The protection of bank customers means the application of measures directed at risks which those customers may become exposed to when interacting with the bank, by establishing the necessary regulatory provisions, including policies and procedures, which ensure customers obtaining various financial services in an integrated framework of integrity and disclosure in their financial dealings.
At alrajhi bank, the Customer Protection Policy is premised on principles and guidelines provided in customer protection instructions as approved by SAMA, which the bank is bound to adhere to when offering products or services to its customers. alrajhi bank is committed to actively protecting its clients by ensuring all operations and staff abide by the guidelines provided in the Customer Protection Guide. The bank operates to the highest ethical and professional standards as outlined in the Policy, which requires to be approved by the Board of Directors. Its implementation is based on the action plan which remains in compliance with SAMA Circulars on Consumer Protection Principles, with the oversight of the Compliance Group.
alrajhi bank adheres to the following principles to ensure the protection of its customers:
1
Fair and Equitable Treatment: The bank respects its customers honestly, fairly and with integrity throughout all stages of the relationship. Extra attention is provided to vulnerable groups such as low-income individuals, less-educated customers, older adults and those with special needs.
2
Disclosure and Transparency: The bank presents the details of its products and services clearly and ensures it is accessible by including key terms, rights and responsibilities, fees, taxes, risks and termination details. Information about alternative options is also offered.
3
Education and Awareness: alrajhi bank develops programs and initiatives to enhance customer knowledge and reasoning to help them understand risks and identify sources for further information.
4
Professional Behaviour and Ethics: The bank ensures professionalism and customer interests in all its activities. It provides adequate human resources, accessible centres, and documented communication channels across Saudi Arabia.
5
Fraud Protection: alrajhi bank protects customer assets by maintaining proper robust systems to detect and prevent fraud, embezzlement, and misuse, taking necessary actions as per regulations.
6
Data Privacy: alrajhi bank protects customer data in line with applicable laws, including the Personal Data Protection Law, by implementing high-level controls and specifying the purposes for data collection.
7
Complaint Handling: The bank provides clear procedures and processes for customers to report their complaints, ensuring timely, fair, and effective resolutions in compliance with regulations.
8
Promoting Competition: The bank enables customers to compare products and services easily, offers innovative solutions, and maintains high-quality offerings at reasonable costs.
9
Outsourcing Responsibility: The bank ensures that outsourced providers comply with the principles of customer protection, maintaining responsibility for their compliance with laws and regulations.
10
Conflict of Interest: The bank has a written policy to identify and address conflicts of interest. It notifies authorities of potential conflicts when necessary.
Cybersecurity is crucial to maintaining the trust of the bank’s customers, and guarding sensitive data of both bank and customer, while protecting the bank’s reputation, compliance and shareholder confidence. Acknowledging its importance, alrajhi bank prioritises cybersecurity with the Board along with the Executive Management taking accountability for cybersecurity, as they remain strongly committed to supporting the bank’s cybersecurity strategy, policies, goals and principles.
1
Confidentiality: Ensuring information is accessible only to authorised individuals
2
Integrity: Maintaining the accuracy and reliability of data
3
Availability: Ensuring information is accessible when required
alrajhi bank staff must adhere to the Cybersecurity Policy and all related cybersecurity frameworks, standards, processes, guidelines, and agreements. The Information Security Department (ISD) oversees the periodic maintenance and compliance review of this Policy to meet legal, regulatory, and contractual obligations.
It is mandatory to adhere to the Cybersecurity Policy and other documents relating to it; any failure to do so is penalised through alrajhi bank’s disciplinary measures. All requests for exceptions or waivers should be made in writing to the ISD office, supported by appropriate justification and the expected duration of the request. These requests are reviewed with respect to risk, compliance, and purpose, while approval from the business owner is sought with support from ISD. Requests for waiver of requirements pertaining to the SAMA Cybersecurity Framework must follow the established SAMA waiver procedure. This Policy ensures that alrajhi bank abides by the recommended cybersecurity standards and meets legal requirements.
Role/Department |
Responsibilities |
|
| Board of Directors (BoD) | Oversight of cybersecurity governance, policy, and strategy. | |
| Allocates budgets and resources. | ||
| Assigns responsibilities to management. | ||
| Endorses key cybersecurity policies and charters. | ||
| Cyber and Information Security Committee (CISC) | Supports and monitors cybersecurity programs and risk management. | |
| Reviews governance, strategy, and compliance. | ||
| Oversees KRIs, KPIs, and risk appetite adjustments. | ||
| Chief Information Security Officer (CISO) | Develops and enforces cybersecurity policies, strategies, and frameworks. | |
| Manages threat intelligence, risk assessments, and incident investigations. | ||
| Conducts training and awareness programs. | ||
| Information Security Department (ISD) | Maintains cybersecurity standards and compliance. | |
| Oversees IT asset management and secure system development. | ||
| Manages third-party compliance and project integration. | ||
| Senior Management | Ensures compliance within functions. | |
| Provides resources and support for cybersecurity implementation. | ||
| IT Department (ITD) | Implements cybersecurity controls and ensures regulatory compliance. | |
| Integrates cybersecurity into project lifecycles and manages IT assets. | ||
| Information Users | Comply with cybersecurity policies. | |
| Report incidents and violations to ISD. | ||
| Information Asset Owners | Ensure proper usage and protection of information assets. | |
| Grant access based on business needs. | ||
| Legal Department | Provides legal advice for cybersecurity compliance. | |
| Procurement Department | Ensures contracts and outsourcing adhere to cybersecurity requirements. | |
| Compliance Group | Communicates regulatory requirements. | |
| Supports compliance with cybersecurity laws and standards. | ||
| Internal Audit Group | Conducts cybersecurity audits to assess adherence to policies. | |
| Change Management Department | Integrates cybersecurity into project methodologies. | |
| Digital Department | Protects electronic banking services and ensures regulatory adherence. | |
| Human Resources Group | Embeds cybersecurity in staff agreements and HR processes. | |
| Safety and Security Department | Aligns physical security with cybersecurity controls. | |
| Data Governance Department | Classifies data and ensures breach notifications align with standards. | |
| Marketing Department | Secures social media presence and conducts cybersecurity risk assessments. | |
| Provides training for social media managers. | ||
| Outsource Monitoring Unit | Ensures cybersecurity requirements are integrated into outsourcing policies and processes. |
As part of alrajhi bank’s commitment to fostering a culture of security and compliance, all employees are required to read and acknowledge the Code of Conduct. To reinforce this understanding, employees are also automatically enrolled in mandatory online training courses. These courses cover critical topics such as Cybersecurity Awareness, Counter-Fraud Awareness, and Data Protection, ensuring that all employees are equipped with the knowledge and skills necessary to uphold the bank’s standards and protect its customers as well as its operations.
alrajhi bank participated in a number of cybersecurity awareness campaigns during the reporting period, to further strengthen its brand salience as a trusted financial institution in the Kingdom. Cybersecurity-related awareness campaigns carried out during 2024 include:
