Compliance Manager

ROLE PURPOSE & STRATEGIC IMPORTANCE

The Compliance Manager is comapny Integrated’s regulatory conscience—the person responsible for ensuring that every aspect of the company’s operations adheres to the full spectrum of applicable laws, regulations, and SAMA requirements. This role extends far beyond a checklist function; the Compliance Officer must build a proactive compliance culture where regulatory adherence is embedded into business processes from design through execution. The scope is vast: SAMA circulars and guidelines, Finance Companies Control Law, Anti-Money Laundering Law and regulations, Counter-Terrorism Financing regulations, Personal Data Protection Law (PDPL), Consumer Finance Regulations, Consumer Protection standards, and all applicable Saudi legal requirements. In a startup lending company, the Compliance Officer is building the compliance infrastructure from scratch—policies, procedures, monitoring systems, training programs, regulatory reporting mechanisms, and the overall compliance risk management framework. This person must have the courage and organizational positioning to challenge business decisions that create regulatory risk, and the diplomatic skill to do so constructively.

KEY RESPONSIBILITIES & EXPECTATIONS

The role holder is expected to deliver measurable outcomes across the following areas:

• Compliance Policy Framework: Design and implement a comprehensive compliance policy library including: Compliance Policy, AML/CFT Policy, Sanctions Policy, KYC/CDD/EDD Procedures, Consumer Protection Policy, Complaints Handling Policy, Data Privacy Policy (PDPL), Conflict of Interest Policy, Whistleblower Policy, and Regulatory Reporting Procedures. Each policy must be mapped to specific regulatory requirements, approved by the Board, and reviewed at least annually.

• AML/CFT Program: Build and operate a robust AML/CFT program covering the complete lifecycle: Customer identification and verification (KYC), Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) for higher-risk customers, ongoing monitoring of transactions for suspicious activity, Suspicious Transaction Report (STR) filing with SAFIU, sanctions screening (UNSC, OFAC, local lists), PEP identification and enhanced monitoring, record keeping requirements, and annual AML/CFT risk assessment.

• Regulatory Change Management: Monitor all regulatory developments from SAMA, CMA, ZATCA, PDPA, and other relevant authorities. Assess the impact of new regulations and circulars on RIFD’s operations, communicate requirements to affected departments, track implementation, and confirm compliance. Maintain a regulatory obligations register mapping each requirement to its owner, deadline, and compliance status.

• Consumer Protection & Complaints: Implement SAMA’s consumer protection requirements including: transparent product disclosure, fair treatment of customers, responsible lending practices, accessible complaints channels, complaint resolution within SAMA timelines, root cause analysis of complaint trends, and regulatory reporting on complaint volumes and outcomes.

• PDPL & Data Privacy: Ensure RIFD’s compliance with the Saudi Personal Data Protection Law and SAMA’s data privacy circulars, including: data processing register, privacy impact assessments, consent management, data subject rights procedures, data breach notification, data retention and disposal, and cross-border data transfer restrictions.

• CRC Service Request Review: Review and formally sign off on every CRC Service Request from a compliance perspective before submission to SAMA, confirming that all regulatory requirements have been identified, compliance controls are designed, and the proposed service complies with applicable laws and SAMA regulations.

• Compliance Monitoring & Testing: Establish a compliance monitoring program with regular testing of key compliance controls including: sample KYC file reviews, transaction monitoring alert disposition quality, sanctions screening effectiveness, complaints handling timeliness, disclosure accuracy, and policy adherence. Report findings to the CEO and Board quarterly.

• Regulatory Reporting: Manage all regulatory reporting obligations to SAMA including: periodic compliance reports, AML/CFT reports, consumer protection statistics, material event notifications, and ad-hoc information requests. Coordinate submissions to ComplianceFCC@SAMA.GOV.SA and maintain a complete submission log.

