision costs payment is made, should not be included in the calculation of the Supervision and Inspection costs.
- For General and Health Insurance policies, and single premium Protection and Savings Insurance policies that extend for more than one year, the company should divide the premiums on a pro-rata basis between the applicable financial years. Underwritten premiums that are not related to the current year should be excluded from the pool on which the supervision costs percentage is imposed.
- In case of a transfer of business or acquisition of books, where a Company (A) acquires part or all of the business of another Company (B) during the financial year, the following two scenarios should be considered:
- If Company B has already paid the supervision fee for the transferred business, Company A does not become liable for any additional supervision fee for that period on the business acquired.
- If Company B has not paid the supervision fee for the transferred business, Company A is liable to pay the supervision fee for that period on the business acquired.
Part 6: Effective Date for Implementation of these regulations
13-These regulations are effective as of 1st of October 2009 (12- 10 - 1430 H), whereby all companies have to pay starting from the period mentioned in the second article (2) in the first part of These Instructions, including the supervision costs for the first and second quarter of 2009, as per the payment timing detailed in part 3 of these regulations.
Regulations for branches and points of sale annual expansion for insurance and reinsurance brokerage and agency companies - 02 05 2016
Saudi Arabian Monetary Authority
Regulations for Branches and Points of Sale Annual Expansion for Insurance and/or Reinsurance, Brokerage and Agency Companies02/05/2016
This regulation is been issued in both Arabic and English. In the event of discrepancy in the interpretation of the two texts, the Arabic text shall prevail.
Part 1: Introduction
- This regulation includes the terms and conditions must followed by insurance, reinsurance, brokerage and agency companies to enhance the expansion of branches and encourage the geographical distribution of points of sale so as their services and products to be accessed by the different consumer segments and regions, especially the low papulation regions. This regulation aims in raising the level of services provided by the branches or points of sale.
All insurance and/or reinsurance, brokerage and agency companies shall satisfy the following requirements upon preparation and submission to SAMA the annual expansion plan:
a. All insurance and/or reinsurance, brokerage and agency companies that are planning to open new branches and/or points of sale starting from the expansion plan of 2017, shall submit an annual expansion plan by September 1st of every year preparing for obtaining SAMA's written non-objection by November 30TH in the same year. The expansion plan submitted to SAMA shall be for one coming year only. b. Expansion plans of branches and/or points of sale shall include details on any plans to relocate or close during the next year for insurance and/or reinsurance, brokerage and agency companies existing branches and/or points of sale, and such relocation or closing shall not be commenced without obtaining a written non-objection form SAMA. In case of relocating or closing a branch and /or point of sale for circumstances out of control of the company, the company shall provide SAMA with such circumstances and justifications within 5 working days from the date of closing or relocating. c. When submitting the annual expansion plan for Branches and/or Points of Sale, companies shall identify the expected operating date of each branch and/or point of sale. d. Defining the objectives and reasons for opening Branches and/or Points of Sale to verify their conformity with the company's expansion plan. e. Ensuring effectiveness of the geographical distribution of branches and points of sale so as their services and products are accessed by the different consumer segments and regions. f. When obtaining SAMA's written non-objection, The company shall take all the necessary actions to operate the branch and/or the point of sale within the 6 months prior to the expected operating date of branch and/or the point of sale.
Purpose
- This regulation determines the terms and conditions must followed by insurance, reinsurance, agency and brokerage companies when opening new branches and/or points of sale. This regulation is issued In accordance with article (9) of the Law on Supervision of Cooperative Insurance Companies, and articles (4) First (J), (4) second (G) and (39/1) of the Implementing Regulations.
- This regulation must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies, its Implementing Regulations as well as any other regulations issued by SAMA or any other relevant authorities.
Part 2: Studying the Annual Expansion Plan of Branches and Points of Sales
When studying the annual expansion plan of branches and/or points of sales, SAMA will take the following into consideration:
a. SAMA will assess the annual expansion plan of branches and/or points of sales submitted by the company to ensure the satisfaction of the requirements set forth in Article (2) of these regulations.
b. Before SAMA's non-objection / objection, any subsequent changes to the expansion plan submitted to SAMA shall be subject to a written request including justifications for the proposed changes.
c. Filling out the annual expansion plan of branches and points of sales forms, found in the forms section at the insurance category on SAMA's website, set out in forms A, B, C or D, as the activity of the company may be and its expansion plan.
Part 3: Assessment of Expansion Plan's Forms and Notifying SAMA
- SAMA's decision of non-objection /objection shall be issued if all relevant requirements set forth in Article (5) above are submitted by the company along the forms.
- In the case an insurance and/or reinsurance, brokerage and agency companies have not completed the required actions for opening the branch and / or a point of sale during the expected operation date submitted to SAMA, the company shall submit a written request to SAMA for extension no later than 15 working days from the end of six month period given in Article (2/f), and the extension period shall be up to 3 months and for one me only.
- The company shall notify SAMA, in writing, within 15 working days from the beginning of the operation of branches and/or points of sale.
Part 4: Requirements and Conditions
Section 1: Opening Domestic Branches for Insurance and/or Reinsurance Companies
Requirements for studying expansion plan of branches for insurance and/or reinsurance companies:
a. Providing SAMA with the names, qualifications, and telephone numbers of managers and employees of the branches as well as the address of each branch. b. The employees shall be efficient and well experienced. c. Filling out sheet (1) of form (A) for opening domestic branches and points of sale for insurance and/or reinsurance companies. After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Fulfilling the licenses, registers, and legal certificates necessary for opening the branch, such as licenses of municipality, General Directorate of Civil Defense, Ministry of Commerce, and any other licenses. b. Complying with the provisions of the Implementing Regulations relating to Saudization ratio in the branch. c. Provision of information network connected to the company's system. d. Provision of an internal control mechanism to control operations of the branch. e. Provision of an appropriate and secure mechanism for keeping funds in the branch. f. Provision of a mechanism for receiving claims so the settlement of which shall be in accordance with the company's policy and strategy, whether through the branches or headquarter. g. Provision of a system for registering and keeping data of each policy sold through the branch, including name and address of its holders, date, validity and premiums and terms. h. Ensuring that the branch's employees have the efficiency required for dealing, combating and reporting financial crimes. i. Ensuring that customer service employees are applying customer due diligence measures regarding identification of customers) Know Your Customer). j. Filling out sheet (2) of form (A) for opening domestic branches and points of sale for insurance and/or reinsurance companies and sending each branch's sitemap. k. Provision of a plan for obtaining IFCE certification by the employees of each branch. l. The employee should be of the staff of the insurance company, subscribed in the General Organization for Social Insurance, and, if foreigner, sponsored by the insurance company. m. Complying with working hours specified by SAMA.
Section 2: Opening Points of Sale for Insurance Companies
Points of Sale for Insurance Companies
Requirements for studying expansion plan points of sale for insurance companies:
a. Defining insurance products to be sold through the point of sale, provided that they are restricted to the products with predetermined underwriting standards and, thus, there is no need for reviewing each customer.
b. Filling out sheet (1) of form (A) for opening domestic branches and points of sale for Insurance and/or reinsurance companies.
After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Provision of hardware necessary to perform business efficiently, including issuance of policies in accordance with the company's underwriting policy.
b. Ensuring that points of sale are connected to the company's system.
c. Providing SAMA with the names, qualifications, and telephone numbers of managers and employees of the point of sale as well as the address of each point of sale.
d. Ensuring that there is an internal control mechanism in place to control operations of the points of sale.
e. Ensuring that there is an appropriate and secure mechanism in place for keeping funds in the points of sale.
f. Keeping records and policies issued through the points of sale, including name and address of policyholders and date, validity and premiums and terms of each policy.
g. Ensuring that the points of sale' employees have the efficiency required for dealing, combating and reporting financial crimes.
h. Ensuring that customer service employees are applying customer due diligence measures regarding identification of customers (know Your Customer).
i. The employee should be of the staff of the insurance company, subscribed in the General Organization for Social Insurance, and, if foreigner, sponsored by the insurance company.
j. The purpose of the points of sale shall include receiving claims filed by customers and not be restricted to marketing insurance products.
k. Filling out sheet (2) of form (A) for opening domestic branches and points of sale for insurance and/or reinsurance companies and sending each point of sale sitemap.
Points of Sale at Travel Agencies and Car Showrooms for Insurance Companies
Requirements for studying expansion plan of points of sale at travel agencies and car showrooms for Insurance companies:
a. Providing SAMA with a copy of the acceptance of the entities through the offices of which the company will sell its products to obtain SAMA's non- objection/objection. b. Filling out sheet (1) of form (A) for opening domestic branches and points of sale for insurance and/or reinsurance companies. After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Ensuring that there is a place allocated for the employee at the point of sale in a way that is obvious that the employee is an employee of the insurance company, not of renter's company. b. The employee should be of the staff of the insurance company, subscribed in the General Organization for Social Insurance, and, in if foreigner, sponsored by the insurance company. c. The employee should carry a company ID card clarifying the company's name and his photo and employee number. d. Ensuring that there are advertising boards inside showrooms clarifying that the point of sale is affiliated to the insurance company. e. Providing SAMA with the rental contract entered with entities through the offices of which the company will sell its products. f. Provision of hardware necessary to perform business efficiently, including issuance of policies in accordance with the insurance company's underwriting policy. g. Ensuring that points of sale are connected to the insurance company's system. h. Filling out sheet (2) of form (A) for opening domestic branches and points of sale for insurance and/or reinsurance companies and sending each point of sale sitemap. i. Providing SAMA with the names, qualifications, telephone numbers and experience profiles of the employees at the point of sale.
Section 3: Opening Branches Abroad for Reinsurance Companies
Requirements for studying expansion plan of branches abroad for reinsurance companies:
a. Submitting a feasibility study and a three- year business plan. b. Defining risks the company may encounter when opening a branch abroad and the plan proposed to manage such risks. c. Determining the abroad expansion impact on the company's solvency. d. Ensuring that there is an internal control mechanism in place to control operations of the branches abroad. e. Filling out sheet (1) of form (B) for opening abroad branches for reinsurance companies. After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Obtaining approval of the host-country insurance supervisor to exchange information with SAMA. b. The company shall meet the regulatory requirements for obtaining a license to conduct reinsurance activity in the jurisdiction in which the company will open branches. c. Providing SAMA with all supervisory and regulatory decisions that may be issued in the future by the host-country insurance supervisor. d. Filling out sheet (2) of form (B) for opening abroad branches for reinsurance companies and sending each branch's sitemap.
Section 4: Opening Domestic Branches for Insurance Agencies and Brokerages' companies
- Insurance Brokerage companies shall not open more than one branch in each administrative region of the Kingdom, provided that the total number of branches shall not exceed five.
- Insurance Agency Companies shall be allowed to open five branches when its capital amounts to SAR 500,000, and it shall increase its capital by SAR 100,000 at least for every additional branch it requests to open.
Requirements for studying expansion plan of branches for Insurance agency and brokerage companies:
a. Providing SAMA with the names, qualifications, and telephone numbers of managers and employees of the branches as well as the address of each branch. b. The employees shall be efficient and well experienced. c. Filling out sheet (1) of form (C) for opening domestic branches for insurance agency and brokerage companies. After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Finalizing the licenses, registers and legal certificates necessary for opening the branch, such as licenses of municipality, General Directorate of Civil Defense, Ministry of Commerce and any other licenses. b. Complying with the provisions of the Implementing Regulations relating to Saudization ratio in the branch. c. Provision of information network connected to the company's system. d. Ensuring that there is an internal control mechanism in place to control operations of the branch. e. Ensuring that there is an appropriate and secure mechanism in place for keeping funds in the branch. f. Provision of a mechanism for receiving claims so the settlement of which shall be in accordance with the company's policy and strategy, whether through the branches or headquarter. g. Provision of a system for registering and keeping data of each policy sold through the branch, including name and address of its holders, date, validity and premiums and terms. h. Ensuring that the branch's employees have the efficiency required for dealing, combating and reporting financial crimes. i. Ensuring that customer service employees are applying customer due diligence measures regarding identification of customers (Know Your Customer). j. Filling out sheet (2) of form (C) for opening domestic branches for insurance agency and brokerage companies and sending each branch's sitemap. k. Provision of a plan for obtaining IFCE certification by the employees of each branch. l. Written approval by the insurance and/or reinsurance company for opening the branch (only for agency companies). m. Complying with working hours specified by SAMA. n. The employee should be of the staff of the agency or brokerage company, subscribed in the General Organization for Social Insurance, and, if foreigner, sponsored by the agency or brokerage company.
Section 5: Opening Points of Sale for Insurance Agency Companies
Points of Sale for Insurance Agency Companies
Requirements for studying expansion plan points of sale for Insurance Agency Companies:
a. Defining insurance products to be sold through the point of sale, provided that they are restricted to the products with predetermined underwriting standards and, thus, there is no need for reviewing each customer. b. Filling out sheet (1) of form (D) for opening points of sale for insurance agency companies. After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Provision of hardware necessary to perform business efficiently, including issuance of policies in accordance with the insurance company's underwriting policy. b. Ensuring that points of sale are connected to the insurance company's system. c. Ensuring that there is an internal control mechanism in place to control operations of the points of sale. d. Ensuring that there is an appropriate and secure mechanism in place for keeping funds in points of sale. e. Keeping records and policies issued through the point of sale, including name and address of policyholders and date, validity and premiums and terms of each policy. f. Ensuring that the points of sale' employees have the efficiency required for dealing, combating and reporting financial crimes. g. Ensuring that customer service employees are applying customer due diligence measures regarding identification of customers (Know Your Customer). h. The employee should be of the staff of the insurance agency company, subscribed in the General Organization for Social Insurance, and, in case of a foreigner, sponsored by the insurance agency company. i. The purpose of the points of sale shall include receiving claims filed by customers and not be restricted to marketing insurance products. j. Filling out sheet (2) of form (D) for opening points of sale for insurance agency companies and sending each point of sale sitemap. k. Providing SAMA with the names, qualifications, telephone numbers and experience profiles of the employees of the point of sale.
Points of Sale at Travel Agencies and Car Showrooms for Insurance Agency Companies
Requirements for studying expansion plan of points of sale at travel agencies and car showrooms for insurance agency companies:
a. Providing SAMA with a copy of the acceptance of the entities through the offices of which the company will sell its products to obtain SAMA's non- objection/objection. b. Filling out sheet (1) of form (D) for opening points of sale for insurance agency companies. After obtaining SAMA's non-objection, the company shall meet the following conditions:
a. Ensuring that there is a place allocated for the employee at the point of sale in a way that is obvious that the employee is an employee of the insurance agency company, not of renter's company. b. The employee should be of the staff of the insurance agency company, subscribed in the General Organization for Social Insurance, and, in case of a foreigner, sponsored by the insurance agency company. c. The employee should carry a company ID card clarifying the company's name and his photo and employee number. d. Ensuring that there are advertising boards inside showrooms clarifying that the point of sale is affiliated to the agency insurance agency company. e. Ensuring that there is an appropriate and secure mechanism in place for keeping funds in points of sale. f. Providing SAMA with the rental contract entered with entities through the offices of which the company will sell its products. g. Filling out sheet (2) of form (D) for opening points of sale for insurance agency companies and sending each point of sale sitemap. h. Provision of hardware necessary to perform business efficiently, including issuance of policies in accordance with the insurance company's underwriting policy. i. Ensuring that points of sale are connected to the insurance company's system. j. Providing SAMA with the qualifications, names, and telephone numbers and experience profiles of the employees of the point of sale. - The Brokerage and agency company shall inform SAMA 30 days in advance of any relocation of its headquarters within the city.
- The relocation of any branches by the company, non-objected by SAMA, to another city shall be subject to the requirements and conditions for opening new branches.
Part 5: Closing Domestic Branches and/or Points of Sale for Insurance and/or Reinsurance, Brokerage, and Agency Companies
- The company shall first obtain a written non-objection from SAMA for closing branches and/or points of sale and provide SAMA with its plan for ceasing operations through such branches and/or points of sale and rights and obligations under policies issued therefrom.
SAMA may request the company to close a branch and/or point of sale if the company:
a. Has provided incorrect information to obtain a non-objection from SAMA or other relevant authorities. b. Ceased to fulfill any key requirement for the issuance of approval.
Part 6: Closing or transfer Branches Abroad for Reinsurance Companies
- The reinsurance company shall notify SAMA about its willingness to close or relocate the branches in accordance with the host-country applicable law and provide SAMA with the host-country insurance supervision's approval.
Part 7: Conditions Lead to SAMA's Non-Objection Cancellation
- SAMA non-objection shall be deemed cancelled if the approved branch and/or point of sale (domestic or abroad) does not commence business after the expiration of the (6) months period given in article (2/f) and the expiration of the periods given in article (7), without approaching SAMA to obtain an extension period or comply with extension's period given.
- Insurance and/or Reinsurance, Brokerage and Agency companies shall comply with the requirements and conditions set forth herein. SAMA, through supervisory and regulatory measures, will monitor the compliance with these regulations by companies.
Requirements of the Insurance Corporate Governance Regulation
This section is currently available only in Arabic, please click here to read the Arabic version.Resolving Issues Related to the Announcements of Insurance and/or Reinsurance Companies About Material Events
This section is currently available only in Arabic, please click here to read the Arabic version.Risk Management Regulation
Part 1: Introduction
Purpose
- This Code presents the general principles and minimum standards that should be met by insurance and reinsurance companies, including branches of foreign insurance and reinsurance companies, and insurance related service providers to manage their risks.
- The objective of This Code is to promote high standards of risk management.
- This Code must be read in conjunction with the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations, especially articles 12, 20, 21, 24, 37, 42, 46, 47, 49, 60, 61, 62, 68, 72, and 76.
Definitions
- The term “Companies” in This Code is intended to include: insurance and reinsurance companies, and insurance related service providers including insurance brokerages, insurance agencies, reinsurance brokerages, and reinsurance agencies. The rest of the terms used in This Code shall have the same meaning as per article one (1) of the Implementing Regulations.
- Risk management is defined1 as the process whereby the insurer's management takes action to assess and control the impact of past, present and potential future
events that could be detrimental to the insurer. These events can impact both the asset and liability sides of the insurer's balance sheet, and the insurer's cash flow.
1 Source IAIS guidance paper on investment risk management, October 2004
Scope and Exemptions
This Code applies to insurance and reinsurance companies, and insurance related service providers including insurance brokerages, insurance agencies, reinsurance brokerages, and reinsurance agencies.
Compliance Measures
- Companies must establish appropriate internal controls and procedures to ensure and monitor compliance with This Code, including the compliance of all contracted parties, in particular when there is clear evidence of a breach in the regulation.
- Companies must maintain adequate records to demonstrate compliance with This Code, including but not limited to the risk strategy and the organizational structure implemented.
Non-Compliance
- Non-compliance with the requirements set forth in This Code will be deemed a breach of the Law on Supervision of Cooperative Insurance Companies and its Implementing Regulations and licensing conditions and may subject companies to enforcement action.
Structure of This Code
The risk management requirements are outlined in Parts 2 and 3 of This Code:
a) Part 2 - General Requirements, which are principle-based.
b) Part 3 - Risk Management Standards, which stipulate the risk management requirements companies must adhere
to in order to combat all categories of risk.
Part 2: General Requirements
Risk Management Strategy
Companies should have a comprehensive risk management strategy to understand and manage the types of risk arising from their core business operations.
The strategy should consider the impact of market conditions and available expertise on inherent risks to which the company is exposed. Consideration should not be limited to the risks associated with one class of business but should extend to risks from all other classes.
- Companies should periodically review and update the risk management strategy by taking into account developments that are internal and external to the company.
Responsibilities of Management
- The company's Board of directors and the senior management are responsible for assessing the risks to which the company is exposed and mitigating and monitoring those risks on a continuous basis. Therefore, the Board should:
- Understand the risks associated with the company's activities.
- Design a risk management strategy which is consistent with the company's commitments to shareholders and with regulatory requirements.
- Approve the risk management policies in writing.
- Ensure the implementation and effective operation of risk management control systems.
- Question senior management on risk management processes and give priority to discussions and actions dealing with risk management issues.
- Re-evaluate the company's tolerance for, and exposure to, risk on a regular basis (e.g., through stress testing exercises).
- The company's Board of directors and the senior management are responsible for assessing the risks to which the company is exposed and mitigating and monitoring those risks on a continuous basis. Therefore, the Board should:
Organizational Structure
Companies should clearly define responsibilities of senior managers and establish levels of authority and powers of delegation.
In addition, companies should design a reporting structure that ensures management is provided with all information necessary to manage risk.
Management should be further supported by appropriately experienced personnel, appropriate control systems and up-to- date information technology.
The role of the company's senior management with regard to risk
management should include:
- Clearly understanding the risk management policies and procedures of the company.
- Ensuring activities of the company are conducted within the framework of approved policies and systems.
- Keeping the Board advised of any breach of the risk management practices.
- The company should assign at least 2 (two) risk management officers, one for general and health insurance and one for protection and savings insurance. The company should make sure that its risk management officers are independent from its underwriting officers.
Policies and Control Systems
- Companies should establish (in writing) adequate policies and control systems to measure risk tolerances, aggregate exposure limits, and mitigate and monitor risks. These policies and control systems must include but not be limited to:
- Clear identification of the staff positions with delegated responsibility for managing specific risks.
- Adequate systems for measuring risk.
- Effective internal controls, including separation of operations and internal audit.
- Comprehensive management information systems that ensure timely monitoring and reporting of risk exposure.
- Companies should establish (in writing) adequate policies and control systems to measure risk tolerances, aggregate exposure limits, and mitigate and monitor risks. These policies and control systems must include but not be limited to:
Contingency Plan
- Companies should design a contingency plan to counter events with severe negative impact on their businesses. This plan should:
- Identify early risk warning signals.
- Outline detailed course of action in the event of a negative outcome.
- Establish roles and responsibilities for every prescribed action.
- Assess the likely impact of every outlined course of action.
- Establish the reporting procedure as well as the internal and external notification.
- Companies should design a contingency plan to counter events with severe negative impact on their businesses. This plan should:
Documentation and Review
- Companies should design processes for the documentation and review of systems and for the maintenance of control procedures. The effectiveness of the implementation of risk management systems should be thoroughly documented and provided to SAMA upon request.
Reporting
The company should provide SAMA with an annual report detailing its risk management plan and its implementation steps as part of the annual financial reports submitted to SAMA at the end of the year.
The report should address the following risk management systems:
- Written policies and procedures, and internal control mechanisms in place.
- Annual review of the implementation effectiveness of the risk management policies and procedures by the Board.
The report must be signed by both the chief executive officer (CEO) and the chairman of the Board.
Part 3: Risk Management Standards
Section A :Risk Identification
The list that follows summarizes the most common categories of risk
Product Development Risk
- Product development risk is the risk associated with the changes made on an existing product in order to meet customer needs and make the product more marketable in a competitive environment. These changes might affect the product coverage and liabilities which would cause risk. When dealing with product development risks, the company should:
- Perform an actuarial review and get an actuarial approval for selling the new product, especially for Protection and Savings products.
- Ensure that the new product is compliant with regulatory requirements.
- Report any change in the risk profile and/ or insured behavior from the date of launching of the new product.
- Product development risk is the risk associated with the changes made on an existing product in order to meet customer needs and make the product more marketable in a competitive environment. These changes might affect the product coverage and liabilities which would cause risk. When dealing with product development risks, the company should:
Underwriting Risk
- Underwriting risk is the risk associated with evaluating and accepting insurance risk. When dealing with underwriting risk, companies must:
- Ensure policies are worded clearly and that no room for interpretation is given.
- Ensure that the application is filled out by the insured in its entirety.
- Ensure that the premium charged reflects the policy cost including hidden costs such as advertising and regulatory fees.
- Have underwriting guidelines defining the responsibility of departments dealing with underwriting activity (e.g., sales department, claim handling department, reinsurance department, etc.).
- Reinsure a part of its risk as per Article 40 of the Implementing Regulations before selling any product in order to minimize and control overall risk and enhance risk tolerance.
- Review periodically the adequacy of insurance policies, underwriting guidelines, as well as the underwriting process to make sure that each department is operating efficiently.
- Underwriting risk is the risk associated with evaluating and accepting insurance risk. When dealing with underwriting risk, companies must:
Claim Handling Risk
- Claim handling risk is the risk associated with paying claims to policyholders based on the policy coverage. When dealing with claim handling risks the company should:
- Review closely decisions dealing with claims to make sure they are taken in accordance with policy coverage. This will minimize additional cost in the future associated with inappropriate decisions.
- Periodically assess, claim handling processes and guidelines, to enhance their efficiency and quality.
- Define and implement a process for claim settlements with reinsurance companies to facilitate transactions dealing with claims.
- Define and implement appropriate reserving mechanisms.
- Claim handling risk is the risk associated with paying claims to policyholders based on the policy coverage. When dealing with claim handling risks the company should:
IT Risk
- IT risk is the risk of error or failure of the business operation due to risk or error associated with the technology (IT). When dealing with IT risk, the company should:
- Have an adequate IT system to safeguard the integrity and security of data.
- Audit periodically and update the IT system, and maintain disaster recovery plans.
- Use reliable and original software.
- Have effective up-to-date anti-virus software installed on all computer terminals and servers.
- Maintain all financial and other sensitive information in a physically secured environment.
- Store backup copies of all their data.
- IT risk is the risk of error or failure of the business operation due to risk or error associated with the technology (IT). When dealing with IT risk, the company should:
Pricing Risk
- Product pricing risk is the risk resulting from the process by which the company attempts to identify the adequate premium rate. When dealing with pricing risk, the company should:
- Take into consideration all potential risks using the proper methodologies when setting the price of a product.
- Evaluate the business's profits and losses to identify the effects associated with modifying the premium rate, if any, on the reported earning. In case of emergence of new trends, the company should initiate a process for price assessment (i.e., repricing).
- Involve actuaries when setting product prices.
- Product pricing risk is the risk resulting from the process by which the company attempts to identify the adequate premium rate. When dealing with pricing risk, the company should:
Liquidity Risk
- Liquidity Risk is the risk associated with the inability to liquidate the asset quickly enough without sacrificing a portion of the asset value. Liquidity Risk is likely to occur when holding excessive long term assets against the insurance company's liabilities. When dealing with liquidity risk, the company should:
- Use stress-testing to recognize potential liquidity shortages and confront them.
- Use scenario analysis techniques, which simulate base, worse and best case scenarios, to identify techniques in dealing with liquidity shortages if they ever arise.
- Monitor the rise in policy cancellations which is an important indicator of a liquidity problem.
- Use sound asset-liability management practices in order to limit the company's exposure to shortages in liquidity.
- Use a variety of techniques, such as lines of credit, to obtain quick access to cash should the need arise.
- Liquidity Risk is the risk associated with the inability to liquidate the asset quickly enough without sacrificing a portion of the asset value. Liquidity Risk is likely to occur when holding excessive long term assets against the insurance company's liabilities. When dealing with liquidity risk, the company should:
Credit Risk
- Credit risk is the risk associated with uncertainty in the counterparty's ability to meet its obligations. A history of payment delay of a particular client as well as the overall status of the economy are indicators of credit risk. When dealing with credit risk, the company should:
- Ask the counterparty to provide adequate collateral.
- Enforce a strict timeline for collecting payments.
- Put limits on the quality and quantity of credit provided or investments made.
- Review periodically the company's policy for granting credit, in an effort to
identify any weakness in the policy itself and intervene if necessary.
- Credit risk is the risk associated with uncertainty in the counterparty's ability to meet its obligations. A history of payment delay of a particular client as well as the overall status of the economy are indicators of credit risk. When dealing with credit risk, the company should:
Interest Rate Risk
- Interest rate risk is the risk that the value of the investment would change due to a change in the interest rate.
- The main categories of interest rate risk would be:
- Basis risk: occurs when the yields on the insurance company's investments differ from yields on its liabilities.
- Curve risk: occurs when the yields on the short term investments differ from the yields on long term investments.
- Reinvesting risk: occurs when the company is forced to reinvest its assets at a lower rate and/or to repay its liabilities at a higher rate.
- A company should analyze the effects of the change in the interest rate on its income statement. The decline in profits or the rise in losses threatens the stability of the company's position and result in weakening its capital adequacy as well as reducing market confidence in the company.
- Interest rate risk is the risk that the value of the investment would change due to a change in the interest rate.
Corporate Governance Risk
- Corporate Governance Risk is the risk associated with the rules dictating how rights and responsibilities are shared between the various stakeholders in the company, primarily managers, directors, shareholders, and other financial stakeholders. (For more information please refer to the Code of Corporate Governance Regulation)
- Corporate Governance Risk is the risk associated with the rules dictating how rights and responsibilities are shared between the various stakeholders in the company, primarily managers, directors, shareholders, and other financial stakeholders. (For more information please refer to the Code of Corporate Governance Regulation)
Currency Exchange Risk
- Currency exchange risk is the risk associated with an investment's value changing due to changes in currency exchange rates, thus affecting export/ import businesses as well as international investments. When dealing with currency exchange risk, the company should take the following measures:
- Position limit: setting a maximum amount to a particular currency allowed to be carried during regular trading hours in order to limit a position.
- Loss limit: setting stop-loss levels under the conditions of a loss limit in order to avoid non-sustainable losses.
- Currency exchange risk is the risk associated with an investment's value changing due to changes in currency exchange rates, thus affecting export/ import businesses as well as international investments. When dealing with currency exchange risk, the company should take the following measures:
Reinsurance Risk
- Reinsurance risk is the risk associated with transferring part of the risk to another company. Reinsurance risk appears when the reinsurer fails to meet its obligations. (For more information please refer to the Reinsurance Regulation)
Reputation Risk
- Reputation risk is the risk associated with negative public opinion about the company. This affects the institution's ability to establish new relationships or services or continue servicing existing relationships thus exposing the company to financial loss, or a decline in its customer base which impacts earnings and capital. When dealing with reputation risk, the company should exercise caution in dealing with its customers and the community.
- Reputation risk is the risk associated with negative public opinion about the company. This affects the institution's ability to establish new relationships or services or continue servicing existing relationships thus exposing the company to financial loss, or a decline in its customer base which impacts earnings and capital. When dealing with reputation risk, the company should exercise caution in dealing with its customers and the community.
Country risk
- Country risk is the risk associated with the occurrence of changes in the business environment of a country thus affecting profitability of businesses conducted in it. Country risk stems from:
- Macroeconomic mismanagement where authorities may pursue unsound monetary and fiscal policies which may lead to inflation, higher interest rates, recession, etc.
- War or political instability.
- Labor unrest which may lead to higher costs or work stoppages.
- Country risk is the risk associated with the occurrence of changes in the business environment of a country thus affecting profitability of businesses conducted in it. Country risk stems from:
Non-Compliance Risk
- The non-compliance risk is the risk arising from violation of laws, rules, and regulations. When dealing with noncompliance risk the company should:
- Ensure it is in compliance with all applicable laws and regulations governing its activities.
- Provide adequate attention to the operating circulars as well as procedures and rules of the payment systems.
- Ensure sound and appropriate contractual relationships with customers and counterparties.
- The non-compliance risk is the risk arising from violation of laws, rules, and regulations. When dealing with noncompliance risk the company should:
Section B: Risk Measurement
Impact and Probability
- Companies should measure risk by assessing:
- Its impact, thus measuring its severity and the potential harm that could occur to the business activity as a result.
- Its probability, i.e., likelihood of its occurrence. The higher the probability the more risk the company incurs.
- The company should measure the impact of its risks by assessing and scaling the quality of the different factors specific to each type of risk using different severity levels. In the case of non-quantifiable risks, the company should undertake a qualitative assessment appropriate to the type of risk in question.
- Companies should measure risk by assessing:
Risk Evaluation
- The estimated risks should be compared against the insurer's risk criteria to decide on the priority to be assigned to address each of the risks and the appropriate responses.
Measurement Process
- The company should use numerous business activities to aggregate risk impact and probability, and obtain a complete risk assessment map. The risk measure process consists of the following steps:
- Group similar and related risks into homogeneous categories.
- Determine risk drivers or variables that affect the probability and impact of identified risks.
- Determine the root cause or source of risk.
- Assess trade-offs, interdependencies, and timing of identified risks.
- Estimate risk factor or risk exposure.
- Multiply probability of occurrence or likelihood with the consequence or impact (in financial terms) if the risk occurred.
- Determine risk impact by assessing the risk factor with the relative risk timeframe for action.
- Rank and prioritize risks.
- The company should use numerous business activities to aggregate risk impact and probability, and obtain a complete risk assessment map. The risk measure process consists of the following steps:
Section C: Risk Mitigation
The company should implement necessary measures to mitigate the identified risks, including setting appropriate standards and assigning limits to staff that are commensurate with their experience and competence level.
Mitigation strategies can be fivefold:
- Avoid: the company refrains from performing tasks that might carry potential risk.
- Retain: the company accepts the loss when it occurs.
- Reduce: the company reduces the severity of its losses.
- Transfer: the company causes another party to accept the risk, typically by contract or by hedging (e.g., reinsurance).
- Exploit: the company makes good use of the risk it is retaining to gain indirect financial benefits (e.g., through advertisement).
Section D: Risk Monitoring
Effective Monitoring
- The company should have an effective monitoring structure to ensure that risk standards and limits are complied with as intended and that any deviation is duly documented and approved. The company should establish clear procedures to investigate non-compliances with the intent of preventing such incidents from recurring. The consequences for non-compliance with established limits should be clarified and pre-determined by control committees and internal oversight functions. Such committees should include but not be limited to Risk committee, Investment committee, Claims settlement committee, Reinsurance committee, Remuneration committee, and Internal audit function. The role and scope of work of each committee is defined in the Code of Corporate Governance.
Review
- The company should annualy review whether it has correctly assessed the impact and probability of material risks and effectively mitigated or treated the risks, including identification of lessons learned.
Rules On The Collection And Exchange Of Motor Insurance Information
Section One Introduction
These instructions were issued based on the powers vested in SAMA under Law on Supervision of Cooperative Insurance Companies issued by royal decree No. (M/32) dated 2/6/1424 and its Implementing Regulations issued by Minister of Finance's decision No. 1/596 dated 1/3/1425.
The following terms and phrases, wherever mentioned herein, shall have the meanings assigned thereto unless the context otherwise requires:
- SAMA: Saudi Arabian Monetary Authority.
- Law: Cooperative Insurance Companies Control Law.
- Rules: Rules on the Collection and Exchange of Motor Insurance Information.
- Insurance Information: The information provided in the Insurance Record as specified in Article 9 of these Rules.
- Insurance Information Owner: The insurance applicant, insured, driver or third party when filing an insurance claim under an insurance policy.
- Insurance Record: A report issued by the Company containing the Insurance Information of the Insurance Information Owner.- Company: The company approved by SAMA to collect, maintain and exchange Insurance Information.
- Negative Insurance Information: Any Insurance Information that is against the interest of the Insurance Information Owner.
- Negative Decision: Any decision against the interest of the Insurance Information Owner taken by the Member based on the Insurance Record.
- Member: The insurance company or insurance service provider that has a Membership Agreement with the Company to exchange Insurance Information.
- The objectives of these Rules are to:
- Regulate the process of collecting, maintaining and exchanging of the Insurance Information necessary to enhance the ability of insurance and/or reinsurance companies in the Kingdom to analyze insurance risks associated with motor insurance.
- Maintain confidentiality of Insurance Information.
- Improve the quality of Insurance Information in the insurance sector.
- Reduce insurance fraud.
Section Two General Provisions
- Insurance Information shall not be collected or exchanged, and Insurance Record shall not be established, without a prior written consent from the Insurance Information Owner.
- No natural or legal person shall provide the services of collecting and maintaining Insurance Information for exchange purposes without obtaining SAMA's prior approval.
- Insurance Information shall not be maintained, transferred or exchanged outside the Kingdom of Saudi Arabia, and traffic accidents data shall not be stored before obtaining the approval of the competent authority.
- The Company and the Member shall not use or benefit from Insurance Information in any manner other than the objectives set forth in these Rules.
- The Company and Member shall maintain the confidentiality of Insurance Information, and shall use and exchange such Insurance Information in accordance with the controls set forth in these Rules.
- The staff of the Company or Member may not divulge any Insurance Information known by reason of their job or maintain such information after leaving the service.
Section Three Insurance Record Contents
- The Insurance Record shall contain all or any of the following information of the Insurance Information Owner:
- Natural person's name, ID number and national address.
- Legal person's name, commercial register and address.
- Data about motor insurance policies coverage of the Insurance Information Owner, whether valid or expired.
- Data about settled and unsettled motor claims.
- Data about denied motor claims and reasons of denial.
- Data about motors deemed as total loss.
- Data about insurance claims recovery.
- Data about traffic violations, after obtaining the approval of the competent authority.
- Data about traffic accidents, after obtaining the approval of the competent authority.
- Data about motor damage appraisals.
- Claims found by the competent court to be fraudulent.
- The Insurance Record shall contain all or any of the following information of the Insurance Information Owner:
Section Four Company Obligations
- The Company shall take all measures and precautions necessary to ensure the soundness, validity, accuracy and completeness of Insurance Information obtained in accordance with the provisions of these Rules. The Company shall also obtain Insurance Information only from Members, Insurance Information Owner after obtaining his/her written consent, or official competent authorities after obtaining their approval and in accordance with the Company's approved standards.
- The Company shall obtain SAMA's non-objection before enter into a Membership Agreement with any insurance companies or insurance service providers it desires to exchange Insurance Information therewith.
- The Company shall keep updated records of all Members, their contracts and agreements and durations and terms thereof.
- The Company shall take all measures necessary to, and put in place operating guidelines to, protect Insurance Information from unauthorized or unlawful access, use, modification or disclosure.
- The Company shall ensure that any disputed Insurance Information that is undecided upon is stated in the Insurance Record as “Disputed Insurance Information.”
- The Company may issue an Insurance Record only upon a request of:
- A Member after obtaining a prior written consent from the Insurance Information Owner.
- An official national dispute settlement authority.
- SAMA.
- The Insurance Information Owner.
- The company, prior to issuing any Insurance Record, shall:
- Verify the identity and eligibility of the party requesting the Insurance Record and the purpose of the request.
- Obtain a pledge from the Member to use the Insurance Information only for the reasons specified in the request.
- The Company must keep sufficient evidence to prove the existence of a legal purpose for each Insurance Record request for a period not less than 5 years from the request date.
- The Company must have controls in place to protect Insurance Information, including:
- Registering, maintaining, matching, collecting, processing and classifying Insurance Information in a proper manner for easy reference.
- Protecting Insurance Information from loss, including through backup systems, a crisis recovery plan and a business continuity plan.
- Protecting Insurance Information from access, use, modification or disclosure for purposes other than those permitted by these Rules or other laws, regulations and relevant instructions.
- Regularly reviewing the Company's staff confidentiality controls.
- Regularly reviewing patterns of use of information systems in order to detect and investigate any unusual patterns of use.
- Keeping, for a period not less than 5 years, records of cases of logging in, modification and validation of the Insurance Information database, including previous query records and incident records that involve confirmed or suspected violations.
- Providing the necessary information protection knowledge to the Member's employees authorized to transfer and transmit Insurance Information.
- The Company shall, at least annually, report to SAMA on the efficiency and effectiveness of computer and information security systems used in the Company. SAMA may also request any other data or information it deems necessary.
- The Company must have the technologies necessary to collect Insurance Information from Members and receive Insurance Record requests therefrom.
- The Company must obtain an adequate insurance coverage from an insurer licensed to operate in the Kingdom to cover any professional liability resulting from collecting, maintaining or exchanging Insurance Information.
- The Company may not sell, rent or assign its databases without a prior written consent from SAMA. If the Company ceased to exist for any reason, the ownership of its databases shall be transferred to SAMA or any other entity determined by SAMA.
- The Company shall establish a department to handle complaints and set procedural guidelines to handle complaints from Insurance Information Owners. The guidelines must contain complaint settlement procedures, including:
- Full understanding of the complaint settlement procedures by the employee responsible of contacting the Insurance Information Owner.
- Full and immediate investigation of any complaint.
- Keeping a record for written complaints and documenting the actions taken thereupon.
- Clarifying complaint submission methods and available communication channels.
- Settling complaints within a maximum period of 10 working days of the receipt thereof.
- The Company shall set procedural guidelines to educate customers about Insurance Information and shall publish the same upon approval of SAMA.
Section Five Membership Agreement
- The Membership Agreement shall define the technological and technical requirements to exchange Insurance Information and the standards and regulatory requirements to be followed by the parties.
- The Member shall designate a certain number of employees, according to the Membership Agreement, authorized to transmit Insurance Information to the Company or request Insurance Record therefrom. The Member shall notify the Company with the employees' names and shall immediately notify it with any change or update to their authorizations.
- Without prejudice to other provisions of these Rules, the Members may not withhold or delay the requested Insurance Information behind the period agreed upon in the Membership Agreement.
- The Member may not assign the powers granted thereto under the Membership Agreement without a prior written consent from SAMA.
Section six Member Obligations
- The Member shall obtain a written consent from the Insurance Information Owner before providing the Company with his/her Insurance Information or requesting his/her Insurance Record from the Company.
- The Member may not provide the Company with any flawed on unfully verified Insurance Information, and shall be responsible for any mistakes in the Insurance Information provided to the Company.
- The Member shall proactively provide and update Insurance Information to the Company, and may not withhold requested Insurance Information from the Company.
- The Member may modify any Insurance Information previously sent to the Company only by requesting the Company to do so with the justifications and documents supporting the request.
- The Member may not provide the Company with any Disputed Insurance Information without indicating its status as disputed.
- The Member may not take a decision based on any Disputed Insurance Information as long as the Insurance Record indicates that it is disputed.
- The Member shall provide the necessary ongoing training and qualification to the persons authorized to provide the Company with Insurance Information or enquire about Insurance Records.
- The Member shall, in accordance with the standards defined in the Membership Agreement, use technologies compatible with the ones operated by the Company and any updates therefor to minimize information loss.
Section Seven Rights of Insurance Information Owner
- The Insurance Information Owner has the right to know the Insurance Information contained in his/her Insurance Record, and may request a copy of his/her Insurance Record from the Company without any fee.
- The Insurance Information Owner has the right to know the name and address of the authorized Members and official entities that enquired about his/her Insurance Record.
- The Insurance Information Owner has the right to object, and request correction to, any false information contained in his/her Insurance Record.
If the Member took a Negative Decision against the Insurance Information Owner due, in whole or in part, to the Insurance Information contained in his/her Insurance Record, the Member shall, within three working days from the date of the Negative Decision, notify the Insurance Information Owner upon his/her request with the following information:
a) Reasons for the Negative Decision.
b) Company's contact information and a copy of his/her Insurance Record.
Section Eight Disputing Insurance Information
- The Insurance Information Owner may, at any time, dispute any Insurance Information contained in the Insurance Record for being incorrect, unupdated or incomplete, and the Company should investigate the dispute without any fees and within a period not exceeding 15 working days of the dispute filing date.
- Investigating objections shall be in accordance with the following procedures and timeframes:
- The Company shall, within two working days from the receipt of the objection, notify the Member which issued the disputed Insurance Information and provide the Member with all insurance information related to the dispute, including the information and documents provided by the Owner. The Member shall respond within three working days. If the Member fails to respond within the specified period, this shall be deemed as evidence proving the dispute is valid.
- The Company shall make a decision within seven working days from the receipt of the Member's response or the expiry of the period specified above.
- If the investigation concluded that the objection was, in whole or in part, valid or that the information cannot be verified, the Company shall, within two working days of the decision date, delete, or modify, as the case may be, the Disputed Insurance Information contained in the Insurance Record.
- The Company shall, within 10 working days from the objection filing date, notify the Insurance Information Owner of the procedures followed to investigate the Dispute Insurance Information.
- The Company shall, within five working days from the decision date, notify the Insurance Information Owner of the investigation results, and the notification shall include:
- A copy of the Insurance Record after modification, if the objection found to be valid.
- A summary of the Rights of Insurance Information Owner set forth in these Rules, in case the dispute found to be invalid.
- The Company shall state the dispute in each Insurance Record issued during the investigation. If the investigation did not lead to the settlement of the dispute, the Company, upon the Owner's request, shall:
- Sate the dispute in any subsequent Insurance Record that contains that particular Disputed Insurance Information.
- Include in the Insurance Record a clear summary of the Disputed Insurance Information from the Owner's point of view.
- Send a written notice of the objection to any entity, identified by the Owner, that has obtained his/her Insurance Record during the year preceding the filing of the dispute, if the Insurance Record included that particular Disputed Insurance Information.
- Upon modification or deletion of any disputed Insurance Information in the Insurance Record, the Company shall notify in writing any entity, identified by the Owner, that has obtained his/her insurance record during the year preceding the filing of the dispute.
- The Insurance Information Owner may, if the objection was rejected, file to the competent judicial authority to consider and settle his/her dispute against the Insurance Information issuer.
Section Nine Control and Supervision
- For the purposes of the implementation of the provisions of these Rules, SAMA may require the Company to provide it with any data or information and may as well conduct inspection.
- Without prejudice to the responsibility of the authorized staff of the Company or the Member, the Company and the Member shall be responsible for their employees' violations of the provisions of these Rules.
- Upon discovery of any violations of the provisions of these Rules, SAMA may take one or more of the following actions:
- Notifying the Company or Member, as the case may be, in writing and request it to mend its irregularities within a specified period from the notice date.
- If the Company or Member, as the case may be, fails to mend its irregularities within the period specified in SAMA's notice, SAMA may suspend the Company or Member from exchanging Insurance Information or revoke its approval.
- Taking any other legal action that is commensurate with the severity of the violation.
Rules and Regulation of Naqd Service on MADA Cards
Introduction
The Saudi Arabian Payments Network (SPAN) supports all card payments within the Kingdom and is a key component in the Saudi Arabian National Payments Strategy delivered through the IPSS. The SPAN Business Strategy (SPAN 2016 - Driving Change) is designed to position SPAN as the 'First Payment choice in the Kingdom of Saudi Arabia'. Driven by the IPSS objective of reducing the volume and velocity of cash in the kingdom, the SPAN scheme will target the reduction of cash in the kingdom from over 94% of retail payment transaction volume, to less than 70% by 2020.
The SPAN Business Strategy defines the development and change program Into four key dimensions:
Quality initiatives, designed to improve the overall service level and performance of the scheme
Growth Initiatives, designed to extend the reach of cashless retail payment services within the kingdom and to stimulate increased usage of card payment services among existing SPAN cardholders
Governance of the SPAN Scheme and development programme, to ensure appropriate development and management of stakeholder interests
Communications Initiatives, to ensure a consistent level of stakeholder education and understanding of the SPAN vision, mission and deliverables, optimization of the scheme promotional and marketing initiatives and a clear understanding of the operational and regulatory obligations of scheme participants.
Figure 1: 'SPAN 2016 - Driving Change' program outline
Central to the development of the SPAN service is the ongoing development of new business services which:
Support the strategic direction of the IPSS and the SPAN Business Strategy - 2016
Offer added value to the key stakeholders (Merchant, Card Issuer and Card Acquirer)
Offers value to the Card holder
Naqd Service (Cash-back with Purchase) at Point of Sale generates the following opportunities:
o Encourages cardholders to use PoS functionality as a source of multiple Card base services
o Migrates some traffic away from (an already busy) ATM network
o Provides an opportunity for Merchants to offload (expensive) cash
o Allows Card Acquirers sell the benefits of PoS, by including Cash-back as a additional service suite to the Merchant
Naqd Service at PoS Is a common feature in retail (card) payment markets In Europe, Asia, US and Australia, and is acknowledged as a material feature of progressive card-based retail payments systems.
International analysis suggests that Cash-back with purchase at point of sale can be a feature of (typically) 5% to 8% of card point-of-sale transactions.
Naqd Service Business Rules
Service Availability
The 'Naqd Service' will be offered as a SPAN/mada Scheme service
The service will be (technically) available on all SPAN/mada branded cards
Naqd will be available at all SPAN/mada Merchant terminals.
a. The Acquirer will have the capacity to disable the Naqd facility at any of their Merchants by assigning the Merchant to the appropriate 'TMS Group', which excludes the Naqd feature
Naqd will only be available to cardholders if conducted as part of a SPAN/mada purchase transaction
The Total Value of the transaction will be identified in field DE04
The Naqd (Cash-back) element of the transaction will be Identified in field DE54
A Naqd (Cash-back) only transaction will be Identifiable and declined by the Issuer
(i.e. DE04 = DE54 > 0)
The processing code, field DE03 carries the processing code 090000
2.2 Transaction Limits
There will be no maximum number of transactions per day on which Naqd could be requested or authorised (subject to available funds)
The scheme will operate to a parameterised minimum and maximum value for cash-back.
Minimum Value-SAR 1
Maximum Value - SAR 400 per day
Cash-back values will be calculated and permitted to two places of decimals
The maximum value will be calculated and applied daily, subject to available funds and will be managed by the Card Issuer
When a Naqd transaction is requested, the request will be evaluated at three levels:
The Acquirer (Terminal) will check to confirm that the individual transaction(s) for Purchase and for Naqd don't exceed SAR 60,000 and SAR 400 respectively
The SPAN Switch will check to ensure the total value of the transaction does not exceed the PoS limit (DEO4 <= SAR 60,400)
The Issuer will check to ensure the cumulative Purchase value and/or the Cash-back value doesn't exceed the daily limit(s)
Daily limits will be defined on the calendar day, typically, but not mandated, from 00:00:00 to 23:59:59
Transactions containing values that cause either the cumulative daily PoS Purchase limit of up to SAR 60,000 or the cumulative daily Naqd limit of SAR 400 to be exceeded, will be declined in total
Naqd 'Cash-back'values will form part of the revised cumulative total PoS value limit of SAR 60,400 per day*
2.3 Naqd Transaction Authorization
A Naqd 'Cash-back' element will only be permitted on a transaction that has received (online) positive authorization from the Issuer
Where 'off-line transaction functionality' Is available, Naqd will not be permitted.
2.4 Commercial Model
Naqd will operate as a 'fee-free' transaction to the Card Issuer, Transaction Acquirer, Merchant and Cardholder. No unique SPAN switch fees will be applied by the scheme to the Naqd 'Cash-back' element of the Point of Sale (PoS) transaction.
The Issuer and Acquirer fees applied at the SPAN switch will reflect the standard rate for the card (i.e. one Authorization Fee and a split Settlement Fee for the overall Purchase & Naqd 'Cash-back' transaction)
Interchange Fees will aoplv for the Purchase element only (I.e. the value of field DE04-DE54), based on Table 1 below: (See SPAN/mada Charging Policy for details)
Table 1; SPAN PoS interchange Fees (Acquirer pays Issuer)
Interchange
Value Band
From To SPAN Interchange Band 1 SAR 0.00 SAR 1,000 0.4% (40bp) Band 2 SAR 1,000.01 SAR 60,000.00 SAR 4.00 MSC charged by the SPAN Acquirer to the Merchant on the total transaction will be subject to the normal SPAN Maximum, based on the Purchase element only (i.e. the value of field DE04-DE54.
Table 2: SPAN PoS MSC Maximum Fees (Subject to bl-laterai negotiation between Acquirer & Merchant)
Merchant Services Commission (MSQ Value Bands From To SPAN MSC Band 1 SAR 0.00 SAR 5,000.00 (approx.) 0.8% (80bp) max Band 2 SAR 5,000.01 (approx.) SAR 60,000.00 SAR 40.00 max The SAPS.000 reference Is Indicative, since MSC rate Is negotiable between Acquirer and Merchant, but still subject to SAR 40 max
PoS Terminal Output:
SPAN PqS Terminal will be configured to generate a counterfoil/transaction confirmation which includes:
Purchase Value (DE04 - DE54)
Naqd (Cash-back) value (DE54)
Total transaction value (DE04)
The Naqd 'Cash-back' element on the 'receipt' will be situated close to a cardholder signature panel where the cardholder will be asked to sign to confirm receipt of the cash as this will help In the event of a dispute
Promotional material should encourage the Merchant to confirm the Naqd element on the merchant receipt copy, which should then be signed by the cardholder, as this will help in the event of a dispute.
Bank to Customer Reporting:
Transaction Reporting on Statements:
The cardholder statement will post a single transaction for the full value of the Purchase and Naqd (Cash-back) value (l.e. field DE04).
The Transaction narrative on the statement will detail the value of the Cash-back element, (DE54) and the value of the Purchase element (DE04- DE54)
SMS messages to the cardholder after execution of a transaction shall adopt a standard message, which will be Issued In both Arabic and English.
The SMS (transaction confirmation) narrative will read:
your account XXXX has been debited for SAR NNN.NN(DE04) Including purchase value SAR XXX.XX (DE04-DE54) and Naqd value YYY. YY (DE54) at ^Merchant Name> on dd.mm.yyyy at hh:mm
Naqd (Cash-back with Purchase)
- Transaction Declines and Reason Codes
Decline reason codes will be issued from the acquirer to the merchant (via SPAN) where a requested transaction has been denied by the issuer. Where relevant, a transaction will be declined In whole (i.e. both the Purchase and the Cash-back element will be declined).
The standard reasons codes apply, as defined in the Decline reason codes will be as follows: a. DE 39 (SPAN Technical Books, Part 4, MBI p106)
Reason Code 110 - Invalid Amount
(where the cumulative purchase amount exceeds the dally limit)
Reason Code 121 - Exceeds Withdrawal Amount
(where the cumulative Naqd cash-back amount exceeds the daily limit)
No additional / new decline codes are added or changed and all other decline codes remain applicable where appropriate and are unchanged
Naqd (Cash-back with Purchase) - Transaction Reversals
A PoS transaction reversal will be effected when:
The Merchant cancels the transaction within 60 seconds of approval or
The SPAN switch determines that the transaction Is incomplete (timed out)
The SPAN Operating Standards and Procedures V 6.0 section 5.4 (page 106) outlines the relevant procedures and processes.
A Purchase with Cash-back transaction will also be reversed in these conditions. In such cases, the full amount of the transaction will be reversed (DE04) prior to the Merchant completing the transaction or issuing the cash. No further action is required.
Naqd (Cash-back with Purchase) - Transaction Refunds
Transaction refunds will be managed as normal through the Complaints Processing System (CPS - see CPS Claims Officer Rulebook).
Where appropriate for refund and following CPS due process, only the Purchase Amount of the transaction (DE04 - DE54) will be subject to refund. The Naqd Cash-back element will not be subject to refund.
Bank to Merchant Reporting
The Merchant Bank and the Merchant will receive information relating to the 'total value of Cash-back processed per terminal'.
This value will be carried in field DE124.7 and will support Merchant and Terminal reconciliation. (See SPAN Technical Books v 5.4: Part 4: MBI pl63)
Bank Reporting
SAMA / SPAN Reporting schedules will uniquely identify transactions which included cash-back.
The 'Interchange Fee' report for each bank will show the number of 'Purchase with Cash-back' transactions effected by the issuer, falling into each of the Interchange bands. Transactions will be allocated to an interchange band based on the value of the purchase component only (DE04-DE54)
(Internal) SAMA Reporting
No additional changes to the current SAMA internal reporting suite, which carries a 'whole count' reference field for Naqd (Purchase with Cash-back) transactions, is required.
Rules for Licensing and Supervision of Branches of Foreign Insurance and/or Reinsurance Companies in Saudi Arabia
The Saudi Arabian Monetary Authority has issued the following Rules according to the Governor's Decision number (18/440) dated 10/04/1440H based on the powers vested to him by the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), amended by Royal Decree No. (M/30) dated 27/05/1434H (corresponding to 08/04/2013), and its Implementing Regulation issued by the Cooperative Insurance Companies Control Law,
Article One
The Cooperative Insurance Companies Control Law and its Implementing Regulation, as well as SAMA's Instructions shall govern whatever is not provided for therein.
Article Two
These Rules have been issued in both Arabic and English languages. In the event of a discrepancy between the two languages, the Arabic text shall prevail over the English text.
Article Three
Definitions: The following terms and phrases, wherever mentioned herein, shall have the same meaning assigned thereto, unless the context otherwise requires:
3.1 Law: Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 2/6/1424H (corresponding to 31/7/2003), amended by Royal Decree No. (M/30) dated 27/05/1434H (corresponding to 8/4/2013).
Implementing Regulation: the Implementing Regulation of Cooperative Insurance Companies Control Law issued by Decision of the Minister of Finance No. (1/596)dated 01/03/1425H (corresponding to 20/4/2004).
3.3 SAMA: the Saudi Arabian Monetary Authority.
3.4 Rules: the Rules for Licensing and Supervision of Branches of Foreign Insurance and/or Reinsurance Companies in Saudi Arabia.
SAMA's Instructions:
shall include any regulations, rules, instructions and circulars issued by SAMA.
3.6 Applicant: a foreign Insurance and/or Reinsurance company submitting a licensing application to open a Branch in Saudi Arabia according to these Rules.
3.7 Company: a foreign Insurance and/or Reinsurance Company that is licensed to open a Branch in Saudi Arabia.
3.8 Branch: the branch of the foreign Insurance and/or Reinsurance Company
licensed to operate in Saudi Arabia.3.9 Company's Contribution:
the amount deposited by the Company in the Branch's account in order to conduct its business in Saudi Arabia, as specified in Article (14) of these Rules.
Deposit: A percentage from Company's Contribution that every foreign insurance and/or reinsurance Company must deposit in a licensed Saudi bank to the order of SAMA as specified in Article (14) of these Rules, to be licensed according to the Rules.
Senior Managerial Roles:
persons responsible for managing daily operations of the Branch, and proposing and executing strategic decisions, such as Chief Executive Officer (CEO) and his/her delegates and the Chief Financial Officer (CFO).
The rest of the terms and phrases used in these Rules shall have the same meaning as defined in the Implementing Regulation.
Article Four
SAMA shall assess whether the Applicant as a whole will satisfies the requirements for licensing, particularly the following:
4.1 SAMA shall assess all circumstances of the Applicant and not just those of the proposed Branch in Saudi Arabia. 4.2 In conducting its assessment, SAMA will take into account all relevant matters, including but not limited to the nature and extent of regulation and supervision to which the Applicant is subject to in its home country, and the extent to which the home country supervisor authority is cooperative with SAMA in exchanging relevant information in connection with the Applicant. 4.3 SAMA will liaise with any home country supervisory authority and take into account any information received from such authority with respect to the Applicant, including the adequacy of its resources and its suitability for licensing, having regard to the need to ensure that the Applicant's affairs are conducted in a sound and prudent manner. 4.4 SAMA will not license the Applicant to open a Branch
practicing insurance and/or reinsurance business in Saudi Arabia without:4.4.1 Confirmation from the home supervisory authority that the Applicant is currently licensed to carry out the same proposed line of insurance business in its home jurisdiction, and has been writing the same line of business for the past three years. 4.4.2 Confirmation from the home supervisory authority that the Applicant is solvent and meets all regulatory requirements in its home jurisdiction 4.4.3 Undertaken from the Applicant that he meets the solvency requirements that would apply if the Applicant were based in Saudi Arabia. 4.4.4 Confirmation from the Applicant that the paid up capital of the Applicant is equal to, or more than, the amount required for a Saudi established insurance and/or reinsurance company. 4.4.5 Undertaken from the Applicant that the Branch will not engage in any activities other than insurance and/or reinsurance activities for which it is licensed by SAMA, unless those activities are necessary or complementary for such activities. 4.4.6 Confirmation from the Applicant that SAMA may exchange and share relevant supervisory information with the Applicant's home supervisory authority at the time of licensing and after licensing. 4.4.7 Undertaken from the Applicant that the Branch will operate in accordance with the Law and its Implementing Regulation as well as SAMA's Instructions and other related laws. Article Five
SAMA will not license a Branch of an Applicant to operate in Saudi Arabia unless:
5.1 The Branch maintains a legal and physical presence and full infrastructure in Saudi Arabia appropriate to the nature and scale of its activities in Saudi Arabia. 5.2 The Branch establishes appropriate management and accounting procedures in Saudi Arabia similar to what is required from local companies, and to the extent applicable to the Branch nature, which will enable the preparation of its accounts concerning its business carried out in Saudi Arabia, in addition to keeping all necessary records for this business within Saudi Arabia. 5.3 The board of directors of the Company is ultimately responsible for the Branch business. However, the Company shall form a committee of at least three members, after they get SAMA's prior non-objection on their appointments, in order to oversee the Branch business. This committee shall be treated the same as a board of directors in a local insurance and/or reinsurance company with regard to its responsibilities and obligations, and it shall annually hold a number of meetings in Saudi Arabia in a manner that is similar to that of local company's board of directors. 5.4 A general manager of the Branch, who is resident in Saudi Arabia, is appointed and authorized to act on behalf of the Applicant and to accept any document on behalf of the Applicant. 5.5 All Senior Managerial Roles in the Branch are occupied by designated individuals resident in Saudi Arabia and approved by SAMA. Article Six
An Applicant must submit an application to SAMA containing the following:
6.1 With respect to the Applicant's business as a whole: 6.1.1 Completed licensing application. 6.1.2 Memorandum of Association. 6.1.3 Articles of Association. 6.1.4 Organizational structure. 6.1.5 Commercial Registration 6.1.6 The Applicant's board of directors' decision for opining a Branch in Saudi Arabia. 6.2 With respect to the Branch's operations: 6.2.1 Five-year business plan that includes the following, as a minimum: 6.2.1.1 Classes of insurance and/or reinsurance that will be undertaken by the Branch. 6.2.1.2 Projected costs and financing to start the Branch's operations. 6.2.1.3 Projected underwriting growth taking into consideration solvency margin requirements. 6.2.1.4 Annual cost based on projected growth rate. 6.2.1.5 Projected financial statements related to the growth rate. 6.2.1.6 Projected loss ratios and technical provisions by classes of insurance certified by a qualified Actuary. 6.2.1.7 Solvency projection. 6.2.1.8 Expected number of employees. 6.2.1.9 Ability to cede or accept reinsurance treaties for the classes the Branch intends to reinsure. 6.2.1.10 Marketing plan. 6.2.1.11 Branch expansion plan in Saudi Arabia. 6.2.1.12 Any agreements with external parties for the business of the Branch. 6.2.2 An irrevocable bank guarantee issued by a licensed Saudi bank, that covers the Company's Contribution referred to in Article (14) of these Rules for the order of SAMA, and which is automatically renewed until the Company's Contribution is paid. 6.2.3 A projection of world-wide premium income both gross and net of reinsurance ceded in each of the first five financial years following licensing and broken down between Saudi Arabia and elsewhere. 6.2.4 A summary of the reinsurance arrangements for the business of the Applicant written outside Saudi Arabia, including the Applicant's maximum retention per risk or event after all reinsurance ceded. 6.2.5 A statement showing the current margin of solvency of the Applicant, the required margin of solvency as per the regulations of the home supervisory authority, and the basis for the calculation of the required margin of solvency. 6.2.6 Financial statements of the Applicant for each of the last three financial years. 6.2.7 The rating of the Applicant's for the previous three years, from any international rating agencies, for example but not limited to: - Standard & Poor's;
- A.M. Best;
- Moody's;
- Fitch;
Article Seven
The Applicant shall pay SAMA the license application processing and issuing fee as stated in the Implementing Regulation for insurance and/or reinsurance companies.
