Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Effective from Oct 11 2022 - Oct 10 2022 To view other versions open the versions tab on the right
Principle
Member Organisations should ensure that Cyber Security, Counter-Fraud and Financial Crime Team operational capabilities are aligned to deter fraud.
Control Requirements
a.
Member Organisations should define and implement a process for the alignment of the Counter-Fraud, Cyber Security and Financial Crime Team operational capabilities which should include at a minimum:
1.
Defining clear roles and responsibilities between the Counter-Fraud Department, Financial Crime and Cyber Security teams.
2.
Cross training between the Counter-Fraud Department, Financial Crime and Cyber Security Teams.
3.
The establishment of multi-disciplinary contacts between Cyber, Financial Crime and Counter-Fraud Departments to regularly share knowledge.
4.
Development of joint task forces between Counter-Fraud, Financial Crime and Cyber Departments to align working practice and collectively engage the wider organisation.
5.
Undertaking joint threat assessment workshops or Fraud Scenario Analysis with business units to collectively identify threats and share insights from Intelligence Monitoring.
6.
Storing relevant threat intelligence in a centralised repository, with access restricted to relevant stakeholders.
7.
Identification of opportunities to unify fraud and cyber prevention and detection systems and tools (e.g., provision of data on user monitoring or customer location through IP address).
8.
Alignment of Cyber, Financial Crime and Fraud incident response approach where incidents occur across capabilities.
9.
Co-ordination of corrective actions to disrupt the organised groups orchestrating fraud (e.g., taking down fake websites set up to capture customer details).
10.
Conducting joint retrospective lessons learnt exercises following fraud incidents that relate to data, systems, processes and controls spanning the Counter-Fraud, Financial Crime and Cyber capabilities.
