Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

Principle (5) Independence

No: 42005223 Date(g): 15/9/2020 | Date(h): 28/1/1442 Status: In-Force

Translated Document

44-The compliance unit in the bank must be independent.
 		 
Concept of Independence for the Compliance Unit
 
45-The concept of independence in this principle refers to "the independence of the compliance unit from external interference by other operational units in performing its compliance duties or influencing them." This does not mean that the compliance unit should not work closely with other business units to facilitate compliance; rather, the working relationship should be cooperative between the compliance unit and other units, supporting the early identification and management of non-compliance risks. The various elements outlined below should serve as preventive measures to help ensure the effectiveness of the compliance unit. Regardless of the close working relationship between the compliance unit and other units, the method of implementing preventive measures depends to some extent on the specific responsibilities of each compliance unit employees.
 		 
Elements of the Concept of Independence
 
‎46-

The concept of independence includes four interrelated elements that must be applied as follows:

  1. Element One: The Compliance Unit Must Have an Official Status in the Bank.

    Element Two: In local banks, the compliance unit should be headed by an executive at the first managerial level. In branches of foreign banks, the unit should be led by a senior executive at the first managerial level who reports directly to the head of the branch. This position should include the overall responsibility for coordinating the management of compliance risks within the bank.
     
  2. Element Three: The personnel of the compliance unit, particularly the head of compliance, should not be placed in a position that could lead to potential conflicts of interest between their compliance responsibilities and any other responsibilities associated with their role.
     
  3. Element Four: All personnel within the compliance unit should have the right and authority to access and review all relevant information, records, and files, and communicate with bank employees as necessary to perform their duties.
     
 
The Official Organizational Status of the Compliance Unit
 
47-The Compliance Unit must have an official status within the bank that grants it appropriate recognition, authority, and independency. This should be outlined in the bank's compliance policy or in an official document related to the policy. All bank employees should be informed of the document specifying this status.
 		 
Key Items of the Compliance Unit's Organizational Document
 
‎48-

The organizational document for the Compliance Unit, related to the compliance policy, must include at a minimum the following requirements:

  1. ‎ The role and responsibilities of the Compliance Unit.  
     
  2. Procedures necessary to ensure the independency of the Compliance Unit.
     
  3. The relationship of the Compliance Unit with other risk units within the bank, and its relationship with the internal audit unit.
     
  4. The method for distributing compliance responsibilities in exceptional cases where, due to technical or specialized reasons, or where there is not a significant relationship with non-compliance risks, some compliance responsibilities may be assigned to employees in other operational units such as human resources, administrative affairs, branches, etc., and must be according to specific procedures outlining the role and authority of those units and designated officials.
     
  5. The Compliance Unit has the right to access the necessary information, records, and data to perform its responsibilities, and the requirement for bank employees to cooperate in providing this information.
     
  6. The Compliance Unit has the right to conduct necessary investigations by itself or through delegated external experts for potential policy violations or shortcomings in compliance policy implementation, and its authority to appoint or request external experts if needed.
     
  7. The Compliance Unit has the right to freely report investigation results to senior management and, when necessary, to the board or its authorized committee.
     
  8. The official obligations of the Compliance Unit regarding reporting to senior management.
     
  9. The Compliance Unit has the right to direct access to the board or its authorized committee.
 
Compliance Officer

Job Level
49-Every local bank must appoint a Chief Compliance Officer, and every branch of a foreign bank must appoint a high-ranking officer at the first managerial level who reports directly to the branch’s chief officer. This role includes the overall responsibility of coordinating the identification of non-compliance risks at the bank, advising on their management, and supervising the activities of compliance officers and staff within the compliance unit.
 		 
Job Affiliation
 
‎50-The compliance officer at the first managerial level in the bank should be directly linked to the chief executive only in the senior management of local banks (Managing Director/CEO/General Manager) or to the chief officer of the branch in the case of foreign bank branches (according to the highest job title in the branch). The Chief Compliance Officer should not hold any direct or indirect responsibilities related to banking activities. They must have the authority to report and notify the board or its delegated committee of any significant weaknesses, deficiencies, or violations without fear of negative repercussions from management, other business units, or bank employees. No actions should be taken against them when reporting.
 		 
Notification of Appointment and Changes to the Board
 
51-For local banks, the board members must be notified when there is an appointment or change (resignation, transfer to another role, retirement, termination of service, etc.) of the Chief Compliance Officer, including documentation and reasons for the change.
 		 
