The BNPL company shall:

1. Develop appropriate written organizational policies that address, at least, the internal organization guides, governance, stores acceptance and approval procedures, purchase approval and cancellation, credit, risk management, compliance, information confidentiality and security, consumer data protection, outsourcing, human resources, and anti-money laundering and counter-terrorist financing (AML/CTF).
2. Ensure that technological and security equipment in place and related systems are adequate for its operational needs, nature of activity and risk status, in accordance with best practices and SAMA-issued instructions in this regard.
3. Design information technology systems and their processes in a manner that ensures data availability, integration, integrity, and confidentiality. Such systems and processes shall be assessed by the BNPL company on a periodic basis in accordance with the generally accepted technical standards. They shall also be tested before they are used for the first time and after any changes applied to them.
4. Retain all consumer documents, records and files in an orderly, clear and safe manner and ensure that all files are complete and updated periodically, for a period of at least 10 years from the date of the end of the relationship with the consumer.
5. Have sufficient and qualified human resources in terms of knowledge and expertise to meet its operational needs and risk status.