Clari5

Clari5 Market Insights

Saudi Arabia

Saudi Central Bank

Counter-Fraud Framework for FIs

The Saudi Central Bank ( Previouly SAMA) has Issued a Counter-Fraud Framework to Combat Financial Fraud in Financial Institutions Operating in the Kingdom

By when must Financial Institutions (FIs) comply with the mandate?

FIs must meet the Saudi Central Bank Counter-Fraud Framework regulations by June 29, 2023.

Why has Saudi Central Bank issued the new mandate?

The Saudi region has seen a surge in financial fraud owing to rapid developments in financial space in the past few years. Some of the most common modes of financial frauds exploited by fraudsters prevalent in the geography are impersonation, fictitious recruitment, phantom investment, fake web pages or platforms and internal fraud. 55% of the remotely opened online accounts (4.84 million accounts) have Identity Mismatch (Customer Identity number not matching with Identification number used in mobile phones). Existence of loopholes has further accelerated the fraud with weakness in process control system, insufficient investments in anti-fraud systems infrastructure, AI and customer behavior studies, bypassing of customer identity checks, and lack of procedures to verify IBAN and beneficiary match.

Highlights of the mandate

The Saudi Central Bank has established a Counter-Fraud Framework to enable financial organizations it regulates to effectively identify and address risks related to fraud, assess the maturity level and evaluate the effectiveness of the Counter-Fraud controls in the Organizations. The objectives of the Framework are as follows:

  1. To create a common approach for addressing fraud risks within the member organizations.
  2. To achieve an appropriate maturity level of fraud controls within the member organizations.
  3. To ensure fraud risks are properly managed throughout the member organizations.

The framework covers four main domains – Fraud Governance, Prevention, Detection and Response and its sub-modules on how to focus on each of these areas.

Counter-Fraud Framework 1a

To assess the maturity levels of the fraud controls in the organizations, the member organizations will be subject to a periodic self-assessment of a predefined maturity model. The Counter-Fraud Maturity Model distinguishes 6 maturity levels, from 0 to 5. But the goal of the member organizations is to operate at level 3 or higher by the deadline.

Saudi Central Bank defines Maturity Level 3 with expectations such as:

  1. Counter-Fraud controls to be defined, approved and implemented in line with the requirements of the framework.
  2. Implementation of fraud detection system capability to prevent and proactively detect fraud.
  3. Monitoring compliance with a Counter-Fraud documentation to indicate “why”, “what” and “how” Counter-Fraud controls should be implemented according to the Counter-Fraud policies, standards and procedures.

Frauds referred to here are both internal and external frauds to the organization, along with covering every digital and non-digital channel and product. This also includes money laundering, terrorist financing, identity-based frauds, application frauds, account takeovers, employee frauds and other types of financial crimes where organizations which would require due diligence of all the parties, awareness and training programs and risk assessment.

Adhering to the guidelines, Clari5 can help the member organizations with the implementation of fraud detection system capability before deadline to prevent and proactively detect fraud across all products and channels.

How Clari5 helps Saudi Arabia’s FIs quickly comply with Saudi Central Bank’s mandate

Need More Information?