| | 1. | In setting the policies, procedures, and rules referred to in Article 67 of the Law, financial institutions, designated non-financial businesses and professions, and non-profit organizations shall include therein the following: | |
| | | a. | provisions relating to the measures provided in the Law and Regulations, including those relating to risk management procedures of business relationships taken prior to completion of customer verification; |
| | | b. | procedures for reporting suspicious transactions; |
| | | c. | appropriate measures for the compliance department for combating terrorism financing, including the appointment of a compliance officer at the senior management level; |
| | | d. | any additional measures adopted by the monitoring agency for the combating of terrorism financing; |
| | | e. | adequate screening procedures to ensure that recruitment meets high standards; |
| | | f. | continuing employee training programs; |
| | | g. | an independent audit procedure to test the effectiveness and adequacy of policies, procedures, and rules for combating terrorism financing; and |
| | | h. | risk management obligations associated with the operations of their subsidiaries outside the Kingdom and limitation thereof, as appropriate.
|
It shall be taken into account, upon setting such policies, procedures, and rules, that they comply with the nature and volume of their business.
| | 2. | Financial institutions and designated non-financial businesses and professions shall ensure that all of their branches and subsidiaries in a foreign country, in which they hold a majority share, comply with the requirements set forth in the Law and Regulations in cases where the requirements of combating terrorism financing in a foreign country are less stringent than those provided for in the Law and Regulations. If this is not permitted by the foreign country, the financial institutions and designated non-financial businesses and professions shall notify the monitoring agency in the Kingdom of the same, and shall comply with any instructions received from the competent monitoring agency in this regard. |
| | 3. | Based on the outcomes of risk assessment, financial institutions, designated non-financial businesses and professions, and non-profit organizations shall implement and update, monitor, and enhance, when necessary, internal rules, policies, and procedures for combatting terrorism financing. This shall include determining the risk level and proper measure for the effective management and mitigation of such risk. |
