Based on the strategies of SAMA regarding payment systems and the Financial Sector Development Program aimed at enhancing electronic payments and reducing cash transactions, and in continuation of the efforts of the National Anti-Commercial Concealment Program by gradually mandating the retail sector to provide electronic payment methods.

The program, in cooperation with SAMA, the Ministry of Municipal and Rural Affairs, and the Ministry of Commerce, has mandated all grocery stores and supply outlets in the Kingdom to provide electronic payment methods starting from 17th of Ramadan 1441H, corresponding to 10th of May 2020G. To ensure the success of the efforts to implement this decision and to guarantee full readiness to meet the expected demand, all banks and payment service providers must comply with the following requirements:

• Readiness to respond to requests for opening bank accounts and electronic wallets for merchants operating in the grocery and supply sector.
• Readiness to receive requests for the provision of electronic payment methods authorized by SAMA (such as Point of Sale devices "POS" or Quick Response "QR" codes) and to respond to these requests through all available channels, including branches, the official website, the unified customer service number, and others, to facilitate this requirement for merchants operating in this sector, while adhering to the regulatory and operational rules for these services.
• Compliance when providing the payment method using the Merchant Category Code designated for this activity, which is: 5411.
• Internal circular of this decision to bank employees and payment service providers to ensure their adequate understanding when receiving requests and inquiries regarding this matter.

As the sole owner, operator, and regulatory authority for payment systems in the Kingdom, the Saudi Central Bank is responsible for ensuring the security and safety of these systems.

This responsibility entails a key task: identifying payment systems that are essential to the financial system, facilitating the functioning of the financial infrastructure, and addressing economic needs.

<<Systemically Important Payment Systems>> are defined as those whose disruption could hinder participants or lead to systemic failure of the financial infrastructure in the Kingdom.

As part of its supervisory duties, the Central Bank has established a set of criteria for classifying those systems that are considered important to the financial system.

The Central Bank has decided to classify any system that meets any of the following criteria as important to the financial system:

1. Any system that handles payments between banks or with customers that may pose risks to financial stability.
2. A payment system that is primary in terms of the total volume and value of daily payments.
3. Any system used for settlements within other financial infrastructures that are important to the financial system.
4. Any central payment infrastructure system that is trusted by clients based on the number and type of participants, its market depth, and the absence of alternatives

In this regard, the Central Bank has classified the following systems as important to the financial system in the Kingdom:

1. The Saudi Fast Payment System (SADAD): A real-time gross settlement system for payments.
2. The Saudi Payment Network: A system for ATM services and electronic payments via Point of Sale terminals.
3. SADAD Payment System: An electronic bill presentation and payment system.

Given the increasing cyber attacks and threats faced by the financial sector in the Kingdom, SAMA emphasizes the commitment to adhere to the policies, frameworks, standards, and regulations related to cybersecurity issued by SAMA, the National Cybersecurity Authority, and related instructions.

SAMA emphasizes the necessity of taking the required measures to implement the basic cybersecurity controls and the cybersecurity controls for sensitive systems, and to prioritize cybersecurity in spending from the approved budgets to enhance its cybersecurity readiness.

Referring to the receipt of a letter from His Excellency the Minister of Human Resources and Social Development addressing the challenges facing the "Payroll Management" system on the (Mudad) platform regarding the integration with partner financial institutions, as well as the technical malfunctions affecting the compliance of establishments with the 'Wage Protection' program, and the delays in employees receiving their entitlements as a result.

Therefore, SAMA emphasizes the importance of adhering to the terms outlined in the "Service Level Agreement" between the company and the (Mudad) platform, and taking the necessary measures to resolve the technical issues as per the signed terms, which will help prevent establishments from failing to comply with timely wage payments.

Referring to the receipt by the Central Bank of a letter from His Excellency the Governor of the Communications, Space, and Technology Authority, No. (374/1445/H T) dated 05/02/1445 H, which references Article (2) of the Law of Telecommunications and Information Technology, and the launch of the Authority's guide to local technical products on its website. This guide serves as a reference list of technical products developed by leading local companies to serve various business sectors, including banking, insurance, and finance.

