Saudi Arabian Monetary Agency’s Control Guidelines:
Combating Embezzlement and Financial Fraud
Name: Faten Saeed Al-Mohsin
ID: 200700789
Assignment: Literature Review
Course Name: ASSE 4311- Learning Outcome Assessment
Section: 203
Instructor: Sanobar Anjum
Review of Related Literature
The following review of related literature and studies deals with Saudi Arabian
Monetary Agency (SAMA) as the regulating body for monetary concerns in Saudi Arabia
and the currency laws and regulations formulated by it, fraud, white collar crimes and
embezzlement in the global setting, some internal and other controls to counter or stop
fraud and embezzlement in other countries, measures instituted by SAMA to counter or
stop fraud and embezzlement in Saudi Arabia.
Saudi Arabian Monetary Agency
The establishment of Saudi Arabian Monetary Agency (SAMA) was made
possible by two royal decrees issued on April 20, 1952. The first royal decree (No.
30/4/1046) established SAMA to be based in Jeddah and to open branches in cities and
places as deemed necessary. The second royal decree (No. 30/4/1/1047) established
the approval of SAMA’s Charter and ordained its implementation. Its first Governor was
George A. Blowers, an American, and the Vice Governor was Rasim Al-Khalidi. It
started to do business on October 4, 1952 (www.sama.gov.ksa, 2012).
Due to the monetary and financial crisis faced by the Kingdom during the period
1375H-1377H, the Charter of SAMA was amended by Royal Decree No. 23, which was
issued on November 15, 1957 (23/5/1377H) emphasizing the autonomy of SAMA and
entrusting the responsibility of its efficient administration to a board of directors to
supervise its work and ensure its sound management. The board was assigned all
necessary and appropriate powers for achieving this objective (www.sama.gov.ksa,
2012).
Currency Laws
The Saudi gold sovereign was adopted as the official money of Saudi Arabia by
passing a Royal Decree on 26/01/1372H (16/10/1952). The issuance of the first Saudi
gold coin with the name of King Abdul Aziz was October 22, 1952 (03/02/1372H). The
Second Currency Law and Currency Control Law were issued on July 16, 1957
(18/12/1376H). The Third currency Law was issued on December 15, 1957 (23/5/1
377AH). The current Currency Law is the fourth one and was issued on December 31,
1959 (1/7/1379H)that authorized the issuance of the official paper currency, enjoying a
legal tender status and full power to discharge all public and private debts and
obligations. Under the provisions of this law, SAMA is the only agency that has the
exclusive right to print and mint the Saudi currency. The currency issued should have
full coverage of gold and convertible foreign currencies according to the provisions of
the law (www.sama.gov.ksa, 2012).
The decimal system was also introduced under which the riyal was divided into
twenty qirshes instead of twenty-two qirshes. This means that one Saudi riyal can only
be divided by 20 parts; one qirsh is twentieth of a riyal. The new Law demonetized the
Saudi gold sovereign, the pilgrims’ receipts and silver riyals (www.sama.gov.ksa, 2012).
On August 1, 1984 (13/7/1394H), the Council of Ministers issued a Resolution
that banned the issuance of new commercial licenses for running money changing
business, so that the Ministry of Finance approved body can thoroughly inspect the
status of money changing business. Through a resolution on December 12, 1981
(16/2/1402H), SAMA was granted by the Council of Ministers the sole right to regulate
and control money changing business in the Kingdom. The resolution provided for full
suspension of issuing new licenses, and limiting the practicing of money changing
business to those who already have had a license from SAMA or a commercial license
for practicing such business (www.sama.gov.ksa, 2012). The Article 1 which bans the
issue of new licenses for money changing business of this resolution was cancelled on
January 5, 2009 (8/1/1430H) by the Council of Ministers’ order to meet the Saudi
market's need for money changing firms for selling and buying foreign currencies, and
to satisfy the need of heirs to continue practicing money changing business after the
death of their predecessor (www.sama.gov.ksa, 2012).
To regulate and develop the stock market of Saudi Arabia, a ministerial
committee was set up from the Ministry of Finance, the Ministry of Commerce and
Industry and SAMA in 1984 that further gave SAMA increased responsibility in the form
of operating and regulating the market daily business.
