Regulatory Rules for Prepaid Payment Services in the Kingdom of Saudi Arabia

Regulatory Rules for Prepaid Payment Services in the Kingdom of Saudi Arabia
No: BCT/15631 Date(g): 2/5/2012 | Date(h): 11/6/1433 Status: In-Force

Introduction
The Saudi Central bank* (SAMA), in accordance with the authority vested on it under the following relevant Saudi laws, is the legislative body responsible for exercising regulatory and supervisory control over banks and money exchangers, issuing general rules and overseeing that all banks and money exchangers comply and effectively implement the relevant laws and regulations.
1. The Charter of Saudi Arabian Monetary Agency –issued via Royal Decree No. 23 dated 23/5/1377 H, Articles 1 (c) and 3 (d), which entrusts SAMA to supervise and regulate commercial banks and money-changers, and to set relevant rules whenever deemed necessary;
2. The Banking Control Law – issued via Royal Decree No. M/5 dated 22/2/1386 H Article 16 (3).
3. Decision No. 3/2149 dated 14/10/1406 H of His Excellency the Minister of Finance concerning the implementation of the provisions of the Banking Control Law.
4. Based on the provisions of Articles 4 & 6 of the Anti-Money Laundering Law and its Implementing Regulations issued via Royal Decree No. M/39 dated 25/6/1424 H, empowering regulatory authorities to issue rules related to "Know Your Customer" Principle, and instructions related to precautionary procedures and internal control to detect any of the crimes stated in this Law, ensure compliance of financial institutions with issued instructions; set, apply and update effective written controls and monitor their application to prevent the exploitation of these institutions in money-laundering operations and assist in detecting suspicious transactions.
5. Council of Ministers’ Decision, No. 59 Dated 28.3.1420 H which gives the authority to SAMA to authorize the issuance of Electronic Cash Cards and alike, and supervise according to instructions, standards and terms adopted by SAMA.
The Regulatory Rules shall be applicable to the issuance and operations of all aspects of prepaid payments as issued by licensed banks that have been authorized by the Saudi Central Bank*.
SAMA is the sole authority empowered to apply these Regulations and to take necessary measures as it deems appropriate regarding any violations of these provisions including imposing punitive charges and / or enforcement actions as applicable under the Banking Control Law. These rules are to be read in conjunction with and supplement the regulations as annotated in the ‘Rules Governing the Opening of Bank Accounts and General Operational Guidelines in Saudi Arabia’ as issued by SAMA. Financial Service providers in the Kingdom of Saudi Arabia are expected to act as responsible businesses, ensuring their customers are educated and informed about the products and services offered, enabling them to make considered decisions about the products and services proffered and their use.
The purpose of the Regulatory Rules is to promote the informed use of prepaid payment services in the Kingdom. The framework defines the scope of prepaid payment services covered by the regulation, the license requirements to issue and acquire prepaid payment services, as well as defining the rights of end users relating to these payments.
The Regulatory Rules prescribes minimum levels of disclosure, gives accountholders the right to cancel prepaid service agreements, regulates certain prepaid payment service practices and provides a means for fair and timely resolution of transaction disputes, thereby providing detailed and sufficient information to educate and enhance the account holder and/or primary cardholder’s knowledge and awareness of prepaid payment service products and their associated terms and conditions.
Where a prepaid payment service is operated utilising the SPAN payment scheme brand these regulations should be read in conjunction with the SPAN Scheme Standard¹.
The Regulatory Rules is divided into two sections.
The first section provides a definition of prepaid payment services, of the stakeholders interacting within prepaid payment services and also of the various prepaid payment service segments.
The second section lays down the operating rules and guidelines governing prepaid payment services, including the regulations regarding merchants.
Prepaid payment services operating within the Kingdom, regulated by SAMA, are subject to the rules and regulations defined herein. In addition, Open Loop prepaid services operate through the Saudi Arabian Payments Network (SPAN) and are subject to the applicable Operating Rules and Procedures defined and published by the SPAN Scheme from time to time. These Prepaid Regulatory Rules should therefore be read in conjunction with the ‘SPAN Operating Rules and Regulations’ and ‘SPAN Operating Procedures’, collectively referred to as the ‘SPAN Business Books’.

¹The SPAN Scheme Standard relate to the SPAN Business Books, Operating Rules and Procedures
* The Saudi Arabian Monetary Agency was replaced By the name of Saudi Central Bank accordance with The Saudi Central Bank Law No. (M/36), dated 11/04/1442H, corresponding in 26/11/2020AD.

1. Definitions
The regulatory rules presented herein regulate the issuing, acquiring and usage of prepaid payment services. This regulatory rules document focuses primarily on "Cards", but applies to all prepaid services including smart/EMV cards and magnetic stripe card environments as well as other form factors for prepaid payment services, such as contactless and mobile payments.

1.1. Prepaid Payment Service Definition
A prepaid payment service, as regulated under these rules, is defined by the holding of monetary value in a prepaid account/electronic record that can be utilised to purchase goods or services from one or more businesses who agree to participate in the prepaid program. The defining features are:
- Monetary value is held on account for use to purchase goods and services for variable amounts as determined and agreed between the payer and payee at the time of purchase of the prepaid service
- Settlement of transactions can be between otherwise unrelated business entities.
Note: for the purposes of this document the terms "account", "electronic record" and "sub-record" are used interchangeably.

"Open loop" payment services enable the purchase of goods and services from a group of unrelated businesses through a prepaid account utilising a payment brand accepted at the participating merchants, i.e. multiple contracting entities, multiple issuers and multiple acquirers. "Open loop" prepaid services require a clearing and settlement services between different businesses. This includes the ability to encash any part of the prepaid balance through a third party network, such as ATM networks.

“Restricted loop” is a subset of an open loop program, in that the merchant acceptance of the program is limited to a specified merchant or a specified network of merchants. Examples of a restricted loop program include in its broadest form, prepaid accounts for the purchase of specific services or goods across a network of merchants (e.g., a prepaid coffee card accepted across a range of unrelated coffee shops, or a mall card accepted only at merchant locations within a specific mall);

"Closed loop" is the purchase of prepaid goods and services related to the goods and services within a defined contracting entity i.e. single contracting entity, single issuer & single/multiple acquirers. In its most restrictive form, close loop programs prepaid accounts for the purchase of services or goods from a specific merchant or merchant chain utilizing the settlement and clearing functions of the prepaid payment service. (e.g., a nationwide retailer offers a prepaid card valid only at its nationwide locations, an independent merchant offers a prepaid card valid only at its single store location but chooses to utilize the prepaid payment service for settlement and clearing functions).

Examples of closed loop prepaid goods and services include:
1. Prepaid accounts for the purchase of specific services or goods, such as prepaid fares for public transport or prepaid airtime for mobile telephony services;
2. Vouchers (a paper certificate or a series of electronic digits with a non-reloadable amount associated that allows the holder to make payments up to that value at a specific merchant or merchant chain);
3. Gift cards for use at a merchant or merchant chain
A prepaid payment instrument is an access device, or token of identity, that can access a pre-funded account balance held by the issuer (refer to 1.2.1 Issuing Program Manager) to which a transaction can be charged. Such an access device could be a payment card, an internet wallet or a payment device utilising mobile technology.
Prepaid instruments encompassed in this regulatory framework include any access device that can provide transactional services against a prepaid balance, including but not limited to:
1. Smart/EMV cards (payment cards with an embedded micro-processor);
2. Magnetic stripe cards (payment cards with a magnetic stripe);
3. Internet wallets (stored value internet accounts)
4. Mobile payments
5. Contactless payments (Near Field Communications technology)

1.1.1. Acceptance
Prepaid payment services within these regulatory rules can be used across a range of different acceptance models, or prepaid payment service programmes. These are:

Closed loop prepaid Payment Services². A closed loop prepaid payment service is a prepaid product that is redeemable at a single merchant or at an affiliated group of merchants with the same name, mark, or logo³. The payment device is purchased on a prepaid basis and is honoured upon presentation at such single merchant or affiliated group of merchants. Closed loop prepaid products may or may not be reloadable.
Examples of closed loop prepaid products are:

i. Merchant branded gift cards
ii. Merchant branded store cards

Restricted loop prepaid payment services: A restricted loop prepaid payment service is a prepaid product that is used to acquire goods and services at a limited network of service providers (e.g. fuel stations), either within a clearly limited area or alternatively that can be used to pay for a limited range of goods and services. Restricted loop payment products may or may not be reloadable.
Examples of restricted loop prepaid products are:
Prepaid payment services that are accepted at different merchants located within a clearly defined area such as shopping cards or mall cards. Other examples include University or campus payment devices, Conference cards, Stadium cards, and other cards that are only accepted within a specific closed venue;
Prepaid payment services that are accepted at different merchants, located in different locations but that can only be used to purchase a limited range of goods and services such as Petrol cards, Meal vouchers or Public transport cards⁴.

C. Open loop prepaid payment services. Open loop prepaid products are payment instruments that are redeemable at all merchants or service providers where the payment brand is accepted without restrictions.
Open loop prepaid products may or may not be reloadable.

² While closed loop prepaid payment services may be issued under these Rules in the Kingdom of Saudi Arabia, it is not anticipated that they will form the bulk of the programmes on offer
³ Where the prepaid payment service can be used to purchase or access a range of goods or services that are not predetermined at the time the prepaid account is loaded with value (e.g. airtime)
⁴ For example, transport cards that are accepted by transportation companies (cars, trains and others).

2.1.1. Reloadability

The regulatory principle presented herein governs both reloadable and non-reloadable prepaid payment service products.

a.	Non-reloadable prepaid payment service. A prepaid payment service is non-reloadable if it has no mechanism for having additional funds added to the initial balance after the initial issuance.
b.	Reloadable prepaid payment service. A prepaid payment service is reloadable if it has the ability of having more funds added after the initial issuance.

It is at the discretion of the prepaid Issuer to determine whether a prepaid product should be reloadable or non-reloadable (noting that re-loadable cards are subject to more rigorous KYC and AML requirements).

Common to both reloadable and non-reloadable prepaid services is that there is a deposit account that holds the available balance on the account until such a time as it is redeemed through spend against the balance or a cash withdrawal, when this service is allowed.

1.2. Stakeholder Definition
The implementation of a prepaid payment service payments system in the Kingdom of Saudi Arabia will impact a range of stakeholders, including for example: SPAN, prepaid payment service issuers, acquirers, merchants, accountholders and primary cardholders.

1.2.1.The Issuing Programme Manager (Issuer)

A prepaid payment service Issuing Programme Manager (IPM) is a regulated bank in the Kingdom of Saudi Arabia that is permitted to accept deposits, according to the Banking Control Law, issued by Royal Decree No. M/5 Dated 22.2.1386 H. The IPM operates the deposit account and collects the funds loaded onto the prepaid account. The IPM is responsible for:

a) Directly reimbursing the acquirers of the service providers (e.g. merchants) that are part of a closed loop payment device, or

b) Reimbursing acquirers through a scheme settlement arrangement if the service providers (e.g. merchants) are part of an open loop payment service.

1. Issuing activities. In order to operate a prepaid payment service programme, IPM’s have responsibility for undertaking the following activities directly, or through partners:

Prepaid account recruitment. These are the activities associated with marketing to prospective prepaid payment service customers, including the development and distribution of marketing materials;
Partner recruitment. Activities related to the recruitment of partners into the distribution network, such as an issuing processor, sellers/distributors and the load/reload network representatives (refer to 1.2.1 b);
Customer recruitment and account set up. Includes the processing of prepaid payment service applications from their receipt by the IPM through to the approval stage (inclusive of the collection of KYC information), setting up new prepaid accounts and the sending out of “service Terms and Conditions” to new account holders;
Payment product issuing. Includes all aspects related to the delivery of the payment service product to the customers, such as in the case of a prepaid card the production of the card through to the safe delivery of the card and PIN to the primary cardholder; The PIN distribution activity must be undertaken by the regulated entity (i.e. IPM);
Load /reload network. Relates to the receipt and processing of funds deposited onto the prepaid account. These loads/reloads can potentially be made at a number of different channels, such as affiliated merchants, ATMs, bank transfers, person to person payments or Kiosks;
Authorisation processing. Refers to the activities related to the approval/decline of an authorisation request associated with the prepaid payment service received by the issuer via SPAN or other payment networks;
Transaction processing. Activities undertaken by the issuer, from the receipt of the clearing message from the acquirer to the point at which the transaction is posted onto the primary cardholder’s account. These activities also include the research and documentation of transactions disputed by the primary cardholder;
Overdraft. Drawing more money than the bank accounts holds, prepaid service products are not allowed to go into overdraft;
Statement production. Activities related to the preparation and delivery of customer statements, which can be via postal mail, web account, email, and SMS or ATM. Paper statements shall however be issued minimum at quarter basis to the primary cardholder (at no additional cost to them) if the cardholder specifically request this option;
Customer service. Includes the activities associated with the handling and information storage of all general prepaid account related customer enquiries, requests and complaints;
Fraud investigation. Activities related to the efforts put into preventing and following up suspected or actual cases of prepaid payment service misuse (both processes and systems);
Usage Monitoring. Activities associated with monitoring the primary cardholder’s activities and customer due diligence that is required to ensure the programme’s on going compliance to AML and CTF regulations in force in the Kingdom of Saudi Arabia;
Programme management. Includes the general administrative and managerial activities involved with operating the prepaid account business, including the analysis of information generated by the programme and the strategic planning and development of the prepaid product.

2. Other participants within issuing activities.

The IPM may share some of the activities described above with third party as regulated by the "Rules on Outsourcing" issued by the Saudi Central Bank. Outsourcing may be used in order to attain a larger distribution network or reduce transaction processing costs.

Examples of organisations with whom the issuer may share issuing activities are as follows:

The programme manager. A programme manager may administer several aspects of a prepaid programme, which may include transaction processing and the distribution of the payment device and marketing materials;
The issuing processor. The issuing processor will typically send the responses to the authorisation requests and post the transactions onto the prepaid accounts. It may also manage the customer service;
The seller/distributor. The seller/ distributor may be an affiliated shopping mall or a merchant that distributes at a fee the prepaid payment service contracts to prospective cardholders;
The load/reload network. The load/reload network can include, for example, a branch or an ATM, where primary cardholders can load funds onto the prepaid account with cash or via payment with credit or debit cards, within the allowed limits for the product. In accordance with the "SAMA Rules on Outsourcing", July 2008, issuers are required to seek "no objection" from SAMA on the use of 3^rd party (merchant sites) for applying load services to prepaid accounts, where such loads shall be governed by the rules set out in section 2.3.

Table 1: Activities that the IPM could share with third parties

(iv)	(iii)	(ii)	(i)
Load/reload network	Seller/ distributor	Issuing Processor	Programme Manager	(Issuing Activities)
Load/reload network	Seller/ distributor	Issuing Processor	Programme Manager	Outsource Partner
X	√	X	√	Prepaid Account Recruitment	(i)
X	X	X	√	Partner Recruitment	(ii)
X	X	X	√	Customer Recruitment & Set-up	(iii)
X	√	X	√	Payment Device Issuing (excluding PIN issuing)	(iv)
√	√	√	√	Load/Re-load	(v)
X	X	√	√	Authorisation Processing	(vi)
X	X	√	√	Transaction Processing	(vii)
N/A	N/A	N/A	N/A	Overdraft	(viii)
√	X	√	√	Statement Production	(ix)
X	√ For closed loop only	√	√	Customer Service	X
X	X	√	√	Fraud Investigation	Xi
X	X	√	√	Usage Monitoring	Xii
X	X	X	√	Programme Management	Xiii

1.2.2. The Acquirer
An acquirer of prepaid payment service is a regulated licensed bank, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H. The acquiring business is governed by the SPAN Scheme Regulations; an acquirer can be either an ATM acquirer or a POS (merchant) acquirer or both.
An ATM acquirer is a regulated bank which is a member of SPAN and which has entered into an agreement with SAMA to acquire ATM transactions.
The POS (Merchant) Acquirer is a regulated bank which is a member of SPAN and which has entered into an agreement with SAMA to acquire Point-Of-Sale (POS) transactions & an agreement with The Merchant to provide him with POS service.

1.2.3.The Contracting Entity
The contracting entity is the individual or Juristic persons or Government entities that enter into the prepaid payment service contract with the IPM. Please note that for the purposes of these rules, the term ‘Contracting Entity’ may not in all cases be the same as the beneficial owner of the funds held on an account, sub account or electronic record supporting the prepaid payment instrument.
For a commercial prepaid product, the contracting entity will be the Juristic person which enters into the service agreement with the prepaid issuer.
For a retail prepaid product, the contracting entity can be the individual who is either the primary cardholder or legal guardian of the primary cardholder.
If the prepaid contracting entity (an individual or a Juristic person) has selected a multi account product (e.g. petty cash card, household cards), the contracting entity will be the primary cardholder and shall determine the value of the funds transferred to secondary card records (Note: secondary cards have no access to the funds on the primary cardholder record).
When the contracting entity is a governmental entity or a Juristic person, the due diligence processes related to KYC and AML for the cardholder (see 2.3 and 2.5) may be shared between the issuer and the contracting entity. However, the issuer remains responsible for satisfactory completion of the KYC and AML requirements in accordance with prevailing regulatory requirements

1.2.4. The Primary Cardholder
The primary cardholder is the individual that uses the prepaid payment service to pay for goods and services at the point of sale and, if applicable, to withdraw cash from ATMs and utilise money transmission services. The contracting entity (an individual or a Juristic person) and the primary cardholder may be the same, but can also be different parties. For example, a guardian could be the contracting entity for a youth card issued to a child.

1.2.5. Merchants
The term merchant refers to a Company, firm, corporation, government entity or other person who:
a) has a Merchant Account and an existing and on-going relationship with an Acquirer, and;
b) is designated to accept any payment by a cardholder using a valid Payment Card to pay for goods and/or services, and;
c) has contractually agreed to accept the payment device as a method of payment at their premises.

