Skip to main content

Introduction

No: 42005223 Date(g): 15/9/2020 | Date(h): 28/1/1442 Status: In-Force

Translated Document

Effective from 2020-09-15 - Sep 14 2020
To view other versions open the versions tab on the right

 

17-SAMA issued these principles based on the powers granted to it and its supervisory and regulatory responsibilities as follows:
 
 
 a.The Saudi Arabian Monetary Law, issued by Royal Decree No. (23) dated 23/05/1377H.
 
 
 b.The Banking Control Law, issued by Royal Decree No. (M/5) dated 22/02/1386H.
 
 
 c.The Anti-Money Laundering Law issued by Royal Decree No. M/20 dated 05/02/1439 H. and its implementing regulations issued by the State Security Presidency Decision No. (14525) dated 19/02/1439H
 
 
 d.The Law on Combating the Financing of Terrorism issued by Royal Decree No. (M21) dated 1439/2/12H and its Implementing Regulations issued by the Cabinet Decision No. (228) dated 02/05/1440H.
 
 
18-SAMA issued these principles as the first update to the Compliance Manual for Banks Working in Saudi Arabia issued by Circular No. 56202/M A T/787 dated 19/12/1429H. This issuance is part of SAMA’s efforts to continuously improve and address banking regulatory issues and enhance sound practices in banking institutions. It also emphasizes that bank officials must be convinced that compliance policies and procedures are effective and applied, and that senior management has appropriate corrective actions to address any non-compliance or deficiencies when detected.
 
 
19-Compliance with regulations and instructions starts from the top of the hierarchy, where the chairman, board members, and senior management should serve as examples in managing work and compliance.
 
 
20-Effective compliance requires continuous affirmation from senior management that a culture based on high standards of integrity and professional ethics prevails. Compliance should be an integral part of the bank’s culture and should not be limited to the compliance unit only. Each individual in the bank carries responsibility for compliance, and this responsibility must be integrated into the bank's operations and activities, ensuring high standards are met in its operations by constantly adhering to the spirit and letter of the regulations. It must also consider the impact of actions related to shareholders, clients, employees, and the market environment that could lead to significant negative reactions affecting the bank’s reputation, even if there is no actual violation of regulations.
 
 
21-Trust and integrity are the core values and highest priority in the relationship between the bank and its customers, forming the foundation upon which the bank builds its reputation with customers and stakeholders. Reputation protection must be a fundamental concern for managers and employees. They must exhibit a high level of trust, integrity, and professionalism in their duties and ensure their actions are always in compliance with the letter and spirit of regulations and instructions governing the banking sector.
 
 
22-These principles establish a framework for governance of compliance within the bank, consisting of the board and its responsibility for approving the compliance policy and overseeing the management of non-compliance risks, senior management and its responsibility for managing non-compliance risks, and the compliance unit with its responsibility for overall coordination of compliance and supporting senior management.
 
 
23-These principles begin by defining the responsibilities of the board and senior management regarding compliance as a primary importance, followed by the principles that should support the compliance unit within the bank.
 
 
24-Compliance systems, rules, and standards cover matters such as adherence to appropriate market practices, managing conflicts of interest, treating clients fairly, ensuring the suitability of advice given to clients, and specific areas such as anti-money laundering, combating terrorism financing, preventing the spread of weapons, Know Your Customer (KYC), anti-financial fraud, anti-corruption, and handling reports of violations.
 
 
25-Compliance systems, rules, and standards are based on multiple sources including the regulations and instructions applicable to the banking sector under the supervision of SAMA, regulations and instructions overseen by other official authorities with jurisdiction or in other countries where banks operate, prevailing banking practices, industry-supported business practices, internal conduct rules applied to bank employees, integrity and ethical behavior standards, and relevant requirements issued by international organizations and groups responsible for setting policies governing the supervision of banking and financial institutions, such as the Basel Committee on Banking Supervision, among others.
 
 
‏26-Compliance principles require that the compliance unit be independent, adequately resourced, clearly define its responsibilities, and be subject to independent and periodic review by the internal audit unit, as detailed in principles (5) to (8) below. These principles reflect the effectiveness of the compliance unit’s work.
 
 
27-

The compliance unit and function in banks are considered one of the most important foundations and factors for their success, as they play a crucial role in maintaining their reputation and credibility, protecting shareholder and depositor interests, and providing protection from penalties. This is achieved through its activities and contributions as follows:

  • Mitigating non-compliance risks, particularly regulatory, reputational, and financial penalty risks.
     
  • Strengthening relationships with regulatory and supervisory authorities and addressing their feedback to identify and rectify deficiencies on a regular basis before they escalate.
     
  • Contributing to the establishment of sound management and governance principles within banks.
     
  • Ensuring compliance with regulations and instructions issued by supervisory and regulatory authorities, as well as other relevant authorities.
     
  • Developing appropriate mechanisms and frameworks to combat money laundering, terrorism financing, weapons proliferation, financial fraud, and corruption, and providing insights, advice, and recommendations to address and correct deficiencies and violations.
     
  • Taking necessary actions to address reports of violations received from bank employees and stakeholders, in line with the bank's whistleblowing policy, to ensure objective and escalating resolution and to plan corrective measures.
     
  • Upholding values and professional practices in banking operations.
     
  • Raising awareness among bank employees about the positives and negatives of their compliance and the risks associated with non-compliance with regulations and instructions issued by relevant regulatory and supervisory authorities.
 
28-The bank must organize its compliance unit such that the priorities for managing non-compliance risks align with its risk management strategy.
 
 
29-It should be recognized that the scope of compliance, along with the complexity and diversity of compliance rules and sources, makes it the responsibility of senior management and all operational units (business groups and sectors) to manage non-compliance risks, verify compliance levels, and establish necessary controls to ensure compliance, whether at the level of work procedures, technical systems, or data protection. The role of the compliance unit is limited to cataloging, communicating, and explaining regulations and instructions to business sectors upon receipt from supervisory and regulatory authorities and other relevant entities, obtaining confirmation, ensuring inclusion in policies and procedures, performing continuous monitoring, identifying, discovering, and evaluating non-compliance risks periodically, reporting violations of compliance rules and standards, and providing reports on non-compliance risks and violations.
 
 
30-The compliance principles apply to all commercial banks operating in the Kingdom and their branches and offices in foreign countries where they conduct banking activities, unless they conflict with the regulations and instructions of those countries. They represent the minimum necessary to achieve overall compliance effectiveness and specifically the effectiveness of the compliance unit and function. SAMA expects adherence to higher and more sound practices.
 
 
31-

These principles should be read and applied in conjunction with several related instructions for the unit's operations, including but not limited to the following:

The main principles of governance in banks and financial institutions operating in the Kingdom of Saudi Arabia.