Consequently on SAMA’s
initiative, the banks operating in the kingdom established a Saudi Company for
registering Saudi Shares and related transactions (www.sama.gov.ksa, 2012).
In April 1990, aiming to encourage the use of E-transactions provided by the
banking system, SAMA established the Saudi Payment Network (SPAN), and on May
14, 1997, the Saudi Arabian Riyal Interbank Express Electronic System (SARIE) was
launched. On October 3, 2004, the SADAD Payments System (SADAD) was launched.
SADAD is an intermediary system between billers and the domestic banks that
facilitates and accelerates e-payment process through all banking channels in the
Kingdom that includes ATM, phone banking, and online banking (www.sama.gov.ksa,
2012).
SAMA was given more responsibilities such as the sole responsibility in
licensing, controlling and supervising financial leasing companies (issued by the
Minister of Finance in October 30, 1999), and the supervision of insurance sector (by a
Royal Decree issued on July 31, 2003 as
the Cooperative Insurance Companies
Control Law was simultaneously approved at this date).
The supervision of the Stock Market was shifted to the Capital Market Authority
(CMA) from SAMA effective from July 1, 2004 after a Royal Decree was issued on this
date that created and appointed the members of the board of CMA.
Fraud, White Collar Crimes and Embezzlement
The following are literature written on common crimes committed against
property of business organizations, companies or corporations and common individuals.
These are compiled to give the reader understanding of the topic and why the research
questions and methodology are chosen like so.
According to a study conducted by the Association of Certified Fraud Examiners
(“ACFE”) in 2010 that analyzed almost 2,000 occupational fraud cases across the
globe, with half of them committed in the United States, a median loss of $160,000 per
incident, and 25 percent of the incidents had losses over $1 million were found. Also, it
was found that affirm loses five percent of its annual revenue, and the median duration
from when the fraud begins to when it is discovered is about 18 months (Abagnale,
2011).
Corruption, fraudulent financial statements, and misappropriation of assets are
three main categories of occupational fraud. Corruption includes conflicts of interest,
bribery, illegal gifts, extortion, etc., and constitutes about one-third of occupational fraud
cases, with a median loss of $250,000. Financial statement fraud involves the
intentional misstatement or omission of important information on an organization’s
financial reports costing the company median losses of over $4 million and account for
68 percent of the total reported losses; they have the longest median duration — 27
months (Abagnale, 2011).
Although asset misappropriation is the most common occupational fraud with
almost 90 percent of the cases, it is the least costly, with a median loss of $135,000,
and is the easiest to detect.
Examples of asset misappropriation include stealing
property and cash, creating ghost employees or vendors, falsifying payroll records,
altering checks, submitting fictitious expenses, and many others. However it can be
divided into three major types: fraudulent disbursements of cash, theft of cash receipts
or cash-on-hand, and theft of property or information (Abagnale, 2011).
Fraud
Black’s Law Dictionary states that fraud is “a generic term, embracing all different
means, which human ingenuity can devise, and which are resorted to by one individual
to get advantage over another by false suggestions or by suppression of truth, and
includes all surprise, trickery, cunning, dissembling, and any unfair way by which
another is cheated.”
White Collar Crime
According to Black’s Law Dictionary, White collar crime is a type of nonviolent,
unlawful conduct committed by corporations and individuals including theft or fraud and
other violations of trust committed in the course of the offender’s occupation. Bluecollar workers can also commit so-called white-collar crime. Blue-collar workers have
access to non-cash assets, such as supplies, tools, inventory, and equipment.
Embezzlement
Embezzlement is another type of fraud which is the deceitful or falsified
appropriation of property by one lawfully entrusted with its possession. It means willfully
taking or converting to one’s own use another person’s or entity’s money or property
through acquiring possession lawfully, by reason of some office or employment or
position of trust (Black’s Law Dictionary, 2012).
Defalcation
A defalcation is a type of embezzlement that misappropriate trust funds or money
held in any legal capacity such as entrusted capacity to officers of corporations or public
officials (Black’s Law Dictionary, 2012).
Larceny
Larceny is theft or taking of another’s property without the owner’s consent as the
theft does not have lawful possession of the property or a position of trust. A person
who breaks into an office and steals the petty cash is committing larceny (Black’s
Law Dictionary, 2012).
A company’s accountant who steals the petty cash is an
embezzler.