SAMA's Non-Objection to Appointments and Changes
 
52-The bank must obtain a non-objection letter from SAMA for the appointment of the Chief Compliance Officer, in accordance with the Requirements for Appointments to Senior Positions. SAMA's non-objection is also required if the Chief Compliance Officer leaves the position (resignation, transfer to another role, termination of service, etc.), with documentation and reasons for the change.
 		 
Notifying Regulatory Authorities in the Host Countries
 
53-For banks licensed to conduct international banking activities with compliance officers from those countries, the regulatory authority in the host countries must be notified of the Chief Compliance Officer's appointment or departure if such notification is required by the host country regulations.
 		 
The Affiliation of the Compliance Officers and Staff with the Chief Compliance Officer
54-All staff in the compliance unit must report directly to the Chief Compliance Officer, ensuring that the unit can fulfill all responsibilities independently of other business units within the bank. Compliance officers assigned to compliance tasks in other business units should have a functional reporting relationship to those units but must also have a reporting line to the Chief Compliance Officer concerning their compliance responsibilities and reports. To avoid dual hierarchy, the compliance officers' reporting path to the Chief Compliance Officer regarding non-compliance risks should be the controlling and mandatory line.
 		 
Periodic Meetings
 
55-

The Chief Compliance Officer should have the authority to hold regular meetings with senior management and heads of different business units to discuss compliance with regulations and instructions relevant to the operations and activities of each group, department, or sector. These meetings should be officially documented. It is preferable that senior management and heads of business units attend these meetings personally rather than sending representatives, as their active participation demonstrates:

  • Leadership by example.
     
  • Understanding of their responsibilities regarding compliance.
     
  • Continuous reinforcement of compliance.
     
  • Support for the compliance process.
     
 
Delegation of Responsibilities by the Chief Compliance Officer
 
56-The Chief Compliance Officer may delegate some of their authority to certain employees within the bank for performing tasks related to compliance, such as those in the Treasury Unit or the bank's overseas branches and offices. Any employee delegated these tasks will act as an assistant to the Chief Compliance Officer and will be under their authority concerning non-compliance risks while maintaining full independency in other banking tasks. The size of the bank and its operational capacity should be considered. Any delegation by the Chief Compliance Officer does not exempt them from responsibility; they remain accountable for all compliance-related tasks to the relevant parties.
 		 
Conflict of Interest
 
57-To ensure the independency and professionalism of the Chief Compliance Officer and the Compliance Unit staff, they should only hold responsibilities related to the Compliance Unit. For compliance officers in other business units assigned compliance oversight tasks within those units—if present—they must avoid conflicts of interest and disclose any situations that may result in a conflict of interest.
 		 
58-To ensure the independency of the Chief Compliance Officer and compliance unit staff is not undermined, their financial rewards must not be tied to the financial performance of the business activity for which they are executing compliance responsibilities. However, financial rewards may be linked to the overall financial performance of the bank. In all cases, the final approval of the rewards for the Chief Compliance Officer and compliance unit staff must come from the Board of Directors or a committee derived from it.
 		 
Direct Access to Information and Employees
 
59-

To effectively manage compliance responsibilities as outlined in the compliance documentation and at all administrative levels within the bank where non-compliance risks may exist, the Compliance Unit must have the following principal rights and capabilities, without waiting for orders or instructions:

  1. The right to communicate with any employee and access any necessary information, records, and files needed to fulfill its responsibilities.
     
  2. The ability to carry out its responsibilities independently across all business units where non-compliance risks are present, including the right to investigate any potential violations of compliance policies and to seek assistance from internal specialists (e.g., legal affairs or internal audit) or engage external experts if necessary.
     
  3. The freedom to report any potential violations or transgressions uncovered during its investigations to senior management, without fear of retaliation or dissatisfaction from business units or other employees.
     
  4. Although the Compliance Unit should report administratively to the CEO/Managing Director/General Manager, it must also have the right to communicate directly with the board or its delegated committee, bypassing usual administrative reporting lines if necessary.
     
  5. The Chief Compliance Officer should meet with the board or its delegated committee at least once a year to help assess the board's evaluation of the bank's ability to manage non-compliance risks effectively.
     
  6. The Chief Compliance Officer must promptly and directly notify SAMA/General Directorate of Bank Supervision upon identifying strong indicators of significant or serious compliance failures or violations that impact the reputation of the banking sector and must ensure that SAMA is informed.