Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Effective from Oct 11 2022 - Oct 10 2022 To view other versions open the versions tab on the right
Principle
Member Organisations should define, approve and implement standards for assessing the fraud risk associated with employees, customers and third parties to prevent the establishment of relationships outside risk appetite and manage fraud risks throughout the duration of the relationship.
Control Requirements
a.
Due Diligence standards should be defined, communicated, and implemented.
b.
Due Diligence standards should be approved by individuals of appropriate responsibility (e.g., Employee Due Diligence in HR).
c.
Due Diligence standards should consider employees, customers and third parties.
d.
Due Diligence standards should be aligned to the risks identified in the Fraud Risk Assessment.
e.
Member Organisations should review and update Due Diligence standards on a periodic basis and in response to material changes to the fraud landscape, the Member Organisation Fraud Risk Assessment, customer groups serviced by the Member Organisation or changes to the products or services it offers.
f.
The effectiveness of the fraud Due Diligence standards should be measured and periodically evaluated.
g.
Due Diligence standards should include:
1.
The Due Diligence checks and requirements that should be conducted to provide an informed understanding of fraud risk.
2.
When Due Diligence should be conducted.
3.
The role(s) responsible for conducting and approving Due Diligence.
4.
Red flags or warning signs which may indicate increased fraud risk and result in the requirement for escalation or further checks to be completed.
5.
Red flags or warning signs which indicate an employee, customer or third party is outside risk appetite and the relationship should be declined or exited.
6.
Steps to be taken to exit relationships outside risk appetite.