The Fraud Triangle or Key Factors to Commit Fraud
The research on fraud has identified three key factors necessary for fraud to
result, commonly called fraud triangle, that determine whether a person will commit
fraud are:
1. perceived pressure facing the person,
2. perceived opportunity to commit fraud, and
3. the person’s rationalization, or integrity
For example, an unethical person facing financial pressure will have to identify an
opportunity to commit fraud to be able to commit it. Similarly, a person facing financial
pressure and in a job position that presents an opportunity to commit fraud will not do so
if his personal integrity outweighs the other two factors. On the other hand, even the
second person might commit the fraud if he rationalizes it, for example, by convincing
himself that he is only “borrowing” the money and will pay it back (Linker, 2008).
To find out who committed fraud, using the three elements of the fraud triangle
will help to provide more angles from which to start investigating i.e. an investigator
might determine that several employees in a department had the opportunity to commit
the fraud. Investigation of the employees’ personal lives might reveal that only one of
them also faced pressures that would motivate committing fraud. However, while it is
beneficial to consider pressures and opportunities, rationalizations normally are not a
focus of the investigation because they are difficult to identify (Linker, 2008).
Opportunities to commit fraud can arise when an employee or manager reaches
a level of trust in an organization or when internal controls are weak or nonexistent. For
example the employee has gained trust and can conceal and avoid detection for a long
time such as an employee who has the opportunities to manipulate accounts receivable
in order to steal cash receipts and another one who has the opportunity to steal
inventory such as supplies (Linker, 2008).
To limit the opportunity of employees to embezzle, it is important to place good
controls. However this is not perfectly safe because a person in a high enough level of
trust or authority may be able to override the controls in order to commit the
embezzlement. An example of this is when a trusted manager directs a subordinate to
omit a usually required control procedure (Linker, 2008).
It is important that strict controls be established to make the commitment of
embezzlement. One of these controls is internal control.
What is Internal Control?
An organization’s board of directors, management or other pertinent personnel
may establish in the organization an internal control. It is a process put into place in the
organization that is designed to provide some level of safety regarding the achievement
of objectives in the areas relating to operations, financial reporting, and compliance with
applicable laws and regulations. A strong internal control is seen as the most important
measure against embezzlement and other fraud. It can stop or uncover before hand
most types of misappropriation of assets or fraudulent financial reporting. “Controls
relating to the safeguarding of assets are designed to provide reasonable assurance
regarding prevention or timely detection of unauthorized acquisition, use, or disposition
of an organization’s assets.” Although this type of controls is good to cover operations,
it might also be used in financial reporting controls. Internal control should be revised if
embezzlement and other fraud are uncovered (Linker, 2008).
Owners of small and medium companies or enterprises who are committed to the
internal control process that includes monitoring the flow of paperwork, cleverly noting
the activities and attitudes of personnel, and reading and acting on financial reports can
prevent fraud and, in particular, embezzlement to a great extent (Linker, 2008).
New Federal Banking Crimes in the United States of America
There are new crimes that focus on the banks (or other financial institution) as
the ones who commit the crimes or the criminal activity and not the victims. The
motivation for these types of crimes committed by banks was to gain revenues from
the inflows of drug money into the banking system from the early 1980s. From then
on, the criminalization of receiving or handling the proceeds of illegal activity was
made into law in the USA called money-laundering statutes. The statutes expanded
the government’s law-enforcement goals to protect business institutions and also to
punish severely those that facilitate (even through routine business transactions) the
suspected criminal conduct of their customers (Villa, 2000).
Now the government’s law-enforcement goals were not only to protect these
institutions but also to punish severely those that facilitate (even through routine
business transactions) the suspected criminal conduct of their customers (Villa, 2000).
The criminal statutes are divided into whether the fraud is perpetrated by an
insider or by an insider working with a non-insider such as customer, vendor, borrower,
etc.
The non-insider becomes a conspirator.
The insider is any director, officer,
employee, agent (and occasionally lawyer) of a financial institution. The bank bribery
statute and the misapplication, embezzlement statutes for banks and thrifts and the
false-entry statutes for banks and thrifts are the laws that applied to insiders (Villa,
2000).
There are two basic non-insider banking criminal statutes: the false statement
statute and the bank robbery statute.
