A. Enhanced Due Diligence Measures
| No: 18318/486 | Date(g): 17/11/2019 | Date(h): 20/3/1441 | Status: In-Force |
| Customer classification according to the level of risks is a key element in the financial institution’s risk-based approach. The financial institution shall identify the risk factors to be taken into consideration when classifying a customer in the high-risk customer category from the AML/CTF perspective. It shall also take additional steps to collect information about high-risk customers and business relationships in order to understand and assess risks and monitor transactions more accurately. It is the responsibility of the financial institution to identify high-risk customers, either individually or by category, and accordingly implement enhanced due diligence measures in a manner that ultimately leads to mitigating risks. | ||
| The financial institution may also refer to a set of available resources to classify the degree and level of risk for high-risk customers, including the data collection form prepared by SAMA and the FATF guidelines that aim to assist financial institutions in identifying high-risk customers. | ||
| Article (7/14) of the Implementing Regulations of the Anti-Money Laundering Law and Article (17) of the Implementing Regulations of the Law on Combating Terrorism Crimes and Financing state that it is the responsibility of the financial institution to implement enhanced due diligence measures in the case of ML/TF high risks based on the type and level of risk posed by a specific customer or business relationship. Article (11) of the Anti-money Laundering Law and Article (66) of the Low on Combating Terrorism Crimes and Financing require the financial institution to apply enhanced due diligence measures commensurate with the risks involving business relationships and transactions with a person from a country identified as a high-risk country by the financial institution, the PCCML, or the PCCT. | ||
4.1 | The financial institution shall design and implement its risk-based approach in a manner that enables it to identify high-risk customers and beneficial owners according to the risk elements specified in Paragraph (1.1) in the ML/TF Risk Assessment Section. When a customer or business relationship is classified as high risk, the financial institution shall take enhanced risk mitigation measures, including enhanced due diligence measures. | |
| 4.2 | The financial institution shall include in its approved AML/CTF policies and procedures the enhanced due diligence measures to be taken to identify high-risk customers and business relationships. These measures may include the following: | |
| a) | Obtaining and verifying information about the customer's job, activity or profession. | |
| b) | Identifying and knowing the source of funds/income at the beginning of dealing with the customer and when carrying out transactions for the customer as well as verifying the data and information. | |
| c) | Obtaining information regarding the customer’s size of assets and transactions. | |
| d) | Conducting on-site visits to verify the nature of the customer's business. | |
| e) | Obtaining any additional documents or information to know the customer. | |
| 4.3 | Upon identifying a high-risk customer before/after establishing the business relationship, the financial institution shall obtain approval from the senior management to deal with and continue the business relationship with the customer. | |
| 4.4 | The financial institution shall apply enhanced due diligence measures to high-risk customers and business relationships with any natural or legal person, even if the financial institution does not have a business relationship with that person, if such person poses high risk from the AML/CTF perspective. | |
| 4.5 | When discovering that another financial institution has refused to deal with a specific customer, the financial institution shall implement enhanced due diligence measures, know the reasons behind that refusal, and take additional due diligence measures if the reason for refusal was a suspicion related to ML/TF. | |
| 4.6 | The financial institution shall apply enhanced due diligence measures to customers with a complex organizational structure so it can understand and identify customer risks and verify the beneficial owner. | |
| 4.7 | The financial institution shall take appropriate measures to identify high-risk countries associated with ML/TF risks and implement enhanced due diligence measures that are commensurate with the risks that may arise from business relationships and transactions with a person from such countries. This includes the following: | |
| a) | Following up what is issued by the PCCML regarding high-risk countries. | |
| b) | Following up what is issued by the PCCT regarding high-risk countries. | |
| c) | Following up on the guidance issued by the FATF concerning the deficiencies of countries in the implementation of preventive measures to protect the international financial system against ML/TF risks. | |
| 4.8 | When taking enhanced customer due diligence measures, the financial institution shall properly document these measures in accordance with Paragraph (6.1) in the Record Keeping Section. | |