The Saudi Central Bank (Sama) has made public draft principles for compliance and internal auditing at finance and refinance companies operating in the Kingdom, here (pdf) and here (pdf). The proposed drafts, which come under the central bank’s broader efforts to support the local financial sector, have been put up on the government’s survey platform Istitlaa for public consultation until Tuesday, 25 June.

COMPLIANCE FUNCTIONS-

The pitch: These principles aim to create a regulatory framework for compliance for finance and refinance companies to help bolster internal control. They also aim to set minimum provisions to help measure firms’ compliance and audit progress. They will come into effect six months following their publication on the central bank’s website.

The proposed regulations include:

  • Stipulations that the companies’ board of directors must ensure there is an active compliance unit independent from other departments within the company. The unit would be led by a compliance officer whose appointment and resignation are subject to a non-objection decision from Sama. The board must also sign off on a written compliance policy that is aligned with Sama’s standards, and review periodic compliance reports;
  • Requirements for audit committees to ensure the implementation and effectiveness of awritten compliance policy. They would also have a say in the appointment and evaluation of the compliance officer, and must approve the company’s annual compliance plan;
  • Executive management must define and clarify the role of the independent compliance unit, and prepare a compliance policy that would be subject to approval by the board;
  • The compliance unit would oversee and supervise the company’s rate of compliance, and would be tasked with explaining relevant rules and identifying risks by implementing risk-based compliance programs;
  • The unit would also be tasked with drafting internal policies to fight money laundering, funding of terrorism, and fraud, and report to Sama in case of any violations or irregularities resulting from non-compliance.

REGS ON INTERNAL AUDITORS-

The regulations, in a nutshell:

  • The company’s board must ensure the independence and objectivity of its internal and external auditor. It should also ensure the sufficiency of human and financial resources for internal auditors depending on the company’s size and business volume;
  • Executive management must grant the internal audit unrestricted access to company records, personnel, and premises, and ensure that it has the power to review and access necessary information;
  • Executive management must put metrics and review mechanisms in place to monitor and evaluate internalaudit functions;
  • The company is mandated to prepare a periodic management report on internal audit reviews, which must be submitted either quarterly or annually to the audit committee;
  • External evaluations of the internal audit activities must be made at least once every five years.

Leave a comment

Your email address will not be published. Required fields are marked *