Article Eight
When studying an application to license a Branch of an Applicant, SAMA will pay close regard to the Applicant's activities elsewhere and how these activities are regulated. SAMA may consider reports produced by the IMF/World Bank, such as their Financial Sector Assessment Program (FSAP) for any particular country. If the Applicant is not regulated in any other country (e.g. some countries do not regulate reinsurance firms) or is regulated in a jurisdiction not substantially compliant with IAIS Core Principles or FATF standards, then the application can only be considered after exhaustive enquiries into the Applicant's shareholders, management structure and financial position.
Article Nine
Taking into consideration the premiums retention percentage stated in the Implementing Regulation and/or SAMA's Instructions, the Branch shall ensure that its liabilities - excluding the reinsurance share- equals its assets in Saudi Arabia. There should be no transfer of money from the Branch to the
Company unless it is under a service provision arrangement
between the Company and the Branch that has been approved by
SAMA, or retained profits shown in the annual financial position of
the Branch, submitted to SAMA according to Article (15)of these
Rules and after getting SAMA's approval, provided that the
Branch is in compliance with the solvency margin requirements stated in the Implementing Regulation and SAMA's Instructions.
Article Ten
The management of the invested assets of the Branch shall be carried out by its investment department, a licensed Saudi bank or Capital Market Authority authorised person. The Investment requirements provided in the Implementing Regulation and SAMA's Instructions shall apply to the Branch.
Article Eleven
The SAMA fee of the total underwritten premiums for inspection and supervision stated in the Implementing Regulation shall be levied in respect of all business written by the Branch excluding local market share of the reinsurance business.
Article Twelve
Surplus distribution stated in the Implementing Regulation and/or SAMA's Instructions shall apply to the Branch's business.
Article Thirteen
The Branch shall calculate its solvency in accordance with the solvency requirements stated in the Implementing Regulation and SAMA's Instructions.
Article Fourteen
Any Company, prior to commencing the Branch operations in Saudi Arabia shall place the Company's Contribution with the Branch, as a minimum of one hundred million Saudi Riyals for insurance and two hundred million Saudi Riyals for reinsurance. The statutory Deposit percentage shall be determined based on the Standard & Poor's classifications or their equivalent, for example but limited to, AM Best, Moody's or Fitch, as follows:
Rating Branch Deposit AAA %10 AA %20 A %30 Others %40 as minimum If a ratings downgrade occurs, the Company shall inform SAMA and deposit the balance of the Deposit corresponding to the lower credit rating within ninety (90) days of such downgrade. If the rating of the Company is upgraded, the Company may apply to SAMA to reduce the Deposit to an amount corresponding to such upgraded rating with the change taking effect one year from the rating upgrade. SAMA may in its sole discretion and at any time remove or add rating agencies when applying this Article and/or link the Deposit to different ratings classifications.
The statutory reserve stated in the Law shall be applied to the Branch up to the amount of the
Company's Contribution under this article.
Article Fifteen
SAMA requires the Branch to submit regular reporting forms in a similar format to those required for local insurance and/or reinsurance companies
Article Sixteen
SAMA requires the Company to submit regular returns to demonstrate its solvency determined according to Saudi Arabian regulatory requirements. In addition, SAMA requires the Company to provide it with any decisions that affects the Branch business including, but not limited to, decisions related to the capital, solvency, and the board of directors. SAMA reserves the right to set out further requirements at its sole discretion.
Article Seventeen
The Branch's gross written premiums shall not exceeds (10) times the Company's Contribution and its reserves, unless SAMA's prior written approval is obtained.
Article Eighteen
The Company shall evaluate and ensure the adequacy of the technical provisions of the Branch on a quarterly basis. The Company shall remain ultimately liable for settling all policyholder obligations and other liabilities of the Branch. If required, SAMA may also deploy the Branch's Deposit stated in Article (14) of this Rules to settle the policyholders' obligations.
Rules of Forming and Managing Health Insurance Risk Pools through Brokers 30 06 2021
The Saudi Central Bank has issued this Rules according to the Governor’s Decision number (3/S/442) dated 19/11/1442H based on the powers vested to SAMA by the Saudi Central Bank Law promulgated by Royal Decree No. (M/36) dated 11/04/1442H, the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
Article One Introduction
All parties must comply with these Rules along with the Insurance Companies Control Law and its Implementing Regulation, Insurance Intermediaries Regulation, SAMA’s Instructions and other relevant regulations and instructions.
Article Two Definitions
- The terms and phrases mentioned herein shall have the same meanings stated in the Implementing Regulation of the Cooperative Insurance Companies Control Law.
For the application of these Rules, the following terms and phrases, wherever mentioned herein, shall have the meanings assigned there to unless the context otherwise requires:
a) SAMA: the Saudi Central Bank. b) The Law: Cooperative Insurance Companies Control Law. c) The Implementing Regulation: Implementing Regulation of the Cooperative Insurance Companies Control Law. d) The Rules: Rules of Forming and Managing Health Insurance Risk Pools through Brokers. e) SAMA’s Instructions: regulations, rules, instructions and circulars issued by SAMA. f) Employers: micro, small and medium enterprises based on the classification of the General Authority for Small and Medium Enterprises. g) Insurer: a company licensed to practice insurance business in accordance with the provisions of the Law. h) Broker: a legal person licensed by SAMA to practice insurance brokerage activities in accordance with the provisions of The Law. i) Risk Pool: a group of Employers whose risks are pooled to secure a health insurance coverage based on the law of large numbers. j) Members of the Pool: Employers participating in a Risk Pool. k) Policy: the health insurance policy issued by the Insurer for the Employer. l) Premium: the amount paid by the Employer to the Insurer for the Insurer's approval to provide health insurance to the Beneficiaries. m) Beneficiary: the employees of the Employers and/or their dependents. n) Commitment Agreement: commitment contract between the Broker and the Employer to initiate risk-pooling procedures. o) Claims Experience: the record of the Employer’s insurance claims showing the amount paid for each claim and the relevant details as per SAMA’s Claims Experience form.
Article Three Scope of Application
The provisions of these Rules shall apply to the Risk Pools, the Broker and Insurers, and to the Employers in their relationship with the Broker and Insurer.
Article Four Purpose
These Rules aim to set a regulatory framework for Risk Pools formed by Brokers for a group of Employers in order to secure suitable health insurance coverage at a reasonable price. These Rules also regulate the relationship between the Employer, the Broker and the Insurer.
Article Five Rules and Requirements for Forming and Managing Risk Pools
- A Risk Pool may be formed for Employers through a Broker authorized by SAMA to form and manage insurance Risk Pools.
- The Broker forms and renews the Risk Pool for a group of Employers, in accordance with the minimum number of Beneficiaries and maximum share of each Employer as specified in Appendix (1) of these Rules.
A Commitment Agreement shall be signed between each Employer and the Broker. The Commitment Agreement must cover at least the following:
a. Undertaking of the Employer to not contact any other Broker or Insurer for the purpose of obtaining health insurance coverage prior to the end of the duration set out for the Broker to submit the offers as stipulated in Article (Seven) of these Rules b. Authorization by the Employer to the Broker to represent the Employer with the Company. c. Defining the insurance benefits. d. Number of Beneficiaries. e. Provisions governing the withdrawal of the Employer from the Risk Pool during the participation’s negotiations or after joining the pool. f. Submission of insurance claims and complaints’ procedures. g. Obligations of the Employer and the Broker in relation to the Risk Pool. - A separate Policy shall be issued by the Insurer for each Member of the Pool, with unified Policy inception and end date for all Policies.
- The Policies issued to each Member of the Pool shall determine the insurance coverage limit.
- The benefits of the insurance coverage offered for each Member of the Pool shall be unified. However, the Risk Pool may include different categories of insurance coverage, three categories as a maximum. Each Employer may at an additional cost add extra insurance benefits to their coverage.
- The Broker may not add additional Employers during the duration of Risk Pool before obtaining SAMA’s non-objection.
Article Six Broker Obligations
Forming and Managing the Risk Pool - Obtain SAMA’s approval to form and manage Risk Pools, and in order to form and manage Risk Pools the Broker must be efficient and competent in medical Insurance brokerage activities, and must submit the Commitment agreement form, the Broker’s internal procedures for the implementation of these Rules, and any other requirements SAMA sets.
- SAMA may require the Broker to obtain SAMA’s non-objection before forming any new Risk Pool.
- Obtain a certificate of the size of the enterprises from each Employer; issued by the competent authority, provided that it is issued no later than three months before the date of the Employer's request to participate in the Risk Pool.
- Shall not deal with an Employer engaged in a Commitment Agreement with another Broker.
- The Broker shall, when forming a Risk Pool, ensure that the Members of the Pool are engaged in similar commercial activities in accordance with the economic activities classification approved in the Kingdom, Members who are engaged in multiple and different commercial activities shall join the Risk Pool of the commercial activity with the higher risks.
- Form a Risk Pool considering the Claims Experience of all the Employers if available, for ensuring balanced risks within the Pool.
- Ensure that the insurance coverage requirements of the Employers are understood and identified.
- Adhere to the maximum and minimum share and number of Beneficiaries in a Risk Pool.
- Explain to the Employers, in sufficient detail and in writing, the services they offer in relation to the Risk Pool, the responsibilities of the Members of the Pool, and the relationship between all parties (the Employers, the Broker and the Insurer) in clear and comprehensive manner.
- Receive a notification from the Employer of their wish to withdraw from the Risk Pool or to terminate the participation negotiations within the period specified in the Commitments Agreement.
Article Seven Submission of Offers
- Negotiate with the Insurers on behalf of the Members of the Pool and in accordance with their requirements.
- Provide the Company with all available information and data including Claims Experience of Members of the Pool.
- Submit at least three insurance offers to the Members of the Pool.
- Submit the insurance coverage offers to the Members of the Pool within the timeframe provided in Appendix (1) from the date on which the authorization in the Commitment Agreement is obtained.
- The Broker shall not provide the Members of the Pool with false or unfair evaluation regarding one of the insurance offers for the purpose of completing the quorum required to form a Risk Pool.
When submitting the insurance coverage offers to the Members of the Pool to choose from, the Broker shall:
a. Explain the insurance coverages and prices. b. Clarify deductible options. c. State the medical network options. d. Provide the insurance coverage categories. e. Explain the after-sales services offered by each Insurer. f. State the commission received from contracting with any Insurer. g. Proceed with the offer chosen by the majority of the members, after having recommended an offer that the broker deems most appropriate based on the Insurance Coverage requested by the members. - The Broker shall not choose the insurance coverage offer on their own, or encourage the Members of the Pool to choose a particular insurance coverage offer based on the commission the Broker would receive from the Insurer.
Article Eight Role of the Broker after the Sale
- Respond to the inquiries made by the Members of the Pool regarding the Policy and insurance coverage.
- Inform the Members of the Pool of any notifications received from the Insurer, and shall ensure the receipt of such notifications.
- Provide adequate instructions and information to the Members of the Pool on claims submission, medical treatment approvals request and claims handling.
- Provide the Employer with the insurance benefits and the medical network affiliated with the Policy.
- Explain to the Members of the Pool how to submit complaints or resolution requests for disputes that may arise between the members and the Insurer in case of treatment rejections.
Article Nine Renewal of Policy
- Ensure that the expiration date of the Policy is known by Members of the Pool.
Contact the Members of the Pool at least three months before the expiration date of the Policy to identify the members wishing to renew the Policy. Accordingly, the Commitment Agreement shall be renewed.
Article Ten Insurer Obligations
- Submit the offer and quote to the Broker within the timeframe provided in Appendix (1) from the date of the Broker’s application documents completion.
- Provide the Claims Experience within (10) business days from the date on which the request is received from the Employer or the authorized Broker.
- Issue a separate Claims Experience for each Employer and a Claims Experience for the Risk Pool as a whole that includes all the members and indicates the share of each Employer from the Claims Experience of the Risk Pool.
Article Eleven Pricing
- The quotes offered for the policies shall be calculated in accordance with the calculation methods used by the Insurer for clients of large numbers.
- The quotes offered to the Members of the Pool shall be the same and classified according to the type of the Beneficiary (for example employees, children, wife, husband, parents) taking into account the different categories of insurance coverage in the Risk Pool as prescribed in part (6) of Article (Five).
Article Thirteen Payment of Insurance Premiums
- Premium payment shall be made directly from the Employer to the Insurer.
- Payment of the Premiums shall be made in full in advance to the insurance coverage commencement.
Policy Cancellation
Thirteen Each member of the Risk Pool has the right to cancel the Policy after (6) months of Policy inception date, provided that the Employer undertakes another insurance policy that of which the new coverage starts on the date of the day following the cancellation date of the Policy issued to the Employer as a member of the Risk Pool. The features and contractual benefits of the Risk Pool shall remain the same for the rest of the members. Article Fourteen Breach of Obligation /Non-Compliance
Non-compliance with the requirements set forth herein shall be deemed a violation of The Law and its Implementing Regulation, and the violator shall be subject to regulatory penalties.
Appendix (1)
Pool formation and renewal requirements Minimum number of beneficiaries 500 The maximum percentage of each Employers’ Beneficiaries 20% from the Risk Pool as a whole. Timeframe of Broker’s submission of the insurance coverage offers to the Members of the Pool. Within (20) business days Timeframe of Company’s submission of offer and quote to the Broker Within (10) business days Rules of Insurance Products Approval
The Saudi Central Bank has issued this Rules according to the Governor’s Decision number (1/442) dated 30/04/1442G, based on the powers vested to SAMA by The Cooperative Insurance Companies Control Law promulgated by Royal Decree No. (M/32) dated 02/06/1424H (corresponding to 31/07/2003), and its Implementing Regulation issued by the Decision of the Minister of Finance No. (1/596) dated 01/03/1425H (corresponding to 20/04/2004).
Introduction
These Rules shall be complied with in conjunction with the Cooperative Insurance Companies Control Law and its Implementing Regulation, in addition to SAMA’s related rules, regulations and instructions.
Definitions
For the purpose of applying the provisions of these Rules, the following terms and phrases, wherever mentioned herein, shall have the meanings assigned thereto, unless the context otherwise requires:
SAMA: the Saudi Central Bank.
Law: Cooperative Insurance Companies Control Law.
Implementing Regulation: The Implementing Regulation of Cooperative Insurance Companies Control Law.
Rules: the Rules of Insurance Products Approval.
Insurance Product: products of general insurance, health insurance and protection and savings insurance, marketed and sold by Insurer to individuals or entities.
Insurer: the insurance company licensed to practice insurance business in accordance with the provisions of the Cooperative Insurance Companies Control Law.
Committee: Products Committee formed internally, consisting of representatives of the Top Management, performing the responsibilities indicated in these Rules.
Individual Product: Insurance Products offered to individual clients and their families.
Corporate Product: Insurance Product offered to entities.
Product ID: the identification number specified by SAMA for each Insurance Product provided by the Insurer.
The Checklist: Forms set by SAMA for Insurance Products requests, indicating documents that the Insurer shall attach when submitting a new product approval request.
Purpose
These Rules aim to set the necessary regulatory procedures and requirements for an Insurer to market and sell Insurance Products to clients, to determine the Insurance Product that require either SAMA’s prior approval or file & use; prior to market and sale, along with enhancing the efficiency of Insurance Product risk management.
Scope
These Rules shall apply to all Insurance Products.
Chapter One Insurance Product Approval Procedures
Insurance Product Filed with SAMA under Prior Approval Procedures
1. Individual Products are subject to SAMA’s prior approval procedures before product marketing and sale.
2. The Insurer must submit an application for approval including all the required documents at least (30) working days ahead of the expected date of marketing and sale of the Individual Product.
3. SAMA will notify the Insurer within (5) working days from the application submission date whether the application is complete or not. In case of incomplete application, SAMA will notify the Insurer of any missing information/documents
4. SAMA will notify the Insurer of any comments within (15) working days from the date of application completion.
5. The Insurer must provide the missing information/documents or address comments (if any) within (15) working days from the date of receiving SAMA notification, this period may be extended for a same period once SAMA has accepted the justifications submitted by the Insurer.
6. In case the Insurer did not provide the missing information/documents or address comments within the period stated in provision (5) above, then the application will be deemed cancel, and the Insurer will have to resubmit the application.
7. The Insurer must not market and sell the Individual Product before obtaining a written approval from SAMA and receiving the Product ID.
Insurance Product Filed with SAMA under File & Use Procedures
Corporate Products are subject to file & use procedures prior to product marketing and sale.
The Insurer shall file the Corporate Product with SAMA prior to its marketing and sale.
SAMA will confirm the receipt of the file, and will provide the Insurer with the Product ID within (5) working days from the date of receiving the file.
The Insurer has the right to market and sell the Corporate Product once the Product ID is received.
SAMA may –when it deemed necessary- direct the Insurer to apply for product approval for the Corporate Product and follow the procedures provided in article (5) hereof.
Required Documents for Prior Approval or File & Use Application
Completed Checklist designed for each type of Insurance Product, along with the required documents as per The Checklist.
Signed certificate from the Product Committee using the form attached in Appendix (A).
A document approved by the Committee clarifying the following:
The objective of the Insurance Product launch and the target clients.
Insurance Product marketing and sale methods.
Retention.
Rationale for not reinsuring with local reinsurers.
Any other supporting documents related to the Insurance Product nature.
The Insurance Product’s policy must include the following components as a minimum:
a- Definitions.
b- Particulars of the Insured.
c- Insurance coverage description and limits.
d- Coverage period.
e- Exclusions.
f- General terms and conditions.
g- Deductible.
h- Insurance premium.
Claim provisions.
j- Cancellation.
k- Surplus distribution method.
l- Jurisdiction.
m- Additional coverage.
n- Identification of the property or risk to be insured.
5. Reinsurance arrangements.
Chapter Two Products Committee
Committee Formation
The Insurer shall form an internal Committee reporting to the Risk
Management committee.
The Committee shall include members from the Insurer’s Top Management, in particular, departments concerned with compliance, underwriting, risk, actuarial work, reinsurance, claims, marketing, and legal affairs, or any other member the Insurer deems fit
SAMA shall be notified with the names of the chairman and members of the Committee within (5) working days of its formation or if any changes occur.
Responsibilities of the Committee
Quality assurance and development of the Insurance Product as well as the assessment of the product performance and risks. The Product Committee shall also ensure that the Insurance Product is compliant with the regulatory requirements.
Review the Insurance Product requiring SAMA’s prior approval or file & use, before submitting the application to SAMA to ensure that it meets all regulatory and consumer protection requirements and that it is technically sound.
Assess the performance of the Insurance Product annually, the feasibility of the sale and marketing of the current InsuranceProduct.TheProduct
Committeeshallalsogiveits
recommendations whether to continue selling, withdraw, or even modify the Insurance Product.
SubmititsreportstotheRisk
Management Committee to assist the Insurer in monitoring risks of its Insurance Product effectively.
Issue the Product Committee Approval Certificate provided in appendix (A) of these Rules.
Ensure that the Insurer has internal systems and controls to manage risks associated with the Insurance Product.
Without prejudice to the obligations of the control functions within the Insurer, theProductCommitteeshallbe
responsible for the governance of the Insurer’s implementation of these Rules.
Chapter Three Product ID
SAMA provides a Product ID for each
Insurance Product offered by the Insurer. The number contains a specified code for the Insurer and the Insurance Product. The Product ID used for the Insurance Product shall also be used for any other coverages added to this Insurance Product.
The Insurer must obtain a Product ID for each of its Insurance Product prior to marketing and sale.
The Insurer may not market and sell the Insurance Product without adding the Product ID issued by SAMA to all product-related documents, including, but not limited to, marketing materials, insurance policy, and insurance policy schedule.
Chapter Four General Provisions
The Insurance Product pricing must be based on sound actuarial calculations and fair prices, and in line with SAMA’s associated instructions.
If SAMA finds out that the Insurance Product provided by the Insurer is not compliant with the objectives of the Law and its Implementing Regulation, SAMA may require the Insurer to make certain amendments, suspend marketing and sale of the Insurance Product to new clients, or terminate the marketing and sale of the Insurance Product, until the Insurer addresses all comments raised by SAMA.
Insurer must comply with provisions and minimum coverages provided in the standard or unified insurance policies issued by SAMA.
The Insurer must keep an updated record of all Insurance Products for SAMA’s supervision and control purposes.
The Insurer must ensure that the Insurance Product is provided with the required level of fair treatment, integrity and financial inclusion, and in accordance with protection principles of insureds and the beneficiaries of the insurance coverage.
Appendix (A) Product Committee Approval Certificate
Insurer’s name Application submission date Insurance Product name Product Class (Individual or corporate) Product type We hereby undertake to: 1) Study the general objective of Insurance Product launch, target clients and the suitability of the product to the market. 2) Ensure full compliance of the Insurance Product with insurance principles and regulatory requirements. 3) Clarify all the details in the insurance policy relevant documents so that the customer can make an informed decision. 4) Study the actuarial and financial projections, accounting impact, market share, impact on solvency margins, and capital and reinsurance arrangements. 5) Study the pros and cons related to the Insurance Product launch, taking into account the interests of insureds. 6) Provide effective systems to support the Insurance Product sale. 7) The Product Committee’s recommendation on the suitability of the Insurance Product to be submitted for SAMA approval. Signature of the Chairman of the Product Committee
Name
Position
Date
SAMA's rules governing AML / CTF financing
The Standard Insurance Policy on Domestic Workers Contract
The Saudi Central Bank (SAMA) issued this Policy pursuant to the Governor’s Decision No. (2/S/443) dated 09/07/1443H based on powers vested in SAMA under the Cooperative Insurance Companies Control Law issued by Royal Decree No. (M/32) dated 02/06/1424H, amended by Royal Decree No. (M/30) dated 27/05/1434H, and amended by Royal Decree No. (M/12) dated 23/01/1443H, and its Implementing Regulation issued pursuant to Minister of Finance Resolution No. (1/596) dated 01/03/1425H.
The Standard Insurance Policy on Domestic Workers Contract
Article One Introduction
This Policy specifies the minimum limit for the compulsory insurance on domestic workers contract in accordance with the terms, conditions, and exceptions provided herein or attached hereto. In consideration of the Insured having paid the premium to the Insurer, the Insurer agrees to provide insurance coverage up to the amounts and limits stated in the Policy Schedule or amended in the Appendix.
Insurers and Employers shall not be entitled to agree on liability limits lower than those set forth in this Policy, and they may agree to add coverages not provided for in this Policy.
Article Two Definitions
The following words and phrases, wherever they occur in this Policy, shall have the meanings assigned thereto, unless the context implies otherwise:
1) Policy: The Standard Insurance Policy on Domestic Workers Contract.
2) Employer: any natural person who recruitsa Domestic
Worker directly or through a licensed Recruitment Agency to perform a domestic service, or to whom the sponsorship of the Domestic Worker has been transferred to.
3) Recruitment Agency: the
recruitment office or company that mediated the recruitment of the Domestic Worker for the Employer.
4) Domestic Worker: any natural person who performs a direct domestic service for the
Employer or any member of his/her family under the
supervision and direction of the Employer or any person who acts on his/her behalf, even when such worker is not under his/her direct control. The competentauthority
determines the occupation of domestic workers.
5) Insured: the Employer or the Domestic Worker who benefits from the Insurance coverage according to the provisions set forth in the Policy.
6) First Beneficiary: the Employer.
7) SecondBeneficiary:the
Domestic Worker.
8) Insurer: the licensed insurance companythatpractices
insurancebusinessesin
accordancewiththe
CooperativeInsurance
Companies Control Law.
9) InsuranceApplicant:the
Recruitment Agency, or the natural or legal person who applies for the Policy on behalf of the Employer.
10)Material Fact: any information requested by the Insurer from the Insurance Applicant when concluding the Policy that may affect the Insurer’s decision to accept or reject the insurance coverage request, or accept it under different conditions.
11)ProbationaryPeriod:a
probation for a period not exceeding (90) days from the date of the Domestic Worker’s arrival to Saudi Arabia.
12)Policy Schedule: the schedule attached to the Policy and forms an integral part thereof. It contains the data of the Employer and the Domestic Worker, as well as the coverage limits for the benefits included in the insurance coverage.
13)Appendix:anagreement
between the Insurer and the Employer subsequent to the issuance of the Policy, whereby items of additional coverage are added to, amended, or canceled from the additional coverage, which shall be attached to the Policy and form an integral part thereof while not conflicting with the Policy.
14)Premium: the amount paid by the Insurance Applicant on behalf of the Employer to the Insurer for its acceptance to indemnify the Insured for the damage directly caused by a risk covered under the Policy.
15)Claim: a claim for damages or losses caused by a risk covered under the Policy.
16)Claimant: the First or Second Beneficiary, or their legal representative, who sustained damage caused by a risk covered under the Policy.
17)Risk: an event covered under the Policy during its term.
18)Permanent Total Disability: a physicalconditionthat
prevents the Insured from performing any work or job for paid salary or material gain.
19)Permanent Partial Disability: a physical condition that causes the loss of an organ or parts of the body of the Insureds, or loss of sense, which prevents them from performing any work or job for paid salary or material gain.
20)Critical illness/ Chronic Disease:
Myocardial Infarction.
Coronary artery disease that requires bypass grafting.
Strokeassociatedwith
permanent disability.
Advancedcancer(life
threatening).
Kidney failure thatrequires
dialysis.
Major organ transplant.
Multiple sclerosis with persisting symptoms.
Aortic surgery.
Primarypulmonary
hypertension.
Permanent paralysis of limbs.
BlindnessCardiovascular
diseases.
Deafness.
Hepatitis.
HIV and HIV-related illnesses, including AIDS.
21)Emergencies or Compelling Circumstances:
a sudden and unexpected event that occurs to the parents, spouse, or offspring of the Domestic Worker causing him/her to leave the job and go back to his/her home country, as follows:
Death.
The following diseases cancer,kidneyfailure,
advanced chronic liver failure,majororgan
transplant, limb paralysis, stroke, heart attack.
Article Three Insurance Coverage
Section 1:
The Insurer is committed to compensate the First Beneficiary according to the compensations specified in this article, and within the limits set out in the Policy Schedule, in the following cases:
1) Death of the Domestic Worker:
Actual expenses of the repatriation of the deceased Domestic Worker’s body to his/her home country.
Actualexpensesfor
returningtheDomestic
Worker’spersonal
belongings and possessions to his home country.
Actualexpensesfor
recruitinganalternative
Domestic Worker.
2) TheDomesticWorker’s
PermanentTotalor Partial
Disability,or Critical/Chronic
Illnessor
Emergencies/Compelling Circumstances:
Actualexpensesofthe
repatriation of the Domestic Worker tohis/herhome
country.
Actual expenses of recruiting an alternative Domestic Worker.
3) Absence of the Domestic Worker (runaway):
Actual expenses of recruiting an alternative Domestic Worker, provided that the Employer is not the reason behind such act or does not know the whereabouts of the Domestic Worker during the term of this Policy.
4) Domestic Worker’s Refusal to work:
Actual expenses of recruiting an alternative Domestic Worker, provided that the Employer is not the reason behind refusal.
5) Emergenciesorcompelling
circumstances:
Actual expenses of recruiting an alternative Domestic Worker.
Section 2:
The Insurer shall be committed to compensate the Second Beneficiary according to the compensations specified in this Article and within the limits set out in the Policy Schedule in the following cases:
1) The Employer’s failure to pay due salaries, as a result of the Employer Permanent Total or PartialDisability,or
Critical/Chronic Illness or his/her death:
The totalamountof the
DomesticWorker’sunpaid
monthly salary for a period not exceeding four months.
Flight ticket costs to return the Domestic Worker to his/her home country.
TheDomesticWorker’s
Permanent Total or Partial Disability,Critical/Chronic
Illness,or
Emergencies/Compelling Circumstances:
The total amount of the Domestic Worker’s monthly salary for a period not exceeding four months.
Flight ticket costs to return the Domestic Worker to his/her home country.
3) Emergencies or Compelling Circumstances:
Flight ticket costs to return the Domestic Worker to his/her home country.
Section 3:
The insurance coverages defined in Sections (1) and (2) of this Article shall be effective as follows:
In the case of recruiting a Domestic Worker specified via name and passport number by the Employer, and from the countries listed by the competent authority:
- All insurance coverages shall be effective from the date of the Domestic Worker’s arrival in Saudi Arabia.
In the case of recruiting a Domestic Worker who is subject to a Probation Period:
TheInsuranceCoverages
mentioned below shall be effective from the date of the Domestic Worker’s arrival in Saudi Arabia:
The death of one of the Insureds.
The Permanent Total or Partial Disability of one of the Insureds.
The Emergency Cases and Compelling Circumstances that occur to the Second Beneficiary.
Other insurance coverages stated in Sections (1) and (2) of Article (3) shall be effective after the end of the probation period.
Article Four Policy Effective Date
With consideration of the provisions of the effective date of insurance coverage in Section (3) of Article (3) of this Policy, the Policy shall be effective from the date of the Domestic Worker’s arrival in Saudi Arabia.
Article Five Compensation Limits
In case of loss due to a Risk covered under the provisions of the Policy, the maximum limit of the Insurer's liability for all Claims—during the term of the Policy—is a total sum of twenty-five thousands Saudi riyals (SAR 25,000) as stipulated in the Policy Schedule.
Article Six Exclusions
The insurance coverage under the Policy shall not include the following:
1) Any liability or expense arising as a result of the dissatisfaction of the Employer or any member of his/her family with the performance of the Domestic Worker.
2) Any liability or expenses arising, directly or indirectly, from the following:
a) War, invasion, acts of foreign enemy, hostilities, warlike acts (whether war is declared or not), or civil war.
b) Rebellion, military or popular uprising,insurgence,
revolution, usurping authority, martial laws, siege; or any events or reasons leading to declaring or continuation of martial laws, siege, or acts of vandalismandterrorism
committedbyperson(s)
operating individually or on behalf of or related to any terroristorganization.
Terrorism shall mean the use of violenceforpolitical,
intellectual,philosophical,
racial, ethnic, social, or religious purposes. The use of violence includes putting the public or a segment of it under panic condition; affecting or causing turmoil; intervening in any operations or activities or policiesrelatedtothe
government;orcausing
turbulence negatively affecting the national economy or any of its sectors.
c) Strikes, riots, or civil or labor unrest.
d) Damage directly or indirectly caused by nuclear weapons, ionizing radiation, radioactive contamination resulting from any nuclear fuel or waste, or contamination due to nuclear fuel combustion. For the purposes of this exclusion, combustion shall include any nuclear fission.
Article Seven Notifications and Claims Settlement
Procedures for Risk occurrence notification by the First
Beneficiary:
The First Beneficiary,, shall notify the Insurer upon becoming aware of the occurrence, during the term of the Policy, of any covered insured risks stated in Section (1) of Article (3) of this Policy, provided that relevant entities are informed as follows:
Upon absence of the Domestic Worker, the First Beneficiary shall notify the competent authority.
If the Domestic Worker refuses to work, the First Beneficiary shall notify and prove the Domestic Worker’s refusal of work to the competent authority.
Procedures for reporting the occurrence of a Risk by the Second Beneficiary:
The Second Beneficiary shall notify the insurer upon his/her knowledge of the occurrence, during the term of the Policy, of any covered insured risks stated in Section (2) of Article (3) of this Policy, provided that the following procedures are considered:
If the Employer fails to pay the salaries, the Second Beneficiary or his/her legal representative shall notify the Insurer.
The Insurer shall, within (7) working days from the date of receiving the notification of the occurred Risk, notify the Employer, at the last addressortelephone
number registered with the Insurer, of the report filed indicating his failure to pay the salaries.
Upon the receipt of the Insurer’snotification
mentioned in Sub-Section (b) of Section (2) of this Article, the Employer shall, within (7) working days from the date of the Insurer’s notification, prove his inability to the Insurer from the competent authority to pay the salaries owedtotheDomestic
Workerduetohis Permanent Total or Partial Disability , or Critical/Chronic Illness , unless it is proven that Employer needs a longer period, provided that the Employer informs the company of the expected time to obtain the proof. If the Employer fails to provide documentation of proof, the Insurer shall compensate the Second Beneficiary and have the right to recovery against the Employer for incurred compensations under this Policy.
Documents required for filing a Claim:
The Claimant or his/her legal representative shall submit the documentsmentionedbelow
required to arrive at a decision on a Claim for compensation under this Policy:
1-The Claim form.
2-A copy of the recruitment contract for the Domestic Worker,accompaniedby
documents showing the cost of recruitment.
In addition to the documents specified in Sub-Section (a) of Section (3) under this Article, the First Beneficiary shall submit the followingdocumentsin
accordance with the insurance coverage that form the basis of the Claim:
1. A proof of the Domestic Worker’s health and physical condition,andconfirming
his/her inability to carry out his/her responsibilities as a result of Permanent Total or Partial Disability or Critical or Chronic Illness.
Deathcertificateofthe
Domestic Worker.
Aproofconfirmingthe
occurrenceofEmergency
Cases/Compelling Circumstances.
A proof of reporting the absence of Domestic Worker to the competent authority.
A copy of the competent authority’sdecisionthat
confirmstheDomestic
Worker’s refusal to work.
Claim settlement procedures:
The First or Second Beneficiary or their representatives are entitled to file a claim to the Insurer for compensation for a covered Risk under this Policy. The Insurer must provide the Claimant, within (5) working days, with a written notice acknowledging receipt of the Claim and informing them of any missing documents or reports to be completed.
The Insurer shall settle the Claims with utmost integrity and fairness without any compromise,withina
maximumperiod of (15)
working days from the date of receiving the complete Claim along with required documents, and the relevant notification procedures fulfilled as specified under this Article.
c) The Insurer shall settle and pay Claims by crediting the indemnity amount to the bank account of the First or Second Beneficiary or both directly or theirlegalrepresentative
through international bank account numbers (IBAN) or through digital banks, and in accordancewiththe
provisionsofinsurance
coverage as stated in this Policy.
d) For the purpose of settling the Claim, the Insurer may request a medical examination at its expense, of the First or Second Beneficiary, as the case may be, to ensure that a covered Risk under this Policy has occurred.
e) If the Insurer fails to settle the Claim within the prescribed period under this Policy, the Claimant shall be entitled to submitacomplaintat
SAMACares website(www.
samacares.sa) or file a lawsuit with Committees for Resolution of Insurance Disputes and Violationstoassessthe
Insurer’s obligation to settle the Claim and, where applicable, to indemnify the Claimant for any expenses incurred by him/her as a result of delay in settling the Claim.
f) When the Claim is partially or totally rejected, the Insurer shall commit to:
Provide the Claimant with the reasons for rejection in writing orthroughelectronic
communication.
Inform the Claimant of their right to submit a complaint at SAMACareswebsite
(www.samacares.sa) or refer their case to the Committees for Resolution of Insurance DisputesandViolations,
according to the Cooperative Insurance Companies Control Law, so as to be considered by the Committees.
Provide the Claimant, upon their request, with a copy of documentsandfilesin
support of the Insurer’s decision.
decision.
Article Eight Cancelation
Incase theinsuranceis
mandatory:
The Insurer and the Employer shall not cancel this Policy during its term except in the following cases:
a) Termination of the contract of Domestic Workers before the Domestic Workers enter Saudi Arabia.
Issuing a final exit visa for the Domestic Worker.
Transferring the sponsorship of a Domestic Worker who has not completed two years from the date of entering Saudi Arabia to another Employer, provided that there is another valid Policy on the Domestic Worker’s contract.
The Insured obtains another Policy on Domestic Workers’ contracts.
2- In case the insurance is not mandatory:
The Insured has the right to cancel the Policy anytime.
In both cases, the refunded Premium shall be calculated as follows:
TheInsurershallrefundthe
Employer the return Premium by crediting the amount to his/her bank account via IBAN, within (5) working days from the date on which the Insurer becomes aware of the occurrence of any of the cases mentioned in this section. The return Premium payable to the Employer is calculated by subtracting the elapsed days from the total Policy term (in days) and then dividing the result by the total Policy term. The result is then multiplied by the Premium less administrative fees (a maximum of SAR 25) to determine the return Premium:
(730 – elapsed days)/730 x Premium] – Administrative Fee (max of SAR 25)= return Premium.
The Insurer is exempted from its obligation to pay the return Premium in the case that there is any Claim—related to the Policy to be cancelled—whose value exceeds the amount to be refunded as per the calculation formula mentioned above.
Notwithstanding the foregoing, the Insurer and Insureds shall remain bound by the provisions of this Policy with respect to the obligations arising prior to its cancellation.
Article Nine General Provisions
1. The Insured shall notify the Insurer, within (20) working days, of any material changes in his/her facts or circumstances. The Insurer shall advise the Insured in case it intends to increase the Premium as a result. If no notification is sent to the Insured by the Insurer within five (5) working days, then this shall indicate the Insurer’s acceptance tocontinueprovidingthe
coverage at the Premium agreed upon at the time of signing the Policy.
2. Fraud:
The rights arising from this Policy shall be forfeited if the Claim involves fraud; if the Insured, or their representatives, or a third party uses fraudulent approaches or methods to gain benefit from this Policy; or if liability or damage results from a deliberate act by the Insured, or their representatives, or others. The Insurer has the right of recourse against any party found to be responsible for such fraud, whether as a conspirator or an accomplice, provided that the Insurer shall indemnify the third party if it becomes clear that they acted in good faith.
3. Jurisdiction and applicable law:
Any dispute that arises from this Policy shall be subject to theapplicablelawsand
regulations of the Kingdom of Saudi Arabia and shall be settled by the Committees for ResolutionofInsurance
Disputes and Violations, as set forth under the Cooperative Insurance Companies Control Law.
Anycasesarisingin
connection with this Policy shall not be looked into after the elapse of five years from the occurrence of the incident forming the basis of the Claim, and of which the parties concerned are aware, unless theCommitteesfor
ResolutionofInsurance
Disputes and Violations are satisfied with the justification for consideration of the Claim.
جدول الصيغة النموذجية لوثيقة التأمين على عقد العمالة المنزلية
Schedule of The Standard Insurance Policy on Domestic Workers Contract
رقم الوثيقة
Policy No.
بيانات المؤمن لهم
Insureds’ information
المؤمن له (عامل الخدمة المنزلية)
The Insured (Domestic Worker)
المؤمن له (صاحب العمل)
The Insured (Employer)
رقم السجل المدني للسعوديين / رقم إقامة لغير السعوديين (صاحب العمل)
National ID No. for Saudi nationals / Residence permit
(Iqama) No. for non
Saudi nationals (the Employer)
رقم جوازعامل الخدمة المنزلية (فور توفره)
Domestic Worker’s passport No. (when available)
اسم المؤمن لهم (اسم عامل الخدمة المنزلية فور توفره)
Insureds’ name (Domestic Worker’s name once its available)
رقم الهاتف
(رقم عامل الخدمة المنزلية فورتوفره)
Phone No.
(Domestic Worker’s phone number once its available)
العنوان الوطني (لصاحب العمل)
National address (for
Employer)
مبلغ القسط
Premium Amount
حد التغطية
Coverage Limit
التغطية
Coverage
حد التغطية التأمينية*
Limit of Insurance Coverage*
بحد اقص ى 6,000 ريال
سعودي
Up to a maximum of SAR 6,000
المصاريف الفعلية لإعادة جثمان عامل الخدمة المنزلية
Actual expenses of the repatriation of the deceased Domestic Worker’s body to his/her home country
*يجوز الاتفاق بين المؤمن له والشركة على زيادة حد التغطية التأمينية عن المبين في ھذا البند
*The Insured and the Insurer may agree to increase the insurance
coverage over the limit defined in this clause.
بحد اقص ى 1.000 ريال
سعودي
Up to a maximum of SAR 1,000
تكلفة إعادة المتعلقات والممتلكات الشخصية لعامل الخدمة المنزلية المتوفي
Expenses for returning the personal belongings and possessions of the deceased
Domestic Worker
إجمالي قيمة راتب عامل الخدمة المنزلية على ألا تتجاوز قيمة التعويض رواتب أربعة أشهر وشريطة ألا تتجاوز قيمة الراتب الشهري مبلغ وقدره 2,000 ريال سعودي
The total amount of the Domestic Worker’s salary provided that the compensation does not exceed four months salaries., provided that the monthly salary does not exceed SAR 2,000
العجز الكلي الدائم أو العجز الجزئي الدائم لعامل الخدمة المنزلية
Permanent total or partial disability of the
Domestic Worker
إجمالي قيمة راتب عامل الخدمة المنزلية على ألا تتجاوز قيمة التعويض رواتب أربعة عدم التزام صاحب العمل بسداد الراتب The Employer’s failure to pay salaries أشهر وشريطة ألا تتجاوز قيمة الراتب الشهري مبلغ وقدره 2,000 ريال سعودي
The total amount of the Domestic Worker’s salary provided that the compensation does not exceed four months salaries., provided that the monthly salary does not exceed SAR 2,000
المصاريف الفعلية لاستقدام بديل عن عامل الخدمة المنزلية
Actual expenses of recruiting an alternative
Domestic Worker
تحسب التكاليف وفق المعادلة (إجمالي تكلفة الاستقدام ÷ مدة عقد عمل عامل الخدمة المنزلية بالأشهر) × المدة المتبقية من العقد بالأشهر، شريطة ألا تتجاوز تلك التكاليف مبلغاً قدره قيمة تكلفة الاستقدام، أو 20,000 ريال سعودي كحد أقص ى. القيمة الفعلية لتذكرة سفر لإعادة عامل الخدمة المنزلية إلى وطنه في حال إصابته بالأمراض الحرجة أو المزمنة، أو في الحالات الطارئة أو القاهرة على ألا تتجاوز قيمة تذكرة السفر مبلغاً وقدره 2,500 ريال سعودي
The expenses shall be calculated as follows: (total cost of recruitment ÷ the
Domestic Worker’s total term of contract in months) x the remaining period of the contract in months, provided that the expenses do not exceed
the recruitment cost or SAR 20,000, whichever is lower.
The actual value of a travel ticket to return the Domestic Worker to his/her home country in the event that he/she suffers from Critical or Chronic Illness, up to a maximum of SAR 2,500.
تحسب التكاليف وفق المعادلة (إجمالي تكلفة الاستقدام ÷ مدة عقد عمل عامل الخدمة المنزلية بالأشهر) × المدة المتبقية من العقد بالأشهر، شريطة ألا تتجاوز تلك التكاليف مبلغاً قدره قيمة تكلفة الاستقدام، أو 20,000 ريال سعودي كحد أقص ى.
The expenses shall be calculated as follows: (total cost of recruitment ÷ the Domestic Worker’s term of contract in months) x the remaining period of the contract in months, provided that the expenses do not exceed the recruitment cost or SAR 20,000, maximum
المصاريف الفعلية لاستقدام بديل عن عامل الخدمة المنزلية عند تغيُب أو امتناع عامل الخدمة المنزلية عن العمل
Actual expenses of recruiting an alternative Domestic Worker in case of the Domestic Worker’s absence or refusal to work
تاريخ بدء سريان التغطية التأمينية
Effective date of insurance coverage
فترة التغطية
Period of Insurance
المنافع الإضافية
Additional benefits
الإفصاح Disclosure الحقائق الجوهرية الأخرى التي تطلبها الشركة Other Material Facts required by the Insurer The insurance coverage request that was completed and signed by the Insurance Applicant or their legal representative shall form an integral part of the Policy; which contains the provisions, conditions, exclusions, coverage limits and schedule; and any Appendix agreed upon, whether at the start of the insurance coverage or following its effectiveness. The Unified Compulsory Government Motor Insurance Policy
Saudi Arabian Monetary Authority The Unified Compulsory Government Motor Insurance Policy
Introduction and Definitions
This Policy was issued based on the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. M/32 dated 02/06/1424H and amended by Royal Decree No. M/30 dated 27/05/1434H, the Implementing Regulations of the Cooperative Insurance Companies Control Law issued by the Decision of the Minister of Finance No. 1/596 dated 01/03/1425H, and the Resolution of the Council of Ministers No.79 dated 05/03/1435Hconcerningcompulsory
government motor insurance.
The following words and phrases, wherever they occur herein, shall have the meanings assigned thereto, unless the context otherwise requires:
Compulsory Insurance Policy (The Policy): motor Third Party liability insurance policy under which the Insurer undertakes to indemnify the Third Party upon the occurrence of a loss or damage covered under the policy, for a Premium paid by the Insured. The Policy shall include the promissory warranty certificates and appendices (if any), provided that they shall not contradict or violate the provisions stated herein.
Insurer: the insurance company.
Insured: a Government Entity that concluded an insurance contract with the Insurer and whose name is stated in the policy schedule.
Government Entity: any public establishment, department, facility or authority that is run by the state.
The Driver: whoever is driving a Vehicle, public works equipment, or motor bike at the time of the accident.
The Vehicle: any transport means designed to move by wheels or tracks or propelled using mechanical power, as described in the tender specification document.
Service Vehicle: any Vehicle used as a means to facilitate the support work of government entities, including, without limitation, Vehicles used for transporting goods or mail.
Field Vehicle: a Vehicle used in performing field tasks which are part of the essential tasks of the Government Entity owning it.
Third Party: any natural or juristic person who sustains loss or damage covered under the provisions hereof, excluding the Insured and/or the driver.
Physical Damages: death and/or physical injuries which may be inflicted on a third party, including partial or total disability, whether permanent or temporary.
Material Damages: destruction occurring to property belonging to a third party.
Medical Expenses: costs and expenses of medical treatment and medicines, which are incurred by a Third Party as a result of an accident covered by insurance under this Policy.
Other Expenses: expenses which are incurred by a Third Party because of the accident, including expenses of towing or transferring the Vehicle and damage assessment costs.
Claim: written notification submitted to the insurer, requesting Indemnity for an accident covered under the provisions hereof.
Claimant: a natural or juristic person who sustains loss or damage in an accident covered under this Policy, including the heirs of the natural person in the event of his/her death.
Indemnity: the amounts to be paid by the Insurer to a Third Party within the maximum limit of Civil Liability specified herein.
Premium: the amount paid by the Insured to the Insurer in exchange for the insurer’s agreement to indemnify third parties for damage/loss resulting directly from a risk covered in the Policy.
Civil Liability: the liability of the Insured and/or the Driver towards a Third Party for material/Physical Damages inflicted by the Insured Vehicle.
Material Fact: any information that may affect the insurer's decision to accept or reject the insurance proposal or that may affect the insurance Premium or terms and conditions of the insurance contract.
Insurance Coverage
Whereas the Insured has submitted to the Insurer an insurance proposal form, which is considered the basis for this Policy, and has paid (or has undertaken to pay) the required Premium and the Insurer has accepted this proposal, the Insurer shall, in the event of an accident occurring within the borders of the Kingdom of Saudi Arabia and causing damages covered under this Policy whether such loss/damage has arisen from the use of a Vehicle or its stopping, indemnify in cash the Third Party in accordance with the terms and conditions set forth herein for all the amounts that the Insured or the Driver is committed to pay for:
Physical Damages caused to a Third Party inside or outside the Vehicle
Material Damages outside the Vehicle
Coverage Limits
In the event of an accident occurring and resulting in the payment of Indemnity in accordance with the provisions hereof, the maximum limit of the insurer's liability for one event and during the lifetime of the Policy for both physical damage (including blood money, sums estimated for bodily injuries, and Medical Expenses) and Material Damages shall not exceed together a total sum of SAR 10,000,000 (ten million Saudi riyals) as a maximum liability limit for coverage.
Cases in which the Insurer is not allowed to deny liabilities towards third parties
The Insurer may not deny liability for Indemnity towards a Third Party because the Insured or Driver has committed any violation, whether before or after the accident, or has not complied with the provisions hereof, without prejudice to the insurer’s right of recovery against the Insured or the Driver after indemnifying the Third Party if the recovery is justified as per Article 6.
Cases In Which The Insurer Shall Indemnify Third Parties While Reserving The Right of Recovery Against The Insured, The Driver or The Person Responsible for The Accident
The Insurer shall have the right of recovery against the Insured, the Driver or the person responsible for the accident to recover the amount paid to a Third Party in any of the following cases:
Any liability or expenses arising or incurred because the Insured Vehicle was:
Used in contravention of the restrictions set forth in the policy schedule.
Carryinganumberofpassengers
exceeding the seating capacity of the Vehicle, and it has been proved that the accident occurred because of such violation.
Used in any type of racing or for testing its speed or power.
Driven under the influence of drugs, alcohol or medication that a person is not allowed medically to drive after taking it.
Stolen or taken by force.
Driven by a person who does not have a valid driving license, does not have a permit qualifying him/her to drive this type of Vehicles, or whose driving license is temporarily or permanently suspended.
Used in areas that are normally off limits to the public, such as airports or seaports, unless the Vehicle is licensed to be driven within the permissible area.
If it is proved that the Insured has supplied inaccurate information about the Vehicle or if the tender specification document is not inclusive in such a way that would affect the insurer’s acceptance of risk coverage, the insurance Premium or its terms and conditions.
If it is proved that the accident was deliberately made by the Insured or Driver.
Failure on the part of the Insured to notify the Insurer in writing within ten working days of any material change to its disclosures in the insurance proposal form.
If the Driver leaves the scene of the Vehicle accident.
Acknowledgement by the Insured or the Driver to bear the liability for the accident undeservedly for the purpose of harming the Insurer.
Running a red light by the driver.
Driving the motor Vehicle against the
direction of traffic.
Car drifting.
As an exception from the above, provided that a license or permit is granted to the Driver of the Field Vehicle by the relevant security entity as per the guidelines and procedural requirements attached hereto, the Insurer shall not have the right of recovery against the Insured or the Driver of the Field Vehicle to recover the amount paid to a Third Party in any of the following cases:
If it is proved that the accident was deliberately made by the Insured or Driver.
If the Driver leaves the scene of the Vehicle accident for justifiable reasons.
Running a red light by the driver.
Driving the Vehicle against the direction of traffic.
Claim Settlement Procedures
1- Upon receiving any Claim, the Insurer shall providetheClaimantwithan
acknowledgement receipt and inform the Claimant of any missing documents within 7 days from receiving the Claim. The Insurer may appoint an assessor or a loss adjuster, if necessary, within a period not exceeding 3 days from the date of receiving the Claim.
The Insurer shall settle the amounts of Claims covered under this Policy, as determined by the General Department of Traffic, Najm Company for Insurance Services or other authorized entities, with integrity and fairness without any bargaining, within a maximum period of 15 Hijri Calendar days from the date of receiving the Claim with all required documents. If the Insurer fails to settle the Claim within that prescribed period for unjustifiable reasons, the beneficiary under this Policy shall be entitled to file a petition of dispute at the Committees for Resolution of Insurance Disputes and Violations to compel the Insurer to indemnify the beneficiary for any expenses incurred as a result of the loss of use of its Vehicle due to the insurer's delay in settling the Claim (such as the costs of renting an alternative car).
The Insurer shall inform the Claimant in writing of its acceptance or denial of the Claim. In case of acceptance, the Insurer must clarify the amount of Indemnity and how it was reached. In case of denial of the Claim, the Insurer shall:
a. Provide the Claimant with the reasons for denial.
b. Inform the Claimant of its right to submit its case to the Committees for Resolution of Insurance Disputes and Violations according to Article 20 of the Cooperative Insurance Companies Control Law, so as to be considered by those committees.
c. Provide the Claimant, upon their written request, with copies of documents in support of the insurer’s decision.
General Conditions
Multiple sources of insurance and other
types of insurance coverage:
If the Vehicle is Insured with the same type of insurance by more than one Insurer, the Insurer shall pay only a portion of the Indemnity amount, expenses or fees, that is proportional to the amount of the Policy over the total amount of all policies. If there is another type of any insurance covering the liability or expenses already covered in an insurance policy (such as the availability of comprehensive motor insurance policy), the Insurer shall cover that liability or Other Expenses incurred by a third party, and then it subrogates the Insured in requesting other insurance companies to pay their relative share of the Claim.
Changes:
The Insured shall notify the Insurer in writing, within 10 working days, of any material changes to the representations declared in the insurance proposal form. The Insurer shall notify the Insured within 3 working days from the date of receiving the Insured’s aforementioned notification if the Insurer decides to refuse to provide coverage to the Insured.
Insurer’s right to conduct legal proceedings and settlement:
The Insurer shall have the right to:
a. Represent the Insured or Driver in any investigation or interrogation related to a Claim which is the subject of Indemnity under this Policy.
b. Handle defense proceedings for the Insured or Driver before any judicial body against any allegation or accusation related to an accident, which is the subject of Indemnity under this Policy.
Insurer’s right to include the driver’s name in the system of the Saudi Credit Bureau (SIMAH):
If the Driver defaults on repayment of the insurer’s dues arising from cases set forth in Article 6 hereof and the exceptions stated therein, the Insurer shall have the right to include the name of the Driver in the system of the Saudi Credit Bureau (SIMAH).
In case of occurrence of an accident covered under this Policy, the Insured or Driver shall:
Inform the concerned authorities as soon as an accident covered under this Policy occurs and not leave the accident scene until procedures are completed, except in cases where it is necessary to leave the accident scene, such as in the case of physical injuries or awaiting the concerned authority for not less than two hours from the accident reporting.
Not Claim responsibility with the intention of harming the Insurer and not pay or undertake to pay any amount to any party involved in the accident except after obtaining prior written approval from the insurer.
Cooperate with the Insurer and issue powers of attorney enabling the Insurer to carry out the proceedings, defending and settlement procedures on behalf of the Insured or the Driver if the Insurer expresses its desire to do so.
d. Perform, at the insurer's expense, all actions required to guarantee the insurer's right to recover, from any other party, any amounts due as a result of Indemnity paid by the Insurer under this Policy.
Obligations of the Insurer in case of delay in settlement of a Claim with completed documents:
The Insurer shall compensate the beneficiary of the coverage of this Policy for any cost incurred as a result of the loss of use of its damaged Vehicle due to the insurer's delay in settling the Claim for more than 15 days from the completion of all required documents of the Claim, without providing acceptable excuses for the delay of paying the Indemnity.
Fraud:
The rights arising from this Policy shall be forfeited if the Claim involves fraud; if the Insured, driver, an agent thereof, or a Third Party uses fraudulent approaches or methods to gain benefit from this Policy; or if liability or damage results from a deliberate act by, or collusion with, the Insured, driver, or others. The Insurer shall have the right of recovery against any party found to be responsible for such fraud, whether as a conspirator or an accomplice, provided that the Insurer shall indemnify the Third Party if it becomes clear that they acted in good faith.
Cancelation:
Neither the Insurer nor the Insured has the right to cancel this Policy after its issuance, except in the following situations:
Cancelation of the Vehicle’s registration.
Transfer of ownership of the Vehicle to another owner.
3. Producing a substitute policy from another insurer.
If the Insured wishes to cancel the insurance policy, it shall submit a cancelation request and return the insurance policy to the insurer. The Insurer shall pay the proportional amount of the Premium to the Insured within 15 business days from the cancelation request date as per the following table:
The Proportional Amount of the Premium to be Paid by the Insurer to the Insured Validity Period of the Policy Before Requesting Cancelation 87.5% 1-7 days 75% 8-30 days 60% 31-60 days 50% 61-90 days 45% 91-120 days 40% 121-150 days 35% 151-180 days 25% 181-210 days 20% 211-240 days 10% 241-270 days 0% 271-365 days Notwithstanding the foregoing, the insurer, Insured and Driver shall remain bound by the provisions of this Policy with respect to the obligations arising prior to its cancelation.
9- Policy issuance and renewal notification:
The Insurer may not issue the Policy unless it is electronically connected to the system of Najm Company for Insurance Services. The Insurer shall notify the Insured of the expiration date of the Policy two weeks prior to the expiration date, so that the Insured can renew the Policy or replace it with another policy from another insurer.
Judicial jurisdiction and governing law:
Any dispute that arises from this Policy shall be subject to the applicable laws and regulations of the Kingdom of Saudi Arabia and shall be settled by the Committees for Resolution of Insurance Disputes and Violations, as set forth under Article 20 of the Cooperative Insurance Companies Control Law promulgated by Royal Decree No. M/32 dated 02/06/1424H.
Any dispute arising from this Policy shall not be looked into after the lapse of three years from the occurrence of the incident forming the basis of the Claim, and of which the parties concerned are aware, unless the Committees for Resolution of Insurance Disputes and Violations are satisfied with the reason for considering the Claim.
Exceptions (cases not covered under this Policy)
The Insurer shall not be liable to pay any indemnities in any of the following cases:
Any liability or expenses arising, directly or indirectly, from the following:
War, invasion, acts of foreign enemy, hostilities, warlike acts (whether war is declared or not), or civil war.
Rebellion, military or popular uprising, insurgence, revolution, usurping
authority, martial laws, siege, or any events or reasons leading to declaring or continuation of martial laws, siege, or acts of vandalism and terrorism committed by person(s) working individually, on behalf of, or in relation with any terrorist organization. Terrorism means using violenceforpolitical,intellectual,
philosophical, racial, ethnic, social or religious purposes. Such use of violence includes putting the public and/or a segment thereof under a state of terror, causingturmoil,affectingand/or
intervening in any of the government’s operations, activities and/or policies, and/or causing any disturbance that negatively affects the national economy or any related sectors.
Strikes, riots, or civil or labor unrest.
Damage directly or indirectly caused by nuclear weapons, ionizing radiation, radioactive contamination resulting from anynuclearfuelorwaste,or
contamination due to nuclear fuel combustion. For the purposes of this exclusion, combustion shall include any nuclear fission.
Natural disasters such as hurricanes, earthquakes, floods, or volcanic activity or eruptions.
Death or physical injury to the Insured or the driver.
Loss or damage to the Insured Vehicle or personal property of the Driver inside or outside the Vehicle.
Damage or loss to the goods transported in the Insured Vehicle.
Fines, financial penalties, guarantees or bails that may be imposed on the Insured or the Driver due to the accident.
Accidents occurring outside the geographic borders specified in the policy schedule.
Distribution of Surplus
The surplus shall be distributed to the Insureds in accordance with the provisions of Article 70 of the Implementing Regulations of the Cooperative Insurance Companies Control Law issued by Royal Decree No. M/32 dated 02/06/1424H.
Prevailing Language
In case of any discrepancy or conflict between the Arabic and English texts, the Arabic text shall prevail.
The Unified Compulsory Motor Insurance Policy
No: 202300000257 Date(g): 17/1/2023 | Date(h): 25/6/1444 The Saudi Central Bank (SAMA) issued this Policy pursuant to the Governor’s Decision No(2/S/444) dated 23/06/1444H based on powers vested in SAMA under the Cooperative Insurance Companies Control Law issued by Royal Decree No. (M/32) dated 02/06/1424H, amended by Royal Decree No. (M/30) dated 27/05/1434H, and amended by Royal Decree No. (M/12) dated 23/01/1443H, and its Implementing Regulation issued pursuant to Minister of Finance Resolution No. (1/596) dated 01/03/1425H.
Article One: Introduction
This Policy shall specify the minimum limit of civil liability coverage against Third Party for compulsory motor insurance in accordance with the terms, conditions and exceptions provided herein or attached hereto, and the Insurer agrees to provide insurance coverage up to the amounts and limits stated in this Policy in consideration of the Insured having paid the Premium to the Insurer. The Insurer and the Insured shall not be entitled to agree on liability limits lower than those set herein.
Article Two: Definitions
The following words and phrases, wherever they occur herein, shall have the meanings assigned thereto, unless the context requires otherwise:
- Policy: The Unified Compulsory Motor Insurance Policy.
- Insurer: The Company licensed to practice insurance business in accordance with the provisions of the Cooperative Insurance Companies Control Law.
- Insured: A natural or juristic person that has entered into an insurance contract and whose name is stated in the Policy schedule.
- The Driver: Any person driving the Vehicle and holding a driver’s license.
