Chapter 13: Know Your Customer (KYC)
General Standards
152. To ensure effective implementation of a KYC program, DTFCs should apply high ethical and professional standards and policies that all employees must follow. They must determine the types of accounts that are acceptable, in such a way that will prevent DTFCs from being used, intentionally or unintentionally, by criminal elements.
153. DTFCs should include certain key elements in the design of their KYC programs, including customer acceptance policy, customer identification as set in these Rules (at minimum), on-going monitoring of high-risk accounts, and risk management.
154. DTFCs should deal with the clients by virtue of the names mentioned in their official identification documents accepted according to these guidelines.
155. DTFCs must NOT deal, open, operate or maintain any anonymous account, or with vague, counterfeited or incorrect name.
156. DTFCs must NOT deal, open, operate or maintain any numeric account without full details.
157. If the client requested opening an account or ask for a relationship but it is not possible to open that account because of some suspicions related to KYC in regard to the accuracy, correctness, non-sufficient data or the client not complying the requirements, the DTFCs shall not allow to open the account, start the relationship or execute any transactions. DTFCs must information Financial Investigation Unit at SAMA about the suspicions.
158. DTFCs should not only establish the identity of their customers, but should also acknowledge the purpose of opening any account or the relationship and its nature. DTFCs also shall monitor account activity to determine unusual transaction and should continue to exert due diligence toward the business relationship and operation pattern.
159. KYC must be a core feature of bank's risk management and internal audit procedures. Intensity of KYC programs beyond these essential elements should be tailored to the degree of risk involved.
160. DTFCs operating in KSA are fully responsible for the final recognition of customers' identity, their agents, authorized persons and the beneficiary owners. DTFCs also shall ensure that the identification documents are safe and sound.
161. DTFCs should verify the ownership structure for the juristic persons to recognize the ultimate beneficiaries (beneficiary owners) who hold the final power, recognize their identities (at minimum the natural owner who has 5% according to the organization by laws and its attachments or according to available data) and recognize the identities of the managers.
162. DTFCs should give special attention to the accounts opened and operated in virtue of delegation.
163. Instructions given in SAMA's Money Laundering Control, Financing of Terrorism and Fraud Prevention Manual must be implemented.
164. For fulfilling due diligence measures for customers residing outside the kingdom by depending on a third party, DTFCs must obtain from that party an undertaking that it would provide the supervisory authorities in the Kingdom with any requested information about customers immediately.
Role of Regulatory Supervisor/Compliance Officer
165. To establish review and updating of ethical and professional standards and determination of acceptable accounts under KYC program should be started by the Supervisory Authority (Compliance Officer) in coordination with the Internal Audit.
166. Ensure that the policies and procedures at least conform with local statutory and regulatory requirements with respect to money laundering and terrorism finance prevention.
167. The Regulatory Supervisor/Compliance Officer shall have the authority and right to access, at any time, customers' identification information and other information needed toward customers, transaction records and other related information.
Trustees, Nominees Sponsors and Authorized Representatives (Natural or Juristic)
168. DTFCs should understand the true relationship of individual customers who open accounts as sponsors, nominees, trustees or authorized representatives, and ensure that such sponsors, nominees, trustees or authorized representatives do not act only as a" front" for other individuals or as intermediaries or on their behalf.
On-Going Monitoring of Accounts and Transactions
169. DTFCs should always monitor the accounts and their transactions and activity, identify any suspicious transactions, report these to the Financial Investigation Unit, and inform SAMA accordingly. They should implement formal procedures to identify unusual or suspicious activities, such as accounts exceeding certain limits, transactions of no economic or commercial purpose.
170. DTFCs must classify accounts and transactions according to the risk level.
171. DTFCs must only all high-risk accounts open after obtain senior management approval. In addition, DTFCs can process all high-risk transactions after obtaining approval from the high management.
172. DTFCs should have intensified monitoring over high-risk accounts. DTFCs should set key indicators for such accounts based on the country of origin, source of funds and the type of transactions involved, etc. The senior management should pay great attention to management information systems and high-risk transactions. Such transactions should be reviewed regularly (at least annually), especially with regard to high-risk clients.
173. DTFCs should include in its internal procedures those related to the e-services provided to the clients to enable monitoring the electronic transactions, risks in general and clients of high-risks according to indicators that enable acknowledging and measuring the risks extent and criminal suspicions through these services.
174. Monitoring accounts of all existing customers (whether before or after the issue of the Anti-Money Laundry Law) and their operations must be carried out based on materiality and risks.
Training as a Key Principle for these Rules
175. DTFCs should not assign staff in the process of account opening, maintaining, updating, monitoring and processing of the transactions before attending courses on KYC, anti-money laundering measures, and ethical and professional behavior of Financial Institution.
176. DTFCs should put in place continued training programs to provide on-job training to employees in these areas.
177. DTFCs should include in their training programs, extensive training on the contents of these Rules and their applications.