| 152. | To ensure effective implementation of a KYC program, DTFCs should apply high ethical and professional standards and policies that all employees must follow. They must determine the types of accounts that are acceptable, in such a way that will prevent DTFCs from being used, intentionally or unintentionally, by criminal elements.
|
| 153. | DTFCs should include certain key elements in the design of their KYC programs, including customer acceptance policy, customer identification as set in these Rules (at minimum), on-going monitoring of high-risk accounts, and risk management.
|
| 154. | DTFCs should deal with the clients by virtue of the names mentioned in their official identification documents accepted according to these guidelines.
|
| 155. | DTFCs must NOT deal, open, operate or maintain any anonymous account, or with vague, counterfeited or incorrect name.
|
| 156. | DTFCs must NOT deal, open, operate or maintain any numeric account without full details.
|
| 157. | If the client requested opening an account or ask for a relationship but it is not possible to open that account because of some suspicions related to KYC in regard to the accuracy, correctness, non-sufficient data or the client not complying the requirements, the DTFCs shall not allow to open the account, start the relationship or execute any transactions. DTFCs must information Financial Investigation Unit at SAMA about the suspicions.
|
| 158. | DTFCs should not only establish the identity of their customers, but should also acknowledge the purpose of opening any account or the relationship and its nature. DTFCs also shall monitor account activity to determine unusual transaction and should continue to exert due diligence toward the business relationship and operation pattern.
|
| 159. | KYC must be a core feature of bank's risk management and internal audit procedures. Intensity of KYC programs beyond these essential elements should be tailored to the degree of risk involved.
|
| 160. | DTFCs operating in KSA are fully responsible for the final recognition of customers' identity, their agents, authorized persons and the beneficiary owners. DTFCs also shall ensure that the identification documents are safe and sound.
|
| 161. | DTFCs should verify the ownership structure for the juristic persons to recognize the ultimate beneficiaries (beneficiary owners) who hold the final power, recognize their identities (at minimum the natural owner who has 5% according to the organization by laws and its attachments or according to available data) and recognize the identities of the managers.
|
| 162. | DTFCs should give special attention to the accounts opened and operated in virtue of delegation.
|
| 163. | Instructions given in SAMA's Money Laundering Control, Financing of Terrorism and Fraud Prevention Manual must be implemented.
|
| 164. | For fulfilling due diligence measures for customers residing outside the kingdom by depending on a third party, DTFCs must obtain from that party an undertaking that it would provide the supervisory authorities in the Kingdom with any requested information about customers immediately.
|
