LogoRegulatory Alerts
2020-10-05

Digital Confirmation of Banking Products for Clients of Public Banks in the Kingdom

The Saudi Arabian Monetary Authority (SAMA) issued this circular to permit banks operating in the Kingdom to utilize approved digital confirmation services for personal financing and credit card products, provided they implement specific risk assessments and customer verification protocols. Banks must ensure that service providers are certified by the National Center for Digital Certification, initiate applications through one electronic channel and activate them via another, and secure customer consent through post-submission phone verification within a 24-hour window. Additionally, financial institutions are required to maintain robust data encryption and privacy standards, retain relevant legal documentation, update contracts to validate electronic execution, and set financing limits aligned with their risk classifications.

Saudi Central Bank logo

Saudi Arabia

Saudi Central Bank

Click to view thumbnail

In the Name of Allah, the Most Gracious, the Most Merciful

Saudi Arabian Monetary Authority Headquarters

Banking Policy Department Reference No.: Attachments: 2

Circular

Dear Sir/Madam,

Peace, mercy, and blessings of Allah be upon you.

Subject: Digital Confirmation of Banking Products for Clients of Banks Operating in the Kingdom.

Attached are the Authority's instructions communicated via email on 10 April 2020 regarding the digital confirmation of banking products for clients of banks operating in the Kingdom, which take effect from the date of their communication to you via email.

For your information. Yours sincerely,

Yazeed bin Ahmed Al-Sheikh General Manager of Banking Supervision

Distribution Scope:

  • Banks and financial institutions operating in the Kingdom.

P.O. Box 2992, Riyadh 11169, Telegram: MARKAZI, Telex: 404400, Tel: 4633000, Fax: 4662414

Suliman R. Aljabrin From: Banking Policy Department Sent: Friday, April 10, 2020 9:33 PM Cc: Rasheed S. Alrasheed - Abdullah Shad Al-Anazi Subject: Digital Confirmation of Banking Products for Clients of Banks Operating in the Kingdom Attachments: Regulation of Financial Institutions' Remote Operations According to Specific Conditions.pdf

Circular

Dear Sir/Madam,

Peace, mercy, and blessings of Allah be upon you.

Subject: Digital Confirmation of Banking Products for Clients of Banks Operating in the Kingdom.

In continuation of the Authority's instructions communicated under Circular No. 41050484 dated 21 Rajab 1441H regarding the regulation of "remote" operations of financial institutions according to specific conditions, and considering current circumstances and the Authority's commitment to facilitating and improving banking services by enabling banks to utilize the digital confirmation services approved in the Kingdom for banking products related to personal financing for individuals and credit card issuance.

We inform you that the Authority has no objection to banks utilizing the digital confirmation services for banking products related to personal financing for individuals and credit card issuance, provided that the bank evaluates the associated risks, establishes precautionary controls, verifies the applicant's identity, and applies the following requirements as a minimum:

  1. The digital confirmation service provider must be approved by the National Center for Digital Certification.
  2. The personal financing application for individuals or credit card issuance must be initiated through one electronic channel, and the application must be activated through another channel - for example: applying the beneficiary addition and activation controls stipulated in the Information Security Regulatory Guide, along with sending clear notification messages to the customer regarding the product.
  3. Approval of the application must occur after at least 24 hours have elapsed since the application was submitted.
  4. The bank must verify the customer's consent to execute the application through a phone call made by the contact center or customer service to verify the customer's identity.
  5. The bank is responsible for verifying the information provided by the customer before executing the transaction.
  6. Establish adequate security standards to protect data and communication with the digital certification center, taking into account encryption security standards for data as well as data privacy.
  7. Retain copies of documents and all legal attachments related to digital confirmation.
  8. Update agreements and contracts to clarify that the service is performed electronically using digital confirmation, and its electronic execution cannot be challenged.
  9. Determine the maximum financing limit in accordance with the bank's policy and potential customer risks based on the bank's classification.

For your information, and to be acted upon as of its date.

Yours sincerely,

Suliman bin Rashid Al-Jabrin Director of Banking Policy Department P.O. Box 2992, Riyadh 11169 Kingdom of Saudi Arabia Saudi Arabian Monetary Authority (SAMA) www.sama.gov.sa

Share