Initiative of the year: Saudi Arabian Monetary Authority’s compliance standards activation project

The Saudi central bank has made a strong start enhancing its risk culture

Saudi Arabian Monetary Authority headquarters building

Significant forces of change in Saudi Arabia are being created by the oil price shock, new responsibilities as a member of the Group of 20 and the appointment of deputy crown prince Mohammad bin Salman al-Saud as chairman of the country's new Council for Economic and Development Affairs. In particular, the government has introduced a series of bold reforms over the past year or so, including its Vision 2030 programme to reform the Saudi economy towards a more diversified and privatised structure.

ahmed-abdulkarim-alkholifeyAhmed Abdulkarim Alkholifey

There are high-profile changes, such as the council taking control of the state-owned Public Investment Fund, which it plans to turn into a $2 trillion sovereign wealth fund (seeded with assets of state petroleum company Aramco). But restructuring is also taking place across many government departments, including at the Saudi Arabian Monetary Authority (Sama). This was part of the reason former Sama governor Fahad Almubarak embarked on a project in 2014 to activate a risk and compliance department to implement enterprise-wide risk management, with a strong focus on operational, compliance and reputational risks in addition to financial risk – a project his successor, Ahmed Abdulkarim Alkholifey, has continued to support.

Creating a risk management culture is a major undertaking for an institution that is in charge of government banking affairs, including: minting and printing the national currency; stabilising the currency's external and internal value; managing foreign exchange reserves; maintaining price stability; promoting the growth and soundness of the financial system; and supervising banks, dealers, finance companies, credit information companies and insurers.

There is also the matter of embedding risk management into everyday thinking at an institution employing 3,000 staff, most of whom have only limited experience outside of the public sector.

Cultural challenge

"In the past year, we have faced a big cultural challenge," says Abdulaziz Alkhaldi, Sama's director of risk management and compliance, who reports to vice-governor Abdulaziz Saleh al-Furaih. "People asked if we represented audit or compliance – or even if we were going to manage their risks. But risk management is a function. We can help to identify the risks and to help build risk registers – but in the end, the departments need to be responsible for managing the risks."

The risk team introduced multiple projects and programmes to establish a risk philosophy, with an overarching aim to minimise operational and financial losses while maintaining Sama's good reputation. The work has centred on three main streams: developing a risk management framework, tools and procedures; reviewing policies from a risk and compliance prospective; and implementing a risk communication plan and awareness programme.

People asked if we represented audit or compliance – or even if we were going to manage their risks. But risk management is a function. We can help to identify the risks and to help build risk registers – but in the end, the departments need to be responsible for managing the risks
Abdulaziz Alkhaldi, Sama

Developing the framework, tools and procedures initially required a high-level understanding of each department's objectives, strategy and governance. After this, the risk team performed ‘diagnostic reviews' to obtain a detailed understanding of business functions and then performed benchmarking studies. The aim was to create a framework for policies and procedures that confirmed relevant staff responsibilities, set out risk management requirement and met regulatory requirements.

Another essential element was to ensure the full involvement of internal stakeholders. This required a separate effort to build communications and training so staff could understand, help to review and improve policies. It also monitored feedback to improve its future work.

The risk management framework, tools and manual were developed by the risk and compliance department, and reviewed by an external consultant for quality perspectives and benchmarking with other central banks. The framework was communicated to staff, and after working first with priority departments, Sama's 'risk register' is about 70% complete, according to Alkhaldi.

mr-alkhaldiAbdulaziz Alkhaldi

While there is still a lot of work to be done, Alkhaldi believes the project has already yielded results across a range of risks – both internal and external. For example, Sama has improved the video monitoring of its security trucks that it uses to transport cash to its branches, and has also moved to tackle non-compliance of insurance companies regarding Islamic insurance products.

Compliance standards central in 2016

Central to its efforts during the past year was the 'compliance standards activation project'. The aim was to activate compliance standards that have been identified as 'not activated' or only 'partially activated', while ensuring Sama's 'compliance standards manual' includes local and international rules, regulations and best practices.

The project, which tackled both 'specific' and 'general' standards, was sustained throughout 2016, and involved self-assessment and knowledge testing. The results for the self-assessment were categorised as 'compliant', 'partially compliant' and 'non-compliant'. The knowledge test measurement results were categorised as 'excellent knowledge', 'partial knowledge' and 'poor knowledge'.

Workshops held to assess the activation of 75 'general and specific standards' (40 general and 35 specific) found that in the first quarter of 2016, just 71% of the compliance standards had been activated, with 12% partially activated and 17% not activated. Once the action plan was implemented by the end of the third quarter of 2016, the activation of the standards had increased to 94%, with knowledge rising to 89%.

Sama still has plenty of work to do to ensure risk pervades the thinking of its thousands of staff, but efforts such as its compliance standards activation project represent a strong effort to improve risk management.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact or view our subscription options here:

You are currently unable to copy this content. Please contact to find out more.

You need to sign in to use this feature. If you don’t have a Central Banking account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account