- The insured vehicle (the Vehicle): Any transport means designed to move by wheels or tracks or propelled using mechanical or animal power, as described in the Policy (trains are excluded).
- Third Party: Any natural or juristic person sustaining loss or damage not excluded under the Policy, excluding the Insured and/or the Driver, or the person responsible for the accident.
- Accident: Any incident that causes damage to a Third Party due to the use of the Vehicle, or as a result of an explosion or fire coming from the Vehicle or its scattered debris, or due to its motion, self-propulsion or being stationary.
- Physical damages: Death or physical injuries, which may be inflicted on a Third Party, including total or partial disability, whether permanent or temporary.
- Material damages: Destruction occurring to property belonging to a Third Party.
- Expenses: All expenses borne by a Third Party due to a damage caused by a risk not excluded in the Policy.
- Claim: A claim for indemnity for damages caused by a risk or loss not excluded in the Policy.
- Claimant: Any natural or juristic person or their legal representatives who sustained a damage caused by a risk or loss not excluded in the Policy.
- Indemnity: What shall be offered by the Insurer to a Third Party within the maximum limit of civil liability specified herein.
- Premium: The amount paid by the Insured to the Insurer in exchange for the Insurer’s agreement to indemnify third parties for damage/loss resulting directly from a risk not excluded in the Policy.
- Civil Liability: The liability of the Insured and/or the Driver towards a Third Party for material/physical damages inflicted or expenses arising from the Vehicle.
- Material Fact: Any information requested by the Company from the insurance applicant during the conclusion of the Policy that may materially affect the Company’s decision in accepting the insurance or rejecting it or accepting the insurance with different conditions.
- Right of recovery: The Insurer’s right to recover an indemnity paid to a Third Party from the Insured, Driver, or person who caused the accident for damages excluded in the Policy or cases where the Insurer has the right of recovery.
- Policy schedule :The schedule annexed to the Policy containing some information about the insured and the Vehicle, which is considered an integral part of the Policy.
- Appendix: An agreement between an Insurer and the Insured, subsequent to the issuance of the Policy, whereby items of coverage are added to, amended or removed from the basic coverage, and which should be attached to the Policy and deemed an integral part thereof.
Article Three: Insurance coverage
The insurer shall, in the event of an accident occurring within the borders of Saudi Arabia and causing damages not excluded under the Policy and within the terms and conditions set forth in the Policy, indemnify the Third Party for all the amounts that the Insured, Driver or the person responsible for the accident is committed to pay for:
A. Physical damages caused to a Third Party inside or outside the Vehicle. B. Material damages inflicted on a Third Party. C. Expenses. Article Four: Coverage limits
In the event of an accident occurring and resulting in indemnifying the Third Party in accordance with the provisions of this Policy, the maximum limit of the Insurer's liability for one event and during the lifetime of the Policy for physical damage, expenses and material damages shall not exceed together a total sum of SAR 10,000,000 (ten million Saudi Riyals) as a maximum liability limit for coverage. Based on the appendix (A) attached to the Policy.
Article Five: Cases where the Insurer Shall Indemnify a Third Party while Reserving the Right of Recovery Against the Insured, Driver or Person Responsible for the Accident
First: The Insurer shall have the right of recovery against the Insured or Driver to recover the indemnity to a Third Party in any of the following cases:
- Driven against the direction of traffic.
- Running a red light.
Any liability or expenses arising from or incurred when the Insured Vehicle is:
A. Used in contravention of the restrictions set forth in the Policy schedule.
B. Carrying a number of passengers exceeding the seating capacity allowed of the Vehicle, and it has been proved that the accident occurred because of such violation.
C. Driven by a person who does not hold a proper class of license corresponding to the type of the Vehicle driven, according to the relevant laws and regulations, or in the event that an order is issued by a competent entity for the forfeiture of the driver’s license, or the license was expired at the time of the accident unless it was renewed within (50) days from the date of the accident.
Second: In case the Vehicle was stolen or taken forcibly, the Insurer has the right to recover from the person responsible for the accident, and the Insurer has the right of recovery from the insured if he/she has not reported the theft to the concerned entities without an acceptable excuse.
Third: the Insurer must notify the Insured or the Driver within 20 working days from the date of the claim submission to where the above recovery cases may apply; the company may exercise its right of recovery within a year from the date of the claim settlement.
Forth: where any of the recovery cases applies, the juristic person shall not claim the costs of treatment on physical damages from the Insurer.
Article Six: Exceptions
Insurers shall not be liable for paying any indemnities in any of the following cases:
Loss or damage to the insured Vehicle, properties inside or outside the Vehicle which belong to either the Insured or the Driver, or goods transported in the Vehicle or placed in the Insured’s or Driver’s custody, control or care;
Death or physical injury to the Insured or the Driver;
If the Vehicle is used in any type of racing or for testing its speed or power;
If the Vehicle is driven in areas that are normally off-limits to the public, such as airports or seaports, unless the Vehicle has permission to enter these areas;
Acknowledgement by the Insured or the Driver to bear the liability for the accident undeservedly for the purpose of harming the Insurer;
If the accident is deliberately caused by the insured and a Third Party, which is proved in the accident report issued by the authorized entity to attend accident scenes;
Submitting in accurate information in the insurance proposal form or concealing material facts.
If it is proved that the accident was deliberate.
Fines, financial penalties or bails, which may be imposed on the insured or the Driver due to the accident.
The Driver escaped the scene of the accident with no acceptable reason.
Car drifting
Any liability or expenses arising, directly or indirectly, from the following:
a. Driven under the influence of drugs, alcohol or medications that a person is not allowed medically to drive after taking it.
b. War, invasion, acts of foreign enemy, hostilities, warlike acts (whether war is declared or not), or civil war;
c. Rebellion, military or popular uprising, insurgence, revolution, usurping authority, martial laws, siege, or any events or reasons leading to declaration or continuation of martial laws, siege, or acts of vandalism and terrorism committed by person(s)working individually, on behalf of, or in relation with any terrorist organization. Terrorism means the use of violence for political, intellectual, philosophical, racial, ethnic, social, or religious purposes. Such use of violence includes putting the public and/or a segment thereof under a state of terror, causing turmoil, affecting and/or intervening in any of the government’s operations, activities and/or policies, and/or causing any disturbance that negatively affects the national economy or any related sectors;
d. Strikes, riots, or civil or labor unrest;
e. Damage directly or indirectly caused by nuclear weapons, ionizing radiation, radioactive contamination resulting from any nuclear fuel or waste, or contamination due to nuclear fuel combustion. For the purposes of this exclusion, combustion shall include any nuclear fission; and
f. Natural disasters such as hurricanes, earthquakes, floods, or volcanoes.
Article Seven: Claim Settlement Procedures
- Upon receiving a claim, the Insurer shall provide the claimant with an acknowledgement of receipt and inform the claimant of any missing documents within (3) working days for individuals and (9) working days for the juristic person from receiving the claim.
- Insurers shall settle claims with integrity and fairness without any bargaining, within a maximum period of (15) working days for individuals and (45) working days for the juristic person from the date the claim is received, with all required documents.
- The Insurer shall notify the claimant of its acceptance or denial of the claim within five working days from the date of receiving the required claim documents .In case of acceptance, whether fully or partially, the Insurer must clarify the amount of indemnity and how it was reached in accordance with section (2) of this Article.
With observance of the periods set forth in sections 1,2 and 3 of this Article, the Insurer shall settle the claim by one of the following:
A. Propose to repair the Third Party’s vehicle, within a maximum period of (15) working days for individuals and (45) working days for the juristic person.
B. Transferring the indemnity amounts to the Third Party bank accounts for any claim directly through their respective international bank account numbers (IBAN).
With observance of the periods set forth in section 1,2 and 3 of this Article, the Insurer shall settle the claim when submitted after repairs to the Vehicle are made, provided that the claimant furnishes the Insurer with:
A. Actual bills of auto repairs and the accident scene is attended by the authorized entity.
B. The Insurer shall also be provided with a vehicle damage assessment report from an authorized entity, prepared after the accident and before auto repairs take place.
- If the Insurer fails to settle the claim within the prescribed period for no legal reason, the claimant shall be entitled to submit a complaint at SAMA Cares website (Samacares.sa) or file a petition of dispute at the Committees for Resolution of Insurance Disputes and Violations to compel the Insurer to settle the claim and indemnify the claimant for any expenses incurred as a result of the loss of use of their vehicle due to the Insurer’s delay in settling the claim.
In case of denial of the claim, whether fully or partially, the Insurer shall:
a. Provide the claimant with the reasons for full/partial denial.
b. Inform the claimant of their right to submit a complaint at SAMA Cares website (Samacares.sa) or refer their case to the Committees for Resolution of Insurance Disputes.
c. Provide the claimant, upon their request, with copies of documents in support of the Insurer’s decision.
Article Eight: Cancellation
Neither the Insurer nor the Insured has the right to cancel this Policy after its issuance, except in the following situations:
- The write-off of the Vehicle’s registration.
- Transfer of ownership of the Vehicle to another owner.
- The existence of an alternative policy that covers the remaining term of the insurance policy to be cancelled.
The Insurer shall refund the Insured the due amount payable for the uncovered period by depositing the remaining amount to their bank account via IBAN, within three working days from the date on which the Insurer becomes aware of the occurrence of any of the cases mentioned above. The due amount payable to the Insured for the uncovered period is calculated by subtracting the elapsed days from the total policy term (in days) and then dividing the result by the total policy term. The result is then multiplied by the insurance premium less administrative fees and commission (a maximum of SAR 30) to determine the return premium:
(365 - elapsed days) /365 × insurance premium less administrative fees and commission (a maximum of SAR 30) = return premium.
The Insurer is exempted from its obligation to pay the due amount in the case that there is a claim—related to the policy to be cancelled and the exact vehicle covered by the policy— with a value exceeding the amount to be refunded as per the calculation formula mentioned above.
Notwithstanding the foregoing, Insurer, Insured and Driver shall remain bound by the provisions of this Policy with respect to the obligations arising prior to its cancellation.
Article Nine: General Conditions
- Changes in the marital fact: The Insured shall notify the Insurer, within 20 working days, of any material changes. The Insurer shall notify the Insured in case it intends to increase the premium rate, or return part of the premium if the premium is reduced. If no notification is sent to the Insured by the Insurer, then this shall indicate the Insurer’s approval to continue providing the coverage at the premium rate agreed upon at the time of signing the policy
Insurers’ right to conduct legal proceedings and settlement.
The Insurer shall have the right to:
A. Represent the Insured or Driver in any investigation or interrogation related to a claim which is the subject of indemnity under this Policy.
B. Handle defense proceedings for the Insured or Driver before any judicial body against any allegation or accusation related to an accident, which is the subject of indemnity under this Policy.
C. The Insured shall notify the Insurer as soon as they become aware of any claim, inquest or investigation relating to the said incident, unless the delay is justified by an acceptable excuse.
The Insurer's right to include the Insured's name in the system of the company authorized to collect consumer credit information:
The Insurer has the right to include the name of the Insured in the system of the company authorized to collect consumer credit information if the Insured defaults on payments due to the Insurer, whether insurance premiums or claims recoveries.
In the case of occurrence of a risk not excluded in the Policy, the Insured or Driver shall:
a. Inform the concerned entities as soon as an accident occurs and not leave the accident scene until procedures are completed, except in cases where it is necessary to leave, e.g. in the case of physical injuries.
b. Not to claim responsibility with the intention of harming the Insurer, pay or undertake to pay any amount to any party involved in the accident except after obtaining a prior written approval from the Insurer.
c. Perform, at the Insurer's expense, all required actions to guarantee the Insurer's right to recover, from any other party, any amounts due as a result of indemnity paid by the Insurer under this Policy.
Fraud:
The rights arising from this Policy shall be forfeited if the claim involves fraud; if the Insured, Driver, an agent thereof, or a Third Party uses fraudulent approaches or methods to gain benefit from this Policy; or if liability or damage results from a deliberate act by, or collusion with, the Insured, Driver, or others. The Insurer shall have the right to recover against any party found to be responsible for such fraud, whether as a conspirator or an accomplice, provided that the Insurer shall indemnify the Third Party if it becomes clear that they acted in good faith
Policy issuance and renewal notification:
Insurers may not issue the Policy unless they are electronically connected to the system of the company approved by SAMA to collect, maintain, and exchange insurance information. The Insurer shall notify the Insured of the expiry date of the policy (20) working days before it expires, so that the Insured can renew or replace the Policy with another policy from another insurer.
Cases in which the company is not allowed to deny liabilities towards third parties:
Subject to Articles 6 hereof, the Insurer may not deny liability for indemnity towards a Third Party because the Insured, the Driver or the person responsible for the accident has committed any violation, whether before or after the accident, or has not complied with the provisions hereof, without prejudice to the insurer’s right of recovery against the Insured, the Driver or the person responsible for the accident after indemnifying the Third Party if the recovery is justified.
Judicial jurisdiction and governing law:
A. Any dispute that arises concerning this Policy shall be subject to laws and regulations in force in the Kingdom of Saudi Arabia and shall be settled by the Committees for Resolution of Insurance Disputes and Violations.
B. Any dispute arising concerning this Policy shall not be looked into after the lapse of five years from the occurrence of the incident forming the basis of the claim, and of which the parties concerned are aware, unless the Committees for Resolution of Insurance Disputes and Violations are satisfied with the reason for considering the claim.
Schedule of the unified Compulsory Motor Insurance Policy
Schedule of the unified Compulsory Motor Insurance Policy
Type of Insured
policy No.
Insured Information
Insured’s ID No.
1-for individuals
National ID number for Saudi nationals
Residence permit (Iqama) number for resident Individuals
2-computer number for corporate
Name of Insured
Phone number
National Address
Vehicle Details
Owner’s ID No.
Owners Name
Registration Plate No.
Chassis No.
Vehicle Color
Vehicle Registration Expiry Date
Type of Chassis
Customs Card No.
Vehicle Make
Year of Manufacture
Vehicle Model
Purpose of use
Type of registration plate
(Private/ Private Transport/ Private Bus/ Public Transport/ Public Bus/ Taxi/ Diplomatic and Consular / Temporary/ Public Works/ Export/ Motorcycle) Plate
Type of insurance
Third Party liability insurance
Names of authorized drivers under the age of 18 (with driving licenses numbers)
Geographic borders
On Saudi Arabia territories
Use Restrains
The Insured should not use the vehicle for other than the authorized purpose
Premium amount
Policy issuance date
Coverage period
From day:.................................. Dated:............../................../.............
Time:
To day Dated:....................../................/.......
Time:
Other Requested Martial Facts by the Company
Appendix A
Insurance coverage Coverage limits 1
Treatment costs of physical damages caused to a Third Party inside or outside the vehicle for ministry of health claims. 10,000 (ten thousand Riyals) as a maximum limit. 2
Treatment costs of physical damages caused to a Third Party inside or outside the vehicle for non-ministry of health claims. Within the limit of 10,000,000 (ten million Riyals). 3
Material damages inflicted on a Third Party outside the Vehicle. Within the limit of 10,000,000 (ten million Riyals). 4
Expenses. Within the limit of 10,000,000 (ten million Riyals). Unlawful Practices in Selling and Issuing of Motor and Medical Insurance Policies
This section is currently available only in Arabic, please click here to read the Arabic version.Verification of Adding the Mandatory Fields to the Policyholders' Data
This section is currently available only in Arabic, please click here to read the Arabic version.[Change in the design of US banknotes]
Banking Control
No. 6357/BCI/250
Date: 17-5-1416 H
Circular to All Banks Operating in The Kingdom
Greetings,
SAMA was advised by the Federal Reserve Bank ('FRB') in New York that the US Secretary of Treasury and the Chairman of FRB have decided to change the design of US banknotes and that the new issues will appear as of 1996A.D with regard to the 100$ banknote. Other categories will be issued within 9-12 months.
It is to be noted that all US banknotes will remain in circulation at their nominal value and no withdrawal of or reduction of price in the value of any US currency will take place in a specific time period. The new issue will contain certain secret data, including water signs and kind of ink used, in addition to previous secret data to reduce the possibility of counterfeiting. The announcement about other developments re the new issue will be made later.
Regards,
Assistant Director General of Banking Control
M. A. Nashar
mada operating rules- update on Refunds
A. INTRODUCTION
- This update is a part thereof and should be read in conjunction with the SPAN Operating Rules, V. 6.1.1 and SPAN Operating Standards and Procedures, V. 6.1.
- As per section 15.5 In the SPAN Operating Rules, V. 6.1.1 the update is a minor change.
- Any change as a result of this update takes effect from this document's official publication date.
- Rules on Refunds apply to domestic debit Transaction only.
B. Update on Refunds
1.
Refund: A Transaction that Is Initiated by a Merchant to return funds to a Cardholder In respect of a prior Purchase of goods, services or price adjustment. A return of residual value of funds in stored value payment instruments other than Cards does not qualify as a Refund as defined in the SPAN Operating Rules and SPAN Operating Standards and Procedures.
SAMA does not permit the use of a Reversal function for an authorized Purchase Transaction if it was followed by a subsequent Purchase Transaction with a new sequence number or is no longer in the POS terminal (Flushed from SAF or Reconciled). In this instance, a Refund must be used to credit the Cardholder’s account.
2.
If the 'Refund' function is offered or enabled for a Merchant by the Acquirer (bank), the terms and conditions relating to such Refunds must be clearly stated In the Standard Merchant Services Agreement (MSA). If the 'Refund' function is offered or enabled after the original MSA has been signed, the Acquirer may add an addendum to the existing valid agreement to cover the additional Refunds function. 3.
A Refund Transaction is considered as new Transaction, and is subject to the SPAN Operating Rules, Standards, Procedures, and SPAN the Pricing Policy in that regard is No interchange, authorization, settlement or MSC fees are levied on a Refund Transaction. 4.
The cardholder must receive the paid amount without any deduction (l.e. If the cardholder paid SAR500 for goods and requested refund; the cardholder should receive the full SAR500. 5.
Issuers must provide Refund capability to Cardholders by default subject to the Issuer’s internal risk policies and procedures. 6.
The Issuer must decline the authorization of a Refund transaction request if no PIN verification is indicated in the authorization request message. 7.
The Merchant must ensure that the Transaction amount of the Refund does not exceed the amount of the original Purchase and in all cases, a refund transaction must not exceed the daily purchase limit of PoS 8.
A Refund Transaction may be processed Offline when Card and Terminal are enabled for Offline Authorization, subject to eligibility and Offline value limits. 9.
The Refund amount must be in the same currency as the original Purchase amount. 10.
Following the completion of a Refund Transaction, The Merchant must provide the Cardholder with a (Refund) Transaction receipt. 11.
The refund capability should be disabled on all PoS terminals by default. The function should not be activated until:
the Acquirer has offered and the Merchant accepts inclusion of the function on their PoS service
the Acquirer ensures that the Merchant fully understands the duties, responsibilities, related risk, fraud liability, and operating procedures relating to the Refund of transactions
the Merchant has signed the Refund Agreement part of the MSA.
In exceptional circumstances, the Acquirer may elect to decline merchant request to activate the service based on the Acquirer's internal risk policies and procedures, subject to appeal by the Merchant to SAMA. The Acquirer may also disable the Refund function if the Merchant so requests.
12.
Acquirers must ensure that their Merchants disclose their policies on returns and Refunds In a clear and visible format near the location of the POS Terminal, including clear references to documents required as proof of the original Purchase Transaction. 13.
Following the clearing and settlement of the Transaction, the Issuer will credit the Cardholder with the amount of the Refund as per the SPAN Operating Standards and Procedures. The Issuer must ensure that the Refund amount Is posted without delay to the Cardholder's account. 14.
The timeframe for a Refund, being the period between the transaction date and the Refund date, is determined by the Merchant according to Its Internal policies and procedures (and may be subject to commercial (licensing) laws and regulations. 15.
When a Refund is provided, the Merchant must credit the same Card account used to make the original POS Purchase. ? 16.
Merchants that provide full or partial Refunds for SPAN Transactions must not do so through cash, check or voucher. 17.
To authenticate the 'Original Transaction' the Merchant must ask the Cardholder for a Transaction receipt or similar documentation as proof of the original purchase transaction; if the original receipt is not available, the Merchant may fall back to its internal policies and procedures In deciding whether to proceed or not. 18.
Merchants that provide full or partial Refunds must do so only for the purpose of crediting a Cardholder account for returned merchandise, cancelled services, or a price adjustment related to a previous POS Purchase. 19.
In the event of overcharging a POS sale, Merchants must not use the Reversal function but use a Refund Transaction to return the difference to the Cardholder. 20.
A Merchant that offers Cashback as part of an 'Original Purchase' transaction must not Refund the Cashback portion of the original Transaction. 21.
The Acquirer must monitor Refund Transactions and report to SAMA if a Merchant exhibits repetitive, unusual or excessive Card Refunds. SAMA may Initiate an investigation at its own discretion, subject to the SPAN Rules, Standards and Procedures. 22.
Issuer Banks must ensure that the terms and conditions in the account opening and/or Card application documents state that, in the event of a Cardholder exercising their entitlement to a Refund, the Cardholder agrees to accept credits to his associated Card Account for such Refunds and agrees to the Refund policy of that merchant. 23.
In the event where an attempted Refund Transaction is not completed (no advice is received by the Issuer to enable a credit to the Cardholder's account), the Issuer, on behalf of the Cardholder, may raise a claim through CPS if the Issuer is satisfied with the authenticity of the concerned Transaction and supporting documents. 24.
Merchants must Refund the (relevant proportion of the) purchase amount through one single refund transaction, not through multiple transactions. 25.
Refund Transactions (and any associated fees) will be reported by SAMA in the normal SPAN activity and fee reports. 26.
Refunds to Cardholders can only be performed at Merchants with valid agreements with Acquiring Banks and a POS Terminal compliant with the SPAN Operating Rules, Standards and Procedures and ‘mada’ POS Standards. 27.
A merchant may choose to reimburse a SPAN Cardholder outside the SPAN network (i.e. a refund in cash or in kind). In such instances, the merchant accepts full responsibility for the Transaction and none of the SPAN stakeholders will have any liability for the Transaction. The Merchant may not fall back to the SPAN network for any dispute arising out of such a Refund. 28.
The Standard POS Merchant Service Agreement must reference these Rules(?). 29.
Merchants may cancel (void) a transaction provided it did not exceed the time allowed to effect a Reversal as per SPAN Operating Standards and Procedures1.
Beyond this time limit, the Merchant must use the Refund function described here.
30.
The Issuer Bank must notify the Cardholder via the Short Message Service (SMS) of the relevant details of any Refund Transactions in line with SAMA Instructions. 31.
The Issuer must ensure that all Refund Transactions are shown on the Cardholder's account statement with adequate details that allow the Cardholder recourse if required. 1 SPAN Operating Standards and Procedures, Sections 5.3.2,5.4 and 5.4.2
statutory deposit account
The Implementing Regulations of Payments and Payment Services Law is currently available only in Arabic, please click here to read the Arabic version.Implementation of Capital Reforms Under Basel III Framework
No: 341000015689 Date(g): 19/12/2012 | Date(h): 6/2/1434 In 1992, SAMA introduced in its regulatory framework a Risk Based Capital Adequacy Ratio emanating from the Basel Committee on Banking Supervision known as Basel I. Subsequently in 2008, SAMA fully implemented the Basel II Capital Adequacy Standard issued by the Basel Committee, that introduced capital requirements for Operational risk and more risk sensitive capital requirements for credit and market risks. Basel II had also introduced the concept of enhanced supervisory review process under Pillar 2 and more transparency under Pillar 3.
Following the 2007 financial crisis that affected a number of financial markets and financial institutions around the globe, the BCBS came out with significant enhancements to the global supervisory standards to address the serious weaknesses identified by various lessons learnt studies. These standards aimed to create a more resilient global banking system and prevent any future financial crisis. For this purpose the BCBS issued Basel II.5 in 2009 and in 2010 and Basel III in 2010. While the former addressed the additional risks relating to securitization, resecuritization and derivative activities, the latter related to enhancing the quality and quantity of capital in banks, strengthening their liquidity and constraining their leverage.
SAMA has since 2011, introduced the main elements of the Basel III framework in accordance with the timelines agreed by the BCBs. This includes the introduction of the leverage ratio in 2011, the liquidity ratios in 2012, and the Capital Adequacy ratios from 2013.The leverage and liquidity ratios are in the monitoring phase while the Capital ratio will be in its final form. In addition, SAMA has announced the full implementation of Basel II.5 effective January 2013.
SAMA has made a major effort to develop the attached Guidance Notes and Prudential Returns to implement the Basel III Framework in Saudi Arabia effective 1 January 2013. Earlier in October 2012, SAMA had issued the Basel II.5 framework consisting of a Guidance Document and Prudential Returns which are now included in the attached Basel III framework. Consequently, SAMA Basel II.5 package is now superseded by the Basel III framework. The current Basel III package includes the following:
1. Section A: Final Guidance Document
2. Section B: Final Prudential Returns
The above Basel III package is largely derived from the following BCBS papers:
a. Basel II.5: Enhancement and Revisions to the Basel II Framework issued through SAMA Circular # BCS 769 of 29 July 2009; and Revision to the Basel II Market Risk Framework - Updated as of December 2010 issued through SAMA circular # BCS 28414 of 20 November 2011.
b. Basel III: A Global Regulatory Framework for More Resilient Banks and Banking System - December 2010 (revised June 2011) issued through SAMA Circular # BCS 27885 dated 12 November 2011.
c. Final Elements of the Reform to Raise the Quality of Regulatory Capital - Loss Absorbency at the Point of Non-Viability issued through SAMA Circular # BCS 5611 dated 13 February 2011.
We would like to draw your attention to the following aspects of SAMA's Basel III framework:
1. Basel III Prudential Returns concerning Regulatory Capital fully replace the existing returns under Basel II and Basel II.5.
2. Basel III Prudential Returns concerning RWA are identical to Basel II Prudential Returns in terms of formats, descriptions, layout, etc. However, the new RWA under Basel III represent the existing Basel II RWA amended for enhancements and adjustments under Basel II.5 and Basel III.
We have delayed the implementation of Models approach for Market Risk in the context of Basel II.5 and Basel III, and have decided to wait until further progress is made on Trading Book issues currently under review by the BCBS.
It should be noted that SAMA's Basel III reforms as contained in this package are not applicable to branches of foreign banks. Consequently, the Agency will discuss the Basel III implementation with their Head Offices and Home Supervisory Authorities, and ensure that they include their branches in Saudi Arabia in their Capital Adequacy plans.
The Prudential Returns referred to above are due in SAMA 30 day following each quarter end. Consequently, the first quarterly return will be for data as of 31 March 2013 which will be due in SAMA on 30 April 2013. Additionally, banks are required to provide SAMA with information concerning the impact on their Regulatory Capital Adequacy Ratio (CAR) under Basel III as a result of the transition from the Basel II framework. This information is to be provided 30 days following the first two quarter ends in 2013 and should include relevant details and other information explaining the impact on Regulatory Capital and Risk Weighted Assets resulting from this transition.
Section B: Final Prudential Returns
This section has been updated by section 28 "Liquidity" under Pillar 3 Disclosure Requirements Framework, issued by SAMA circular No (44047144), dated 04/06/1444 H, Corresponding To 27/12/2022 G.Liquidity
The balance on a Participant’s Account must never be less than zero plus any intraday debit limit agreed by SAMA in accordance with the foregoing and must be sufficient to cover all Payment Messages of all types as they fall due for payment.
Selection And Termination of Committee Officials
Each committee must elect its own set of officials composed of the following offices:
- Chairman
- Vice Chairman
- Secretary
The selection of each of these officials should take place every September and would be on the basis of a majority vote with the following constraints:
- Each bank will have one vote.
- No proxy vote to be accepted.
- No individual can have the same specific within a span of three years.
- All official appointments will be approved by SAMA should there be an unexpected departure for any reason of any of the officials of the Committee, before their regular tenure of 1 year, the Committee as a whole via a voting mechanism choose a replacement to serve until the end of the term.
Any official can be terminated under any of the following circumstances:
- Unanimous decision by the Committee and SAMA's approval.
- SAMA's sole discretion.
Anti Money Laundering and Combating the Financing of Terrorism
Definitions and Scope of Application
Risk Assessment and Preventive Measures
Internal Policies, Procedures and Controls
Due Diligence Measures
Monitoring of Transactions and Activities
Record Keeping
Wire Transfer and Correspondence Relationships
Governance and Responsibilities of Financial Institutions
Board of Directors, Senior Management and Staff
Responsibilities and Internal Control
AML/CFT Training
AML/CFT Unit
Audit
Suspicious Transactions Reporting
Customs Disclosures
Supervisory and Competent Authorities
Financial Intelligence Unit
Sanctions and Confiscations
International Cooperation
Implementing Regulation to the Anti-Money Laundering Law
Implementation of Article 1 of the AML law
1/1 - The following terms and phrases - wherever mentioned in the Law and its Implementing Regulation - shall have the meanings assigned thereto unless the context requires otherwise:
A. Person: Includes any natural or legal person. B. Transaction: Includes any disposition of funds, properties, cash or in kind proceeds including but not limited to depositing, withdrawing, transferring, selling, purchasing, loaning, committing, extending of credit, mortgaging, gifting, financing, or exchanging of funds in any currency, whether in cash or checks, payment orders, sticks, bonds or any other financial instruments; or using safe deposit boxes and any other disposition of funds. C. Economic resources: Are assets of any kind, whether tangible or intangible, movable or immovable, actual or potential, which may be used to obtain funds, goods or services, including but not limited to equipment, furniture, fittings and fixtures and other items of a fixed nature; vessels, aircraft and motor vehicles; inventories of goods; art; jewelry; gold; oil products, refined products, modular refineries and related material including chemicals and lubricants; minerals, or timber or other natural resources; arms and related materials, raw materials and components that can be used to manufacture improvised explosive devices or unconventional weapons, any types of proceeds of crime, including from the illicit cultivation, production or trafficking of narcotic drugs or their precursors; patents, trademarks, copyrights and other forms of intellectual property, internet hosting or related services. D. Correspondent Relationship: It is a relationship between a correspondent institution and a respondent institution through a current or other account or related services, such as cash management, international funds transfers, cheque clearing, foreign exchange services, trade finance, liquidity management, or short-term borrowing. The definition shall also cover correspondent relationships established for securities transactions or funds transfers. E. Financial Group: Is a group that consists of a company or of any other type of legal or natural persons that exercises control and coordinating functions over the rest of the group for application of group supervision, together with branches or subsidiaries that are subject to anti-money laundering policies and procedures at the group level. F. Legal Arrangements: The relationship established by a contract between two parties or more which not result legal person, such as trusts or other similar arrangement. G. False Declaration: Providing a fake information on the value of currency or bearer negotiable instruments which are being transferred, or providing other false information required by the declaration or by the General Directorate of Customs, including not providing the declaration as required. H. Controlled Delivery: A method whereby the competent authority, and under its observation, is permitted to allow the illicit or suspicious fund or proceeds of crime to enter the Kingdome, pass it, or go outside the Kingdom for the purpose of identifying and detecting such crime and its perpetrators.
1/2 - All activities and financial transactions mentioned in Para (7) of this Article are as following:
A. Acceptance of deposits and other repayable funds from the public, including private Banking; B. Lending, financial leasing or any other form of financing; C. Money or value transfer services; D. Issuance and managing means of payment (e.g. credit and debit cards, checks, traveler's checks, payment orders and bankers’ drafts, electronic money); E. Issuance Financial guarantees and commitments; F. Activities related to securities as set out in the Capital Markets Law or any trading in: 1. money market instruments including checks, bills of exchange, and certificates of deposit; 2. currencies; 3. exchange, interest rate and financial index instruments; 4. negotiable securities and financial derivatives; 5. commodity future trading; G. Foreign exchange transactions; H. Participation in securities issuing, and provision of financial services; I. Individual and collective portfolio management; J. Safekeeping and administration of cash or liquid securities on behalf of other persons; K. Concluding life insurance contracts and other types of investment related insurance as a provider or an agent or broker of the insurance contract or any other insurance products stipulated in the Law on Supervision of Cooperative Insurance Companies; or L. Investing, administering or managing funds on behalf of other persons.
1/3 - The Commercial and Profession activities mentioned in Para (8) of this Article are as following:
a. Real estate brokerage when they are involved in transactions for their client concerning the buying and selling of real estate in all its forms; b. Dealing in gold, precious stones, or precious metals, when engaging in cash transactions with a customer equal to or above SAR 50.000, whether the transaction is carried out in a single operation or in several operations which appears to be linked, whether through individual firm or commercial Companies. c. Attorneys and any person providing legal or accounting type services in the exercise of professional activities, when they prepare, execute, or conduct a transaction for customers in relation to any of the following activities: i. Purchase or sale of real estate; ii. Management of a customer's funds, including securities, bank accounts, and other assets; iii. Establishment, operation, or management of legal persons or legal arrangements and the organization of related subscriptions; or iv. Sale or purchase of commercial companies.
1/4 - The Supervisory Authority as stipulated in para (12) of this Article are:
A. Saudi Arabian Monetary Authority. B. Capital Market Authority. C. Ministry of Commerce and Investment. D. Ministry of Justice. E. Ministry of Labor and Social Development. F. Any other authority mandated by law to monitor or supervise financial institutions or designated non-financial businesses of professions or NPOs
1/5 - All activities and works mentioned in Para (16) of this Article are as following:
a) Arranging, or undertaking a transaction, business relationship or opening account; b) A signatory to a transaction, business relationship, or account; c) Assigning an account, transferring rights or obligations according to a transaction; d) who is authorized to conduct a transaction, or to control a business relationship or an account; or e) who attempts to take any of previous actions.
1/6 - The competent Authority stipulated in para (13) of this Article are:
a. Public Prosecution. b. Ministry of Interior. c. Presidency of State Security. d. Supervisory Authority. e. General Directorate of Customs. f. General Directorate of Financial Intelligence. g. Any other authority assigned to apply the provisions under this Law.
Implementation of Article 2 of the AML law
2/1
The money laundering offense under the law apply, according to the law, to the person who committed the predicate offense and participated in money laundering crime.
Implementation of Article 5 of the AML law
5/1
Financial institution or designated non-financial business and profession shall identify asses and document their money laundering risks in writing, and regularly update its money laundering risk assessment and any underlying information, and keep both the report and any underlying information readily available for the supervisory authority. The nature and extent of the risk assessment shall be appropriate to the nature and size of the financial institutions’ or designated non-financial businesses and professions’ business.
5/2
Financial institution or designated non-financial business and profession when assessing its money laundering risks, shall give consideration to the following:
a. Customer risk factors and risk factors relating to the beneficial owner or beneficiary; b. Risk factors emanating from countries or geographic area in which customer operates or the place of origination or destination of a transaction; c. Risk arising from the nature of products, services and transactions offered and the delivery channels for products and services.
5/3
When carrying out a risk assessment, a financial institutions and designated non-financial businesses or professions shall take into account the any risks identified on the national level and any variables which may increase or decrease the money laundering risk in a specific situation, including:
a. The purpose of an account or relationship; b. The size of deposits or transactions undertaken by a customer; c. The frequency of transactions or duration of the relationship.
5/4
Based on the outcome of the risk assessment, a financial institutions or designated non-financial businesses and professions shall develop and implement internal policies, controls and procedures against money laundering that set out the appropriate level and type of measures to manage and mitigate the risks that have been identified; to monitor the implementation of those policies, controls and procedures; and to enhance them as necessary.
5/5
For higher level of risks the financial institution or designated non-financial business and profession shall apply enhanced mitigation measures; for a lower level of risks a financial institution or designated nonfinancial businesses and profession may apply simplified measures to manage and mitigate the risks. Simplified measures shall not be permitted if there is a suspicion of money laundering.
5/6
A financial institution or designated non-financial business and profession shall identify and assess the money laundering risks that may arise from the development of a new product, business practice or delivery mechanism, or from the use of a new or developing technology for new or pre-existing products. The risk assessment shall be carried out prior to the launch of the new product, business practice or delivery mechanism or prior to the use of the new technology. A financial institution or designated non-financial business and profession shall take appropriate measures to manage and mitigate the identified risk.
Implementation of Article 7 of the AML law
7/1
A financial institution or designated non-financial business and profession shall undertake due diligence measures at the following times:
a. Before establishing a new business relationship or opening a new account; b. Before carrying out a transaction for a customer with whom the financial institution or designated non-financial business and profession is not in an established business relationship, whether the transaction was conducted for one time or several times where the transactions would appear linked to each other; c. Before carrying out a wire transfer as prescribed by Article 10 of the Law for a customer with whom the financial institution or designated non-financial business and profession ion are not in an established business relationship; d. Whenever there is a suspicion of money laundering, regardless of the amounts involved; or e. Whenever the financial institution or designated non-financial business and profession has doubts either about the veracity or adequacy of previously obtained customer information or identification data.
7/2
Due diligence measures shall be based on risk and, at a minimum, comprise of the following:
a. Identify the customer and verify the customer’s identity, using reliable, independent source documents, data or information: 1. For a customer that is a natural person, the financial institution or designated non-financial business and profession shall obtain and verify the full legal name, residential or the national address, date and place of birth, and nationality; 2. For a customer that is a legal person or a legal arrangement, the financial institution or designated non-financial business and profession shall, at a minimum, obtain and verify the name, legal form and proof of existence, the powers that regulate and bind the legal person or legal arrangement, the names of all directors, senior managers or trustees, and the address of the registered office and, if different, the principal place of business. 3. Depending on the risk posed by a specific customer, the financial institution or designated nonfinancial business and profession shall determine whether any additional information must be collected and verified. b. Verify that any person purporting to act on behalf of a customer is so authorized, and identify and verify the identity of that person in line with subsection (a); c. Identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owners, using information and data obtained from a reliable source, such that the financial institution or designated non-financial business and profession is satisfied it knows who the beneficial owner is, as following: 1. For a customer that is a legal person, a financial institution or designated non-financial business and profession shall identify and take reasonable measures to verify the identity of the natural person who ultimately owns or controls 25% or more of the legal entity’s shares. 2. Where no controlling ownership interest exists as stipulated in the previous para (1), or there is doubt whether the controlling shareholder is not indeed the beneficial owner, the identity of the natural person exercising control of the legal person through other means; or, as a last means, the identity of the natural person who holds the position of senior managing official, and verify it. 3. For a customer that is a legal arrangement, a financial institution or designated non-financial business and profession shall identify and take reasonable measures to verify the identity of the endower, beholder, the beneficiaries or classes of beneficiaries, and any other natural person exercising ultimate effective control over the legal arrangement. d. Understand and obtain additional information on the purpose and intended nature of the business relationship, as appropriate. e. For the legal persons or legal arrangement, the ownership and control structure of the customer should be understood.
7/3
A financial institution or designated non-financial business and profession shall verify the identity of the customer and beneficial owners before or during the course of establishing a business relationship or opening an account; or before carrying out a transaction for a customer with whom the financial institution or designated non-financial business and profession is not in an established business relationship. Where the money laundering risk is low, a financial institution or designated non-financial business and profession may complete verification of the customer’s identity as soon as practicable after the establishment of the business relationship if postponing the verification is essential not to interrupt the normal conduct of business and the financial institution or designated non-financial business and profession shall apply appropriate measures to manage the money laundering risk. The financial institution or designated nonfinancial business and profession shall take measures to managing the risk in the circumstances where the customer benefit from the business relationship before the verification is completed.
7/4
In addition to the measures under Section 7/2, a financial institution shall, in relation to a beneficiary of a saving and protection insurance or other investment related insurance policy, apply the following due diligence measures as soon as the beneficiary is identified or designated:
a. For a beneficiary identified by name, take the name of that person whether it is natural or legal person; b. For a beneficiary designated by class or characteristics or any other means such as deeds , obtain sufficient information concerning the beneficiary to ensure that the financial institution will be able to identify the beneficiary prior to payout;
In all cases, a financial institution shall verify the identity of the beneficiary prior to a payout under the insurance policy or prior to the exercising of any rights related to the policy.
7/5
A financial institution, when determining whether enhanced due diligence measures are required in relation to a specific policy, shall take into account risk factors relating to the beneficiary of the policy and, if the financial institution considers that a beneficiary poses a higher risk, shall in all cases identify and verify the identity of the beneficial owner of the beneficiary at the time of payout.
7/6
A financial institution or designated non-financial business and profession shall carry out ongoing due diligence on all business relationships in accordance with the risks posed, verify the transition throughout the business relationship to ensure the consistency with customer’s data, activities and risk posed by customer. Also It should be ensured that documents, data and information collected under the due diligence process is kept up-dates and relevant by undertaking reviews of existing records, in particular for higher risk customers.
7/7
A financial institution or designated non-financial business and profession shall apply due diligence measures to customers and business relationships that existed at the date of coming into force of the Law and this Implementing Regulations. A financial institution or designated non-financial business and profession shall apply due diligence measures to existing customers and business relationships based on materiality and risk and conduct ongoing due diligence on such existing customers and business relationships at appropriate times, taking into account whether and when due diligence measures have previously been undertaken, and the adequacy of data obtained.
7/8
A financial institution or designated non-financial business and profession that is unable to comply with the due diligence obligations may not open the account, establish the business relationship or carry out the transaction; or in relation to existing customers or business relationships, shall terminate the business relationship; and shall in all cases consider submitting a suspicious transaction report to the Directorate.
7/9
Where a financial institution or designated non-financial business and profession has a suspicion of money laundering and it reasonably believes that performing due diligence may tip off the customer, it may opt to not carry out due diligence measures and shall submit a suspicious transaction report to the Directorate of financial intelligence , and stating the reasons as to why due diligence was not applied.
7/10
A financial institution or designated non-financial business and profession may rely on another financial institution or designated non-financial business and profession to perform identification and verification of the customer; identification and verification of the beneficial owner; and to take the necessary measures to understand the nature and intended purpose of the business relationship.
7/11
If financial institution or designated non-financial business and profession place reliance on another party as stated in 7/10, they shall do the following:
a. immediately obtains all necessary information as required under Article 7 of the Law and this Implementing Regulation; b. take measures to satisfy that copies of identification data and other relevant documentation relating to the due diligence measures will be made available , and without delay; c. ensure that financial institution or designated non-financial business and profession relied upon is regulated, supervised for and has measures in place for compliance with due diligence and record keeping requirements in line with the requirements stipulated under the Law and this Implementing Regulation. d. Take into account information available with (AMLPC) and the Directorate of Financial intelligence with regard to high-risk countries identified.
The ultimate responsibility of all requirements stipulated in this law and its implementing regulation relay on the requesting financial institution and designated non-financial business and profession.
7/12
when a financial institution is being relied upon by another domestic or foreign financial institution, confidentially requirements under Saudi law shall not preclude a financial institution from exchanging information as required for the reliant party to determine whether the relied upon financial institutions applies appropriate standards
7/13
A financial institution or designated non-financial business and profession that relies on a financial institution or designated non-financial business and profession that is part of the same financial group may consider that the financial institution or designated non-financial business and profession relied upon meets the requirements under Article 7/10 and 7/11 provided the group applies due diligence and record keeping requirements in line with the Law and this Implementing Regulation, the implementation of such policies is supervised at the group level by a competent authority and any higher country risk is adequately mitigated by the group’s policies and controls.
7/14
A financial institution or designated non-financial business and profession shall determine the extent and depth of application of due diligence measures under Article 7 of the Law based on the types and levels of risk posed by a specific customer or business relationship.
Where the risk of money laundering is higher, a financial institution or designated non-financial business and profession shall apply enhanced due diligence measures consistent with the risks identified. Where the risk of money laundering is lower, a financial institution or designated non-financial business and profession may conduct simplified due diligence measures provided there is no suspicion of money laundering, in which case simplified due diligence shall not be permitted. The simplified measures shall be commensurate with the lower risk.
Implementation of Article 8 of the AML law
8/1
The person is or has become assignee with a prominent public function in the Kingdom or a foreign country; or with a senior management position in an international organization is consider as “politically exposed person”, it shall comprise the following:
a. Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, and important party officials b. Directors, deputy directors, and members of the board or equivalent function, of any international organization.
8/2
The obligations under Article 8 of the Law shall apply in relation to politically exposed persons, their close associates and family members.
8/3
A family member of a politically exposed person shall include any individual who is related to a politically exposed person by blood or marriage up to the second degree.
8/4
A close associate of a politically exposed person shall include any natural person who is known to have joint beneficial ownership of a legal entity or legal arrangement or who is in a close business relationship with the politically exposed person, or who has a beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the benefit de facto of a politically exposed person.
8/5
A financial institution or designated non-financial business and profession shall in relation to politically exposed persons from a foreign country, obtain senior management approval before establishing or continuing such a business relationship; take reasonable measures to establish the source of wealth and the source of funds of the politically exposed person; and conduct enhanced ongoing monitoring on the business relationship; and the same applied in relation to politically exposed persons from the Kingdom, in case of a higher risk of money laundering.
8/6
A financial institution shall take the reasonable measures to determine whether the beneficiaries or the beneficial owner from the saving and protection policy or any other investment insurance policy, before the payout of the policy prior to the exercising of any rights related to the policy, are PEPs, if so, the FI shall inform the senior management before the payout or prior to the exercising of any rights related to the policy, and conduct enhanced scrutiny on the business relationship, and consider making a suspicious transaction report.
Implementation of Article 9 of the AML law
9/1
Before entering into a cross-border correspondent relationship, a financial institution shall apply the following risk mitigating measures:
a. gather sufficient information about the respondent institution to understand fully the nature of the respondent’s business, and determine from publicly available information the reputation of the institution and the quality of supervision, and whether the respondent institution has been subject to a money laundering investigation or regulatory action; b. assess the respondent institution’s anti-money laundering controls; c. obtain approval from senior management before establishing new correspondent relationships; and d. clearly understand the respective anti-money laundering responsibilities of each institution. e. Reach satisfactory convention that a respondent financial institution does not allow the use of its account by shell banks.
9/2
Where a financial institution registered and licensed in the Kingdom enters into a correspondent relationship in order to receive services from a foreign correspondent financial institution, confidentially requirements under Saudi law shall not preclude the financial institution from providing to the foreign institution the information and documents required for the foreign institution to satisfy itself that the conditions under 9/1 (a) and (b) are met.
Implementation of Article 10 of the AML law
10/1
Article 10 of the Law shall apply to cross-border wire transfers and domestic wire transfers in any currency, including serial payments and cover payments, which are received, or sent or processed by a financial institution in the Kingdom, including credit or debit or prepaid card, mobile phone or other digital or IT prepaid or postpaid device that are used to effect a person-to-person transfer of funds. The scope of the Law does not extend to a transfer that
a. flows from a transaction carried out using a credit or debit or prepaid card, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics and exclusively for the purchase of goods or services, provided the credit or debit or prepaid card number accompanies the transfer flowing from the transaction; or b. constitutes a transfer or settlement between two financial institutions where both the originator and the beneficiary are a financial institution acting on their own behalf.
10/2
Originator information shall include:
a) The full name of the originator; b) The originator account number where such an account is used to process the transaction or in the absence of an account number, a unique transaction number that permits traceability of the transaction; and c) The originator’s address, or customer identification, or date and place of birth.
Beneficiary information shall include:
a) The full name of the beneficiary; and b) The beneficiary account number where such an account is used to process the transaction or in the absence of an account number, a unique transaction number that permits traceability of the transaction. 10/3
A financial institution that orders a wire transfer shall include required and verified originator information and required beneficiary information with each wire transfer. In case of a suspicion, an STR shall be submitted according to Article 15 of the Law. If a financial institution cannot comply with its obligations under this provision, it shall not order the wire transfer.
10/4
Where several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to several beneficiaries, the ordering financial institution shall include in the batch file the required and verified originator information; the required beneficiary information that is fully traceable within the beneficiary country; and the originator’s account number of unique transaction reference number.
10/5
For domestic wire transfers, the obligations set out in Article 10/3 shall apply unless the ordering financial institution is in a position to make all required originator and beneficiary information available to the financial institution ultimately receiving the wire transfer or competent authorities by other means, in which case the ordering financial institution may only include the account number or a unique transaction reference number that permits the transaction to be linked with the relevant originator or beneficiary information. The ordering institution shall make the required and verified originator and required beneficiary information available within three business days upon receiving a request for such information from the financial institution ultimately receiving the wire transfer or a competent authority.
10/6
A financial institution shall maintain all originator and beneficiary information in accordance with Article 12 of the Law.
10/7
For cross-border wire transfers, a financial institution processing an intermediary element of the payment chain shall ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it, and shall keep all wire transfer information including originator and beneficiary information in accordance with Article 12 of the Law.
10/8
Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the intermediary financial institution shall keep a record for ten years of all the information received from the ordering or other intermediary financial institution.
10/9
A financial institution ultimately receiving or processing an intermediary element of a wire transfer shall have in place and apply procedures for:
a) Identifying wire transfers that lack required originator or beneficiary information; b) Determining, on a risk basis, when to execute, reject, or suspend a wire transfer that lacks required originator or required beneficiary information; and c) Taking appropriate risk based follow-up action which may include restricting or terminating the business relationship.
10/10
A financial institution ultimately receiving a cross-border wire transfer shall take reasonable measures to identify cross-border wire transfers that lack required originator or beneficiary information. Such measures may include post-even monitoring or real-time monitoring where feasible. , if the identity has not been previously verified, a financial institution ultimately receiving the transfer shall verify the identity of wire-transfer sender’s information and maintain this information in accordance with Article 12 of the Law.
10/11
Confidentially requirements under Saudi law shall not preclude a financial institution from exchanging information with other domestic or foreign institutions that are processing any part of the transaction as required to comply with the provisions under this Article.
Implementation of Article 14 of the AML law
14/1
The policies, procedures and internal controls shall be proportionate to the nature and size of the financial institution or designated non-financial business and profession’s business and shall address the following:
a. Due diligence measures as required under this law and its Implementing Regulation, including risk management procedures for utilization of a business relationship prior to completion of the verification process; b. Transaction reporting procedures; c. Appropriate anti-money laundering compliance management arrangements, including appointment of an anti-money laundering compliance officer at the senior management level; d. Adequate screening procedures to ensure high standards when hiring employees; e. Ongoing employee training programs; and f. An independent audit function to test the effectiveness and adequacy of internal policies, controls and procedures.
14/2
A financial group shall implement a group-wide program against money laundering, apply the internal policies, controls, procedures to all of its branches and majority-owned subsidiaries and ensure effective implementation thereof by all branches and majority-owned subsidiaries. In addition to the issues set out in subsection 14/1, a group level policy shall address also the sharing of information between all members of the group; the provision of customer, account and transaction information to group-level compliance, audit or anti-money laundering functions; and the safeguarding of confidentiality and use of the information exchanged.
14/3
Where the anti-money laundering requirements of a foreign country are less strict than those imposed under the Law and this Implementing Regulation, a financial institution or designated non-financial business and profession shall ensure that its branches and majority-owned subsidiaries operating in that foreign country apply measures consistent with the requirements under the Law and this Implementing Regulation. If the foreign country does not permit the proper implementation of such measures, the financial institution or designated non-financial business and profession shall inform the Saudi supervisory authority of this fact and take any additional measures necessary to appropriately manage and mitigate the money laundering risks associated with its operations abroad. The financial institution or designated non-financial business and profession shall comply with any instructions received from the supervisory authority in this regard.
Implementation of Article 15 of the AML law
15/1
Suspicious reporting requirement stipulated under this article shall include the following:
a) A financial institution or designated non-financial business or profession or NPO that suspects or has reasonable grounds to suspect that funds or parts thereof, are proceeds of crime or are related to money laundering or that such funds will be used in acts of money laundering, including attempts to initiate such a transaction, b) A financial institution or designated non-financial business or profession or NPO that suspects or has reasonable grounds to suspect that any of the complicated, high-volume, or suspicious transaction that relates to money laundering, including the attempt to execute any of these transations.
15/2
The reporting obligation under Article 15 of the law applies regardless of the amounts involved.
15/3
A financial institutions, designated non-financial businesses and professions, or NPO shall implement indicators of suspected acts of money laundering. These indicators shall be updated on a continuous basis according to the development and diversity of methods used to carry out such acts, while complying with the publications of supervisory authorities in this regard.
15/4
The reporting shall be provided as per the form adopted by the Directorate, and as minimum shall include the following information:
A. Names, addresses and phone numbers of those carrying out suspicious transactions; B. A statement of the suspicious transaction, its involved parties, circumstances surrounding its detection and its current status; C. Specifying the amount of the suspicious transaction and relevant bank or investment accounts; and D. The reasons and causes of suspicion on the basis of which the employee made such report.
The directorate of financial intelligence shall further specify the manner in which reports under this Article are to be made and the information that shall be transmitted as part of the report.
Implementation of Article 16 of the AML law
16/1
The protection under Article 16 of the Law shall include protection from any criminal, civil, contractual, disciplinary or administrative liability and applies also in situations where the financial institution or designated non-financial business and profession or its employees or directors did not know precisely what the underlying criminal activity of the reported transaction was and regardless of whether illegal activity actually occurred.
Implementation of Article 17 of the AML law
17/1
The General Directorate of Financial Intelligence shall be headquartered is located in Riyadh and it may open other branches in regions of the Kingdom, shall assume the following functions:
a. Receive suspicious transaction reports, or other information or reports relating to money laundering, predicate offenses or proceeds of crime as provided for by the Law; b. Gather information that will enable the Directorate to perform its work effectively; c. Analyze the reports and information received; d. Disseminate the results of its analysis to competent authorities, either spontaneously or upon request; e. Establish a database including all reports and information received. The database shall be updated consecutively while maintaining the confidentiality of the information included therein; f. Request and exchange information with competent authorities; g. Request and exchange information with foreign counterparts; h. Prepare templates for use by reporting entities to report suspicious transactions; i. Issue and update guidance to financial institutions, designated non-financial business and profession, and NPOs on identifying and reporting suspicious transactions; j. Seek assistance, at its discretion, from experts and specialists from relevant agencies; k. Provide feedback to reporting entities on information and suspicious transaction reports received; l. Participate in the preparation of awareness programs on combatting money laundering in coordination with the Permanent Committee on Anti-Money Laundering; m. Enter into memoranda of understanding with other financial intelligence units according to applicable laws and procedures; n. Prepare annual reports; o. Prepare typology reports based on the outcome of its strategic analysis; p. Directorate of financial intelligence, as member of Egmont group, follow up with the Egmont group’s requirement, participate in its conference; ; q. Stop the suspicious transaction, if necessary, up to (72) hours from the time the suspicious transaction report is received. r. Request the Bureau of Public Prosecution to apply a seizing measure in relation to funds or instrumentalities s. Conduct research and inquiries, in coordination with the competent authorities, or request from the competent authorities to conduct field investigation.
17/2
The Directorate shall conduct the following:
a. Operational analysis: which is the use available and obtainable information to identify suspects, to trace particular activities or transactions, and to determine links between those suspects and possible proceeds of crime, or money laundering or predicate offenses. b. Strategic analysis: which is the use available and obtainable information, including data that may be provided by other competent authorities, to identify money laundering related trends or patterns.
17/3
The Directorate of financial intelligence shall protect the information it received or maintains by:
a. Establishing rules governing the security and confidentiality of information, including procedures for handling, storage, dissemination, and protection of, and access to information; b. Ensuring that there is limited access to the Directorate’s facilities and information, and IT systems.
17/4
The Directorate of financial intelligence shall be operationally independent and autonomous by:
a. Having the authority to carry out its functions freely, including the autonomous decision to analyze, request and/or forward or disseminate specific information; b. Having the capability to place arrangement or work independently with other local competent authorities, or foreign counterpart in relation to exchange of information, c. Having distinct functions to distinguish them in the performance of its work from other parties under the chairmanship of the State Security; d. Be able to obtain and deploy the resources needed to carry out its functions, on an individual or routine basis, free from undue political, government or industry influence or interference, which may compromise its operational independence.
17/5
All domestic and international obligations under the former name (Financial Investigation Unit) shall be referred to The Directorate of financial intelligence.
Implementation of Article 18 of the AML law
18/1
The Directorate of financial intelligence is authorized to request additional information directly from a financial institution if that financial institution has submitted a report under Article 15 of the Law and the Directorate’s request is in relation to a transaction or person mentioned in this report. In all other cases, the Directorate may request and the financial institution shall provide the requested information through the supervisory authority.
18/2
The Directorate of financial intelligence is authorized to request additional information directly from a designated non-financial business or profession in all cases, whether or not that designated non-financial business or profession has submitted a report under article 15 of the Law, or the Directorate’s request is in relation to such report. The Directorate does not have to consult or involve the supervisory authority.
Implementation of Article 19 of the AML law
19/1
When disseminating any information or the results of its analysis to competent authorities, the Directorate of financial intelligence shall use dedicated, secure and protected channels.
Implementation of Article 20 of the AML law
20/1
The Directorate of financial intelligence shall ensure that their staff members have the necessary security clearance.
20/2
The Directorate of financial intelligence shall take appropriate measures to ensure that their employees understand their responsibility in dealing with sensitive information, and its dissamination
Implementation of Article 22 of the AML law
22/1
Where the Directorate of financial intelligence receives information from a foreign counterpart, it shall use the information received only for the purpose for which it was sought, unless the foreign counterpart grants its approval that the Directorate may use the information obtained for another purpose. The Directorate provide the feedback for the foreign counterpart, if feasible and upon request it receives, on the information disseminated by the counterpart agency, or the outcome of the result based in the information provided.
Implementation of Article 23 of the AML law
23/1
The value threshold for declarations under Article of the Law shall be SAR 60.000 or its equivalent , which include currency, bearer negotiable instrument, precious metals or stones or jewelry that have to be declared when entering or exiting the kingdom Declarations under Article 23 of the Law shall be made in writing and in accordance with the approved template.
23/2
For the benefit of performing his functions under this Chapter, a customs official shall have the power to stop and search any person or vehicle, including cargo containers and postal deliveries exiting or entering the Kingdom and shall have available all powers provided for in the Common Customs Law. All powers shall be applied and searches be carried out in accordance with Common Customs Law, its Implementing Regulation and relevant Administrative Resolutions including how the inspection is preformed
23/3
The General Directorate of Customs may stop or seize, partially or in full, any currency, bearer negotiable instrument, gold bars, precious metals or stones or jewelry for up to (72) hours, in the following cases:
a. The value or amount of currency, bearer negotiable instrument, gold bars, precious metals or stones or jewelry was not declared or not declared truthfully as required under the Law. b. If there is a suspicion that such currency, bearer negotiable instrument, gold bar or precious metal or stone or jewelry is proceeds of crime or instrumentalities, or is related to a money laundering or a predicate offense, including in cases where the threshold under Article 23/1 is not met; or
The General Directorate of Customs shall immediately inform the Public Prosecution of the seizure, the General Directorate of Customs shall request and obtain additional information from the carrier about the origin and the intended use thereof.
23/4
The General Directorate of Customs shall prepare an incident report. In case the measure was taken by another security agency, the security agency shall prepare an incident report and refer the case to the General Directorate of Customs. Then the custom conduct preliminary investigation, and the reasons of declaration failure, false declaration, or suspicions of money laundering or predicate offence. Seized items are deposited by customs in account designated for within the custom.
23/5
Prior to expiration of the provisional seizure, the General Directorate of Customs shall ask the Public Prosecution to extend the seizure, and the Public Prosecution may inform the Custom to extend the provisional seizure to a period not exceeding 60 days, according to the law. If there is a need to extend the provisional seizure, if there are reasonable grounds for the suspicion or that the continued detention of the seizure items is justified while its origin or derivation is further investigated or consideration is given to instituting a criminal investigation related to the predicate offense or ML crimes, the Public Prosecution may ask the competent court as per the provision stipulated in the Criminal Procedures law, and the Public Prosecution shall investigate on the origin of the funds and the intended use.
23/6
Any person who fails to or makes a false declaration, and the custom convinced on the reasons behind that, and provided that no suspicious related to the ML or predicated offences, the custom shall impose a fine for 25% of the seizure items if the first time, 50% for any repeating cases.
23/7
In all case, if there is suspicious related to predicted offences or ML, after completing the initial procedures, the case shall be refer to the Public Prosecution for further investigation, and notification shall be made to the Directorate of financial intelligence.
23/8
In case a departing traveler was carrying gold bar or precious metal or stone or jewelry of a value exceeding SAR 60,000 when departing or entering the Kingdom, he/she shall visit Customs offices at the port to declare them, and present a receipt of purchase to confirm their value. If it turned out that the goods are for commercial purposes, the ‘Common Customs Law and its Implementing Regulations’ shall apply.
23/9
Upon declaration, a customer officer shall ensure the validity of money not being forged or forfeited.
23/10
In the case of not notifying the Public Prosecution and Custom of the required procedures, the custom shall request the Public Prosecution to left the seizure on the currency, bearer negotiable instrument, precious metals and stones, gold bars, or jewelry.
23/11
These measures shall apply to companies, financial institutions, designated non-financial businesses and professions, non-profit organizations, gold vendors, Hajj and Umra missions and service providing companies concerned with transferring cash, postal and non-postal packages and shipments, while preserving their right to conduct business.
23/12
Saudi Customs shall establish a database including the information contained in decoration form, the incident reports; other related information, the suspicious cases of ML or predicted offences, while notifying the General Directorate of Financial intelligence immediately, and provide access to the Directorate, and the Directorate request more information.
23/13
Saudi Customs shall prepare and develop a declaration form as provided for in this Article in coordination with other authorities and distribute it to ports of entry/exit.
23/14
The General Directorate of Customs, in coordination with other competent authorities, shall take the necessary measures to inform the instructions with all possible means, and provide prominent warning sign in all boarder ports, illustrating procedure and sanctions to be applied against violators.
23/15
If within 60 days from the first seizure by the General Directorate of Customs no person has asserted a claim to the seized currency, bearer negotiable instrument, gold bar, or precious metal or stone or jewelry; or if the suspect has escaped or could not be caught, the currency, gold bar, bearer negotiable instrument, precious metal or stone or jewelry shall be considered to be unclaimed and shall be processed in accordance with the provisions of the Common Customs Law in dealing with unclaimed and relinquished goods.
23/16
The General Directorate of Customs may, acting on its own initiative or upon request, cooperate and exchange available and accessible information with or carry out inquiries for a foreign counterpart agency in relation to a money laundering or predicate offense investigation or inquiry, or for the purpose of identifying, tracing or seizing or confiscating proceeds of crime or instrumentalities.
Implementation of Article 24 of the AML law
24/1
A supervisory authority may exchange the following information with foreign counterparts where such information is requested by the foreign counterpart for anti-money laundering purposes:
a. regulatory information and general information on the financial sector; b. prudential information such as information on a financial institution or designated non-financial business and profession ’s business activities, beneficial ownership, management and the fit and properness of any managers, directors, shareholders or beneficial owners; and c. Other relevant information such as on the internal policies, controls and procedures of a financial institution or designated non-financial business and profession, customer due diligence information, customer files, samples of accounts and transaction information.
24/2
Where a supervisory authority obtains information from a foreign counterpart, the supervisory authority shall obtain authorization from the foreign counterpart prior to any dissemination or use of the information received. And where a supervisory authority is obliged of declaration or reporting of information, then it shall inform the counterpart of this obligation.
24/3
A supervisory authority may apply supervisory measures on behalf of foreign counterparts and, as appropriate, facilitate the ability of the foreign counterpart to carry out consolidated group supervision.
24/4
A supervisory authority may exempt a specific category of reporting entities from the requirement in Article 5 of the Law to carry out an institutional risk assessment, if the supervisory authority has confirmed that the identified risks of the sector are clear and understood, or that a specific activity carried out by the financial institution or designated non-financial business and profession is of a low risk.
24/5
A supervisory authority may instruct a financial institutions or designated non-financial business and professions to take certain measures in relation to foreign branches and majority-owned subsidiaries that pose a higher risk, including placing additional controls on the branch or majority-owned subsidiary or the financial group, or requesting the financial group to close down its operations in the host country.
24/6
A financial institution or designated non-financial business and profession shall comply with any instructions, rules, guidelines or any other instruments issued by a supervisory authority, including an order under Article 24 (b) of the Law to provide any information as specified by the supervisory authority.
Implementation of Article 28 of the AML law
28/1
A Ministry of interior is authorized to expel non-Saudi sentenced to prison on money laundering offences, and never return to the kingdom unless for Umra and Hajj.
Implementation of Article 36 of the AML law
36/1
In the implementation of this Article regarding funds, proceeds or instrumentalities subject to confiscation, the Council of Ministers’ Resolution no. 48, dated 18/2/1421H shall be taking into consideration.
Implementation of Article 37 of the AML law
37/1
The competent authority mentioned under this article that are competent to disposal of fund or confiscated instrumanlities is the authority that made the provisional seizure.
37/2
The competent authority mentioned under this article that are competent to share confiscated funds is the Permanent Committee on Mutual Legal Assistance.
Implementation of Article 38 of the AML law
38/1
The Public Prosecution may exchange domestically available or accessible information with foreign counterparts for intelligence or investigative purposes relating to money laundering and associated predicate offenses, including for purpose of identifying, tracing or securing proceeds of crime or instrumentalities. The Public Prosecution may use all of its powers available in a domestic case also to conduct inquiries and obtain information on behalf of a foreign counterpart.
38/2
Criminal investigating officers, each within their own purview, in coordination with competent authorities may exchange domestically available or accessible information with foreign counterparts for intelligence or investigative purposes relating to money laundering and associated predicate offenses, including for purpose of identifying, tracing or securing proceeds of crime or instrumentalities. Criminal investigating officers may use their powers available in a domestic case also to conduct inquiries and obtain information on behalf of a foreign counterpart; and may form joint intelligence teams to conduct cooperative intelligence, or establish bilateral or multilateral arrangements to enable such joint intelligence.
Implementation of Article 39 of the AML law
39/1
The competent authority, including the judicial authority, through the Permanent Committee on Mutual Legal Assistance, may provide mutual legal assistance to a foreign country in any investigation, prosecution or judicial proceeding relating to:
a. a money laundering or predicate offence; b. the determination of whether funds are proceeds of crime or instrumentalities of crime and the tracing of such funds; c. a possible confiscation order, whether or not based on an underlying criminal conviction; or d. the freezing or seizure of proceeds of crime or instrumentalities.
39/2
The competent authorities provide all available power given to implement the following types of mutual legal assistance may be provided:
A. Providing information, documents, or evidence, including the financial records from financial institutions, designated non-financial business profession, NPOs, or any other person. B. The hearing of statements of persons, including hearing statements of person present inside the KSA that could not be present on the territories of a requesting State, with utilization of live visual telecommunication. The hearing shall be agreed upon with a judicial authority of the requesting country in the presence of a judicial authority of the Kingdom. The costs shall be borne by the requesting country unless otherwise. C. The full range of powers and techniques, including controlled delivery, covert operations, communication interception and access to automated systems. D. Informing related person on the judicial papers and documents, including documents related to testimony. E. Inspecting, seizing, and arresting procedures. F. Examining objects and visiting sites. G. Providing information. H. Seeking the help of specialists. I. Locating sites, persons connected with the crime and their identities J. Providing the original of documents, records, and government papers received from financial institutions, any party, or other companies from the private sector or other ratified pictures of it. K. Identifying and tracing the funds subjected to confiscation or that might be confiscated. L. Seizing funds in the context of confiscating-based procedures with conviction or without conviction. M. Facilitating the voluntary appearance of persons in the requesting countries. N. Inform the relevant authority with judicial document.
And any other forms of legal assistance that does not contradict with the internal laws of the Kingdom.
39/3
If a foreign country requests a form of assistance not specifically mentioned in this subsection but available under Saudi law for domestic criminal matters, the judicial authority may provide the assistance sought to the same extent and under the same conditions as would be available to competent authorities in a domestic criminal matter.
39/4
Mutual legal assistance may not be refused solely on the grounds that the offense is considered to involve fiscal matters, or based on secrecy or confidentiality provisions.
39/5
Where a request for mutual legal assistance involves non-coercive measures, such assistance may be provided also in the absence of dual criminality. In all other instances, dual criminality is required for mutual legal assistance to be rendered.
39/6
The legal assistance application shall include as much information as possible to facilitate the implementation process, including:
1. The legal document based on which the application is submitted. 2. Determination of the authority responsible for investigations, prosecutions or proceedings related to the application, communication channels with all the persons able to respond to the inquiries related to the application and description of the criminal incident, its conditions and circumstances. 3. Description of the required assistance and the measures to be taken, as well as all the requirements that the applying State wishes to meet. 4. If the application is related to the inspection of a place, attachment or confiscation of assets, it shall include a precise description thereof, including providing the widest range of accurate information on the targeted funds, such as the type, amount, and location, as well as the owner of the funds, provide the available information, such as the account number, the securities number, or the real estate number and the car. 5. Determination of the required time for the application shall be implemented, if necessary. 6. A certified copy of the judicial order or judgment rendered by the competent Court shall be submitted when necessary. 7. Enclosing a written undertaking by the applying State to preserve the confidentiality of information or evidence provided upon implementation of the application, and that the submitted information or evidence will not be used for other than the purposes stated in the application, unless prior approval is obtained from the Committee. 8. The applying State shall submit any additional information or documents that the Committee deems necessary to implement the application or facilitate the implementation thereof.
39/7
The Competent authorities may undertake the following:
A. Coordinating and understanding with the competent authorities of the country concerned to allow the proper use of the method of controlled delivery of funds across the Kingdom to expose persons involved in the commission of crimes and their contributors, subject to the provisions of the laws, regulations and instructions in force in the Kingdom. B. Applications for the controlled delivery of funds must be in writing, and the competent authorities in the Kingdom shall take the decisions to respond to them on a case-by-case basis. The requesting country shall include the willingness to provide assistance to the Kingdom in such a request as may be required. C. It may be agreed with the interested parties of other States to inspect and verify the consignments agreed upon for the controlled delivery and then allow them to proceed. D. In the controlled delivery and after agreement with the parties concerned in other country, the agreed funds may be exchanged for similar materials for fear of leakage during transport.
Implementation of Article 40 of the AML law
40/1
Requests for the execution of foreign confiscation orders or rulings, issued by the competent authority or court in the requested country, shall be executed according to the competent law of the kingdom. Any ruling intended to be recognized and executed shall include the following document and information:
a. An official copy of the ruling issued, and a copy of the law on which the confiscation order is based, and certificate on the ruling stating that the ruling is final , and issued by the competent judicial authority in the requesting country; b. The person involved in the case has been called to attend, and has been represented rightly, and able to defend himself; c. The ruling does not conflict with any ruling or order issued in the same subject from competent court in the kingdom, provided that no ongoing trail in the kingdom on the subject ruled by the requesting country; d. The ruling does not contain any provision not applicable to general law, and Sharia law in the kingdom; e. A statement that includes the procedures and measures taken by the requesting countries to protect the persons of good will. f. A description of the funds that the request is issued for in accordance to this article, estimation of their value, their possible location, and information about any person who keeps them or has them in his possession. However, the requesting countries shall provide a statement about the facts that the request is based on. g. The order of confiscation issued by the Kingdom determines how to preserve and manage confiscated funds. It is permissible to the competent court to request the hiring of a judicial guard, if needed, in which his expenses are deducted from the value of the funds he’s guarding.
40/2
In case of the received requests, where the perpetrator of the crime cannot be prosecuted because of death, escape, absence, or lack of identification, the Committee shall refer the request to the Public Prosecution to take the necessary procedures, provided that the request contains a statement which includes the merits and reasons it was based on, considering that such funds are linked to criminal conduct.
Implementation of Article 41 of the AML law
41/1
The extradition process is governed by the bilateral agreements signed between the kingdom and the requested country, or multilateral agreements ratified by the kingdom as per the applicable law.
41/2
The Kingdom may refuse to extradite Saudi nationals. Where a request for extradition is denied based on nationality of the accused or convict, the public prosecution shall, without delay, determine whether there are grounds for prosecution of the offense set forth in the request.
41/3
Extradition shall be subject to dual criminality. The dual criminality principal is available when the request country and the kingdom criminalized the act subject to the extradition, regardless the classification of the act as per the criminal laws.
41/4
The following requirements shall be included in the extradition:
A. Received a written and through the official channels; B. Attached a certified copy, or request the original of the conviction, or the detention order related to the extradited person, C. A statement on the crimes the extradition sought, including the widest range of information available, such as the time and location of the crime. D. The legal text, or the statement of the legal ground, to allow for assessing the request, E. The necessary information to identify the wanted persons, F. Any other information seek by the competent authority deemed necessary to execute the request.
Implementation of Article 42 of the AML law
42/1
The Permanent Committee for Mutual Legal Assistance at the Ministry of Interior shall arrange for the execution of mutual legal assistance requests and for any arrangements deemed necessary to transmit the evidentiary material gathered in response to a request for assistance to the competent authority of the requesting State. Where a request for mutual legal assistance results, directly or indirectly, in the confiscation of funds, the Permanent Committee for Mutual Legal Assistance shall determine whether the confiscated funds shall be shared with the requesting country.
Implementation of Article 43 of the AML law
43/1
The supervisory authority, when receiving request from the public prosecution to provide records, documents, or information subject to confidentiality, shall, without delay and prior notice to the party concerned, forward the order to the financial institution, requesting it to produce the requested records, documents or information within the timeframe and in the manner and form as stipulated in the order.
43/2
Immediately upon receiving of the produced records, document or information, the supervisory authority shall notify the Public Prosecution of that fact and provide the produced records, documents or information, as and within the timeframe stipulated by the Public Prosecution.
43/3
The supervisory authority shall not have any power to review any orders issued by the Public Prosecution on the merits, to refuse its assistance in the implementation of any particular order, or to filter or withhold any records, documents or information produced by the financial institution.
Implementation of Article 49 of the AML law
49/1
The investigating officer, may issue a reasoned order permitting an investigating officer to conduct an undercover operation for the purpose of gathering evidence of a money laundering or predicate offense. An undercover operation is an operation for intelligence conduct by the investigation officer to gain evidence or information related to the criminal behavior.
49/2
Investigating authorities may conduct or participate in a controlled delivery under the supervision of Ministry of interior.
49/3
Investigating authorities may take the necessary measure to reach the perpetrator.
Implementation Rules for Banking Control Law
Circular to all banks operating in Saudi Arabia
Director General of the Department of Banking Control
Subject: Implementation Rules for Banking Control Law
Based on the powers vested in the Minister of Finance and National Economy under the Banking Control Law issued by Royal Decree No. (M/5)
dated 22/2/1386H, Ministerial Resolution No. (3/2149) dated 14/10/1406H was issued regarding the Implementation Rules for Banking Control Law. A copy is attached.The Resolution includes rules for implementing the following provisions of the Banking Control Law: Article (12) regrading appointment to boards of directors and senior positions in banks; Article (16) regarding the practice of banking activity in line with the monetary and credit policy and economic developments in the Kingdom; Article (17) regarding the organization and specification of the periodic data that must be provided to SAMA for supervisory and statistical purposes; Article (18) regarding banking inspections conducted by SAMA, the behavior of the bank staff, and compliance with the recommendations and instructions issued by SAMA as a result of the inspection procedures; and Article (22) regarding the procedures and penalties SAMA is authorized to apply under this Resolution in implementation of this Article and in light of the Ministerial Resolution No. (3/959) dated 26/4/1404H issued in implementation of Article (25) of the Banking Control Law regarding the contraventions punishable under the Law. SAMA stresses that banks should strictly adhere to the aforementioned Rules as well as other instructions issued regarding the implementation of the provisions of the Banking Control Law in order to ensure the soundness of the banking system, achieve the public interest, and avoid the penalties prescribed under the Law and the Ministerial Resolution attached.
The Governor
Hamad Alsayari
Ministerial Resolution No. (3/2149) dated 14/10/1406H
The Minister of Finance and National Economy;
based on the powers vested in him;
in accordance with Article (26) of the Banking Control Law issued by Royal Decree No. (M/5) dated 22/2/1386H;
after having studied the Memorandum of the Governor of Saudi Arabian Monetary Authority No. (M G M A/ 411) dated 13/6/1406H regarding the proposal of Draft Implementation Rules for the Banking Control Law;
upon perusal of the Ministerial Resolution No. (3/920) dated 16/2/1402H regarding the rules regulating money changing business;
and upon perusal of the Ministerial Resolution No. (3/959) dated 26/4/1404H regarding the rules for the formation of a committee as stipulated in Article (25) of the Banking Control Law for the resolution of the contraventions punishable under the Law;
has decided the following:
A) The Implementation Rules for Banking Control Law are approved subject to the following:
Implementation of Article (16) of the Banking Control Law
I. In implementation of Article (16) of the Banking Control Law, banks shall:
1. Comply with the rules set by SAMA regarding loan limits that the bank may offer.
2. Comply with the rules set by SAMA regarding the types of loans to be granted and other transactions, such as, but not necessarily exclusive of:
a) Informing SAMA, prior to undertaking or commitment, of any loan application submitted by a non-resident entity. b) Obtaining SAMA’s written prior approval before initiating any procedure for extending any loan to a non-resident entity. c) Obtaining SAMA’s written prior approval before inviting foreign banks to participate in any joint facilities in Saudi riyals. d) Obtaining SAMA’s written prior approval before participating in any joint facilities arranged in Saudi riyals outside the Kingdom, whether for resident or non-resident entities. e) Obtaining SAMA’s written prior approval before participating in any joint facilities arranged in foreign currencies for non-residents. f) Obtaining SAMA’s written prior approval before the acquisition of, or subscription for any securities in Saudi riyals abroad. g) Obtaining SAMA’s written prior approval before the acquisition of, or subscription for any securities in foreign currencies abroad, with the exception of bank ownership of treasury bills and negotiable certificates of deposit. h) Obtaining SAMA’s written prior approval before issuing or participating in the issuance of any securities inside or outside the Kingdom. i) Reporting to SAMA before introducing any new activities inside the Kingdom which may entail financial obligations on the bank.
3. Non-contravention of any of the guidelines and rules set forth by SAMA for banks for carrying on certain types of transactions for their customers such as, but not necessarily exclusive of:
a) Complying with the bank tariff rates. b) Informing government authorities of foreign guarantees issued by banks other than those included in the approved list reported to banks, and of breaches of any of the terms that should be complied with in such guarantees, in keeping with Circular No. (11/M/12407) dated 5/8/1396H of the Ministry of Finance and National Economy and any circulars that might be issued thereafter. c) Refraining from conducting, or mediating in conducting any transaction which might involve circumvention of the provisions of “The Banking Control Law” inside or outside the Kingdom. d) Refraining from implementing any scheme for soliciting deposits, with the exception of current accounts and fixed-term deposits, before reporting to SAMA. e) Refraining from conducting any banking business with persons unauthorized according to the applicable laws and rules, including money changers not authorized by SAMA in accordance with the Minister of Finance and National Economy Decision No. (3/920) dated 16/2/1402H.
4. Comply with the rules of cash margins that must be held against certain types of letters of credit or guarantees issued by SAMA in accordance with the Law.
5. Comply with the instructions on the minimum limit of collateral between the amount of loan and assets offered to secure it which should be observed by banks as prescribed by SAMA.
6. Comply with the instructions issued by SAMA regarding the assets that must be held by banks inside the Kingdom and their ratio to deposit liabilities.
7. Adhere to the instructions issued by SAMA regarding bank working hours and holidays.
8. Adhere to the provisions of the Banking Control Law and its Implementation Rules and instructions, which prohibit banks from assisting or covering up for others who conduct banking or commercial activities they are not authorized to conduct, and those who violate the provisions of the Banking Control Law and its Implementation Rules. Therefore, bank employees shall not request or receive benefits to grant or recommend granting facilities from the bank.
Implementation of Article (12) of the Banking Control Law
II. In implementation of Article (12) of the Banking Control Law, banks shall:
1. Ensure that no person can be appointed as a member of the board of directors of more than one bank. Any person who is nominated as a member of the Board of Directors of any bank shall disclose his membership in the Board of any other bank.
2. None of the following actions or practices shall be performed without prior written approval of SAMA:
(1) Election of any person as a member of the Board of Directors of any bank if he had occupied a similar position in a banking concern which was liquidated, or if he had been previously removed from a similar position in any banking establishment, even if the liquidation had been made before coming into force of the “Banking Control Law” whether the banking concern was located inside or outside the Kingdom. Any person who is nominated as a member of the Board of Directors shall disclose such information.
(2) Appointment of any person as a manager of a bank if he had occupied a similar position in any banking concern that was liquidated, or if had been previously removed from a similar position in any banking concern even if the liquidation or removal had occurred before coming into force of the “Banking Control Law” whether this banking concern was located inside or outside the Kingdom. Every person who is nominated, or applying for this position shall disclose such information.
3. Submission of all particulars and information requested by SAMA about persons occupying or nominated to occupy leading positions in the bank.
Implementation of Article (17) of the Banking Control Law
III. In implementation of Article (17) of the Banking Control Law, every bank shall observe the following:
1. Provide SAMA with the following data as it deems fit and according to the instructions prescribed:
(1) Data submitted on a monthly basis:
(1.1) The bank’s balance sheet.
(1.2) Banks with branches and banking units abroad shall also submit:
- A consolidated statement of conditions of the bank, including its branches and units inside and outside the Kingdom.
- A separate statement of conditions of each branch or unit abroad.
(1.3) Statement of foreign liabilities and assets.
(1.4) Statement of the bank’s purchases and sales of foreign exchange.
(1.5) Statement of imports financing statistics.
(2) Data submitted every three months:
(2.1) Profit and loss account statement.
(2.2) Banks having branches and banking units abroad shall also submit a profit and loss account statement for each branch or unit separately.
(2.3) Statement of deposits of government departments and agencies.
(2.4) Statement of the geographic breakdown of foreign assets.
(2.5) Quarterly balance sheet statements of the bank and its operating activities, that should be published in daily newspapers four times during the financial year, (as per the rules regulating share trading transactions, before their publication).
(3) Data submitted every six months:
(3.1) Statement of bank credit classification according to economic sectors.
(3.2) Statement of forward contracts.
(3.3) Statement of loans granted to non-residents and foreign investments.
(3.4) Statement of doubtful loans and advances.
(4) Data submitted every 12 months:
(4.1) The bank’s annual budget and final accounts.
(4.2) The budget detailed report prepared by the bank auditors.
(4.3) Annual report of the bank’s board of directors.
- Banks with branches and units abroad must also submit the annual budget statement and final accounts for each branch or unit abroad and the auditors’ detailed report.
(5) Any data related to the bank’s branches and units abroad in accordance with SAMA’s relevant instructions.
(6) A copy of the minutes of each meeting of the general assembly of shareholders or meeting of partners within one month from the date of the meeting.
(7) Any other data or information requested in the form and at the time determined by SAMA.
2. Instruct the bank’s external auditors to directly provide SAMA with the data, clarifications, and any information it requests about the bank’s activity within their scope of responsibilities.
Implementation of Article (18) of the Banking Control Law
IV. In implementation of Article (18) of the Banking Control Law, banks shall fully cooperate with SAMA’s inspection team when visiting the bank. To achieve this, the bank’s staff shall not exercise any of the following acts or practices:
1. Refuse to give the inspection team access to the bank’s records and accounts and other documents that the team deems important to perform the inspection duty.
2. Refuse to submit or deliberately hide the available information and clarifications requested by the inspection team.
3. Refuse to inform the inspection team of the bank’s violations immediately after starting the inspection or deliberately hide such information.
4. Violate the recommendations and instructions issued by the SAMA as a result of the inspection conducted by the inspection team.
Implementation of Article (22) of the Banking Control Law
V. In implementation of Article (22) of the Banking Control Law, if SAMA obtains knowledge that a bank has violated the provisions of the Banking Control Law and its Implementation Rules, or has pursued a policy that might seriously affect its solvency or liquidity, SAMA may take one or more of the following measures:
1. Imposing the penalties stipulated in Article (23) of the Banking Control Law.
2. Suspending or dismissing the bank employee who deliberately provided false data, information or facts.
3. Informing the bank about its violations and requiring it to take corrective measures within a period determined by SAMA.
4. This can be done either in writing or by calling the bank’s board chairperson, the managing director, or the general manager in charge.
5. In case of the bank’s non-compliance with SAMA’s instructions, SAMA may take some or all of the measures below.
6. Informing the chairperson of the bank’s board of directors, through a representative from SAMA or by any other means, of the importance of convening a board meeting within a period determined by SAMA to review the bank’s violations and take the necessary corrective measures.
7. The meeting shall be attended by one or more of SAMA representatives.
8. Requiring the bank to take any corrective measures deemed necessary by SAMA.
9. Assigning one or more advisors to assist the bank in managing its business.
10. Appointing an observer to the bank’s board of directors for a period determined by SAMA. The observer shall have the right to participate in the discussions held during the board’s meetings and write down their opinion on the decisions taken by the board during these meetings.
11. Taking any other measures SAMA deems necessary after obtaining the approval of the Minister of Finance and National Economy.
B) This Resolution shall be communicated to all competent authorities to be implemented and shall come into effect as of the date of its issuance.
The Minister of Finance and National Economy Mohammed Aba AlKhail Internal Documents
Supplementary Circular - Imported Goods into the KSA from Abroad Bearing the Star of David Emblem
Further to our circular No. 4733/BC/108 dated 4-5-1394H, regarding goods imported to the Kingdom and carrying the hexagonal star logo, which resembles the Israeli logo, and, therefore, attract attention and hurt Arab feelings; and
In view of the fact that a shipment of plastic Molds arrived to the Kingdom carrying this logo in violation of our circular referred-to above,
We, therefore, again emphasize compliance with our instructions in this regard, which requires you, when you open a letter of credit in favor of a foreign beneficiary, to stipulate that no goods carrying the hexagonal star logo or shown on their packaging, or boxes should be allowed for export to the Kingdom.
Please be informed, instruct all your branches to act accordingly and acknowledge receipt.
Temporary Residencies Issued by the Passport Departments in the Kingdom for Some Expatriates
This section is currently available only in Arabic, please click here to read the Arabic version.Supplementary Circular Residencies Issued by Passport Departments in the Kingdom for Some Expatriates
This section is currently available only in Arabic, please click here to read the Arabic version.Restriction on Dealing With Dexia Bank
We inform you that SAMA has received the Ministry of Finance Telegram No. 7337 dated 3/7/1431 H and its annexes referred to the telegram of His Royal Highness the Minister of Foreign Affairs No. 96/34/216649 dated 23/6/1431 H, regarding the decision of the Council of the League of Arab States at the level of Foreign Ministers adopted at its regular session (132) to adopt the recommendation of the 82nd Conference of the Officers of the Liaison Offices of the Regional Offices of the Boycott of Israel, which held its meeting in Damascus during the period from 12-14/5/2009 G prohibiting dealing with the Belgian-French Bank (Dexia Bank) and all its branches after proving Contribution to financing the construction of settlements in occupied East Jerusalem.
We hope to stop any dealings with the Belgian-French Bank (Dexia Bank) and its branches, and to inform SAMA of what is being done in this regard.
Prohibiting Transactions with Iranian Ports and Countries Subject to International Sanctions
This section is currently available only in Arabic, please click here to read the Arabic version.Preventing the Issuance or Disbursement of Documentary Credits or Bank Guarantees for Shipments Arriving at Iranian Ports
This circular is currently available only in Arabic, please click here to read the Arabic version.United States Government Decision on Sanctions on Sudan
This circular is currently available only in Arabic, please click here to read the Arabic version.The Electronic Report Approved by FIU
In reference to Cabinet Decision No. (42) dated 15/01/1440H, which includes the approval of the national strategic objectives for combating money laundering and terrorist financing, and the national action plan to achieve those objectives, including enhancing technological systems in the field of combating money laundering and terrorist financing. Based on Article (15) of the Anti-Money Laundering Law issued by Royal Decree No. (M/20) dated 05/02/1439H, Article (15/4) of its Implementing Regulation, Article (70) of the Law on Combating the Financing of Terrorism issued by Royal Decree No. (M/21) dated 12/02/1439H, and Article (23) of its Implementing Regulation.
I would like to inform you that the second phase of the electronic reporting project has begun, which will facilitate electronic linkage between the branches of foreign banks and the General Administration of Financial Intelligence. This service has been activated, and coordination is ongoing between the General Administration of Financial Intelligence and the branches of foreign banks in this regard.
To take note and act accordingly, and communicate with the General Administration of Financial Intelligence if you encounter any difficulties in the reporting process, as well as inform the Anti-Money Laundering and Terrorist Financing Administration at SAMA of any updates regarding this matter.
Transferring Cash in Saudi Riyals and other Foreign Currencies Across Borders to and from Yemen
Referring to the Law of Transporting Money, Precious Metals, and Valuable Documents issued by Royal Decree No. M/81 dated 18/10/1428 H, and the Implementing Regulations issued by Ministerial Decision No. 4814 dated 9/10/1433 H, and SAMA Circular No. 15475/MAT/306 dated 12/4/1428 H concerning the organization of cash transfer movements for local banks and licensed money exchangers , and Circular No. 371000035276 dated 24/3/1437 H regarding the mechanism for the entry and exit of Saudi and foreign currency via King Fahd Bridge, and the general rules and procedures guide for domestic and foreign cash shipments No. 1/1429 dated 23/7/1429 H, as well as what is stated in paragraph 2 of rule No. 51,1 of the Anti-Money Laundering and Counter-Terrorism Financing regulations regarding cross-border money transfers in Circular No. /BCI/9201 dated 4/4/1433 H.
We hope to adhere to the controls and procedures outlined in the aforementioned instructions and regulations. Regarding the transfer of cash between the Kingdom and the Republic of Yemen, transactions should only be conducted with the Central Bank of Yemen, as it is the sole official channel on the Yemeni side for transferring cash in Saudi Riyals and other foreign currencies across the border to and from Yemen.
Security for Remittance Centers
Due to the observed congestion at the branches of the banks' remittance centers under the current circumstances, we inform you that banks must activate the role of security guards and increase the number of security guards at all their remittance center branches, with an emphasis on implementing this urgently.
United States Government Decision on Sanctions on Sudan
The requirements in this Circular are no longer applicable as per SAMA circular No. (42061904), dated 29/08/1442H, Corresponding To 11/04/2021G.National Islamic Bank Licence
This section is currently available only in Arabic, please click here to read the Arabic version.Continued Efforts to Freeze the Funds and Financial Assets of the Individuals, Entities and Resolutions Listed in the Security Council Resolutions
This section is currently available only in Arabic, please click here to read the Arabic version.Suspending the Implementation of the Arab Boycott of Israel at the Second and Third Levels
According to a letter No. 3/S/1127 dated 23-1-1416H received from HE the Minister of Finance and National Economy, the boycott of Israel at the second and third levels has been lifted by the Decision of the GCC Higher Council in itsl4th session held in December 1993 and by the Decision of GCC Foreign Ministers in their 53rd meeting in November, 1994.
Consequently, Saudi Central Bank is notifying the banks of this decision to lift Israeli Boycott at the second and third levels which include all Non-Israeli companies, establishments and vessels that are listed on the Boycott list, so that you take this into consideration with regard to documentary credits and other documents.
Please comply and instruct your branches to act accordingly.
TRASH
Consumers Protection Principles for Banks
This circular is currently available only in Arabic, please click here to read the Arabic version.SAMAcares Announcement
Translation for reviewBased on the role of the Saudi Arabian Monetary Agency in promoting the concept of protecting customers of financial entities subject to its supervision, and in continuation of the institution’s efforts to improve the customer experience when dealing with these entities, and the importance of developing the efficiency and effectiveness of handling complaints, we are pleased to inform you of the launch of the "SAMACares" system, which will enable its users to analyze various types of complaints and follow their patterns according to each product and service.
Complaints are considered one of the most important indicators and sources for developing services and products. In order to emphasize customers’ right to submit complaints, we would like to emphasize the necessity of amending policies and procedures to fit the definition of a complaint as "every expression of dissatisfaction related to the service provided, whether justified or unjustified, in writing or verbally"*.
With reference to the controls for handling complaints and related circulars, and to ensure that the statutory periods in handling the complaint are not exceeded, financial entities shall adhere to the “SAMACares” system to implement service levels agreements, which excludes the period during which the complaint is referred to the customer, according to the following periods:
- Responding to complaints received directly from customers within a maximum period of five working days from the date of receipt.
- Responding to customer complaints in which the institution accepted the customer’s objection to the entity’s response within a maximum period of three working days from the date of requesting the statement.
- Responding to complaints that have been classified by SAMA as being of high importance within two working days from the date of requesting the statement.
Accordingly, SAMA expects you to provide support to the relevant departments with the appropriate powers and the human and material resources necessary to ensure compliance with what was indicated above, provided that the process of analyzing complaints is given priority and adequate attention by senior management, noting that SAMA will evaluate the work of the financial entities according to the following performance indicators:
- Percentage of complaints in which customers objected to the entity’s response.
- Percentage of complaints in which customers’ objection to the entity’s response was accepted.
- Average period of response to complaints according to the classification mentioned in the service level agreement.
- The rate of correspondence between SAMA and the financial entity from accepting the customer’s objection until closing the complaint.**
* According to Circular No. (371000101671) dated 17/09/1437 AH.
** For details, click on “measuring performance indicators of financial entities”.
Amendment and Revision Record
Amendment and Revision Type
Date Accounting Standards for Saudi Commercial Banks
The Accounting standards for Saudi commercial banks are no longer applicable as of January 1 st 2017 ,by the circular no (381000074519), dated 14/07/1438 H.INTRODUCTION TO THE MANUAL
This manual covers financial accounting standards for commercial banks which have been prepared by SAMA and comprises texts of the recommended standards which are to be applied by the banks in Saudi Arabia. The text of each standard contains definition of principal terms used, scope and provisions. These recommended standards are as follows:
- Standard of Investment and Trading in Securities
- Standard of Loans
- Standard of Deposits
- Standard of Accounting Changes and Correction of Errors
- Standard of Foreign Currency Translation
- Standard of Fixed Assets and Other Real Estate
- Standard of Consolidated Financial Statements and Investments in Subsidiaries
- Standard of Presentation and General Disclosure
SAMA will be issuing further standards in the future and also any amendments to these should the circumstances require it.
Note:
Standards issued by the Ministry of Trade Can be used for any other accounting issues not covered in the manual.
RECOMMENDED ACCOUNTING STANDARDS
INTRODUCTION
- STANDARD OF INVESTMENT AND TRADING IN SECURITIES
- STANDARD OF LOANS
- STANDARD OF DEPOSITS
- STANDARD OF ACCOUNTING CHANGES AND CORRECTION OF ERRORS
- STANDARD OF FOREIGN CURRENCY TRANSLATION
- STANDARD OF FIXED ASSETS AND OTHER REAL ESTATE
- STANDARD OF CONSOLIDATED FINANCIAL STATEMENTS AND INVESTMENT IN SUBSIDIARIES
- STANDARD OF PRESENTATION AND GENERAL DISCLOSURE
INTRODUCTION
This introduction delineates certain basic assumptions for the standards covered herein, and is considered to be an integral part of the text of these standards.
(Paragraph 1)
BASIC ASSUMPTIONS
1)These standards apply to commercial banks licensed to operate in the Kingdom of Saudi Arabia regardless of their legal form.
(Paragraph 2)
2) These standards apply to transactions permitted under the Banking Control Law issued by Roy al Decree No. 5/M. dated 22.02.1386H.
(Paragraph 3)
3)These standards do not apply to money-exchange firms.
(Paragraph 4)
4) These standards define acceptable accounting methods (policies) for the measurement of relevant transactions, events, financial conditions as well as general presentation and disclosure provisions which govern the financial statements that are prepared by commercial banks for general purposes that are common for all users of those statements. Accordingly, these standards do not deal with methods of measurement, provisions of presentation and disclosure in financial reports prepared by commercial banks for supervisory purposes or other special purposes if the latter conflict with the general purposes that are common to all users of the financial statements.
(Paragraph 5)
5) These standards apply to financial transactions, events and conditions that are of material value.
(Paragraph 6)
1)STANDARD OF INVESTMENT AND TRADING IN SECURITIES (Paragraph 101 - 142)
1.1DEFINITIONS
A) Trading Security Portfolio-Domestic
All kinds of securities issued by economic entities inside the Kingdom of Saudi Arabia that are acquired by the bank for trading in order to realize capital gains from the appreciation of their value.
(Paragraph 101)
B) Investment Security Portfolio-Domestic
All kinds of securities issued by economic entities inside the Kingdom of Saudi Arabia that are acquired by the bank for long term investment.
(Paragraph 102)
C) Trading Security Portfolio-Foreign
All kinds of securities issued by economic entities outside Saudi Arabia that are acquired by the bank for negotiation to realize capital gains from the appreciation of their value.
(Paragraph 103)
D) Investment Security Portfolio-Foreign
All kinds of securities issued by economic entities outside Saudi Arabia that are acquired by the bank for long term investment.
(Paragraph 104)
E) Date of Acquisition
The date on which the rights and risks associated with title of securities have been transferred to the bank regardless of the method by which the title was transferred i.e. by telephone, telex or on the basis of a contract, etc.
(Paragraph 105)
F) Cost of Acquisition
The cost born by the bank for the acquisition of securities including cost already paid or accrued to others such as brokers' fees, etc.
(Paragraph 106)
G) Current Market Value
The value which sets the base for the negotiation of a given kind of security at a specific date between an interested buyer and seller. Current market value may be published by international money markets or defined by virtue of official reports which govern locally issued securities.
(Paragraph 107)
H) Realized Trading Profit and Investment Gain Realized trading profit is the increase in the sale value of securities (acquired by the bank for trading) over their book value, provided that the conditions of sale are fulfilled. Realized investment gain is the increase in the sale value of securities (acquired by the bank for investment) over their book value, provided that conditions of sale are fulfilled.
(Paragraph 108)
I) Realized Trading and Investment Losses
Realized trading loss is the decrease in the sale value of securities (acquired by the bank for trading) over their book value, provided that conditions of sale are fulfilled. Realized investment loss is the decrease in the sale value of securities (acquired by the bank for investment) over their book value, provided that conditions of sale are fulfilled.
(Paragraph 109)
J) Unrealized Gains/Losses
The difference between the current book value and market value of securities that are still possessed by the bank.
(Paragraph 110)
K) Book Value of Securities
The accounting value of securities in compliance with the requirements of this standard.
(Paragraph 111)
L) Notional Value of Limited Life Securities
The value which the issuer of the money instrument undertakes to pay at maturity.
(Paragraph 112)
1.2 SCOPE
A) This standard defines acceptable accounting methods for the measurement of financial transactions, events and conditions related to the ‘acquisition by commercial banks of securities issued by competent economic entities inside or outside Saudi Arabia both for trading or investment purposes.
(Paragraph 113)
B) This standard also defines the requirements of presentation and general disclosure of trading and investment securities issued by competent economic entities inside and outside the Kingdom in the general purpose financial statements.
(Paragraph 114)
1.3 TEXT
A) Securities Portfolio
A.1 The objective of securities possession must be defined prior to taking decision with respect to their acquisition. This objective must be stated in writing and approved by authorized responsibles.
(Paragraph 115)
A.2 Trading securities portfolio must contain securities acquired by the bank for trading purposes only.
(Paragraph 116)
A.3 No transfer shall be allowed from trading securities portfolio to investment portfolio and vice versa unless such transfer is justifiable and approved by the authorized responsibles.
(Paragraph 117)
A.4 Items of the domestic trading securities portfolio must be valued at cost on the date of acquisition.
(Paragraph 118)
A.5 Items of the international trading securities portfolio must be valued at cost at the date of acquisition. Their value must be translated into the local currency at the spot exchange rate dominating at that date.
(Paragraph 119)
A.6 Domestic securities trading portfolio must be valued at the market value as the date of the financial statements. Such valuation must cover the individual securities rather than the portfolio as a whole.
(Paragraph 120)
A.7 International trading securities portfolio must be valued at the market value as at the date of the financial statements. Such valuation must cover the individual securities rather than the portfolio as a whole. The amount is then translated into local currency at spot rates dominating at the date of the financial statements.
(Paragraph 121)
A.8 The cost of the trading securities portfolio recorded for subsequent financial periods shall be at the market value computed as at the date of the financial statements
(Paragraph 122)
A.9 Differences resulting from the revaluation are to be recorded in the profit and loss accounts as an item of major operations.
(Paragraph 123)
A.10 Profit or loss realized from trading in securities and revaluation differences must be included in the computation of income from major operations.
(Paragraph 124)
A.11 Transfer from the trading portfolio to the investment portfolio and vice versa shall be recorded at the lower of cost or market value as at the date of transfer
(Paragraph 125)
A.12 The trading portfolio as a whole must be disclosed as a separate caption in the statement of financial position.
(Paragraph 126)
A.13 The nature of the domestic and international security trading portfolios must be disclosed in the notes to the financial statements. Such disclosure must cover the following:
- major categories of securities in the portfolio
- cost of acquisition of the portfolio as a whole or its valuation in previous period
- The profits or losses resulting from revaluation
(Paragraph 127)
A.14 Yield realized by the bank by virtue of maintaining trading security portfolio (other than trading profit or loss or revaluation) must be recognized as an item of income from non-major operations.
(Paragraph 128)
A.15 In the event of short sale of securities, the amount received by the bank must be recorded as a liability of the bank until the money instrument is delivered to the buyer.
(Paragraph 129)
B) Investment Securities Portfolio
B.1 The Investment Securities Portfolio must contain securities acquired by the bank for investment purposes.
(Paragraph 130)
B.2 No transfer shall be allowed from investment securities portfolio to trading portfolio and vice versa unless such transfer is justifiable and approved by the authorized responsibles.
(Paragraph 131)
B.3 Items of the domestic investment securities portfolio must be valued at cost as at the date of acquisition.
(Paragraph 132)
B.4 Items of the international investment securities portfolio must be valued at cost as at the date of acquisition. Their value must be translated into the local currency at the spot exchange rate dominating at that date.
(Paragraph 133)
B.5 The difference between the cost of acquisition of a given limited life money market instrument (security) and its nominal value must be recorded as premium or discount.
(Paragraph 134)
B.6 Premium or discount must be amortized over the financial period from the date of security acquisition to the date of maturity. The accounting method adopted by the bank in the computation of amortization must be disclosed and consistently applied.
(Paragraph 135)
B.7 Temporary changes in the current market value of both domestic and international investment securities portfolio must be ignored. Items of the portfolio must continue to be valued at cost of acquisition after amortization of discounts or premiums, if mainly possessed for investment. However, in the event of major decline of a permanent nature in the market value of any security items, it must be revalued, and cost of this item will be adjusted accordingly. Reduction in the value of a security item will be accounted for in the computation of income from non-major operations.
(Paragraph 136)
B.8 Yield on investment, including amortization of premium or discount, must be recorded as income from major operations.
(Paragraph 137)
B.9 Gains and losses realized from the investment portfolio must be accounted for in the computation of income from non-major operations.
(Paragraph 138)
B.10 Transfer from the investment portfolio to the trading portfolio or vice versa must be recorded at the lower of cost or market value as at the date of the transfer provided the transfer is justifiable.
(Paragraph 139)
B.11 The investment portfolio must be disclosed as a separate caption in the statement of financial position.
(Paragraph 140)
B.12 The nature of the domestic and international investment security portfolio must be disclosed in the notes to the financial statements Such disclosure must cover the following:
- major categories of securities in the portfolio
- cost of acquisition of each category and the portfolio as a whole
- current market value of the portfolio as a whole.
In relation with major categories of securities in the portfolio, banks may consider the following categories :
1- By nature of securities i.e equity, fixed rate, quasi securities etc.
2- Currency denomination (i.e local currency, foreign currency).
3- Residency of issuers (domestic, international).
(Paragraph 141)
B.13 Transfers from the investment portfolio to the trading portfolio and vice versa and its justifications must be disclosed.
(Paragraph 142)
2- STANDARD OF LOANS (Paragraph 201 - 239)
2.1 DEFINITIONS
A) Loan
Credit facilities extended to a borrower for commercial, industrial, real estate or other purposes, whether such facilities are provided on demand or for a limited period of time. Excluded from loans are the discount of commercial paper and lease financing contracts.
(Paragraph 201)
B) Amount of Loan
The amount of credit facilities which a borrower undertakes to repay to the bank on a specific date/s or on demand in the future.
(Paragraph 202)
C) Special Commission on Loans
Total yield on loans earned by the bank over the term of the loan in accordance with the provision of respective contract concluded between the bank and the borrower.
(Paragraph 203)
D) Special Commission Earned
Special commission income earned by the bank during the current financial period
(Paragraph 204)
E) Unearned Special Commission
Special commission which will be earned over the remaining term of the loan.
(Paragraph 205)
F) Special Commission Accrued
Special commission earned but not collected from the borrower as at the date of the financial position statement.
(Paragraph 206)
G) Loan Service Charges
Fees charged to the borrower against loan servicing by the bank in conformity with the contract or other arrangements between the borrower and the (lending) bank.
(Paragraph 207)
H) Charges for Fixing Special Commission Rate
Fees charged to the borrower against fixing by the bank of the special commission rate charged over the term of the loan.
(Paragraph 208)
I) Credit Extension Fees
Fees charged to the borrower against loan processing by the bank.
(Paragraph 209)
J) Charged Off Loan
The loan principal and special commission accrued which the bank's management does not expect to collect from the borrower.
(Paragraph 210)
K) Allowance for Loan Losses
Loan principal and/or special commission which the bank's management deems it doubtful of repayment on part of the borrowers.
(Paragraph 211)
L) Provision for Loan Losses
The amount of increase or decrease in the allowance for loan losses which the bank's management decides to charge to the current financial period in order to form a sufficient reserve for possible loan losses at a given rate.
(Paragraph 212)
M) Loan Restructuring
Adjustment of loan provisions with respect to term. special commission. or repayment conditions.
(Paragraph 213)
N) Short Term Loans
Loans which are due for repayment in the course of the fiscal year following the date of financial position statement.
(Paragraph 214)
O) Long Term Loans
Amount of loans which are due for repayment after one or more years of the date of the statement of financial position.
(Paragraph 215)
P) Installment Loans
Loans repaid at intervals as specified in the contract concluded between the bank and the borrower.
(Paragraph 216)
Q) Net Realizable Value of the Loan
The amount of loan discounted to date in accordance with special commission rate stipulated by the loan contract or, otherwise, in accordance with imputed rate of special commission.
(Paragraph 217)
R) Imputed Special Commission Rate
The special commission rate which is applied to discount the net realizable value that is paid to the borrower.
(Paragraph 218)
2.2 SCOPE OF THE STANDARD
A) This standard specifies acceptable accounting practices for the measurement of financial transactions, events and conditions associated with the extension by the bank of credit facilities to its customers, regardless of the purpose or conditions of these facilities, including check credit (overdraft) and credit card plan facilities.
(Paragraph 219)
B) This standard also defines the requirements of presentation and general disclosure of loans in the financial statements.
(Paragraph 220)
C) This standard does not cover the measurement of transactions, events and conditions associated with the discount of commercial paper or with lease financing contracts.
(Paragraph 221)
2.3 TEXT
A) Measurement of Financial Transactions. Events and Conditions:
A.1 The difference between the loan amount and its net realizable value at the date of extension to the borrower is recorded as unearned special commission at that date.
(Paragraph 222)
A.2 Special Commission cannot be recorded as an income in the bank's books unless it is earned. Special commission is earned over the term of loan. Such special commission must, therefore, be spread over the financial periods covered by the loan term according to the flat rate method. Special commission is considered to be as part of income from major operations.
(Paragraph 223)
A.3 The fixation of special commission rate fees charged to the borrower over the financial periods covered by the terms of loan must be recorded as part of the special commission earned by the bank over the term of loan.
(Paragraph 224)
A.4 Loan service charges and loan processing fees received by the bank from borrowers over the relevant financial periods shall be spread in a reasonable and consistent manner.
(Paragraph 225)
A.5 The bank's management must study and analyze outstanding loans and special commission at regular intervals in order to determine the borrowers' solvency.
(Paragraph 226)
A.6 Loan principal and past due special commission must be charged off and recorded directly in the current financial period's expenses when the bank's management realizes that the borrower is in default with respect to repayment of principal and accrued special commission. Allowance for possible loan losses must be recorded in income of the current financial period. Amounts charged to the period's expenses and amounts added to period's income as a result of loan charge offs must be recorded as part of income from major operations.
(Paragraph 227)
A.7 When there are indicators to the possibility of insolvency on part of the borrower with respect to the repayment of loan principal and/or special commission, the bank must estimate the amount which may not be probably repaid up to date taking into consideration the loan collateral, and charge this amount to the (current) financial period as a provision for loan losses and determine the accounting treatment of the special commission for coming period. This provision must be accounted for in the computation of income from major operations.
(Paragraph 228)
A.8 The bank's management must not consider the special commission earned on loans which will not be probably received as part of income.
(Paragraph 229)
A.9 Special commission on loans (and accrued special commission) that may not be repaid should be credited to special commission in suspense. This treatment should be made effective for the whole year in which the management decision is taken regardless of the date of such decision. This special commission in suspense is deducted from the total loan balances on the face of the balance sheet.
(Paragraph 230)
A.10 When a previously written off loan is collected the amount rebooked shall be recorded in the income for the period during which the amount was collected.
(Paragraph 231)
A.11 When the amount of loans for which a provision for loan loss was formed is rebooked, the collected amount must be recorded as repayment of loan principal and the balance, if any, must be recorded as accrued special commission.
(Paragraph 232)
A.12 In the event of the bank's restructuring of a given loan the difference between the net realizable value of the loan's principal and special commission accrued less any provisions before restructuring and the net realizable value of the loan principal and special commission accrued after restructuring must be calculated, and the amount is recorded either as a loss or special commission income to be spread over the financial periods covered by the remaining term of loan.
(Paragraph 233)
A.13 In the event that the bank acquires a real asset in repayment of loan's principal and/or special commission accrued, the value of said asset must be recorded at the lower of the net realizable value of the loan's principal and/or special commission accrued or the fair market value of the asset as at the date of acquisition.
(Paragraph 234)
B) Presentation and Disclosure
B.1 The total amount of loans must be presented as a separate caption in the statement of financial position less allowance for possible loan losses, special commission, commission in suspense and unearned charges which were previously added to the amount of loans.
(Paragraph 235)
B.2 Amounts of unearned fees collected from the borrower or added by the bank to the loan principal must be disclosed.
(Paragraph 236)
B.3 Allowance for loan losses must be disclosed as at the date of financial position statement. Changes in the allowance must be disclosed during the financial period, including loans written off and amounts received from previously written off loans or provided for.
(Paragraph 237)
B.4 The book value of assets acquired but not disposed of by the bank in payment for loans or associated special commission accrued must be disclosed as at the date of financial position statement.
(Paragraph 238)
B.5 The following must be disclosed in the financial statements:
1) Outstanding loan balances (real estate, agricultural, commercial, consumption….etc) as at the date of the statement of financial position classified as domestic and international loans on the one hand and loans to government agencies and to business enterprises on the other hand.
2) Delinquent loans classified as nonaccrual loans in compliance with policy of classification adopted by the reporting bank and the provision relating to these loans.
3) Total loan debit and credit balance to related parties with a clarification of the nature of such relationship.
4) Accounting policy adopted by the bank in the computation of earned special commission and other fees.
(Paragraph 239)
3- STANDARD OF DEPOSITS (Paragraph 301 -317)
3.1 DEFINITIONS
A) Deposits
Deposits are the bank's liabilities to customers against fund deposited with the bank on call, time or savings basis.
(Paragraph 301)
B) Call Deposits
Amounts deposited by customers in accounts which entitle them to draw funds at any time through the drawing of checks.
(Paragraph 302)
C) Time Deposits
Amounts deposited by clients in accounts which clients cannot draw from until after a certain date. This includes certificates of deposits and savings accounts (pass book).
(Paragraph 303)
D) Saving Accounts
Funds deposited in saving accounts which entitle customers to draw from them at any time.
(Paragraph 304)
E) Dormant Accounts
Call deposits and saving accounts which did not undergo any deposit or withdrawal transaction for a relatively long period of time.
(Paragraph 305)
3.2 SCOPE
A) This standard defines the methods of measurement of transactions, events and conditions associated with deposits of customers in commercial banks.
(Paragraph 306)
B) This standard also defines the requirements of presentation and disclosure with respect to deposit accounts.
(Paragraph 307)
3.3 TEXT
A) Deposits must be presented as a separate caption under liabilities in the reporting bank's statement of financial position. Deposits should be reported in their net realizable value as at the date of the statement of financial position. Net realizable value of deposits consist of funds deposited by customers plus special commission accrued on these deposits.
(Paragraph 308)
B) Special commission accrued on deposits must be charged to the expenses of the respective financial period Special commission accrued during the period is included in the computation of income from major operations.
(Paragraph 309)
C) Fees collected by the bank from depositors or charged to their accounts against services rendered by the bank must be considered as income of the periods during which those services were rendered.
(Paragraph 310)
D) Balances of both special commission and non-special commission generating deposits must be disclosed.
(Paragraph 311)
E) Deposit balances must be disclosed under the following three categories: Call deposit. Saving Accounts and Time Deposits.
(Paragraph 312)
F) Deposit balance from the public sector must be disclosed according to their respective categories.
(Paragraph 313)
G) Total balance of foreign deposits must be classified according to their respective categories as foreign currency if other than the Saudi Riyal.
(Paragraph 314)
H) Total special commission accrued on deposits for the respective financial period must be disclosed.
(Paragraph 315)
I) Deposit balances of other domestic and international banks must be disclosed according to their respective categories.
(Paragraph 316)
j) Total deposits with favorable conditions that are different than the general conditions applicable to the bank should be disclosed. Such disclosure should provide a general description of those conditions.
(Paragraph 317)
STANDARD OF ACCOUNTING CHANGES AND CORRECTION OF ERRORS (Paragraph 401 - 423)
4.1 DEFINITIONS
A) Accounting changes are divided into the following:
- Change in accounting policy
- Change in accounting estimates
- Change in the structure of the accounting entity
(Paragraph 401)
B) Change in accounting policy means changing the accounting method applied in the treatment of financial transactions, events and conditions and their presentation in the financial statements i.e. change from a commonly used practice to an alternative acceptable practice.
(Paragraph 402)
C) Change in accounting estimates deals with events or conditions which make it imperative for the accounting entity to adjust previous accounting estimates due to the fact that such events or conditions were unknown at the time said estimates were made.
(Paragraph 403)
D) Change in the structure of the accounting entity is concerned with the increase or decrease in the number of accounting entities as reflected in the bank's financial statements which are not resulting from the purchase or sale of such accounting entities.
(Paragraph 404)
E) "Errors" refer to those errors which took place as a result of an unacceptable accounting practice, computation error, or wrong application of an acceptable accounting practice.
(Paragraph 405)
4.2 SCOPE
A) This standard defines the method of handling changes in accounting methods and correction of errors.
(Paragraph 406)
B) This standard also defines the requirements of presentation and general disclosure of accounting changes and correction of errors.
(Paragraph 407)
4.3TEXT
A) Change in Accounting Policy
A.1 In the event of change in an accounting policy, the newly adopted accounting policy should be applied with retroactive effect to financial statements for all financial periods already covered, unless certain circumstances exist which render it impossible to determine the detailed financial data necessary for the reasonable adjustment of prior year financial statements.
(Paragraph 408)
A.2 When a given accounting policy is applied with retroactive effect, all prior period financial statement figures must be adjusted for comparative purposes and to reflect the effect of the new accounting policy on respective periods unless there are circumstances which render it impossible to determine the effect of the new accounting policy on certain prior periods in a reasonable manner. Where such circumstances exist, the beginning balance of retained earnings for the current period or any prior periods must be adjusted (reconciled) as appropriate in order to reflect the cumulative effect of change in accounting policies on prior financial periods.
(Paragraph 409)
A.3 For each change in accounting policy which takes place during the current accounting periods the following information must be disclosed:
- Description of change
- Justification of change
- Effect of change on the current period financial statements.
(Paragraph 410)
A.4 If change in an accounting policy is applied with retroactive effect and prior period financial statements are adjusted accordingly, such adjustment and the effect of change in accounting policy on those periods must be disclosed.
(Paragraph 411)
A.5 However, if change in accounting policy is applied with retroactive effect without adjustment of prior period financial statements, this fact must be disclosed. The cumulative effect of adjustment on the beginning balance of retained earnings in the adjusted financial statements must also be disclosed.
(Paragraph 412)
A.6 Disclosure requirements with respect to the details of the effect of change in accounting policy, including Riyal value of such effect, apply to each change in accounting policy separately.
No clearance shall be allowed between the effect of various changes. The net value of such changes will be sufficient for the evaluation of the materiality of the effect of changes in accounting policies in order to determine if they must be disclosed or not.
(Paragraph 413)
A.7 The effect of change in accounting policy must be disclosed even if the effect of such change is not material in the current financial period but change is expected to be material in future financial periods.
(Paragraph 414)
B) Changes in Accounting Estimates
B.1 The effect of change in any given accounting estimate must be reflect in:
The financial period during which the change takes place - if such change is restricted to the results of this period solely.
(Paragraph 415)
- The financial period during which the change takes place and future financial periods if such change affects the results of both the current and subsequent financial periods.
(Paragraph 416)
B.2 The nature of change and its effect on net income before extraordinary gains or losses must be disclosed in the notes attached to the financial statements. Also the effect of such change on net income for the current financial period, with respect to infrequent or extraordinary changes in accounting estimates or changes which affect current and future financial periods (e g. changes in the estimated useful life of fixed assets) must be disclosed.
(Paragraph 417)
B.3 It is not necessary to disclose changes in estimates which take place in each financial period when accounting for ordinary activities of the accounting entity, e.g. estimate of the "allowance for loan losses".
(Paragraph 418)
C) Change in the structure of the Accounting Entity
C.1 Accounting changes which lead to the preparation of financial statements which actually represent financial statements of a new accounting entity must be disclosed. This is done through restating the financial statements for all financial periods covered in order to present the financial information of the new accounting entity for all the presented periods.
(Paragraph 419)
C.2 The nature and reason for change in the structure of the accounting entity which takes place in the current period must be disclosed in the notes to the financial statements covering this period.
(Paragraph 420)
C.3 The effect of change on income before extraordinary gains and losses and on net income for all periods whose results are presented must be disclosed in the notes to the financial statements. However, such disclosure is not necessary in the financial statement of subsequent periods.
(Paragraph 421)
D) Correction of Errors in Prior Period Financial Statements
D.1 Correction which takes place in the current financial period of an error which occurred in a prior period financial statement must be accounted for with retroactive effect. Affected comparative financial statements of prior periods must, therefore, be adjusted accordingly.
(Paragraph 422)
D.2 In the event of a correction of error in a given prior period financial statement, disclosure must be made in the notes to the financial statements with respect to:
- Description of the error
- Effect of error correction on the current and prior period financial statements
- Adjustment of prior period financial statements affected by that error.
(Paragraph 423)
STANDARD OF FOREIGN CURRENCY TRANSLATION (Paragraph 501 - 528)
DEFINITIONS
Local Currency
Currency which forms the major means for the exchange of goods and services in the country of domicile of the reporting accounting entity.
(Paragraph 501)
Financial Statement Currency
The currency used as a base for the preparation of financial statements which is mostly the local currency in the country of domicile of the reporting entity. In the case of Saudi Arabia the Saudi Riyal is the currency used in the preparation of financial statements.
(Paragraph 502)
Foreign Currency
Currencies, other than the local currency, that are used by the reporting entity in certain transactions.
(Paragraph 503)
spot Purchase or Sale of Currency
A contract between the bank and another party (correspondents) for the sale/purchase of foreign exchange at current market prices ruling at the date of dealing whether the transaction was concluded in local currency or any other foreign currency.
(Paragraph 504)
Forward (Futures) Purchase/Sale of Currency
A contract between the bank and another party (correspondent) for the sale/purchase of certain currency at a specific exchange rate in the future.
(Paragraph 505)
Translation of Financial Statements
A procedure by which financial statements prepared in a foreign currency for a given foreign office or subsidiary are translated into the local currency (e.g. SR) in order to prepare the consolidated financial statements of reporting bank.
(Paragraph 506)
Cumulative Effect of the Translation of Financial Statements
Cumulative differences resulting from the translation of financial statements of foreign offices or subsidiaries of the reporting bank which
are prepared in a currency other than the Saudi Riyal.
(Paragraph 507)
H)Revaluation of foreign currency transaction balances into the currency of financial statements Transaction balances stated in foreign currencies are those which require for their clearance the payment or receipt of a currency other than that in which the financial statements of the reporting bank is stated.
(Paragraph 508)
I)Foreign Exchange Gains (Losses)
Transaction balances stated in foreign currencies at the date of transaction are revalued in the currency used in the financial statements at spot exchange rates Riling at that date. Exchange gains (losses) resulting from the revaluation of transaction balances stated in foreign currencies are generated when such transaction results in monetary assets or liabilities which were not cleared in foreign currency until a date subsequent to that of the date of transaction. These gains (losses) are generated from change in the foreign currency spot rate between the date of transaction recording and the date of clearance of monetary assets or liabilities therefrom.
(Paragraph 509)
J)Forward Exchange Rate
The rate of exchange of two currencies provided that one of them is delivered at a specific subsequent date.
(Paragraph 510)
K)Spot Exchange Rate
The rate of exchange of two currencies whereby one of them is delivered immediately in exchange for the other.
(Paragraph 511)
5.2SCOPE
This standard defines the following:
Accounting for transaction balances recorded in foreign currencies.
(Paragraph 512)
Accounting for forward contracts for the purchase/ sale of foreign currency.
(Paragraph 513)
Method of accounting for the translation of foreign office and subsidiary financial statements which are prepared in foreign currency.
(Paragraph 514)
Presentation and disclosure requirements related to the above matters.
(Paragraph 515)
TEXT
Transaction Balance in Foreign Currency
A.1Transaction balances stated in foreign currencies at the date of transaction must be recorded in the currency of the financial statements at the ruling spot exchange rates.
(Paragraph 516)
A.2If foreign currency transaction balances result in monetary assets or liabilities stated in foreign currencies and were still uncleared at the date of the statement of financial position, these assets or liabilities must be restated in the currency of the financial statements at the ruling spot rate of exchange. Gains (losses) resulting from the difference in the spot rate of exchange at the date of transaction and the date of the statement of financial position, will be recorded as income from major operations.
(Paragraph 517)
A.3Gains or losses resulting from variation in the exchange rates of foreign currencies associated with clearance of monetary assets or liabilities stated in foreign currency at spot rates which are different from rates at which they were recorded in the books of account must be recorded as income from major operations for the financial period during which the clearance takes place.
(Paragraph 518)
B)Future Contracts
B.lDiscount (premium) associated with futures contracts for financial periods covered by the term of contract must be reasonably amortized. The amount amortized must be recorded as income from major operations.
