Section 7: Monitoring of Transactions and Activities
| No: 18318/486 | Date(g): 17/11/2019 | Date(h): 20/3/1441 | Status: In-Force |
| The monitoring of transactions and activities, including those unusual and suspicious, is an important element for applying the risk-based approach as it enables the financial institution to identify and report any suspicious transactions or activities to the SAFIU. In addition, monitoring systems in the financial institution allow continuous assessment of preventive measures and controls as well as enhancement of their efficiency by making use of any unusual activities detected that led to suspicion of ML/TF. | ||||
| Article (13) of the Anti-Money Laundering Law and Article (69) of the Law on Combating Terrorism Crimes and Financing state the financial institution’s responsibilities to continuously monitor transactions, documents and data to ensure that they are consistent with the information the financial institution has about the customer or business relationship. These responsibilities also include giving particular attention to unusual transactions and activities, especially when they involve high ML/TF risks. | ||||
7.1 | The financial institution shall put in place measures and procedures based on the risk assessment results to monitor transactions and identify unusual transactions and activities. The measures and procedures shall be effectively implemented and documented by the financial institution; and approved at the senior management level. | |||
| 7.2 | When developing the oversight measures and procedures, the financial institution shall apply a risk-based monitoring approach according to the degree and levels of risk derived from the ML/TF risk assessment results. This risk-based monitoring approach shall enable the financial institution to: | |||
| a) | Implement enhanced measures by improving the process and degree of oversight on high-risk customers and transactions, including: | |||
| • | Review and monitoring of high-risk transactions. | |||
| • | Frequent monitoring of the activities and transactions of high-risk customers in addition to preparing relevant reports and frequently carrying out the required internal investigations. | |||
| • | Tracking and financial analysis of unusual activities or transactions carried out by customers. | |||
| b) | Implement simplified measures for low-risk customers and businesses, including reducing the rate and frequency of monitoring in the case of low ML/TF risk. | |||
| 7.3 | Carrying out simplified oversight on low-risk customers and businesses does not mean exemption from the requirements of monitoring as the financial institution shall monitor all customers and transactions on an ongoing basis. However, it allows the financial institution to implement control procedures in a streamlined and simplified manner consistent with the ML/TF risk posed by the customer or business relationship in order to be able to focus its resources on high-risk customers and transactions. | |||
| 7.4 | To apply the risk-based oversight approach, the financial institution shall observe the following: | |||
| a) | The financial institution shall provide supervisory tools commensurate with the risks identified in accordance with Paragraph (1.1) under the ML/TF Risk Assessment Section, to enable it to analyze and detect unusual transactions, patterns, and activities in real time of execution or before that. The financial institution shall provide adequate human resources in this regard to monitor transactions and activities and detect any unexpected or unusual behavior from customers. Such tools shall be consistent with the nature, size, and complexity of the financial institution’s business and it shall ensure adequate and continuous monitoring. | |||
| b) | The financial institution shall develop indicators and patterns commensurate with the risks identified, the complexity of its business and activities, and modern ML/TF technologies so that it can detect unusual transactions or activities according to the requirements, development and diversity of the methods used in the execution of such operations and transactions. The indicators can be transformed into strategies for assessing ML/TF risks and designing controls to mitigate such risks. | |||
| 7.5 | The supervisory tools of the financial institution shall include appropriate technological systems that enable it to monitor transactions and activities and detect any unusual or unexpected behavior from customers as manual monitoring of transactions alone is not sufficient. It is necessary for the financial institution to use effective electronic systems for its continuous oversight of transactions, and the systems used shall be commensurate with its risk complexity and outcomes. However, these systems shall be integrated with the basic systems of the financial institution to achieve the following: | |||
| a) | Linking the risk-based customer classification to the technological system to allow further monitoring of high-risk customers and transactions in accordance with the requirements stated in Paragraph (7.2) in the Monitoring of Transactions and Activities Section. | |||
| b) | Following-up all the business of the financial institution as appropriate to ensure adequate monitoring and control. | |||
| c) | Applying a simplified monitoring approach consistent with the risks posed by low-risk customers and businesses, in accordance with Paragraph (7.2) under the Monitoring of Transactions and Activities Section. | |||
| 7.6 | The financial institution shall test the supervisory tools periodically (Once a year a maximum) to ensure that they are effective and adequate and shall develop these tools based on the results of periodic tests that must be documented. | |||
| 7.7 | The financial institution shall monitor customers and transactions on an ongoing basis and take the necessary preventive measures to review and update customer information and categorize customers based on the monitoring results, in accordance with Paragraph (3.7) in the Due Diligence Section. This is to detect any inconsistency between the information disclosed by customers at the beginning of or during a business relationship and the activities monitored. Customers and transactions shall continue to be monitored until the conclusion of the business relationship. | |||
| 7.8 | The financial institution must qualify and train its employees to carry out the monitoring process according to their various work tasks and it shall not only rely on technological systems and programs, taking into consideration its prescribed ML/TF indicators. | |||
| 7.9 | The financial institution shall develop indicators and typologies commensurate with the nature and risks of its business that point to the suspicion of ML/TF transactions, taking into account the diversity and development of ML/TF methods. Moreover, the financial institution shall constantly update these indicators as required and according to development and diversity of the methods used for ML/TF. It shall also observe the instructions issued by SAMA, the PCCML, or the PCCT and those issued by other local or international bodies, such as the FATF. | |||
| 7.10 | The financial institution’s key positions/posts that might be targeted for ML/TF purposes shall be identified. The financial institution shall closely monitor those holding these positions and ensure that they consistently implement AML/CTF policies and procedures. | |||