Introduction
| No: 42005223 | Date(g): 15/9/2020 | Date(h): 28/1/1442 | Status: In-Force |
Translated Document
| 17- | SAMA issued these principles based on the powers granted to it and its supervisory and regulatory responsibilities as follows: | ||
| a. | The Saudi Arabian Monetary Law, issued by Royal Decree No. (23) dated 23/05/1377H. | ||
| b. | The Banking Control Law, issued by Royal Decree No. (M/5) dated 22/02/1386H. | ||
| c. | The Anti-Money Laundering Law issued by Royal Decree No. M/20 dated 05/02/1439 H. and its implementing regulations issued by the State Security Presidency Decision No. (14525) dated 19/02/1439H. | ||
| d. | The Law on Combating the Financing of Terrorism issued by Royal Decree No. (M21) dated 12/02/1439H and its Implementing Regulations issued by the Cabinet Decision No. (228) dated 02/05/1440H. | ||
| 18- | SAMA issued these principles as the first update to the Compliance Manual for Banks Working in Saudi Arabia issued by Circular No. 56202/M A T/787 dated 19/12/1429H. This issuance is part of SAMA’s efforts to continuously improve and address banking regulatory issues and enhance sound practices in banking institutions. It also emphasizes that bank officials must be convinced that compliance policies and procedures are effective and applied, and that senior management has appropriate corrective actions to address any non-compliance or deficiencies when detected. | ||
| 19- | Compliance with regulations and instructions starts from the top of the hierarchy, where the chairman, board members, and senior management should serve as examples in managing work and compliance. | ||
| 20- | Effective compliance requires continuous affirmation from senior management that a culture based on high standards of integrity and professional ethics prevails. Compliance should be an integral part of the bank’s culture and should not be limited to the compliance unit only. Each individual in the bank carries responsibility for compliance, and this responsibility must be integrated into the bank's operations and activities, ensuring high standards are met in its operations by constantly adhering to the spirit and letter of the regulations. It must also consider the impact of actions related to shareholders, customers, employees, and the market environment that could lead to significant negative reactions affecting the bank’s reputation, even if there is no actual violation of regulations. | ||
| 21- | Trust and integrity are the core values and highest priority in the relationship between the bank and its customers, forming the foundation upon which the bank builds its reputation with customers and stakeholders. Reputation protection must be a fundamental concern for managers and employees. They must exhibit a high level of trust, integrity, and professionalism in their duties and ensure their actions are always in compliance with the letter and spirit of regulations and instructions governing the banking sector. | ||
| 22- | These principles establish a framework for governance of compliance within the bank, consisting of the board and its responsibility for approving the compliance policy and overseeing the management of non-compliance risks, senior management and its responsibility for managing non-compliance risks, and the compliance unit with its responsibility for overall coordination of compliance and supporting senior management. | ||
| 23- | These principles begin by defining the responsibilities of the board and senior management regarding compliance as a primary importance, followed by the principles that should support the compliance unit within the bank. | ||
| 24- | Compliance systems, rules, and standards cover matters such as adherence to appropriate market practices, managing conflicts of interest, treating customers fairly, ensuring the suitability of advice given to customers, and specific areas such as anti-money laundering, combating terrorism financing, preventing the spread of weapons, Know Your Customer (KYC), anti-financial fraud, anti-corruption, and handling reports of violations. | ||
| 25- | Compliance systems, rules, and standards are based on multiple sources including the regulations and instructions applicable to the banking sector under the supervision of SAMA, regulations and instructions overseen by other official authorities with jurisdiction or in other countries where banks operate, prevailing banking practices, industry-supported business practices, internal conduct rules applied to bank employees, integrity and ethical behavior standards, and relevant requirements issued by international organizations and groups responsible for setting policies governing the supervision of banking and financial institutions, such as the Basel Committee on Banking Supervision, among others. | ||
| 26- | Compliance principles require that the compliance unit be independent, adequately resourced, clearly define its responsibilities, and be subject to independent and periodic review by the internal audit unit, as detailed in principles (5) to (8) below. These principles reflect the effectiveness of the compliance unit’s work. | ||
| 27- | The compliance unit and function in banks are considered one of the most important foundations and factors for their success, as they play a crucial role in maintaining their reputation and credibility, protecting shareholder and depositor interests, and providing protection from penalties. This is achieved through its activities and contributions as follows:
| ||
| 28- | The bank must organize its compliance unit such that the priorities for managing non-compliance risks align with its risk management strategy. | ||
| 29- | It should be understood that the scope of compliance frameworks and the diversity and complexity of compliance rules and their sources place the responsibility for managing non-compliance risks, verifying the level of compliance, and establishing the necessary controls to ensure compliance, whether at the level of business procedures, technical systems, or data protection, on the shoulders of senior management and all business units (groups and business sectors). This is achieved through conducting the necessary reviews and ensuring effective and continuous implementation. The role of the compliance unit is limited to compiling, communicating, and explaining the regulations and instructions to the business sectors immediately upon receiving them from supervisory and regulatory authorities or other relevant entities, obtaining confirmation from these sectors, ensuring they are included in policies and procedures, conducting continuous monitoring, and periodically identifying, detecting, and assessing non-compliance risks. It also involves reporting violations of compliance systems, rules, and standards, as well as submitting reports on non-compliance risks and violations. | ||
| 30- | The compliance principles apply to all commercial banks operating in the Kingdom and their branches and offices in foreign countries where they conduct banking activities, unless they conflict with the regulations and instructions of those countries. They represent the minimum necessary to achieve overall compliance effectiveness and specifically the effectiveness of the compliance unit and function. SAMA expects adherence to higher and more sound practices. | ||
| 31- | These principles should be read and applied in conjunction with several related instructions for the unit's operations, including but not limited to the following:
| ||