LogoRegulatory Alerts
2020-10-05

Digital confirmation of banking products for bank customers

The Saudi Arabian Monetary Authority (SAMA) issues this circular to establish a non-objection framework allowing banks and financial institutions to deliver financing products via digital confirmation services for individuals and SMEs. The guidance mandates compliance with eleven minimum requirements, including utilizing nationally certified digital confirmation providers, maintaining robust risk assessments and security protocols, and adhering to specific application approval timelines of 24 hours for individuals and three business days for enterprises. These updated guidelines supersede previous directives, formally integrating electronic transactions law compliance and requiring updated contracts to ensure legally binding digital execution.

Saudi Central Bank logo

Saudi Arabia

Saudi Central Bank

Click to view thumbnail

In the Name of Allah, the Most Gracious, the Most Merciful Saudi Arabian Monetary Authority (SAMA) Head Office

Banking Policy Department Ref No.: 42009004 Date: 1442/02/18 Attachments: 2 pages

Circular

Dear Sir/Madam, Peace, mercy of Allah and His blessings be upon you,

Subject: Digital confirmation of banking products for bank customers.

Attached are the Authority's guidelines communicated via email on 5 May 2020 regarding the digital confirmation of banking products for bank customers, which take effect from the date of their communication to you via email.

For your information. Yours sincerely,

(Signature) Yazed bin Ahmed Al-Sheikh General Manager of Banking Supervision

Distribution Scope:

  • Banks and financial institutions operating in the Kingdom.

P.O. Box 2992, Riyadh 11169, Telegram: Markazi, Telex: 404400, Tel: 4633000, Fax: 4662414

Suliman R. Aljabrin From: Banking Policy Department Sent: Tuesday, May 5, 2020 11:45 PM Cc: Abdullah Alanazi, Marwan H. Aliohaidan Subject: Digital confirmation of banking products for bank customers

Dear Sir/Madam, Peace, mercy of Allah and His blessings be upon you,

In continuation of the Authority's guidelines issued regarding the Authority's non-objection to providing personal financing products and issuing credit cards for individuals through digital confirmation services, and based on the Authority's commitment to enabling all customers to obtain their banking and financing needs easily and conveniently, and in support of strategic objectives related to digital transformation.

We inform you of the Authority's non-objection to providing all financing products via electronic channels for individual customers of banks and financial institutions, as well as small and medium enterprises (SMEs), through digital confirmation services. This is subject to compliance with the provisions of the Electronic Transactions Law, issued by Royal Decree No. (M/18) dated 8/3/1428 AH, and its executive regulations, and that the bank evaluates the risks associated with the service, identifies the types of financing covered by this service, and establishes adequate controls, policies, and precautionary procedures. The following requirements apply as a minimum:

  1. The digital confirmation service provider must be certified by the National Center for Digital Certification.
  2. The provision of digital confirmation services shall not affect the bank's fundamental procedures for verifying customer eligibility and identity, or the agent/authorized signatory.
  3. The financing application must be created through one of the electronic channels, taking into account necessary procedural controls and notifying the customer via SMS about the application. In addition to the following:
    • Regarding individuals: The application must be activated through another channel, for example: applying the controls for adding and activating beneficiaries as stipulated in the Information Security Regulatory Guide.
    • Regarding enterprises: Considering necessary procedural controls, including but not limited to: explicit authorization of more than one signatory on financing applications, activating the application from another channel, etc.
  4. The bank must verify the approval of the customer/enterprise owner or authorized person to execute the application through a phone call by the contact center or customer service.
  5. The bank is responsible for verifying the information provided by the customer/enterprise before executing the transaction.
  1. Approval of the application must occur after at least 24 hours for individuals, and three business days for enterprises.
  2. Establishing adequate security standards to protect data and communication with the digital confirmation service provider, considering data encryption security standards as well as data privacy.
  3. Retaining copies of documents and all legal attachments regarding digital confirmation.
  4. Updating agreements and contracts to clarify that this service is conducted electronically using digital confirmation, and its electronic execution cannot be challenged.
  5. Specifying the type of financing and its upper limit in accordance with the bank's policy and potential risks based on the bank's classification.
  6. Periodically evaluating and monitoring precautionary controls and ensuring their effectiveness.

These guidelines supersede the Authority's previous guidelines regarding non-objection to providing personal financing products and issuing credit cards for individuals through digital confirmation services.

For your information, and to be acted upon as of its date.

Yours sincerely,

Suliman bin Rashid Aljabrin Director of Banking Policy Department P.O. Box 2992, Riyadh 11169 Kingdom of Saudi Arabia Saudi Arabian Monetary Authority (SAMA) www.sama.gov.sa

Share