Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
  Versions

 

  • Rules for Electronic Wallets

    No: 46025374 Date(g): 29/10/2024 | Date(h): 26/4/1446Status: In-Force

    Translated Document

    Based on the powers granted to SAMA under the Law of Payments and Payment Services issued by Royal Decree No. (M/26) dated 22/03/1443H and its Implementing Regulations issued on 24/11/1444H, and stemming from SAMA's supervisory and regulatory role over the Payments Sector in the Kingdom.

    We inform you of the issuance of the Rules for Electronic Wallets as per the attached format, and SAMA emphasizes that Electronic Money Companies must comply with all provisions contained therein. These rules shall take effect ninety calendar days from the date of their publication on the official website of SAMA.

    • Article 1

      (1) The terms and expressions mentioned in these rules shall have the meanings specified for them in the Law of Payments and Payment Services and its Implementing Regulations. 
       

      (2) For the purpose of applying the provisions of these rules, the following words and expressions shall have the meanings indicated opposite each of them wherever they appear in these rules, unless the context requires otherwise:

      SAMA:Saudi Central Bank
       
      The Rules: Rules for Electronic Wallets
       
      The Company:An entity licensed as a large electronic money company or a small electronic money company.
       
      Electronic Wallet:A service provided by the electronic money company to a payments services user for the purpose of issuing, storing, and managing electronic money.
       
      Freelancer Certificate Holder:A person who provides their services on a personal basis (per hour, day, or task) instead of working for an employer on a regular salary basis.
       
      Minor:Any male or female under the age of eighteen (Hijri calendar).
       
      The Guardian:The individual responsible for managing the affairs of a minor and representing them, as defined by the Family Law.
       
      The Custodian:The individual responsible for managing the affairs of a minor and representing them, as defined by the Family Law.
       
      The Caretaker:A person designated by a custody decree, authorizing them to receive funds allocated for the ward from governmental or private entities, such as allowances or rewards.
       
      Public Benefit Committees:Committees licensed by local government authorities serving the public, such as Patients Friends Committees, persons with disabilities and the blinds, and awards for academic excellence.
       
      Endowment (Waqf):An endowment registered by the General Authority for Awqaf, including public, private (family), and joint endowments as defined by the competent.
       

    • Article 2

      These rules aim to define the requirements related to opening, maintaining, and managing electronic wallets, which must be adhered to by the company to protect participants in the sector and contribute to enhancing the safety and stability of the sector.

    • Article 3

      These rules apply to the company when providing electronic wallet services in the Kingdom.

    • Article 4

      The company must comply with the following when opening an electronic wallet:

      (1)Review and classify the electronic wallet, and take the actions stipulated in these rules in accordance with the time periods specified for each. 
      (2)Classify the company's customers and ensure that no customer holds electronic money or performs payment transactions exceeding the financial limits set by SAMA within the calendar month, in accordance with the provisions of the Implementing Regulations of Payments and Payment Services Law
             		 
      (3)Retain copies of documents, records, files, and data related to all amounts and dues, according to the required statutory period.
             		 
      (4)Maintain detailed records of all electronic wallets, which must include, at a minimum, the following data:
             		 
       (a)The full name of the customer as recorded in the identification document.
             		 
       (b)The customer's identification number.
             		 
       (c)The customer's national address, place of residence, and approved contact information.
             		 
       (d)Any other data related to the customer, if available or necessary.
             		 
      (5)The company must maintain personal and financial data in electronic records in accordance with the technical specifications determined by SAMA, ensuring ease of access and compliance with the provisions of relevant regulations.
             		 
      (6)The role of the Compliance Department at all stages and during the mentioned periods shall be supervisory to ensure compliance with the requirements of the Rules for Electronic Wallets.
             		 

    • Article 5

      (1)The company must not overlook the professional aspects of the employee, refined through experience and training, which can assist in identifying and assessing the customer's risk level.
       
      (2) The company must ensure that the national ID and/or residency and/or commercial registration and/or freelancer certificate is linked to only one electronic wallet.
       
      (3)The company must verify that the ownership of the phone number registered in the electronic wallet belongs to the same user (i.e., matching name and customer data) through a trusted entity.
       