1.2.6. Merchant Account
The Merchants Account refers to an account held with the Acquiring Bank used solely for the purposes of settlement of POS transactions. All current SAMA rules are applicable to the opening and maintenance of this account. This account must be settled on a regular basis.

1.2.7. Saudi Arabian Payment Network – SPAN
SPAN operates the payments network and establishes operating rules for card payment device issuers, processors, merchants and ATMs that accept prepaid payment products. The prepaid payment services under this regulation will be accepted throughout the SPAN network, with additional acceptance through non-domestic payment networks, including the GCC countries, as agreed by SPAN.

1.3. Prepaid Payment Services Products Segmentations

1.3.1. Retail payment products

These include general purpose payment products, for example:

a)	Payroll Cards (which can include remittance services where the consumer contracts directly for the services with issuer or his agent).
b)	Student Cards.
c)	Household Cards.
d)	Youth Cards.
e)	etc.

1.3.2. Government Entities payment products
Government Entities (which include all governmental institutions, ministries, and local juristic entities and the like) payment products are used by government entities to effect payments to recipients of state payment or to purchase products or services for such agencies. Also, to distribute compensation or benefits to employees and/or beneficiaries. Examples of Government Entities oriented cards are as follows:
a) Social Insurance accounts/payment products

b) Procurement accounts/payment products

Funds can only be loaded onto the prepaid account by a government entity itself.

1.3.3. Juristic Persons Payment products
Juristic Persons payment products are used by corporations (which include all appropriately licensed juristic institutions or entities and the like) to facilitate procurement; distribute compensation or benefits to employees, customers or beneficiaries.
Examples of Juristic Persons payment cards programmes are as follows:
a) Payroll cards

b) Employee benefits cards (Health care, transit, etc.)

c) Customers incentive cards

d) Procurement accounts/payment products

2. Rules and Guidelines Governing Prepaid Payment Services

2.1 General Prepaid Payment Service Issuing Rules

2-1-A Closed loop Prepaid Payment Services
A close loop prepaid products may or may not be reloadable. Closed loop prepaid payment services are not allowed to provide cash withdrawal functionality at ATMs or transfer of funds into a bank account.
An issuer (refer to 1.2.1 Issuing Programme Manager) proposing to operate closed loop prepaid programme must seek SAMA’s “no objection” to the proposed programme at a contracting entity level.
A closed loop prepaid payment service issued in the Kingdom is not allowed to provide cross-border payment functionality, unless permitted by SAMA.

2-1-B Restricted Loop Prepaid Payment Services
A restricted loop prepaid products may or may not be reloadable. Restricted loop prepaid payment service product is not allowed to provide cash withdrawal functionality at ATMs or transfer of funds onto a bank account.
Any Issuer (refer to 1.2.1 Issuing Programme Manager) proposing to operate restricted loop prepaid programme must seek SAMA’s “no objection” to the proposed programme at a contracting entity level.
A restricted loop prepaid payment service issued in the Kingdom is not allowed to provide cross-border payment functionality, unless permitted by SAMA.

2-1-C Open Loop Prepaid Payment Services
Open loop prepaid products may or may not be reloadable. An open loop prepaid payment product can, but is not required to, enable cash withdrawals at ATMs or the transfer of funds onto a bank account, including international remittances within the restrictions of Know Your Customer (KYC) and Anti Money Laundering (AML)/Combating Terrorist Financing (CTF) rules documented in Section 2-5.
Any Issuer (refer to 1.2.1 Issuing Programme Manager) proposing to operate open loop prepaid programme must seek SAMA’s “no objection” to the proposed programme at a product level.

2-1-D Outsourcing
Regulated Issuers (Refer to The issuing Programme Manager (issuer) 1-2-1) may outsource activities within the KSA to trusted third parties under an outsourced service contract, provided that the regulated issuer assumes the responsibility for all actions undertaken by a third party.
In accordance with the "Rules on Outsourcing", issued by Saudi Central Bank, section 2-3, banks are required to confirm SAMA has "no objection" prior to undertaking any Material Outsourcing.

2.1.1 All disclosures
All disclosures required by these Rules shall be made in the Arabic language and utilise the Hijrah calendar and/or using the Gregorian calendar. Disclosures in the English language shall be provided at the primary cardholder’s request. Any Operator must be a licensed bank in the Kingdom of Saudi Arabia that is permitted to accept deposits, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H.
These rules have been issued in a bilingual form in Arabic and English. In case of any difference in the meaning or interpretation of the text, the Arabic text will prevail. The English language will be referred to only for the purpose of assisting in understanding these rules.

2.1.2 Disclosure requirements
All disclosure requirements contained in these Regulatory Rules apply to products offered in totality by a business approved by SAMA to issue prepaid payment services. Where a joint product is offered the disclosure requirements apply to the business approved by SAMA to issue prepaid payment services.

2.2 License to Issue and/or Acquire prepaid Payment Services

2.2.1 Banking license
To issue a prepaid payment service product or acquire prepaid payment service transactions a financial institution must be a licensed bank in the Kingdom of Saudi Arabia, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H, and licensed to provide financial services within the Kingdom of Saudi Arabia, with SAMA’s “no objection” prior to introduce any prepaid product.

2.2.2 Regulatory Rules
A Prepaid issuer or acquirer operating in the Kingdom of Saudi Arabia shall be allowed to issue or acquire prepaid payment services within all acceptance categories (Open Loop, Restricted Loop, Closed Loop) & prepaid payment service segments (Payroll Cards, Youth Cards, etc.) in both the reloadable & non-reloadable variants, as long as the requirements contained within these rules are me

2.3 Know Your Customer Requirements
No: BCT/15631 Date(g): 2/5/2012 | Date(h): 11/6/1433 Status: Modified
The general rules for Know Your Customer (KYC) are set out in "Rules Governing Anti-Money Laundering (AML) & Combating Terrorist Financing (CTF)", Issued by Saudi Central Bank, Section 4.3. For prepaid products the entity responsible for KYC purposes is the regulated entity permitted to issue prepaid products.
Depending on the classification of the prepaid payment service proffered, KYC obligations for prepaid payment accounts or electronic records will require either a full verification of the primary cardholder or non-verification.
Specifically,
- KYC requirements for open loop prepaid services will require full verification
- Closed loop cards will not require verification for the primary cardholder within certain constraints.

2.3.1 Full Verification

Open loop and/or reloadable prepaid payment service products are allowed to be issued to an individual provided a Full Verification process has been undertaken:

a)	As a result of a written Request from the Contracting entity OR an electronic request in accordance with SAMA E-banking Rules clause 4.1(ii), (which allow for online, internet based account application, provided certain security considerations are taken into account) for the account/electronic record and payment device;
b)	Where an acceptance by the primary cardholder of the Terms and Conditions relating to the prepaid payment service is obtained by signature;
c)	As a renewal of, or substitute for, an existing prepaid payment service.

Full verification is the process by which the Issuer or an authorised third party obtains and verifies the prepaid accountholder’s identity. Accountholders whose identity has been fully verified shall have a prepaid payment service with the full functionality as determined by the Issuer. Full verification is conducted face-to-face (refer to (100-8) interviewing the customer in Rules governing the opening of bank accounts & general operational guidelines in Saudi Arabia).

The face to face verification process requires a government issued document with primary cardholder's full name and photograph. The accepted documents are the same as mentioned in the rules of opening bank accounts. In addition, for those who are not resident in the Kingdom and are in Saudi Arabia to perform Hajj & Omrah or to provide professional consultancy services for government agencies or for a local commercial entity, the accepted documents are a valid passport with valid Saudi visa.

Merchants will not be entitled to conduct the full verification due to the potential conflict of interest.

The Issuer remains responsible for the verification process and is officially required to produce the verification information on demand by SAMA.

	d)	The issuer may issue prepaid services using existing KYC details provided that one of the following conditions is satisfied:
	1.	The accountholder is requesting a prepaid payment service from an issuer that has already conducted the full verification of the accountholder , OR
	2.	The accountholder is replacing a prepaid payment service device from an issuer that has already conducted the full verification of the accountholder.

2.3.2 Card Payment Service Products that use a simpler form of KYC
Card payment service products that use a simpler form of KYC are limited to products providing restricted value, non-reloadable services which can be offered by the issuer (directly or via a third party) without verification of the cardholders identity. This may apply if the prepaid payment service has the following characteristics:
1. The prepaid payment service is not reloadable; and
2. The amount stored on the device does not exceed 400 SAR; and
3. The value is redeemable through a predefined merchant group (closed or restricted loop); and
4. The value on the prepaid account cannot be redeemed at ATMs or by transfer to a bank account.

2.4 Account Opening Requirements
For prepaid accounts issued in the Kingdom, the opening of accounts must be in compliance with the current version of “Rules Governing the Opening of Bank Accounts & General Operational Guidelines in Saudi Arabia” issued by SAMA or with the rules defined in sections 2.4.1, 2.4.2, 2.4.3, 2.4.4 .
For closed loop prepaid payment products not requiring KYC the account opening rules are defined in section 2.4.5.