• Training & Awareness: Design and deliver a mandatory compliance training program for all employees covering: AML/CFT awareness, consumer protection, data privacy, code of conduct, and role-specific regulatory requirements. Track completion rates and test knowledge retention. Refresh training annually and when material regulatory changes occur.

• LEI Registration & Maintenance: Oversee RIFD’s Legal Entity Identifier (LEI) registration per SAMA’s circular on LEI usage enhancement, ensuring timely registration and annual renewal.

KEY DELIVERABLES & SUCCESS METRICS

The following concrete deliverables are expected within the first 6–12 months:

• Compliance Policy Library: Complete compliance policy framework (10+ policies) approved by the Board and submitted to SAMA within 3 months.

• AML/CFT Program: Operational AML/CFT program including KYC procedures, transaction monitoring rules, sanctions screening system, and STR filing capability within 4 months.

• Regulatory Obligations Register: Comprehensive register mapping every SAMA, legal, and regulatory requirement to an owner, deadline, and compliance status within 2 months.

• PDPL Compliance: Data protection impact assessment completed and PDPL compliance framework operational within 4 months.

• Compliance Training: First company-wide compliance training completed (100% attendance) within 2 months of operational launch.

• Compliance Monitoring Plan: Board-approved annual compliance monitoring plan with testing schedule and coverage targets within 3 months.

QUALIFICATIONS & CERTIFICATIONS

• Bachelor’s degree in Law, Finance, Business Administration, or a related field. Master’s degree or JD is preferred.

• CAMS (Certified Anti-Money Laundering Specialist) certification is mandatory.

• Additional certifications such as ICA Diploma in Compliance, CCEP, or CRCM are valued.

• In-depth knowledge of SAMA regulations, Saudi AML Law, Finance Companies Control Law, PDPL, and Consumer Protection regulations.

• Fluency in Arabic and English (both written and spoken) is mandatory.

EXPERIENCE REQUIREMENTS

• Minimum 5 years in compliance, with at least 3 years in financial services (banks, finance companies, payment institutions).

• Hands-on experience building and operating AML/CFT programs including transaction monitoring, KYC, and STR filing.

• Experience with SAMA compliance reporting and SAMA inspection processes is strongly preferred.

• Track record building compliance functions from inception in new financial institutions.

• Experience implementing data privacy frameworks (PDPL, GDPR, or equivalent) is a significant advantage.

CORE COMPETENCIES & SKILLS

• Regulatory Depth: Comprehensive knowledge of the Saudi regulatory landscape for financial services, with the ability to interpret and apply regulations to practical business scenarios.

• Principled Courage: Willingness to escalate compliance concerns, challenge business decisions, and report findings to the Board even when it creates friction.

• Process Design: Ability to translate regulatory requirements into practical, efficient compliance procedures that employees can follow without excessive burden.

• Communication: Skill in making compliance accessible and understandable to all employees, from frontline staff to Board members, through effective training and clear policy writing.

• Attention to Detail: Meticulous approach to regulatory reporting, record-keeping, and compliance documentation—recognizing that in a regulated environment, if it’s not documented, it didn’t happen.

SAMA REGULATORY COMPLIANCE OBLIGATIONS

This position carries direct accountability for the following SAMA regulatory requirements:

• Fit & Proper Assessment: SAMA approval required before appointment through Fit & Proper evaluation.

• CRC Sign-Off Authority: Mandatory sign-off on all CRC Service Requests confirming regulatory compliance readiness before submission to SAMA.

• AML/CFT Primary Owner: Direct regulatory accountability for the effectiveness of RIFD’s AML/CFT program under the Saudi Anti-Money Laundering Law.

• Regulatory Reporting to SAMA: Responsible for timely submission of all compliance-related reports to SAMA via ComplianceFCC@SAMA.GOV.SA.

• Governance Principles Compliance: Accountable for monitoring and reporting the company’s compliance with SAMA Governance Principles Circular 42081293.

• Consumer Protection: Owner of SAMA consumer protection compliance, including complaints handling metrics and fair treatment standards.