| 1. | The Unit shall, without limitation:
|
| | a. | Cooperate and communicate with control and supervisory authorities effectively, taking into account their reported observations to identify shortcomings periodically, and coordinate with other departments to address and resolve them.
|
| | b. | List, communicate and explain the relevant laws and instructions to other departments and units immediately upon receiving them from the supervisory authorities, and ensure that they are incorporated into the work policies and procedures of each department and unit according to their competencies; and implemented within the specified period.
|
| | c. | Cooperate with the Company staff and provide them with support and advice in their compliance-related daily work.
|
| | d. | Identify and address all risks of non-compliance and ways to avoid them, provide advice on them, and monitor their developments.
|
| | e. | Analyze new policies, procedures and processes and suggest necessary recommendations to address non-compliance risks therewith.
|
| | f. | Adopt a risk-based compliance program and include its findings in the periodic compliance report.
|
| | g. | Collect compliance-related complaints and formulate written guidance to staff, where necessary.
|
| | h. | Draft internal policies and procedures to combat financial crimes, such as money laundering, terrorism and combating fraud, and test their effectiveness in line with developments and recent changes.
|
| | i. | Monitor compliance with AML/CTF laws, regulations, and rules.
|
| | j. | Promote awareness of compliance issues and provide training to staff on compliance-related matters through periodic programs, and clarify the risks of non-compliance with laws and instructions.
|
| | k. | Report to SAMA and the Audit Committee upon the identification of any irregularities or violations resulting from non-compliance.
|
| | l. | Review the work of the customer care department semiannually at least to ensure the soundness of its workflow, with the exception of real estate refinance companies.
|
| | m. | Review the work of the department concerned with collection procedures and/or the third party to which the collection task was assigned on an annual basis – at least – to ensure the soundness of the procedures and their compliance with Debt Collection Regulations and Procedures for Individual Customers and the relevant instructions, taking into account that the review of such department and/or third party’s work does not include real estate refinance companies.
|
| | n. | Develop methods to measure the risks of non-compliance quantitatively and qualitatively, and use these measures to support the assessment, management and addressing of non-compliance risks. Technology can be used as a means of developing risk indicators by aggregating or filtering data that may be indicative of potential non-compliance risks; for example, but not limited to, increased customer complaints, fraud cases, reports, penalties and sanctions imposed, with determination being made as to the extent to which additional measures are needed to address them.
|
| | o. | Create a database for all instructions, classify them according to the work of each department or unit, update them continuously, and enable all Company employees to access and benefit from such database continuously.
|
| | p. | Recommend approval of contracting with external service providers and verify their compliance with relevant instructions.
|
