| 1. | The Bank must make a clear, informed and documented decision on the use of Agents for rendering banking services to its Customers.
|
| 2. | The Bank must be wholly responsible and liable for all actions or omissions of its Agent(s). This responsibility must extend to actions of the Agent(s) even if not authorized in the contract so long as they relate to Agent Banking services or other matters connected therewith. Such responsibilities include the following:
|
| | a. | Maintaining effective oversight of the Agent’s activities and ensuring that appropriate controls, including remote transaction monitoring to identify and report suspicious and fraudulent transactions, are incorporated into the Bank’s procedures on Agent Banking, in order to assure compliance with relevant laws, regulations and instructions.
|
| | b. | Assessing the adequacy of controls of Agent Banking activities through regular audits.
|
| | c. | Formulating and implementing policies and procedures to safeguard the information, communication and technology systems and data from threats.
|
| | d. | Providing Agents with this Regulation, operational manuals and risk management policy documents as must be needed for rendering services to Customers efficiently.
|
| | e. | Conducting risk-based review of critical Agent Banking processes to ensure that relevant laws, rules, policies and instructions are adhered to.
|
| | f. | Selecting credible Agents with suitable/convenient retail outlets.
|
| | g. | Managing and mitigating risks associated with the engagement of Agents to provide banking services on behalf of the Bank.
|
| | h. | Providing basic financial education for Customers and Agents. Such education should cover, at a minimum, the importance of protecting the bank card PIN and not disclosing the confidential information of bank accounts to Agents and the confidential information of banking products and services provided. The Bank must periodically train its Agents as set out in Article 18 hereof.
|
| | i. | Assigning one of its branches or establishing a central administration to be responsible for supervising its Agent(s) operating in a designated area and recruiting experts necessary to effectively supervise its Agent(s).
|
| | j. | Enabling Agents when executing Customers’ transactions to use ICT devices that are integrated into the technological systems of the Bank. The figures of the transactions must be reflected in ‘Core Banking Solution’ (CBS) of the Bank. The Customer must get instant confirmation of the transaction through paper-based receipt (debit or credit slip), as well as SMS confirming the transaction.
|
| | k. | Branding Agent banking business in such a clear manner so that the Customer can realize that the Agent is providing services on behalf of the Bank.
|
| | l. | Taking steps to update and modify, where necessary, its existing risk management policies and practices to cover current or planned Agent Banking services, and to ensure the integration of Agent Banking applications with the main banking systems so as to achieve an integrated risk management approach for all banking activities. The Bank must also seek to perform regular, dependent test by an internal/external auditor or by the Bank’s concerned department to assess the Agent’s AML/CFT program.
|
| | m. | Preparing and publishing an updated list of all its Agents, by type of Agent, on its website and annual reports. In addition to this, the Bank may publish a comprehensive list of Agents on flyers, corporate gifts and such other publications, as it deems appropriate.
|
| | n. | Developing a written policy on conflict of interest and ensuring that this policy helps detect potential conflicts of interest. When the possibility of a conflict of interest arises between the Bank and the Agent, this should be disclosed to SAMA.
|
