Risk Management, Compliance, and Business Continuity Department

Compliance Policy

Compliance Policy

Introduction

Accountability, transparency, and adherence to laws, regulations, and ethical conduct are integral parts of the Saudi Electronic University in its various operations and activities towards its objectives. The university constantly strives to comply with all laws, instructions, and regulations.

Objective

The Compliance Policy defines the principles and standards of compliance and how to manage and mitigate non-compliance risks. The goal of this policy is to ensure that non-compliance risks are adequately identified and mitigated, considering the nature, scope, and complexity of the operations. In line with the university's strategy and vision, this policy aims to establish guidelines and standards to maintain the university's reputation and avoid any penalties that may result from non-compliance.

Scope and Application

The Compliance Policy applies to all departments and branches of the university.

Compliance Objectives

One of the primary objectives of compliance is to ensure that the entity manages and executes its activities and operations in accordance with applicable laws, regulations, and other regulatory requirements. However, there are other objectives that the Compliance Department aims to achieve, which are as follows:

Reduce the risk of non-compliance with regulatory requirements.

Enhance the level of compliance with regulatory requirements.

Improve the maturity level of compliance management practices within the university.

Contribute to raising awareness and knowledge of the culture of compliance.

Increasing the awareness and commitment of university staff to the Code of Conduct.

Effectively managing incoming reports related to cases of non-compliance.

Providing support and advice to various departments within the university to meet compliance requirements.

Supporting and enabling the university to achieve its goals at all levels.

Enhancing the level of compliance culture, practices, and processes across the university through various means, continuously and effectively.

Increasing stakeholders' trust in the university's operations and activities by demonstrating the existence of a compliance program that effectively addresses and manages non-compliance risks.

Enhancing the university's capabilities to proactively identify cases of non-compliance and take necessary documentary and corrective actions to address them.

Protecting and enhancing the university's reputation and status by mitigating risks resulting from non-compliance with regulatory requirements and contributing to preventing or detecting any behavior that does not align with the Code of Conduct and public service ethics and addressing it optimally.

Risks of Non-Compliance

Non-compliance risks include legal or regulatory penalties, financial losses, or reputational damage that the university may face due to its failure to adhere to relevant laws, regulations, policies, internal procedures, and external regulatory and oversight legislation. The main non-compliance risks are identified as follows:

 

Legal and Regulatory Risks: Refer to the risks of not complying with applicable laws, regulations, and professional practices, resulting in:

Contract Risks: Risks associated with the misinterpretation or failure to apply relevant legal rules related to a contract or transaction.

Legislative Risks: Risks associated with changes in laws and regulations.

Sanction Risks: Refer to the risks of judicial, administrative, or disciplinary sanctions imposed because of non-compliance with laws, regulations, rules, standards, and/or contractual agreements.

Reputation Risks: Refer to the risks resulting from negative public opinion towards the university due to diminished efficiency, true or false negative publicity, failures in academic practices, and failure to comply with current laws and regulations. Reputation risks can be more costly than financial losses.

Basic Principles of Compliance at Saudi Electronic University

The compliance of the Saudi Electronic University is based on the following principles:

 

  1. Maintaining Good Reputation and Integrity:

   The Saudi Electronic University enjoys a distinguished reputation among its clients and peer institutions. Maintaining this good reputation requires the university and its employees to adhere to the compliance policy, which can only be implemented through a thorough understanding and proper application of the laws and regulations of the regulatory bodies with which the university interacts.

 

  1. Support from Senior Management:

   Senior management supports the compliance sector and ensures that it is provided with all the necessary authorities and capabilities to perform its responsibilities independently. The administration is responsible for sufficient staffing and providing the resources needed for the compliance sector to meet the policy requirements, ensuring that these resources are effective and appropriate to manage non-compliance risks effectively.

 

  1. Senior Management as a Role Model:

   Senior management must set a good example and take all appropriate measures to ensure that all employees perform their duties ethically in accordance with regulatory, organizational, and legislative compliance, as well as the university's core principles.

 

  1. Compliance as a Responsibility of Every Employee:

   Compliance is the fundamental principle of the university's policy and is the responsibility of every employee. It is also considered one of the most critical standards for the university's performance of its duties.

 

  1. Supporting Compliance for Effective Work:

The Saudi Electronic University believes that strong compliance is essential to support good and proper work.

Compliance Framework at Saudi Electronic University

The responsibility for compliance includes ensuring that all business units adhere to and implement university policies. The compliance function at the university is independent, identifying, assessing, advising, monitoring, and reporting on non-compliance risks, which include legal, administrative, financial, or reputational penalties due to failure to comply with laws, regulatory guidelines, or standards of conduct and professional practice.

 

Three Lines of Defense:

The compliance function is an integral part of the university's three lines of defense:

 

- First Line of Defense:

  In this line, executive management is directly responsible for assessing, monitoring, and mitigating risks.

 

- Second Line of Defense:

  This consists of activities covered by internal control management, including compliance and risk management departments.

 

- Third Line of Defense:

  Internal auditing and inspection activities ensure the effectiveness of the first and second lines of defense.

Key Factors for Compliance Success

 

  1. Independence:

   The compliance department is independent and reports directly to the university president. It must not be placed in a position where there is a potential conflict of interest between compliance-related responsibilities and any other duties to ensure objective performance. It collaborates with internal audit and legal departments and has the independence to report violations and non-compliance to senior management. Independence does not preclude close cooperation with relevant departments and their staff (first line of defense) but rather fosters a collaborative relationship to proactively identify non-compliance risks.

 

  1. Defining Roles and Responsibilities:

   The compliance officer has all the necessary authorities to access required data and information to report to senior management as per the organizational structure.

 

  1. Training and Qualification:

   Compliance staff must be qualified and trained with a thorough understanding of compliance laws, rules, and standards and their actual impact on university operations. The professional skills of the compliance sector staff are enhanced through regular and systematic training and education programs.

Compliance Management Database

All applicable and relevant legislation and laws.

University policies and internal work regulations.

Regulatory guidelines issued by all supervisory bodies.

Labor system.

Key Performance Indicators (KPIs) for Measuring University Compliance

Compliance standards are measured through a set of controls by the university and its employees, which include:

 

- Standards for Measuring and Evaluating University Compliance:

  Achieved by establishing internal policies and procedures according to relevant laws and regulations, whether local laws and regulations issued by legislative and regulatory authorities or global standards. University compliance evaluation can also be measured through internal audit reports.

 

- Standards for Evaluating and Measuring Employee Compliance:

  Employee compliance is evaluated through personal and professional performance, which is linked to their complete understanding and adherence to university policies, regulations, work procedures, and the performance charter that defines their responsibilities.

Interaction and Reporting to Regulatory Authorities

Maintaining transparency and cooperation with the university's regulatory authorities and fulfilling obligations is crucial for complying with regulatory requirements and effectively managing non-compliance risks. This ensures that complete and accurate information is provided to all regulatory bodies.

 

If a regulatory body contacts a department within the university regarding regulatory matters and instructions, the Compliance Department must be notified immediately.

 

All departments responsible for preparing and submitting reports to regulatory, supervisory, or legislative bodies must ensure that their reports include at least the following:

Accuracy and Completeness: Ensure that the reports sent contain accurate and complete data and are submitted within the specified deadlines.

Record Keeping: Maintain copies of all previously submitted reports and send them to the Compliance Department along with any attached documents, if applicable.

Internal Procedures: Each department should have internal procedures in place to organize the process of preparing regulatory reports.

Timeliness: Delays or failures in preparing the required reports within the specified deadlines may subject the university to regulatory penalties.