2.4.1 Rules for Opening Prepaid Electronic Records where the Contracting Entity is an Individual

For prepaid payment products where the contracting entity is an individual and where the prepaid payment product is not using a simpler form of KYC the said individual shall be the person for whom the bank will need to identify the required information pertinent to doing financial business with them as a customer for KYC purposes. The individual will also be the person against which the required transaction monitoring of KYC, AML and CTF are applied.

Included within these are all consumer prepaid payment services where the contracting entity is an individual. This includes personal payment service products with a single payment device attached, as well as payment service products with sub-records such as youth cards. Specifically for payment service products for minors less than 18 years old the requirements set out in "Rules Governing the Opening of Bank Accounts & General Operational Guidelines in Saudi Arabia", section 200-1-1 “Minors of less than 18 years' old" apply.

For such a payment service product the following conditions shall apply;

1-	A master account shall be opened under the name of the contracting entity.
2-	Electronic record or ‘sub-records’ (sub-accounts of the master account) shall be opened for every payment service product issued.
3-	Such payment service product shall be branded for use at SPAN access points.
4-	Sub-records’ (card accounts) shall not be allowed to accept cash deposits or any credit entries other than the amounts transferred thereto from the master account of the contracting entity.
5-	No monthly statements shall be required for issue for such sub-record customers (sponsored cardholders) unless specifically requested by the contracting entity. Instead, the cardholder can get an ATM-generated brief transaction statement.
6-	The signature specimens of the customers of such sub-records shall not be entered into the issuer's computer system.
7-	The contracting entity shall provide the issuer with completed application forms and copies of the personal documents of sponsored cardholders under its sponsorship and acknowledge that payment services are to be provided to them under its responsibility.
8-	Transactions of such prepaid payment services shall be limited to:
		-	Depositing of funds can only be made by the contracting entity
		-	Withdrawing (via ATM and PoS)
		-	POS purchase
		-	Payment of bills via SADAD
		-	Remittance outside of the Kingdom by the primary cardholder’s membership of a remittance service if included in the contracted payment services agreed with the contracting entity
9-	Such cards shall be delivered to concerned sponsored cardholders by the contracting entity, and personal identification numbers (PIN’s) of the cards shall be delivered by the issuer (the issuer branches or representative) to the primary cardholder under a written form to be kept in the master account file.
10-	A special design shall be adopted for the above-mentioned cards which is consistent with the design specification for SPAN Prepaid cards issued from time-to-time by the SPAN scheme.
11-	Card expiry is to be within 3 years of issue, Card expiry can be extended for certain categories (i.e. Student cards) subject to SAMA approval.
12-	For payroll cards:
		-	Once the cardholders valid Government issued identity card has expired the card has to be stopped.
		-	The issuer shall provide necessary technical support and make available sufficient ATM access to serve the above-mentioned customers as near as possible to their work locations.

All programs must comply with the regulatory rules for prepaid payment services in the Kingdom of Saudi Arabia.

2.4.2 Rules for Opening Prepaid Electronic Records where the Contracting Entity a Juristic Person

For prepaid electronic records where the contracting entity is a juristic person and where the prepaid electronic records is not using a simpler form of KYC, the individual(s) who will be provided the payment service product shall be the person for whom the issuer will need to identify the required information pertinent to doing financial business with them as a customer for KYC purposes. The individual will also be the person against which the required transaction monitoring of KYC, AML and CTF are applied.

Included within these are all commercial prepaid payment services where the contracting entity is a Juristic person. This includes salary payment service products, prepaid procurement cards (petty cash payment products) with a single payment device attached, as well as payment service products with sub-records.

Specifically account opening procedures must be compliant with section 300 of the 'Rules Governing the Opening of Bank Accounts and General Operational Guidelines in Saudi Arabia’ as issued by SAMA.

For the opening of accounts of prepaid payment service products where the contracting entity is a Juristic person the following conditions shall apply;

1-	A master account shall be opened under the name of the Juristic person for each payment service product contracted by the contracting entity.
2-	Electronic record or ‘sub-records’ (sub-accounts of the master account) shall be opened for every payment service device.
3-	Such payment service product shall be branded for use at SPAN access points.
4-	Sub-records’ (the payment device accounts) shall not be allowed to accept cash deposits or any credit entries other than the amounts transferred thereto from the master account of the contracting entity.
5-	No monthly statements shall be required for issue for such sub-record customers (the cardholder) unless specifically requested by the sub-record customer. Instead, the cardholder can get an ATM-generated brief transaction statement.
6-	The signature specimens of the customers of such sub-records shall not be entered into the issuer's computer system.
7-	(a) The contracting entity shall provide the issuer with completed application forms and copies of the personal documents of its personnel and/or beneficiaries to which payment services are to be provided indicating that they are checked and found valid and identical to their respective originals, that the listed personnel and/or beneficiaries work under its sponsorship and/or that they are under its responsibility. The contracting entity must be compliant with all applicable rules. OR (b) The contracting entity shall provide the issuer with a list of the relevant ID numbers of their employees and/or beneficiaries sourced from their valid government identification (e.g. Iqama number). The issuer representative shall source the relevant employee and/or beneficiaries’ information by reference to the Ministry of Interior data held at the National Information Centre and produce the employee and/or beneficiary sub-record application form for later signature by the employee and/or beneficiaries (refer to xii below).
8-	The authorized representatives of the issuer shall review the originals of the valid government identification of the cardholder and attest the authenticity of the provided copies attached to the applications of opening the sub-records.
9-	A form of opening a sub-record or card account for each employee and/or beneficiary shall be signed by the employee and/or beneficiary (only).
10-	No such an individual employee and beneficiary may have more than one sub-record per payment service agreement with the contracting entity.
11-	Transactions of the records of such cards shall be limited to:
		-	Withdrawing (via ATM and/or POS) the amount(s) of the salary and/or other amounts payable to the card holder.
		-	PoS purchase.
		-	Remittance outside of the Kingdom by the employee’s membership of a remittance service if included in the contracted payment services agreed with the contracting entity
		-	Payment of bills via SADAD if included in the contracted payment services agreed with the contracting entity
		-	For payroll cards only: Transfer from card record to employee’s own current account, in the case of the current account being in the same issuer if included in the contracted payment services agreed with the contracting entity.
12-	Such cards can be delivered to concerned employees/beneficiary by juristic person whereas personal identification numbers (PIN’s) of the cards must be delivered by the issuer (the issuer branches or representative) for the primary cardholder under a written form to be kept in the master account file.
13-	A special design shall be adopted for the above-mentioned cards which is consistent with the design specification for SPAN Prepaid cards issued from time-to-time by the SPAN scheme.
14-	Card expiry is to be within 3 years of issue.
15-	For payroll cards:
		-	Once the cardholders valid Government issued identity card has expired the card has to be stopped.
		-	The issuer shall provide necessary technical support and make available sufficient ATM access to serve the above-mentioned customers as near as possible to their work locations.
16-	The above-mentioned service shall be rendered to eligible Juristic persons having a relationship with the issuer.
17-	All programs must comply with the regulatory rules for prepaid payment services in the Kingdom of Saudi Arabia.

2.4.3 Rules for Opening Prepaid Electronic Records where the Contracting Entity is a Government Agency

For prepaid electronic records where the contracting entity is government agency and where the prepaid electronic record is not using a simpler form of KYC, the individual(s) who will be provided the payment service product shall be the person for whom the issuer will need to identify the required information pertinent to doing financial business with them as a customer for KYC purposes. The individual will also be the person against which the required transaction monitoring of KYC, AML and CTF are applied.

Included within these are all commercial prepaid payment services where the contracting entity is a government agency. This includes salary payment service products, prepaid procurement cards (petty cash payment products) with a single payment device attached, as well as payment service products with sub-records.

Specifically account opening procedures must be compliant with the following clauses (Section 500-1-1, sub-clauses 1, 2, 3 and 7 & Section 500-2) of the 'Rules Governing the Opening of Bank Accounts and General Operational Guidelines in Saudi Arabia’ as issued by SAMA.

In addition to the rules laid out in the above, for a prepaid payment product opened under these rules the account terms and conditions must specify the withdrawal functionality and/or value threshold (via POS and/or ATM), as agreed with the Government entity.

