Section 6: Record Keeping
| No: 18318/486 | Date(g): 17/11/2019 | Date(h): 20/3/1441 |
Effective from 2019-11-17 - Nov 16 2019
To view other versions open the versions tab on the right
| The financial institution shall make its records available to the competent authorities and to its relevant departments in order to allow analysis of data, tracking and structuring of financial transactions, tracing of the origin and executor of transactions as well as those authorized to sign or carry out transactions. | ||
| Article (12) of the Anti-Money Laundering Law and Article (65) of the Law on Combating Terrorism Crimes and Financing state the financial institution’s obligations relating to the manner of record keeping, the minimum record-keeping period, and the possibility for extending that period according to the regulatory requirements. | ||
6.1 | The financial institution shall keep records for a period of no less than ten years from the date of the end of the business relationship or contract, conclusion of the transaction, or closure of the account, or the date of completion of a transaction for a customer who has no business relationship with the financial institution (occasional customer). The financial institution shall also comply with any instructions issued by the competent authority to extend the record-keeping period. | |
| 6.2 | The financial institution shall put in place approved internal procedures and controls for record keeping and documentation and ensure that they are reviewed and enhanced on an ongoing basis and effectively implemented. These shall at least include the following: | |
| a) | The manner for record keeping (paper or electronic) and the mechanism and authorization for access to records and their retrieval. | |
| b) | The measures taken to meet the regulatory requirements related to record keeping outside Saudi Arabia to ensure that there are no obstacles to having access to the records. | |
| c) | Arrangements of the record keeping department that ensure meeting the regulatory requirements for AML/CTF. | |
| 6.3 | The financial institution shall provide the record keeping department with adequate resources, take the necessary measures to maintain and protect its electronic archiving systems, and conduct periodic tests (at least annually) to verify the effectiveness of the record-keeping process. | |
| 6.4 | The financial institution shall keep records in a retrievable and auditable manner and maintain a complete and appropriate status of the records to allow analysis of data and tracking of transactions, provided that the financial institution provides Saudi Central Bank with the necessary records as requested. | |
| 6.5 | In the case of outsourcing, the financial institution should consider the following: | |
| a) | The contract must clearly state the obligations requiring the third party to enable the financial institution to obtain records and exercise the right to directly access the data related to outsourcing in addition to the right of access to the service provider’s workplace. | |
| b) | The contract must clearly state the obligations requiring the third party not to provide any other party with the data or records or allow access to the areas or technological systems used for document and record keeping, except through the financial institution after coordination with Saudi Central Bank. | |
| c) | The financial institution shall conduct periodic checks by asking the third party to provide various samples of the records to ensure that the third party is compliant with the obligations and requirements of the contract in line with the regulatory requirements. | |
| d) | The requirements stated in Paragraphs (3.21) and (3.22) in the Due Diligence Section shall be observed. | |
| 6.6 | When unsuccessful preventive measures have been taken by the financial institution, it shall keep a document explaining these measures for no less than ten years from the date on which the measures were taken, provided that the document includes the reasons why the measures did not work. In all cases, the financial institution shall observe Paragraph (3.11) under the Section on Due Diligence Measures. | |
| 6.7 | The financial institution shall keep documents related to internal investigations, inspections, and suspicious activity reports for a period of no less than ten years from the date of reporting to the competent authorities or taking the decision not to report, taking into account that: | |
| a) | Reports and internal investigations shall be confidential. | |
| b) | Specify employees authorized to have access to the documents. | |
| 6.8 | When conducting wire transfers, the financial institution shall maintain all information related to the wire transfer originator and the beneficiary as stated under the Record Keeping Section. | |
| 6.9 | In cases of wire transfers outside Saudi Arabia, the intermediary financial institution in the payment chain shall ensure that all information relating to the originator and beneficiary remains with the wire transfer and shall keep all of that information in its records as stated under the Record Keeping Section. | |
| 6.10 | In cases where technological restrictions prevent the retention of information about the originator or beneficiary associated with a wire transfer outside Saudi Arabia and it is intended to be kept with the relevant local wire transfer data, the intermediary financial institution shall keep a record containing all information received from the financial institution that originated the transfer or from the intermediary institution for a period of ten years from the date of completion of the transaction or closure of the account. | |