For your information and awareness, with a confirmation of compliance with the relevant instructions issued by SAMA, particularly those concerning the rules on outsourcing.

Based on the powers vested to SAMA under The Law of Payments and Payment Services issued by Royal Decree No. M/26 dated 22/03/1443 H, and its Implementing Regulations issued on 24/11/1444 H—which stipulates in paragraph Two of "Article 120" that "A Licensee is obliged to submit to SAMA quarterly financial reports (to be reviewed by an external auditor), which include any information that SAMA deems necessary." Furthermore, paragraph Three of the same article states that "A Licensee is obliged to submit to SAMA annual financial statements (reviewed and audited by an external auditor) in a way determined by SAMA."

Accordingly, SAMA emphasizes to payment service providers the necessity of complying with the following requirements to provide SAMA with:

Based on the powers vested to the Central Bank under its law issued by Royal Decree No. (23) dated 23/05/1377 H*, and The Banking Control Law issued by Royal Decree No. (M/5) dated 22/02/1386 H, and the Minister Council Decision No. (226) dated 02/05/1440 H, which confirms that SAMA is the legally designated authority responsible for operating payment systems and financial settlement services in the Kingdom, monitoring and supervising them, and has the authority to issue rules, regulations, and licenses according to the standards applied by SAMA in this regard. In reference to the decision by the Communications and Information Technology Commission to update the technical specifications for terminal devices connected to mobile networks, mandating that these devices support at least 4G networks to be approved and allowed for clearance by the General Authority for Customs, and the shift by telecommunications service providers in the Kingdom are moving to discontinue 2G and 3G networks, replacing them with the more advanced 4G and 5G networks, it is noted that this decision will have a direct impact on point-of-sale devices operating in the Kingdom.

I would like to inform you that, in coordination with the Communications and Information Technology Commission, it has been decided to start shutting down the third-generation network by the end of 2022 and to deactivate the second-generation network during the fourth quarter of 2024. Accordingly, SAMA and the Saudi Payments Company have developed an action plan to replace the current point-of-sale devices in the Saudi market with modern devices that comply with the aforementioned decisions of the Communications and Information Technology Commission, as follows:

1. All point-of-sale device suppliers are required to provide devices that support the 4G network starting from June 2020 until the end of this year. These devices must be submitted to the Saudi Payments Company’s authorization center for technical approval and to ensure compatibility with the payment network (Mada).

2. Approval of the installation of point-of-sale devices that support the 4G network as a minimum requirement for new installations requests starting from January 2021. This also includes devices being replaced due to technical malfunctions.

I would also like to inform you that banks and companies hosting electronic payment services must implement the aforementioned replacement plan starting from January 2021 for all currently operating point-of-sale devices in the Kingdom. This entails replacing at least 4% devices monthly from the total number of point-of-sale devices for each entity. The replacement plan, along with progress percentages and remaining quantities, should be shared with SAMA and the Saudi Payments Company on a monthly basis starting from the end of January 2021.

* The Saudi Central Bank Law issued by Royal Decree No.(M/36), dated 11/04/1442H replace the Saudi Arabian Monetary Agency Law issued by Royal Decree No. (23), dated 23/05/1377H.

We refer to the receipt by the central bank of a letter from His Excellency the President of the Oversight and Anti-Corruption Authority, No. (15929/45), dated 01/04/1445H, which mentions the amendment of paragraph (7) of Article (8) of the Anti-Bribery Law to include the criminalization of bribing foreign public officials in relation to international business transactions. The letter also notes the Authority's work on an awareness booklet regarding issues related to the Crime of Foreign Bribery.

Therefore, and in line with the instructions issued by SAMA, including those outlined in The principles of conduct and work ethics in financial institutions, and given the awareness-raising potential of the aforementioned booklet regarding the seriousness of the crime of foreign bribery and ways to detect it, along with contact information for reporting such crimes, SAMA urges all financial institutions to review this booklet and benefit from its contents. Additionally, we would like to inform you of the Authority's readiness to hold remote workshops to raise awareness about the content of the aforementioned booklet.