For the opening of accounts of prepaid payment service products where the contracting entity is government agency the following conditions shall apply;

1-	A master account shall be opened under the name of the government agency for each payment service product contracted by the contracting entity.
2-	Electronic record or ‘sub-records’ (sub-accounts of the master account) shall be opened for every payment service device.
3-	Such payment service product shall be branded for use at SPAN access points.
4-	With the exception of Student card, Sub-records’ (the payment device accounts) shall not be allowed to accept any credit entries other than the amounts transferred thereto from the master account of the contracting entity.
5-	No monthly statements shall be required for issue for such sub-record customers (the cardholder) unless specifically requested by the sub-record customer. Instead, the cardholder can get an ATM-generated brief transaction statement.
6-	The signature specimens of the customers of such sub-records shall not be entered into the issuer's computer system.
7-	(a) The contracting entity shall provide the issuer with completed application forms and copies of the personal documents of its personnel or beneficiaries to which payment services are to be provided indicating that they are checked and found valid and identical to their respective originals, that the listed personnel work under its sponsorship and/or that they are under its responsibility. The contracting entity must be compliant with all applicable rules. OR (b) The contracting entity shall provide the issuer with a list of the relevant ID numbers of their employees and/or beneficiaries sourced from their valid government identification. The issuer representative shall source the relevant employee and/or beneficiaries’ information by reference to the Ministry of Interior data held at the National Information Centre and produce the employee sub-record application form for later signature by the employee (see xii below).
8-	The authorized representatives of the issuer shall review the originals of the valid government identification of the cardholder and attest the authenticity of the provided copies attached to the applications of opening the sub-records.
9-	A form of opening a sub-record or card accounts for each employee/beneficial shall be signed by the employee/beneficial (only).
10-	No such an individual employee may have more than one employee/beneficial sub-record per payment service agreement with the contracting entity.
11-	Transactions of the records of such cards shall be limited to:
		-	Withdrawing (via ATM and/or POS) the amount(s) of the salary and/or other amounts payable to the card holder.
		-	PoS purchase
		-	Remittance outside of the Kingdom by the employee’s/beneficiaries membership of a remittance service if included in the contracted payment services agreed with the contracting entity
		-	Payment of bills via SADAD if included in the contracted payment services agreed with the contracting entity
		-	For payroll cards only: Transfer from card record to employee’s own current account, in the case of the current account being in the same issuer if included in the contracted payment services agreed with the contracting entity.
12-	Such cards can be delivered to concerned employees/beneficiaries by the Government Entity, whereas personal identification numbers (PIN’s) of the cards must be delivered by the issuer (the issuer branches or representative) for the card holder under a written form to be kept in the master account file.
13-	A special design shall be adopted for the above-mentioned cards which is consistent with the design specification for SPAN Prepaid cards issued from time-to-time by the SPAN scheme.
14-	Card expiry is to be within 3 years of issue, Card expiry can be extended for certain categories (i.e. Student cards) subject to SAMA Approval.
15-	For payroll cards:
		-	Once the cardholders valid Government issued identity card has expired the card has to be stopped.
		-	The issuer shall provide necessary technical support and make available sufficient ATM access to serve the customers as near as possible to their work locations.
16-	The above-mentioned service shall be rendered to the government agencies that have a relationship with the issuer.
17-	All programs must comply with the regulatory rules for prepaid payment services in the Kingdom of Saudi Arabia.

2.4.4 Rules for Opening Prepaid Electronic Records where the Contracting Entity is a Householder

For prepaid payment products where the contracting entity is an individual householder and the contracting entity has satisfied the normal SAMA Account Opening and KYC requirements, as identified at 2.4.1. The contracting entity will also be the person against which the required transaction monitoring of KYC, AML and CTF obligations are applied.

Included within these are all retail prepaid payment services where the contracting entity is a householder who offers payments cards to household members, for the purpose of effecting purchase payments and cash withdrawals using a SPAN debit card drawn on monies for which the contracting entity is the beneficial owner.

Such household members shall be either:

A family member (e.g. wife, son) or have a legal relationship with the contracting entity (e.g. legal guardian).
A contracted employment relationship, where the cardholder is under the sponsorship of the contracting entity.

For such a payment service product the following conditions shall apply;

1-	A master account shall be opened under the name of the contracting entity which is directly related to the bank account of the contracting entity.
2-	Electronic record or ‘sub-records’ (subaccounts of the master account) shall be opened for every payment service product issued.
3-	Such payment service product shall be branded for use at SPAN access points only.
4-	Sub-records’ (card accounts) shall not be allowed to accept cash deposits or any credit entries other than the amounts transferred thereto from the master account of the contracting entity.
5-	Sub-records credits shall not exceed a cumulative maximum of SAR 13,000 in any twelve month period.
6-	No monthly statements shall be required for issue for such sub-record customers (cardholders) unless specifically requested by the contracting entity. Instead, the cardholder can get an ATM-generated brief transaction statement.
7-	The cardholder shall not be required to be subjected to the standard KYC requirements.
8-	The contracting entity shall remain liable and responsible for all transactions effected by the cardholder as evidenced through the sub-record.
9-	The householder has to provide the issuer with completed application details and the National Identification Number for cardholders which have to be validated by the issuer.
10-	In the event of a change of cardholder the contracting entity has to submit the National Identification number of the new cardholder in line with condition ix.
11-	Transactions of such prepaid payment services shall be limited to:
		-	Domestic withdrawals (via ATM and PoS purchase)
		-	POS purchase
		-	Transfers to and from the prepaid payment service record to the contracting entity's own current account.
12-	Issuers will issue cards and personal identification numbers (PIN’s) to the contracting entity for delivery to cardholders (e.g. Household members).
13-	Once the cardholders valid Government issued identity card has expired the card has to be stopped.
14-	A special design shall be adopted for the above-mentioned cards which is consistent with the design specification for SPAN Prepaid cards issued by the SPAN scheme.
15-	Card expiry is to be within 3 years of issue.
16-	All programs must comply with the regulatory rules for prepaid payment services in the Kingdom of Saudi Arabia.

2.4.5 Rules for Opening Prepaid Electronic Records that Use a simpler form of KYC

For Prepaid Payment Electronic Records that uses a simpler form of KYC the following applies:

1-	A master account shall be opened under the name of the contracting entity.
2-	Electronic record or ‘sub-records’ (subaccounts of the master account) shall be opened for every card issued in the programme.
3-	Such card can be:
		a)	used within a closed or restricted loop arrangement different from SPAN access points
		b)	used at specified SPAN access points.
4-	Sub-records’ (the card accounts) shall not be allowed to accept cash deposits or any credit entries other than at the issuance of the card.
5-	No statements shall be required for issue. Instead, the cardholder can request a balance enquiry at participating merchant outlets.
6-	No signature specimens of the customers are required to be obtained.
7-	Transactions facilitated through such cards shall be limited to PoS purchase (excluding cash back option) up to the amount deposited in the card record at the time of activation of the card.
8-	A special design shall be adopted for the above-mentioned cards which is different from the design specification for SPAN Prepaid cards. The card will not carry the SPAN Logo
9-	Card expiry is to be within 2 years of issue.
10-	The above-mentioned service shall be rendered to eligible entities having a relationship with the issuer.
11-	Such accounts must be open under the approval of the compliance officer at the bank according to procedures set by the bank based on its customer categorization process.
12-	All programs must comply with the regulatory rules for prepaid payment services in the Kingdom of Saudi Arabia.

2.5 Anti-Money Laundering & Control of Terrorist Financing
The general rules for Anti-Money Laundering (AML) are set out in the Saudi Arabian "Anti Money Laundering (“AML”) law" and "Rules Governing Anti-Money Laundering & Combating Terrorist Financing", Section 4.2. Any prepaid product must comply with all anti-money laundering/combating financing of terrorism guidelines already implemented in the Kingdom of Saudi Arabia.

2.5.1 Anti-money laundering regulations
Anti-money laundering regulations are designed to prohibit the funding of prepaid accounts with financial money from criminal activities.

2.5.2 Issuer compliance
Irrespective of the number of parties with whom the Issuer may share the issuing activities, the issuer remains liable for ensuring compliance of its prepaid programme(s). If necessary, additional systems, procedures and controls must be deployed by the issuer to ensure compliance with these guidelines.

2.5.3 Monitoring of payment service activity
The issuer is required to monitor on an on-going basis the prepaid payment service activity by undertaking the following tasks and verifying to SAMA their compliance with the Kingdom's AML legislation:
1. Keep up to date the primary cardholder’s verification data (as described in 2.3) held on record as required according to the Anti-Money Laundering (“AML”) law in the Kingdom of Saudi Arabia, Article 5
2. Verify transaction records at regular intervals, where the frequency will depend on the level of risk attributed to the primary cardholder, to ensure that these fall within the scope agreed in the contract established with the primary cardholder;
3. Maintain a log of all the transactions undertaken using the prepaid payment services. This data must be available for scrutiny by SAMA as appropriate when requested;
4. Report suspicious activity promptly to Financial Intelligence Unit if it suspects that funds loaded onto the prepaid account are the proceeds of criminal activity;
5. Such monitoring to be undertaken by the Financial Intelligence Unit as defined in the "Anti Money Laundering (“AML”) law" and "Rules Governing Anti-Money Laundering & Combating Terrorist Financing", Section 4.2;
6. Conduct transaction screening as well as account and primary cardholder behaviour monitoring, to identify any unusual activity;

2.5.4 Funds transfers
If the prepaid payment service allows the primary cardholder to transfer money to a bank account in the Kingdom of Saudi Arabia or abroad, the issuer must conduct the following precautionary measures:
1. Obtain adequate levels of information about the beneficiary bank; and
2. Assess whether the beneficiary bank’s anti-money laundering controls and risk management procedures are adequate; and
3. Screen the beneficiary's bank account against available AML/CFT negative files.
4. Consider all the relevant rules relating to remittances and follow Customer Due Diligence (CDD) processes with individual customers and with receiving banks (correspondent banks).