The false-statement statute is the banking
criminal statute that affects the most Americans because it prohibits making a false
statement or report, such as willfully overvaluing any property (i.e. land, building, and
home) or security, for the purpose of getting favorable action from a financial institution
action on a loan or other extension of credit; such false statement can be filling up loan
applications with false information about the collateral for a loan. The person giving
false statement or information can be subjected to criminal liability if he or she has the
knowledge that the statements are not true even if the bank did not use the information
(Villa, 2000). .
The bank-robbery statute not only prohibits armed robberies, it also prohibits
one to enter a bank with the intent to commit a felony such as larceny, a nonviolent
crime(Villa, 2000).
Bank fraud is defined as any plan or pretense to defraud or to obtain any money
or property owned by, or under the custody or control of, the financial institution by
means of false or fraudulent pretenses. As long as the victim is a financial institution
like a bank fraudulent representations is considered as bank fraud. It applies to all
such as insiders, customers and vendors to banks (Villa, 2000).
There are many possible kinds of bank crimes and some of them are identified
through most common cases found in both insiders and (Villa, 2000) that include:
• False-credit application is the most common bank crime and occurs when a
false statement is given in a loan application such as misstating the applicant’s current
financial condition (either overvaluing assets or understating liabilities, or both),
denying a poor credit history (such as omitting prior bankruptcies), inflating the value of
the collateral for the loan or even misstating the purpose for the loan.
• Kickback or bribe is one of the most common forms of serious bank fraud; this
happens when a kickback or bribe to the lending officer by the potential.
• "Dead-horse-for-a-dead-cow" or "cash for trash" happens when officers
involved would conceal unpaid loans.
• Hidden interests are a common fraud done by insiders is to direct transactions
between the bank and an outside company that is secretly controlled by the bank
insider. As a result, goods or services, or occasionally assets, are purchased by the
bank at inflated prices or on unfavorable terms.
• Embezzlement from customer or trust accounts occurs when fraudulent bank
officer or employee are tempted to dip into inactive, large bank and trust-account of
many foreign customers who leave large balances in their accounts for extended
periods.
Combating Fraud and Corruption in Australia
Although Australia is one of the least corrupt countries in the world, being
number 8 with Switzerland on the recent Corruption Perceptions Index (based on how
corrupt their public sector is perceived to be, assessing perceptions of bribery of public
officials, kickbacks in public procurement, embezzlement of public funds and the
effectiveness of anti-corruption measures) conducted by Transparency International, it
recognizes the fact that that there is a high cost of corruption in Australia. Consequently,
Australia institutes a variety of federal and state anti-corruption agencies and programs.
It has AUSTRAC to fight anti-money laundering and regulates counter-terrorism
financing and its specialist financial intelligence unit. AUSTRAC funds a number of
programs aimed at building the capacity of financial intelligence units in the AustralAsian region. It conducts workshops and training courses in using financial intelligence
to detect corrupt behaviors and combating corruption and strengthening anti-money
laundering outcomes to officials from the region.
SAMA and Combating Embezzlement and Financial Fraud
There are instances of fraud in the Kingdom of Saudi Arabia. One good example
was the bitter dispute between two of Saudi Arabia's richest families, that of the Al
Gosaibi clan and their son-in-law, Ma'an al Sanea that affected the world banking
industry that affected the Saudi economy.
The clan accused Ma'an al Sanea of
embezzling $10 billion from the business. Because of many suits and countersuits,
some banks were forced to write off hundreds of millions of dollars (Quinn, 2008).
What are the activities and laws and regulations that SAMA has instituted to
prevent embezzlement and financial fraud? Like any other country, Saudi Arabia wants
to stop embezzlement and financial fraud once and for all because of the crimes’ effect
to its economy.
Anti Fraud and Embezzlement Efforts in Saudi Arabia
Fraud is one of the challenges facing banking and financial institutions as it
hinders performance, causes depletion of money and scarce resources and hurts the
institution's reputation and its competitiveness. The damage may take several forms
other than the financial loss itself no matter how heavy it is. The largest damage may be
that which seriously affects the institution's performance, reputation, credibility, the
market's and public's confidence in it, and, eventually, results in its exposure to various
risks. Fraud is a big problem which is not limited to a particular private financial,
industrial or services institutions. Moreover it can adopt with changes which may arise in
any sector. In spite of internal audit, control and investigation mechanisms and
independent external auditors' conditions and professional conduct rules, the
occurrence of fraud continues. It is often difficult, and in most cases impossible, to
recover the funds wasted due to fraudulent transactions. Thus the programs for
combating and controlling fraud acts are much more cost effective than attempts to
recover embezzled funds (www.sama.gov.ksa, 2012).
