Regulatory Alerts2020-08-17
Guidelines for Combating Financial Fraud in Banks Operating in Saudi Arabia
The Saudi Arabian Monetary Authority issued this Guideline to establish minimum anti-fraud procedures and policies for all banks operating in the Kingdom, replacing the 2008 framework. It mandates that banks implement risk-based governance structures, establish independent Anti-Fraud Units with clear authorities, and deploy automated monitoring systems to detect internal and external fraud. The document further requires continuous staff training, targeted customer awareness programs, and strict reporting obligations to security authorities and the Authority itself within three working days of suspected or confirmed fraud incidents.
==Start of PDF== In the Name of Allah, the Most Gracious, the Most Merciful Saudi Arabian Monetary Authority Central Office
Banking Policies Department No.: .................................... Attachments: (10) Date: 27/12/1441 AH No.: 41071315
Circular
Respected Colleagues, Peace, mercy, and blessings of Allah be upon you.
Subject: Guideline for Combating Financial Fraud in Banks Operating in the Kingdom of Saudi Arabia.
Based on the authorities vested in the Authority under its system issued by Royal Decree No. (23) dated 23/05/1377 AH, and the Banking Supervision System issued by Royal Decree No. (5/M) dated 22/02/1386 AH, and referring to the Guideline for Combating Embezzlement and Financial Fraud and Supervisory Guidelines issued in 1429 AH (2008 AD), and proceeding from the Saudi Arabian Monetary Authority's supervisory and regulatory role, as well as its commitment to protecting the financial sector from being exploited for fraudulent transactions.
Enclosed is the Guideline for Combating Financial Fraud in Banks Operating in the Kingdom of Saudi Arabia, which aims to assist banks in establishing minimum procedures and policies to combat financial fraud cases affecting the banks or their customers, and enhance means of mitigating financial fraud risks, thereby replacing the aforementioned Guideline.
For information and action, with advisory effect until the end of 2020 AD, and mandatory effective January 1, 2021.
Yours sincerely, Fahd bin Ibrahim Al-Shathri Deputy Governor for Supervision
Distribution Scope:
- Banks and financial institutions operating in the Kingdom. P.O. Box 2992, Riyadh 11169, Telegram: MARKAZI, Fax: 404400, Tel: 4633000, Fax: 4662414
==Screenshot for page 2== Guideline for Combating Financial Fraud in Banks Operating in the Kingdom of Saudi Arabia August 2020 AD
Saudi Arabian Monetary Authority Saudi Arabian Monetary Authority
==Screenshot for page 3== Table of Contents
| Part | Page No. |
|---|---|
| Preamble | 3 |
| Introduction | 3 |
| Financial Fraud and Money Laundering | 3 |
| Chapter One: Definitions and General Provisions | 4 |
| Definitions | 4 |
| Objective and Scope of Application | 4 |
| Chapter Two: Governance | 5 |
| Governance and Responsibilities | 5 |
| Organizational Structure | 6 |
| Chapter Three: Duties of the Anti-Fraud Unit | 7 |
| Chapter Four: Human Resources and Training | 9 |
| Human Resources | 9 |
| Training | 9 |
| Chapter Five: Awareness | 10 |
| Chapter Six: Final Provisions | 10 |
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-2
==Screenshot for page 4== Preamble
Proceeding from the Saudi Arabian Monetary Authority's supervisory and regulatory role, and its authorized powers under SAMA System No. (23) dated 23/05/1377 AH and the Banking Supervision System issued by Royal Decree No. (5/M) dated 22/02/1386 AH, and the Anti-Money Laundering System issued by Royal Decree No. (M/20) dated 05/02/1439 AH, and its executive regulations issued by Resolution No. (14525) dated 19/02/1439 AH. Given the banking sector's growth and expansion, accompanied by increasing technological development that stimulates various groups seeking financial benefits by exploiting available technical and social means to create fraudulent methods, taking advantage of deficiencies in any aspect of banks' procedures or technology, or exploiting customers' weak awareness. This necessitated the creation of a guideline to assist banks operating in the Kingdom of Saudi Arabia in providing minimum anti-fraud procedures and standards, handling them, and monitoring new fraudulent methods and phenomena. Given the high expected capability of banks operating in the Kingdom to fully assume their responsibilities, detailed procedures or standards were not strictly specified. Banks must adapt these procedures and standards to suit their nature and activities, without affecting in any way the objective for which any procedure or standard was formulated.