(Paragraph 519)
B.2Gain or loss from futures contracts must be computed by multiplying the amount of foreign currency involved in the contract by the amount of the difference between the spot rate of exchange Riling at the date of the financial position statement and the dominating spot exchange rate ruling at the date of contracting (or the spot rate of exchange used in the computation of gain or loss realized from the contract during the prior financial period) Such gain or loss must be recorded as income from major operations.
(Paragraph 520)
Translation of Financial Statements Prepared in Foreign Currency
C.1 The spot rate of exchange ruling at the date of financial statements must be applied in the revaluation in the local currency (SR) of foreign branch and subsidiary owned assets and liabilities stated in foreign currencies.
(Paragraph 521)
C.2 The weighted average of foreign currency spot exchange rate over the respective financial period must be applied in the revaluation (in Saudi Riyal) of revenues, expenses, gains and losses of the bank's foreign offices and subsidiaries which prepare their financial statement in foreign currencies.
(Paragraph 522)
C.3 Exchange difference resulting from the translation of financial statements prepared in foreign currencies must not be recorded in income. The accumulated balance of such exchange difference must be presented as a separate caption with the equity capital group.
(Paragraph 523)
C.4 If the bank sells or liquidates its investment in a given foreign branch or subsidiary, the amount of such investment must be written down from cumulative exchange difference and recorded in the gain or loss from the sale or liquidation of investment during the period in which the sale or liquidation has taken place.
(Paragraph 524)
Presentation and Disclosure
D.1 Total gains or losses from foreign currency exchange difference recorded in income during the financial period must be disclosed in the profit and loss statement.
(Paragraph 525)
D.2 Foreign currency futures contracts outstanding as at the date of the statement of financial position must be disclosed as follows:
Type of currency
Spot rate Riling at the date of the statement of financial position
The quoted forward price
The date of maturity
(Paragraph 526)
D.3 The method applied by the bank in amortizing the discount (premium) of currency futures contracts must be disclosed.
(Paragraph 527)
D.4Changes during the financial period with respect to accumulated adjustments resulting from the translation of financial statements must be disclosed.
(Paragraph 528)
6- STANDARD OF FIXED ASSETS AND OTHER REAL ESTATE (Paragraph 601 - 617)
6.1 DEFINITIONS
A) Bank Premises
This item covers the bank's buildings and land occupied by the Bank's operations or used to accommodate or recreate the bank's personnel.
(Paragraph 601)
B)Furniture. Fixtures and Equipment
This covers all other fixed assets used by the bank in running its operations other than premises and land.
(Paragraph 602)
C) Fixed Assets
Tins covers all the bank's premises, furniture, fixtures and equipment as defined in the above two paragraphs.
(Paragraph 603)
D) Other Real Estate
This item covers real estate (buildings and land) acquired by the bank in payment for debts due to the bank or any other real estate not being used that are not for any of the business purposes stated in Article 12. clause 5 of the Banking Control Law . Other real estate is not considered as part of fixed assets.
(Paragraph 604)
E) Depreciation
The cost of fixed asset acquisition spread over the financial periods which represent the estimated useful life of the asset.
(Paragraph 605)
F) Book Value
The difference between the acquisition cost of the fixed asset and cumulative depreciation at a certain period of time.
(Paragraph 606)
6.2 SCOPE
A) This standard defines accounting methods applied in the measurement of transactions, events and conditions associated with the acquisition by the bank of fixed assets and other real estate.
(Paragraph 607)
B)This standard also defines the presentation and disclosure requirements with respect to fixed assets and other real estate.
(Paragraph 608)
6.3 TEXT
A) Measurement of Transactions, Events and Conditions
A.1 Fixed assets acquired by the bank for the purpose of running its own business (premises, furniture, fixtures and equipment) must be recognized at cost as at the date of acquisition.
(Paragraph 609)
A.2 The cost of acquisition must include direct capital expenses needed to furnish the fixed asset to be used in running the bank's business.
(Paragraph 610)
A.3 The cost of acquisition by the bank of premises, furniture, furnishings and equipment to be used by the bank for running its business must be reasonably spread over the financial periods which represent the estimated useful life of the asset. These assets may be depreciated in accordance with any generally acceptable method of depreciation, provided that the same method is applied consistently over the whole financial periods unless change of the selected method is strongly justified.
(Paragraph 611)
A.4 When the bank disposes of a fixed asset that has been acquired by the bank for the purpose of running its own business, the financial period during which the asset was disposed of will be charged with the difference between the books value and the salvage value of the said asset. This difference is recorded as gain or loss from non-major operations.
(Paragraph 612)
A.5 Other real estate acquired by the bank in payment of due loans or any other real estate not in use must be recorded at the lower of the fair market value of due loans (including special commission accrued). Upon sale of this real estate the difference between its book value and sale price is recorded as gain or loss from major operations for the financial period during which the sale was concluded.
(Paragraph 613)
A.6 The bank's management must conduct periodic revaluation of other real estate in order to subordinate if their recorded book value is not possible to realize in full, in which case the difference between the book value and net realizable value must be recorded as loss from major operations. Increase in the value of other real estate cannot be recognized until such increase is realized through sale.
(Paragraph 614)
B) Presentation and Disclosure
B.1 Fixed assets acquired by the bank for the purpose of running its own business must be presented as a separate caption in the statement of financial position. Fixed assets of this sort must be calculated at cost of acquisition less accumulated depreciation.
(Paragraph 615)
B.2 Other real estate must be presented as a separate caption in the statement of financial position.
(Paragraph 616)
B.3 The following must also be disclosed:
1) Amount of depreciation for the respective financial period:
2) Gains or losses realized from the disposal of fixed assets owned by the bank for the purpose of running its own business;
3) Items or parts of fixed assets of material value and significant changes which take place during the financial period.
4) Changes in accumulated depreciation during the financial period;
5) Material changes in other real estate during the financial periods;
6) Losses incurred by the bank as a result of assignment of past due loan in lieu of acquiring other real estate during the financial period; and
7) Gains or losses from the sale of other real estate or revaluation gain or losses during the financial period.
(Paragraph 617)
7- STANDARD OF CONSOLIDATED FINANCIAL STATEMENTS AND INVESTMENTS IN SUBSIDIARIES (Paragraph 701 - 730)
7.1 DEFINITIONS
A) A parent company is an enterprise that has one or more subsidiaries.
(Paragraph 701)
B) A subsidiary is an enterprise that is controlled by another enterprise known as the parent.
(Paragraph 702)
C) A group is a parent and all its subsidiaries.
(Paragraph 703)
D) Affiliated company is an enterprise that is 50% or less owned by another enterprise and accordingly is not controlled by that enterprise.
(Paragraph 704)
E) Control is the power of the parent to govern the financial and operating policies of an enterprise that it invests in. Control is presumed to exist when the parent owns more than a half of the voting power of an enterprise or empowered to elect the majority of the board of directors.
(Paragraph 705)
F) Significant influence is participation in the financial and operating policy decisions of the invested but not control of those policies. An investor may exercise significant influence in several ways, usually by representation on the board of directors or by participating in policy making processes, material intercompany transactions, interacted of managerial personnel, or dependency on technical information. If the investor holds less than 20% of the voting power of the invested, it should be presumed that the investor docs not have the power to exercise significant influence.
(Paragraph 706)
G) Consolidated financial statements are statements which present the assets, liabilities, shareholders accounts, revenue and expenses of a parent company and its subsidiaries as those of a single enterprise.
(Paragraph 707)
H) Minority interest is that part of the net results of operations, or of net assets, of a subsidiary attributable to shares owned other than by the parent or another subsidiary.
(Paragraph 708)
I) Equity method is a method of accounting for investments in subsidiaries or affiliated companies wherein such investment account of the investor is stated at cost and adjusted for the changes in the investor's share of net assets of the invest that occur after the date of acquisition.
(Paragraph 709)
J) Consolidating the financial statements is the process of combining the accounts of the parent company and its subsidiaries on a line by line basis by adding together like items of assets, liabilities, revenue and expenses and eliminating intercompany balances and transactions.
(Paragraph 710)
K) Proportionate consolidation is a method of financial statement reporting whereby the investor's pro-rata share of the assets, liabilities, income and expenses of a joint venture is combined with similar items on a line by line basis and eliminating intercompany balances and transactions.
(Paragraph 711)
7.2SCOPE
A) Introduction
Bank sometimes invests in established companies or newly formed ones The objectives of these investments are long term investment and usually the bank is represented on the board of directors of the investee company The bank's shareholders, users of the bank's financial statements and other parties are concerned with the fortunes of the entire group and not limited to the bank's affairs as a single legal entity. Accordingly, they need to be informed about the financial position and results of operations for the group as whole. This need is served by consolidated financial statements, which present financial information concerning the group as that of a single enterprise without regard for the legal boundaries of the separate legal entities.
(Paragraph 712)
A.1 This standard deals with the following:
- Accounting for investments in affiliated, joint venture and subsidiary companies in the banks own separate financial statements which are legally required to be issued.
- The preparation of consolidated financial statements of the bank, its joint venture company and subsidiaries.
(Paragraph 713)
A.2 Following are the different possibilities for investments:
1) The bank owns less than 20% of the equity of the investee -- it is presumed that the bank does not exercise significant influence accordingly.
- The invested is considered an affiliate
- The value of the investment is reflected in the bank's own financial statements at cost.
- The cost of the investment is adjusted to reflect any reduction in the equity of the affiliate that are other than temporary.
- The accounts of the affiliates are not consolidated with the banks own financial statements.
(Paragraph 714)
2) The bank owns 20% to 50% of the equity of the investee -- it is presumed that the bank exercises significant influence on the invested and accordingly account for such an investment in affiliate follows the equity method unless there are indications that the bank does not exercise significant influence. The accounts of the such affiliates are not consolidated with the banks own financial statements.
(Paragraph 715)
3) The bank owns 5 1% or more of the equity of the investee -- it is presumed that the bank controls the investee and accordingly the investee is considered the banks subsidiary. The investment in the subsidiary is reflected in the bank's own separate financial statements should be accounted for by the equity method Also the financial statements of the subsidiary should be consolidated with those of the bank to reflect the total of the assets and liabilities controlled by the bank directly or indirectly or by the bank's voting right.
(Paragraph 716)
4) The bank owns a certain percentage in a joint venture with one or more partner -- the ownership of a percentage of the equity in a joint venture by the bank gives the bank joint ownership of the net asset and control of the joint venture. Accordingly, the investment in such joint ventures is to be accounted following the equity method The financial statements of the joint venture is consolidated with the bank's own financial statements on the basis of proportionate consolidation.
(Paragraph 717)
B) The Standard
This standard deals with:
B.1 The preparation and presentation of consolidated financial statements for a group of enterprises under the control of a parent These statements are prepared to meet the need for information concerning the financial position and results of operations of the parent company , its subsidiaries and joint ventures as those of a single enterprise.
(Paragraph 718)
B.2 Accounting for investment in subsidiaries in the bank company own separate financial statements.
(Paragraph 719)
B.3 Accounting for the investment in affiliates in the bank's own separate financial statements.
(Paragraph 720)
7.3 TEXT
A) A bank investing in a subsidiary must issue, in addition to its own separate financial statements, a set of consolidated financial statements for the bank and its subsidiary.
(Paragraph 721)
B) When issuing consolidated financial statements all local and foreign subsidiaries must be consolidated expect in the following circumstances:
B.1 Control is intended to be temporary because the subsidiary is acquired and held exclusively with a view to its subsequent disposal in the near future for a specific benefit.
B.2 The subsidiary operates under severe restrictions which significantly impair its ability to transfer funds or movement of its capital.
B.3 When the subsidiary's business activities are dissimilar from those of banking and finance companies.
In the above cases, the investment in the subsidiary is accounted for following the equity method and reflected at that value in the consolidated statements of the bank.
(Paragraph 722)
C) Method of consolidation.
C.1 Intergroup balances and intergroup transactions. including interest and dividends are eliminated in full.
(Paragraph 723)
C.2 Minority interest in the net asset of consolidated subsidiaries are calculated and presented in the consolidated balance sheet separately from liabilities and the bank's shareholders equity. Also, the minority interest in the net income of these subsidiaries should be presented as a separate line item on the consolidated statement of profit and loss.
(Paragraph 724)
D) When the bank issue its own separate financial statements (unconsolidated) which is required for legal purposes, the investments in subsidiaries should be accounted for as follows:
D.1 At cost adjusted to equal the bank's share in the subsidiary's equity.
D.2 The value is increased by the bank's share in the realized profits of the subsidiary after the date of acquisition.
D.3 The value is reduced by the bank's share in the realized losses of the subsidiary after the date of acquisition.
D.4 The value is reduced by the amount of dividends received by the bank from the subsidiary.
(Paragraph 725)
E) Investment in an affiliate representing less than 20% of the affiliates equity is accounted for at cost. The cost is adjusted for any reduction in the equity of the affiliate that is other than temporary.
(Paragraph 726)
F) Investment in an affiliate representing 20% to 50% of the affiliates equity is accounted for by the use of the equity method.
(Paragraph 727)
G) Disclosure in the consolidated financial statements is to be made regarding consolidated subsidiaries, including the name, country of incorporation and residence, proportion of ownership, legal states and nature of its business operations.
(Paragraph 728)
H) Disclosure should be made of subsidiaries not consolidated (as in <G> above) together with:
H.1 The reasons for not consolidating
H.2 The nature of the bank relation with these subsidiaries
(Paragraph 729)
I) Disclosure should be made in the bank's own separate financial statement (unconsolidated) of the accounting method being followed for accounting for subsidiaries, affiliates and joint venture.
(Paragraph 730)
٨STANDARD OF PRESENTATION AND GENERAL DISCLOSURE (Paragraph 801 -862)
8.1 INTRODUCTION
A) This standard is applicable to published financial statements of commercial banks operating in Saudi Arabia.
(Paragraph 801)
B) Financial statement objectives, accounting concepts and standards of presentation and general disclosure for business enterprises that was issued by the Minister of Commerce resolution No. 692 dated 28-12-1406 are applicable to commercial banks unless this standard clearly states otherwise
(Paragraph 802)
C) This standard is divided into two main parts as follows:
1st Part: General Presentation in the financial statements of commercial banks
2nd Part: General disclosure in the financial statements of commercial banks.
(Paragraph 803)
D) This standard covers the following three terms which refer to varying levels of classification with regard to presentation in the financial statements:
a) ITEM -- This represents the lowest possible level of detail for the preparation of assets, liabilities, income, expenses, gains and losses. Each such item is assigned a separate line in the appropriate financial statement.
b) CAPTION -- This covers a number of items that are presented together. A caption represents an intermediate level of grouping for purposes of presenting various assets, liabilities, income, expenses, gains and losses. Each caption will be assigned a separate line in the appropriate financial statement.
c) GROUP - It covers a number of captions that are presented together. A group represents the highest possible level of grouping for the purpose of presenting various assets, liabilities, income, expense, gains and losses. Each group will be assigned a separate line in the appropriate financial statement.
(Paragraph 804)
8.2 SCOPE
A) This standard defines the requirements of general presentation and disclosure in commercial bank general purpose financial statements.
(Paragraph 805)
B) This standard deals with certain considerations related to the level of materiality which defines items, captions and groups as well as respective notes that must be separately presented in the financial statements and those which must be combined with other items, captions, or groups. These considerations do not apply to the other issues that are handled by the standard of general presentation and disclosure for commercial banks.
(Paragraph 806)
C) It should be noted that the previous commercial bank standards are also provided for presentation and disclosure requirements which deal with the respective subjects of those standards.
(Paragraph 807)
8.3 TEXT
A) General Presentation
This section defines the general requirements for the presentation of information in the financial statements generally and severally.
A.1 General Requirements:
1.1 The Integrated Group of Financial Statements:
- An integrated Group of Financial statements consists of the following:
-Statement of financial position
-Statement of Income
-Statement of Changes in Stockholder's Equity
These statements and related notes represent the minimum requirements for the preparation and presentation of commercial bank financial statements.
(Paragraph 808)
1.2Arrangements of financial statements presentation: Financial statements must be presented in the following order:
- Statement of Financial Position
- Statement of Income
- Statement of Changes in Stockholders' Equity
Notes to financial statements must be presented immediately after the last statement and are considered to form an integral part of the financial statements.
(Paragraph 809)
1.3 Materiality Considerations:
An item, caption or group is considered to be of material value if its omission, non- presentation, failure to provide notes or wrong phrasing of those notes leads to misinterpretation of information presented in the financial statements or to deficiency of such financial information which will impact the feasibility of these statements to users. To determine the level of materiality of given item, caption or group for purposes of a presentation in the financial statements or attached notes, the nature and relative value of such item, caption or group must be taken into consideration. These two factors are usually evaluated altogether. However, either of these two factors may be the decisive factor in certain circumstances.
(Paragraph 810)
a) Nature of item, caption or Group:
In studying the nature of financial data to determine if it needs to be presented as an item, caption or group in the financial statements or attached notes, the following should be taken into consideration:
1) The basis for accounting measurement or recognition of the item, caption or group.
2) The degree of reliability in accounting measurement.
3) The item, caption or group's relationship/non-relationship with the bank's major operations.
4) Significance of the item, caption or group with respect to the decisions made by the users on the basis of information contained in the financial statements.
(Paragraph 811)
b) Relative Value:
To study the relative value of a given item, caption or group, it must be compared on a sound basis by employing the following principles:
1) Each item caption or group in the statement of income must be compared with net income for the current year or with the average net income for the past five years (including the current year), whichever is more appropriate for the measurement of net income, with due consideration to the trend of net results during the said period.
(Paragraph 812)
2) Each item, caption or group in the statement of financial position must be compared with' the total assets of the bank.
(Paragraph 813)
3)Contingent assets and liabilities are not to be considered part of the bank's total assets or liabilities.
(Paragraph 814)
1.4 General principles for the presentation of information in the financial statements:
a) The financial statements must be in a form which would allow a clear presentation of the bank's assets, liabilities, owners' equity and results of operations. Terminology must be used in a manner which would facilitate comprehension on part of the general user of information contained in the financial statements.
(Paragraph 815)
b) Items, captions and groups of no significance must be grouped together and classified according to type or relationship to the bank's major operations.
(Paragraph 816)
c) Amounts presented in the financial statements and attached notes should be rounded to the nearest thousand Saudi Riyal.
(Paragraph 817)
d) Financial statements of, at least, the prior financial period must be presented for comparison with those of the current period. Any change in form or contents of the financial statements and the corresponding notes must be disclosed.
(Paragraph 818)
e) Each statement must contain:
- Full name of the bank
- Legal status of the bank
- Date/s of the statement of financial position and period/s covered by other financial statements.
(Paragraph 819)
f) Notes must have distinctive titles and numbers. Note numbers must also be cross referenced with related captions in the respective financial statement. Each financial statement must be footnoted with the following statement: "The attached notes form an integral part of the financial statements".
(Paragraph 820)
g) Financial statements and attached notes must be properly numbered
(Paragraph 821)
h) Subtotals must be presented in a separate column in each statement.
(Paragraph 822)
A.2 General Presentation Requirements of Individual Financial Statements:
2.1 General
a) Commercial bank statements of financial position must contain all assets, liabilities and stockholders equity. These items must be prepared in a vertical and comparative manner. Assets must be balanced with liabilities plus stockholders' equity.
(Paragraph 823)
b) Each item, caption or group presented in the statement of financial position must provide for easy comparison with that of prior period. Comparative figures must be adjacent to current year's figures to facilitate comparison on part of the general user. Reference must also be made to any change in accounting policy between the current period and prior period.
(Paragraph 824)
c) Each item, caption or group in the statement of financial position must be described in an accurate and clear manner.
(Paragraph 825)
d) Items, captions or groups contained in the statement of financial position must be presented in the following order:
- Assets
- Liabilities
- Stockholders' equity
(Paragraph 826)
e) Assets and liabilities cannot be classified as current and noncurrent in the statement of financial position of a commercial bank. No offsetting shall also be allowed between assets and liabilities unless otherwise required by law, if any.
(Paragraph 827)
f) Debit and credit (contingent) memorandum accounts shall not be presented in the body of the statement of financial position.
(Paragraph 828)
2.2 Assets
a) Total bank assets must be presented in the body of the statement of financial position.
(Paragraph 829)
b) As a minimum, the following groups of assets must be individually presented in the body of the statement of financial position in the following order:
- Cash and balances with SAMA and other banks
- Securities portfolio
- Net loans
- Investment securities portfolio
- Net fixed assets (bank premises, furniture and fixtures)
- Other real estate
- Other assets
(Paragraph 830)
c) Deposits with SAMA must be disclosed as follows:
- Legal deposits
- Call deposits
- Other deposits
(Paragraph 831)
Deposits with other banks must bedisclosed as follows:
- Call deposits with other domestic banks
- Call deposits with foreign offices of other domestic banks
- Call deposits with foreign banks
- Time deposits with other domestic banks
- Time deposits with foreign offices of domestic banks
- Time deposits with foreign banks
(Paragraph 832)
e) Loans and special commission due must be disclosed in compliance with the requirements of the standard of loans.
(Paragraph 833)
f) Trading portfolio and investment securities portfolio must be disclosed in accordance with the requirements of the standard for trading and investment securities portfolio.
(Paragraph 834)
g) Fixed assets (bank premises, equipment and fixtures) and other real estate must be disclosed in compliance with the requirements of the standard of fixed assets and other real estate.
(Paragraph 835)
h) Other asset items or captions of material value must be disclosed.
(Paragraph 836)
2.3 Liabilities
a) As a minimum the following groups of liability items must be separately presented in the body of the statement of financial position in the following order:
- Deposits
- Other borrowed funds
- Other liabilities
(Paragraph 837)
b) Deposit (liabilities) must be disclosed in compliance with the standard of deposits.
(Paragraph 838)
c) Other borrowed funds must be disclosed as follows:
- Nature of the lending area
- Amount borrowed
- General conditions of credit
(Paragraph 839)
d) Liabilities secured by bank asset collateral must be disclosed.
(Paragraph 840)
e) Other liability items or captions of material value must be disclosed.
(Paragraph 841)
2.4 Stockholders' Equity
a) As a minimum, component items of stockholders' equity must be presented in the body of the statement of financial position in the following order:
- Paid up capital: This includes the owners' investment against their equity or the face value of shares issued by the bank and actually paid by owners or shareholders. Declared capital must also be disclosed.
- Statutory reserve in compliance with the provisions of the Companies Law or the Banking Control Law.
- Other reserves: This includes reserves other than statutory reserve, that are deducted from retained earnings and allocated to a specific purpose.
- Retained earnings.
- Accumulated exchange differences (if any) resulting from the translation of foreign currencies.
(Paragraph 842)
b) Total stockholders' equity must be presented in the body of the statement of financial position.
(Paragraph 843)
2.5 Memorandum Accounts
a) Memorandum (contingent) accounts are to be presented after total assets and total liability and stockholder's equity vertically in group totals. The amounts are to be show n in the middle of the statement of financial position in a singular column.
(Paragraph 844)
A.3 Presentation of Information in the Statement of Income
3.1 The bank's results of operations must be presented in a multi-staged statement which differentiates between net income from major operations and other income, gains and losses.
(Paragraph 845)
3.2 Comparative figures for a minimum of one prior financial period must be presented and effect of changes in accounting policy must be disclosed in compliance with relevant standard.
(Paragraph 846)
3.3 The following groups of items must be presented in the statement of income of the bank, if available, and in the following order:
a) Net income from major operations
b) Other gain (loss) / revenue (expense)
c) Net income before extraordinary items
d) Extraordinary items
e) Net income
(Paragraph 847)
3.4 Components of net income from major operations must be disclosed as follows:
- Special commission income on loans and other credit facilities
- Gain (loss) from exchange
- Gain (loss) on trading portfolio
- Return on investment portfolio
- Gain (loss) on other real estate
- Fees and income from services
- Special commission expense
- Allowance for loan loss (including loans written off or written back)
- General and administrative expenses
(Paragraph 848)
3.5 Items or captions of material value from other gain (loss) revenue (expense) must be disclosed. The following items form part of this group.
- Gain (loss) on investment portfolio
- Gain (loss) on sale of fixed assets
- Return on trading portfolio
(Paragraph 849)
3.6 Components of extraordinary items of material value must be disclosed.
(Paragraph 850)
3.7 Zakat and tax must be disclosed separately as detailed in paragraphs 859 to 862).
(Paragraph 851)
A.4 Presentation of Information in the Statement of Changes in Stockholders' Equity
4.1 A statement of changes in stockholders' equity must be prepared for each financial period which call for the preparation of a statement of income. It must also reflect changes in stockholders' equity during the same financial period.
(Paragraph 852)
4.2 Statement of changes in stockholders' equity must be prepared in a vertical, classified and comparative format It must also cover a minimum of two financial periods including the current financial period.
(Paragraph 853)
4.3 Statement of changes in stockholders' equity must consist of the following
components:
- Beginning balance of paid up capital
- Beginning balance of reserves
- Beginning balance of retained earnings
- Changes in paid up capital during the period
- Adjustments of reserves during the period
- Net income during the period
- Dividends
- Other changes in retained earnings during the period.
- Closing balance of paid up capital
- Closing balance of reserves
- Closing balance of retained earnings
(Paragraph 854)
4.4 Any change in the components of shareholders' equity must be explained in a manner which will facilitate its comprehension by users.
(Paragraph 855)
4.5 Change in accumulated differences (if any) resulting from the translation of financial statements must be presented as an item in the statement of changes in stockholders' equity .
(Paragraph 856)
B) GENERAL DISCLOSURE
B.1 Commercial banks must comply with the following requirements of disclosure:
1.1 General Information on the Bank
Notes to the financial statements must contain general information on the bank covering:
- Legal form, articles and memorandum of association and licence.
- Saudi and non-Saudi percentage of ownership in joint venture banks.
- Geographical distribution of bank's activities.
- Brief description of major services supplied by the bank.
(Paragraph 857)
1.2 Extraordinary Supervisory Control Imposed on the Bank
Disclosure must be made in the financial statements of extraordinary supervisory controls imposed on the bank by regulatory authorities which limited the authority of the bank's management of its funds pending the approval of those regulatory authorities. Such disclosure must cover the following:
a) Date, validity and nature of controls
b) Type of decisions affected by those controls.
(Paragraph 858)
C) Zakat and Income Tax Disclosure
Disclosure in a separate note should be made of the following:
C.1 Zakat due for the current period and the accounting treatment of its recording and reduction from dividends payable.
(Paragraph 859)
C.2 If the bank realizes a loss for the period, the zakat due for the current period together with its related accounting treatment.
(Paragraph 860)
C.3 The zakat paid on previous years in which the bank realized losses and which was not recovered from the Saudi shareholders, its future liquidation and in which asset caption it is included in the financial position statement.
(Paragraph 861)
C 4 Amounts of income tax payable (in mixed banks) on the results of operations of the current period and the related accounting treatment for its deduction from the dividends payable to the foreign shareholder.
(Paragraph 862)
SECTION 1 REQUIREMENTS AND RESPONSIBILITIES
Synopsis
This section describes the general requirements of the Security and Safety Guidelines and the responsibilities of the banks and SAMA.
SAUDI ARABIAN MONETARY AGENCY
HEAD OFFICE
The Governor (Date)
From: Saudi Arabian Monetary Agency - HO Riyadh
To: All Saudi Banks
Attn: Managing Directors / General Managers
Subject: SAMA Minimum Security and Safety Guidelines in Saudi Banks
- Introduction:
Since the last guidelines were introduced in June 1995 (1/1416) a number of major changes have affected the security and safety responsibilities of the Saudi banks to its staff, assets and customers.
A major consideration is the recent increase of criminal activity against Saudi banks in the form of robbery, theft and fraud. Whilst the initial guidelines provided suitable standards and requirements at the time, it was therefore, assessed that these required a detailed review process followed by a revision of the minimum security and safety standards.
The recent criminal activities and the advances in security and safety equipments, systems and procedures has provided an opportunity to implement more effective measures that incorporate international, regional and local standards that would only benefit the Saudi banks.
- Security and Safety Standards and Requirements:
SAMA has issued the Security and Safety Guidelines that are designed to provide the minimum standards in the following areas:
Implementation of 3 Corporate Security and Safety Plan
a. Standards for the implementation of Electronic Security and Safety Systems
b. Standards for the implementation of Physical Security and Safety Systems
c. Standards for the Cash in Transit procedures and transportation service providers
d. Standards and Procedures for the Security Guards operating in the main buildings and branches
These documents have been prepared using international consultants and reviewed by SAMA and associated government agencies prior to their dissemination to the Saudi Banks.
- Security and Safety Unit:
Saudi banks are required to appoint a senior and capable individual as a Security and Safety Manager who will be responsible for the design planning and implementation of the minimum standards contained within the SAMA Security and Safety Guidelines. The Security and Safety Manager is to be provided the necessary personnel and resources to fulfil these obligations and thereby safeguard the staff، assets, customers and business operations of the bank.
- Implementation Plan:
A detailed Implementation Plan is attached at Appendix 1 to this Circular. The banks are required, within 30 days of the implementation date, to provide a certificate to the agency from an external security consultant that these requirements and standards have been implemented.
- Effective Date:
With this Circular is attached the final version of the SAMA Security and Safety Guidelines which supersede the previous guidelines and all memorandums and circulars issued prior to this date. The effective date for the implementation of these requirements is (Date).
To ensure regulatory compliance of the implementation of the new requirements, SAMA and the Joint Security Committee will carry out site visits to the banks using appointed representatives. The failure by a bank to meet the requirements and standards could lead to penalties prescribed under the Banking Control Law.
(Name)
Governor
SUMMARY OF RESPONSIBILITIES
SAMA:
To ensure the effective implementation of the Security and Safety Guidelines the following responsibilities are to be undertaken by SAMA:
- The Guidelines are to be implemented in full by all banks before the 01٦ July 2009.
- The Guidelines are to supersede the previous version and any associated amendments، circulars and memos.
- All matters regarding the Security and Safety of the banks will be coordinated through SAMA. All correspondences، responses and requirements from external organisations, agencies and ministerial departments will be reviewed، assessed and forwarded as formal amendments to all banks.
- Amendments and updates to the Guidelines will be provided by SAMA electronically and/or hardcopy as applicable.
- Regular audits of the Guidelines will be carried out by SAMA or its nominated external consultants to ensure compliance and implementation by the banks.
- Annual audits of the Guidelines will be conducted to ensure the accuracy and validity of its content. The audits will be conducted internally or by its nominated external consultants.
BANKS:
To ensure the effective implementation of the Security and Safety Guidelines the following responsibilities are to be undertaken by the Banks:
- The Guidelines are to be implemented in full by all banks before the 01st July 2009.
- The Guidelines have been prepared to provide the minimum security and safety standards for all banks. It is expected, where applicable, that all banks will exceed these requirements and adopt internal standards and specifications dependant upon their structure and organisational needs.
- The sections within the Guidelines have been designed to work In unison with each other and a clear understanding of its entire content is required.
- The appointment of identified and capable personnel is to be undertaken to ensure the implementation of the Guidelines and its compliance.
- All sections within the Guidelines are to be adhered to in full and will include the implementation of any subsequent amendments sent by SAMA.
2- أهمية وظيفة ( إدارة ) الالتزام
تعتبر وظيفة الالتزام في البنوك أحد أسس وعوامل نجاحها، كونها تلعب دورا أساسيا في المحافظة على سمعتها ومصداقيتها وعلى مصالح المساهمين والمودعين، وتوفير الحماية من العقوبات، وذلك من خلال قيامها ومساهمتها بما يلي:
1-2 درء مخاطر عدم الالتزام، وبوجه خاص المخاطر النظامية ومخاطر السمعة ومخاطر العقوبات المالية.
2-2 توطيد العلاقة مع الجهات الرقابية.
3-2 إرساء مبادئ نهج الإدارة السليمة في المؤسسات المصرفية.
4-2 إيجاد الآليات والأطر التي تكفل مواجهة الجرائم وبوجه خاص مسئوليتها عن مكافحة عمليات غسل الأموال وتمويل الإرهاب.
5-2 المحافظة على القيم والممارسات المهنية في العمل المصرفي.
SECTION 2 CORPORATE SECURITY AND SAFETY PLAN
Synopsis
This section describes the minimum requirements for the establishment and implementation of the Corporate Security and Safety Plan.
1.0 INTRODUCTION
The purpose of the Corporate Security and Safety Plan (CSSP) is to provide a single document that incorporates all the procedures and processes to ensure the security and safety of the banks staff, assets and customers.
The CSSP is to include the overall security and safety policy of the bank and identify locations requiring dedicated plans and procedures for specific facilities.
The CSSP is to include the minimum requirements contained within this section and be prepared, introduced and implemented by the appointed Security and Safety Manager and/or a nominated external consultant.
2.0 RESPONSIBILITIES
The CSSP is to include a Corporate Policy Statement that confirms the commitment by the banks senior management and their enforcement of its content.
To ensure the successful enforcement of the CSSP the bank is to appoint a Security and Safety Manager and who is provided the necessary assistance and support to carry out his duties and responsibilities.
Whilst the CSSP is to be enforced, controlled and managed by the Security and Safety Manager, its preparation and implementation can be undertaken and/or assisted by a nominated external consultant.
The CSSP is to include the minimum requirements contained within these guidelines and be available for audit and assessment by SAMA and/or its nominated representatives.
3.0 CORPORATE SECURITY AND SAFETY PLAN REQUIREMENTS
The Corporate Security and Safety Plan (550) is to include all aspects that would affect the security and safety of the banks' staff, assets and customers.
The CSSP is to incorporate the policies, procedures and processes for both general and detailed requirements.
Whilst common elements will affect the bank as a whole, the more detailed requirements will need to be prepared for specific facilities. These facilities Include:
- Regional Buildings
- Branches
- Cash Holding Facilities
- Data Centres
- Disaster Recovery (DR) Sites
- Warehouses
To ensure a complete and consistent approach is incorporated within the preparation of the CSSP the following sections and elements are to be mandatory.
3.1 INTRODUCTION
This section of the CSSP will include the following elements:
- Purpose and Regulatory Basis - identifies the standards, regulatory requirements and authority of the CSSP.
- CSSP Security and Control -- identifies the security of the CSSP and its dissemination within the bank.
- Reviews and Audit Requirements - identifies the frequency of reviews, audits and those responsibly for conducting them.
- Reference Documentation - includes the associated material in the construction of the CSSP and related plans, policies and procedures.
- Business Description and Assets - provides a summary of the banks facilities that are included within the CSSP.
3.2 INTERNAL SECURITY AND SAFETY ORGANISATION
This section of the CSSP will include the following elements:
- Corporate Policy statement - signed policy statement from senior management that provides commitment to the CSSP.
- Security and Safety Organisational Chart - identifies the management and reporting chain of all relevant personnel.
- Security and Safety Personnel Responsibilities and Job Descriptions - provides the requirements of each position and their Key Performance Indicators.
- External Agencies and Organisations - identifies the coordination between the banks' security personnel and external groups i.e. Contract Guards, Police, Civil Defence, SAMA etc.
- Security Coordination Committee - identifies personnel responsible for review of the CSSP and any amendments and/or updates.
- Conduct and Ethical Practices - provides the standards expected of the security and safety personnel.
- Vendor Management and Tendering Process - identifies the procedures for tendering and contracting security and safety related equipment, services and systems.
3.3 SECURITY AND SAFETY TRAINING AND DRILLS
This section of the CSSP will include the following elements:
- Security and Safety Awareness Programmes - provides the training and education requirements delivered to new and existing staff.
- General Security and Safety Training - identifies internal and external training in security, fire prevention and incident control for the banks' dedicated security and safety personnel.
- Specialist Security and Safety Training - outlines specific training to select personnel that would include Retail Robbery, Anti Money Laundering (AML), Fire Marshalls / Floor Wardens and Emergency Evacuation procedures.
- Security and Safety Drills - include practical tests of the physical and electrical security and safety systems, measures and procedures.
3.4 RECORDS AND DOCUMENTATION
This section of the CSSP will include the following elements:
- Purpose and Requirements - outlines the files and records required to support the 550, provide a centralised reference system and assist in the audit process.
Security and Safety Files:
a. Internal and External CSSP Updates and Amendments b. CSSP Distribution List c. Security Equipment List and Floor Plans d. Safety Equipment List and Floor Plans e. Access Control Card Request and Issue Record f. Master Key and Password Register g. Training Courses and Programmes h. Security and Safety Drills i. Fire Marshalls / Floor Wardens j. Reviews, Inspections, Assessments and Audits k. Incidents, Threats and Breaches of Security l. Service and Maintenance m. Contracts, Schedules and Reports n. Visitor and Control Room Logs n. Approved Vendor List - Maintenance of Records - identifies the location and security of the records and files that are to be retained for a minimum of five (5) years from the date of preparation.
3.5 SECURITY SYSTEMS AND PROCEDURES
This section of the CSSP will include the following elements:
- Security Guards - include roles. responsibilities and post instructions for the access control of the banks facilities.
- Entry Point Screening Procedures - identifies the procedures for permitting access to a facility for staff, visitors, customers and vehicles.
- ID Cards / Access Control Cards - includes the request, issue, replacement and cancellation procedures for the cards.
- Locks and Keys - identifies the distribution, storage, management and recording of all keys, lock changes and master keys.
- Restricted Areas - identifies and lists the locations considered sensitive, high risk and vulnerable whose loss would severely impact on the business operation and the security and safety of the bank.
Security and Safety Equipment Systems ٠ includes the operational capability, locations, specifications, standards, testing and maintenance for installed equipment and systems in the following locations:
a. Main Buildings b. Branches c. Restricted Areas d. Cash Holding Facilities (Vaults and Safes) e. ATMs f. Data Centres and Back Up Sites g. Disaster Recover (DR) Sites h. Warehouses - Asset Protection - identifies the cash and types of valuables held by the bank and the levels of security needed for their protection.
- Cash In Transit (CIT) - provides the internal procedures and processes in the receipt, accounting and delivery of cash and the coordination with external service providers in its transportation.
- Communications Systems - identifies the relevant systems used by the security personnel and the effective management of their use.
- Disposal of Sensitive Material - identifies the procedures for the disposal of sensitive electronic data stored on equipment and confidential documentation.
- Clear Desk Policy - identifies the procedures for the accessibility of confidential documents in individual workspaces.
3.6 SECURITY AND SAFETY THREATS AND RESPONSES
This section of the 55 will include the following elements:
- Identification of Threats and Risks - provides a summary of the main threats and risks concerning the banks staff, assets and customers.
Security and Safety Response Procedures - provide a detailed list of the main events and the response procedures in mitigating their effects. The following are to be included within the CSSP:
a. Bomb Threats (vehicle and Package) b. Armed Robbery c. Burglary d. Shooting e. Fire Travel Security - identifies the risks and mitigation procedures when travelling as individuals and in groups. Considerations are to include the following:
a. Air b. Vehicle (Company and Private) c. Hotels Search Plans - provide detailed procedures for searching and checking during routine operations and elevated threat levels. The following are to be included within the CSSP:
a. Buildings b. Cars c. Armoured CIT Vehicles and Trucks d. Stores Delivery Vehicles e. Personnel
3.7 SAFETY SYSTEMS AND PROCEDURES
This section of the CSSP will include the following elements:
Fire Systems and Equipment - provide a detailed list of the equipment, function, location, specification and operating capability of the installed systems in each facility. The following are to be included within the CSSP;
a. Fire Detection Equipment b. Fire Alarm and Control System
Fire Suppression Equipment and Systems (Sprinklers, Extinguishers and Hose Reels)
- Emergency Response Procedures - provide detailed instructions for personnel in the event of discovering a fire or smoke condition.
- Emergency Evacuation Procedures - provide detailed instructions and plans on the emergency evacuation procedures of a facility.
- First Aid - identifies the personnel trained to deal with First Aid and the equipment they have available to use.
SECTION 3 ELECTRONIC SECURITY AND SAFETY SYSTEMS
Synopsis
This section describes the minimum requirements and standards for Electronic Security and Safety Systems installed throughout the banks facilities.
1.0 INTRODUCTION
The purpose of installing electronic security and safety systems is to enhance the physical measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
Due to the variety and availability of internationally recognised standards it is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.
The every increasing availability of systems, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependant upon the security and business requirements of the bank.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all electronic security and safety system installations.
2.0 CCTV SURVEILLANCE AND RECORDING SYSTEM
The use of a CCTV Surveilliance and Recording system is an essential element in an effective security and safety scree. The systems main functions within the bank environment are as follows
- visual deterrence
- Pro active and preventative
- surveillance on suspicious activity
- Identification of individuals
- Visual evidence in criminal investigations
- Visual confirmation in the event of an incident
- Post event analysis
The installation and connection of a CCTV surveillance network should consider the integration with related systems such as the Access Control, Intruder، Building Management and Fire Alarm systems.
2.1 General Requirements and Standards
To ensure appropriate equipments, systems، services and their security are incorporated throughout the banks facility, the following are considered a minimum requirement for all locations:
All Installed equipment is to include a one (1) year warranty period as standard.
On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. ٨ minimum schedule should include two (2) visits per year.
CCTV Cameras:
- CCTV camera types employed throughout the banks facilities are dependant upon their purpose and can be a mixture of both fixed and dome type.
Dependant upon the purpose and requirement of the camera the picture/image type can be:
a. Black and White b. Colour c. Combination (Day/Night) - To ensure the security of the connections and cabling of the cameras all exposed cabling is to be encased in steel tubes no less than 1.5mm thick.
Pinhole Camera - Minimum Requirements:
a. Resolution: 500 TVL b. Lens: 1/3 inch c. Fixed Iris Lens: 3.8mm d. Back Light Compensation (BLC) e. Illumination: 0.1 Lux Fixed Camera - Minimum Specification:
f. Resolution: 500 TVL g. Lens: 1/3 inch h. Video Motion Detection (٧٧0) - through DVR i. Auto Iris Lens j. Back Light Compensation (BLC) k. Illumination: 0.1 Lux PTZ Camera - Minimum Specifications:
a. Resolution: 500 TVL b. Lens: 1/4 inch c. Optical (22ل) and Digital (710) Zoom d. Auto and Manual Focus e. Pan Range: 340 deg f. Tilt Range: 90 deg g. Pan-Tilt Speed: 300 deg / sec h. Back Light Compensation (BLC) i. Illumination: 0.1 Lux External Cameras - Minimum Requirements:
a. Positioned to cover all access and entry points for a facility. b. Provide effective picture quality at both day and night. This can be achieved by correct positioning, shielding from the sun, in-built LED lightingand/or external illumination. c. Fully enclosed in 2 weatherproof and vandal resistant housings. d. Positioned at a minimum height of 2.5m. Internal Cameras - Minimum Requirements:
a. Provide effective picture quality at both day and night. This can be achieved by correct positioning, built in LED lighting and/or external illumination. b. Positioned at a minimum height of 2.5m and not vulnerable to approach without surveillance.
CCTV Digital Recording System:
The central element of the CCTV surveillance system is the recording medium. To ensure effective management, recording and storage of surveillance material it is to be undertaken in a digital format.
The type of system installed is dependant upon the requirements and capability of the bank. Ultimately, this can be either 3 hardwire system or an IT based solution.
- The recording equipment is to be secured (as well as its power supply) separately in an enclosed and lockable cabinet / container that is securely fixed.
- To ensure the integrity and continuous operation of the recording and surveillance equipment in the event of a power failure a separate battery back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 30 minutes.
The location of the recording equipment is essential in maintaining its integrity and in the prevention of tampering. The following options are available for its placement:
a. Security Control Room b. Communication Room c. Data Room d. Cash / Operations Officer (if located within the secure Teller Area) Monitors:
To ensure effective monitoring and viewing of the CCTV surveillance system a 17" screen is to be considered as a minimum for all identified locations.
2.2 Detailed Requirements - Main Buildings
The classification for main buildings includes all facilities not separately covered within these guidelines. They include the following types:
- Head Office Buildings
- Regional Buildings
- Data / Computer Centres
- Disaster Recovery Sites
- Warehouses
To ensure an effective recording period is adopted for all main buildings a minimum storage period of 1 month is to be retained at 6 fps. if recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.
In addition to the general requirements listed above the following standards are to be considered as minimum requirements for CCTV surveillance and recording systems in all main buildings:
CCTV Cameras - Surveillance Area:
- External coverage of all entry and exit points
- Internal coverage of customer reception areas and staff entrances
- Internal coverage of entry and exit points
- Floor access points that include stairwells and elevator lobbies
Restricted Areas that require internal surveillance include:
a. Data and Computer Rooms (including individual aisles) b. Security Control Rooms
CCTV Digital Recording System:
The operation and storage of the system is to be located in the Security Control Room. For smaller buildings It can be located in a secure area and monitored from the reception and/orthe security guard position.
2.3 Detailed Requirements - Branches and Cash Holding Facilities
The primary risks and threats facing the banks are against its branch network and cash holding facilities. The geographic diversity and storage of cash / valuables makes them an attractive target for criminal activities.
In combination with other related systems the CCTV surveillance capability plays an essential role in deterring, recording and monitoring the potential risks.
The requirements covered within these guidelines include male, female and combined branches. Where combined branches are concerned they are to have separate recording and monitoring systems and controlled independently of each other.
To ensure an effective recording period is adopted for all branches and cash holding areas a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required. If specific recorded data is requested by SAMA a copy is to be retained by the bank for a period of 1 year.
In addition to the general requirements listed above the following standards are to be considered as minimum requirements for all branches and cash holding facilities:
Cash In Transit (CIT) Route - the bank is responsible for the continuous and uninterrupted CCTV recording of cash and valuables once it has arrived at the property until the time it has left the property. This is to include the following:
a. External arrival / departure point b. The transit route through the branch or cash holding facility c. Transfer point to bank staff d. Cash Handling Area e. Transfer to Storage Area f. Storage Area (Vault / Safe / Safety Deposit Boxes) g. ATM service room and access door - CIT Call Point - at the recognised access point for CIT operations a Call Point 15 to be fitted (bell / Video Speaker Phone) to alert the Cash Officer and/or Security Guard.
Branch - in addition to the above requirements the following areas are also to be covered by CCTV cameras:
a. Tellers -camera is to be located behind the teller positions and cover a maximum of two (2) teller locations. The camera is to include facial features of the customers and the area around the teller. The coverage of VIP tellers is also to be covered. b. Entry and Exit Points - all doors that exit the building are to be monitored internally. These include main, service entrances and emergency exits. Internal stairwells and access points to upper floors are also to be covered. c. Customer Lines - a camera is to monitor the customer lines. - Monitors - the surveillance and monitoring of the installed cameras is to be undertaken by the Cash Officer and nominated representatives. Security guards are only to be provided surveillance of the external areas, public areas and the entry points to the building.
Monitors are to be positioned so that the images are not clearly visible to the customers.
No more than sixteen (16) images are to be displayed on the monitor at any one time.
2.4 Detailed Requirements - ATMs
In addition to, and for the same reasons, the risk and threats facing the branches and cash holding areas, the ATMs are also a potential target for criminal activities.
To ensure an effective recording period is adopted for all ATMs a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can ٥٥ transferred to separate hard disk drives and/or writeable discs as required.
Whilst the ATMs located in the branches are supported by their security system, all ATMs are to incorporate the following minimum requirements:
CCTV Cameras - Surveillance Area:
- External Camera - to monitor the activity in front of the ATM and include the immediate area around the customer /vehicle.
- Internal Camera - to clearly monitor the facial features of the customer.
CCTV Digital Recording Equipment:
- Branch ATMs - are to be connected to the branch recording system,
- Off Site ATMs - are to have a separate recording unit or server based system.
Sufficient ventilation and cooling is to be available to the installed equipment to ensure effective and continuous operation.
2.5 Additional Considerations
In addition to the minimum requirements listed above for the CCTV surveillance and recording system the bank could implement a Central Monitoring System (CMS) which is considered preferable by SAMA.
The adoption of a CMS will provide a remote monitoring and (possible) recording capability that will enhance the banks ability to respond to incidents and effectively mitigate the potential losses and damage as a result of a serious event that would affect its staff, assets, business and customers.
SAMA is currently reviewing this option for kingdom wide implementation with the following considerations:
- Bank Controlled CMS
- Police Controlled CMS
- Privately Controlled CMS
3.0 ACCESS CONTROL SYSTEM
An Access Control System is designed to provide a centralised control, management and recording of personnel throughout the banks facilities.
To ensure effective security of the banks facilities; its critical assets, and the prevention of unauthorised access a dedicated system is to be employed.
Electronic Access Control Systems include the following types:
- Proximity Cards
- Biometric
- Digital Keypads
Access Control utilising mechanical locks and keys are Included within Section 4 'Physical Security and Safety Systems,.
To ensure the integrity and continuous operation of the Readers in the event of a power failure a separate battery back up supply is to be incorporated within the reader / controller. The internal battery is to have a minimum back up capability of 30 minutes.
Access control systems that utilise controllers are to have a maximum of eight (8) doors controlled from a single unit.
The central database for maintaining the record of authorised personnel and the access log is to have a separate automatic / simultaneous back up capability.
To ensure effective security, control and recording of specific locations and Restricted Areas, all banks are to implement one (1) of the above systems, mechanical alternatives or a combination of them and retain a log of events for a period of 6 months.
ID Cards:
All staff, contractors and visitors are to be issued and clearly display an ID Card that identifies them whilst in the banks facility.
The cards may be incorporated within the Access Control system technology described above or be independently produced.
All banks are to ensure an effective system is adopted for the process of requesting, issuing and managing of the ID Cards.
4.0 INTRUDER ALARM SYSTEMS
An Intruder Alarm System incorporates a number of different sensors to detect and alarm in the event of unauthorised access or presence.
All alarms are to be controlled through a panel and have both local and remote capability. Remote capability may include one (1)or a combination of the following options:
- External and separate Building / Branch / Security Control Room
- Regional Building
- Centralised Monitoring Station (CMS)
The remote location must have a 24 hour monitoring capability to ensure an effective response.
The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from any one of the identified systems.
The Intruder Alarm panel can either be a separate system or be combined with the Fire Alarm System.
The panel is to be located in a secure location and situated with in a Restricted Area. Remote keypads for arming / disarming are to be located close to the exit of the area to be alarmed and not in a public area of the building or branch.
To ensure the integrity and continuous operation of the Intruder Alarm panel and its sensors / detectors in the event of a power failure a separate battery back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 48 hours.
The following sensors / alarms are to be fitted in the locations identified:
Hold Up / Panic Buttons:
These are designed to be activated if the operator / user is being attacked or threatened. The buttons are to be fitted in the following locations:
- Teller Positions
- Cash Officer
- Cash Handling Area
- Branch / Operations Manager
- Vault / Safety Deposit Room
- Security Guard (Branch)
- Reception Desk (Main Buildings)
- ATMs
- The buttons can be of double operation and suitably protected and positioned against false activation.
Passive Infra Red (PIR) Sensors:
PIR sensors are designed to detect movement in a given area under their surveillance. Sensors are to be a minimum of dual technology and include enhanced features to minimise false alarms. The sensors are to be fitted in the following locations:
- Access points to the Teller Area
- Access route and door to the Vault / Safe / Safety Deposit Room
- Emergency Exit doors (Ground Floor)
- Data / Computer Room
- Disaster Recover (DR) Sites
- ATM Cabinet
- ATM Service Room
- The PIR sensor is to have a visual LED self test capability to demonstrate when movement Is detected. This is to be active when in the armed or disarmed mode.
Seismic / Vibration Sensors:
Seismic sensors are used to detect vibrations from all types of attacks through solid structures. The primary purpose of the sensors is to protect and prevent access to the vault, cash holding areas and ATMs.
All sensors are to be flush mounted within the floor (where applicable), wall and ceilings and be suitably protected using a protective cover to prevent damage and 25 a trip hazard.
Locations to be fitted with seismic sensors are as follows:
- Vaults - to cover all 4 walls, ceilings and floor (where there is a basement)
- ATMs - to be fitted inside the body / cabinet of the unit
Additional sensors are to be fitted to walls and ceilings adjoining other commercial or private properties.
Magnetic Door Contacts:
Restricted Areas identified above that do not have Electronic Access Control Systems are to incorporate Magnetic Door Contacts and linked to the Intruder Alarm Panel. Additional locations include all ground floor Emergency Exit doors.
Magnetic Door Contacts are to be fitted to the internal side of the door and located at the top open corner. Dependant upon the construction material and design of the door alternative contacts / switches may be used.
All doors with Magnetic Contacts are to have effective heavy duty door closures fitted.
Glass Break Detectors:
Glass Break Detectors are to incorporate dual technology that is capable of analyzing both flex (impact) and audio (shattering) frequencies.
Prior to the fitting of the sensors the glazed areas are to be checked for their type (sheet / tempered / laminated) to ensure their effectiveness.
If the glazed panels have film fitted, are of tempered or laminate type there is no requirement for the detectors.
Where sheet glass is used it is to be supported by the detectors.
5.0 FIRE DETECTION, ALARM AND SUPPRESSION SYSTEMS
The installation of a dedicated, integrated and effective fire detection, alarm and suppression system is critical for the safety of the banks staff, assets, business and customers.
The installation of smoke detectors is to be included in all rooms, stairwells, corridors, lift shafts, and public areas of a banks facility.
Fixed temperature thermal detectors are to be fitted to all kitchen and tea room facilities. Special attention is to be given to the fitting of thermal detectors within ATMs.
To ensure effective identification and response to a potential alarm activation a maximum of 20 detectors are to be registered in each zone if the system is not of the addressable type.
Manual Call Points are to be installed next to emergency exits, escape routes and located close to the fire extinguisher and hose reel points. The distance between Manual Call Points should not exceed 30m.
On the activation of an alarm an audible ringing is to be heard throughout the entire facility. An audible bell and visual strobe is to be visible from outside the facility.
The internal bells are to be rated at 108 dB and external bells at 120 dB.
The strobe is to remain active until the system has been reset.
Both the strobe and bells must be tamper resistant.
All cabling is to be fire rated and not run alongside power cables.
All banks are to ensure the fire alarm panel has both local and remote capability. Remote capability may include one (1) or a combination of the following options:
- External and separate Building / Branch / Security Control Room
- Regional Building
- Centralised Monitoring Station (CMS)
The remote location must have a 24 hour monitoring capability to ensure an effective response.
To ensure the integrity and continuous operation of the Fire Panel, detectors and suppression systems in the event of a power failure a separate battery back up supply is to be incorporated. The internal battery is to have a minimum back up capability (under normal load) of 48 hours and then maintain the activation of the alarm for a further 5 minutes.
The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from the panel.
The Fire Alarm panel can be implemented as a separate system or combined along with the Intruder Alarm System. It is to be located in a secure room and remote annunciator panels near personnel operating on a 24 hour shift.
All installed equipment is to include a one (1) year warranty period as standard.
On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. A minimum schedule should include two (2) visits per year.
To ensure the effectiveness and capability of the system, regular internal tests are to be conducted. These tests are to be conducted on a monthly basis and the results recorded.
Evacuation procedures and floor plans identifying exit routes are to be prepared and positioned throughout the facility for maximum exposure.
All Emergency Exit doors are to be fitted with mechanical push bars / levers to facilitate a quick and easy access and open outwards in the direction of escape (Section 4).
To facilitate the safe evacuation process from a building once a fire alarm has activated the recruitment and training of Floor Wardens / Fire Marshalls is to be done from with the banks' staff.
Careful selection of individuals and their deputies will ensure all relevant areas are considered and included.
6.0 LIGHTING
Internal and external lighting can enhance the security and safety requirements of the bank and assist the surveillance capabilities of the security guards and CCTV surveillance system.
Application, placement and types of lighting are to be carefully considered as part of the overall requirements.
All CCTV camera locations that do not have built in illumination are to be supported by external lighting.
All identified Restricted Areas are to maintain constant illumination.
All branches are to maintain constant lighting throughout the ground floor.
External lighting is to be available for all entry and exit points of a building including emergency exit doors.
Emergency lighting incorporating an internal battery back up capability is to be available in the event of a power failure and automatically activate.
Emergency lighting is to be fitted in the following locations:
- Emergency Exit Routes
- Emergency Exit Doors
- Fire Extinguisher and Hose Reel Locations
- Manual Fire Alarm Points
- Restricted Areas
Emergency lighting must be capable of operating for minimum of 3 hours and fitted no less than 2m from ground level.
Emergency Exit signs that are not self illuminating and to be covered by the back up system.
7.0 POWERSUPPLY
Whilst the main power for the banks facilities will be supplied from the electrical grid there may be occasions where a disruption or power failure is experienced.
As identified above, all the main security and safety systems are to incorporate an emergency battery / UPS back up system that will provide sufficient power for a minimum of 30 minutes. This is designed to provide sufficient time to secure the premises until normal power is resumed.
In critical facilities the use of emergency generators is to be used. The following locations are to incorporate generators:
- Head Office Buildings
- Regional Head Office Buildings
- Data / Computer Buildings
- Cash Centres / Main Cash Holding Facilities
Dependant upon business and bank requirements، additional buildings / facilities may be identified for generator back up.
8.0 SERVICE AND PREVENTIVE MAINTENANCE
Once systems have been installed it is essential they are properly serviced and maintained by qualified، approved and experienced service providers.
The adoption of a comprehensive service and preventive maintenance contract will mitigate the possibility of system failure in the event of an incident and prolong the life of the equipment.
A minimum schedule of three (3) visits is to be conducted for all locations. Locations include main buildings, branches, data and cash centres, ATMs and warehouses.
8.1 Disposal of Equipment
To ensure the security of information contained on hard drives, internal memory and recordable mediums an effective disposal procedure is to be adopted.
Equipment identified for proper disposal are as follows:
- ATMs
- Point of Sale Hardware
- PCs and Laptops
- Fax Machines
- CCTV Recording Hardware
- Servers and Back Up Units
- CDs and DVDs
Disposal is to take the form of electronic (erasing), or physical (destruction), or a combination of both to ensure the data is permanently removed.
Clear procedures are to be in place for the disposal of the above equipment/items and coordination between the Security and Safety Manager and the Information Security department is to identify the responsibilities dependant upon the internal processes of the bank.
SECTION 4 PHYSICAL SECURITY AND SAFETY
Synopsis
This section describes the minimum requirements and standards for Physical Security and Safety Systems installed throughout the banks facilities.
SECTION 5 CASH IN TRANSIT-BANK PROCEDURES
Synopsis
This section describes the minimum requirements, procedures and standards for Cash in Transit (CIT)operations for all banks.
1.0 INTRODUCTION
The purpose of installing physical security and safety systems is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
Due to the variety and availability of internationally recognised standards It is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.
The every increasing availability of, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependant upon the security and business requirements of the bank.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all physical security and safety system installations.
1.0 INTRODUCTION
The Cash in Transit (CIT) operations currently pose the greatest risk to the banks. It is during the transit and movement of cash and valuables between the secure storage locations that it is most vulnerable.
This section describes the internal procedures and requirements of the bank for the movement, handling and safeguarding of cash and valuables.
As all banks outsource the CIT function a separate document has been prepared for companies that provide this service.
This section is designed to work in coordination and conjunction with the other section requirements outlined within the SAMA Guidelines.
2.0 EXTERNAL SECURITY AND SAFETY MEASURES
The first line of deterrence and protection for any facility is the application of measures to secure the external perimeter.
The effective use of measures and systems will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.
2.0 DEFINITION OF TERMS
Cash:
Includes both local and foreign currency bank notes and coins.
Valuables:
Includes all negotiable documents and materials such as cheques, bills, bonds and guarantees. This also includes precious stones, metals and customer safety deposit boxes.
CIT Manager:
This person is assigned by the bank and responsible for the internal coordination of the CIT service and is to be assisted by identified personnel for kingdom wide operations.
Consignor:
The person or party involved in the dispatch/sending of the cash or valuables.
Consignee:
The person or party involved in the receipt of the cash or valuables.
2.1 Windows and Glass Panels
The increased use of glass in buildings and branches provide an alternative entry point to the much better protected main entrances.
Glass panels provide both a security and a safety risk to a facility, its personnel and customers.
The most vulnerable areas are on ground level and those obscured from public sight. To protect and secure these locations the following options are to be installed:
- Sheet/Tempered Glass - is to have security/blast film (min 200 microns) attached to the inner surface and be secured within the frame. ٨ minimum thickness of 10mm is to be used for the glass panels.
- Laminate Glass - does not require additional measures added to the panels.
Laminate glass panels are to be capable of multiple attacks and be tested/certified by internationally recognised standards.
All ground floor windows/glass panels are to be of clear glass (or maximum 10% tint) and lighting is to be left on during 'out of working' hours to maximise external surveillance.
The use of grills and shutters to secure the facility during 'out of hours' can be used but will not reduce the above requirements for the glass panels.
Windows and glass panels in upper floors still require an element of protection for personnel who may be at risk from flying/broken glass. To ensure the safety of personnel in the upper floors the following options are to be installed:
- Sheet Glass - is to have security/blast film (min 150 microns) attached to the Inner surface and be secured within the frame.
- Tempered / Laminate Glass - does not require additional measures added to the panels.
2.2 Main Entrances
All bank facilities are to have at least one main entrance that is to be used for its primary access control point.
These entrances are to be kept to a minimum to ensure their control of access and surveillance capability. All staff and service entrances are to be treated in the same way.
All glass doors are to conform to the above standards (2.1) in the type and protection required.
All non-glass doors are to be of solid wood or steel construction and fitted with an eye-hole if an observation window is not available.
All access doors to the main entrances are to have a manual locking capability regardless of its primary operating action.