Although a number of banks resort to insurance to protect themselves from
operational risks resulting from incidents such as fraud and embezzlement acts by their
employees, yet they cannot rely totally on insurance as a way for reducing operational
risks. Delay in payment and challenges to contractual conditions prove that insurance
does not provide an ideal coverage. In addition negative results of claims related to
fraud will lead to an increase in insurance premiums, especially when market forces
tend to raise insurance premiums even for banks with "clean records". As for statutory
capital adequacy recommended by Basel Committee for operational risks, banks will be
required in future to allocate statutory reserves of their capital for operational risks.
Banks with bad records in combating fraud will find that their financial resources will be
affected negatively due to an increase in their capital reserves, apart from incurring
direct financial losses and increasing insurance premiums (www.sama.gov.ksa, 2012).
Due to the rapid technological advancement and spread of organized crimes
worldwide, it is necessary to review such strategy regularly and update it to cope with
new risks and techniques used by fraudsters. These guidelines aim at helping senior
officials to carry out this task (www.sama.gov.ksa, 2012).
Examples of Banking Fraud
There are several examples of banking fraud in Saudi Arabia such as the
following (www.sama.gov.ksa, 2012):

Embezzling cash money and other precious assets.

Counterfeiting or distorting documents including job applications, bills, checks,
eligibility or qualification certificates, identification documents, ATM or credit
cards

Forging signatures and stamps

Forging cash money.

Changing one or all check components.

Stealing ATM or credit cards and using them fraudulently.

Entering inappropriate directions and data in PCs.

Misusing accessible information and divulging it illegally.

Paying or transfer of money to illusory customers, employees or sellers.

Taking bribes, gifts or secret commissions to award a contract; overlook noncompliance with obligations or to provide benefits including accessing
confidential information.

Obtaining through fraud documents or benefits that a receiver has no right to
obtain.
SAMA has issued a number of circulars concerning fraud. To obtain these
circulars, refer to "(SAMA's Circular Manual) - Section 120 entitled "Economic Crimes".
The following table describes briefly sub-sections of the circulars related to economic
crimes in this Manual (www.sama.gov.ksa, 2012):
Table 1. SAMA’s Circular
Section
Circular Subject
120/1
Notifying authorities concerned of fraud operations
120/2
Guidelines to combat financial embezzlement and fraud
120/3
120/4
Guidelines to combat money-laundering
Attempts of forging the national currency and efforts to combat
them
120/5
Attempts of forging foreign currency and efforts to combat them
120/6
Attempts of forging documents and efforts to combat them
120/7
Other banking fraud operations
120/8
120/9
Committee for Resolution of Banking Disputes
Committee for Combating Embezzlement and Financial Fraud
120/10
Bank Treasury Committee
120/11
Banking complaints and disputes
120/12
Currency counting and examination machines
SAMA has also issued a number of guidelines and supporting booklets that
should be read along with these controls. They include the following: Manual of
Guidelines for Combating Embezzlement and Financial Fraud Managing operational
risks through insurance programs, Manual of company security standards, Internal
control guidelines for commercial banks, Accountancy criteria for commercial banks,
Minimum conditions for actual security, Minimum conditions for security systems, Rules
governing the opening of bank accounts in Saudi Arabia and General operational
Guidelines, Directions for security guards, Procedures of protecting cash money during
transportation, Guidelines on combating and control of money-laundering activities via
banking system, and Guidelines on internet banking security (www.sama.gov.ksa,
2012)
Plan for Combating Fraud
It is necessary for every bank to set an integrated plan to combat fraud so as to
address all aspects of the fraud problem. These guidelines suggest 9 basic conditions
to develop an effective plan to combat fraud in commercial banks by building on and
adopting the best international practices in this area. These conditions are the following:
First: A strategy to combat and prevent fraud. Second: Regulatory framework and
responsibility structuring. Third: Assessing fraud risks. Fourth: Spreading awareness
with regard to fraud. Fifth: Control procedures. Sixth: Control and follow – up. Seventh:
Fraud notification methods. Eight: Investigation criteria. Ninth: Conduct and disciplinary
criteria.