      (4)The company must apply the verification controls for fintech customers issued by SAMA, as well as related instructions on combating financial fraud, including those related to electronic wallets.
       
      (5)The company must use an automated monitoring system to detect and mitigate internal and external fraud operations, ensuring its comprehensiveness for financial and non-financial operations, and the system's ability to take immediate actions in the event of any financial fraud against the company.
       
      (6)The company must periodically evaluate fraud prevention assumptions and establish measurement indicators to ensure their effectiveness, assess fraud risks, and implement necessary precautionary controls to mitigate them.
       
      (7)The Compliance Department must have timely access to customer identification data, other due diligence information on customers, transaction records, and other relevant data.
       

    • Article 6

      (1)Specific requirements for opening electronic wallets for individuals:
       
       (a)Electronic wallets are opened for citizens based on the national ID card or the family record for minors, and the customer's national address or the national address of the guardian, custodian, or caretaker.
       
       (b)Electronic wallets are opened for resident customers present in the Kingdom based on a copy of the residency ID document, their national address in the Kingdom or the national address of the guardian, custodian, or caretaker, and their address in their home country.
       
      (2)Electronic wallets for minors are opened according to the following requirements::
       
       (a)The electronic wallet must be created by the guardian, custodian, or caretaker, using the national ID or residency ID of the minor, and must not exceed one electronic wallet
       
       (b)The validity of the relationship between the guardian, custodian, or caretaker and the minor must be verified, and a copy of the guardianship decree issued by the competent court for the custodian, or a guardianship decree if the guardian is not the father, or a copy of the custody decree for the caretaker must be provided and verified.
       
       (c)This type of electronic wallet must not include the authority for cash withdrawal, transfers to anyone other than the guardian, custodian, or caretaker, receiving transfers from others, international transfers, or adding funds by any means unless the guardian, custodian, or caretaker approves adding such authorities.
       
       (d)SAMA sets the provisions for funding the electronic wallet of the minor, the maximum monthly payment transaction limit, and the overall monetary value holding limits within the calendar month.
       
       (e)Obtain the family record data where the minor is listed and the national ID data of the guardian, custodian, or caretaker, and verify their validity.
       
       (f)If the minor reaches the age of 18 (Hijri calendar) and is incapacitated or equivalent, the company must obtain a copy of the legal document proving the minor's condition and a copy of the decree of continued guardianship for the guardian or the custodianship decree for the custodian.
       

    • Article 7

      Electronic wallets are opened for legal entities and licensed individuals to practice a profession or activity based on an official document, as follows:
       
      (1)Licensed institutions:
       
       (a)A copy of the commercial registration of the institution or a copy of the activity license if required solely for the institution's activity without the need for a commercial registration.
       
       (b)Identify and verify the identity of the institution's owners as per the name listed in the commercial registration or license, ensuring the validity of their identity and its data.
       
       (c)Identify and verify copies of the identities of individuals authorized to manage and operate the electronic wallets.
       
       (d)In case the institution's owner is an endowment (Waqf), the following must also be fulfilled in addition to the above requirements:
       
        (a)A copy of the valid endowment (Waqf) registration certificate issued by the General Authority for Endowments, including at a minimum the following: Name of the endowment, Endowment deed number and date, Names of the trustees and their ID numbers.
       
        (b)Copies of the IDs of the trustees listed in the registration certificate.
       
      (2)Institutions engaged in e-commerce activities:
       
       (a)The name of the electronic wallet must match the name recorded in the commercial registration, and the purpose of opening the electronic wallet must be specified as (e-commerce).
       
       (b)Verify the electronic platform of the commercial institution through entities licensed by the Ministry of Commerce to certify electronic stores.
       
       (c)Obtain the national address of the institution or its owner.
       
      (3)Freelancer Certificate Holders:
       
       (a)A copy of the freelancer certificate issued by the Ministry of Human Resources and Social Development.
       
       (b)A copy of the national ID of the freelancer certificate holder.
       
       (c)Obtain the national address of the freelancer certificate holder.
       
       (d)The electronic wallet must not be shared or have authorized users.
       
