Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Effective from Jun 13 2023 - Jun 11 2023 To view other versions open the versions tab on the right
1.
The payments account service provider shall enable the payments creation service provider, the payments account information service provider and any other payment service provider with access to the payments accounts provided that payment service user’s authorization is provided, taking into account that access is provided on an objective, fair and non-discriminatory basis, and in a way that allows the payment service provider to provide the relevant payment services in an efficient and unhindered manner.
2.
The payer's payments account service provider shall comply with the following requirements:
A.
Communicate and transfer information securely to the payment creation service provider and the payments account information service provider, in accordance with the regulations, rules, circulars, controls and instructions in relation to cybersecurity issued by SAMA and the competent authorities in the Kingdom.
B.
Establish the necessary procedures and policies to verify the integrity and validity of authorization for all payment services orders and other requests submitted by the payer.
C.
Verify the payer’s approval of any fees applied and the compliance of these fees with any regulations, rules, circulars, controls and instructions issued by SAMA.
D.
Provide the payment creation service provider immediately upon receipt of the payment services order with all information and data in relation to conducting the payment transaction and all information to which he has access.
E.
Treat a payment services order issued by a payment creation service provider in the same manner as a payment services order received directly from the payer.
F.
Respond to a payment services order issued by a payment creation service provider within a reasonable time.
G.
Handle a data request issued by the payments account information service provider in the same way as a data request received directly from the payer.
H
Respond to data requests issued by the payments account information service provider within a reasonable time.
I
Never require the payment creation service provider or the payments account information service provider to enter into a commercial contract before complying with the requirements referred to in this Article.
3.
The payments account service provider may reject the payments account creation and deny the access of the payments account information service provider or the payment creation service provider to the payments account, based on reasonable, justifiable and established reasons with regard to unauthorized access or suspected fraud. In these cases, the payments account service provider shall take the following measures:
A.
Notify the payments account information service provider or payment creation service provider of the incident and the reason for denying access.
B.
Immediately notify SAMA of the incident, details of the case and reasons for taking the denial action, as determined by SAMA.
C.
Re-provide access to the account to the payments account information service provider or payment creation service provider when the justification for denial of access no longer exists.