These conditions and guidelines are general, not detailed. They contain a list
of issues that need to be addressed in depth by any bank in accordance with its own
circumstances. The bank is responsible for developing the necessary measures,
standards, systems and operations for effective application and follow up of these
conditions as part of an ongoing campaign launched by the bank with all its sections
and departments to combat fraud (www.sama.gov.ksa, 2012).
The conviction of how important is risk management represents an essential part
of combating fraud. By using management techniques, the management can clearly
determine most deficiencies of controls and take proper measures to redress wrong
control mechanisms or introduce additional techniques. The following sections discuss
the basic nine conditions separately. Each section starts with a general brief
introduction, followed by specific guidelines aimed at helping banks in their efforts to
address their own requirements (www.sama.gov.ksa, 2012).
The First Basic Condition: Strategy of Fraud Combat and Control Policy
Each bank shall have a comprehensive and integrated written policy for fraud
combat and control along with the supervision details on fraud and corruption combat.
This policy shall draw all procedures and measures appropriate for the bank concerned,
along with a wide range of complementary anti-fraud procedures. The policy must adopt
the risk management method to combat and control fraud. The main purpose of the
policy is to promote awareness and compliance among employees, determine the
bank’s departments in charge of combating and controlling fraud, and applying the
plan’s various aspects of combating and controlling fraud. To assess the effectiveness
of the plan, it must be followed up and assessed internally and externally. SAMA issued
guidelines of strategy of fraud combat and control policy that each bank should follow
(www.sama.gov.ksa, 2012). This is shown in Appendix.
Second Basic Condition: Regulatory Framework and Responsibility Structuring
A comprehensive and effective regulatory framework as well as a structure of
responsibilities must be developed to execute the comprehensive policy of fraud control
approved by the bank, partially by application of sound domestic control systems. A
fraud control committee must be formed to lay down the policy, coordinate and follow up
its application, and provide the necessary support to its chief executive. All levels of
management must be involved in the implementation of this policy.
Fraud Investigation Unit
The fraud investigation unit’s role shall be to investigate potential fraud cases
against the bank. This responsibility shall include collecting and presenting the
necessary evidence to support administrative, disciplinary, or other measures such as
prosecution and recovery of the funds subject of the fraud operation. In addition to
conducting the investigation role, the investigation unit must provide the following:
Support, information, and advice to the fraud control committee. Support the detection
and combat of fraud and promote awareness thereof. Support and guidance for the
training on fraud combat. Reports to SAMA’s fraud database on a periodical basis as
instructed by SAMA. Periodical reports on fraudulent cases shall be submitted to the
executive
management. Technical reports on
recommendations to
overcome
deficiencies in the internal control systems and policies and procedures manuals.
Notifying insurance companies and submitting claims to them for compensating incurred
losses of fraud (www.sama.gov.ksa, 2012).
Combating and Detection
It should be ensured that an effective system is in place for controlling fraud,
which should firmly control the risks of fraud by detecting, tracking and controlling
fraudulent acts to take prompt actions to reduce the potential fraud losses and maintain
confidentiality. Setting up measures to ensure continuous prosecution of or to enforce
disciplinary measures on the employees involved in dishonest business. Enhancing and
strengthening the existing policies and controls as required. Establishing a central unit
to which all fraud cases alleged of employees or the public will be referred. Reviewing
the process of hiring and selecting employees, screening and testing them regarding
fraud risks. Ensuring the implementation of effective measures on employees.
Determining the process of recovering any incurred losses, such as settlement of
claims, reduction of losses and damages, the recovery process and insurance claims
management. Informing the management of the cases of conflict of interests, violations
of the bank good policies and customers’ complaints. Determining the sequence of
reporting and making decisions on suspected fraud cases. Giving advice and required
modifications for internal control to combat fraudulent activity. Setting policies for
protecting those who cooperate to detect fraud. Reviewing the results of fraud risks
assessment. Ensuring that all fraud control initiatives are given priority and implemented
continuously. Setting systems for reporting to SAMA. Giving assistance in arbitration
and settling disputes among internal groups regarding honesty and operation of loss
provisions. Continuously reviewing effectiveness of the comprehensive strategy and
various elements of each of the nine basic conditions (www.sama.gov.ksa, 2012).