       (e)The validity of the electronic wallet is linked to the expiration date of the freelancer certificate.
       
      (4)Resident Companies:
       
       (a)A copy of the commercial registration.
       
       (b)A copy of the articles of incorporation or the company's bylaws.
       
       (c)A copy of the ID of the responsible manager.
       
       (d)Identify and verify the identities of the board members, if any.
       
       (e) A notarized power of attorney issued by a notary public or an authorized certifier from the person(s) who, under the articles of incorporation, bylaws, partners' resolution, or a board resolution, have the authority to delegate natural persons to sign and operate electronic wallets.
       
       (f)Copies of the IDs of the individuals authorized to sign and operate electronic wallets.
       
       (g) Identify and verify the identities of the company's owners listed in the articles of incorporation or bylaws, as per the latest amendments.
       
       (h)If all or any of the company's owners are endowments (Waqf) as specified in the articles of incorporation or bylaws, the following requirements must also be fulfilled in addition to the above:
       
        (a)A copy of the valid endowment (Waqf) registration certificate issued by the General Authority for Endowments, including at a minimum: Name of the endowment, Endowment deed number and date, Names of the trustees and their ID numbers.
        (b)Copies of the IDs of the trustees listed in the registration certificate for each endowment.
       

    • Article 8

      (1)Electronic wallets are opened for committees, endowments (Waqf), and clubs as follows:
       
       (a)Public Benefit Committees:
       
        (1)A copy of the committee's license issued by the official authority according to its jurisdiction, such as the Ministry of Education, the regional Emirate, or others, when opening electronic wallets.
       
        (2)Copies of the IDs of the council or trustees' members and the committee's bylaws.
       
        (3)Approval from the Compliance Department Manager to open the electronic wallet.
       
        (4)A joint signature by the committee's chairman or secretary and the financial officer for opening the electronic wallet.
       
        (5)It is permissible to open an electronic wallet if the wallets are intended for public benefit activities, whether annual or seasonal, such as festivals, celebrations, or similar events, funded from sources outside the state budget, after obtaining the following:
       
         (a)An official request from the official authority organizing the activity to open and manage the electronic wallet.
       
         (b)A joint signature from the individual authorized to manage the activity and the financial officer, along with copies of their IDs.
       
         (c)Copies of the IDs of the activity committee members.
       
         (d)Specify a defined duration for using the electronic wallet, after which it must be closed once the purpose for which it was opened is fulfilled.
       
         (e)Approval from the Compliance Department Manager to open the electronic wallet.
       
        (6)This type of electronic wallet is not permitted to transfer funds outside the Kingdom.
       
       (b)Endowments (Awqaf):
       
        (a)Endowments overseen by the General Authority for Awqaf:
       
         (1)A letter from the General Authority for Awqaf requesting the opening of the electronic wallet under the name "Revenues and Expenses," specifying the individuals authorized to manage the electronic wallet, with dual authorization powers, along with a statement of their financial powers or their delegation to others.
       
         (2)Copies of the IDs of the individuals authorized to operate the electronic wallet.
       
        (b)Endowments not overseen by the General Authority for Awqaf:
       
         (1)A copy of the valid endowment registration certificate issued by the General Authority for Awqaf, including at a minimum, Name of the endowment, Endowment deed number and date, Names of the trustees and their ID numbers.
       
         (2)A copy of the legal deed of the endowment.
       
         (3)A letter from the authorized person, as per the endowment deed, specifying the individuals authorized to operate the electronic wallet.
       
         (4)Copies of the IDs of the individuals authorized to operate the electronic wallet.
       
         (5)Copies of the IDs of the trustees listed in the endowment registration certificate.
       
         (6)Transfers from the endowment's electronic wallets to outside the Kingdom are not permitted, except for purposes related to managing the endowment's activities, such as consulting service payments, participation in external seminars and conferences, or similar purposes, provided that official approval is obtained from the General Authority for Awqaf.
       
       (c)Clubs:
       
        (a)Electronic wallets for clubs licensed by the Ministry of Sports are opened upon submission of the following documents:
       
         (1)Approval from the Ministry of Finance to open the electronic wallet.
       
         (2)A copy of the license issued by the Ministry of Sports.
       
