Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Effective from 2019-12-15 - Dec 14 2019 To view other versions open the versions tab on the right
29.
The Board of Directors should ensure the existence of relevant policies and procedures that would require existing and proposed outsourcing arrangements to be subjected to a comprehensive risk review process. The risk review process should identify and evaluate the exposure relating to operational, legal, financial reputation and regulatory risks and assess the risk mitigation strategies. This should be undertaken by:
a)
Conducting a comprehensive risk evaluation of the outsourcing at inception and for all subsequent renewals.
b)
Evaluating risk of outsourcing at inception and then reviewed at renewal only in case of a change in scope or occurrence of operational errors etc.
30.
In analyzing the business case, and the suitability of the third-party service provider, the level and extent of due diligence should depend on the nature of outsourcing arrangement i.e. Material outsourcing will entail a more comprehensive exercise. At a minimum:
a)
Banks should ensure that the third-party service provider has the ability, capacity and authorization to perform the outsourced function reliably and professionally.
b)
Banks must establish a method for periodically assessing the third-party service provider.
c)
The Bank must retain the necessary expertise to supervise the outsourced functions effectively.