Third Basic Condition: Assessment of Fraud Risk
Fraud is part of the operational risk. To ensure whether the management has
the necessary information to address fraud, a periodical structural review must be
conducted to assess fraud risk, including all functions and operations of the bank. This
review must address both internal and external fraud risks, and determine the level and
nature of the bank’s exposure to fraud risks. Thus, the management can decide the
anti-fraud measures it deems necessary. All new products and services must undergo
this assessment operation to determine whether the fraud risk has been minimized. It is
only this official risk assessment process which can determine and assess fraud risks
and indicate what measures have been taken and the measures that need to be taken
to minimize such risks.
SAMA introduced guidelines for assessment of fraud risk
(www.sama.gov.ksa, 2012).
Fourth Basic Condition: Promoting Awareness of Fraud and Making Employees
understand that Fraud is not permissible:
The management must realize that the employee’s participation in fraud combat is
essential, and that most fraud cases will not be detected or controlled without the
employees’ cooperation. In order to increase the awareness of the employees and
emphasize the bank’s commitment to combat fraud, the need arises for a series of
continuous initiatives to raise the issues of fraud combat, detection and notification
thereof before all employees. The training for fraud combat and control must be an
obligatory element of the employees’ training. There may be a need for updating
appropriate documents, such as booklets on the best practices. As for the public, there
is also a need to inform customers and raise their awareness of the fact that fraud
against the bank is forbidden, and fraudsters will be referred to competent authorities.
SAMA issued guidelines in promoting awareness of fraud and making employees
understand that fraud is not permissible (www.sama.gov.ksa, 2012).
The Fifth Basic Condition: Internal Control Procedures
Internal controls are the main instrument for combating fraud. Therefore, sound
internal control regulations should be set within a framework of a written documented
comprehensive policy and rules of procedure to lessen opportunities for committing
fraud acts. The strategy for combating and controlling fraud should also be integrated
with the inclusion of operational procedures and rules governing the activities of all
departments, cash handling facilities, jobs and employees. Controls are measures used
to minimize risks at work to the lowest level. They are designed to prevent, detect and
redress mistakes in due course through applying the instructions related to the
following: - Employees - Leaves - Substitution of alternatives - Job rotation - Training Approvals and authorizations. Evidences. Settlements. Review of operational
performance. Security of assets. Separation of duties. Controls can be classified as
follows: Preventive controls: to prevent the occurrence of unfavorable incidents (such as
front-end access controls, including passwords, combinations, proofs, evidence, limits
and actual barriers. Detection controls: to detect and remedy unfavorable incidents
which have already occurred (i.e. back-end controls), such as proofs, evidence,
reviews, settlements and results of audited accounts and reports. Guidance controls: to
urge and encourage doing favorable actions (such as policies, procedures, code of
conduct and guidance booklets). Internal controls include basic precautionary
measures, such as separation of duties. Employees in charge of actual safeguarding of
assets must not also be responsible for accountability for these assets and verification
of audit statements. Technologies of effective control enable the bank to: Discover
mistakes upon their occurrence, and thus avoid heavy losses (www.sama.gov.ksa,
2012).
SAMA requires all banks to put into effect internal control systems as stated in
details in "the Directory of Internal Control Guidelines for Commercial Banks". These
are comprehensive range of guidelines governing all activities of commercial banks in
the Kingdom. To generally understand SAMA's requirements regarding commercial
banks' internal control systems, "Internal Control Guidelines" shall be read together with
the section on "Control Guidelines for Combating Fraud", as well as other relevant
circulars and work instructions. Adoption of these guidelines, procedures and work
instructions is the most important element of a bank's comprehensive strategy to create
a well fortified environment against fraud. The above-mentioned guidelines do not
represent a comprehensive list that covers all areas governed by "Commercial Banks'
Internal Control Systems". However, they aim at: Emphasizing the importance of
internal controls in combating and controlling fraud. Highlighting some main principles of
effective internal control. Providing additional information and guidelines with the aim of
reinforcing "Internal Control Guidelines" (www.sama.gov.ksa, 2012).