Financial Fraud and Money Laundering Financial fraud is considered one of the primary offenses to money laundering, and there is a close relationship between money laundering and financial fraud. In most cases, fraudsters resort to laundering the proceeds of financial fraud to conceal their illicit sources. Therefore, there is an overlap between measures taken to combat fraud on one hand and anti-money laundering measures on the other.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-3
==Screenshot for page 5== (Chapter One) Definitions and General Provisions
1-1 Definitions The following words and expressions have the meanings indicated opposite each of them, unless the context otherwise requires: Authority: Saudi Arabian Monetary Authority. Guideline: Guideline for Combating Financial Fraud in Banks Operating in the Kingdom of Saudi Arabia. Financial Fraud: Any act aimed at obtaining an unlawful benefit by exploiting technical or documentary means, relationships, social channels, or using functional authorities, or intentionally neglecting or taking advantage of weaknesses in systems or regulatory standards directly or indirectly. Bank: A bank or financial institution licensed to operate in the Kingdom. Bank Employee: Any person linked by an employment relationship and subject to the bank's direct or indirect supervision. Anti-Fraud Unit: The administrative unit in the bank responsible for combating financial fraud and handling related cases and issues. Combating Fraud: The means and procedures taken to prevent or mitigate the occurrence or spread of fraud cases. Internal Financial Fraud: Financial fraud committed by bank employees or with their assistance.
2-1 Objective and Scope of Application: a- This Guideline aims to assist banks in establishing minimum procedures and policies to combat financial fraud cases affecting the banks or their customers, and enhancing means of mitigating financial fraud risks. b- Without prejudice to the provisions of related systems or regulations: This Guideline applies to banks and financial institutions operating in the Kingdom.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-4
==Screenshot for page 6== (Chapter Two) Governance
1-2 Governance and Responsibilities 1-1-2 Banks must incorporate the provisions of this Guideline into their policies, systems, and procedures, and take necessary measures to ensure compliance monitoring, including when delegating some core tasks to a third party, provided that the procedures in this Guideline represent the bank's minimum anti-fraud measures against fraud cases and phenomena. 2-1-2 Banks are responsible for the efficient implementation of the provisions in this Guideline, and they must be handled according to a risk-based approach to mitigate financial fraud risks. 3-1-2 Banks must incorporate anti-fraud requirements into the bank's overall risk management strategy. 4-1-2 The responsibility for combating financial fraud lies with all bank personnel, including the Board of Directors. Responsibilities are defined as follows: Board of Directors: The Board bears general responsibility for combating financial fraud in the bank, and also holds the following responsibilities at a minimum:
- Approving the bank's anti-fraud strategy and monitoring its evaluation and update procedures.
- Approving the anti-fraud policy, which must include at a minimum: a. Establishing an Anti-Fraud Unit that is permanent and effective, with continuous organizational updates. b. Enhancing the culture of combating financial fraud, employee responsibilities, penalties for negligence, and required achievement levels. c. Supporting and promoting integrity throughout the financial institution. d. Comprehensive commitment across all bank policies to comply with systems and regulations. e. Necessary requirements for managing financial fraud risk matters. f. Supervision mechanism for policy implementation, including verifying anti-fraud-related topics. g. Commitment to providing adequate permanent material and human resources for the Anti-Fraud Unit to ensure achieving its objectives. h. Precisely defining the responsibilities of the Anti-Fraud Unit.
- Evaluating management or a delegated committee's periodic review of the bank's anti-fraud policy to verify its effective application.
- Approving recommendations and corrective actions proposed by the Anti-Fraud Unit.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-5
==Screenshot for page 7== 5. Establishing a mechanism by the Board of Directors or a delegated committee to monitor approved recommendations and corrective actions. 6. Holding periodic Board meetings at least quarterly to discuss the most prominent fraud cases and methods, related statistics, analysis results, and required preventive and regulatory measures. 7. Granting the Anti-Fraud Unit necessary authorities to conduct investigations with any bank personnel at various hierarchical levels and access all necessary information and documents to achieve management objectives, while ensuring confidentiality. Senior Management: The responsibility for combating financial fraud lies with senior management in banks. Bank Employees: They are responsible for complying with all instructions, procedures, and policies related to combating financial fraud.
2-2 Organizational Structure Banks establish an independent Anti-Fraud Unit that reports organizationally to the Compliance Department.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-6
==Screenshot for page 8== (Chapter Three) Duties of the Anti-Fraud Unit
The Anti-Fraud Unit generally oversees combating and addressing all topics related to financial fraud, with its main duties as follows: 1-3 Proposing the bank's anti-fraud strategy and evaluating it periodically at least every two years. 2-3 Proposing policies, guidelines, and work procedures related to combating financial fraud and unit duties to ensure efficiency, including at a minimum: a. A mechanism for exchanging information with other banks related to fraud operations, without conflicting with the confidentiality principle. b. Procedures for handling accounts and amounts frozen due to suspected links to financial fraud operations. c. A mechanism for receiving fraud reports from customers. d. Procedures taken before and during employee investigations. e. A mechanism for preserving and securing evidence according to best practices. f. Authorities necessary for customer service staff (front-line employees) to ensure their ability to take necessary action upon receiving any financial fraud report. 3-3 Utilizing recommendations and updates issued by international organizations and best practices related to combating financial fraud. 4-3 Participating in awareness campaigns regarding financial fraud methods according to the provisions of this Guideline. 5-3 Using an automated monitoring system to detect and limit internal and external fraud operations, periodically measuring the system's effectiveness, and updating scenarios in line with developments in financial fraud methods. The monitoring system must include at a minimum: a. Scenarios based on clear procedures. b. Customer behavior analysis across all available channels to detect unusual transactions. c. Special scenarios for monitoring employee accounts. 6-3 Applying enhanced due diligence measures from the Anti-Money Laundering and Counter-Terrorist Financing Guideline, aligned with the nature of financial fraud cases. These measures are implemented in the following cases: a. Suspected fraud occurrence. b. Doubt regarding the validity of submitted documents. c. Receiving a financial fraud report from employees, customers, or other financial institutions.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-7