Dependant upon the use of the main entrance, the results of a Security Risk Assessment (SRA) and the procedures identified within the Entry Point Screening procedures of the Corporate Security and Safety Plan (CSSP), the following screening equipment may be required:
- Baggage X-Ray Screener
- Archway Metal Detector
- Hand Held Metal Detectors
2.3 Emergency Exits
Emergency exit doors are the primary means of exiting a facility in the event of an incident and should provide unrestricted use from the inside.
As these locations are easily accessible from the outside they are to be secured using the following measures:
Internally:
- A mechanical push bar/lever is to be fitted to the internal surface.
- Electronic locking systems are to be on a 'fail open' setting.
- Magnetic Contact connected to the Intruder Alarm System
- CCTV Camera
- An eye-hole.
- Appropriate exit signage and lighting.
Externally:
- Flat door plate with no handle.
- CCTV Camera and PIR.
As part of the fire safety requirements, all routes leading to the emergency exit are to be clear of obstructions and have appropriate signage and lighting to facilitate easy exit.
2.4 ATM Locations
In addition to a facilities' cash holding areas the Automated Teller Machines (ATM) are to be considered high risk. The diversity in their locations (Branch, Drive Up, and stand Alone) and the cash they hold make them an attractive target compared to highly secured locations such as vaults and safes contained within buildings and branches.
Only internationally recognised standards and providers are to be used in the purchase of ATM units.
Whilst the locations are dictated by the bank in conjunction with SAMA and Police approval، there are a number of minimum security requirements and are as follows:
- All ATM units are to be securely fixed to a solid base using at least four (4) points.
- All cabling is to be buried/hidden where possible.
- All exposed cabling is to be contained within a steel conduit.
- All waste paper containers should only facilitate the use of receipt slips and be self extinguishing.
- All ATM units are to have external lighting on 24 hour operation.
- All intruder/fire panels are to have tamper sensors fitted.
All ATM cabinets are to have the following security measures:
a. Access via high security lock and cylinder or electronic access control. b. Door contact connected to intruder alarm panel. c. Seismic/Vibration Sensor (Section 3) d. PIR connected to the intruder alarm panel (Section 3). e. Hold Up Button (Section 3). f. Smoke and Heat Sensor. g. External alarm bell and strobe.
All ATM units are to have CCTV surveillance (Section 3) that is recorded on its own Digital Recording system, or remotely, through the system incorporated within branch it is attached to.
All ATM units are to be connected to a remote Central Monitoring Station (CMS) for the activation of alarms from any of the fitted sensors.
3.0 INTERNAL SECURITY AND SAFETY MEASURES
Should the external security and safety measures be defeated and/or bypassed the internal systems are designed to delay and deter criminal activity as part of a layered methodology.
The internal security measures primarily concentrate on the Restricted Areas identified within ه facility so that security can be effectively and efficiently focused.
Restricted Areas: are considered as follows:
- Vaults, Safes and Safety Deposit Rooms
- Teller Areas
- ATM Service Rooms
- Cash Holding Areas
- Cash Handling Areas
- Building Access / Entry Points
- Security Control Room
- Data / Computer Rooms
- IT / Communication Rooms
- Disaster Recovery (DR) Sites
- Electrical Rooms
Additional locations can utilise either electronic and/or mechanical means to secure their access and include the following:
- ATM Cabinets
- Generator Rooms
- PTT/PABX Room
- SCECO Switch Room
- Electrical Rooms
All Restricted Area doors are to have effective heavy duty door closures fitted.
3.0 RECORDS AND DOCUMENTATION
To ensure the security and safety of the CIT operations the bank is responsible for maintaining and coordinating the necessary documentation for the movement and handling of cash and valuables.
The following records and documentation is required:
- CIT Operating Schedule -an operating schedule is to be prepared by the bank or CIT service provider for all transportation, deliveries, pick ups and ATM replenishments. The schedule is to be sent to the police by the end of the previous working day. Copies of the schedule are to be held by the bank and CIT service provider.
CIT Transfer Record - a transfer record of all cash and valuables is to be maintained by the bank and include the following:
a. Names and signatures of carriers, consignees and consignor b. Date and time of transfer c. Cash amount or content of consignment d. Condition of consignment e. Seal numbers f. Departure and destination Corporate Security and Safety Plan (CSSP) - the CSSP is to include a detailed list of procedures and processes for the internal movement and handling of cash and valuables. These procedures are to be sent to SAMA for verification and approval. Procedures are required for the following:
a. Custodians / ATM replenishment teams b. Branches (Vaults / Safes / Safety Deposit Boxes) c. Cash Centres / Holding Areas
The bank is responsible for the compliance of these guidelines and may utilise the services of an external security consultant to ensure the CIT requirements are met for all applicable facilities and equipment.
The CIT Manager and/or the Security and Safety Manager are responsible for the implementation, coordination and maintenance of the above requirements.
3.1 Mechanical Locks
Mechanical locks using keys are a standard means of securing doors throughout a facility.
In addition to the considered use of an electronic access control system, appropriate mechanical locks can be used in conjunction, or as a replacement, for the security of Restricted Areas (Section 3).
To compliment the electronic security and safety measures the physical requirements are as follows:
- All doors are to be of solid wood or steel construction with same quality material for door frames.
All locks/cylinders are to be of high security standard with deadlocking mechanism and resistant to the following:
a. Picking b. Drilling c. Overlift and Reading d. Rap and Rake - All hinges are to be of steel heavy duty standard with non-rising or removable pins.
- All doors are to have heavy duty door closures fitted.
- All doors are to have appropriate security signage for Restricted Areas.
Restricted Areas are to be completely sealed outside the main entry points that are secured by the above / or electronic means. All false ceilings, floors, AC vents and other access points are to be considered and secured. All walls are to be of brick/block construction.
The other major consideration concerning mechanical locks is in the security and control of the keys.
As part of the requirements of the Corporate Security and Safety Plan (CSSP) the following is to be established for keys that access Restricted Areas:
- Log of all keys and the controlling department.
- Secure storage and issue procedures.
- Cylinder/Lock/ Key replacements.
- Regular audits / inspections of the keys and issue log.
- Issue, storage and security of master keys and blanks.
3.2 Teller Areas
The teller areas are considered Restricted Area and Incorporate a number of electronic security systems/sensors (Section 3) to protect them during working and silent hours.
The main threat against the tellers is a hostile attack from a customer, armed robbery and direct access to the vault, safe and/or cash holding area.
In consideration with the electronic systems, security guards and effective procedures that accommodate the main threats, the following options are available for protecting the teller area:
Option 1: Open Cash Drawer
- Tempered/Hardened glass (Min 10mm in thickness) is to be fitted to the top of the teller counter and extend for a minimum of 2m in height.
- Construction below the counter is to be of double brick/block with an external layer steel sheet.
Option 2: Automated Cash Dispenser
An Automated Cash Dispenser 15 fitted to each teller position. The dispenser is to be securely fixed to the floor using at least 4 points and have the following security measures:
a. Mechanical / Electronic access control mechanism. b. Seismic / Vibration sensor (Section - Suitable and appropriate signage is to be used to identify the use of Automated Cash Dispensers.
The main purpose of the above options is to provide additional delay for the police to respond as well as maximising the protection of the teller personnel, branch staff and customers.
As a result of a Security Risk Assessment (SRA) of the branch there may be a requirement to fit tempered/hardened glass to the top of the teller counter for Option 2. This will be dependant upon the risks identified in the area.
3.3 VAULTS AND SAFES
The primary storage, security and safekeeping for the majority of cash holdings, valuables and high value documents in a facility are kept in the designated vault and/or safe.
Vault
In addition to the electronic security systems identified in Section 3, the following physical measures are to be incorporated:
- Vaults are to have walls, floor and ceiling of steel reinforced concrete with a minimum thickness of 30cm.
- Reinforcing is to be in horizontal and vertical staggered rows of 10cm forming a grid pattern using N05 diameter deformed steel bars. minimum of at least two (2) grid patterns shall be used.
- The grids are to be in parallel with the face of the walls and secured using beam bolsters, wall ties or upper continuous high chairs and fastened together at the corners.
- The use of modular panels can be used if materials are rated to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 60 minutes.
- The main door is to be constructed of high strength stainless steel with a minimum thickness of 10cm. The door is to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 60 minutes.
- A double rotary mechanical combination and key system is to be used for access control of the main door. The keys are to be under dual control of two (2) senior bank/branch officers. Spare keys are to be kept and combinations are to be kept In a neighbouring branch vault.
- The frame of the main door is to be welded to the walls reinforcing bars and filled with concrete.
- A steel day gate is to be fitted with two (2) high security cylinders on both sides.
- If an optional emergency door is installed it must conform to the specifications of the main door.
- An emergency vault ventilator must be provided in the wall or vault door.
- A telephone is to be fitted inside the vault.
- All cables connected to the vaults security and safety systems are to be secured and protected within steel conduit.
Storage Requirements
The purpose of the below table is to provide a minimum security requirement for the identified amounts of cash and valuables. Where extremely high amounts (in excess of SR 20,000,000) are stored، protection levels and specifications are to be investigated and assessed separately.
Storage Requirement for Cash and Valuables
Amount/Value
(Cash and Valuables)
Storage Type
Over SR 2,000,000 Vault SR 500,000 to SR
2,000,000
Safe 'Type A’ Up to SR 500,000 Safe 'Type B’ Safes
A safe is defined as a free standing, prefabricated secure storage unit whose protection originates in the prefabrication and which does not have holes through the protection other than those for locks and cables for anchoring,
The safe is to be designed and manufactured to meet stringent international testing authority standards and be approved and/or listed by an international recognised testing laboratory or agency.
The safe is to have a dual control mechanism that consist of one (1) of the following:
- 2 X Combination Locks
- 2 X Key Locks
- Combination and Key Lock
The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.
The safe must be positioned in a Restricted Area will the associated protection and systems identified within these guidelines.
Type A:
The minimum weight for this safe is 750kg (empty) and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.
All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 30 minutes.
Type B:
The minimum weight for this safe is 200kg and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.
All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene)، mechanical and/or electrical tools for a net working time of 15 minutes.
3.4 Safety Deposit Box Room
Customer safety deposit boxes are to be contained within a room that incorporates the same requirements and standards as listed above for a vault.
The electronic security systems (Section 3) are also those required for this location. Special attention in the fitting of the internal CCTV camera is to be considered to ensure it does not cover the area designated for the customer to inspect its content.
All safety deposit boxes are to have dual control high security cylinders.
3.5 Strong Rooms
In addition to the use of the above listed vault and safes there may be a requirement to store other sensitive material and documents separately. These items may include the following:
- Documents classified Confidential and above.
- Stocks of Cheque Books.
- Bills, Securities and Guarantees.
- Official Seals
- Shares and Bond Documents
- Spare Master Keys
If existing facilities for storage are not available the strong rooms are to have the same requirements designated for the vault. The only differences are as follows:
- Vaults are to have walls, floor and ceiling of steel reinforced concrete with a minimum thickness of 15cm.
- The main door is to be constructed of high strength stainless steel with a minimum thickness of 10cm. The door is to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 15 minutes.
3.6 Cabinets
In addition to the above listed secure storage rooms there may be a requirement to secure and protect other materials.
The use of cabinets primarily provides protection against fire and environmental damage. Whilst they do provide a level of security this should be considered limited.
All cabinets are to have locks that, if tampered with, will provide visual evidence.
Fire Resistant Cabinets:
The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.
The fire resistant cabinets are designed to protect environmentally sensitive items such as:
- Microfilms and Microfiche
- Insurance Files
- Documents classified below Confidential
Steel Cabinets:
The steel cabinets are designed to protect sensitive items such as:
- Account Documents
- Unclassified Mail
- Specimen Signatures
- Date, Authority and Signature Stamps
- Registers
- Security and Safety Plans
3.7 Fire Safety Equipment
The risk of a fire in a facility is potentially greater than any other form of hazard or incident type. The ability to effectively detect and quickly extinguish a fire is critical in minimising the potential damage to life and the assets of the bank.
In addition to the electronic safety systems (Section 3) it is the use of automated and hand held fire suppression systems that will ensure an effective response.
The positioning, quantity and use of these equipments are available through international standards (eg NFPA), Civil Defence standards and requirements. These should also be clearly identifies within the Corporate Security and Safety Plan along with the identification of responsible personnel, their training on how to use the equipment and in emergency evacuation procedures.
The main suppression equipment types are as follows:
Water Sprinkler Systems:
Dependant upon Civil Defence requirements on the locations, standards and specifications the bank is to install an automated water sprinkler system to all underground car parking areas.
Clean Gaseous Systems:
In sensitive electrical locations there is a requirement to minimise the damage to the equipment in the event of an automated system activating.
This Is achieved by using a system such as FM200 (or equivalent) but will require the room to be sealed against air leaks. Due to the non toxic nature of this type of system it is also considered essential in similar areas that are occupied by bank staff and/or contractors.
Fire Extinguishers and Fire Hoses:
A wide range of fire extinguisher types are available (water, powder, chemical) and their positioning will be dependant upon the locations they are designed to protect.
The majority of extinguishers will be water based (Class A Fires). Electrical / Computer rooms will require the use of dry powder types (Class c Fires) and positioned accordingly. The minimum capacity for any extinguisher is to be not less than 6kg.
Should extinguishers over 10kg be required they should be trolley based.
The positioning of fire hoses is to ensure sufficient coverage is achieved between them so that no area cannot be reached or Is inaccessible.
Emergency water supplies are to be available to support the hoses in the event of a failure of the mains water supply. This can be achieved by reserving a given amount of water in the existing water tanks or by having a separate tank specifically for the fire fighting system.
The use of generators (Section 3) will also be required to support the pumps in the event of power loss.
Signage is to be located at each position where extinguishers and fire hoses are fitted.
As a minimum requirement they are to be located in the following areas:
- Floor lobby areas
- Emergency Exits
- Restricted Areas (Fire Extinguishers dependant upon type required)
4.0 TRANSPORTATION REQUIREMENTS
The external transportation of cash and valuables is primarily undertaken by CIT service providers. The requirements, procedures and regulations for these companies are contained within the separate document ‘Cash in Transit Procedures for Transportation Companies'.
To ensure the secure and safe movement and handling of cash and valuables, the minimum requirements for banks are as follows:
- Canvas Bag Container - to have a double flap and be capable of attaching a uniquely numbered plastic or metal seal.
- Cassette Container - to be constructed of heavy duty plastic or metal and be capable of attaching a uniquely numbered plastic or metal seal.
- Self Sealing Container - to be constructed of thin gauged plastic and be individually coded and/or numbered.
The bank is responsible for the coordination، verification and performance of the CIT service provider. Regular assessments of the service providers' procedures are to be conducted by the CIT Manager, Security and Safety Manager and/or external consultant.
The transportation of cash and valuables outside the banks property is to be notified to the appointed police contact by the bank or CIT service provider.
Should the CIT service provider not be able to deliver a consignment in time the SLA is to clearly identify the procedures for storing and securing it until it can be delivered.
The use of the above mentioned CIT Operating Schedule will ensure the police are aware of the routes, locations and activities.
Whilst it is preferable to have a police escort and presence during the delivery operations and ATM replenishment it may not be possible due to availability of resources. It is the banks responsibility to ensure they are informed and maintain the CIT schedule they, or the service provider, has established.
The CIT Manager is responsible for the coordination of the schedule and that the police are provided sufficient notice.
5.0 CIT-PREPARATION
To ensure suitable supervision, accountability and security in the preparation of the cash and valuables for transportation, this is to be a dual control operation. A minimum of two (2) bank employees are responsible for the counting, packing and sealing of the bags/containers. Ultimate responsibility is with the following personnel:
- Cash Officer
- Chief Cashier/Teller
Nominated deputies can undertake this task but must be authorised by the above.
Dual control is to be maintained until the transfer has taken place and the CIT Transfer Form has been completed.
The Branch Manager or Cash Centre Manager is to coordinate with the above staff to identify the transfer of cash and valuables for the next working day with the CIT service provider.
The CIT Manager or representatives are to ensure the CIT Transfer Forms and Records are correctly completed, maintained and securely stored for each location.
6.0 CIT-DISPATCH
Once the preparatory phase has been completed the two (2) authorised personnel are to recheck seals and the security of the bags or containers and verify the transporting personnel against their ID cards.
On completion and signing of the CIT Delivery Receipt Form the bags or containers are to be handed over to the authorised carriers.
The original and a copy of the CIT Transfer Form are to be sent in a sealed envelope to the consignee.
If cash or valuables are being sent to SAMA an authorised bank employee is to be present during the handover. The authorised employee is to acknowledge the receipt of the consignment from the carriers after checking the bags or containers are securely sealed.
The authorised bank employee is then to deposit the consignment, forward the deposit receipt and record the transaction.
7.0 CIT-RECEIPT
Only authorised bank employees are to receive the cash and valuables from the carrier along with the CIT Transfer Form.
On verifying that the bags or containers are securely sealed the two (2) authorised bank employees are to sign the CIT Delivery Receipt Form.
On confirming the contents of the bags or containers are correct and in order, the two (2) authorised bank employees are to sign the CIT Transfer Form.
On completion and recording of the checks and receipt of the consignment, a copy of the CIT Transfer Form is to be sent to the consignor.
The Cash Officer or Cash Centre Manager is responsible for checking the forms and records in line with the procedures laid down in the CSSP.
Cash and valuables being received from SAMA is to follow the above (6.0) requirements.
8.0 CIT- DISCREPANCIES
If a discrepancy is identified during the preparation, receipt or delivery of cash and valuables the following actions are to be undertaken:
Insecure Bags or Containers - in the event of tampering, missing seals and/or any other signs of insecurity of the bags or containers they are to be refused unsigned and returned to the carrier immediately for investigation.
The authorised checking personnel are to make a report and the following are notified and sent a copy of the report:
a. Cash Officer /Cash Centre Manager b. Branch Manager c. CIT Manager/Regional Representative d. Consignor Manager
When returned consignor the bag or container is to be checked by the original authorised personnel for verification.
In the event of a loss of cash or valuables a report is to be prepared and signed by both the consignor and consignee.
- Discrepancy in Cash or Valuables - in the event of a discrepancy between the CIT Transfer Form and the contents of the bag or container the above actions are to be followed once a confirmation has been made between the Branch Manager / Cash Centre Manager and the consignor regarding the CIT Transfer Form..
All original reports are to be held and maintained by the CIT Manager for safe keeping.
Dependant upon the nature of the incident and whether it was resolved or not, the CIT Manager may involve the Security and Safety Manager and/or other identified personnel should further investigations be required,
Training is to be provided for personnel authorised to conduct these operations that includes the following:
- Anti Money Laundering (AML)
- Procedures and processes for the movement of cash and valuables as per the CSSP
- Procedures in the event of armed robbery and/or criminal acts
9.0 ATM
The replenishment and servicing of Automated Teller Machines (ATM) is to be regarded as a CIT operation when the machine cannot be replenished within a secure area.
The replenishment operation is to be undertaken by a minimum of two (2) authorised personnel.
All replenishment operations are to be conducted in the presence of armed guards.
Lobby ATMs:
Where relevant, all doors and access points to the ATM lobby or replenishment area are to be secured and locked prior to the opening of the ATM.
The use of blinds and screens are to be maximised to prevent unnecessary visibility of the replenishment operation
External ATMs:
The replenishment teams will be assisted by the team in the armoured car. The cash containers are to remain in the vehicle until they are required and are as close to the ATM as possible.
During the replenishment the armoured car team is to remain vigilant and is responsible for the protection of the team and the cash containers.
Dependant upon availability the police may also be present to provide additional security and protection to the replenishment teams and the cash containers.
Should the replenishment schedule change from the prepared itinerary this is to be communicated back to the CIT Manager or regional representative. Any changes are to be sent to the nominated contact in the police to ensure their presence during transit and replenishment operations.
Police presence is dependant upon availability of resources and CIT operations should maintain their schedule of timings and identified routes.
Training is to be provided for personnel authorised to conduct these operations that Includes the following:
- ATM Security and Safety Systems
- Procedures and processes for the movement of cash and valuables as per the CSSP
- Procedures In the event of armed robbery and/or criminal acts
SECTION 6 SECURITY GUARDS FOR MAIN BUILDINGS AND BRANCHES
Synopsis
This section describes the minimum requirements and standards for Security Guards operating through out the banks Main Buildings and Branches.
1.0 INTRODUCTION
In addition to the installation and implementation of other security and safety measures to protect the banks' main buildings and branches, a security guarding service to be used.
The purpose of using security guards is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for the use of security guards for the banks main buildings and branches.
2.0 RESPONSIBILITIES AND REQUIREMENTS
The security guard(s) is intended to compliment the use of other security and safety systems, measures and equipment.
The deployment of security guards throughout the banks main buildings and branches is to be closely monitored and supervised by the service provider and the banks personnel.
To ensure sufficient guards are available to carry out their responsibilities, an assessment is to be carried out to identify the quantity and requirements. This can be part of the Security Risk Assessment or undertaken as a separate report.
The security guards can be contractors or directly employed by the bank.
Detailed responsibilities and requirements are to be identified within the Corporate Security and Safety Plan (CSSP) and controlled, monitored and enforced by the Security and Safety Manager.
The primary responsibilities of the security guard is as follows:
- Provide an effective physical and visual deterrent.
- Provide effective control of access and entry points.
- Provide an effective response to security and safety incidents.
The primary requirements of the security guard is as follows:
- They are to be a Saudi national.
- Clearly identifiable and appropriate uniform is to be worn at all times.
- Maintain the Security Guard Shift Report.
- Fully trained and prepared for their function and location.
All security guard reception/entry locations are to maintain a Shift Report that records all the events and activities for each shift. The security guard/supervisor is to include the following Information:
- Date, time and guard names for each shift changeover.
- Suspicious activity identified during the shift period.
- Incidents/Events during the shift period.
- Activation of Alarms.
- Security and Safety equipment check and test.
The Security and Safety Manager is to ensure that the information contained within the Security Guard Shift Report is reported, acknowledged and any appropriate action taken. Apart from immediate/emergency actions the report is to be checked and acknowledged at the start of each working day.
Prior the changeover between shifts, the oncoming guard is to have physically checked his area of responsibility and acknowledged the content of the previous shift report.
All security guard locations are to have detailed Post Instructions that clearly identify their function, responsibilities, incident response and reporting chain. These will form part of the CSSP (Section 2).
The effective use of security guards will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.
3.0 ACCESS CONTROL
One of the primary responsibilities of the security guard is the control of access to the building or branch.
To assist in the control and identification of personnel an ID Card system is to be employed by all banks.
All security guards are to be aware of the Restricted Areas within their area of responsibility.
All buildings and branches are to have 24 hour security guard presence and working hours and overtime are to conform to the regulations laid down in the Saudi Labour Laws and are the responsibility of the service provider.
The security guards are responsible for the enforcement of Clear Desk Policy and are to report any infringements within their shift reports.
3.1 Main Buildings
To ensure the identity and control of the different personnel working and visiting the building, the following are to be clearly identified:
- Permanent Employees
- Contractors
- Visitors
The security guard is to enforce the wearing and prominent display of the issued ID cards by all personnel working and visiting the building.
A Building Log Sheet is to be maintained at each reception/access point. The log sheets are to include all personnel (without ID) and visitors that enter the building. The information is to include the following:
- Name, contact number and date
- Type of ID used
- Person Visited/Employee Dept
- Time in and out
Visitors are issued temporary ID cards once the following has been confirmed:
- Confirmation of visit/appointment by bank employee.
- Confirmation of visitor by official identification (picture and name).
Visitors are not to be given access without being escorted by the visited bank employee or a security guard. The bank employee is responsible for their visitor until they are returned to the reception desk and logged out.
The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).
3.2 Branches
To ensure the identity and control of the different personnel working In the branch, the following are to be clearly identified:
- Permanent Employees
- Contractors
The security guard is to enforce the wearing and prominent display of the issued ID cards by all employees and contractors whilst working in the branch.
Customers are only permitted entry during the banks official opening hours.
Cash In Transit (CIT) operations are considered a separately and can be found in Section 5.
Bank employees are only permitted access to the branch during out of hours if prior permission has been provided by the Branch Manager or his nominated deputy.
Access to the branch out of working hours, regardless of permission, is to be visually confirmed by the guard prior to allowing entry.
The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).
3.3 Cleaning Personnel
All cleaning personnel are to be escorted and/or supervised whilst working within Restricted Areas during out of hours. This can be undertaken by a bank employee or the security guard dependant upon the policy of the bank.
The contract company providing the cleaning services are to issue a list of all personnel, and their duty hours, to the building reception desk or branch security guard.
Changes to the names and/or hours are to be confirmed in writing by the nominated supervisor/manager of the service provider.
4.0 ADDITIONAL CONSIDERATIONS
Whilst it is mandatory for all buildings and branches to maintain 24 hour security, the installation of a remotely monitored alarm/surveillance capability may be considered for the reduction in security guard numbers and presence.
All implemented and/or proposed systems should be prepared in writing and sent direct to SAMA for review and consideration.
Secretariat General of The Council of Ministers Decision No. 79 Dated 14-7-1414 H
The Council of Ministers,
Having reviewed Royal Order No. A/112 dated 28-6-1414 H, and
Having reviewed the file sent by the Council of Ministers Presidency Bureau No. 98/8 dated 1-3-1412H, containing the cable of HRH the Foreign Minister No. 96/32/501/4845/1 dated 18-2-1412 H, referred to in the minutes of the Committee formed by Royal Order No. 5/1820 dated 3-2-1411 H, to study the membership of the Kingdom in the International Convention for the Protection of Literary and Artistic Works of 1952, amended in Paris on 24 July, 1971 A.D and sponsored by UNESCO, and
Having reviewed the memorandum of the Experts Committee of the Council of Ministers No. 114 dated 7-11-1412 H, and
Having reviewed the recommendation of the General Committee of the Council of Ministers No. 17 dated 11-1-1413 H, and
Having reviewed the minutes of the Experts Committee meeting No. 5 dated 15-6-1414 H, and
Having reviewed the recommendation of the General Committee at the Council of Ministers No. 150, dated 5-7-1414 H, and
Having studied the International Convention For The Protection of Literary and Artistic Works, as amended in Paris on July 24, 1971 A.D, which stated in paragraph (3) of Article (9) that:
"A State which is not a party to the 1952 Convention shall be considered a party to that Convention if it joins the Paris Convention. However, this State may, if it presents its membership credentials before the present Convention goes into effect, suspend its membership until this Convention goes into effect, after which date no State may become a member of the 1952 Convention alone." And
After studying the 1952 Convention at the Council of Ministers,
Decides:
To approve the Kingdom's membership in the International Agreement For The Protection of Literary and Artistic Works, amended in Paris on 24 July, 1971 A.D.
A draft Royal Decree has been prepared in this respect (copy attached).
Signed
President of the Council of Ministers
M/12
Dated: 16-7-1414 H
With the Help of God,
We King Fahd bin Abdul Aziz Al Saud, King of the Kingdom of Saudi Arabia,
Having reviewed article 70 of the Constitutional Regulation issued by Royal Order No. A/90 dated 27-8-1412 H, and
Pursuant to Royal Order No. A/112 dated 28-6-1414 H, and
Pursuant to article 20 of the Councils of Ministers Regulations issued by Royal Order No. A/13 dated 3-3-1414 H, and
Having reviewed the International Convention For The Protection of Literary and Artistic Works, as amended in Paris on 24 July, 1971 A.D, and
Having reviewed the 1952 International Convention For The Protection of Literary and Artistic Works, and
Pursuant to the Council of Ministers Decision No. 7 dated 14-7-1414 H.
Decree as follows:
To approve the membership of the Kingdom of Saudi Arabia in the International Convention For The Protection of Literary and Artistic Works, as amended in Paris on 24 July, 1971 A.D, in its attached version.
HRH the Vice President of the Council of Ministers and the Ministers shall implement this Decree of ours, each in his own capacity.
Signed
King Fahd Bin Abdul Aziz Al Saud
Berne Convention for the Protection of Literary and Artistic Works
of September 9, 1886 A.D, completed at PARIS on May 4, 1896 A.D, revised at BERLIN on November 13, 1908 A.D, completed at BERNE on March 20, 1914 H, revised at ROME on June 2, 1928 A.D, at BRUSSELS on June 26, 1948 A.D, at STOCKHOLM on July 14, 1967 A.D, and at PARIS on July 24, 1971 A.D, and amended on October 2, 1979 A.D.
Appendix Special Provisions Regarding Developing Countries
Article I : Faculties Open to Developing Countries :
1. Availability of certain faculties; declaration; 2. Duration of effect of declaration; 3. Cessation of developing country status; 4. Existing stocks of copies; 5. Declarations concerning certain territories; 6. Limits of reciprocity.
Article II : Limitations on the Right of Translation :
1. Licenses grantable by competent authority; 2 to 4.
Conditions allowing the grant of such licenses; 5. Purposes for which licenses may be granted; 6. Termination of licenses; 7. Works composed mainly of illustrations; 8. Works withdrawn from circulation; 9. Licenses for broadcasting organization.
Article III. Limitation on the Right of Reproduction:
1. Licenses grantable by competent authority; 2 to 5. Conditions allowing the grant of such licenses; 6. Termination of licenses. 7. Works to which this Article applies.
Article IV : Provisions Common to Licenses Under Article II and III :
1 and 2. Procedure. 3. Indication of author and title of work; 4. Exportation of copies; 5. Notice; 6. Compensation.
Article V : Alternative Possibility for Limitation of the Right of Translation :
1. Regime provided for under the 1886 and 1896 Acts; 2. No possibility of change to regime under Article II; 3. Time limit for choosing the alternative possibility.
Article VI : Possibilities of applying, or admitting the application of, certain provisions of the Appendix before becoming bound by it :
1. Declaration; 2. Depository and effective date of declaration.
The countries of the Union, being equally animated by the desire to protect, in as effective and uniform a manner as possible, the rights of authors in their literary and artistic works,
Recognizing the importance of the work of the Revision Conference held at Stockholm in 1967, Have resolved to revise the Act adopted by the Stockholm Conference, while maintaining without change Articles 1 to 20 and 22 to 26 of the Act.
Consequently, the undersigned Plenipotentiaries, having presented their full powers, recognized as in good and due form, have agreed as follows :
Article 1 [Establishment of a Union]1
The countries to which this Convention applies constitute a Union for the protection of the rights of authors in their literary and artistic works.
1 Each Article and the Appendix have been given titles to facilitate their identification. There are no titles in the signed (English) text
Article 2
Protected Works : 1. "Literary and artistic works";
2. Possible requirement of fixation; 3. Derivative works; 4. Official texts; 5. Collections; 6. Obligation to protect; beneficiaries of protection; 7. Works of applied art and industrial designs; 8. News]
(1) The expression "literary and artistic works" shall include every production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression, such as books, pamphlets and other writings; lectures; addresses, sermons and other works of the same nature; dramatic or dramatico-musical works; choreographic works and entertainments in dumb show; musical compositions with or without words; cinematographic works to which are assimilated works expressed by a process analogous to cinematography; works of drawing, painting, architecture, sculpture, engraving and lithography; photographic works to which are assimilated works expressed by a process analogous to photography; works of applied art; illustrations, maps, plans, sketches and three-dimensional works relative to geography, topography, architecture or science. (2) It shall, however, be a matter for legislation in the countries of the Union to prescribe that works in general or any specified categories of works shall not be protected unless they have been fixed in some material form. (3) Translations, adaptations, arrangements of music and other alterations of a literary or artistic work shall be protected as original works without prejudice to the copyright in the original work. (4) It shall be a matter for legislation in the countries of the Union to determine the protection to be granted to official texts of a legislative, administrative and legal nature, and to official translations of such texts. (5) Collections of literary or artistic works such as encyclopedias and anthologies which, by reason of the selection and arrangement of their contents, constitute intellectual creations shall be protected as such, without prejudice to the copyright in each of the works forming part of such collections. (6) The works mentioned in this Article shall enjoy protection in all countries of the Union. This protection shall operate for the benefit of the author and his successors in title. (7) Subject to the provisions of Article 7(4) of this convention, it shall be a matter for legislation in the countries of the Union to determine the extent of the application of their laws to works of applied art and industrial designs and models, as well as the conditions under which such works, designs and models shall be protected. Works protected in the country of origin solely as designs and models shall be entitled in another country of the Union only to such special protection as is granted in that country to designs and models; however, if no such special protection is granted in that country, such works shall be protected as artistic works. (8) The protection of this Convention shall not apply to news of the day or to miscellaneous facts having the character of mere items of press information. Article 2bis
[Possible Limitation of Protection of Certain Works : 1. Certain speeches; 2. Certain uses of lectures and addresses; 3. Right to make collections of such works]
(1) It shall be a matter for legislation in the countries of the Union to exclude, wholly or in part, from the protection provided by the preceding Article political speeches and speeches delivered in the course of legal proceedings. (2) It shall also be a matter for legislation in the countries of the Union to determine the conditions under which lectures, addresses and other works of the same nature which are delivered in public may be reproduced by the press, broadcast, communicated to the public by wire and made the subject of public communication as envisaged in Article 11bis (1) of this Convention, when such use is justified by the informatory purpose. (3) Nevertheless, the author shall enjoy the exclusive right of making a collection of his works mentioned in the preceding paragraphs. Article 3
[Criteria of Eligibility for Protection : 1. Nationality of author; place of publication of work; 2. Residence of author; 3. "Published" works; 4. "Simultaneously published" works]
(1) The protection of this Convention shall apply to : (a) authors who are nationals of one of the countries of the Union, for their works, whether published or not; (b) authors who are not nationals of one of the countries of the Union, for their works first published in one of those countries, or simultaneously in a country outside the Union and in a country of the Union. (2) Authors who are not nationals of one of the countries of the Union but who have their habitual residence in one of them shall, for the purposes of this Convention, be assimilated to nationals of that country. (3) The expression "published works" means works published with the consent of their authors, whatever may be the means of manufacture of the copies, provided that the availability of such copies has been such as to satisfy the reasonable requirements of the public, having regard to the nature of the work. The performance of a dramatic, dramatico-musical, cinematographic or musical work, the public recitation of a literary work, the communication by wire or the broadcasting of literary or artistic works, the exhibition of a work of art and the construction of a work of architecture shall not constitute publication. (4) A work shall be considered as having been published simultaneously in several countries if it has been published in two or more countries within thirty days of its first publication. Article 4
[Criteria of Eligibility for Protection of Cinematographic Works, Works of Architecture and Certain Artistic Works]
The protection of this Convention shall apply, even if the conditions of Article 3 are not fulfilled, to :
(a) authors of cinematographic works the maker of which has his headquarters or habitual residence in one of the countries of the Union; (b) authors of works of architecture erected in a country of the Union or of other artistic works incorporated in a building or other structure located in a country of the Union. Article 5
[Rights Guaranteed : 1. and 2. Outside the country of origin; 3. In the country of origin; 4. "Country of origin"]
(1) Authors shall enjoy, in respect of works for which they are protected under this Convention, in countries of the Union other than the country of origin, the rights which their respective laws do now or may hereafter grant to their nationals, as well as the rights specially granted by this Convention. (2) The enjoyment and the exercise of these rights shall not be subject to any formality; such enjoyment and such exercise shall be independent of the existence of protection in the country of origin of the work. Consequently, apart from the provision of this Convention, the extent of protection, as well as the means of redress afforded to the author to protect his rights, shall be governed exclusively by the laws of the country where protection is claimed. (3) Protection in the country of origin is governed by domestic law. However, when the author is not a national of the country of origin of the work for which he is protected under this Convention, he shall enjoy in that country the same rights as national authors. (4) The country of origin shall be considered to be : (a) in the case of works first published in a country of the Union, that country; in the case of works published simultaneously in several countries of the Union which grant different terms of protection, the country whose legislation grants the shortest term of protection; (b) in the case of works published simultaneously in a country outside the Union and in a country of the Union, the latter country; (c) in the case of unpublished works or of works first published in a country outside the Union, without simultaneous publication in a country of the Union, the country of the Union of which the author is a national, provided that : (i) when these are cinematographic works the maker of which has his headquarters or his habitual residence in a country of the Union, the country of origin shall be that country, and (ii) when these are works of architecture erected in a country of the Union or other artistic works incorporated in a building or other structure located in a country of the Union, the country of origin shall be that country. Article 6
[Possible Restriction of Protection In Respect of Certain Works of Nationals of Certain Countries Outside the Union : 1. In the country of the first publication and in other countries; 2. No retroactivity; 3. Notice]
(1) Where any country outside the Union fails to protect in an adequate manner the works of authors who are nationals of one of the countries of the Union, the latter country may restrict the protection given to the works of authors who are, at the date of the first publication thereof, nationals of the other country and are not habitually resident in one of the countries of the Union. If the country of first publication avails itself of this right, the other countries of the Union shall not be required to grant to works thus subjected to special treatment
a wider protection than that granted to them in the country of first publication.
(2) No restrictions introduced by virtue of the preceding paragraph shall affect the rights which an author may have acquired in respect of a work published in a country of the Union before such restrictions were put into force. (3) The countries of the Union which restrict the grant of copyright in accordance with this Article shall give notice thereof to the Director General of the World Intellectual Property Organization (hereinafter designated as "the Director General") by a written declaration specifying the countries in regard to which protection is restricted, and the restrictions to which rights of authors who are nationals of those countries are subjected. The Director General shall immediately communicate this declaration to all the countries of the Union. Article 6 bis
[Moral Rights : 1. To claim authorship; to object to certain modifications and other derogatory actions; 2. After the author's death; 3. Means of redress]
(1) Independently of the author's economic rights, and even after the transfer of the said rights, the author shall have the right to claim authorship of the work and to object to any distortion, mutilation or other modification of, or other derogatory action in relation to, the said work, which would be prejudicial to his honor or reputation. (2) The rights granted to the author in accordance with the preceding paragraph shall, after his death, be maintained, at least until the expiry of the economic rights, and shall be exercisable by the persons or institutions authorized by the legislation of the country where protection is claimed. However, those countries whose legislation, at the moment of their ratification of or accession to this Act, does not provide for the protection after the death of the author of all the rights set out in the preceding paragraph may provide that some of these rights may, after his death, cease to be maintained. (3) The means of redress for safeguarding the rights granted by this Article shall be governed by the legislation of the country where protection is claimed. Article 7
[Term of Protection : 1. Generally; 2. For cinematographic works; 3. For anonymous and pseudonymous works; 4. For photographic works and works of applied art; 5. Starting date of computation; 6. Longer terms; 7. Shorter terms; 8. Applicable law; "comparison" of terms]
(1) The term of protection granted by this Convention shall be the life of the author and fifty years after his death. (2) However, in the case of cinematographic works, the countries of the Union may provide that the term of protection shall expire fifty years after the work has been made available to the public with the consent of the author, or, failing such an event within fifty years from the making of such a work, fifty years after the making. (3) In the case of anonymous or pseudonymous works, the term of protection granted by this Convention shall expire fifty years after the work has been lawfully made available to the public. However, when the pseudonym adopted by the author leaves no doubt as to his identity, the term of protection shall be that provided in paragraph (1). If the author of an anonymous or pseudonymous work discloses his identity during the above-mentioned period, the term of protection applicable shall be that provided in paragraph (1). The countries of the Union shall not be required to protect anonymous or pseudonymous works in respect of which it is reasonable to presume that their author has been dead for fifty years. (4) It shall be a matter for legislation in the countries of the Union to determine the term of protection of photographic works and that of works of applied art in so far as they are protected as artistic works; however, this term shall last at least until the end of a period of twenty-five years from the making of such a work. (5) The term of protection subsequent to the death of the author and the terms provided by paragraphs (2), (3) and (4) shall run from the date of death or of the event referred to in those paragraphs, but such terms shall always be deemed to begin on the first of January of the year following the death or such event. (6) The countries of the Union may grant a term of protection in excess of those provided by the preceding paragraphs. (7) Those countries of the Union bound by the Rome Act of this Convention which grant, in their national legislation in force at the time of signature of the present Act, shorter terms of protection than those provided for in the preceding paragraphs shall have the right to maintain such terms when ratifying or acceding to the present Act. (8) In any case, the term shall be governed by the legislation of the country where protection is claimed; however, unless the legislation of that country otherwise provides, the term shall not exceed the term fixed in the country of origin of the work. Article 7 bis
[Term of Protection for Works of Joint Authorship]
The provisions of the preceding Article shall also apply in the case of a work of joint authorship, provided that the terms measured from the death of the author shall be calculated from the death of the last surviving author.
Article 8
[Right of Translation]
Authors of literary and artistic works protected by this convention shall enjoy the exclusive right of making and of authorizing the translation of their works throughout the term of protection of their rights in the original works.
Article 9
[Right of Reproduction : 1. Generally; 2. Possible exceptions; 3. Sound and visual recordings]
(1) Authors of literary and artistic works protected by this Convention shall have the exclusive right of authorizing the reproduction of these works, in any manner or form. (2) It shall be a matter for legislation in the countries of the Union to permit the reproduction of such works in certain special cases, provided that such reproduction does not conflict with a normal exploitation of the work and does not unreasonably prejudice the legitimate interests of the author. (3) Any sound or visual recording shall be considered as a reproduction for the purposes of the Convention. Article 10
[Certain Free Uses of Works : 1. Quotations; 2. Illustrations for teaching; 3. Indication of source and author]
(1) It shall be permissible to make quotations from a work which has already been lawfully made available to the public, provided that their making is compatible with fair practice, and their extent does not exceed that justified by the purpose, including quotations from newspaper articles and periodicals in the form of press summaries.
(2) It shall be a matter for legislation in the countries of the Union, and for special agreements existing or to be concluded between them, to permit the utilization, to the extent justified by the purpose, of literary or artistic works by way of illustration in publications, broadcasts or sound or visual recordings for teaching, provided such utilization is compatible with fair practice. (3) Where use is made of works in accordance with the preceding paragraphs of this Article, mention shall be made of the source, and of the name of the author if it appears thereon. Article 10 bis
[Further Possible Free Uses of Works : 1. Of certain articles and broadcast works; 2. Of works seen or heard in connection with current events]
(1) It shall be a matter for legislation in the countries of the Union to permit the reproduction by the press, the broadcasting or the communication to the public by wire of articles published in newspapers or periodicals on current economic, political or religious topics, and of broadcast works of the same character, in cases in which the reproduction, broadcasting or such communication thereof is not expressly reserved. Nevertheless, the source must always be clearly indicated; the legal consequences of a breach of obligation shall be determined by the legislation of the country where protection is claimed. (2) It shall also be a matter for legislation in the countries of the Union to determine the conditions under which, for the purpose of reporting current events by means of photography, cinematography, broadcasting or communication to the public by wire, literary or artistic works seen or head in the course of the event may, to the extent justified by the informatory purpose, be reproduced and made available to the public. Article 11 :
[Certain Rights in Dramatic and Musical Works : 1. Right of public performance and of communication to the public of a performance; 2. In respect of translations]
(1) Authors of dramatic, dramatico-musical and musical works shall enjoy the exclusive right of authorizing : (i) the public performance of their works, including such public performance by any means or process; (ii) any communication to the public of the performance of their works. (2) Authors of dramatic or dramatico-musical works shall enjoy, during the full term of their rights in the original works, the same rights with respect to translations thereof. Article 11 bis
[Broadcasting and Related Rights : 1. Broadcasting and other wireless communications, public communication of broadcast by wire or rebroadcast, public communication of broadcast by loudspeaker or analogous instruments; 2. Compulsory licenses; 3. Recording; ephemeral recordings]
(1) Authors of literary and artistic works shall enjoy the exclusive right of authorizing : (i) the broadcasting of their works or the communication thereof to the public by any other means of wireless diffusion of signs, sounds or images; (ii) any communication to the public by wire or by rebroadcasting of the broadcast of the work, when this communication is made by an organization other than the original one; (iii) the public communication by loudspeaker or any other analogous instrument transmitting, by signs, sounds or images, the broadcast of the work. (2) It shall be a matter for legislation in the countries of the Union to determine the conditions under which the rights mentioned in the preceding paragraph may be exercised, but these conditions shall apply only in the countries where they have been prescribed. They shall not in any circumstances be prejudicial to the moral rights of the author, nor to his right to obtain equitable remuneration which, in the absence of agreement, shall be fixed by competent authority. (3) In the absence of any contrary stipulation, permission granted in accordance with paragraph(1) of this Article shall not imply permission to record, by means of instruments recording sounds or images, the work broadcast. It shall, however, be a matter for legislation in the countries of the Union to determine the regulations for ephemeral recordings made by a broadcasting organization by means of its own facilities and used for its own broadcasts. The preservation of these recordings in official archives may, on the ground of their exceptional documentary character, be authorized by such legislation. Article 11 ter
[Certain Rights inLiterary Works : 1. Right of public recitation and of communication to the public of a recitation; 2. In respect of translations]
(1) Authors of literary works shall enjoy the exclusive right of authorizing : (i) the public recitation of their works, including such public recitation by any means or process; (ii) any communication to the public of the recitation of their works. (2) Authors of literary works shall enjoy, during the full term of their rights in the original works, the same rights with respect to translations thereof. Article 12
[Right of Adaptation, Arrangement and Other Alteration]
Authors of literary or artistic works shall enjoy the exclusive right of authorizing adaptations, arrangements and other alterations of their works.
Article 13
[Possible Limitation of the Right of Recording of Musical Works and Any Words Pertaining Thereto : 1. Compulsory licenses; 2. Transitory measures; 3. Seizure on importation of copies made without the author's permission]
(1) Each country of the Union may impose for itself reservations and conditions on the exclusive right granted to the author of a musical work and to the author of any words, the recording of which together with the musical work has already been authorized by the letter, to authorize the sound recording of that musical work, together with such words, if any; but all such reservations and conditions shall apply only in the countries which have imposed them and shall not, in any circumstances, be prejudicial to the rights of these authors to obtain equitable remuneration which, in the absence of agreement, shall be fixed by competent authority. (2) Recordings of musical works made in a country of the Union in accordance with Article 13 (3) of the Conventions signed at Rome on June 2, 1928, and at Brussels on June 26, 1948, may be reproduced in that country without the permission of the author of the musical work until a date two years after that country becomes bound by this Act. (3) Recordings made in accordance with paragraphs (1) and (2) of this Article and imported without permission from the parties concerned into a country where they are treated as infringing recordings shall be liable to seizure. Article 14
distribution; public performance and public communication by wire of works thus adapted or reproduced; 2. Adaptation of cinematographic productions; 3. No compulsory licenses]
(1) Authors of literary or artistic works shall have the exclusive right of authorizing : (i) the cinematographic adaptation and reproduction of these works, and the distribution of the works thus adapted or reproduced; (ii) the public performance and communication to the public by wire of the works thus adapted or reproduced. (2) The adaptation into any other artistic form of a cinematographic production derived from literary or artistic works shall, without prejudice to the authorization of the author of the cinematographic production, remain subject to the authorization of the authors of the original works. (3) The provisions of Article 13(1) shall not apply. Article 14bis
[Special provisions Concerning Cinematographic Works: 1. Assimilation to "original" works; 1. Ownership; limitation of certain rights of certain contributors; 3. Certain other contributors]
(1) Without prejudice to the copyright in any work which may have been adapted or reproduced, a cinematographic work shall be protected as an original work. The owner of copyright in a cinematographic work shall enjoy the same rights as the author of an original work, including the rights referred to in the preceding Article. (2) (a) Ownership of copyright in a cinematographic work shall be a matter for legislation in the country where protection is claimed. (b) However, in the countries of the Union which, by legislation, include among the owners of copyright in a cinematographic work authors who have brought contributions to the making of the work, such authors, if they have undertaken to bring such contributions, may not, in the absence of any contrary or special stipulation, object to the reproduction, distribution, public performance, communication to the public by wire, broadcasting or any other communication to the public, or to the subtitling or dubbing of texts, of the work. (c) The question whether or not the form of the undertaking referred to above should, for the application of the preceding subparagraph (b), be in a written agreement or a written act of the same effect shall be a matter for the legislation of the country where the maker of the cinematographic work has his headquarters or habitual residence. However, it shall be a matter for the legislation of the country of the Union where protection is claimed to provide that the said undertaking shall be in a written agreement or a written act of the same effect. The countries whose legislation so provides shall notify the Director General by means of a written declaration, which will be immediately communicated by him to all the other countries of the Union. (d) By "contrary or special stipulation" is meant any restrictive condition which is relevant to the aforesaid undertaking. (3) Unless the national legislation provides to the contrary, the provisions of paragraph (2) (b) above shall not be applicable to authors of scenarios, dialogues and musical works created for the making of the cinematographic work, or to the principal director thereof. However, those countries of the Union whose legislation does not contain rules providing for the application of the said paragraph (2) (b) to such director shall notify the Director General by means of a written declaration, which will be immediately communicated by him to all the other countries of the Union. Article 14ter
["Droit de suite" in Works of Art and Manuscripts : 1. Right to an interest in resales; 2. Applicable law; 3. Procedure]
(1) The author, or after his death the persons or institutions authorized by national legislation, shall, with respect to original works of art and original manuscripts of writers and composers, enjoy the inalienable right to an interest in any sale of the work subsequent to the first transfer by the author of the work. (2) The protection provided by the preceding paragraph may be claimed in a country of the Union only if legislation in the country to which the author belongs so permits, and to the extent permitted by the country where this protection is claimed. (3) The procedure for collection and the amounts shall be matters for determination by national legislation. Article 15
[Right to Enforce Protected Rights : 1. Where author's name is indicated or where pseudonym leaves no doubt as to author's identity; 2. In the case of cinematographic works; 3. In the case of anonymous and pseudonymous works; 4. In the case of certain unpublished works of unknown authorship]
(1) In order that the author of a literary or artistic work protected by this Convention shall, in the absence of proof to the contrary, be regarded as such, and consequently be entitled to institute infringement proceedings in the countries of the Union, it shall be sufficient for his name to appear on the work in the usual manner. This paragraph shall be applicable even if this name is a pseudonym, where the pseudonym adopted by the author leaves no doubt as to his identity. (2) The person or body corporate whose name appears on a cinematographic work in the usual manner shall, in the absence of proof to the contrary, be presumed to be the maker of the said work. (3) In the case of anonymous and pseudonymous works, other than those referred to in paragraph(1) above, the publisher whose name appears on the work shall, in the absence of proof to the contrary, be deemed to represent the author, and in this capacity he shall be entitled to protect and enforce the author's rights. The provisions of this paragraph shall cease to apply when the author reveals his identity and establishes his claim to authorship of the work. (a) In the case of unpublished works where the identity of the author is unknown, but where there is every ground to presume that he is a national of a country of the Union, it shall be a matter for legislation in that country to designate the competent authority which shall represent the author and shall be entitled to protect and enforce his rights in the countries of the Union. (b) Countries of the Union which make such designation under the terms of this provision shall notify the Director General by means of a written declaration giving full information concerning the authority thus designated. The Director General shall at once communicate this declaration to all other countries of the Union. Article 16
(Infringing Copies : 1. Seizure; 2. Seizure on importation; 3. Applicable law)
(1) Infringing copies of a work shall be liable to seizure in any country of the Union where the work enjoys legal protection. (2) The provisions of the preceding paragraph shall also apply to reproductions coming from a country where the work is not protected, or has ceased to be protected. (3) The seizure shall take place in accordance with the legislation of each country. Article 17
(Possibility of Control of Circulation, Presentation and Exhibition of Works)
The provisions of this Convention cannot in any way affect the right of the Government of each country of the Union to permit, to control, or to prohibit, by legislation or regulation, the circulation, presentation, or exhibition of any work or production in regard to which the competent authority may find it necessary to exercise that right.
Article 18
(Works Existing on Convention's Entry Into Force : 1. Protectable where protection not yet expired in country of origin; 2. Non-protectable where protection already expired in country where it is claimed; 3. Application of these principles; 4. Special cases)
(1) This Convention shall apply to all works which, at the moment of its coming into force, have not yet fallen into the public domain in the country of origin throgh the expiry of the term of protection. (2) If, however, through the expiry of the term of protection which was previously granted, a work has fallen into the public domain of the country where protection is claimed, that work shall not be protected anew. (3) The application of this principle shall be subject to any provisions contained in special conventions to that effect existing or to be concluded between countries of the Union. In the absence of such provisions, the respective countries shall determine, each in so far as it is concerned, the conditions of application of this principle. (4) The preceding provisions shall also apply in the case of new accessions to the Union and to cases in which protection is extended by the application of Article 7 or by the abandonment of reservations. Article 19
[Protection Greater than Resulting from Convenion]
The provisions of this Convention shall not preclude the making of a claim to the benefit of any greater protection which may be granted by legislation in a country of the Union.
Article 20
[Special Agreements Among Countries of the Union]
The Governments of the countries of the Union reserve the right to enter into special agreements among themselves, in so far as such agreements grant to authors more extensive rights than those granted by the Convention, or contain other provisions not contrary to this Convention. The provisions of existing agreements which satisfy these conditions shall remain applicable.
Article 21
[Special Provisions Regarding Developing Countries : 1. Reference to Appendix; 2. Appendix part of Act]
(1) Special provisions regarding developing countries are included in the Appendix. (2) Subject to the provisions of Article 28(1) (b), the Appendix forms an integral part of this Act. Article 22
[Assembly : 1. Constitution and composition; 2. Tasks; 3. Quorum, voting, observers; 4. Convocation; 5. Rules of procedure]
(1) (a) The Union shall have an Assembly consisting of those countries of the union which are bound by Articles 22 to 26. (b) The Government of each country shall be represented by one delegate, who may be assisted by alternate delegates, advisors, and experts. (c) The expenses of each delegation shall be borne by the Government which has appointed it. (2) (a) The Assembly shall : (i) deal with all matters concerning the maintenance and development of the Union and the implementation of this Convention; (ii) give directions concerning the preparation for conferences of revision to the International Bureau of Intellectual Property (hereinafter designated as "the International Bureau") referred to in the Convention Establishing the World Intellectual Property Organization (hereinafter designated as "the Organization"), due account being taken of any comments made by those countries of the Union which are not bound by Articles 22 to 26; (iii) review and approve the reports and activities of the Director General of the Organization concerning the Union, and give him all necessary instructions concerning matters within the competence of the Union; (iv) elect the members of the Executive Committee of the Assembly; (v) review and approve the reports and activities of its Executive Committee, and give instructions to such Committee; (vi) determine the program and adopt the biennial budget of the Union, and approve its final accounts; (vii) adopt the financial regulations of the Union; (viii) establish such committees of experts and working groups as may be necessary for the work of the Union; (ix) determine which countries not members of the Union and which intergovernmental and international non-governmental organizations shall be admitted to its meetings as observers; (x) adopt amendments to Articles 22 to 26; (xi) take any other appropriate action designed to further the objectives of the Union; (xii) exercise such other funcations as are appropriate under this Convention; (xiii) subject to its acceptance, exercise such rights as are given to it in the Convention establishing the Organization. (3) (b) With respect to matters which are of interest also to other Unions administered by the Organization, the Assembly shall make its decisions after having heard the advice of the coordination Committee of the Organization. (3) (a) Each country member of the Assembly shall have one vote. (b) One-half of the countries members of the Assembly shall constitute a quorum. (c) Notwithstanding the provisions of subparagraph (b), if, in any session, the number of countries represented is less than one-half but equal to or more than one-third of the countries members of the Assembly, the Assembly may make decisions but, with the exception of decisions concerning its own procedure, all such decisions shall take effect only if the following conditions are fulfilled. The International Bureau shall communicate the said decisions to the countries members of the Assembly which were not represented and shall invite them to express in writing their vote or abstention within a period of three months from the date of the communication. If, at the expiration of this period, the number of countries having thus expressed their vote or abstention attains the number of countries which was lacking for attaining the quorum in the session itself, such decisions shall take effect provided that at the same time the required majority still obtains. (d) Subject to the provisions of Article 26(2), the decisions of the Assembly shall require two-thirds of the votes cast. (e) Abstentions shall not be considered as votes. (f) A delegate may represent, and vote in the name of, one country only. (g) Countries of the Union not members of the Assembly shall be admitted to its meetings as observers. (4) (a) The Assembly shall meet once in every second calendar year in ordinary session upon convocation by the Director General and, in the absence of exceptional circumstances, during the same period and at the same place as the General Assembly of the Organization. (b) (b) The Assembly shall meet in extraordinary session upon convocation by the Director General, at the request of the Executive Committee or at the request of one-fourth of the countries members of the Assembly. (5) The Assembly shall adopt its own rules of procedure. Article 23
[Executive Committee : 1. Constitution; 2. Composition; 3. Number of members; 4. Geographical distribution; special agreements; 5. Term, limits of re-eligibility, rules of election; 6. Tasks; 7. Convocation; 8. Quorom, voting; 9. Observers; 10. Rules of Procedures.)