2.5.5 Face to face verification
Further to the customer due diligence measures carried out at the onset of the contract (see 2.3), a further full verification must be carried out face-to- face whenever:
a. There is a suspicion of money laundering or terrorist financing;
b. There are doubts about the veracity or adequacy of the previously obtained primary cardholder identification data;
c. Higher compliance risks are posed.
The prepaid account must be blocked until full verification occurs if any of the above suspicions are raised.

2.5.6 SAMA Examination
SAMA may conduct the following activities:
a. Request the issuer to provide, detailed information about the transaction (e.g. primary cardholder’s identity, transactions history) upon request;
b. Interview staff at the Issuer to investigate potential compliance issues;
c. Conduct an inspection of the books and accounts of a bank, or affiliated third parties;
d. Impose penalties to any issuer who fails to observe the primary cardholder due diligence and the transaction archiving requirements.

2.6 Data Protection
Banks must ensure that card and account holder's confidentiality is maintained at all times and comply with the requirements of:
a) "Rules Governing Anti-Money Laundering & Combating Terrorist Financing", Section 4.10: "Record Keeping & Retention" and
b) "Rules Governing the Opening of Bank Accounts & General Operational Guidelines in Saudi Arabia", Part 2 "Supervisory Rules & Controls" Section 4: "Updating Account Data".
In addition to the requirements described as follows:
2.6.1 Contracting entity (an individual or a juristic person or government entity) data collection
The issuer is responsible for ensuring that the primary cardholder’s data is collected and processed, irrespective of other parties being involved in providing the service (refer to 1.2.1).
2.6.2 Contracting entity (an individual or a juristic person or government entity) data storage
The issuer shall ensure that contracting entity (an individual or an organisation) personal data, either in electronic format or paper-based, collected during the contracting entity’s recruitment, as well as from the transactional activity of the payment device is stored in secured facilities within the Kingdom of Saudi Arabia (see "Rules on Outsourcing" issued by SAMA).
The data storage facilities and the data transmission processes are considered secured if the issuer has taken the necessary technical and organisational measures to comply with the Payment Card Industry (PCI) standards as defined, to protect the data against:
a) Accidental loss;
b) Alteration, unauthorised disclosure or access;
c) All other forms of unlawful processing.
2.6.3 Third party use of contracting entity (an individual or a juristic person or government entity) and/or primary cardholder data
Prior consent of the primary cardholder is needed when the issuer or a third party wishes to use the primary cardholder’s personal data for services additional to the purpose for which it has been collected (e.g., for e-marketing purposes), except when:
a) The issuer or the third party is required to do so in order to comply with a legal obligation (e.g., responsibility to comply with regulations relating to money laundering); or
b) The data is non-attributable and its use is defined in the contract to which the primary cardholder is party (note: primary cardholders can provide such consent as part of the application process).

2.7 Distance Selling of Reloadable Products

2.7.1Distance selling rules and guidelines
The distance selling rules and guidelines described in this section are applicable whenever a prepaid account and payment device is requested via an internet website, call centre or postal mail. Distance selling applications to an eligible prepaid issuer within the Kingdom for a prepaid account originating from outside the Kingdom of Saudi Arabia.

2.7.2 Provision of contracting entity (an individual or a juristic person or government entity) with contractual terms and conditions
All contractual terms and conditions must be provided in a written form (including electronically).

2.7.3 Confirmation of contract receipt by the contracting entity (an individual or a juristic person or government entity)
Upon completing the electronic full verification (see 2.3.1), the Issuer must confirm that the contracting entity (an individual or a juristic person or government entity) has received the contract information by contacting the primary contracting entity (an individual or a juristic person or government entity) via telephone, postal mail or email or any other electronic means. Contracts can be concluded online.

2.7.4 Cooling off period

The contracting entity (an individual or a juristic person or government entity) shall be entitled to a cooling-off period of 14 days, during which they may terminate the initial contract without any penalties.

a)			The issuer can start the provision of services during the cooling-off period provided the contracting entity (an individual or a juristic person or government entity) agrees to such and the full verification where appropriate has been completed. Agreement during the cooling-off period is deemed granted when contracting entity (an individual or a juristic person or government entity) activates the payment device. Such agreement may not restrict the contracting entity's (an individual or a juristic person or government entity) right to cancel within the 14 day period;
b)			If the contracting entity (an individual or a juristic person or government entity) terminates the contract during the cooling-off period, the contracting entity (an individual or a juristic person or government entity) will be entitled to a full refund of any unused balance (the difference between any loads and spend, and between withdrawals or fees charged to the prepaid payment service account).

2.8 Consumer Protection

2.8.1 Provision of disclosures
The issuer shall provide the disclosures required under this section on or with any application that is made available to the customers, including one contained in a catalogue, magazine, or other generally available publication, to open a prepaid payment service account.

2.8.2 Disclosures with or upon application

A prepaid payment service issuer shall disclose the following with or on an application:

a)	All charges and fees, if any, associated with the use of the instrument, including:
		1)	Fees for issuance, or availability, such as any annual or other periodic fee, expressed as an annualised amount, or any other fee that may be imposed for the issuance or availability of the prepaid payment service, including any fee based on card activity or inactivity;
		2)	Minimum commission charge or any minimum or fixed commission charge that could be imposed upon completion of a certain period;
		3)	Transaction charges or any transaction charge imposed for the use of the payment device for purchases and/or any conditions attaching to such charges;
		4)	Cash withdrawal fees. Any fee imposed on cash withdrawals from the account (if cash withdrawals are allowed);
		5)	Any other fee or penalty fee imposed in connection with the usage of the prepaid payment service account.
b)	The terms and conditions relating to the redemption of the value remaining on the prepaid account. For illustrative purposes, table 2 outlines the "beneficial ownership" of funds held on sub-record accounts.
c)	The rights and liabilities of the contracting entity (an individual or a juristic person or government entity) must be summarised in a set of Terms and Conditions, which shall meet the disclosure requirements contained in these Regulatory Rules;
d)	The time limits during which the contracting entity (an individual or a juristic person or government entity) has the right to cancel the prepaid payment service agreement after it has been signed (the cooling off period);

Table 2: Beneficial owners of funds on prepaid accounts in specific cases

Beneficial Owner	Cardholder	Contracting entity	Account Party Account Type
Employee	Employee	Employer	(Payroll Card)
Child^*	Child	Guardian	Youth Card (U18)
Student	Student	University\Student	(Student Card)
Visitor	Visitor	Committee/visitor	Visitor Card (e.g. Hajj and/or Umrah)
Householder	Domestic Staff	Householder	(Household Card)
Company	Co. Employee	Company	Company Card (Petty Cash)
Welfare Recipient	Welfare Recipient	Government	(Welfare Card)
Cardholder^#	Cardholder	Merchant	(Gift Card)
Cardholder	Cardholder	Cardholder	(General purpose Card)

e)	If the payment device is lost, stolen or misused by someone who obtained it without the contracting entity's (an individual or a juristic person or government entity) consent, any consumer liability, or limit thereof, shall be stated:
		1)	For non-personalised prepaid account products where the contracting entity is anonymous (non-personalised cards) the payment device is considered equivalent to cash.
		2)	For personalised prepaid account products the following liability rules apply:
				1)	Notification to the issuer of loss or theft of the payment device is deemed given when the primary cardholder in person, in writing or by telephone has taken steps to inform the issuer about the loss, theft or possible unauthorised use of the payment device.
				2)	The primary cardholder retains liability for all prepaid payment account usage up to the point of notification to the issuer. No liability shall exist for unauthorised use on the primary cardholder after notification to the payment device issuer;
f)	A statement that the primary cardholder should contact the payment device issuer for any change in personal details / information and the issuer should provide a telephone number or a mailing address for that purpose;
g)	The expiry period and the terms and conditions pertaining to expiration of the instrument;
h)	Any optional additional services shall be presented as a ‘positive option’, which the applicant must indicate, if one wishes to receive them. Any charges for these services must be disclosed;
i)	The customer service office, telephone numbers, Email (if exits) and website URL.

^* The Child/Accountholder is the beneficial owner of the funds, but the Guardian will typically have Power of Attorney and signing rights on the Account until the Child reaches age of majority (18)

^#The value on the Gift Card will be the property of the Cardholder, but may be limited to ‚withdrawal through Purchase‘ at the Merchant outlet. This will be defined in the Prepaid Service Terms & Conditions

2.8.3 Government entities or juristic persons programmes
If the prepaid payment service is a Government or a juristic persons prepaid payment service (see1.3.2 and 1.3.3), the master accountholder/contracting entity shall be responsible for all expenses incurred in processing the payment including bank fees, service provider charges, and all other costs. The Contracting entity is not allowed to share any costs with the primary cardholders, including deducting fees from funds from the account directly or indirectly.
However, in the case of sub-records where the cardholder is the beneficial owner, transaction effected directly by the beneficial owner (e.g. ATM and/or POS transactions) which may be chargeable, can be applied to such sub-record. All other expenses related to production and distributions of cards remain responsibility of the contracting entity.