==Screenshot for page 9== d. Alerts appearing in the automated monitoring system. e. Beneficiaries of amounts resulting from fraud operations. 7-3 Participating in assessing fraud risks for banking products and services with relevant departments. 8-3 Establishing necessary procedures to continuously monitor contracted parties, especially those entrusted with sensitive tasks, and ensuring their compliance with the bank's anti-fraud policy. 9-3 Establishing a database containing all details of actual and suspected financial fraud cases, classified into categories that can be utilized in studying these cases and countermeasures. 10-3 Overseeing investigations into financial fraud committed by bank employees at all administrative levels, with the unit's ability to consult expert agencies when needed. 11-3 Notifying security authorities immediately upon confirmation of any financial fraud operation, regardless of whether the bank was a party and whether material losses resulted. 12-3 Notifying the Authority within no more than three working days of: a. Any new fraud method or phenomenon, with or without resulting financial loss. b. Any internal fraud operation. 13-3 Preparing a separate report for each financial fraud case, whether the bank was a party or not, including at a minimum (case origin, relevant parties, concerned departments, corrective actions, losses if any, methods used). 14-3 Taking necessary measures when the bank is exposed to any financial fraud operation, including but not limited to (investigation, following up on reports submitted to security and investigative authorities, tracking transactions, exchanging relevant information, reviewing policies, identifying deficiencies...). 15-3 When investigating a fraud case, presenting results, recommendations, and corrective actions to a Board of Directors committee (if required). 16-3 When discovering a new fraud method or phenomenon, studying it and presenting results and recommendations to a Board of Directors committee. 17-3 Preparing periodic reports on fraud operations and attempts, along with appropriate recommendations, and submitting them to a Board of Directors committee. 18-3 Submitting periodic statistical reports, as well as ad hoc reports to the Authority, and any other data requested by the Authority. 19-3 Freezing amounts when suspected that a specific account's financial transactions result from a fraud operation, until the source is verified.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-8
==Screenshot for page 10== 20-3 Cooperating with other banks upon receiving a request to freeze amounts from one bank, provided there are grounds for suspicion. The responsibility for freezing and its consequences lies with the requesting bank.
(Chapter Four) Human Resources and Training
The human element is one of the fundamental tools in combating financial fraud, and the bank's selection of qualified personnel, supported by appropriate training programs, contributes to the integration of the anti-fraud process. The bank must comply with the following in this regard:
1-4 Human Resources 1-1-4 Providing necessary human resources to ensure the Anti-Fraud Unit performs its duties efficiently and effectively. 2-1-4 Establishing the requirements and standards to be met by Anti-Fraud Unit employees, ensuring they can perform assigned duties.
2-4 Training 1-2-4 Identifying appropriate training and qualification needs and programs regarding combating financial fraud. 2-2-4 Periodically training and qualifying Anti-Fraud Unit personnel in relevant fields. 3-2-4 Seeking professional certifications for Anti-Fraud Unit personnel related to their field. 4-2-4 Training customer service staff (front-line employees) to ensure their ability to take necessary action upon receiving any financial fraud report. 5-2-4 Implementing specialized anti-fraud training programs suitable for all employee categories according to their roles and responsibilities.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-9
==Screenshot for page 11== (Chapter Five) Awareness
Awareness represents one of the main elements in the anti-fraud system, by enhancing the awareness of employees and customers regarding financial fraud risks, methods, and developments. The bank must comply with the following in this regard: 1-5 Establishing awareness and education programs for customers and employees regarding financial fraud methods, particularly emerging ones, and monitoring the implementation of these programs. 2-5 Continuously measuring the effectiveness and efficiency of awareness tools, building indicators, and conducting necessary studies to raise financial fraud awareness. 3-5 Enhancing customer awareness of the need to verify their fund sources and that they are subject to accountability by competent authorities if fraud in fund sources is suspected. 4-5 Increasing employee awareness and confirming that their cooperation directly contributes to activating the bank's anti-fraud policy. 5-5 Establishing an appropriate awareness method for each category or classification based on the database containing all details of financial fraud cases. 6-5 Continuously reviewing developments, methods, and phenomena in financial fraud in general, and selecting the optimal method for raising awareness about them. 7-5 Utilizing all available and appropriate means to deliver awareness messages to target groups. 8-5 Enhancing the awareness of companies and contracted parties with the bank regarding the bank's anti-fraud policy.
(Chapter Six) Final Provisions
6-1 This Guideline replaces the Guideline for Combating Embezzlement and Financial Fraud and Supervisory Guidelines issued in 2008 AD.
Guideline for Combating Financial Fraud in Banks Operating in the Kingdom | Version No.: 2 | Issue Date: August 2020 AD | Page No.: 1-10
==End of PDF==