1. Charter purpose
It sets out how the compliance function operates.
The main purpose is to provide a uniform approach to ensure compliance with all laws, regulations related to the industry and internal codes of conduct, which has an impact on the day-to-day activities of the company, to promote a compliant culture at momkn payment financial company, as well as uphold good corporate governance practices.
Compliance with laws, rules and regulation is one of the most important factors for the success of the company. Compliance protects the reputation and credibility of the company; protects shareholders, and provides safeguards to the company against legal sanctions. Compliance is a comprehensive and multi-aspect responsibility involving all parties in the company. It starts with board of directors and senior management and ends with all employees, each according to the powers and tasks entrusted to him.
The compliance charter objective is mainly to ensure that all company’s employees at all designation levels are fully aware of the rules and all applicable regulation and instructions enacted by SAMA, and any relevant regulatory bodies.
2.0 Compliance Risks, standards & Compliance Rules
Compliance can be definition as the adherence to laws, regulations, rules, related self-regulatory organization standards and codes of conduct in matters concerning observing proper standards of market conduct, managing conflicts of interest and specifically dealing with matters such as prevention of money laundering and terrorist financing, and investigations of alleged corrupt and fraudulent behavior.
2.2 Non Compliance Risk
Is the risk of legal or regulatory sanctions, material financial loss, or loss of reputation, the company may suffer as a result of its failure to comply with laws, rules and standards.
2.3 Operational compliance
Includes the assessment of integrity risk and reputation risk in the company’s transactions, in particular certain principles, such as anti-money laundering (AML), Counter Terrorist Financing (CTF ) and know your customer (KYC) as well as compliance issues in relation to the development of the new products or business practices. Anti-money laundering (AML), Counter Terrorist Financing (CTF) and know Your Customer (KYC) will be covere in the Anti-Money Laundering and Counter Terrorist Financing.
2.4 Compliance conduct
Includes risk in terms of conflict of interest, insider trading and other issues related to the professional con conduct of the Board Members, senior management and the company’s staff.
2.5 Compliance standards
Compliance laws, rules and standards have various sources, including primary legislation, rules and standards issued by legislator, supervisors, market conventions and internal codes of conduct applicable to the staff members and other bodies of the company. Compliance laws typically include specific areas such as the prevention of money laundering and terrorist financing.
The company shall address potential risks by adopting an extensive set of guidelines, regulation, rules and instructions governing the activities of the company and its staff. These are likely to go beyond what is legally binding and embrace broader standards of integrity and ethical conduct.
There are a number of conventions, and other internationally used standards that are relevant for the compliance function in addition to the company’s internal corporate governance framework.
3.0 Compliance rules
The applicable compliance rules include, but are not limited to, the following:
- Laws, regulations and relevant circulars , such as:
- Supervisory framework for payment
- Regulations for payment service providers
- Anti-Money laundering law and its implementing regulations
- Currency law
- Anti-Forgery law
- Submission of financial information such as corporate financial statement
- Circulars related to safety and security,
- Anti –Fraud financial Embezzlement law
- Internal Control Guidance Manual
- International Financial Reporting Standards
- Rules for appointment of senior position
- Internal corporate governance framework.
- All other applicable laws issued by the regulators such as, the laws and regulations issued by the Ministry of commerce and investment.
4.1 Board of Directors (BOD)
The Board of Directors (BOD) is responsible for overseeing and assessing the effectiveness of compliance function is managing risk in the company. The board shall perform the following :
- Approve the company’s compliance policy.
- Approve the formal document establishing a permanent and effective compliance function
- Assess the compliance program at least once a year to determine the effectiveness of the company’s implementation of the compliance.
4.2 Senior Management
The senior management is responsible for developing a written compliance policy, approved by the board to manage compliance issues. They are responsible for communicating & implementing the compliance policy, and ensuring its compliance with the policy. The effectiveness of the management of the compliance risk shall be reported to the BOD periodically.
Members of senior management are also responsible for the day-to-day management of compliance risks and to ensure that the procedures and guidance in support of the company’s integrity and ethical standards are adhered to in the areas for which they are responsible. The includes responsibility for ensuring that appropriate remedial or disciplinary action is taken according to the relevant procedures, if breaches are identified.
4.3 Responsibilities of the Compliance Department
The overall responsibility of the compliance function is to assist the company and its departments is identifying, assessing, monitoring and reporting on compliance risks in matters relating to the company. Its operations personal conduct.
Based on this, the compliance officer contributes in an independent manner to the overall risk management of the company in protecting the integrity and reputation of the company and its staff, and through strengthening the company‘s accountability and transparency.
In carrying out his/her responsibility, the compliance officer works closely with a number of other function in the company. She/he strives to cooperate and carry out his/her work in a pro-active manner.
In particular, the compliance function may include the following :
- Maintains the company‘s compliance policy framework, identifies and tracks upstream regulatory developments to ensure that the company is in a position to comply with relevant requirements.
