Section 8: Reporting of Suspicious Transactions
| No: 18318/486 | Date(g): 17/11/2019 | Date(h): 20/3/1441 | Status: In-Force |
| The financial institution shall set up and effectively implement internal procedures for reporting unusual transactions or activities to protect itself from being exploited as a channel to carry out ML/TF transactions. The financial institution shall have a database that helps employees determine if unusual transactions or activities provide reasonable grounds to suspect ML/TF. | ||
| Articles (15) and (16) of the Anti-Money Laundering Law and Articles (70) and (71) of the Law on Combating Terrorism Crimes and Financing set forth the financial institution’s obligations to report suspicious transactions in addition to the regulatory requirements related to non-alerting customers . | ||
8.1 | The financial institution shall set up and document procedures for reporting suspicious transactions, implementing them effectively, and ensuring that they are approved at the level of the board of directors. The procedures may include the following: | |
| a) | Internal procedures to be followed by the its employees and senior officers in the event of suspicion of ML/TF. | |
| b) | A mechanism that facilitates employees’ communication with the officer responsible for reporting suspicious transactions to raise inquiries and report suspicions. | |
| c) | Internal investigation procedures relating to suspicion cases, including the stages of investigation. | |
| d) | Levels of approval and review of suspected cases if reports are approved or closed. | |
| e) | Determining the employee or officer responsible for reporting to the SAFIU about suspicious transactions. | |
| f) | Adequate measures to maintain confidentiality of reports and ensure that customers are not alerted. | |
| 8.2 | The financial institution shall provide sufficient resources that allow effective follow-up and sufficient investigations of all internal reports to determine whether submitting a suspicion report to the SAFIU is justified. | |
| 8.3 | The financial institution shall immediately and directly inform the SAFIU upon suspicion or the presence of information or reasonable grounds to suspect that a customer’s behavior is related to ML/TF acts. If the financial institution submits a report to the SAFIU, it shall respond to and provide the SAFIU with any additional information that it requests directly in order to analyze the submitted report. | |
| 8.4 | The financial institution shall report all suspicious transactions, including unsuccessful attempts to carry out transactions, if there are reasonable grounds for suspicion, regardless of the transaction’s value. | |
| 8.5 | The financial institution shall inform the SAFIU upon suspicion of wire transfer transactions. | |
| 8.6 | The financial institution shall not submit any report to the SAFIU based on speculation or lack of information or reasonable grounds for suspicion. The financial institution has reasonable grounds to report on suspicions in the following cases: | |
| a) | When the financial institution knows, through its conduct of its business or investigations, that the activity or operation to be carried out is related to a suspicious transaction. | |
| b) | When the financial institution has sufficient information indicating that the activity or transaction to be carried out is related to a suspicious transaction. | |
| 8.7 | The financial institution shall decide, at its discretion, not to apply the due diligence measures in the event of suspicion of an ML/TF act when it has strong justifications and reasonable grounds that the customer may become aware of the suspicion if the financial institution applies due diligence. In this case, it shall submit a report on a suspicious transaction to the SAFIU. The report shall include the reasons and justifications for not applying due diligence. | |
| 8.8 | The financial institution shall submit suspicious transaction reports according to the reporting mechanism and form approved by the SAFIU, on the condition that the SAFIU is provided with an additional detailed report that includes all data and information available to the financial institution on that transaction and the parties involved. | |
| 8.9 | The financial institution shall submit a technical report on the reported cases to the SAFIU. The report shall include the following: | |
| a) | The account statement or transactions carried out under the contract for a period of six months. | |
| b) | Documents obtained to apply due diligence measures. | |
| c) | A technical report examining the account or contract subject of suspicion. | |
| 8.10 | If a decision not to inform the SAFIU of an internal report is made, the officer responsible for reporting suspicious transactions shall document this including the reasons for not reporting in a detailed and sufficient manner, taking into account the levels of approval and review mentioned under Paragraph (8.1/d). | |
| 8.11 | The financial institution shall keep records of all suspicious transaction reports submitted, including a copy of reports submitted to the SAFIU and internal reports on cases that were under investigation and were not reported due to the lack of sufficient grounds for suspicion. Investigation documents and reports shall be kept independently without prejudice to the requirements of confidentiality of investigations and reports, and the persons authorized to access these records shall be specified. | |
| 8.12 | The financial institution shall examine and review suspicion cases, internal reports, and feedback received from the SAFIU and take them into account when developing/updating the indicators and typologies of ML/TF mentioned in Paragraph (7.9) in the Monitoring of Transactions and Activities Section. | |
| 8.13 | The financial institution should educate and raise the awareness of all its employees, including the members of the board of directors and senior management, regarding the following: | |
| a) | The requirements related to identifying and reporting the suspicious activity or transaction. | |
| b) | The regulatory requirements concerning civil and criminal liability and other liabilities related to violations of required confidentiality obligations. | |
| c) | The regulatory requirements related to reporting and not alerting customers or disclosing any suspicious transaction incidents, reports or information. | |
| 8.14 | The financial institution shall notify SAMA immediately of any accounts, business relationships, or financial transactions involving the names included in the lists of the UN Security Council committees, Committee 2253/1989/1267 and Committee 1988, as well as the names included in the national list in implementation of the Security Council Resolution No. (1373) according to the data available in the lists. For optimal implementation, the financial institution shall adhere to the provisions of SAMA’s relevant circulars, including: | |
| a) | The Guide on the Implementation of Security Council resolutions relevant to combating terrorism and its financing. | |
| b) | The Guide on the Implementation of Security Council resolutions relevant to proliferation of weapons of mass destruction and financing. | |
| 8.15 | The financial institution shall put in place an effective and comprehensive mechanism and consider the suitability of technological systems for continuous comparison with the names included in the sanctions list in Paragraph (8.14) under the Reporting of Suspicious Transactions Section. | |