(1) The Assembly shall have an Executive Committee. (2) (a) The Executive Committee shall consist of countries elected by the Assembly from among countries members of the Assembly. Furthermore, the country on whose territory the Organization has its headquarters shall, subject to the provisions of Article 25(7) (b), have an ex officio seat on the Committee. (b) The Government of each country member of the Executive Committee shall be represented by one delegate, who may be assisted by alternate delegates, advisors, and experts. (c) The expenses of each delegation shall be borne by the Government which has appointed it. (3) The number of countries members of the Executive Committee shall correspond to one-fourth of the number of countries members of the Assembly. In establishing the number of seats to be filled, remainders after division by four shall be disregarded. (4) In electing the members of the Executive Committee, the Assembly shall have due regard to an equitable geographical distribution and to the need for countries party to the Special Agreements which might be established in relation with the Union to be among the countries constituting the Executive Committee. (5) (a) Each member of the Executive Committee shall serve from the close of the session of the Assembly which elected it to the close of the next ordinary session of the Assembly. (b) Members of the Executive Committee may be reelected, but not more than two-thirds of them. (c) The Assembly shall establish the details of the rules governing the election and possible reelection of the members of the Executive Committee. (6) (a) The Executive Committee shall: (i) prepare the draft agenda of the Assembly; (ii) submit proposals to the Assembly respecting the draft program and biennial budget of the Union prepared by the Director General; (iii) [deleted] (iv) submit, with appropriate comments, to the Assembly the periodical reports of the Director General and the yearly audit reports on the accounts; (v) in accordance with the decisions of the Assembly and having regard to circumstances arising between two ordinary sessions of the Assembly, take all necessary measures to ensure the execution of the program of the Union by the Director General; (vi) perform such other functions as are allocated to it under this Convention. (b) With respect to matters which are of interest also to other Unions administered by the Organization, the Executive Committee shall make its decisions after having heard the advice of the Coordination Committee of the Organization. (7) (a) The Executive Committee shall meet once a year in ordinary session upon convocation by the Director General, preferably during the same period and at the same place as the Coordination Committee of the Organization. (b) The Executive Committee shall meet in extraordinary session upon convocation by the Director General, either on his own initiative, or at the request of its Chairman or one-fourth of its members. (8) (a) Each country member of the Executive Committee shall have one vote. (b) One-half of the members of the Executive Committee shall constitute a quorum. (c) Decisions shall be made by a simple majority of the votes cast. (d) Abstentions shall not be considered as votes. (e) A delegate may represent, and vote in the name of, one country only. (9) Countries of the Union not members of the Executive Committee shall be admitted to its meetings as observers. (10) The Executive Committee shall adopt its own rules of procedure. Article 24
[International Bureau : 1. Tasks in general, Director General; 2. General information; 3. Periodical; 4. Information to countries; 5. Studies and services; 6. Participation in meetings; 7. Conferences of revision; 8. Other tasks]
(1) (a) The administrative tasks with respect to the Union shall be performed by the International Bureau, which is a continuation of the Bureau of the Union united with the Bureau of the Union established by the International Convention for the Protection of Industrial Property. (b) In particular, the International Bureau shall provide the secretariat of the various organs of the Union. (c) The Director General of the Organization shall be the chief executive of the Union and shall represent the Union. (2) The International Bureau shall assemble and publish information concerning the protection of copyright. Each country of the Union shall promptly communicate to the International Bureau all new laws and official texts concerning the protection of copyright. (3) The International Bureau shall publish a monthly periodical. (4) The International Bureau shall, on request, furnish information to any country of the Union on matters concerning the protection of copyright. (5) The International Bureau shall conduct studies, and shall provide services, designed to facilitate the protection of copyright. (6) The Director General and any staff member designated by him shall participate, without the right to vote, in all meetings of the Assembly, the Executive Committee and any other committee of experts or working group. The Director General, or a staff member designated by him, shall be ex officio secretary of these bodies. (7) (a) The International Bureau shall, in accordance with the directions of the Assembly and in cooperation with the Executive Committee, make the preparations for the conferences of revision of the provisions of the Convention other than Articles 22 to 26. (b) The International Bureau may consult with intergovernmental and international non-governmental organizations concerning preparations for conferences of revision. (c) The Director General and persons designated by him shall take part, without the right to vote, in the discussions at these conferences. (8) The International Bureau shall carry out any other tasks assigned to it. Article 25
Finances : 1. Budget; 2. Coordination with other Unions; 3. Resources; 4. Contributions; possible extension of previous budget; 5. Fees and charges; 6. Working capital fund; 7. Advances by host Government; 8. Auditing of accounts]
(1) (a) The Union shall have a budget. (b) The budget of the Union shall include the income and expenses proper to the Union, its contribution to the budget of expenses common to the Unions, and, where applicable, the sum made available to the budget of the Conference of the Organization. (c) Expenses not attributable exclusively to the Union but also to one or more other Unions administered by the Organization shall be considered as expenses common to the Unions. The share of the Union in such common expenses shall be in proportion to the interest the Union has in them. (2) The budget of the Union shall be established with due regard to the requirements of coordination with the budgets of the other Unions administered by the Organization. (3) The budget of the Union shall be financed from the following sources : (i) contributions of the countries of the Union; (ii) fees and charges due for services performed by the International Bureau in relation to the Union; (iii) sale of, or royalties on, the publications of the International Bureau concerning the Union; (iv) gifts, bequests, and subventions; (v) (v) rents, interests, and other miscellaneous income. (4) (a) For the purpose of establishing its contribution towards the budget, each country of the Union shall belong to a class, and shall pay its annual contributions on the basis of a number of units fixed as follows : Class I
Class II
Class III
Class IV
Class V
Class VI
Class VII
.......25
.......20
.......15
.......10
.......5
.......3
.......1
(b) Unless it has already done so, each country shall indicate, concurrently with depositing its instrument of ratification or accession, the class to which it wishes to belong. Any country may change class. If it chooses a lower class, the country must announce it to the Assembly at one of its ordinary sessions. Any such change shall take effect at the beginning of the calendar year following the session. (c) The annual contribution of each country shall be an amount in the same proportion to the total sum to be contributed to the annual budget of the Union by all countries as the number of its units is to the total of the units of all contributing countries. (d) Contributions shall become due on the first of January of each year. (e) A country which is in arrears in the payment of its contributions shall have no vote in any of the organs of the Union of which it is a member if the amount of its arrears equals or exceeds the amount of the contributions due from it for the preceding two full years. However, any organ of the Union may allow such a country to continue to exercise its vote in that organ if, and as long as, it is satisfied that the delay in payment is due to exceptional and unavoidable circumstances. (f) If the budget is not adopted before the beginning of a new financial period, it shall be at the same level as the budget of the previous year, in accordance with the financial regulations. (5) The amount of the fees and charges due for services rendered by the International Bureau in relation to the Union shall be established, and shall be reported to the Assembly and the Executive Committee, by the Director General. (6) (a) The Union shall have a working capital fund which shall be constituted by a single payment made by each country of the Union. If the fund becomes insufficient, an increase shall be decided by the Assembly. (b) The amount of the initial payment of each country to the said fund or of its participation in the increase thereof shall be a proportion of the contribution of that country for the year in which the fund is established or the increase decided. (c) The proportion and the terms of payment shall be fixed by the Assembly on the proposal of the Director General and after it has heard the advice of the Coordination Committee of the Organization. (7) (a) In the headquarters agreement concluded with the country on the territory of which the Organization has its headquarters, it shall be provided that, whenever the working capital fund is insufficient, such country shall grant advances. The amount of these advances and the conditions on which they are granted shall be the subject of separate agreements, in each case, between such country and the Organization. As long as it remains under the obligation to grant advances, such country shall have an ex officio seat on the Executive Committee. (b) The country referred to in subparagraph (a) and the Organization shall each have the right to denounce the obligation to grant advances, by written notification. Denunciation shall take effect three years after the end of the year in which it has been notified. (8) The auditing of the accounts shall be effected by one or more of the countries of the Union or by external auditors, as provided in the financial regulations. They shall be designated, with their agreement, by the Assembly. Article 26
[Amendments : 1. Provisions susceptible of amendment by the Assembly; proposals; 2. Adoption; 3. Entry into force]
(1) Proposals for the amendment of Articles 22, 23, 24, 25 and the present Article, may be initiated by any country member of the Assembly, by the Executive Committee, or by the Director General. Such proposals shall be communicated by the Director General to the member countries of the Assembly at least six months in advance of their consideration by the Assembly. (2) Amendments to the Articles referred to in paragraph (1) shall be adopted by the Assembly. Adopted shall require three-fourths of the votes cast, provided that any amendment of Article 22, and of the present paragraph, shall require four-fifths of the votes cast. (3) Any amendment to the Articles referred to in paragraph (1) shall enter into force one month after written notifications of acceptance, effected in accordance with their respective constitutional processes, have been received by the Director General from three-fourths of the countries members of the Assembly at the time it adopted the amendment. Any amendment to the said Articles thus accepted shall bind all the countries which are members of the Assembly at the time the amendment enters into force, or which become members thereof at a subsequent date, provided that any amendment increasing the financial obligations of countries of the Union shall bind only those countries which have notified their acceptance of such amendment. Article 27
[Revision : 1. Objective, 2. Conferences; 3. Adoption]
(1) This Convention shall be submitted to revision with a view to the introduction of amendments designed to improve the system of the Union. (2) For this purpose, conferences shall be held successively in one of the countries of the Union among the delegates of the said countries. (3) Subject to the provisions of Article 26 which apply to the amendment of Articles 22 to 26, any revision of this Act, including the Appendix, shall require the unanimity of the votes cast. Article 28
[Acceptance and Entry Into Force of Act for Countries of the Union : 1. Ratification, accession; possibility of excluding certain provisions; withdrawal of exclusion; 2. Entry into force of Articles 1 to 21 and Appendix; 3. Entry into force of Articles 22 to 38]
(1) (a) Any country of the Union which has signed this Act may ratify it, and, if it has not signed it, may accede to it. Instruments of ratification of accession shall be deposited with the Director General. (b) Any country of the Union may declare in its instrument of ratification or accession that its ratification or accession shall not apply to Articles 1 to 21 and the Appendix, provided that, if such country has previously made a declaration under Article VI (1) of the Appendix, then it may declare in the said instrument only that its ratification or accession shall not apply to Articles 1 to 20. (c) Any country of the Union which, in accordance with subparagraph (b), has excluded provisions therein referred to from the effects of its ratification or accession may at any later time declare that it extends the effects of its ratification or accession to those provisions. Such declaration shall be deposited with the Director General. (2) (a) Articles 1 to 21 and the Appendix shall enter into force three months after both of the following two conditions are fulfilled : (i) at least five countries of the Union have ratified or acceded to this Act without making a declaration under paragraph (1) (b), (ii) France, Spain, the United Kingdom of Great Britain and Northern Ireland, and the United States of America, have become bound by the Universal Copyright Convention as revised at Paris on July 24, 1971. (b) The entry into force referred to in subparagraph (a) shall apply to those countries of the Union which, at least three months before the said entry into force, have deposited instruments of ratification or accession not containing a declaration under paragraph (1) (b). (c) With respect to any country of the Union not covered by subparagraph (b) and which ratifies or accedes to this Act without making a declaration under paragraph (1) (b), Articles 1 to 21 and the Appendix shall enter into force three months after the date on which the Director General has notified the deposit of the relevant instrument of ratification or accession, unless a subsequent date has been indicated in the instrument deposited. In the latter case, Articles 1 to 21 and the Appendix shall enter into force with respect to that country on the date thus indicated. (d) The provisions of subparagraphs (a) to (c) do not affect the application of Article VI of the Appendix. (3) With respect to any country of the Union which ratifies or accedes to this Act with or without a declaration made under paragraph (1) (b), Articles 22 to 38 shall enter into force three months after the date on which the Director General has notified the deposit of the relevant instrument of ratification or accession, unless a subsequent date has been indicated in the instrument deposited. In the latter case, Articles 22 to 38 shall enter into force with respect to that country on the date thus indicated. Article 29
[Acceptance and Entry Into Force for Countries Outside the Union 1. Accession; 2. Entry into force]
(1) Any country outside the Union may accede to this Act and thereby become party to this Convention and a member of the Union. Instruments of accession shall be deposited with the Director General. (2) (a) Subject to subparagraph (b), this Convention shall enter into force with respect to any country outside the Union three months after the date on which the Director General has notified the deposit of its instrument of accession, unless a subsequent date has been indicated in the instrument deposited. In the latter case, this Convention shall enter into force with respect to that country on the date thus indicated. (b) If the entry into force according to subparagraph (a) precedes the entry into force of Articles 1 to 21 and the Appendix according to Article 28(2) (a), the said country shall, in the meantime, be bound, instead of by Articles 1 to 21 and the Appendix, by Articles 1 to 20 of the Brussels Act of this Convention. Article 29bis
[Effect of Acceptance of Act for the purposes of Article 14(2) of the WIPO Convention]
Ratification of or accession to this Act by any country not bound by Articles 22 to 38 of the Stockholm Act of this Convention shall, for the sole purposes of Article 14(2) of the Convention establishing the Organization, amount to ratification of or accession to the said Stockholm Act with the limitation set forth in Article 28 (1) (b) (i) thereof.
Article 30
[Reservations : 1. Limits of possibility of making reservations; 2. Earlier reservations; reservation as to the right of translation; withdrawal of reservation]
(1) Subject to the exceptions permitted by paragraph (2) of this Article, by Article 28 (1) (b), by Article 33(2), and by the Appendix, ratification or accession shall automatically entail acceptance of all the provisions and admission to all the advantages of this Convention. (2) (a) Any country of the Union ratifying or acceding to this Act may, subject to Article V(2) of the Appendix, retain the benefit of the reservations it has previously formulated on condition that it makes a declaration to that effect at the time of the deposit of its instrument of ratification or accession. (b) Any country outside the Union may declare, in acceding to this Convention and subject to Article V(2) of the Appendix, that it intends to substitute, temporarily at least, for Article 8 of this Act concerning the right of translation, the provisions of Article 5 of the Union Convention of 1886, as completed at Paris in 1896, on the clear understanding that the said provisions are applicable only to translations into a language in general use in the said country. Subject to Article 1(6) (b) of the Appendix, any country has the right to apply, in relation to the right of translation of works whose country of origin is a country availing itself of such a reservation, a protection which is equivalent to the protection granted by the latter country. (c) Any country may withdraw such reservations at any time by notification addressed to the Director General. Article 31
[Applicability to Certain Territories : 1. Declaration; 2. Withdrawal of declaration; 3. Effective date; 4. Acceptance of factual situations not implied]
(1) Any country may declare in its instrument of ratification or accession, or may inform the Director General by written notification at any time thereafter, that this Convention shall be applicable to all or part of those territories, designated in the declaration or notification, for the external relations of which it is responsible. (2) Any country which has made such a declaration or given such a notification may, at any time, notify the Director General that this Convention shall cease to be applicable to all or part of such territories. (3) (c) Any declaration made under paragraph (1) shall take effect on the same date as the ratification or accession in which it was included, and any notification given under that paragraph shall take effect three months after its notification by the Director General. (b) Any notification given under paragraph (2) shall take effect twelve months after its receipt by the Director General. (4) This Article shall in no way be understood as implying the recognition or tacit acceptance by a country of the Union of the factual situation concerning a territory to which this Convention is made applicable by another country of the Union by virtue of a declaration under paragraph (1).
Article 32
[Applicability of this Act and of Earlier Acts : 1. As between countries already members of the Union; 2. As between a country becoming a member of the Union and other countries members of the Union; 3. Applicability of the Appendix in Certain Relations]
(1) This Act shall, as regards relations between the countries of the Union, and to the extent that it applies, replace the Berne Convention of September 9, 1886, and the subsequent Acts of revision. The Acts previously in force shall continue to be applicable, in their entirety or to the extent that this Act does not replace them by virtue of the preceding sentence, in relations with countries of the Union which do not ratify or accede to this Act. (2) Countries outside the Union which become party to this Act shall, subject to paragraph (3), apply it with respect to any country of the Union not bound by this Act or which, although bound by this Act, has made a declaration pursuant to Article 28 (1) (b). Such countries recognize that the said country of the Union, in its relations with them : (i) may apply the provisions of the most recent Act by which it is bound, and (ii) subject to Article I(6) of the Appendix, has the right to adapt the protection to the level provided for by this Act. (3) Any country which has availed itself of any of the faculties provided for in the Appendix may apply the provisions of the Appendix relating to the faculty or faculties of which it has availed itself in its relations with any other country of the Union which is not bound by this Act, provided that the latter country has accepted the application of the said provisions. Article 33
[Disputes : 1. Jurisdiction of the International Court of Justice; 2. Reservation as to such jurisdiction; 3. Withdrawal of reservation]
(1) Any dispute between two or more countries of the Union concerning the interpretation or application of this Convention, not settled by negotiation, may, by any one of the countries concerned, be brought before the International Court of Justice by application in conformity with the Statute of the Court, unless the countries concerned agree on some other method of settlement. The country bringing the despute before the Court shall inform the International Bureau; the International Bureau shall bring the matter to the attention of the other countries of the Union. (2) Each country may, at the time it signs this Act or deposits its instrument of ratification or accession, declare that it does not consider itself bound by the provisions of paragraph (1). With regard to any dispute between such country and any other country of the Union, the provisions of paragraph (1) shall not apply. (3) Any country having made a declaration in accordance with the provisions of paragraph (2) may, at any time, withdraw its declaration by notification addressed to the Director General. Article 34
[Closing of Certain Earlier Provisions : 1. Of Earlier Acts; 2. Of the Protocol to the Stockholm Act]
(1) Subject to Article 29bis, no country may ratify or accede to earlier Acts of this Convention once Articles 1 to 21 and the Appendix have entered into force. (2) Once Articles 1 to 21 and the Appendix have entered into force, no country may make a declaration under Article 5 of the Protocol Regarding Developing Countries attached to the Stockholm Act. Article 35
[Duration of the Convention; Denunciation : 1. Unlimited duration; 2. Possibility of denunciation; 3. Effective date of denunciation; 4. Moratorium on denunciation]
(1) This Conventions shall remain in force without limitation as to time. (2) Any country may denounce this Act by notification addressed to the Direction General. Such denunciation shall constitute also denunciation of all earlier Acts and shall affect only the country making it, the Convention remaining in full force and effect as regards the other countries of the Union. (3) Denunciation shall take effect one year after the day on which the Director General has received the notification. (4) The right of denunciation provided by this Article shall not be exercised by any country before the expiration of five years from the date upon which it becomes a member of the Union. Article 36
[Application of the Convention : 1. Obligation to adopt the necessary measures; 2. Time from which obligation exists]
(1) Any country party to this Convention undertakes to adopt, in accordance with its constitution, the measures necessary to ensure the application of this Convention. (2) It is understood that, at the time a country becomes bound by this Convention, it will be in a position under its domestic law to give effect to the provisions of this Convention. Article 37
[Final Clauses : 1. Languages of the Act; 2. Signature; 3. Certified copies; 4. Registration; 5. Notifications]
(1) (a) This Act shall be signed in a single copy in the French and English languages and, subject to paragraph (2), shall be deposited with the Director General. (b) Official texts shall be established by the Director General, after consultation with the interested Governments, in the Arabic German, Italian, Portuguese and Spanish languages, and such other languages as the Assembly may designate. (c) In case of differences of opinion on the interpretation of the various texts, the French text shall prevail. (2) This Act Shall remain open for signature until January 31, 1972. Until that date, the copy referred to in paragraph (1) (a) shall be deposited with the Government of the French Republic. (3) The Director General shall certify and transmit two copies of the signed text of this Act to the Governments of all countries of the Union and, on request, to the Government of any other country. (4) The Director General shall register this Act with the Secretariat of the United Nations. (5) The Director General shall notify the Governments of all countries of the Union of signatures, deposits of instruments of ratification or accession and any declarations included in such instruments or made pursuant to Articles 28(1) (c), 30(2) (a) and (b), and 33(2), entry into force of any provisions of this Act, notifications of denunciation, and notifications pursuant to Articles 30 (2) (c), 31 (1) and (2), 33 (3) and 38 (1), as well as the Appendix. Article 38
[Transitory Provisions : 1. Exercise of the "five-year privilege"; 2. Bureau of the Union, Director of the Bureau; 3. Succession of Bureau of the Union]
(1) Countries of the Union which have not ratified or acceded to this Act and which are not bound by Articles 22 to 26 of the Stockholm Act of this Convention may, until April 26, 1975, exercise, if they so desire, the rights provided under the said Articles as if they were bound by them. Any country desiring to exercise such rights shall give written notification to this effect to the Director General; this notification shall be effective on the date date of its receipt. Such countries shall be deemed to be members of the Assembly until the said date. (2) As long as all the countries of the Union have not become Members of the Organization, the International Bureau of the Organization shall also function as the Bureau of the Union, and the Director General as the Director of the said Bureau. (3) Once all the countries of the Union have become Members of the Organization, the rights, obligations, and property, of the Bureau of the Union shall devolve on the International Bureau of the Organization. APPENDIX [Special Provisions Regarding Developing Countries]
Article I
[Faculties Open to Developing Countries : 1. Availability of certain faculties; declaration; 2. Duration of effect of declaration; 3. Cessation of developing country status; 4. Existing stocks of copies; 5. Declarations concerning certain territories; 6. Limits of reciprocity]
( 1 ) Any country regarded as a developing country in conformity with the established practice of the General Assembly of the United Nations which ratifies or accedes to this Act, of which this Appendix forms an integral part, and which, having regard to its economic situation and its social or cultural needs, does not consider itself immediately in a position to make provision for the protection of all the rights as provided for in this Act, may, by a notification deposited with the Director General at the time of depositing its instrument of ratification or accession or, subject to Article V(l) (c), at any time thereafter, declare that it will avail itself of the faculty provided for in Article II, or of the faculty provided for in Article III, or of both of those faculties. It may, instead of availing itself of the faculty provided for in Article II, make a declaration according to Article V (1) (a). ( 2 ) ( a ) Any declaration under paragraph (1) notified before the expiration of the period of ten years from the entry into force of Articles 1 to 21 and this Appendix according to Article 28 (2) shall be effective until the expiration of the said period. Any such declaration may be renewed in whole or in part for periods of ten years each by notification deposited with the Director General not more than fifteen months and not less than three months before the expiration of the ten year period then running. ( b ) Any declaration under paragraph (1) notified after the expiration of the period of ten years from the entry into force of Articles 1 to 21 and this Appendix according to Article 28 (2) shall be effective until the expiration of the ten-year period then running. Any such declaration may be renewed as provided for in the second sentence of subparagraph (a). ( 3 ) Any country of the Union which has ceased to be regarded as a developing country as referred to in paragraph (1) shall no longer be entitled to renew its declaration as provided in paragraph (2), and, whether or not it formally withdraws its declaration, such country shall be precluded from availing itself of the faculties referred to in paragraph (1) from the expiration of the ten-year period then running or from the expiration of a period of three years after it has ceased to be regarded as a developing country, whichever period expires later. ( 4 ) Where, at the time when the declaration made under paragraph (1) or (2) ceases to be effective, there are copies in stock which were made under a license granted by virtue of this Appendix, such copies may continue to be distributed until their stock is exhausted. ( 5 ) Any country which is bound by the provisions of this Act and which has deposited a declaration or a notification in accordance with Article 31 (1) with respect to the application of this Act to a particular territory, the situation of which can be regarded as analogous to that of the countries referred to in paragraph (1), may, in respect of such territory, make the declaration referred to in paragraph (1) and the notification of renewal referred to in paragraph (2). As long as such declaration or notification remains in effect, the provisions of this Appendix shall be applicable to the territory in respect of which it was made. ( 6 ) ( a ) The fact that a country avails itself of any of the faculties referred to in paragraph (1) does not permit another country to give less protection to works of which the country of origin is the former country than it is obliged to grant under Articles 1 to 20. ( b ) The right to apply reciprocal treatment provided for in Article 30 (2) (b), second sentence, shall not, until the date on which the period applicable under Article I(3) expires, be exercised in respect of works the country of origin of which is a country which has made a declaration according to Article V(l) (a). Article II
[Limitations on the Right of Translation : 1. Licenses grantable by competent authority; 2. to 4. Conditions allowing the grant of such licenses; 5. Purposes for which licenses may be granted; 6. Termination of licenses; 7. Works composed mainly of illustrations; 8. Works withdrawn from circulation; 9. Licenses for broadcasting organizations]
( 1 ) Any country which has declared that it will avail itself of the faculty provided for in this Article shall be entitled, so far as works published in printed or analogous forms of reproduction are concerned, to substitute for the exclusive right of translation provided for in Article 8 a system of non-exclusive and non-transferable licenses, granted by the competent authority under the following conditions and subject to Article IV. ( 2 ) ( a ) Subject to paragraph (3), if, after the expiration of a period of three years, or of any longer period determined by the national legislation of the said country, commecing on the date of the first publication of the work, a translation of such work has not been published in a language in general use in that country by the owner of the right of translation, or with his authorization, any national of such country may obtain a license to make a translation of the work in the said language and publish the translation in printed or analogous forms of reproduction. ( b ) A license under the conditions provided for in this Article may also be granted if all the editions of the translation published in the language concerned are out of print. ( 3 ) ( a ) In the case of translations into a language which is not in general use in one or more developed countries which are members of the Union, a period of one year shall be substituted for the period of three years referred to in paragraph (2) (a). (b) Any country referred to in paragraph (1) may, with the unanimous agreement of the developed countries which are members of the Union and in which the same language is in general use, substitute, in the case of translations into that language, for the period of three years referred to in paragraph (2) (a) a shorter period as determined by such agreement but not less than one year. However, the provisions of the foregoing sentence shall not apply where the language in question is English, French or Spanish. The Director General shall be notified of any such agreement by the Governments which have concluded it. ( 4 ) ( a ) No license obtainable after three years shall be granted under this Article until a further period of six months has elapsed, and no license obtainable after one year shall be granted under this Article until a further period of nine months has elapsed. ( i ) from the date on which the applicant complies with the requirements mentioned in Article IV (1), or ( ii ) where the identity or the address of the owner of the right of translation is unknown, from the date on which the applicant sends, as provided for in Article IV (2), copies of his application submitted to the authority competent to grant the license. ( b ) If, during the said period of six or nine months, a translation in the language in respect of which the application was made is published by the owner of the right of translation or with his authorization, no license under this Article shall be granted. ( 5 ) Any license under this Article shall be granted only for the purpose of teaching, scholarship or research. ( 6 ) If a translation of a work is published by the owner of the right of translation or with his authorization at a price reasonably related to that normally charged in the country for comparable works, any license granted under this Article shall terminate if such translation is in the same language and with substantially the same content as the translation published under the license. Any copies already made before the license terminates may continue to be distributed until their stock is exhausted. ( 7 ) For works which are composed mainly of illustrations, a license to make and publish a translation of the text and to reproduce and publish the illustrations may be granted only if the conditions of Article III are also fulfilled. ( 8 ) No license shall be granted under this Article when the author has withdrawn from circulation all copies of his work. ( 9 ) ( a ) A license to make a translation of a work which has been published in printed or analogous forms of reproduction may also be granted to any broadcasting organization having its headquarters in a country referred to in paragraph (1), upon an application made to the competent authority of that country by the said organization, provided that all of the following conditions are met : ( i ) the translation is made from a copy made and acquired in accordance with the laws of the said country; ( ii ) the translation is only for use in broadcasts intended exclusively for teaching or for the dissemination of the results of specialized technical or schientific research to experts in a particular profession; ( iii ) the translation is used exclusively for the purposes referred to in condition (ii) through broadcasts made lawfully and intended for recipients on the territory of the said country, including broadcasts made through the medium of sound or visual recordings lawfully and exclusively made for the purpose of such broadcasts; ( iv ) all uses made of the translation are without any commercial purpose. ( b ) Sound or visual recordings of a translation which was made by a broadcasting organization under a license granted by virtue of this paragraph may, for the purposes and subject to the conditions referred to in subparagraph (a) and with the agreement of that organization, also be used by any other broadcasting organization having its headquarters in the country whose competent authority granted the license in question. ( c ) Provided that all of the criteria and conditions set out in subparagraph (a) are met, a license may also be granted to a broadcasting organization to translate any text incorporated in an audio-visual fixation where such fixation was itself prepared and published for the sole purpose of being used in connection with systematic instructional activities. ( d ) Subject to subparagraphs (a) to (c), the provisions of the preceding paragraphs shall apply to the grant and exercise of any license granted under this paragraph. Article III
[Limitation on the Right of Reproduction : 1. Licenses grantable by competent authority; 2. to 5. Conditions allowing the grant of such licenses; 6. Termination of licenses. 7. Works to which this Article applies]
( 1 ) Any country which has declared that it will avail itself of the faculty provided for in this Article shall be entitled to substitute for the exclusive right of reproduction provided for in Article 9 a system of non-exclusive and non-transferable licenses, granted by the competent authority under the following conditions and subject to Article IV. ( 2 ) ( a ) If, in relation to a work to which this Article applies by virtue of paragraph (7), after the expiration of ( i ) the relevant period specified in paragraph (3), commencing on the date of first publication of a particular edition of the work, or ( ii ) any longer period determined by national legislation of the country referred to in paragraph (1), commencing on the same date,
copies of such edition have not been distributed in that country to the general public or in connection with systematic instructional activities, by the owner of the right of reproduction or with his authorization, at a price reasonably related to that normally charged in the country for comparable works, any national of such country may obtain a license to reproduce and publish such edition at that or a lower price for use in connection with systematic instructional activities.
( b ) A license to reproduce and publish an edition which has been distributed as described in subparagraph (a) may also be granted under the conditions provided for in this Article if, after the expiration of the applicable period, no authorized copies of that edition have been on sale for a period of six months in the country concerned to the general public or in connection with systematic instructional activities at a price reasonably related to that normally charged in the country for comparable works. ( 3 ) The period referred to in paragraph (2) (a) (i) shall be five years, except that. ( a ) for works of the natural and physical sciences, including mathematics, and of technology, the period shall be three years; ( b ) for works of fiction, poetry, drama and music, and for art books, the period shall be seven years. ( 4 ) ( a ) No license obtainable after three years shall be granted under this Article until a period of six months has elapsed. ( i ) from the date on which the applicant complies with the requirements mentioned in Article IV (1), or ( ii ) where the identity or the address of the owner of the right of reproduction is unknown, from the date on which the applicant sends, as provided for in Article IV (2), copies of his application submitted to the authority competent to grant the license. ( b ) Where licenses are obtainable after other periods and Article IV (2) is applicable, no license shall be granted until a period of three months has elapsed from the date of the dispatch of the copies of the application. ( c ) If, durig the period of six or three months referred to in subparagraphs (a) and (b), a distribution as described in paragraph (2) (a) has taken place, no license shall be granted under this Article. ( d ) No license shall be granted if the author has withdrawn from circulation all copies of the edition for the reproduction and publication of which the license has been applied for. ( 5 ) A license to reproduce and publish a translation of a work shall not be granted under this Article in the following cases : ( i ) where the translation was not published by the owner of the right of translation or with his authorization, or ( ii ) where the translation is not in a language in general use in the country in which the license is applied for. ( 6 ) If copies of an edition of a work are distributed in the country referred to in paragraph (1) to the general public or in connection with systematic instructional activities, by the owner of the right of reproduction or with his authorization, at a price reasonably related to that normally charged in the country for comparable works, any license granted under this Article shall terminate if such edition is in the same language and with substantially the same content as the edition which was published under the said license. Any copies already made before the license terminates may continue to be distributed until their stock is exhausted. ( 7 ) ( a ) Subject to subparagraph (b), the works to which this Article applies shall be limited to works published in printed or analogous forms of reproduction. ( b ) This Article shall also apply to the reproduction in audio-visual form of lawfully made audiovisual fixations including any protected works incorporated therein and to the translation of any incorporated text into a language in general use in the country in which the license is applied for, always provided that the audio-visual fixations in question were prepared and published for the sole purpose of being used in connection with systematic instrucstional activities. Article IV
[Provisions Common to Licenses Under Article II and III: 1 and 2. Procedure; 3. Indication of author and title of work; 4. Exportation of copies; 5. Notice; 6. Compensation]
( 1 ) A license under Article II or Article III may be granted only if the applicant, in accordance with the procedure of the country concerned, establishes either that he has requested, and has been denied, authorization by the owner of the right to make and publish the translation or to reproduce and publish the edition, as the case may be, or that, after due diligence on his part, he was unable to find the owner of the right. At the same time as making the request, the applicant shall inform any national or international information center referred to in paragraph (2). ( 2 ) If the owner of the right cannot be found, the applicant for a license shall send, by registered airmail, copies of his application, submitted to the authority competent to grant the license, to the publisher whose name appears on the work and to any national or international information center which may have been designated, in a notification to that effect deposited with the Director General, by the Government of the country in which the publisher is believed to have his principal place of business. ( 3 ) The name of the author shall be indicated on all copies of the translation or reproduction published under a license granted under Article II or Article III. The title of the work shall appear on all such copies. In the case of a translation, the original title of the work shall appear in any case on all the said copies. ( 4 ) ( a ) No license granted under Article II or Article III shall extend to the export of copies, and any such license shall be valid only for publication of the translation or of the reproduction, as the case may be, in the territory of the country in which it has been applied for. ( b ) For the purposes of subparagraph (a), the notion of export shall include the sending of copies from any territory to the country which, in respect of that territory, has made a declaration under Article I(5). ( c ) Where a governmental or other public entity of a country which has granted a license to make a translation under Article II into a language other than English, French or Spanish sends copies of a translation published under such license to another country, such sending of copies shall not, for the purposes of subparagraph (a), be considered to constitute export if all of the following conditions are met : ( i ) the recipients are individuals who are nationals of the country whose competent authority has granted the license, or organizations grouping such individuals; ( ii ) the copies are to be used only for the purpose of teaching, scholarship or research; ( iii ) the sending of the copies and their subsequent distribution to recipients is without any commercial purpose; and ( iv ) the country to which the copies have been sent has agreed with the country whose competent authority has granted the license to allow the receipt, or distribution, or both, and the Director General has been notified of the agreement by the Government of the country in which the license has been granted. ( v ) All copies published under a license granted by virtue of Article II or Article III shall bear a notice in the appropriate language stating that the copies are available for distribution only in the country or territory to which the said license applies. ( 6 ) ( a ) Due provision shall be made at the national level to ensure. ( i ) that the license provides, in favour of the owner of the right of translation or of reproduction, as the case may be, for just compensation that is consistent with standards of royalties normally operating on licenses freely negotiated between persons in the two countries concerned, and ( ii ) payment and transmittal of the compensation : should national currency regulations intervene, the competent authority shall make all efforts, by the use of international machinery, to ensure transmittal in internationally convertible currency or its equivalent. ( b ) Due provision shall be made by national legislation to ensure a correct translation of the work, or an accurate reproduction of the particular edition, as the case may be. Article V
[Alternative possibility for Limitation of the Right of Translation : 1. Regime provided for under the 1886 and 1896 Acts; 2. No possibility of change to regime under Article II; 3. Time limit for choosing the alternative possibility]
( 1 ) ( a ) Any country entitled to make a declaration that it will avail itself of the faculty provided for in Article II may, instead, at the time of ratifying or acceding to theis Act: ( i ) if it is a country to which Article 30 (2) (a) applies, make a declaration under that provision as far as the right of translation is concerned; ( ii ) if it is a country to which Article 30 (2) (a) does not apply, and even if it is not a country outside the Union, make a declaration as provided for in Article 30 (2) (b), first sentence. ( b ) In the case of a country which ceases to be regarded as a developing country as referred to in Article I(1), a declaration made according to this paragraph shall be effective until the date on which the period applicable under Article I(3) expires. ( c ) Any country which has made a declaration according to this paragraph may not subsequently avail itself of the faculty provided for in Article II even if it withdraws the said declaration. ( 2 ) Subject to paragraph (3), any country which has availed itself of the faculty provided for in Article II may not subsequently make a declaration according to paragraph (1). ( 3 ) Any country which has ceased to be regarded as a developing country as referred to in Article I(1) may, not later than two years prior to the expiration of the period applicable under Article I(3), make a declaration to the effect provided for in Article 30(2) (b), first sentence, not withstanding the fact that it is not a country outside the Union. Such declaration shall take effect at the date on which the period applicable under Article I(3) expires. Article VI
[Possibilities of applying, or admitting the application of, certain provisions of the Appendix before becoming bound by it : 1. Declaration; 2. Depository and effective date of declaration]
( 1 ) Any country of the Union may declare, as from the date of this Act, and at any time before becoming bound by Articles 1 to 21 and this Appendix : ( i ) if it is a country which, were it bound by Articles 1 to 21 and this Appendix, would be entitled to avail itself of the faculties referred to in Article I(1), that it will apply the provisions of Article II or of Article III or of both to works whose country of origin is a country which, pursuant to (ii) below, admits the application of those Articles to such works, or which is bound by Articles 1 to 21 and this Appendix; such declaration may, instead of referring to Article II, refer to Article V; ( ii ) that it admits the application of this Appendix to works of which it is the country of origin by countries which have made a declaration under (i) above or a notification under Article I. ( 2 ) Any declaration made under paragraph (1) shall be in writing and shall be deposited with the Director General. The declaration shall become effective from the date of its deposit. Penal Law on Dissemination and Disclosureof Classified Information and Documents
No.: M/35
Date: 8/5/1432H
With the help of Almighty God,
We, Abdullah ibn Abdulaziz Al Saud,
King of the Kingdom of Saudi Arabia,
Pursuant to Article 70 of the Basic Law of Governance, issued by Royal Order No. (A/90), dated 27/8/1412H;
And pursuant to Article 20 of the Law of the Council of Ministers, issued by Royal Order No. (A/13), dated 3/3/1414H;
And pursuant to Article 18 of the Shura Council Law, issued by Royal Order No. (A/91), dated 27/8/1412H;
And upon perusal of Shura Council Resolution No. (84/41), dated 29/7/1431H;
And upon perusal of Council of Ministers Resolution No. (141), dated 7/5/1432H;
Have decreed as follows:
First: The Penal Law on Dissemination and Disclosure of Classified Information and Documents as per the attached form shall be approved.
Second: His Highness, the Deputy Prime Minister, the Ministers, and heads of independent relevant agencies, each within their jurisdiction, shall implement this Decree of ours.
(Signed)
Abdullah ibn Abdulaziz
Article:1
a) Classified Documents shall mean all media types which contain classified information the disclosure of which prejudices the State's national security, interests, policies or rights, whether produced or received by its agencies. b) Classified Information shall mean information an employee obtains - or is privy to by virtue of office - the disclosure of which undermines the State's national security, interests, policies or rights. c) The Regulations of Classified Documents and Lists - issued by the National Center for Documents and Archives - shall, in coordination with relevant entities, determine the titles, level of classification and subject matter of said documents. Article 2
A public employee or the like - even after end of service - shall not disseminate or disclose classified information or documents which he obtains or is privy to by virtue of office, if such dissemination or disclosure remains restricted.
Article:3
In application of the provisions of this Law, the following shall be deemed a public employee:
- Any person employed by the Government or by any agency of a public corporate personality, whether permanently or temporarily.
- Any person assigned by a government entity or any other administrative authority to carry out a certain task.
- Any person employed by companies or sole proprietorships which manage, operate or maintain public facilities or provide public services, as well as those employed by companies to whose capital the State contributes.
- An arbiter or export designated by the government or by any other judicial authority.
- Chairmen and members of board of directors of companies provided for in paragraph (3) of this Article.
Article:4
A classified document may not be taken outside government entities, circulated by any means or kept in other than the designated places. Such documents may not be printed, reproduced or photocopied outside government entities, except in accordance with controls issued by the National Center for Documents and Archives.
Article:5
Without prejudice to any harsher punishment prescribed by law, the following acts shall be punished by imprisonment for a period not exceeding twenty years or a fine not exceeding one million riyals or by both:
- Disseminating or disclosing classified information or documents.
- Entering or attempting to enter a place without authorization, with the intent of obtaining classified information or documents.
- Obtaining classified information or documents by illicit means.
- Possessing or becoming privy - by virtue of office - to official classified information or documents, and disclosing, communicating or disseminating the same without a lawfully justified cause.
- Willfully destroying or misusing classified documents, knowing that such classified documents relate to the State's security or public interest, with the intent of undermining the State's military, political, diplomatic, economic or social status.
- Failing to maintain confidentiality of Information or Documents.
Article:6
Any person participating in any of the crimes stipulated in this Law shall be subject to the punishments provided for in Article (5), and any person who knowingly agrees to, instigates or assists in commitment of the crimes shall be deemed an accomplice if such crimes are committed on the basis of such agreement, instigation or assistance.
Article:7
When enforcing the punishment stipulated in Article (5) of this Law, proportionality between crime and punishment as well as extenuating or aggravating circumstances shall be taken into consideration. The following shall be deemed aggravating circumstances:
- If the crime is committed during wartime.
- If the crime is committed - in any form or manner and by any means - for the sake of a foreign state or any person working therefor, either directly or indirectly.
- If the classified information or document is important and of high level of confidentiality.
- If disclosure of classified information or documents results in substantial damage to the State.
- If the crime is committed with the intent to prejudice Stale's interest.
- If the crime is committed by a person holding a position of confidential nature.
- If the crime is committed by a person holding a high ranking position.
Article:8
The competent investigation authority shall investigate and prosecute crimes referred to in this law before the competent judicial authority.
Article:9
Government entities - including security agencies - shall notify the investigation authority if any of the crimes specified in this Law is committed, and shall also notify the government entity where the suspect is employed, in accordance with Article (3) of this Law.
Article:10
The competent court shall decide on crimes and impose punishments stipulated in this Law.
Article:11
The National Center for Documents and Archives shall issue the Implementing Regulations of this Law within ninety days from its entry into force.
Article:12
This Law shall enter into force ninety days from the date of publication in the Official Gazette.
281000000811
No: GDBC-281000000811-1428H This section is currently available only in Arabic, please click here to read the Arabic version.Emergency Evacuation for People with Disabilities
This circular is currently available only in Arabic, please click here to read the Arabic version.Security and Safety Guidelines
SECTION 1 REQUIREMENTS AND RESPONSIBILITIES
Synopsis
This section describes the general requirements of the Security and Safety Guidelines and the responsibilities of the banks and SAMA.
1. Introduction
Since the last guidelines were introduced in June 1995 (1/1416) a number of major changes have affected the security and safety responsibilities of the Saudi banks to its staff, assets and customers.
A major consideration is the recent increase of criminal activity against Saudi banks in the form of robbery, theft and fraud. Whilst the initial guidelines provided suitable standards and requirements at the time, it was therefore, assessed that these required a detailed review process followed by a revision of the minimum security and safety standards.
The recent criminal activities and the advances in security and safety equipments, systems and procedures has provided an opportunity to implement more effective measures that incorporate international, regional and local standards that would only benefit the Saudi banks.
2. Security and Safety Standards and Requirements
SAMA has issued the Security and Safety Guidelines that are designed to provide the minimum standards in the following areas:
Implementation of a Corporate Security and Safety Plan
Standards for the implementation of Electronic Security and Safety Systems
Standards for the implementation of Physical Security and Safety Systems
Standards for the Cash in Transit procedures and transportation service providers
Standards and Procedures for the Security Guards operating in the main buildings and branches
These documents have been prepared using international consultants and reviewed by SAMA and associated government agencies prior to their dissemination to the Saudi Banks.
3. Security and Safety Unit
Saudi banks are required to appoint a senior and capable individual as a Security and Safety Manager who will be responsible for the design, planning and implementation of the minimum standards contained within the SAMA Security and Safety Guidelines. The Security and Safety Manager is to be provided the necessary personnel and resources to fulfil these obligations and thereby safeguard the staff, assets, customers and business operations of the bank.
4. Implementation Plan
A detailed Implementation Plan is attached at Appendix 1 to this Circular. The banks are required, within 30 days of the implementation date, to provide a certificate to the agency from an external security consultant that these requirements and standards have been implemented.
5. Effective Date
With this Circular is attached the final version of the SAMA Security and Safety Guidelines which supersede the previous guidelines and all memorandums and circulars issued prior to this date. The effective date for the implementation of these requirements is (01st July 2009).
To ensure regulatory compliance of the implementation of the new requirements, SAMA and the Joint Security Committee will carry out site visits to the banks using appointed representatives. The failure by a bank to meet the requirements and standards could lead to penalties prescribed under the Banking Control Law.
SUMMARY OF RESPONSIBILITIES
SAMA:
To ensure the effective implementation of the Security and Safety Guidelines the following responsibilities are to be undertaken by SAMA:
The Guidelines are to be implemented in full by all banks before the 01st July 2009.
The Guidelines are to supersede the previous version and any associated amendments, circulars and memos.
All matters regarding the Security and Safety of the banks will be coordinated through SAMA. All correspondences, responses and requirements from external organisations, agencies and ministerial departments will be reviewed, assessed and forwarded as formal amendments to all banks.
Amendments and updates to the Guidelines will be provided by SAMA electronically and/or hardcopy as applicable.
Regular audits of the Guidelines will be carried out by SAMA or its nominated external consultants to ensure compliance and implementation by the banks.
Annual audits of the Guidelines will be conducted to ensure the accuracy and validity of its content. The audits will be conducted internally or by its nominated external consultants.
BANKS:
To ensure the effective implementation of the Security and Safety Guidelines the following responsibilities are to be undertaken by the Banks:
The Guidelines are to be implemented in full by all banks before the 01st July 2009.
The Guidelines have been prepared to provide the minimum security and safety standards for all banks. It is expected, where applicable, that all banks will exceed these requirements and adopt internal standards and specifications dependant upon their structure and organisational needs.
The sections within the Guidelines have been designed to work in unison with each other and a clear understanding of its entire content is required.
The appointment of identified and capable personnel is to be undertaken to ensure the implementation of the Guidelines and its compliance.
All sections within the Guidelines are to be adhered to in full and will include the implementation of any subsequent amendments sent by SAMA.
SECTION 2 CORPORATE SECURITY AND SAFETY PLAN
Synopsis
This section describes the minimum requirements for the establishment and implementation of the Corporate Security and Safety Plan.
1.0 INTRODUCTION
The purpose of the Corporate Security and Safety Plan (CSSP) is to provide a single document that incorporates all the procedures and processes to ensure the security and safety of the banks staff, assets and customers.
The CSSP is to include the overall security and safety policy of the bank and identify locations requiring dedicated plans and procedures for specific facilities.
The CSSP is to include the minimum requirements contained within this section and be prepared, introduced and implemented by the appointed Security and Safety Manager and/or a nominated external consultant.
2.0 RESPONSIBILITIES
The CSSP is considered a strategic document that will have an impact on every aspect of the banks business and therefore requires senior management commitment and approval.
The CSSP is to include a Corporate Policy Statement that confirms the commitment by the banks senior management and their enforcement of its content.
To ensure the successful enforcement of the CSSP the bank is to appoint a Security and Safety Manager and who is provided the necessary assistance and support to carry out his duties and responsibilities.
Whilst the CSSP is to be enforced, controlled and managed by the Security and Safety Manager, Its preparation and implementation can be undertaken and/or assisted by a nominated external consultant.
The CSSP is to include the minimum requirements contained within these guidelines and be available for audit and assessment by SAMA and/or its nominated representatives.
3.0 CORPORATE SECURITY AND SAFETY PLAN REQUIREMENTS
The Corporate Security and Safety Plan (CSSP) is to include all aspects that would affect the security and safety of the banks' staff, assets and customers.
The CSSP is to incorporate the policies, procedures and processes for both general and detailed requirements.
Whilst common elements will affect the bank as a whole, the more detailed requirements will need to be prepared for specific facilities. These facilities include:
- Regional Buildings
- Branches
- Cash Holding Facilities
- Data Centres
- Disaster Recovery (DR) Sites
- Warehouses
To ensure a complete and consistent approach is incorporated within the preparation of the CSSP the following sections and elements are to be mandatory.
3.1 INTRODUCTION
This section of the CSSP will include the following elements:
- Purpose and Regulatory Basis - identifies the standards, regulatory requirements and authority of the CSSP.
- CSSP Security and Control - identifies the security of the CSSP and its dissemination within the bank.
- Reviews and Audit Requirements - identifies the frequency of reviews, audits and those responsibly for conducting them.
- Reference Documentation - includes the associated material in the construction of the CSSP and related plans, policies and procedures.
- Business Description and Assets - provides a summary of the banks facilities that are included within the CSSP.
3.2 INTERNAL SECURITY AND SAFETY ORGANISATION
This section of the CSSP will include the following elements:
- Corporate Policy Statement - signed policy statement from senior management that provides commitment to the CSSP.
- Security and Safety Organisational Chart - identifies the management and reporting chain of all relevant personnel.
- Security and Safety Personnel Responsibilities and Job Descriptions - provides the requirements of each position and their Key Performance Indicators.
- External Agencies and Organisations - identifies the coordination between the banks' security personnel and external groups i.e. Contract Guards, Police, Civil Defence, SAMA etc.
- Security Coordination Committee - identifies personnel responsible for review of the CSSP and any amendments and/or updates.
- Conduct and Ethical Practices - provides the standards expected of the security and safety personnel.
- Vendor Management and Tendering Process - identifies the procedures for tendering and contracting security and safety related equipment, services and systems.
3.3 SECURITY AND SAFETY TRAINING AND DRILLS
This section of the CSSP will include the following elements:
- Security and Safety Awareness Programmes - provides the training and education requirements delivered to new and existing staff.
- General Security and Safety Training - identifies internal and external training in security, fire prevention and incident control for the banks' dedicated security and safety personnel.
- Specialist Security and Safety Training - outlines specific training to select personnel that would include Retail Robbery, Anti Money Laundering (AML), Fire Marshalls / Floor Wardens and Emergency Evacuation procedures.
- Security and Safety Drills - include practical tests of the physical and electrical security and safety systems, measures and procedures.
3.4 RECORDS AND DOCUMENTATION
This section of the CSSP will include the following elements:
1. Purpose and Requirements - outlines the files and records required to support the CSSP, providea centralised reference system and assist in the audit process.
2. Security and Safety Files:
a. Internal and External CSSP Updates and Amendments
b. CSSP Distribution List
c. Security Equipment List and Floor Plans
d. Safety Equipment List and Floor Plans
e. Access Control Card Request and Issue Record
f. Master Key and Password Register
g. Training Courses and Programmes
h. h. Security and Safety Drills
i. Fire Marshalls/Floor Wardens
j. Reviews, Inspections, Assessments and Audits
k. Incidents, Threats and Breaches of Security
l. Service and Maintenance Contracts, Schedules and Reports
m. Visitor and Control Room Logs
n. Approved Vendor List
3. Maintenance of Records - identifies the location and security of the records and files that are to be retained for a minimum of five (5) years from the date of preparation.
3.5 SECURITY SYSTEMS AND PROCEDURES
This section of the CSSP will include the following elements:
1. Security Guards - include roles, responsibilities and post instructions for the access control of the banks facilities.
2. Entry Point Screening Procedures - identifies the procedures for permitting access to a facility for staff, visitors, customers and vehicles.
3. ID Cards / Access Control Cards - includes the request, issue, replacement and cancellation procedures for the cards.
4. Locks and Keys - identifies the distribution, storage, management and recording of all keys, lock changes and master keys.
5. Restricted Areas - identifies and lists the locations considered sensitive, high risk and vulnerable whose loss would severely impact on the business operation and the security and safety of the bank.
6. Security and Safety Equipment Systems - includes the operational capability, locations, specifications, standards, testing and maintenance for installed equipment and systems in the following locations:
a. Main Buildings
b. Branches
c. Restricted Areas
d. Cash Holding Facilities (Vaults and Safes)
e. ATMs
f. Data Centres and Back Up Sites
g. Disaster Recover (DR) Sites
h. Warehouses
7. Asset Protection - identifies the cash and types of valuables held by the bank and the levels of security needed for their protection.
8. Cash In Transit (CIT) - provides the internal procedures and processes in the receipt, accounting and delivery of cash and the coordination with external service providers in its transportation.
9. Communications Systems - identifies the relevant systems used by the security personnel and the effective management of their use.
10. Disposal of Sensitive Material - identifies the procedures for the disposal of sensitive electronic data stored on equipment and confidential documentation.
11. Clear Desk Policy - identifies the procedures for the accessibility of confidential documents in Individual workspaces.
3.6 SECURITY AND SAFETY THREATS AND RESPONSES
This section of the CSSP will include the following elements:
1. Identification of Threats and Risks - provides a summary of the main threats and risks concerning the banks staff, assets and customers.
2. Security and Safety Response Procedures - provide a detailed list of the main events and the response procedures in mitigating their effects. The following are to be included within the CSSP:
a. Bomb Threats (vehicle and Package)
b. Armed Robbery
c. Burglary
d. Shooting
e. Fire
3. Travel Security - identifies the risks and mitigation procedures when travelling as individuals and in groups. Considerations are to include the following:
a. Air
b. Vehicle (Company and Private)
c. Hotels
4. Search Plans - provide detailed procedures for searching and checking during routine operations and elevated threat levels. The following are to be included within the CSSP:
a. Buildings
b. Cars
c. Armoured CIT Vehicles and Trucks
d. Stores Delivery Vehicles
e. Personnel
3.7 SAFETY SYSTEMS AND PROCEDURES
This section of the CSSP will include the following elements:
1. Fire Systems and Equipment - provide a detailed list of the equipment, function, location, specification and operating capability of the installed systems in each facility. The following are to be included within the CSSP:
a. Fire Detection Equipment
b. Fire Alarm and Control System
c. Fire Suppression Equipment and Systems (Sprinklers, Extinguishers and Hose Reels)
2. Emergency Response Procedures - provide detailed instructions for personnel in the event of discovering a fire or smoke condition.
3. Emergency Evacuation Procedures - provide detailed instructions and plans on the emergency evacuation procedures of a facility.
4. First Aid - identifies the personnel trained to deal with First Aid and the equipment they have available to use.
SECTION 3 ELECTRONIC AND SAFETY SYSTEMS
Synopsis
This section describes the minimum requirements and standards for Electronic Security and Safety Systems installed throughout the banks facilities.
1.0 INTRODUCTION
The purpose of installing electronic security and safety systems is to enhance the physical measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
Due to the variety and availability of internationally recognised standards it is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.
The every increasing availability of systems, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependant upon the security and business requirements of the bank.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all electronic security and safety system installations.
2.0 CCTV SURVEILLANCE AND RECORDING SYSTEM
The use of a CCTV Surveillance and Recording system is an essential element in an effective security and safety screen. The systems main functions within the bank environment are as follows:
- Visual deterrence
- Proactive and preventative surveillance on suspicious activity
- Identification of individuals
- Visual evidence in criminal investigations
- Visual confirmation in the event of an incident
- Post event analysis
The installation and connection of a CCTV surveillance network should consider the integration with related systems such as the Access Control, Intruder, Building Management and Fire Alarm systems.
2.1 General Requirements and Standards
To ensure appropriate equipments, systems, services and their security are incorporated throughout the banks facility, the following are considered a minimum requirement for all locations:
1. All Installed equipment is to include a one (1) year warranty period as standard.
2. On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. A minimum schedule should include two (2) visits per year.
CCTV Cameras:
1. CCTV camera types employed throughout the banks facilities are dependant upon their purpose and can be a mixture of both fixed and dome type.
2. Dependant upon the purpose and requirement of the camera the picture/image type can be:
a. Black and White
b. Colour
c. Combination (Day/Night)
3. To ensure the security of the connections and cabling of the cameras all exposed cabling is to be encased in steel tubes no less than 1.5mm thick.
4. Pinhole Camera - Minimum Requirements:
a. Resolution: 500 TVL
b. Lens: 1/3 inch
c. Fixed Iris Lens: 3.8mm
d. Back Light Compensation (BLC)
e. Illumination: 0.1 Lux
5. Fixed Camera - Minimum Specification:
f. Resolution: 500 TVL
g. Lens: 1/3 inch
h. Video Motion Detection (VMD) - through DVR
i. Auto Iris Lens
j. Back Light Compensation (BLC)
k. Illumination: 0.1 Lux
6. PTZ Camera-Minimum Specifications:
a. Resolution: 500 TVL
b. Lens: 1/4 inch
c. Optical (x22) and Digital (x1O) Zoom
d. Auto and Manual Focus
e. Pan Range: 340 deg
f. Tilt Range: 90 deg
g. Pan-Tilt Speed: 300 deg / sec
h. Back Light Compensation (BLC)
i. Illumination: 0.1 Lux
7. External Cameras - Minimum Requirements:
a. Positioned to cover all access and entry points for a facility.
b. Provide effective picture quality at both day and night. This can be achieved by correct positioning, shielding from the sun, In-built LED lighting and/or external illumination.
c. Fully enclosed in a weatherproof and vandal resistant housings.
d. Positioned at a minimum height of 2.5m.
8. Internal Cameras - Minimum Requirements:
a. Provide effective picture quality at both day and night. This can be achieved by correct positioning, built in LED lighting and/or external illumination.
b. Positioned at a minimum height of 2.5m and not vulnerable to approach without surveillance.
CCTV Digital Recording System:
The central element of the CCTV surveillance system is the recording medium. To ensure effective management, recording and storage of surveillance material it is to be undertaken in a digital format.
The type of system installed is dependant upon the requirements and capability of the bank. Ultimately, this can be either a hardwire system or an IT based solution.
1. The recording equipment is to be secured (as well as its power supply) separately in an enclosed and lockable cabinet / container that is securely fixed.
2. To ensure the integrity and continuous operation of the recording and surveillance equipment in the event of a power failure a separate battery back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 30 minutes.
3. The location of the recording equipment is essential in maintaining its integrity and in the prevention of tampering. The following options are available for its placement:
a. Security Control Room
b. Communication Room
c. Data Room
d. Cash / Operations Officer (if located within the secure Teller Area)
Monitors:
To ensure effective monitoring and viewing of the CCTV surveillance system a 17" screen is to be considered as a minimum for all identified locations.
2.2 Detailed Requirements - Main Buildings
The classification for main buildings includes all facilities not separately covered within these guidelines. They include the following types:
- Head Office Buildings
- Regional Buildings
- Data / Computer Centres
- Disaster Recovery Sites
- Warehouses
To ensure an effective recording period is adopted for all main buildings a minimum storage period of 1 month is to be retained at
6 fps. If recordings for specific incidents andevents are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.
In addition to the general requirements listed above the following standards are to be considered as minimum requirements for CCTV surveillance and recording systems in all main buildings:
CCTV Cameras - Surveillance Area:
- External coverage of all entry and exit points
- Internal coverage of customer reception areas and staff entrances
- Internal coverage of entry and exit points
- Floor access points that include stairwells and elevator lobbies
- Restricted Areas that require internal surveillance include:
a. Data and Computer Rooms (including individual aisles)
b. Security Control Rooms
CCTV Digital Recording System:
The operation and storage of the system is to be located in the Security Control Room. For smaller buildings it can be located in a secure area and monitored from the reception and/or the security guard position.
2.3 Detailed Requirements - Branches and Cash Holding Facilities
The primary risks and threats facing the banks are against its branch network and cash holding facilities. The geographic diversity and storage of cash / valuables makes them an attractive target for criminal activities.
In combination with other related systems the CCTV surveillance capability plays an essential role in deterring, recording and monitoring the potential risks.
The requirements covered within these guidelines include male, female and combined branches. Where combined branches are concerned they are to have separate recording and monitoring systems and controlled independently of each other.
To ensure an effective recording period is adopted for all branches and cash holding areas a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required. If specific recorded data is requested by SAMA a copy is to be retained by the bank for a period of 1 year.
In addition to the general requirements listed above the following standards are to be considered as minimum requirements for all branches and cash holding facilities:
1. Cash in Transit (CIT) Route - the bank is responsible for the continuous and uninterrupted CCTV recording of cash and valuables once it has arrived at the property until the time it has left the property. This is to include the following:
a. External arrival / departure point
b. The transit route through the branch or cash holding facility
c. Transfer point to bank staff
d. Cash Handling Area
e. Transfer to Storage Area
f. Storage Area (Vault / Safe / Safety Deposit Boxes)
g. ATM service room and access door
2. CIT Call Point - at the recognised access point for CIT operations a Call Point is to be fitted (bell / Video Speaker Phone) to alert the Cash Officer and/or Security Guard.
3. Branch - in addition to the above requirements the following areas are also to be covered by CCTV cameras:
a. Tellers - a camera is to be located behind the teller positions and cover a maximum of two (2) teller locations. The camera is to include facial features of the customers and the area around the teller. The coverage of VIP tellers is also to be covered.
b. Entry and Exit Points - all doors that exit the building are to be monitored internally. These include main, service entrances and emergency exits. Internal stairwells and access points to upper floors are also to be covered.
c. Customer Lines - a camera is to monitor the customer lines.
4. Monitors - the surveillance and monitoring of the installed cameras is to be undertaken by the Cash Officer and nominated representatives. Security guards are only to be provided surveillance of the external areas, public areas and the entry points to the building.
Monitors are to be positioned so that the images are not clearly visible to the customers.
No more than sixteen (16) images are to be displayed on the monitor at any one time.
2.4 Detailed Requirements - ATMs
In addition to, and for the same reasons, the risk and threats facing the branches and cash holding areas, the ATMs are also a potential target for criminal activities.
To ensure an effective recording period is adopted for all ATMs a minimum storage period of 3 months is to be retained at 6 fps. If recordings for specific incidents and events are requested and/or required by the bank these can be transferred to separate hard disk drives and/or writeable discs as required.
Whilst the ATMs located in the branches are supported by their security system, all ATMs are to incorporate the following minimum requirements:
CCTV Cameras - Surveillance Area:
- External Camera - to monitor the activity in front of the ATM and include the immediate area around the customer / vehicle.
- Internal Camera - to clearly monitor the facial features of the customer.
CCTV Digital Recording Equipment:
- Branch ATMs - are to be connected to the branch recording system.
- Off Site ATMs - are to have a separate recording unit or server based system.
Sufficient ventilation and cooling is to be available to the installed equipment to ensure effective and continuous operation.
2.5 Additional Considerations
In addition to the minimum requirements listed above for the CCTV surveillance andrecording system the bank could implement a Central Monitoring System (CMS) which is considered preferable by SAMA.
The adoption of a CMS will provide a remote monitoring and (possible) recording capability that will enhance the banks ability to respond to incidents and effectively mitigate the potential losses and damage as a result of a serious event that would affect its staff, assets, business and customers.
SAMA is currently reviewing this option for kingdom wide implementation with the following considerations:
- Bank Controlled CMS
- Police Controlled CMS
- Privately Controlled CMS
3.0 ACCESS CONTROL SYSTEM
An Access Control System is designed to provide a centralised control, management and recording of personnel throughout the banks facilities.
To ensure effective security of the banks facilities; its critical assets, and the prevention of unauthorised access a dedicated system is to be employed.
Electronic Access Control Systems include the following types:
- Proximity Cards
- Biometric
- Digital Keypads
Access Control utilising mechanical locks and keys are Included within Section 4 'Physical Security and Safety Systems'.
To ensure the integrity and continuous operation of the Readers in the event of a power failure a separate battery back up supply is to be incorporated within the reader / controller. The internal battery is to have a minimum back up capability of 30 minutes.
Access control systems that utilise controllers are to have a maximum of eight (8) doors controlled from a single unit.
The central database for maintaining the record of authorised personnel and the access log is to have a separate automatic / simultaneous back up capability.
To ensure effective security, control and recording of specific locations and Restricted Areas, all banks are to implement one (1) of the above systems, mechanical alternatives or a combination of them and retain a log of events for a period of 6 months.
ID Cards:
All staff, contractors and visitors are to be issued and clearly display an ID Card that identifies them whilst in the banks facility.
The cards may be incorporated within the Access Control system technology described above or be independently produced.
All banks are to ensure an effective system is adopted for the process of requesting, issuing and managing of the ID Cards.
4.0 INTRUDER ALARM SYSTEMS
An Intruder Alarm System incorporates a number of different sensors to detect and alarm in the event of unauthorised access or presence.
All alarms are to be controlled through a panel and have both local and remote capability. Remote capability may include one or a combination of the following options:
- External and separate Building / Branch / Security Control Room
- Regional Building
- Centralised Monitoring Station (CMS)
The remote location must have a 24 hour monitoring capability to ensure an effective response.
The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from any one of the identified systems.
The Intruder Alarm panel can either be a separate system or be combined with the Fire Alarm System.
The panel is to be located in a secure location and situated within a Restricted Area. Remote keypads for arming / disarming are to be located close to the exit of the area to be alarmed and not in a public area of the building or branch.
To ensure the integrity and continuous operation of the Intruder Alarm panel and its sensors / detectors in the event of a power failure a separate batten/ back up supply is to be incorporated. The use of a UPS system is to have a minimum back up capability of 48 hours.
The following sensors / alarms are to be fitted in the locations identified:
Hold Up / Panic Buttons:
These are designed to be activated if the operator / user is being attacked or threatened. The buttons are to be fitted in the following locations:
- Teller Positions
- Cash Officer
- Cash Handling Area
- Branch / Operations Manager
- Vault / Safety Deposit Room
- Security Guard (Branch)
- Reception Desk (Main Buildings)
- ATMs
The buttons can be of double operation and suitably protected and positioned against false activation.
Passive Infra Red (PIR) Sensors:
PIR sensors are designed to detect movement in a given area under their surveillance. Sensors are to be a minimum of dual technology and include enhanced features to minimise false alarms. The sensors are to be fitted in the following locations:
- Access points to the Teller Area
- Access route and door to the Vault / Safe / Safety Deposit Room
- Emergency Exit doors (Ground Floor)
- Data / Computer Room
- Disaster Recover (DR) Sites
- ATM Cabinet
- ATM Service Room
The PIR sensor is to have a visual LED self test capability to demonstrate when movement is detected. This is to be active when in the armed or disarmed mode.
Seismic / Vibration Sensors:
Seismic sensors are used to detect vibrations from all types of attacks through solid structures. The primary purpose of the sensors is to protect and prevent access to the vault, cash holding areas and ATMs.
All sensors are to be flush mounted within the floor (where applicable), wall and ceilings and be suitably protected using a protective coverto prevent damage and as a trip hazard.
