The Saudi Central Bank (SAMA) AML/CTF Guidelines are the regulatory framework that sets out the minimum standards and expectations for financial institutions operating in Saudi Arabia to prevent money laundering and terrorist financing. These guidelines cover risk assessments, internal controls, customer due diligence (CDD), suspicious transaction reporting, governance, and oversight by SAMA.
Definition And Legal Basis Of SAMA AML/CTF Guidelines
SAMA’s AML/CTF guidelines derive from multiple legal instruments in Saudi Arabia, including the Anti-Money Laundering Law and the Combating Terrorism Crimes and Financing Law, along with their implementing regulations. Through these, SAMA issues a specific AML/CTF Guide that replaces earlier circulars and rules, and defines expectations for institutions in the banking, finance, insurance, and related sectors.
These guidelines are intended to be formally adopted by financial institutions, presented to boards, and integrated into internal policies, procedures, and systems.
Key Components Of The SAMA AML/CTF Guidelines
Below are the principal elements that financial institutions must adhere to under SAMA’s AML/CTF regime:
ML/TF Risk Assessment
Institutions must conduct a risk assessment of their products, customers, geographies, and delivery channels to identify vulnerabilities to money laundering and terrorist financing. They must periodically review and update these risk assessments, reflecting evolving threats.
Internal Policies, Procedures & Controls
Institutions must adopt internal policies and controls that reflect the risk assessment outcomes. These include escalation procedures, internal investigations, threshold controls, compliance monitoring, audit, and independent testing.
Governance responsibilities must be clearly defined, the board, senior management, compliance officers, and staff each have roles in maintaining AML/CTF compliance.
Customer Due Diligence (CDD) Measures
When establishing a business relationship or carrying out transactions above certain limits, institutions must identify and verify the customer, beneficial owner, and persons acting on behalf of the customer.
Due diligence must also be strengthened for higher-risk customers (e.g. PEPs, cross-border exposure, high-risk jurisdictions).
SAMA permits reliance on third parties for due diligence under certain conditions, provided that regulatory and oversight safeguards are in place.
Enhanced & Simplified Due Diligence
For high-risk customers or transactions, institutions must perform Enhanced Due Diligence (EDD), obtaining additional information, senior management approval, source of funds, and more frequent monitoring.
For lower-risk customers or transactions, Simplified Due Diligence (SDD) may apply, but only in limited, well-justified cases and not when suspicion arises.
Suspicious Transaction Reporting & Record-Keeping
Institutions must implement procedures for internal suspicion reporting and escalation. They must report suspicious transactions to the Saudi Financial Intelligence Unit (SAFIU) as soon as they have reasonable grounds.
Records of STRs and internal investigations must be retained, internal decision paths documented, and confidentiality ensured.
Institutions must also monitor for wire transfers and comply with sanctions obligations (e.g. UN Security Council lists).
Ongoing Monitoring & Transaction Screening
Transactions must be continuously monitored for consistency with the customer’s profile, past behavior, and risk rating. Systems must escalate suspicious transactions for review.
Institutions must periodically review and tune their detection rules, thresholds, typologies, and alert logic.
Internal Audit & Independent Testing
Independent testing or audit of the institution’s AML/CTF program must be conducted at intervals commensurate with risk, to assess adequacy, performance, and compliance.
Training & Awareness
Staff across all levels, including board, senior management, and operational staff, must receive ongoing training on AML/CTF obligations, typologies, internal procedures, and evolving risks.
Why SAMA’s AML/CTF Guidelines Matter
Regulatory compliance: Adherence to SAMA’s guidelines is mandatory; non-compliance may lead to regulatory sanctions, fines, or operational restrictions.
Alignment with international standards: These guidelines are designed to bring Saudi Arabia’s AML/CTF framework into alignment with the FATF Recommendations and global best practices.
Risk mitigation: They help institutions structure robust controls, reduce exposure to illicit activities, and protect reputational integrity.
Supervisory oversight: SAMA conducts inspections and audits to verify that institutions are implementing the guidelines effectively.
Limitations & Practical Challenges
One size fits all vs proportionality: Some smaller institutions may struggle to deploy advanced systems demanded by the guidelines, especially in resource constraints.
Third-party reliance risk: Outsourcing parts of CDD to third parties carries oversight, traceability, and accountability challenges.
Dynamic risk environment: Emerging technologies (crypto, fintech) create new laundering typologies that may outpace static rules.
Enforcement consistency: Differences in examiner expectations or interpretation may lead to uneven enforcement.
Data and systems infrastructure: Legacy systems may struggle to implement continuous monitoring, alert logic updates, or integration with external databases.
The Future Of SAMA’s AML/CTF Guidelines
Increased use of analytics and AI: SAMA is likely to push more on predictive models, machine learning, and real-time transaction screening.
Greater regulatory specificity: We may see more sector-specific rules (fintech, digital payments, virtual assets) within the SAMA framework.
Stricter enforcement and remediation demands: As institutions mature, SAMA may tighten enforcement measures and demand faster, more rigorous remediation.
Interagency & cross-border coordination: Saudi Arabia may enhance integration with global AML regimes, regional cooperation (GCC), and cross-border data sharing.
Updating thresholds and typologies dynamically: The guidelines may evolve more frequently to reflect emerging risks (trade-based laundering, transaction laundering, layering via digital assets).
Strengthen Your SAMA-Aligned AML Compliance Framework
Adhering to SAMA’s AML/CTF guidelines is essential for financial institutions to maintain compliance, mitigate risk, and preserve trust. By embedding risk-based controls, comprehensive monitoring, effective reporting, and strong oversight at the board and senior levels, institutions can align with SAMA expectations and reduce regulatory exposure.
Contact Us Today To Strengthen Your AML Compliance Framework
