Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Effective from Jun 13 2023 - Jun 12 2023 To view other versions open the versions tab on the right
1.
A Licensee must have risk management, compliance policies and business continuity, procedures, systems and controls that are comprehensive and proportionate to the nature, scale and complexity of the provided activities and services by the Licensee, and the policies, procedures, systems and controls must take into account the types of activities performed by the Licensee, the nature, scale and complexity of its business model, any operational challenges and the degree of risk associated with its operations.
2.
A Licensee must ensure that its risk management and compliance policies, and business continuity, procedures, systems and controls are kept up-to-date and must review them at least once per year, submitting copies when there are any material updates to SAMA. SAMA may request additional information or changes to be made
3.
A licensee’s risk management and compliance systems and controls must include the following:
(a)
Effective procedures for identifying, managing, monitoring and reporting any risks to which the entity may be exposed;
(b)
Adequate internal control mechanisms, including sound administrative, risk management and accounting procedures;
(c)
Appropriate mechanisms for the verification of compliance with all relevant requirements under the Law and the Implementing Regulation, as well as all other relevant applicable laws, regulations, instructions and circulars and decisions
(d)
Policies and procedures to detect and respond to fraud incidents; and
(e)
Policies and procedures to inform SAMA and the competent authorities of fraud incidents.
4.
Subject to Paragraph (3) above, a Licensee’s risk management and compliance systems and controls must include the following:
(a)
The establishment of a risk management function, internal audit function and compliance function, with the heads of such functions being provided with sufficient independence and resources to carry out their duties; and
(b)
The establishment of an integrated control framework between the internal audit, risk management, and compliance functions, and external audits.
