Guide to Regulating Procedures for Operating Exchange Offices in the Kingdom of Saudi Arabia

First Edition February 2015 Saudi Arabian Monetary Agency Guide to Regulating Procedures for Operating Exchange Offices in the Kingdom of Saudi Arabia

---

Table of Contents Definitions 1 Introduction 2 Customers of Exchange Offices 2 Membership Customers 2 Transient Customers 3 Customer Acceptance Policies and Procedures 3 Issuing Membership Cards 4 Conditions for Opening Membership 4 Updating Data 5 General Instructions on Customer Acceptance 6 Know Your Customer (KYC) Principle 7 Customer Due Diligence (CDD) Procedures 7 Exchange Office Activities 9 Buying and Selling Cash Currencies from Customers and Internally 9 Domestic and International Incoming and Outgoing Transfers 14 Bank Checks 19 Ancillary Activities to Banking Operations 22 Cross-Border Transfer of Cash and Monetary Instruments 22 Correspondent Bank Relationships 22 Safety, Security, and Anti-Counterfeiting Systems and Devices 22 Safety and Security Systems 22 Currency Counterfeiting 29 Cash Insurance 29 Reporting 32 Employment and Training 32 Employment 32 Training and Qualification 31 Appendices A

Regulations: • SAMA System • Currency System • Bank Supervision System • Counterfeiting Prevention System • Anti-Money Laundering System Regulations and Instructions: • Rules Governing the Practice of Exchange Activities issued by the Minister of Finance Decision No. 2023 dated 10/12/1375 AH • Executive Regulations for the Anti-Money Laundering System • AML/CFT Rules for Banks, Exchange Offices, and Branches of Foreign Banks in KSA (Third Update - February 2015) • Guide to Combating Fraud and Financial Misappropriation

---

Definitions Institution: Saudi Arabian Monetary Agency (SAMA) Category A Exchange Office: Any institution or company authorized to exchange various currencies, issue and accept transfers from correspondents, and trade in them, as well as traveler's checks, licensed remittance service companies, and rapid transfer service companies. Category B Exchange Office: Any institution or company authorized to exchange various currencies and trade in them, as well as traveler's checks. (Not permitted to issue or accept financial transfers). Financial Intelligence Unit: The authority empowered to receive and analyze reports of suspected entities related to money laundering and terrorist financing from all financial and non-financial institutions. Financial Action Task Force (FATF): An intergovernmental organization whose mandate is to set standards and promote the effective implementation of legal, regulatory, and operational measures to combat money laundering, terrorist financing, and the financing of weapons proliferation, and other threats to the integrity of the international financial system.

---

Introduction The practice of banking activities in the Kingdom of Saudi Arabia is regulated according to the Rules Governing the Practice of Exchange Activities issued by the Minister of Finance Decision No. 2023 dated 10/12/1375 AH, based on the esteemed Cabinet Decision No. 105 dated 07/03/1373 AH. This decision requires exchange offices to obtain a license from SAMA to practice exchange activities under Article 9 of those Rules, which only permits buying and selling foreign currencies, traveler's checks, and bank checks (Category A or B exchange offices). It also permits practicing money transfers within and outside the Kingdom for those licensed by SAMA at the time of the Minister of Finance Decision No. 2023 dated 02/12/1375 AH (Category A exchange offices). The Rules prohibit exchange offices from accepting deposits, and the Bank Supervision System prohibits non-bank entities from practicing banking activities. This guide complements previously issued instructions and rules, including Minister of Finance decisions, SAMA instructions, and AML/CFT rules.

1. Customers of Exchange Offices The term "customer" in this guide refers to a person (natural or legal) who conducts a financial transaction through an exchange office. This category includes citizens, residents, and visitors holding temporary visas/residence permits, as well as pilgrims and Umrah performers, who possess official identification documents. Exchange office customers can be classified as follows: 1.1 Membership Customers: These are natural (individuals) or legal (institutions, companies, entities, etc.) customers who have a membership service relationship (money transfer/currency exchange) with the exchange office. Membership is recorded in a registry at the exchange office, with a unique customer number linked to the name and ID number for citizens, valid residence permit for expatriates, and commercial registry or license for legal entities. Membership includes records containing all customer identification data, plus national ID information for citizens and residence permits for residents, recorded when the relationship is established (creating a unique membership number). The ID number is maintained as an automatic reference for executed transactions, along with a historical record of the customer's financial transactions during the business period.

1.2 Transient Customers: These are natural persons only, not linked to a membership service relationship (money transfer/currency exchange) with the exchange office, as their need to deal with the exchange office involves limited and occasional amounts. Tourists holding temporary visas/residence permits, as well as pilgrims and Umrah performers, are allowed to exchange cash currencies, cash traveler's checks, and receive incoming financial transfers only at authorized exchange offices. The exchange office must maintain a register recording all transactions with this customer category, including detailed transaction data linked to the passport number of pilgrims, Umrah performers, and tourists. Financial limits allowed for transient customers will be clarified in this guide. Citizens and residents are allowed to exchange currencies without opening a membership relationship, as detailed in paragraph 2.2 below. In case of suspicion regarding financial transactions related to money laundering or terrorist financing crimes, the exchange office must promptly report the transaction to the Financial Intelligence Unit, accompanied by a copy of the transient customer's passport and a detailed description of the transaction and customer.

2. Customer Acceptance Policies and Procedures Customer acceptance policies and procedures encompass all factors related to the customer as the person conducting a financial transaction through an exchange office, and taking identity, address, business activity, income level, and fund source verification measures, determining the purpose of the relationship, and avoiding anonymous or fictitious names. Full compliance with SAMA regulations and instructions regarding AML/CFT, as well as KYC and CDD instructions for all customer types and categories, is required, along with establishing necessary classifications and conditions for business relationships, and adhering to all other regulations and instructions.

2.1 Issuing Membership Cards: The exchange office customer fills out personal data forms for individual membership opening or entity membership opening to utilize services provided by the exchange office. The exchange office issues a membership card containing a unique number linked to the automated system, storing personal data, ID copy, signature confirming personal presence, and data accuracy. For authorized exchange offices practicing this activity, it also includes beneficiary data for transfers. The customer can present the membership relationship number during any financial transaction and provide the original ID to verify relationship ownership and ID validity. Membership is subject to regulatory procedures regarding data updates, freezing, holding, and setting financial limits based on customer status, income rates, etc.

2.2 Conditions for Opening Membership: Membership requires fulfilling mandatory identity verification requirements for the user (beneficial owner), including:

• The applicant must be at least 18 years old.
• Complete all KYC data and information in the membership opening form and confirm accuracy by signing.
• Keep a certified copy of the valid National ID for citizens and a copy of the original residence permit for expatriates. For legal entities, keep a copy of the commercial registry or activity license, specify the address and beneficial owner, and know the nature of the activity.
• The exchange office is responsible for matching data and verifying accuracy against original documents provided by the customer, stamping and dating each document, and storing them in the automated system.
• Must have a known identifier for hijab-wearing women (with face covering).
• Must have a known identifier for blind persons and minors.
• For expatriates holding a temporary residence permit in their passport, membership may be granted based on this permit (for 7 months), frozen after expiration until a valid residence permit is issued.
• Importance of following instructions regarding prohibited persons according to UN Security Council resolutions. (Updated data can be obtained from the UN website or subscribing to global systems like CHECK WORLD).
• Specify the number of financial beneficiaries outside the Kingdom and their complete information (name, ID number if available, account number, address).
• Membership relationships cannot be shared by more than one person, nor used for purposes other than the primary purpose for which they were opened.

2.3 Updating Data in the Presence of the Customer Personally: The exchange office must update customer data (regarding membership) in the following cases:

• At the expiration of the ID, commercial registry, or age limit, whichever comes first, max 7 years.
• When doubting the authenticity of the customer's personal ID documents/data or the nature of their financial transactions.
• When their financial transactions do not match the information provided to the exchange office or when the pattern and behavior of financial transactions change.
• When changing or adding a financial beneficiary outside the Kingdom at exchange offices licensed to provide this service.