In November 1995, SAMA issued its first set of guidelines relating to Anti Money
Laundering (AML) activities to all banks operating in Saudi Arabia. Consequently, in
recognition of the international and legal supervisory efforts to combat the spread of
money laundering, And terrorist financing SAMA further updated the initial 1995 AML
Guidelines and in May 2003, issued a more extensive set of “Rules Governing AntiMoney Laundering & Combating Terrorist Financing”. Through SAMA’s efforts, the first
anti-money laundering law and its implementing regulation were passed by a Royal
Decree No. M/39 on August 23, 2003.
(www.sama.gov.ksa, 2012):
1. Mortgage
2. Transfer between accounts
3. Gifts
4. Currency exchange
5. Trading securities
Activities that are under this law include
6. Purchase or sale of any stocks, securities ofr certificates of deposits
7. Authentication of contracts and power of attorney by the notary publics.
Anyone who commits a crime of money laundering, as provided for in Article 2) of
this Law shall be subjected to imprisonment and fine, and all funds acquired by illegal
means confiscated. All accomplices will also be fined, jailed or their properties acquired
through illegal means confiscated (www.sama.gov.ksa, 2012).
The first update was issued in May 2003 providing a substantial improvement to
the initial regulations and also included regulations relating to combating terrorist
financing. It provided basic measures and actions to be taken to prevent, detect, control
and report money laundering and terrorist financial activities. Since then, in SAMA’s
continued efforts to further improve and refine the regulations, the second Update was
issued in December 2008. And to cope with the local, regional and global
developments, SAMA has issued a Third Update in February 2012. The third update for
anti-money laundering law and combating terrorist financing and its implementing
guidelines was passed to be implemented in all banks and money exchangers and
foreign banks’ branches operating in the Kingdom of Saudi Arabia. SAMA will conduct
on-site inspections, and would require regular compliance reports and certificates
prepared by external auditors (www.sama.gov.ksa, 2012, SAMA, 2008).
References
About SAMA. (2012). Retrieved on September 19, 2012 from website:
http://www.sama.gov.sa/sites/samaen/AboutSAMA/Pages/InternalAudit.aspx
Linker S. (2008). Embezzlement: Everything you need to know. RosenfarbWinters,
LLC. Accessed online on September 19, 2012 from website:
http://www.envoynews.com/rwcpas/e_article000990340.cfm
Crime and Misconduct Commission. (2012). Combating fraud and corruption. Retrieved
on September 19, 2012 from website:
http://www.cmc.qld.gov.au/topics/misconduct/advice/major-risk-areas/fraud-andcorruption/combating-fraud-and-corruption
SAMA1. (2008). Manual of Combating Embezzlement & Financial Fraud & Control
Guidelines. Retrieved on September 19, 2012 from website:
http://www.sama.gov.sa/sites/samaen/RulesRegulation/Rules/Pages/Manual%20of
%20Combating%20Embezzlement%20and%20%20Financial%20Fraud%20and%2
0%20Control%20Guidelines.pdf
SAMA2. (2008). Rules Regulations for Prevention of Fraud. Accessed online on
September 19, 2012 from website:
http://www.sama.gov.sa/sites/samaen/RulesRegulation/Rules/Pages/
prevention_of_fraud_v21.pdf
SAMA3 (2008). Compliance Manual for Banks Working in Saudi Arabia. Accessed
online on September 19, 2012 from website:
http://www.sama.gov.sa/sites/SAMAEN/RulesRegulation/Rules/Pages/Home.aspx
SAMA4 (2012). Anti-Money Laundering and Counter-Terrorism Financing Rules For
Financing Companies First Update. Accessed online on September 19, 2012 from
website:
http://www.sama.gov.sa/RulesRegulation/Rules/Pages/%D8%A7%D9%84%D8%A
F%D9%84%D9%8A%D9%84%20%D8%A7%D9%84%D8%A7%D8%B3%D8%AA
%D8%B1%D8%B4%D8%A7%D8%AF%D9%8A%20%D9%84%D8%AA%D9%86%
D8%B8%D9%8A%D9%85%20%D9%84%D8%AC%D8%A7%D9%86%20%D8%A
7%D9%84%D9%85%D8%B1%D8%A7%D8%AC%D8%B9%D8%A9.pdf
Villa, J. K. (2000). That’s where the money is Bank Crimes move beyond robbery to
fraud. Business Law Today. Accessed online on September 19, 2012 from
website: http://apps.americanbar.org/buslaw/blt/blt00may-money.html