2.8.4 Written contracts
The issuer must enter into a written contract with the contracting entity (an individual or a juristic person or government entity) which can be in electronic form.

2.8.5 Contract signature
Contracts must be signed by the contracting entity (an individual or a juristic person or government entity). If the contract is entered into online there must be a requirement for a digital signature or exchange of written copies later on.

2.8.6 Contracting entity/Cardholder complaints
The issuer must put in place an effective mechanism to attend to any primary cardholder complaints. The contracting entity (an individual or a juristic person or government entity) will also be able to complain to SAMA in accordance with the SPAN rules.

2.8.7 Communication language
The use of clear and simple language terms is required in all communications. The Arabic language should be the main communication language.

2.8.8 Honouring primary cardholder payment instructions
The issuer shall honour the primary cardholder's instructions for payments, at approved locations, if there is sufficient balance outstanding against the instrument.

2.8.9 Card fees

Periodical fees, such as dormancy fees or inactivity charges, shall not be charged to prepaid payment services, except in the circumstances below and provided that these are clearly stated in the terms and conditions:

a.	There has been no purchase activity using the card in the 3-month period prior to the date on which the charge or fee is imposed;
b.	Such charge or fee, if any, is reasonable and does not exceed limits set in the circulars "Schedule of Maximum Fees for Prepaid Services", appended and updated by SAMA.

2.8.10 Card expirations
Prepaid Payment Services shall be subject to standard SPAN card expiration date,

a. The expiration date is at least 3 years after the date on which the prepaid account funds were first loaded, where the card is a smart/EMV card
OR
B. two years for magnetic stripe cards;
AND
c. the terms of expiration are prominently disclosed

2.8.11 Unfair contract terms
Any term in the contract will be considered unfair if it causes a significant imbalance in the rights and obligations arising under the agreement to the detriment of the account or primary cardholder. Unfair terms will be considered null and void, but shall not affect the validity of any other provisions in the contract. Where there is any doubt as to the meaning of a contractual term, the interpretation should favour the primary cardholder

2.9 Advertising Prepaid Payment Service Products
Advertising for prepaid payment service products must follow SAMA regulations for advertising Financial Service Products, including the SAMA circular dated 28^th Safar 1430H- 8th November 2009, which prohibits banks using names and/or pictures of holy places for any marketing activity. In accordance with the Banking Control Law, issued by Royal Decree, No. M/5Dated 22.2.1386 H, article 23 (5).

2.9.1 Definition of an advertisement
For the purpose of this Regulatory Framework, an advertisement is a commercial message in any medium that promotes, directly or indirectly, a prepaid payment service product.

2.9.2 Minimum level of detail
Advertisement shall clearly state the identity of the issuer making the disclosure (i.e. any public disclosure or communication relating to a prepaid service offering MUST identify the identity of the regulated issuer/IPM notwithstanding any other brand or title under which the service may be offered to market). The minimum level of detail should contain the name of the issuer and the bank address/phone number and specify that the account balance is held by a bank.

2.9.3 Presentation of terms
Advertisement shall only state specific terms that actually are, or will be arranged or offered by the prepaid payment service issuer. The terms shall be presented as a whole with charges shown adjacent to the offer.

2.10 Statementing
For prepaid payment service products requiring full KYC verification, (see section 2.3.1), statement preparation and delivery (either physical delivery by post or notification of electronic statement availability or through branches) must occur, at a minimum, quarterly if requested by the account holder.
The statement must include all transactions credited or debited from the account. The statement shall disclose the following items:
a. Charges/Fees. A disclosure of the amount, itemised and identified by type, of any charges or fees debited to the account during the statement cycle;
b. Address or phone number for notice of statement errors. The address or the phone number to be used for notice of statement errors.
In addition, the issuer shall, upon receipt of an enquiry from the cardholder, provide information about the remaining balance on the payment device, in any appropriate form.
For prepaid payment service products that use a simpler form of KYC, (see section 2.3.2), there are no requirements to issue regular statements. Prepaid payment service customers will be entitled to enquire about the remaining balance on the payment device upon presentment of the payment device at PoS at a participating merchant outlet.

2.11 Cardholder Dispute Resolutions for Prepaid Services

2.11.1 Billing errors

In the following the term “billing error” represents a posting to the prepaid payment service account and which gives rise to an error in the overall balance. Billing errors include:

a)	A transaction that is not made by the primary cardholder or by a person who has authority to use the consumer’s prepaid payment service;
b)	A transaction for which the primary cardholder requests additional clarification;
c)	A failure by the issuer to properly post a transaction onto the prepaid account;
d)	An error of computational or accounting nature that is made by the issuer, so that a charge is either over or understated, including application of fees or penalty charges that are not in accordance with the Terms & Conditions of the Agreement in force.

2.11.2 Billing error notice
A billing error notice is an oral or written message from the primary cardholder that:
a. Is received by the issuer at the call centre or address provided in the Terms and Conditions in force no later than 180 days after the transaction date of the alleged billing error;
b. Enables the issuer to identify the primary cardholder’s name and account number, and, to the extent possible, indicates the primary cardholder’s reasons for believing that a billing error exists, the type of error, the date and amount of the error.
c. Such billing error notice shall be taken seriously by the bank (issuer and/or acquirer).

2.11.3 Handling of billing errors

The bank (issuer) shall handle billing errors as follows:

1-	The primary cardholder can claim for a billing error within a period of 180 days from the transaction date;
2-	Once a bank receives a complaint/billing error from primary cardholder, the bank has to inform the customer by either an oral or a written message of the process by which the bank will deal with the billing error. The bank must ensure that the complaint can be uniquely tracked within the bank's complaint management system as directed by SAMA;
3-	Until a billing error is resolved, the disputed amount, including any charges owed, shall be held in a pooled (suspense) account;
4-	The bank shall conduct reasonable investigations and comply with the appropriate resolution procedures within 12 working days from receiving a billing error notice. If the investigation takes more than 12 working days, then:
		a)	The bank will be liable to be penalized (according to Claim Processing System (CPS) rules)
		b)	The cardholder shall be informed of the current status and revised timeline (which must not exceed additional 18 working days) for resolution by the bank
		c)	The bank has to indicate that an additional time period is required to resolve this issue in the SAMA CPS;
5-	If the bank determines that a billing error occurred as asserted, it shall correct the billing error and credit the prepaid account with any disputed amount and related commissions or other charges from the overages (suspense) account and deliver to primary cardholder by any means, a correction notice;
6-	If the bank determines that a different billing error occurred from that identified in the billing error notice, the bank shall deliver to the primary cardholder by mail or other means an explanation of the reasons for the bank’s conclusion that a different billing error occurred and the reasons for the belief that the billing error alleged by the primary cardholder is incorrect. The bank shall correct the billing error and credit the prepaid account with any erroneous amount and related commission or other charges as applicable, and provide the customer with the applicable documents, if its requested;
7-	The bank has to resolve the complaint/billing error within these additional 18 working days. If bank does not, then the following will occur:
		a)	the bank will be liable to be penalized (double the first charge)
		b)	the bank has to repay the customer (the primary cardholder) the disputed amount
		c)	close this case in the bank's complaint management system and the CPS;
8-	The bank (as issuer) has to provide the complainant (primary card holder and/or the merchant) copies of documentary evidence, especially if the bank determines no billing error occurred, if the complainant requests that;
9-	The complainant (primary card holder) retains the right to escalate the complaint to SAMA, if unsatisfied with the bank’s treatment of the complaint;
10-	The complainant (primary card holder) retains the right to escalate the complaint to the Committee for the Settlement of Banking Disputes (CSBD), if unsatisfied with SAMA's and the bank’s treatment of the complaint;
11-	If the bank has fully complied with the requirements of this section, the bank has no further responsibility if a primary cardholder reasserts substantially the same billing error.

2.12 Merchant Dispute Resolution for Prepaid Payment Services

The prepaid dispute resolution process is as defined in the SPAN Scheme Standard. For avoidance of doubt these are as follows.