         (3)A copy of the board formation resolution.
       
         (4)Authorization from the board of directors for the individuals authorized (joint signature) to open and manage the electronic wallet.
       
         (5)Copies of the IDs of the authorized individuals and the board members.
       
        (b)Electronic wallets for cultural and literary clubs under the supervision of the Ministry of Culture are opened upon submission of the following documents:
       
         (1)Approval from the Ministry of Finance to open the electronic wallet.
       
         (2)A copy of the license issued by the Ministry of Culture.
       
         (3)A copy of the board formation resolution.
       
         (4)Authorization from the board of directors for the individuals authorized (joint signature) to open and manage the electronic wallet.
       
         (5)Copies of the IDs of the authorized individuals and the board members.
       

    • Article 9

      The electronic wallet is closed by the authorized person, as follows:

      (1)The customer may submit a request to the company if they wish to close their wallet, and the company must accept the customer 's request to close their wallet and notify them, provided that the electronic wallet is not frozen, restricted, or contains any remaining balance.
       
      (2)The company must allow their Saudi customers and GCC citizens residing in Saudi Arabia to close their wallets without updating their information, provided that the electronic wallet is not frozen, restricted, or contains any remaining balance.
       
      (3)The company must not allow a foreign resident in the Kingdom to close their wallet after the expiration of their residency permit or ID without providing a renewed copy or a final exit visa, provided that the electronic wallet is not frozen, restricted, or contains any remaining balance.
       
      (4)The company may close the electronic wallet after thirty calendar days from notifying the client if a year has passed without any balance in the client's electronic wallet or any financial transactions, unless the wallet is frozen.
       

    • Article 10

      (1)The data of electronic wallets is updated as follows:
       
       (a)The company must request an update of the data under which the electronic wallets were opened at least once every three years from the date the electronic wallet was opened or upon any changes to it. The company must include this in its internal policies and procedures.
       
       (b)The company must notify its customers of the impending expiration of the documents under which the electronic wallet was opened at least 90 calendar days before the expiration of those documents.
       
       (c)The company must, 90 calendar days before a minor customer reaches 15 Hijri years of age, request the guardian, custodian, or caretaker to update the customer's wallet data, obtain the customer's information, and verify its accuracy.
       
       (d)The company must, 90 calendar days before a minor customer reaches 18 Hijri years of age, notify the guardian, custodian, or caretaker of the need to update the customer's wallet data, complete and verify the customer's information, and sign a new wallet agreement with the customer upon reaching 18 Hijri years of age.
       
      (2)Updating the customer's identity:
       
       Identities and official documents are updated according to the durations, as follows:
       
       (a)Identities and documents with a validity period of less than five years must be updated at the end of their specified validity period, such as commercial registrations or licenses.
       
       (b)Identities and documents with a validity period of more than five years must be updated every five years or upon the expiration of the identity or official documents, whichever comes first.
       
       (c)Electronic wallets opened based on approvals or official letters, such as wallets opened for embassies, international organizations or their representatives, or based on licenses and open-ended registrations like public benefit committees and endowments, must be updated no later than every five years.
       
      (3)Remote identity data update:
       
       (a)The company may update the identity data of its customers remotely at its discretion.
       
       (b)The company must verify the validity of identity documents using documents, data, or information from a reliable and independent source and document this process.
       
      (4)Updating customer data:
       
      In addition to the requirements for updating the customer's identity outlined in Paragraph (2) of this Article, the company must update the customer data associated with the electronic wallet at least every three years. Customer data must also be updated in the following cases:
       
      (a) When the customer's information becomes outdated, the specified period mentioned in Paragraph (2) of this Article elapses, or there is a change in the customer's information.
       
      (b)When there is a change in the customer's behavior in conducting transactions on the electronic wallet.
       
      (c)When the company undertakes due diligence measures related to money laundering and terrorism financing risks.
       

    • Article 11

      (1)The company must comply with orders to disclose data of electronic wallets and execute actions on them (such as freezing and mandatory deductions) issued against customers, communicated through the central bank or via banks dealing with the company, based on requests from authorized entities in accordance with the law.
       