- The compliance department should ensure compliance with applicable laws & regulations. It has, without limitations, the following tasks:
- Identify and deal with all compliance risks and monitors all relevant developments.
- Analyze new business processes, sectors and it recommend measures to address compliance risks.
- Follow a risk-based compliance process, reports its findings to Audit committee at least on a quarterly basis, and were the need arises.
- In respect of all compliance issues, it is responsible for collecting complaints and formulates written guidance for the staff where necessary.
- Prepare internal polices& procedures to combat financial crimes including money laundering and terrorism financing and frud
- Monitors compliance with all applicable laws and regulations relating to anti-money laundering & anti-terrorist financing law rules and regulations.
- Promote awareness of compliance issues and provide training to the employee on compliance related matters.
- Manages maintains and operates controls against money laundering / terrorist financing, which are in compliance with the relevant legislation and requirements of SAMA.
- Advises senior Management on relevant rules, standards, recommendations and practices in the marketplace with special focus on compliance activities, including keeping them informed of the latest developments locally and internationally.
- Develops reporting on corporate governance, significant integrity concerns in the business‘s activities, and assist in the integrity Due Diligence Process in according with the integrity due diligence guidelines and procedures of the company.
- Provides training for staff on compliance issues in order to raise awareness of integrity issues and business ethics by arranging seminars and training sessions as needed and by acting as a contact point for queries from staff members.
- Gives independent advice to management on significant integrity concerns in the Business‘s activities, and assists in the Integrity Due Diligence Process in accordance with the integrity due diligence guidelines and procedures of the company.
- Provides recommendations for improvement and comments on policies, guidelines, rules and procedures for compliance issues such as the company‘s Code of Conduct.
- Assists the Senior Management in achieving affective management of the compliance risks faced by the company.
4.4 Audit committee
The Audit Committee shall assist the Board in carrying out the responsibilities of supervision with respect to the oversight of the company‘s compliance obligations.
The committee shall have specific responsibilities as follows:
- Determine the adequacy and effectiveness of the Compliance Department in executing the compliance policy.
- Approve the annual compliance program.
- Review periodical and annual Compliance Reports.
- Review reports issued by the regulators.
4.5 Internal Audit Function
The internal Audit Department is responsible for the audit and evaluating of existing controls of the departments to ensure that the activities are conducted in accordance with the articles of Association. Internal Audit should ensure the implementation of the Compliance Policy by evaluating its effectiveness. The Internal Audit Department may
Also, provide recommendations to enhance the policy. Moreover, it may take necessary steps to ensure that the Compliance policy is adhered to.
4.6 Compliance Function
In addition to clearly defined responsibilities, the policy underlines the principles pertaining to an effective Compliance Function such as independence, authority, including access to information and reporting.
4.6.1 independence and authority
The compliance Function is established as an independent function in line with the requirements of the policy, which means:
- It has formal status
- The compliance Officer is not engaged in any other business of the company, which could create a conflict of interest.
- The compliance Function is given access to all information and staff necessary to carry out its responsibilities.
However, independence does not prevent a functioning co-operative working relationship
With other departments in the Company including internal Audit.
The Compliance Function shall have access to all departments, units and staff for the purpose of discharging its responsibilities in an independent manner. The Compliance Officer shall have full and unrestricted access to all departments and personal, including the senior management and External Auditors.
Any information accessed by the compliance Officer shall be handled in the same prudent and confidential manner as required from those persons who are normally accountable for such information and documents.
4.6.2 the Regulatory Document of Compliance Function
The items of the regulatory document of the compliance Department should, as a minimum, include the following:
- Covers the department‘s roles and responsibilities.
- Develops standards and measures to ensure independence.
- Maintains relationship with other risk control department within the Company and the internal Audit Department.
- Create the required mechanism for detection and prevention of breaches and non-compliance instances.
- The right to have access to information necessary to carry out its responsibilities and the duty of the Company’s staff to co-operate in supplying this information.
- The right to conduct investigations on potential breaches of the compliance policy and to appoint experts to perform this task if necessary.
- The right to disclose its findings when needed to the Chairman of the Board, Senior Management, the Audit Committee and if necessary, the Board of Directors and SAMA.
- Its official commitment to submit reports to the Board of Directors, the Audit Committee and the Senior Management.
The Compliance Department must submit a Compliance Report to the Audit Committee and thereafter to the Board of Directors to review on a quarterly basis. The Compliance Report must identify and assess the main compliance – related risk facing the Company, analyze the existing processes & procedures assessing their viability and suggest any improvements or changes when necessary.
5.0 Compliance Risk Control
5.1 Identification oh Risk
The Compliance Department should, on a pro-active basis, identify, document and assess the compliance risk associated with Company’s activities (systematic, reputation, strategy risk or others). This business practices, new types of business or customer relationships to be entered into, or material changes in the nature of such relationships.
5.2 Assessment & Measurement of Risk
The Compliance Department should also consider ways to measure compliance risk (e.g. performance indicators) in terms of quantity and quality, and use such measurements to enhance compliance risk assessment annually. Technology can be used as a tool in developing performance indicators by aggregating or filtering data that may be indicative of potential compliance problems (e.g. an increasing number of customer complaints or a rise in fraudulent cases).
