Complying with the country’s local regulations is a matter of utmost importance to our enterprise. DERAYA prides itself on being transparent and upfront in all our dealings, therefore through the detailed and specific contractual, legislative and regulatory requirements we adhere to- which were derived from the directives mandated by (SAMA), the Saudi Central Bank – we are guided and assisted by the compliance policy and we keep stakeholders informed of all updates and changes.

Furthermore, DERAYA abides by every single article of the rules and regulations of the Saudi Central Bank (SAMA), these regulations are part and parcel of how we operate as an establishment in terms of process and documentation. The strict implementation of the rules from both management and the compliance department has achieved the following:

  1. Established Enterprise-Wide Compliance Culture.
  2. All DERAYA’s stakeholders understand and commit themselves to the company’s legal obligations; compliance with legislations, compliance with internal policies, procedures and guidelines, in addition to compliance with the company’s legal and contractual commitments.
  3. Maintain a high level of awareness of DERAYA’s regulatory obligations by the provisions of this policy for an (Effective Compliance Management System), a support system for employees’ education, expert advice and regulatory updates.
  4. The appropriate practices and processes are developed and deployed to ensure compliance with DERAYA’s regulatory obligations.
  5. Continuous monitoring of DERAYA’s compliance with its regulatory obligations.
  6. Taking the appropriate corrective actions to prevent the recurrence of incidents of noncompliance, violations or breaches.

Our Commitment

Based on the commitment to conduct business activities lawfully and in a manner that will enhance achieving the goals of the (Strategic Plan) by means of ensuring compliance, ethics and individual accountability; DERAYA has established a compliance function that is responsible for implementing an effective program for compliance- to form a functional and integral part of its management process, with its primary concern being the identification, assessment and management of significant compliance areas and the risks of non-compliance.

The Risk Management Universe

DERAYA dedicates considerable efforts to achieve effective risk management. For this purpose we have created a comprehensive plan to manage risks that the company is exposed to, in addition to providing a common framework and comparable measures across the company’s departments so that senior management and the board can communicate, understand and assess the types and levels of risks that they are willing to accept.

Risk appetite is considerably more than a sophisticated Key Performance Indicator (KPI) system for risk management, it’s the core instrument responsible for aligning DERAYA’s overall strategy with portfolio selection and risk.

A comprehensive risk appetite framework is the cornerstone of new risk management’s foundation, it is embedded in DERAYA’s strategy and risk culture, through it, high-level risk categories are defined and operationalized, with risk appetite and tolerances established for each. Categories A, B and C represent all operational risks identified within DERAYA and its iterative process, and the risks are updated frequently.

Fully understanding and implementing risk management culture through the company’s business processes helps DERAYA manage operational risks more efficiently, by translating risk responses and methods into strategic decisions, reporting, and day-to-day business decisions.