      (2)Upon receiving a prohibition order issued by authorized entities, the company must prevent the customer from managing the electronic wallet, conducting debit transactions, and opening new electronic wallets. The prohibition should be limited to the customer's funds and personal status and should not extend to cases where the individual is a guardian, custodian, caretaker, agent, or authorized representative managing an electronic wallet not registered in their name.
       
      (3)When implementing a freeze, the company must adhere to legal provisions related to the freezing of wages or salaries (ensuring that the freeze does not exceed one-third of the net wage or monthly salary of an employee, except in cases of alimony debts, and one-quarter of a retiree's pension, except in cases of alimony debts) while complying with any instructions related to amounts exempt from the freeze.
       
      (4)Prohibition measures will be lifted upon receiving an order to remove the prohibition issued by authorized entities in accordance with the law.
       
      (5)The company must take the necessary actions and measures and provide adequate human and technical resources to implement the provisions stated above.
       
      (6)The company must verify the type and number of the customer's identity against which requests from authorized entities are issued and ensure they match the data registered in the company's systems.
       
      (7)The company must maintain the confidentiality of data and information and not disclose, publish, or allow access to such data and information to any person for any reason, except when the request is made by the customer themselves or their legal representative after verifying its validity, without prejudice to the applicable laws and regulations.
       

    • Article 12

      (۱)The company may accept a payment services order from a user under a one-time payment contract, taking into account the provisions of The Guidance of Anti Money Laundering and Combating Terrorist Financing
       
      (2)When executing a payment services order under a one-time payment contract, the company must collect the identity information of the citizen or resident present in the Kingdom, or the passport and visa information (visit/tourism) or resident with a temporary residence permit and record its number.
       

    • Article 13

      (1)An electronic wallet is considered inactive if it falls under one of the following categories:
       
       (a)Dormant Electronic Wallet: An electronic wallet on which the customer has not performed any transaction for twelve calendar months (one year).
       
       (b)Unclaimed Electronic Wallet: An electronic wallet on which the customer has not performed any transaction for twenty-four calendar months (two years).
       
       (c)Abandoned Electronic Wallet: An electronic wallet on which the customer has not performed any transaction for sixty calendar months (five years).
       
      (2)Inactive electronic wallets are managed as follows:
       
       (a)Inactive electronic wallets are subject to the supervision of senior management to ensure dual oversight in accordance with policies established for this purpose.
       
       (b)The company must contact the customer in accordance with the policy set by the company for this purpose.
       
       (c)If electronic wallets become unclaimed, the funds in them must be transferred to a dedicated aggregate account for such wallets.
       
       (d)Abandoned electronic wallets are placed under the supervision and oversight of the Chief Executive Officer and the Compliance Department.
       

    • Article 14

      Without prejudice to the provisions of Article (11) of these rules, the company must consider the following when dealing with inactive electronic wallets:

      (1)Continue calculating commissions and profits for electronic wallets as agreed upon in the framework agreement.
       
      (2)Review and classify electronic wallets and take the actions specified in the related instructions.
       
      (3)Submit an annual report to SAMA, including a list of inactive electronic wallets, with details of these wallets and any additional information requested by SAMA.
       
      (4)Retain copies of documents and records for all amounts and entitlements according to the statutory period.
       
      (5)Maintain detailed records of electronic wallets containing the necessary customer data as specified in these rules and related instructions.
       
      (6)Retain personal and financial data in electronic records in accordance with the technical specifications determined by SAMA.
       
      (7)The Compliance Department must have a supervisory role throughout all stages and periods mentioned to ensure compliance with electronic wallet instructions.
       
      (8)Establish policies and procedures for handling inactive electronic wallets, including a communication mechanism with the owners of these wallets.
       
      (9)Without prejudice to Clause (c) of Paragraph (2) of Article (13), the balance of the electronic wallet must remain as a financial obligation on the company’s financial position, and any action on the electronic wallet is prohibited.
       
      (10)Verify the absence of debit obligations on the electronic wallet, and if present, they must be settled before transferring the wallet to the aggregate account.
       

    • Article 15

      These rules shall come into effect 90 calendar days from the date of their publication on SAMA's website.