5.3 Anti-Money Laundering and Counter- Terrorist Financing
Money laundering and terrorism financing are very grave crimes. Mostly, they are considered as cross border crimes. These are directly related to and affected by principles, standards and recommendations issued by international organizations, committees and task forces within the Kingdom. The responsibility to ensure the Company is in compliance with the anti-money laundering and terrorism financing rules and Know your Customer. Such responsibility includes reporting suspicious
cases of money laundering and terrorism financing activities to the FIU.
A summary shall be included in the written policy approving measures related to anti-money laundering and terrorism financing operations, including the following :
- Anti-Money Laundering Law and its executive regulations.
- Anti-Money Laundering and Terrorism Financing Rules.
- Anti-Money laundering and Terrorism Financing procedures.
- Anti-Money laundering activities.
- Suspicious transactions monitoring.
- The rules for combating money laundering and terrorist financing issued by SAMA
Further classifications may include the following:
- All examined suspicious transactions.
- Retained documents related to suspicious cases.
- Suspicious attempts regardless of transactions.
- Training employees to deal with the means of combating money laundering and terrorism financing, providing a statement about training programs, and coordinates with the authorities.
- International developments in the area of combatting money laundering and terrorism financing.
- On-site visits to assess the employee’s awareness of supervisory controls and laws and by laws in the Company regarding combatting money laundering and terrorism financing.
- Consultation for developing computer programs to facilitate the follow-up of customer’s transactions.
- Preventing the misuse of technological developments in illegal acts.
- Recommendations and development in the area of combatting money laundering and terrorism financing.
- Classifying customers according to the measurement of risk and transaction patterns (high and normal).
- Customers shall not be informed of any suspicious transaction or reports.
5.4 Warning Signals (Alarming Siren)
The Compliance Department shall ensure, in its Annual Compliance Program, the principle of siren alarms, to alert when there is a breach of regulations, internal and external policy violations and cases which expose the Company to compliance risk in certain situations, including rapid growth of the Company, opening of new branches, high rate staff rotation, change of programs and introduction of new electronic systems to the work cycle.
5.5 Outsourcing Process
The activity of the Compliance Department is a major activity for risk management of non-compliance in the Company. There are limited activities that could be outsourced to specialized entities. However, these must remain under the supervision and responsibility of the in house Compliance Function.
5.6 Implementation of an Effective Compliance Policy
A compliance policy adopted by the Company shall not be effective unless it promotes the compliance culture, defines the staff’s responsibilities and penalties in case of negligence, and unless the Board of Directors undertakes the following:
- Supports values of honesty and integrity throughout the Company.
- Establishes an overall and comprehensive commitment to compliance with all relevant laws, rules and standards, which should be included in core of the policy.
- Ensures that an appropriate policy is in place to manage compliance risks
- Oversees the implementation of the policy, and ensuring that compliance issues are resolved effectively and rapidly by the Senior Management with the assistance of the Compliance Department.
- Provision of adequate resources to the entity entrusted with the compliance function.
- Periodically reviewing and independently monitoring the activities of the entity entrusted with the compliance function by the Internal Audit Department.
A well-maintained compliance starts with good understanding of the compliance environment and the compliance education and training is, therefore, an essential foundation of good compliance. There annually.
6.0 Key Elements of Compliance Program
The program will consist of 9 key elements. These elements Include:
- Relationship with SAMA & related regulatory bodies.
- Monitor and assess the level of compliance.
- Provide the required resources to manage the compliance program.
- Violations correction programs.
- Periodic reports.
- Relationship with the other departments.
- Awareness and training.
- Review the policies, procedures, products and services.
- Identify and assess the risks.
7.0 Relevant Laws and Instructions
A description shall be given of all laws, executing regulation, instructions, standards, guidance manuals, and requirements that are not mentioned in the compliance Rules or those, which have not been mentioned in the policy or will arise in the future.
Every member of the company should be aware of the definition of confidential information and how it should be safeguarded and handled. The statutory, contractual and ethical importance of protecting confidential information includes:
- Handling confidential information.
- Safeguarding confidential information.
- Sensitive information about the company.
- Sensitive information about Customers.
9.0 Conflicts of Interest
The responsibility for ensuring that there is no conflict of interest in any decision or action rests primarily with the employee himself and the employee to adhere to core integrity and applicable ethical standers
A description of the necessary controls on all cash gifts. Cash is always prohibited. In case of allowing in kind gifts to employees where the value of the gift is less than a certain limit (Determined by the human Resources Department), controls should be set to this end. Gifts exceeding prescribed limit must be reported to the compliance department for approval. The approval should be given only where there is no conflict of interest or inducement to the employee.
11.0 Compliance and other Function
The Compliance Function is considered as a point of contact for the operating departments to deliver the compliance policies, information and requirements to all employees. Also, provide advice and guidance to the employees in relation to compliance issues.