Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
V. Outsourcing to Third-Party Service Providers Located Overseas
No: 41027017
Date(g): 15/12/2019 | Date(h): 18/4/1441
Status: In-Force
41.
The outsourcing of activities by banks to third-party service providers located overseas exposes them to a number of additional risks including the foreign country's economic, political, regulatory, legal and infrastructure conditions. Furthermore an outsourcing activity involving transmission to and retention of customer and financial data by a third-party service provider located overseas raises a number of risks. This includes potential breach of customer confidentiality (as stated in Article 19 of the Banking Control Law), and access to customer data by foreign regulatory and or judicial authorities, right of access by SAMA to the third-party service providers' overseas operations and any restrictions and or delays on timely provision of data to SAMA as required under Article 17 and 18 of the Banking Control Law.
42.
For any proposed outsourcing arrangements to a third-party service provider located overseas, banks are required to seek a written SAMA no objection and provide the following information to SAMA with their request:
a)
Details of the function to be outsourced;
b)
Categorization of the function (Material and non-Material outsourcing);
c)
Rationale for outsourcing (including why it cannot be done within KSA);
d)
Details on the third-party service provider located overseas;
e)
Details on the nature and disposal of the data to be transferred (if applicable);
f)
Legal opinion confirming that the outsourcing arrangement is in compliance with Banking Control Law and other regulations; and
g)
Confirmation in writing by the Bank supported by a legal opinion confirming SAMA's right of access to the outsourcing activity at the third-party service provider.