2.4 General Instructions on Customer Acceptance:

1. The exchange office must, in all cases dealing with customers (natural/legal), identify the customer through valid identification documents.
2. Customer business/activity nature must align with the size, purpose, and type of financial transactions executed, plus knowing the beneficial owner and taking necessary verification measures.
3. Exchange offices are not permitted to treat legal customers (companies, institutions, organizations, associations, travel agencies, hotels, embassies, etc.) as transient customers.
4. Internal delegations or powers of attorney issued by individuals, institutions, and companies, or powers of attorney prepared on exchange office paper to execute transactions, are strictly prohibited.
5. Financial transfers (in Category A exchange offices) or currency exchange on behalf of natural or legal customers with a membership relationship via a special power of attorney issued by the Notary Public are permitted, provided the agent is a Saudi national, all membership holder and agent data are collected per KYC/CDD requirements, and updated when membership is updated or the power of attorney expires.
6. Consider the validity period of residence/visa/temporary residence when dealing with expatriates, pilgrims, and tourists.
7. Collect information from official documents (National ID, residence permit, passport), obtain copies, and have them certified as matching the original by the customer and employee when establishing a membership relationship.
8. Do not accept any business relationship under fictitious, numerical, or anonymous names.
9. Link the membership number to the name and ID number, considering them an automatic reference for executed transactions when establishing the relationship.
10. Apply KYC requirements and AML/CFT rules issued by SAMA, and other related regulations and instructions.
11. Terminate the relationship with the customer when the exchange office cannot verify transaction sources, doubts ID data accuracy/sufficiency, or when the customer continues using transfer membership for purposes other than those established.

2.5 Know Your Customer (KYC) Principle: The purpose of applying KYC is to enable the exchange office to form an appropriate understanding of each customer's true identity with a suitable level of confidence, knowing the types of business and transactions the customer is likely to conduct. Exchange office procedures must include:

1. Continuous identification and verification of all permanent and transient customers.
2. Identification and verification of beneficial owners for all customer transactions to the extent that ensures complete understanding and knowledge.
3. Assessing risks associated with different customer types and taking appropriate measures to enhance identification/verification requirements for customers or beneficial owners.
4. Taking measures to continuously update identification/verification requirements for all customers and beneficial owners.
5. Monitoring changes in customer and beneficial owner identities and taking necessary actions regarding their impact on supervision and oversight requirements.
6. Customer and beneficial owner identification records must be available to the AML/CFT compliance officer and relevant specialized officials.
7. Customer and beneficial owner identities must be verified from reliable and independent sources.

2.6 Customer Due Diligence (CDD) Procedures: Applying CDD here means exchange offices monitor financial transactions of customers and their beneficial owners, ensure understanding, verify all business activities, membership establishment data, and ensure they are reliable and clear. Instructions require exchange offices in the Kingdom to apply basic CDD procedures to all permanent and transient customers, including beneficial owners, continuously and in line with the risk level associated with customer business/transactions, as follows:

• Monitor financial transaction activity and align it with customer-provided information.
• CDD procedures are required when establishing a business relationship and enhanced when executing occasional transactions exceeding disclosed single or aggregate limits, when there is suspicion of money laundering/terrorist financing regardless of exemptions/limits, or when there are doubts about the accuracy/sufficiency of previously obtained customer ID data.
• Verify if any person (natural/legal) acts on behalf of the customer and confirm legality.
• Identify persons (natural/legal) owning or controlling the customer.
• Enhance CDD for high-risk customers/relationships, which may result from commercial activity, structure, ownership, or transaction size/type, including those involving currencies classified as high-risk, or transactions identified by regulations/instructions as posing high risk, such as correspondent bank relationships and politically exposed persons.
• Simple CDD procedures/treatments are not acceptable when suspecting money laundering or terrorist financing.
• CDD requirements may be mitigated for relationships classified as low-risk, such as: a. Individuals whose main income source is salary, pensions, or social benefits from known/appropriate sources, where transaction levels align with fund sources. b. Small-amount transactions or specific transaction types.
• Do not absolutely terminate or restrict business relationships with entire customer categories to avoid risk management or limited financial returns, without considering other risk mitigation measures for individuals in a sector and assessing each case's risk.

3. Exchange Office Activities: 3.1 Buying and Selling Cash Currencies from Customers and Internally in the Kingdom of Saudi Arabia: Buying and selling foreign currencies is an activity requiring a license from SAMA. Currency exchange is a primary exchange activity. Thus, every exchange office (Category A, B) must provide this service. When practicing buying/selling cash currencies (currency exchange), whether for natural or legal customers (individuals or entities), with membership or transient status, the following must be observed:

3.1.1 Natural Persons and Legal Persons (Non-Financial Institutions):

1. Currency exchange transactions for natural persons under 2,000 SAR or equivalent: Sufficient to review the customer's ID to verify legality and validity, with a transaction receipt containing exchange office name, exchange rate, amount in local/foreign currency, and execution date/time only. Transaction is recorded and stored.
2. Currency exchange for foreign customers (2,000 to 20,000 SAR) or equivalent: Take ID copy, register data in automated system, issue receipt with exchange office name, rate, amounts, date/time. Record and store. For tourists/pilgrims with entry visa/temporary residence, review passport info, obtain copy with entry stamp/visa number, certify match by employee, keep passport number as automatic reference.
3. Currency exchange for citizen customers (2,000 to 100,000 SAR) or equivalent: Take ID copy, register data, issue receipt with required details. Record and store. GCC citizens are treated as citizens, identified via passport or national ID from their country.
4. Currency exchange for customers (citizens over 100,000 SAR, foreigners over 20,000 SAR) for high-income earners: Only through membership relationship, aligning customer income with profession/activity. Apply KYC and CDD instructions (paragraphs 2.2 and 2.6). Take ID copy, register data, issue receipt with required details. Record and store in customer record.
5. Currency exchange for legal customers is permitted without financial limits through a membership relationship, applying KYC and enhanced CDD, aligning with membership establishment requirements. Receipt contains all customer info, financial transactions are recorded/stored, and verify:
   • Verify legal customer via valid original documents.
   • Verify beneficial owner/controller of membership/transaction via valid original ID documents.
   • Exercise continuous due diligence, obtain info on membership purpose, customer nature, and business/transaction basis.
   • Record complete data of the authorized executor or agent exchanging currency on behalf of the legal customer in the system.
   • Continuously audit and monitor all financial transactions during the business relationship to ensure alignment with customer knowledge, data, wealth basis, and fund sources.
6. Establish membership relationships for continuous/recurring currency exchange customers, record their buy/sell transactions, link to ID-based membership records, and allow currency exchange only through membership.
7. Customer business/activity nature must align with the size, purpose, and type of executed financial transactions to ensure alignment with customer activity size and annual income limits.
8. When currency exchange transactions repeat without clear/persuasive purpose, or when executing a transaction for a high-risk legal entity or politically exposed person (senior officials, diplomats), the exchange office must enhance CDD, evaluate the relationship, consider restricting/terminating it, or report to the Financial Intelligence Unit if necessary.
9. Customer-provided information must be used only for authorized purposes to maintain banking secrecy terms and prevent use for other purposes.
10. Verify membership customer names against lists of individuals/entities whose assets must be frozen/refused/stopped per supervisory instructions and international decisions (e.g., UN resolutions 1737 and 1566), paying attention to warning data from international organizations like FATF (available at http://www.fatf-gafi.org/topics/high-risk-and-non-cooperative-jurisdictions-riskandnon), and follow country/group blacklist decisions, taking necessary actions.
11. Monitor all transactions to detect abnormal activity patterns lacking clear economic/legal purpose, investigate transaction background/purpose as much as possible, record in writing. Take precautionary measures to avoid fraud.
12. Report any transaction with reasonable grounds for suspicion of criminal/irregular links to competent security authorities (Financial Intelligence Unit for AML/terrorist financing suspicions / Regional Anti-Money Laundering Reporting Centers for other cases like fraud, counterfeiting, forgery, financial crimes).
13. Buying traveler's checks falls under cash currency buying activity, subject to all instructions/requirements for cash currency buying.
14. Direct natural customers wishing to exchange currencies exceeding financial limits to local banks.
15. Conduct customer awareness programs, especially during holidays/travel seasons, noting some countries have currency entry controls, advising customers to verify before buying local currencies for countries whose systems may prohibit entry, to avoid citizen liability.

3.1.2 Financial Institutions: When practicing buying/selling cash currencies with a financial institution (exchange office or bank) local or foreign, the following must be observed:

1. Deal only with locally licensed entities by SAMA. For foreign financial institutions, verify they are licensed by banking sector regulatory/supervisory authorities in countries only permitted to buy/sell cash.
2. Document all cash financial amounts and monetary instrument buy/sell transactions, register in exchange office records.
3. Provide SAMA (Bank Supervision Department) with a monthly statement including all cash/monetary instrument buy/sell transactions with domestic/foreign financial institutions (banks/exchange offices) per Form (Appendix 1).
4. Complete buy/sell agreement procedures for cash/monetary instrument transactions through standard banking procedures before initiating transfer.
5. Pre-agree on buy/sell prices and identify the banking relationship party (cash buy/sell) with the other party to complete the transaction, avoiding bargaining/bidding on cash in domestic/foreign markets.
6. Local exchange offices are responsible for verifying the integrity of cash/monetary instruments they buy/sell and their legal source/use, and accepting that external counterparties share this responsibility.
7. Inspect cash and negotiable payment instruments similar to cash in characteristics, including...