2.12.1 Merchant Dispute Resolution

a.	The term “statement error” represents a posting to the merchant’s account which gives rise to an error in the overall balance. Statement errors include:
		1)	A failure by the Operator to credit or debit properly a transaction to the merchant’s account;
		2)	An error of computational or accounting nature that is made by the acquirer, so that a charge is either over or under stated, including application of fees or penalty charges that are not in accordance with the Terms and Agreement in force.
b.	A statement error notice is a written or oral message from the Merchant that:
		1)	Is received by an Operator at the address or telephone number provided in the Terms and Conditions in force no later than 90 days from the transaction date;
		2)	Enables Operator to identify the merchant’s name and account number, and, to the extent possible, indicates the merchant’s reasons for believing that a statement error exists, the type of error, the date and amount of the error.
c.	The Operator (bank) shall handle statement errors as follows:
		1-	Once the Operator receives a complaint from merchant, the operator has to inform the customer by either an oral or a written message of the process by which the bank will deal with the statement error;
		2-	The Operator shall conduct a reasonable investigation and comply with the appropriate resolution procedures no later than 30 working days, after receiving a statement error notice;
		3-	If the Operator determines that a statement error occurred as asserted, it shall correct the statement error and credit or debit the merchant’s account with any disputed amount and related commission or other charges and mail or deliver by other means a correction notice to the merchant;
		4-	If an Operator determines that a different statement error occurred from that identified in the statement error notice, the Operator shall inform the merchant with an explanation of the reasons for the bank’s belief that a different statement error occurred and the reasons for the belief that the statement error alleged by the merchant is incorrect, correct the statement error and credit or debit the merchant’s account with any erroneous amount and related commission or other charges as applicable; and provide the merchant with the relevant documentary evidence if the merchant so requests;
		5-	If an Operator determines that no statement error occurred the Operator shall mail or deliver by other means to the merchant an explanation of the reasons for the bank’s belief that the statement error alleged by the merchant is incorrect, furnish copies of documentary evidence, if the merchant so requests.
		6-	The Operator has to resolve the issue within these 30 working days from the date of receiving the complaint. If the bank does not, then the following will occur:
				a)	the bank will be liable to be penalized;
				b)	the bank has to repay the customer (the merchant) the disputed amount;
				c)	close this case in the bank system;
		7-	The complainant (merchant) retains the right to escalate the complaint to SAMA, if unsatisfied with the bank’s treatment of the complaint;
		8-	The complainant (merchant) retains the right to escalate the complaint to the Committee for the Settlement of Banking Disputes (CSBD), if unsatisfied with SAMA's and the bank’s treatment of the complaint.
		9-	A bank that has fully complied with the requirements described in this section has no further responsibilities if a merchant reasserts substantially the same statement error.

2.13 Merchant Agreements for Closed Loop Prepaid Payment Services
This section provides the rules for the disclosure of information between the prepayment operator, "Operator", (issuer and/or acquirer) of a prepaid payment service transaction and the merchant where the agreement relates to a closed loop prepaid product.

2.13.1 Regulated financial institutions
A closed loop prepaid payment service Operator must be a bank in the Kingdom of Saudi Arabia that is permitted to accept deposits, according to the Banking Control Law, issued by Royal Decree, No. M/5 Dated 22.2.1386 H.

2.13.2 Disclosure of charges

The Operator shall disclose in Merchant Service Agreement all charges, if any, associated with the operation of prepaid payment services and acceptance of prepaid payment service transactions and an explanation of the method of computation of charges as follows:

a.	Card account operational fees. Fees payable by the merchant, which may include card issuing fees, annual fees, load fees, etc.;
b.	Terminal fees. Any prepaid specific fees for the rental of Point of Sale terminal equipment or any connection charges and frequency of assessment;
c.	Merchant Service Commission rates. Any specific prepaid payment service commission rate that is used to compute a commission against the total volume of sales, differentiating between any flat or ad valorem fee, including the frequency of assessment (for example daily, weekly, monthly, etc.). If different rates apply to different types of transactions, the types of transactions and the rates applicable shall also be disclosed;
d.	Other charges and penalty charges. The rate of charges, itemised and identified by type, of any charges other than terminal fees and merchant service commission rates charged to the merchant for accepting prepaid payment service transactions and frequency of assessment.

2.13.3 Changes in charges
The Operator shall inform the merchant in writing of any changes in charges at least 60 working days before the changes take effect.

2.13.4 Cancellation of agreement
The merchant shall have the right to cancel a Merchant Service Agreement with a notice period not to exceed 90 calendar days.

2.13.5 Settlement period
The Operator shall disclose within the Merchant Service Agreement the elapsed time between the deposit of transactions, these being either captured on paper or electronically, and the crediting of the value, less any applicable charges according to section 2.13.2, into the merchant’s account. The Operator must pay or credit their contracted Merchants after the transaction reconciliation process is completed according to the terms and conditions stipulated in the Merchant Service Agreement. Payment must cover the transaction totals reduced by the credits (reversals, adjustments and refunds) and any applicable Merchant discounts.

2.13.6 Merchant’s liability for unauthorised use of prepaid payment services

a.	The Operator shall disclose the prescribed procedures as follows when accepting prepaid payment service transactions, either in the Merchant Service Agreement or an associated set of operating procedures. The disclosure shall cover:
		1-	The process that the merchant must follow to verify the identity of the primary cardholder )e.g. ask the cardholder to enter his PIN) ;
		2-	A statement informing the merchant that it is required to ask for authorisation for all prepaid transactions, (i.e. the floor limit for a prepaid transaction shall be 0 Saudi Riyal, where no offline transactions are permitted)
		3-	The merchant’s obligations for retaining evidence of the transaction, such as receipts and/or electronic records;
		4-	Reasonable time periods within which merchants must provide documented evidence, such as signed receipts, to assist the Operator with resolving primary cardholder disputes rose through the issuer.
b.	The Operator must disclose any merchant liability arising from an obligation to ensure that the prepaid payment service payment system provided is not misused for acts of fraud, dishonesty or misconduct.

2.13.7 Statementing

The prepaid payment service Operator shall mail or deliver by other means a periodic statement to the merchant relating to prepaid transactions credited to the merchant account. The statement shall disclose the following items:

a.	Transactions. A summary of all prepaid payment service transactions, categorised by the charges disclosed in 2.13;
b.	Charges. A disclosure of the amount itemised and identified by type of any charges debited to the merchant account during the statement cycle;
c.	Address for notice of statement errors. The address to be used for notice of statement errors.

2.14 Non-compliance
If SAMA finds that a bank has failed to comply with the rules contained in this document , it may take one or more of the following measures:
- impose fines on prepaid service providers;
- impose, for any specified period, limitations or other restrictions in relation to carrying out prepaid payment service provision by an issuer or acquirer;
- require a prepaid service provider to provide restitution to their customers; and
- request removal of outsourced service providers.
In applying penalties for non-compliance SAMA will be guided by the level of penalties identified in Article 23 of the 'Banking Control Law', No. M/5 Dated 22.2.1386.

2.15 Account Closure
For prepaid accounts issued within the Kingdom, the closing of accounts must be conducted in accordance with the prevailing legislation.
2.15.1 Account Closure Rules for Reloadable Accounts
If a prepaid payment service account is reloadable, the following closure rules apply:
2.15.2 Disclosure:
The Issuing Programme Manager must provide the accountholder/contracting entity with appropriate methods or options to close their prepaid payment service record (account). Such options must be disclosed to the accountholder at the time of account opening.
2.15.3 Accountholder initiated closure:
The accountholder is permitted to request closure of the prepaid payment service record by advising the issuer directly at an issuers premises or branch (including mobile branches), by authenticated contact through a call centre access, or through written request for record closure to a customer service centre. The issuer must offer the accountholder a mechanism by which they can choose to either transfer any remaining balance to another account/record or withdraw the remaining balance in cash.
The prepaid card(s) associated with the record should be returned to the issuer upon record closure, to be securely destroyed. In the event the prepaid card cannot be provided to the bank during the record closure request, the card should be disabled from further use.
2.15.4 Issuer initiated closure:
Issuer (Bank) can initiate a record closure, at their discretion, after a record has been inactive for at least 180 days and in all cases after 5 years, in accordance with the SAMA ‘Rules Governing the Opening of Bank Accounts & General Operational Guidelines in Saudi Arabia’. If a positive balance remains on the record, the bank must inform the accountholder in cases where the account holder is known, in writing or by other suitable means (e.g. SMS) of their intent to close the record and give the accountholder 30 days prior notice from the date of dispatch of the intent to close.
If after this 30 day period the record remains inactive, the bank must close the prepaid record and disable the associated prepaid card(s). Any remaining balance in the record must be transferred to the Unclaimed Balances Account. Funds will remain at the Unclaimed Balances Account to support any refund in the event the accountholder or his representative was to return in the future and request their remaining funds.
2.15.5 Account Closure Rules for Non- Reloadable Accounts
If a prepaid payment service account is non- reloadable (e.g. Gift Card), the account record expires either:
- When the value on the account record has been exhausted/spent.
- When the expiry date of the card is reached.
2.15.6 Cardholder Balance Refund on Non-Reloadable Accounts
If a cardholder requests redemption of the outstanding balance on a dormant or expired card, the merchant is obliged to honor the cardholder request, upon presentation of relevant ‘proof of ownership’.
Such proof shall include:
- Presentation of the relevant Gift Card
- A receipt that may have been issued by the Merchant or Card Issuer at the point of buying such card or alike.
Upon presentation of such proof, the cardholder shall be entitled to reimbursement of the ‘net outstanding balance’⁽⁶⁾ on the account. Such reimbursement may be by way of:
- A re-issued gift card for (at least) the net outstanding balance
- Bankers cheque
- Cash

⁽⁶⁾ The net outstanding balance shall be deemed to be the value outstanding on the card following the last recorded purchase transaction, less any legitimate issuer fees (see 2.8.9) that may be applicable up to the time of the ‘redemption’ request.

a)	Social Insurance accounts/payment products
b)	Procurement accounts/payment products

a)	Payroll cards
b)	Employee benefits cards (Health care, transit, etc.)
c)	Customers incentive cards
d)	Procurement accounts/payment products

Soft Launch