Further to the instructions of SAMA issued by Circular No. (371000119129) dated 18/11/1437H, which included a request to suspend from providing mobile (GPRS) point-of-sale devices to charities and non-profit organizations and to replace them with point-of-sale devices connected exclusively to the fix (landline) telephone, and to Circular No. (41061590) dated 01/11/1441H, regarding upgrading point-of-sale devices operating in the Kingdom to "4G" technology.

I inform you that in coordination with the relevant authorities, it was decided to provide electronic payment solutions authorized by SAMA, including mobile point of sale (GPRS) devices, provided that associations or institutions obtain the approval of the National Center for the Development of the Non-Profit Sector to benefit from the service.
 

Based on the powers vested to SAMA under the Saudi Central Bank Law issued by Royal Decree No. (M/36) dated 11/04/1442 H, and referring to Cabinet Decision No. 226 dated 02/05/1440 H, which affirms that SAMA is the legally authorized entity to operate payment and financial settlement systems and their services in the Kingdom and to oversee them.

We would like to inform you that the team at Saudi Payments has been working on a project to develop the payment environment using Quick Response Code (QR Code) technology. This project aims to enhance operations in accordance with the principle of interoperability of payment systems among participants in this vital sector, including banks and licensed fintech companies in the Kingdom, while striving to offer multiple payment options in line with the ongoing developments in the payments sector in the Kingdom.

Accordingly, SAMA would like to emphasize that all entities that launched the service previously must comply with the implementation of the technical and commercial requirements and standards related to the payment environment associated with this project. They are also required to carry out the necessary testing procedures by completing the technical authorization process with Saudi Payments before the end of 2021. For communication with the relevant team at the Saudi Payments Authorization Center, please contact them via email.

Based on SAMA's commitment to safeguarding the data of financial institutions and their customers, given its significant impact on the trust of stakeholders and the stability of transactions, and referring to the instructions issued by SAMA in this regard.

We would like to inform you that all financial institutions must refrain from using social media applications to exchange any official data or documents, whether directly or indirectly. Such data or document exchanges should be conducted through secure and approved official channels. This is due to the potential negative impacts and risks associated with using social media and instant messaging applications for data or document exchange on the activities of entities and the interests of individuals.

Referring to the receipt by SAMA of a letter from His Excellency the Governor of the Communications and Information Technology Commission regarding the establishment of governance for the registration of sender names in bulk SMS messages (Tag Names) through the organization of a unified electronic portal for SMS service providers, which enables the Commission to protect the public interest from the misuse of SMS.

Accordingly, SAMA emphasizes the importance of cooperation and prompt communication with the contracted SMS service providers to complete the registration process in the system within the transitional period specified by the commission.

Further to the instructions issued by SAMA as communicated in Circular No. (44037856) dated 03/05/1444 H, regarding the approval of using biometric authentication for remote customer relationship initiation/establishment, and completing the integration procedures with the approved service provider by a maximum deadline of 31/01/2023.

Accordingly, SAMA emphasizes the commitment to refrain from initiating any "remote" relationships through various channels without using biometric authentication with a high level of verification or higher. Please note that SAMA will take regulatory actions in case of non-compliance.

For your information and action accordingly as of this date. If there are any inquiries regarding this matter, please contact SAMA via email.

Referring to the receipt by SAMA of the Ministry of Commerce's telegram No. (33380/41) dated 04/03/1443H regarding the approval of companies' memorandum of association and its amendments, in which the ministry seeks to facilitate and streamline the procedures for establishing companies and any amendments thereto in accordance with the provisions of The Companies Law.

Accordingly, we would like to inform you that the Ministry of Commerce will approve the memorandums of association and their Amendments, clarifying the responsibility of the partners for what is presented and required from them. The contents of these memorandums are the responsibility of the partners in accordance with the provisions of The Companies Law. It is important to emphasize that this does not affect the obligations of the financial institution under the relevant regulations issued by SAMA.