Section 2: Internal Policies, Procedures and Controls to Mitigate Risks
| No: 18318/486 | Date(g): 17/11/2019 | Date(h): 20/3/1441 | Status: In-Force |
| The development and implementation of a program for AML/CTF will be an effective and essential tool for applying the risk-based approach, provided that such a program should include controls, policies and procedures approved by the financial institution to mitigate ML/TF risks. The financial institution will have the discretion to determine the appropriate level of AML/CTF policies, procedures and controls, which shall be established based on the risk assessment results referred to under Section (1) of this Guide. | ||
| Article (14) of the Anti-Money Laundering Law and its Implementing Regulations and Article (18) of the Implementing Regulations of the Law on Combating Terrorism Crimes and Financing include the provisions and obligations that the financial institution shall include in its internal policies and procedures. | ||
2.1 | The financial institution shall develop an AML/CTF program that includes internal policies, procedures and controls to mitigate ML/TF risks in line with the risk assessment results approved by it as stated in Paragraph (1.1). The program shall also be documented, reviewed and enhanced continuously and approved at the level of the board of directors. Furthermore, the program should be commensurate with the nature and size of the financial institution’s business. | |
| 2.2 | The AML/CTF program shall include the detailed elements and strategic plans of the financial institution to ensure application of the AML/CTF requirements. This includes preparing and updating the AML/CTF policy based on the risk assessment results mentioned in Paragraph (1.1) under the ML/TF Risk Assessment Section in addition to developing and implementing relevant internal work procedures, including those related to due diligence/enhanced due diligence measures. | |
| 2.3 | The financial institution shall include ,as a minimum, the following elements in its internal policy and procedures for combating ML/TF: | |
| a) | Due diligence, including enhanced and simplified due diligence measures. | |
| b) | Record keeping. | |
| c) | Monitoring and following up transactions and activities. | |
| d) | Reporting of suspicious transactions. | |
| e) | Arrangements of AML/CTF compliance function. | |
| f) | Independent audit function. | |
| g) | AML/CTF training. | |
| h) | Recruitment and follow-up criteria. | |
| 2.4 | The AML/CTF policies, procedures and controls in the financial institution shall be clearly documented and communicated to all relevant employees in the financial institution departments. All the employees shall be adequately trained to implement such policies and procedures. | |
| 2.5 | The AML/CTF program shall be applied by the financial group to all of its branches and subsidiaries in which it owns the majority shares. The policies and procedures of the financial group shall include the sharing of information among group members and the provision of customer and transaction information for the purpose of carrying out AML/CTF compliance or independent auditing tasks, provided that such information Should be kept confidential. | |
| 2.6 | If the foreign host country of the company, in which the financial group or institution owns the majority shares, does not allow the implementation of the AML/CTF program in a manner consistent with the AML/CTF requirements in Saudi Arabia, the financial group or institution shall take the following preventive measures: | |
| a) | Implementing appropriate additional measures to manage ML/TF risks. | |
| b) | Submitting reports to the AML/CTF Department at SAMA on the gaps in the implementation of the program and on the additional measures taken to manage arising ML/TF risks. | |
| c) | Considering discontinuing of the subsidiary’s operations if the financial group or institution is unable to put in place appropriate measures and procedures to mitigate ML/TF risks. | |
| d) | Adhering to any instructions received from SAMA in this regard. | |