Your access and use of SAMA Regulatory Rulebook and its content is considered as an acceptance and approval of commitment by you without any limitation or condition to the following:
SAMA Regulatory Rulebook is a platform that aims to assist the regulated entities to access SAMA regulatory content adeptly and efficiently.
SAMA Regulatory Rulebook is still on its development and soft launch stage. SAMA is not liable for its contents and does not warrant or represent that (the Services related to the platform, information or material presented in the platform) is displayed free of any inaccuracies, omissions, or errors (“Faults”). SAMA accepts no liability for any loss, claim or damage resulting from any use of the platform, and any decisions made, or actions taken based on the information contained in or generated by the platform.
SAMA Regulatory Rulebook has no legal effect and it does not aim to amend or revoke any legal provisions. The Rulebook still Contains some documents under review, including translated versions. Therefore, SAMA Regulatory content circulated through SAMA official channels remains in force.
Without prejudice to the terms of use of SAMA website Hereby, you acknowledge that any illegal, unauthorized use and/or any breach of any of these provisions may result in legal actions against you.
Effective from Jan 31 2025 - Jan 30 2025 To view other versions open the versions tab on the right
3.
YES
NO
COMMENTS
1.
Have formal written programs of operational risk and loss control including risk assessment and control matrices been developed for all operational and staff areas ?
If yes 1, do these programs include:
*
Proprietary and confidential data ?
*
Physical security of the bank's premises ?
*
Branch fraud prevention and awareness ?
*
Credit card, ATM, trading, and payment systems fraud ?
*
Software piracy and patent / copyright infringement ?
*
Information Systems Security ?
*
Product and service quality assurance ?
*
A dherence to customer contractual obligations ?
*
Compliance with regulatory and statutory requirements within Saudi Arabia ?
*
Others as applicable ?
2.
Does the Operational Risk Management function provide central direction and coordination for operational risk management and loss control and risk financing programs within the institution ? Does its scope include:
*
Timely reporting of losses to senior management, SAMA, insurance carriers, and law enforcement (when appropriate) ?
*
Complete investigation of losses in conjunction with internal audit, bank's security department, insurance carriers and law enforcement (when appropriate) ?
*
Written claims handling procedures for line and staff personnel as well as both in-house claims personnel and external claims handling services ?
*
Review of claims files and investigative procedures ?
*
Coordination of claims and periodic qualitative evaluation of the overall claims handling process ?
*
Follow-up on all open claims and periodic qualitative evaluation of the overall claims handling process?
3.
Has the institution developed penalty/reward systems ? Do these systems include:
*
Regular scheduled comparative evaluation of loss records of various units.
*
Monetary and non-monetary incentives
4.
Has a formal program of operational risk control training been established which emphasizes responsibility and accountability for the control of operational losses ?