Locations to be fitted with seismic sensors are as follows:
- Vaults - to cover all 4 walls, ceilings and floor (where there is a basement)
- ATMs - to be fitted inside the body / cabinet of the unit
Additional sensors are to be fitted to walls and ceilings adjoining other commercial or private properties.
Magnetic Door Contacts:
Restricted Areas identified above that do not have Electronic Access Control Systems are to incorporate Magnetic Door Contacts and linked to the Intruder Alarm Panel. Additional locations include all ground floor Emergency Exit doors.
Magnetic Door Contacts are to be fitted to the internal side of the door and located at the top open corner. Dependant upon the construction material and design of the door alternative contacts / switches may be used.
All doors with Magnetic Contacts are to have effective heavy duty door closures fitted.
Glass Break Detectors:
Glass Break Detectors are to incorporate dual technology that is capable of analyzing both flex (impact) and audio (shattering) frequencies.
Prior to the fitting of the sensors the glazed areas are to be checked for their type (sheet / tempered / laminated) to ensure their effectiveness.
If the glazed panels have film fitted, are of tempered or laminate type there is norequirement for the detectors.
Where sheet glass is used it is to be supported by the detectors.
5.0 FIRE DETECTION, ALARM AND SUPPRESSION SYSTEMS
The installation of a dedicated, integrated and effective fire detection, alarm and suppression system is critical for the safety of the banks staff, assets, business and customers.
The installation of smoke detectors is to be included in all rooms, stairwells, corridors, lift shafts, and public areas of a banks facility.
Fixed temperature thermal detectors are to be fitted to all kitchen and tea room facilities. Special attention is to be given to the fitting of thermal detectors within ATMs.
To ensure effective identification and response to a potential alarm activation a maximum of 20 detectors are to be registered in each zone if the system is not of the addressable type.
Manual Call Points are to be installed next to emergency exits, escape routes and located close to the fire extinguisher and hose reel points. The distance between Manual Call Points should not exceed 30m.
On the activation of an alarm an audible ringing is to be heard throughout the entire facility. An audible bell and visual strobe is to be visible from outside the facility.
The internal bells are to be rated at 108 dB and external bells at 120 dB.
The strobe is to remain active until the system has been reset.
Both the strobe and bells must be tamper resistant.
All cabling is to be fire rated and not run alongside power cables.
All banks are to ensure the fire alarm panel has both local and remote capability. Remote capability may include one (1) or a combination of the following options:
- External and separate Building / Branch / Security Control Room
- Regional Building
- Centralised Monitoring Station (CMS)
The remote location must have a 24 hour monitoring capability to ensure an effective response.
To ensure the Integrity and continuous operation of the Fire Panel, detectors and suppression systems in the event of a power failure a separate battery back up supply is to be incorporated. The internal battery is to have a minimum back up capability (under normal load) of 48 hours and then maintain the activation of the alarm for a further 5 minutes.
The bank is responsible for the preparation and implementation of effective response procedures in the event of receiving an alarm from the panel.
The Fire Alarm panel can be implemented as a separate system or combined along with the Intruder Alarm System. It is to be located In a secure room and remote annunciator panels near personnel operating on a 24 hour shift.
All installed equipment is to Include a one (1) year warranty period as standard.
On expiration of the warranty period all equipment is to be serviced and maintained by a qualified, recognised and registered supplier and/or service provider. A minimum schedule should include two (2) visits per year.
To ensure the effectiveness and capability of the system, regular internal tests are to be conducted. These tests are to be conducted on a monthly basis and the results recorded.
Evacuation procedures and floor plans identifying exit routes are to be prepared and positioned throughout the facility for maximum exposure.
All Emergency Exit doors are to be fitted with mechanical push bars / levers to facilitate a quick and easy access and open outwards In the direction of escape (Section 4).
To facilitate the safe evacuation process from a building once a fire alarm has activated the recruitment and training of Floor Wardens / Fire Marshalls is to be done from with the banks' staff.
Careful selection of individuals and their deputies will ensure all relevant areas are considered and included.
6.0 LIGHTING
Internal and external lighting can enhance the security and safety requirements of the bank and assist the surveillance capabilities of the security guards and CCTV surveillance system.
Application, placement and types of lighting are to be carefully considered as part of the overall requirements.
All CCTV camera locations that do not have built in illumination are to be supported by external lighting.
All identified Restricted Areas are to maintain constant illumination.
All branches are to maintain constant lighting throughout the ground floor.
External lighting is to be available for all entry and exit points of a building including emergency exit doors.
Emergency lighting incorporating an internal battery back up capability is to be available in the event of a power failure and automatically activate.
Emergency lighting is to be fitted in the following locations:
- Emergency Exit Routes
- Emergency Exit Doors
- Fire Extinguisher and Hose Reel Locations
- Manual Fire Alarm Points
- Restricted Areas
Emergency lighting must be capable of operating for minimum of 3 hours and fitted no less than 2m from ground level.
Emergency Exit signs that are not self illuminating and to be covered by the back up system.
7.0 POWERSUPPLY
Whilst the main power for the banks facilities will be supplied from the electrical grid there may be occasions where a disruption or power failure is experienced.
As identified above, all the main security and safety systems are to incorporate an emergency battery / UPS back up system that will provide sufficient power for a minimum of 30 minutes. This is designed to provide sufficient time to secure the premises until normal power is resumed.
In critical facilities the use of emergency generators is to be used. The following locations are to incorporate generators:
- Head Office Buildings
- Regional Head Office Buildings
- Data / Computer Buildings
- Cash Centres / Main Cash Holding Facilities
Dependant upon business and bank requirements, additional buildings / facilities may be identified for generator back up.
8.0 SERVICE AND PREVENTIVE MAINTENANCE
Once systems have been installed it is essential they are properly serviced and maintained by qualified, approved and experienced service providers.
The adoption of a comprehensive service and preventive maintenance contract will mitigate the possibility of system failure in the event of an incident and prolong the life of the equipment.
A minimum schedule of three (3) visits is to be conducted for all locations. Locations include main buildings, branches, data and cash centres, ATMs and warehouses.
8.1 Disposal of Equipment
To ensure the security of information contained on hard drives, internal memory and recordable mediums an effective disposal procedure is to be adopted.
Equipment identified for proper disposal are as follows:
- ATMs
- Point of Sale Hardware
- PCs and Laptops
- Fax Machines
- CCTV Recording Hardware
- Servers and Back Up Units
- CDs and DVDs
Disposal is to take the form of electronic (erasing), or physical (destruction), or a combination of both to ensure the data is permanently removed.
Clear procedures are to be in place for the disposal of the above equipment/items and coordination between the Security and Safety Manager and the Information Security department is to identify the responsibilities dependant upon the internal processes of the bank.
SECTION 4 PHYSICAL SECURITY AND SAFETY SYSTEMS
Synopsis
This section describes the minimum requirements and standards for Physical Security and Safety Systems installed throughout the banks facilities.
1.0 INTRODUCTION
The purpose of installing physical security and safety systems is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
Due to the variety and availability of internationally recognised standards It is left to the bank and its internal policies and practices to dictate the appropriate standards for such systems.
The every increasing availability of, equipment and changes / advancements in technology provides an extensive selection of products to choose from. The selection of the appropriate systems and equipment is dependant upon the security and business requirements of the bank.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for all physical security and safety system installations.
2.0 EXTERNAL SECURITY AND SAFETY MEASURES
The first line of deterrence and protection for any facility is the application of measures to secure the external perimeter.
The effective use of measures and systems will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.
2.1 Windows and Glass Panels
The increased use of glass in buildings and branches provide an alternative entry point to the much better protected main entrances.
Glass panels provide both a security and a safety risk to a facility, its personnel and customers.
The most vulnerable areas are on ground level and those obscured from public sight. To protect and secure these locations the following options are to be installed:
- Sheet/Tempered Glass - is to have security/blast film (min 200 microns) attached to the inner surface and be secured within the frame. A minimum thickness of 10mm is to be used for the glass panels.
- Laminate Glass - does not require additional measures added to the panels.
Laminate glass panels are to be capable of multiple attacks and be tested/certified by internationally recognised standards.
All ground floor windows/glass panels are to be of clear glass (or maximum 10% tint) and lighting is to be left on during 'out of working' hours to maximise external surveillance.
The use of grills and shutters to secure the facility during 'out of hours' can be used but will not reduce the above requirements for the glass panels.
Windows and glass panels in upper floors still require an element of protection for personnel who may be at risk from flying/broken glass. To ensure the safety of personnel in the upper floors the following options are to be installed:
- Sheet Glass - is to have security/blast film (min 150 microns) attached to the Inner surface and be secured within the frame.
- Tempered / Laminate Glass - does not require additional measures added to the panels.
2.2 Main Entrances
All bank facilities are to have at least one main entrance that is to be used for its primary access control point.
These entrances are to be kept to a minimum to ensure their control of access and surveillance capability. All staff and service entrances are to be treated in the same way.
All glass doors are to conform to the above standards (2.1) in the type and protection required.
All non-glass doors are to be of solid wood or steel construction and fitted with an eye-hole if an observation window is not available.
All access doors to the main entrances are to have a manual locking capability regardless of its primary operating action.
Dependant upon the use of the main entrance, the results of a Security Risk Assessment (SRA) and the procedures identified within the Entry Point Screening procedures of the Corporate Security and Safety Plan (CSSP), the following screening equipment may be required:
- Baggage X-Ray Screener
- Archway Metal Detector
- Hand Held Metal Detectors
2.3 Emergency Exits
Emergency exit doors are the primary means of exiting a facility in the event of an incident and should provide unrestricted use from the inside.
As these locations are easily accessible from the outside they are to be secured using the following measures:
Internally:
- A mechanical push bar/lever is to be fitted to the internal surface.
- Electronic locking systems are to be on a 'fail open' setting.
- Magnetic Contact connected to the Intruder Alarm System
- CCTV Camera
- An eye-hole.
- Appropriate exit signage and lighting.
Externally:
- Flat door plate with no handle.
- CCTV Camera and PIR.
As part of the fire safety requirements, all routes leading to the emergency exit are to be clear of obstructions and have appropriate signage and lighting to facilitate easy exit.
2.4 ATM Locations
In addition to a facilities' cash holding areas the Automated Teller Machines (ATM) are to be considered high risk. The diversity in their locations (Branch, Drive Up, and Stand Alone) and the cash they hold make them an attractive target compared to highly secured locations such as vaults and safes contained within buildings and branches.
Only internationally recognised standards and providers are to be used in the purchase of ATM units.
Whilst the locations are dictated by the bank in conjunction with SAMA and Police approval, there are a number of minimum security requirements and are as follows:
- All ATM units are to be securely fixed to a solid base using at least four (4) points.
- All cabling is to be buried/hidden where possible.
- All exposed cabling is to be contained within a steel conduit.
- All waste paper containers should only facilitate the use of receipt slips and be self extinguishing.
- All ATM units are to have external lighting on 24 hour operation.
- All intruder/fire panels are to have tamper sensors fitted.
- All ATM cabinets are to have the following security measures:
a. Access via high security lock and cylinder or electronic access control.
b. Door contact connected to intruder alarm panel.
c. Seismic/Vibration Sensor (Section 3)
d. PIR connected to the intruder alarm panel (Section 3).
e. Hold Up Button (Section 3).
f. Smoke and Heat Sensor.
g. External alarm bell and strobe.
All ATM units are to have CCTV surveillance (Section 3) that is recorded on its own Digital Recording system, or remotely, through the system incorporated within branch it is attached to.
All ATM units are to be connected to a remote Central Monitoring Station (CMS) for the activation of alarms from any of the fitted sensors.
3.0 INTERNAL SECURITY AND SAFETY MEASURES
Should the external security and safety measures be defeated and/or bypassed the internal systems are designed to delay and deter criminal activity as part of a layered methodology.
The internal security measures primarily concentrate on the Restricted Areas identified within a facility so that security can be effectively and efficiently focused.
Restricted Areas: are considered as follows:
- Vaults, Safes and Safety Deposit Rooms
- Teller Areas
- ATM Service Rooms
- Cash Holding Areas
- Cash Handling Areas
- Building Access / Entry Points
- Security Control Room
- Data / Computer Rooms
- IT / Communication Rooms
- Disaster Recovery (DR) Sites
- Electrical Rooms
Additional locations can utilise either electronic and/or mechanical means to secure their access and include the following:
- ATM Cabinets
- Generator Rooms
- PTT/PABX Room
- SCECO Switch Room
- Electrical Rooms
All Restricted Area doors are to have effective heavy duty door closures fitted.
3.1 Mechanical Locks
Mechanical locks using keys are a standard means of securing doors throughout a facility.
In addition to the considered use of an electronic access control system, appropriate mechanical locks can be used in conjunction, or as a replacement, for the security of Restricted Areas (Section 3).
To compliment the electronic security and safety measures the physical requirements are as follows:
1. All doors are to be of solid wood or steel construction with same quality material for door frames.
2. All locks/cylinders are to be of high security standard with deadlocking mechanism and resistant to the following:
a. Picking
b. Drilling
c. Overlift and Reading
d. Rap and Rake
3. All hinges are to be of steel heavy duty standard with non-rising or removable pins.
4. All doors are to have heavy duty door closures fitted.
5. All doors are to have appropriate security signage for Restricted Areas.
Restricted Areas are to be completely sealed outside the main entry points that are secured by the above / or electronic means. All false ceilings, floors, AC vents and other access points are to be considered and secured. All walls are to be of brick/block construction.
The other major consideration concerning mechanical locks is in the security and control of the keys.
As part of the requirements of the Corporate Security and Safety Plan (CSSP) the following is to be established for keys that access Restricted Areas:
- Log of all keys and the controlling department.
- Secure storage and issue procedures.
- Cylinder / Lock / Key replacements.
- Regular audits / inspections of the keys and issue log.
- Issue, storage and security of master keys and blanks.
3.2 Teller Areas
The teller areas are considered a Restricted Area and incorporate a number of electronic security systems/sensors (Section 3) to protect them during working and silent hours.
The main threat against the tellers is a hostile attack from a customer, armed robbery and direct access to the vault, safe and/or cash holding area.
In consideration with the electronic systems, security guards and effective procedures that accommodate the main threats, the following options are available for protecting the teller area:
Option 1: Open Cash Drawer
- Tempered/Hardened glass (Min 10mm in thickness) is to be fitted to the top of the teller counter and extend for a minimum of 2m in height.
- Construction below the counter is to be of double brick/block with an external layer steel sheet.
Option 2: Automated Cash Dispenser
1. An Automated Cash Dispenser is fitted to each teller position. The dispenser is to be securely fixed to the floor using at least 4 points and have the following security measures:
a. Mechanical / Electronic access control mechanism.
b. Seismic / Vibration sensor (Section 3).
3. Suitable and appropriate signage is to be used to identify the use of Automated Cash Dispensers.
The main purpose of the above options is to provide additional delay for the police to respond as well as maximising the protection of the teller personnel, branch staff and customers.
As a result of a Security Risk Assessment (SRA) of the branch there may be a requirement to fit tempered/hardened glass to the top of the teller counter for Option 2. This will be dependant upon the risks identified in the area.
3.3 VAULTS AND SAFES
The primary storage, security and safekeeping for the majority of cash holdings, valuables and high value documents in a facility are kept in the designated vault and/or safe.
vault
In addition to the electronic security systems identified in Section 3, the following physical measures are to be incorporated:
1. Vaults are to have walls, floor and ceiling of steel reinforced concrete with a minimum thickness of 30cm.
2. Reinforcing is to be in horizontal and vertical staggered rows of 10cm forming a grid pattern using No5 diameter deformed steel bars. A minimum of at least two (2) grid patterns shall be used.
3. The grids are to be in parallel with the face of the walls and secured using beam bolsters, wall ties or upper continuous high chairs and fastened together at the corners.
4. The use of modular panels can be used if materials are rated to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 60 minutes.
5. The main door is to be constructed of high strength stainless steel with a minimum thickness of 10cm. The door is to provide protection against attack using a cutting torch {oxyacetylene), mechanical and/or electrical tools for a net working time of 60 minutes.
6. A double rotary mechanical combination and key system is to be used for access control of the main door. The keys are to be under dual control of two (2) senior bank/branch officers. Spare keys are to be kept and combinations are to be kept in a neighbouring branch vault.
7. The frame of the main door is to be welded to the walls reinforcing bars and filled with concrete.
8. A steel day gate is to be fitted with two (2) high security cylinders on both sides.
9. If an optional emergency door is installed it must conform to the specifications of the main door.
10. An emergency vault ventilator must be provided in the wall or vault door.
11. A telephone is to be fitted inside the vault.
12. All cables connected to the vaults security and safety systems are to be secured and protected within steel conduit.
Storage Requirements
The purpose of the below table is to provide a minimum security requirement for the identified amounts of cash and valuables. Where extremely high amounts (in excess of SR 20,000,000) are stored, protection levels and specifications are to be investigated and assessed separately.
Storage Requirement for Cash and Valuables
Storage Type
Amount / Value
(Cash and Valuables)
Vault
Over SR 2,000,000
Safe Type A'
SR 500,000 to SR 2,000,000
Safe Type B'
Up to SR 500,000
Safes
A safe is defined as a free standing, prefabricated secure storage unit whose protection originates in the prefabrication and which does not have holes through the protection other than those for locks and cables for anchoring.
The safe is to be designed and manufactured to meet stringent international testing authority standards and be approved and/or listed by an international recognised testing laboratory or agency.
The safe is to have a dual control mechanism that consist of one (1) of the following:
- 2 x Combination Locks
- 2 x Key Locks
- Combination and Key Lock
The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.
The safe must be positioned in a Restricted Area will the associated protection and systems identified within these guidelines.
Type A:
The minimum weight for this safe is 750kg (empty) and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.
All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 30 minutes.
Type B:
The minimum weight for this safe is 200kg and must be securely anchored to the concrete floor using two (2) internal bolts that is only accessible from inside the safe.
All six (6) sides (including the door) must be resistant to a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 15 minutes.
3.4 Safety Deposit Box Room
Customer safety deposit boxes are to be contained within a room that incorporates the same requirements and standards as listed above for a vault.
The electronic security systems (Section 3) are also those required for this location. Special attention in the fitting of the internal CCTV camera is to be considered to ensure it does not cover the area designated for the customer to inspect its content.
All safety deposit boxes are to have dual control high security cylinders.
3.5 Strong Rooms
In addition to the use of the above listed vault and safes there may be a requirement to store other sensitive material and documents separately. These items may include the following;
- Documents classified Confidential and above.
- Stocks of Cheque Books.
- Bills, Securities and Guarantees.
- Official Seals
- Shares and Bond Documents
- Spare Master Keys
If existing facilities for storage are not available the strong rooms are to have the same requirements designated for the vault. The only differences are as follows:
1. Vaults are to have walls, floor and ceiling of steel reinforced concrete with a minimum thickness of 15cm.
2. The main door is to be constructed of high strength stainless steel with a minimum thickness of 10cm. The door is to provide protection against attack using a cutting torch (oxyacetylene), mechanical and/or electrical tools for a net working time of 15 minutes.
3.6 Cabinets
In addition to the above listed secure storage rooms there may be a requirement to secure and protect other materials.
The use of cabinets primarily provides protection against fire and environmental damage. Whilst they do provide a level of security this should be considered limited.
All cabinets are to have locks that, if tampered with, will provide visual evidence.
Fire Resistant Cabinets:
The safe is to be fire tested and certified to international standards for a resistance of one (1) hour.
The fire resistant cabinets are designed to protect environmentally sensitive items such as:
- Microfilms and Microfiche
- Insurance Files
- Documents classified below Confidential
Steel Cabinets:
The steel cabinets are designed to protect sensitive items such as:
- Account Documents
- Unclassified Mail
- Specimen Signatures
- Date, Authority and Signature Stamps
- Registers
- Security and Safety Plans
3.7 Fire Safety Equipment
The risk of a fire in a facility is potentially greater than any other form of hazard or incident type. The ability to effectively detect and quickly extinguish a fire is critical in minimising the potential damage to life and the assets of the bank.
In addition to the electronic safety systems (Section 3) it is the use of automated and hand held fire suppression systems that will ensure an effective response.
The positioning, quantity and use of these equipments are available through international standards (eg NFPA), Civil Defence standards and requirements. These should also be clearly Identifies within the Corporate Security and Safety Plan along with the identification of responsible personnel, their training on how to use the equipment and in emergency evacuation procedures.
The main suppression equipment types are as follows:
Water Sprinkler Systems:
Dependant upon Civil Defence requirements on the locations, standards and specifications the bank is to install an automated water sprinkler system to all underground car parking areas.
Clean Gaseous Systems:
In sensitive electrical locations there is a requirement to minimise the damage to the equipment in the event of an automated system activating.
This is achieved by using a system such as FM200 (or equivalent) but will require the room to be sealed against air leaks. Due to the non toxic nature of this type of system it is also considered essential in similar areas that are occupied by bank staff and/or contractors.
Fire Extinguishers and Fire Hoses:
A wide range of fire extinguisher types are available (water, powder, chemical) and their positioning will be dependant upon the locations they are designed to protect.
The majority of extinguishers will be water based (Class A Fires). Electrical / Computer rooms will require the use of dry powder types (Class C Fires) and positioned accordingly. The minimum capacity for any extinguisher is to be not less than 6kg.
Should extinguishers over 10kg be required they should be trolley based.
The positioning of fire hoses is to ensure sufficient coverage is achieved between them so that no area cannot be reached or Is inaccessible.
Emergency water supplies are to be available to support the hoses in the event of a failure of the mains water supply. This can be achieved by reserving a given amount of water in the existing water tanks or by having a separate tank specifically for the fire fighting system.
The use of generators (Section 3) will also be required to support the pumps in the event of power loss.
Signage is to be located at each position where extinguishers and fire hoses are fitted.
As a minimum requirement they are to be located in the following areas:
- Floor lobby areas
- Emergency Exits
- Restricted Areas (Fire Extinguishers dependant upon type required)
SECTION 5 CASH IN TRANSIT - BANK PROCEDURES
Synopsis
This section describes the minimum requirements, procedures and standards for Cash in Transit (CIT) operations for all banks.
1.0 INTRODUCTION
The Cash in Transit (CIT) operations currently pose the greatest risk to the banks. It is during the transit and movement of cash and valuables between the secure storage locations that it is most vulnerable.
This section describes the internal procedures and requirements of the bank for the movement, handling and safeguarding of cash and valuables.
As all banks outsource the CIT function a separate document has been prepared for companies that provide this service.
This section is designed to work in coordination and conjunction with the other section requirements outlined within the SAMA Guidelines.
2.0 DEFINITION OF TERMS
Cash:
Includes both local and foreign currency bank notes and coins.
Valuables:
Includes all negotiable documents and materials such as cheques, bills, bonds and guarantees. This also includes precious stones, metals and customer safety deposit boxes.
CIT Manager:
This person is assigned by the bank and responsible for the internal coordination of the CIT service and is to be assisted by identified personnel for kingdom wide operations.
Consignor:
The person or party involved in the dispatch/sending of the cash or valuables.
Consignee:
The person or party involved in the receipt of the cash or valuables.
3.0 RECORDS AND DOCUMENTATION
To ensure the security and safety of the CIT operations the bank is responsible for maintaining and coordinating the necessary documentation for the movement and handling of cash and valuables.
The following records and documentation is required:
1. CIT Operating Schedule - an operating schedule is to be prepared by the bank or CIT service provider for all transportation, deliveries, pick ups and ATM replenishments. The schedule is to be sent to the police by the end of the previous working day. Copies of the schedule are to be held by the bank and CIT service provider.
2. CIT Transfer Record - a transfer record of all cash and valuables is to be maintained by the bank and include the following:
a. Names and signatures of carriers, consignees and consignor
b. Date and time of transfer
c. Cash amount or content of consignment
d. Condition of consignment
e. Seal numbers
f. Departure and destination
3. Corporate Security and Safety Plan (CSSP) - the CSSP is to include a detailed list of procedures and processes for the internal movement and handling of cash and valuables. These procedures are to be sent to SAMA for verification and approval. Procedures are required for the following:
a. Custodians / ATM replenishment teams
b. Branches (Vaults / Safes / Safety Deposit Boxes)
c. Cash Centres/Holding Areas
The bank is responsible for the compliance of these guidelines and may utilise the services of an external security consultant to ensure the CIT requirements are met for all applicable facilities and equipment.
The CIT Manager and/or the Security and Safety Manager are responsible for the implementation, coordination and maintenance of the above requirements.
4.0 TRANSPORTATION REQUIREMENTS
The external transportation of cash and valuables is primarily undertaken by CIT service providers. The requirements, procedures and regulations for these companies are contained within the separate document 'Cash in Transit Procedures for Transportation Companies'.
To ensure the secure and safe movement and handling of cash and valuables, the minimum requirements for banks are as follows:
1. Canvas Bag Container - to have a double flap and be capable of attaching a uniquely numbered plastic or metal seal.
2. Cassette Container - to be constructed of heavy duty plastic or metal and be capable of attaching a uniquely numbered plastic or metal seal.
3. Self Sealing Container - to be constructed of thin gauged plastic and be individually coded and/or numbered.
The bank is responsible for the coordination, verification and performance of the CIT service provider. Regular assessments of the service providers' procedures are to be conducted by the CIT Manager, Security and Safety Manager and/or external consultant.
The transportation of cash and valuables outside the banks property is to be notified to the appointed police contact by the bank or CIT service provider.
Should the CIT service provider not be able to deliver a consignment in time the SLA is to clearly identify the procedures for storing and securing it until it can be delivered.
The use of the above mentioned CIT Operating Schedule will ensure the police are aware of the routes, locations and activities.
Whilst it is preferable to have a police escort and presence during the delivery operations and ATM replenishment it may not be possible due to availability of resources. It is the banks responsibility to ensure they are informed and maintain the CIT schedule they, or the service provider, has established.
The CIT Manager is responsible for the coordination of the schedule and that the police are provided sufficient notice.
5.0 CIT-PREPARATION
To ensure suitable supervision, accountability and security in the preparation of the cash and valuables for transportation, this is to be a dual control operation. A minimum of two (2) bank employees are responsible for the counting, packing and sealing of the bags/containers. Ultimate responsibility is with the following personnel:
- Cash Officer
- Chief Cashier/Teller
Nominated deputies can undertake this task but must be authorised by the above.
Dual control is to be maintained until the transfer has taken place and the CIT Transfer Form has been completed.
The Branch Manager or Cash Centre Manager is to coordinate with the above staff to identify the transfer of cash and valuables for the next working day with the CIT service provider.
The CIT Manager or representatives are to ensure the CIT Transfer Forms and Records are correctly completed, maintained and securely stored for each location.
6.0 CIT-DISPATCH
Once the preparatory phase has been completed the two (2) authorised personnel are to recheck seals and the security of the bags or containers and verify the transporting personnel against their ID cards.
On completion and signing of the CIT Delivery Receipt Form the bags or containers are to be handed over to the authorised carriers.
The original and a copy of the CIT Transfer Form are to be sent in a sealed envelope to the consignee.
If cash or valuables are being sent to SAMA an authorised bank employee is to be present during the handover. The authorised employee is to acknowledge the receipt of the consignment from the carriers after checking the bags or containers are securely sealed.
The authorised bank employee is then to deposit the consignment, forward the deposit receipt and record the transaction.
7.0 CIT-RECEIPT
Only authorised bank employees are to receive the cash and valuables from the carrier along with the CIT Transfer Form.
On verifying that the bags or containers are securely sealed the two (2) authorised bank employees are to sign the CIT Delivery Receipt Form.
On confirming the contents of the bags or containers are correct and in order, the two (2) authorised bank employees are to sign the CIT Transfer Form.
On completion and recording of the checks and receipt of the consignment, a copy of the CIT Transfer Form is to be sent to the consignor.
The Cash Officer or Cash Centre Manager is responsible for checking the forms and records in line with the procedures laid down in the CSSP.
Cash and valuables being received from SAMA is to follow the above (6.0) requirements.
8.0 CIT-DISCREPANCIES
If a discrepancy Is identified during the preparation, receipt or delivery of cash and valuables the following actions are to be undertaken:
1. Insecure Bags or Containers - in the event of tampering, missing seals and/or any other signs of insecurity of the bags or containers they are to be refused unsigned and returned to the carrier immediately for investigation.
The authorised checking personnel are to make a report and the following are notified and sent a copy of the report:
a. Cash Officer / Cash Centre Manager
b. Branch Manager
c. CIT Manager / Regional Representative
d. Consignor Manager
When returned consignor the bag or container is to be checked by the original authorised personnel for verification.
In the event of a loss of cash or valuables a report is to be prepared and signed by both the consignor and consignee.
2. Discrepancy in Cash or Valuables - in the event of a discrepancy between the CIT Transfer Form and the contents of the bag or container the above actions are to be followed once a confirmation has been made between the Branch Manager / Cash Centre Manager and the consignor regarding the CIT Transfer Form..
All original reports are to be held and maintained by the CIT Manager for safe keeping.
Dependant upon the nature of the incident and whether it was resolved or not, the CIT Manager may involve the Security and Safety Manager and/or other identified personnel should further investigations be required.
Training is to be provided for personnel authorised to conduct these operations that includes the following:
- Anti Money Laundering (AML)
- Procedures and processes for the movement of cash and valuables as per the CSSP
- Procedures in the event of armed robbery and/or criminal acts
9.0 ATM
The replenishment and servicing of Automated Teller Machines (ATM) is to be regarded as a CIT operation when the machine cannot be replenished within a secure area.
The replenishment operation is to be undertaken by a minimum of two (2) authorised personnel.
All replenishment operations are to be conducted in the presence of armed guards.
Lobby ATMs:
Where relevant, all doors and access points to the ATM lobby or replenishment area are to be secured and locked prior to the opening of the ATM.
The use of blinds and screens are to be maximised to prevent unnecessary visibility of the replenishment operation.
External ATMs:
The replenishment teams will be assisted by the team in the armoured car. The cash containers are to remain in the vehicle until they are required and are as close to the ATM as possible.
During the replenishment the armoured car team is to remain vigilant and is responsible for the protection of the team and the cash containers.
Dependant upon availability the police may also be present to provide additional security and protection to the replenishment teams and the cash containers.
Should the replenishment schedule change from the prepared Itinerary this is to be communicated back to the CIT Manager or regional representative. Any changes are to be sent to the nominated contact in the police to ensure their presence during transit and replenishment operations.
Police presence is dependant upon availability of resources and CIT operations should maintain their schedule of timings and identified routes.
Training is to be provided for personnel authorised to conduct these operations that includes the following:
4. ATM Security and Safety Systems
5. Procedures and processes for the movement of cash and valuables as per the CSSP
6. Procedures in the event of armed robbery and/or criminal acts
SECTION 6 SECURITY GUARDS FOR MAIN BUILDINGS AND BRANCHESS
Synopsis
This section describes the minimum requirements and standards for Security Guards operating throughout the banks Main Buildings and Branches.
1.0 INTRODUCTION
In addition to the installation and implementation of other security and safety measures to protect the banks' main buildings and branches, a security guarding service to be used.
The purpose of using security guards is to enhance the electronic and procedural measures employed to protect, deter and mitigate the effects of a serious incident and/or criminal activity.
No single system in isolation is completely effective, and it is only through their layered approach, physical barriers, manned guarding, effective management and clearly identified procedures and policies can their use be fully maximised to best effect.
The guidelines contained within this document are designed to provide a minimum requirement that must be met and included for the use of security guards for the banks main buildings and branches.
2.0 RESPONSIBILITIES AND REQUIREMENTS
The security guard(s) is intended to compliment the use of other security and safety systems, measures and equipment.
The deployment of security guards throughout the banks main buildings and branches is to be closely monitored and supervised by the service provider and the banks personnel.
To ensure sufficient guards are available to carry out their responsibilities, an assessment is to be carried out to identify the quantity and requirements. This can be part of the Security Risk Assessment or undertaken as a separate report.
The security guards can be contractors or directly employed by the bank.
Detailed responsibilities and requirements are to be identified within the Corporate Security and Safety Plan (CSSP) and controlled, monitored and enforced by the Security and Safety Manager.
The primary responsibilities of the security guard is as follows:
- Provide an effective physical and visual deterrent.
- Provide effective control of access and entry points.
- Provide an effective response to security and safety incidents.
The primary requirements of the security guard is as follows:
- They are to be a Saudi national.
- Clearly identifiable and appropriate uniform is to be worn at all times.
- Maintain the Security Guard Shift Report.
- Fully trained and prepared for their function and location.
All security guard reception/entry locations are to maintain a Shift Report that records all the events and activities for each shift. The security guard/supervisor Is to include the following Information:
- Date, time and guard names for each shift changeover.
- Suspicious activity identified during the shift period.
- Incidents/Events during the shift period.
- Activation of Alarms.
- Security and Safety equipment check and test.
The Security and Safety Manager is to ensure that the information contained within the Security Guard Shift Report is reported, acknowledged and any appropriate action taken. Apart from immediate/emergency actions the report is to be checked and acknowledged at the start of each working day.
Prior the changeover between shifts, the oncoming guard is to have physically checked his area of responsibility and acknowledged the content of the previous shift report.
All security guard locations are to have detailed Post Instructions that clearly identify their function, responsibilities, incident response and reporting chain. These will form part of the CSSP (Section 2).
The effective use of security guards will greatly reduce the risk of criminal elements considering the facility a potential target for their activities and in preventing easy access.
3.0 ACCESS CONTROL
One of the primary responsibilities of the security guard is the control of access to the building or branch.
To assist in the control and identification of personnel an ID Card system is to be employed by all banks.
All security guards are to be aware of the Restricted Areas within their area of responsibility.
All buildings and branches are to have 24 hour security guard presence and working hours and overtime are to conform to the regulations laid down in the Saudi Labour Laws and are the responsibility of the service provider.
The security guards are responsible for the enforcement of a Clear Desk Policy and are to report any infringements within their shift reports.
3.1 Main Buildings
To ensure the identity and control of the different personnel working and visiting the building, the following are to be clearly identified:
- Permanent Employees
- Contractors
- Visitors
The security guard is to enforce the wearing and prominent display of the issued ID cards by all personnel working and visiting the building.
A Building Log Sheet is to be maintained at each reception/access point. The log sheets are to include all personnel (without ID) and visitors that enter the building. The information is to include the following:
- Name, contact number and date
- Type of ID used
- Person Visited / Employee Dept
- Time in and out
Visitors are issued temporary ID cards once the following has been confirmed:
- Confirmation of visit/appointment by bank employee.
- Confirmation of visitor by official identification (picture and name).
Visitors are not to be given access without being escorted by the visited bank employee or a security guard. The bank employee is responsible for their visitor until they are returned to the reception desk and logged out.
The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).
3.2 Branches
To ensure the identity and control of the different personnel working In the branch, the following are to be clearly identified:
- Permanent Employees
- Contractors
The security guard is to enforce the wearing and prominent display of the issued ID cards by all employees and contractors whilst working in the branch.
Customers are only permitted entry during the banks official opening hours.
Cash In Transit (CIT) operations are considered a separately and can be found in Section 5.
Bank employees are only permitted access to the branch during out of hours if prior permission has been provided by the Branch Manager or his nominated deputy.
Access to the branch out of working hours, regardless of permission, is to be visually confirmed by the guard prior to allowing entry.
The bank is to establish clear policies and procedures on the identification, issuance and control of an ID card system. These are to be contained within the CSSP (Section 2).
3.3 Cleaning Personnel
All cleaning personnel are to be escorted and/or supervised whilst working within Restricted Areas during out of hours. This can be undertaken by a bank employee or the security guard dependant upon the policy of the bank.
The contract company providing the cleaning services are to issue a list of all personnel, and their duty hours, to the building reception desk or branch security guard.
Changes to the names and/or hours are to be confirmed in writing by the nominated supervisor/manager of the service provider.
4.0 ADDITIONAL CONSIDERATIONS
Whilst it is mandatory for all buildings and branches to maintain 24 hour security, the installation of a remotely monitored alarm/surveillance capability may be considered for the reduction in security guard numbers and presence.
All implemented and/or proposed systems should be prepared in writing and sent direct to SAMA for review and consideration.
High-risk and Non-cooperative Jurisdictions
FATF Public Statement - 26 June 2015
Brisbane, 26 June 2015 - The Financial Action Task Force (FATF) Is the global standard setting body for anti-money laundering and combating the financing of terrorism (AML/CFT). In order to protect the international financial system from money laundering and financing of terrorism (ML/FT) risks and to encourage greater compliance with the AML/CFT standards, the FATF identified jurisdictions that have strategic deficiencies and works with them to address those deficiencies that pose a risk to the international financial system.
Jurisdictions subject to a FATF call on its members and other Jurisdictions to apply counter-measures to protect the international financial system from the on-going and substantial money laundering and terrorist financing (ML/FT) risks emanating from the Jurisdictions.
Iran
Democratic People's Republic of Korea (DPRK)
Jurisdictions with strategic AML/CFT deficiencies that have not made sufficient progress In addressing the deficiencies or have not committed to an action plan developed with the FATF to address the deficiencies. The FATF calls on its members to consider the risks arising from the deficiencies associated with each Jurisdiction, as described below.
Algeria
Myanmar
Iran
The FATF remains particularly and exceptionally concerned about Iran's failure to address the risk of terrorist financing and the serious threat this poses to the Integrity of the International financial system, despite Iran's recent engagement with the FATF.
The FATF reaffirms its call on members and urges all jurisdictions to advise their financial Institutions to give special attention to business relationships and transactions with Iran, including Iranian companies and financial institutions. In addition to enhanced scrutiny, the FATF reaffirms its 25 February 2009 call on its members and urges all jurisdictions to apply effective counter-measures to protect their financial sectors from money laundering and financing of terrorism (ML/FT) risks emanating from Iran. The FATF continues to urge jurisdictions to protect against correspondent relationships being used to bypass or evade counter-measures and risk mitigation practices and to take Into account ML/FT risks when considering requests by Iranian financial institutions to open branches and subsidiaries in their jurisdiction. Due to the continuing terrorist financing threat emanating from Iran, jurisdictions should consider the steps already taken and possible additional safeguards or strengthen existing ones.
The FATF urges Iran to immediately and meaningfully address its AML/CFT deficiencies, in particular by criminalising terrorist financing and effectively implementing suspicious transaction reporting requirements. If Iran falls to take concrete steps to continue to improve its CFT regime, the FATF will consider calling on its members and urging all jurisdictions to strengthen counter- measures In October 2015.
Democratic People's Republic of Korea (DPRK)
Since February 2015, the DPRK engaged with the FATF regarding the deficiencies identified in its action plan developed with the FATF.
However, the FATF remains concerned by the DPRK's failure to address the significant deficiencies in its anti-money laundering and combating the financing of terrorism (AML/CFT) regime and the serious threat this poses to the integrity of the international financial system. The FATF urges the DPRK to immediately and meaningfully address its AML/CFT deficiencies.
The FATF reaffirms its 25 February 2011 call on its members and urges all jurisdictions to advise their financial institutions to give special attention to business relationships and transactions with the DPRK, including DPRK companies and financial institutions. In addition to enhanced scrutiny, the FATF further calls on its members and urges all jurisdictions to apply effective countermeasures to protect their financial sectors from money laundering and financing of terrorism (ML/FT) risks emanating from the DPRK. Jurisdictions should also protect against correspondent relationships being used to bypass or evade counter-measures and risk mitigation practices, and take into account ML/FT risks when considering requests by DPRK financial institutions to open branches and subsidiaries in their jurisdiction.
Algeria
Algeria has taken steps towards improving its AML/CFT regime, Including by Issuing terrorist asset freezing regulations. The FATF has not assessed Algeria's new measures on terrorist assets freezing due to their recent nature, and therefore the FATF has not yet determined the extent to which they address the earlier deficiency Identified regarding the establishment and implementation of an adequate legal framework for identifying, tracing and freezing terrorist assets. The FATF welcomes Algeria's progress and encourages Algeria to continue the process of implementing its action plan.
Myanmar
Myanmar has taken steps towards improving its AML/CFT regime. However, despite Myanmar's high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies, Myanmar has not made sufficient progress in implementing its action plan, and certain strategic AML/CFT deficiencies remain. Myanmar should continue to work on implementing its action plan to address these deficiencies, Including by: (1) adequately criminalising terrorist financing; (2) establishing and implementing adequate procedures to identify and freeze terrorist assets; (3) ensuring an operationally independent and effectively functioning financial intelligence unit; and (4) strengthening customer due diligence measures. The FATF encourages Myanmar to address the remaining deficiencies and continue the process of implementing Its action plan.
Improving Global AML/CFT Compliance: On-going Process - 26 June 2015
Brisbane, 26 June 2015- As part of its on-going review of compliance with the AML/CFT standards, the FATF has to date identified the following jurisdictions which have strategic AML/CFT deficiencies for which they have developed an action plan with the FATF. While the situations differ among each jurisdiction, each jurisdiction has provided a written high-level political commitment to address the identified deficiencies. The FATF welcomes these commitments.
A large number of jurisdictions have not yet been reviewed by the FATF. The FATF continues to Identify additional jurisdictions, on an on-going basis, that pose a risk to the international financial system.
The FATF and the FATF-style regional bodies (FSRBs) will continue to work with the jurisdictions noted below and to report on the progress made in addressing the identified deficiencies. The FATF calls on these Jurisdictions to complete the Implementation of action plans expeditiously and within the proposed timeframes. The FATF will closely monitor the implementation of these action plans and encourages its members to consider the information presented below.
Lao PDR Sudan Afghanistan Panama Syria Angola Papua New Guinea Uganda Boznia and Herzegovina Yemen Ecuador Guyana Jurisdiction not making sufficient progress
Iraq
Jurisdictions no longer Subject to the FATF's On-Going AML/CFT Compliance Process
Indonesia
Afghanistan
In June 2012, Afghanistan made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. Since February 2015, Afghanistan has taken steps towards Improving its AML/CFT regime, including by issuing an amendment to the AML Law to extend the money laundering offence to cover foreign predicate offences. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Afghanistan should continue to work on implementing its action plan, including by: (1) further implementing its legal framework for identifying, tracing and freezing terrorist assets; (2) Implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (3) establishing and implementing effective controls for cross-border cash transactions. The FATF encourages Afghanistan to address its remaining deficiencies and continue the process of implementing its action plan.
Angola
In June 2010 and again In February 2013 in view of its revised action plan, Angola made a high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies. Since February 2015, Angola has taken significant steps towards improving its AML/CFT regime through the adoption of mutual legal assistance legislation on 19 June 2015. The FATF has not assessed this new legislation due to its very recent nature, and therefore the FATF has not yet determined the extent to which it addresses the deficiency earlier Identified by the FATF. The FATF encourages Angola to continue the process of Implementing its action plan.
Bosnia and Herzegovina
In June 2015, Bosnia and Herzegovina made a high-level political commitment to work with the FATF and MONEYVAL to address its strategic AML/CFT deficiencies. Bosnia and Herzegovina will work on implementing its action plan to address these deficiencies, Including by: (1) completing the criminalisation of terrorist financing; (2) establishing and Implementing an adequate legal framework for freezing terrorist assets under UNSCR 1373; (3) implementing an adequate supervisory framework; (4) implementing adequate AML/CFT measures for the non-profit sector; and (5) establishing and implementing adequate cross- border currency controls; (6) harmonising criminalisation of money laundering in all criminal codes; and (7) ensuring adequate procedures for the confiscation of assets. The FATF encourages Bosnia and Herzegovina to address its AML/CFT deficiencies by Implementing its action plan.
Ecuador
Since June 2010, when Ecuador made a high-level political commitment to work with the FATF and GAFILAT to address its strategic AML/CFT deficiencies, Ecuador has made significant progress to Improve its AML/CFT regime. Ecuador has substantially addressed its action plan at a technical level, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing adequate procedures to identify and freeze terrorist assets and for the confiscation of funds related to money laundering; and (3) reinforcing and improving coordination of financial sector supervision. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously Identified by the FATF.
Guyana
In October 2014, Guyana made a high-level political commitment to work with the FATF and CFATF to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic deficiencies remain. Guyana should continue to work on implementing its action plan, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and Implementing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (4) establishing a fully operational and effectively functioning financial intelligence unit; (5) establishing effective measures for customer due diligence and enhancing financial transparency; (6) strengthening suspicious transaction reporting requirements; and (7) implementing an adequate supervisory framework. The FATF encourages Guyana to address its remaining deficiencies and continue the process of implementing its action plan.
Lao PDR
In June 2013, the Lao PDR made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. Since February 2015, the Lao PDR has taken steps towards improving its AML/CFT regime, Including by formalising the role and function of the Fill and issuing regulations on its cross border declaration system. The Lao PDR should continue to work on implementing its action plan to address these deficiencies, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (4) ensuring a fully operational and effectively functioning financial Intelligence unit; (5) establishing suspicious transaction reporting requirements; (6) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (7) establishing and Implementing effective controls for cross-border currency transactions. The FATF encourages the Lao PDR to address its AML/CFT deficiencies and continue the process of Implementing its action plan.
Panama
In June 2014, Panama made a high-level political commitment to work with the FATF and GAFILAT to address its strategic AML/CFT deficiencies. Since February 2015, Panama has taken significant steps towards improving its AML/CFT regime, including by enacting: amendments to the criminal code, a new AML/CFT law, and legislation enhancing the framework for international cooperation. However, the FATF has determined that strategic AML/CFT deficiencies remain. Panama should continue to work on Implementing its action plan, Including by: (1) Implementing an adequate legal framework for freezing terrorist assets; (2) implementing effective measures for customer due diligence in order to enhance transparency; and (3) ensuring a fully operational and effectively functioning financial intelligence unit. The FATF encourages Panama to address its remaining deficiencies, including by Issuing adequate regulations for the various sectors to further implement the provisions of the new laws and continue the process of implementing its action plan.
Papua New Guinea
In February 2014, Papua New Guinea made a high-level political commitment to work with the FATF and APG to address its strategic AML/CFT deficiencies. However, the FATF has determined that certain strategic AML/CFT deficiencies remain. Papua New Guinea should continue to work on implementing its action plan, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing adequate procedures for the confiscation of assets related to money laundering; (3) establishing and Implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (4) establishing a fully operational and effectively functioning financial intelligence unit; (5) establishing suspicious transaction reporting requirements; (6) implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors; and (7) establishing and implementing effective controls for cross-border currency transactions. The FATF encourages Papua New Guinea to address its remaining deficiencies and continue the process of Implementing its action plan.
Sudan
Since February 2010, when Sudan made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, Sudan has made significant progress to improve its AML/CFT regime. Sudan has substantially addressed its action plan at a technical level, Including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing adequate procedures for identifying and freezing terrorist assets; (3) establishing a fully operational and effectively functioning Financial Intelligence Unit; (4) establishing an effective supervisory programme for AML/CFT compliance; (5) Improving customer due diligence measures; (6) increasing financial institutions' awareness of and compliance with their obligations to file suspicious transaction reports In relation to money laundering and terrorist financing; and (7) enacting laws and procedures regarding international cooperation and mutual legal assistance. The FATF will conduct an on-site visit to confirm that the process of implementing the required reforms and actions is underway to address deficiencies previously Identified by the FATF.
Syria
Since February 2010, when Syria made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, Syria has made progress to improve its AML/CFT regime. In June 2014, the FATF determined that Syria had substantially addressed Its action plan at a technical level, Including by criminalising terrorist financing and establishing procedures for freezing terrorist assets. While the FATF determined that Syria has completed its action plan agreed upon with the FATF, due to the security situation, the FATF has been unable to conduct an on-site visit to assess whether the process of Implementing the required reforms and actions Is underway. The FATF will continue to monitor the situation, and will conduct an on-site visit at the earliest possible date.
Uganda
In February 2014, Uganda made a high-level political commitment to work with the FATF and ESAAMLG to address its strategic AML/CFT deficiencies. Since February 2015, Uganda has taken significant steps towards improving its AML/CFT regime, Including by enacting the Anti-Terrorism Amendment Act on 19 June 2015. The FATF has not assessed this new legislation due to its very recent nature, and therefore the FATF has not yet determined the extent to which It addresses any of the following Issues: (1) adequately criminalising terrorist financing; (2) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (3) ensuring effective recordkeeping requirements; (4) establishing a fully operational and effectively functioning financial intelligence unit; (5) ensuring adequate suspicious transection reporting requirements; (6) ensuring an adequate and effective AML/CFT supervisory and oversight programme for all financial sectors; and (7) ensuring that appropriate laws and procedures are in place with regard to international co-operation for the financial intelligence unit and supervisory authorities. The FATF encourages Uganda to address Its remaining AML/CFT deficiencies and continue the process of implementing its action plan.
Yemen
Since February 2010, when Yemen made a high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, Yemen has made progress to Improve its AML/CFT regime. In June 2014, the FATF determined that Yemen had substantially addressed its action plan at a technical level, including by adequately criminalising money laundering and terrorist financing; establishing procedures to identify and freeze terrorist assets; Improving Its customer due diligence and suspicious transaction reporting requirements; issuing guidance; developing the monitoring and supervisory capacity of the financial sector supervisory authorities and the financial Intelligence unit (FIU); and establishing a fully operational and effectively functioning FIU. While the FATF determined that Yemen has completed its action plan agreed upon with the FATF, due to the security situation, the FATF has been unable to conduct an on-site visit to assess whether the process of Implementing the required reforms and actions Is underway. The FATF will continue to monitor the situation, and conduct an on on-site visit at the earliest possible date.
Jurisdiction not making sufficient progress
The FATF is not yet satisfied that the following jurisdiction has made sufficient progress on its action plan agreed upon with the FATF. The most significant action plan items and/or the majority of the action plan Items have not been addressed. If this jurisdiction does not take sufficient action to implement significant components of its action plan by October 2015, then the FATF will identify this Jurisdiction as being out of compliance with its agreed action plan and will take the additional step of calling upon its members to consider the risks arising from the deficiencies associated with the jurisdiction.
Iraq
Despite Iraq's high-level political commitment to work with the FATF and MENAFATF to address its strategic AML/CFT deficiencies, the FATF is not yet satisfied that Iraq has made sufficient progress in improving its AML/CFT regime, and certain strategic AML/CFT deficiencies remain. Iraq should continue to work on implementing its action plan, including by: (1) adequately criminalising money laundering and terrorist financing; (2) establishing and implementing an adequate legal framework for identifying, tracing and freezing terrorist assets; (3) establishing effective customer due diligence measures; (4) ensuring a fully operational and effectively functioning financial Intelligence unit; (5) establishing suspicious transaction reporting requirements; and (6) establishing and implementing an adequate AML/CFT supervisory and oversight programme for all financial sectors. The FATF encourages Iraq to address its remaining AML/CFT deficiencies and continue the process of implementing its action plan.
Jurisdictions no Longer Subject to the FATF’s On-Going Global AML/CFT Compliance Process
Indonesia
The FATF welcomes Indonesia's significant progress in improving its AML/CFT regime and notes that Indonesia has established the legal and regulatory framework to meet its commitments In Ils action plan regarding the strategic deficiencies that the FATF had identified In February 2010. Indonesia is therefore no longer subject to the FATF's monitoring process under its on-going global AML/CFT compliance process. Indonesia will work with APG as it continues to address the full range of AML/CFT issues identified in its mutual evaluation report.
Annual Branch Expansion Plan(ABEP)
1) This policy is aimed at institutionalizing branch expansion plans submitted to SAMA, promoting financial inclusion, supporting financial literacy, facilitating customer outreach and encouraging geographic diversification of branch network. It will also enable Saudi Arabian Monetary Agency(SAMA) to streamline its branch approval and licensing process to ensure timely issuance of such licenses.
2) This has a reference to Article 11 (e) of the Banking Control Law which requires banks to obtain written approval of SAMA before opening branches or other offices in the Kingdom as well as opening of branches or other offices outside the Kingdom. In order to facilitate the banks in obtaining such approval, SAMA will now request all banks licensed and incorporated in the Kingdom (hereinafter called banks) to submit an ABEP. Accordingly, banks are encouraged to include all of their branch expansion proposals in the ABEP as any requests for opening branches outside the ABEP will be considered only if there is a strong case for it e.g. in the case of newly established banks or the restructuring of a bank due to merger or acquisition.
3) Submission of the ABEP: All Banks are required to comply with the following requirements while preparing and submitting their ABEP to SAMA:
i. All banks planning to open new branches or self-service centers during a calendar year shall submit an ABEP to SAMA duly approved by their Board of Directors, latest by 30th November of each preceding calendar year. Accordingly, the ABEP for the calendar year 2015 shall be submitted latest by 30 November 2014. SAMA encourages banks to prepare longer term plans (say 3-5 years) with an annual implementation plan in the form of ABEP; ii. All new requests for opening of branches after the issuance of this circular should be included in the ABEP. However, any branches for which licenses have already been issued by SAMA before issuance of this circular need not be included in the ABEP to be submitted by 30th November 2014. Such branches can be opened as per the existing policy; iii. The ABEP should also contain information on any proposed branches to be opened abroad (including any additional branches to be opened in a country where the bank currently operates). SAMA’s prior approval for opening of branches abroad will be required before approaching the concerned host supervisor/regulatory authority for any such approval; iv. The ABEP should contain all relevant information to enable SAMA to consider the request of the bank. It should include, inter alia, the information on number of branches or self-service centers proposed to be opened during a calendar year, proposed cities where new branches/self- service centers will be opened and a brief justification and projected business/financial impact of each of the proposed branch/self-service center. A template for preparation of the ABEP is attached as Annexure-I; v. At least 20% of the additional/planned branches proposed to be opened during a calendar year shall be opened in priority areas (Zones 3 and 4) as defined under Para 3(vi) below, with the following conditions:
a. Out of the minimum 20% branches in priority areas, at least 12% will be in Zone 3 (Small Cities) and 8% in Zone 4 (Rural Areas); b. If the ABEP includes opening of up to four branches in total, then at least one branch will be opened in either Zone 3 or Zone 4; c. Banks may choose to front load the opening of new branches in Zones 3 and 4, and get the “credit” carried over for the next three years to meet the above minimum requirements for opening of branches in priority areas; d. Closure or relocating of an existing branch in Zone 3 or 4 and opening a new branch in place of the closed/relocated branch will not be counted towards meeting the above minimum requirements; e. Banks may choose to opt for more efficient branch models in Zones 3 and 4 provided that these branches offer all basic banking services to their customers including, inter alia, the opening of accounts, cash deposits, cash payments, fund transfers, issuance and encashment of pay orders/demand drafts, etc.
vi. For the purpose of meeting the above requirements, Zones are defined hereunder (which will be based on the latest publicly available population data of the Central Directorate of Statistics and Information of the Kingdom):
a. Zone 1 (Large Cities): to include all cities with population of 1.0 million and above (including Riyadh, Jeddah, Makkah, Madinah, Damam, Ahsa and Taif); b. Zone 2 (Medium Cities): to include all cities with population of 0.5 to 1.0 million (including Qatif, Alkhobar, Buraida, Khamees, Mushait, Tubuk, and Hail); c. Zone 3 (Small Cities): to include all cities with population of 0.1 to 0.5 million; d. Zone 4 (Rural Areas): to include villages and small towns with population of less than 0.1 million;
vii. The ABEP shall not cover Automated Teller Machines (ATMs) which will continue to be dealt with separately and banks can submit their requests to SAMA for approval of ATMs as and when required; viii. The ABEP should also include details of any existing branches planned to be closed or relocated from one place to another during next calendar year. Any such closure or relocation of a branch shall be done only with the prior written approval of SAMA, for which the bank is required to submit a separate request. Furthermore, any cases of forced closure/relocation of a branch due to circumstances beyond control of the bank should be referred to SAMA for further guidance on a case by case basis.
4) Evaluation and Approval of the ABEP: While evaluating and approving the ABEP of a bank, SAMA shall take into account the following considerations:
i. The ABEP submitted by a bank shall be evaluated by SAMA with a view to promote outreach expansion and financial inclusion as also to achieve geographical diversification of branch network; ii. Based on the evaluation of ABEP and after obtaining approval by the Minister of Finance, SAMA will endeavor to convey its decision in writing to the bank within three months of submission of ABEP, granting its approval or otherwise of the proposed plan; iii. Any subsequent changes in approved ABEP shall require prior approval from SAMA, for which banks have to make a request in writing along-with providing the justification for the proposed changes.
5) Opening of Branches: While opening the branches approved by SAMA under the ABEP, the banks shall ensure the following:
i. After receiving approval from SAMA, banks shall finalize the branch location, seek necessary approvals from concerned government authorities, construct the branch and make all other arrangements to open the branch; ii. Once a branch is ready to commence operations, banks shall obtain a formal license from SAMA for opening of the branch already approved under the ABEP. The request for obtaining such a license will contain all relevant information about the readiness of the bank to open the branch and will be submitted only after all necessary arrangements for opening of the branch are in place; iii. All applications for obtaining a license for opening new branches shall be submitted along with all relevant information including, inter alia:
a. the exact location of the branch; b. the safety and security arrangements for the branch and the customers; c. the status of IT infrastructure/connectivity; d. the proposed staffing arrangements; e. the status of approvals from relevant government authorities; f. certificate of compliance with the municipality regulations, etc.; g. a statement from the internal audit department of the bank confirming that the new branch comply with all relevant requirements of the government authorities and SAMA.
iv. Banks will be required to finalize necessary arrangements and apply for licenses for opening of all branches approved under ABEP, latest by 31st December of the calendar year for which the ABEP is approved. In case the arrangements for opening of any approved branches have not been finalized within the stipulated timeline, banks can approach SAMA along-with valid reasoning for extension in the timeline; v. The process of evaluating branch license applications will be simplified and streamlined within SAMA with the implementation of ABEP, and the license will be issued expeditiously provided all relevant approvals and information as required under Para 5(iii) above are provided by banks along with the application; vi. Once a formal license is issued by SAMA for opening a branch, the bank will take all necessary measures to make the branch operational within six months of the date of issuance of the license; vii. Banks shall inform SAMA in writing within 14 days of commencement of operations by a new branch.
6) Banks are required to ensure compliance of the requirements under this circular. SAMA will monitor compliance through its supervisory processes and may take appropriate measures as needed to encourage banks to comply with these requirements.
Annexure-I Annual Branch Expansion Plan
Annual Branch Expansion Plan(ABEP) should provide at least the following information.
1. Existing branches:
Following information on existing branches arid service centers of the bank should be provided.
Sr. No. Zones No. of Existing Branches No. of Existing Service Centers Total 1. Zone 1 2. Zone 2 3. Zone 3 4. Zone 4 5. Outside KSA 6. Total 2. Existing Loss Making Branches:
Following information on the existing loss making branches and service centers of the bank should be provided.
Sr. No. Zones No. of Branches No. of Service Centers Total 1. Zone 1 2. Zone 2 3. Zone 3 4. Zone 4 5. Outside KSA 6. Total Please also attach a list of all loss making branches with amount of loss incurred by each branch during each of the preceding three calendar years and date of opening of each such branch.
3. Planned Opening of New Branches:
Following information on branches and service centers proposed to be opened during the next calendar year should be provided:
Sr. No. Zones No. of Branches No. of Service Centers Total 1. Zone 1 2. Zone 2 3. Zone 3 4. Zone 4 5. Outside KSA 6. Total Please attach a list of the proposed braches mentioning name of the city, tentative location (if already finalized), zone of location, brief justification for choice of the city/location, and projected business/fmancial impact of each of the proposed branch/service center.
4. Planned Closure or Relocation of Branches:
Following information on branches and service centers proposed to be closed or relocated during the next calendar year should be provided:
Sr. No. Zones No. of Branches No. of Service Centers Total 1. Zone 1 2. Zone 2 3. Zone 3 4. Zone 4 5. Outside KSA 6. Total Please attach a list of the branches planned to be closed or relocated during the next calendar year mentioning: (i) In case of closure: existing location and city along with reasons for closure; (ii) In case of relocation: existing and proposed location/city, Zone of the new location and reasons for relocation.
5. Information on Last ABEP:
Please provide the following information about last approved ABEP (this will not be applicable for the first ABEP to be submitted by 30th November 2014):
i. Total branches and service centers approved under the last ABEP; ii. Number of branches and service centers already opened out of last approved ABEP; iii. Number of branches and service centers which could not be opened out of last approved ABEP; iv. Reasons for not opening of any branches or service centers out of last approved ABEP.
6. Any other relevant information to justify the approval of the proposed ABEP.
7. Name and contact details of the authorized person to whom can be approached for any further information or clarification on ABEP.
Handling Bank Accounts for Prisoners
This section is currently available only in Arabic, please click here to read the Arabic version.Encouraging Local Banks to Enhance and Develop their Cooperation with the Saudi Industrial Development Fund
SAMA has received the letter of HE the Minister of Finance & National Economy No. 3/6496 dated 20-5-1416, wherein HE requests SAMA to urge local banks to enhance and develop cooperation with the Saudi Industrial Development Fund CSIDF) for the purpose of increasing bank's participation in financing industrial projects or sharing therein and developing their financing mechanism, specially that such projects are of a low-risk nature, thanks to the extensive care practiced by SIDF in studying the feasibility study of such projects before agreeing to finance them.
Banks may establish special sections to finance and follow-up on industrial projects and to develop a mechanism to finance the imports and exports of Saudi industrial products. This could be done, for example, by finding channels and methods to enhance the sales of Saudi industrial products by financing the exports of these products, hence expanding industrial products, in additions to increasing medium-term loans to such projects.