The following is the most prominent aspects of risk management in the SDC:

Legislations

Integrated legislations: The SDC relies on an integrated system of legislation that includes internal by-laws, instructions, executive procedures, and policies, which ensures the identification of precise terms and provisions for implementing its administrative, financial, and technical operations.
Continuous review: The SDC continuously reviews legislation to keep pace with developments related to its business and services, as well as developments in the capital market. Feedback is collected from capital market institutions and target groups of any legislative amendments, including public shareholding companies and financial services companies (financial brokers and custodians).
Updating Legislation: Legislation is amended to reflect the changing needs of the market and members, while adhering to risk management principles and international standards adopted in this field.

Safekeeping, classification and security of information and data

Maintained the registers electronically: All records of securities owners are kept on the SDC’s electronic system (SCORPIO) and held in book-entry (dematerialized form). The SDC’s electronic system includes an integrated system of permissions for users on the system’s screens and reports. These permissions are granted according to the needs and requirements of the work to ensure the safety and security of data and information and the integrity of records.
Data Center Management: Establishing, operating and managing three data centers to ensure reducing risks related to the availability, integrity and continuity of information in emergency situations, which contributes to facilitating the immediate recovery of complete system and service data.
Implementation of the Business Continuity & Disaster Recovery Plan: The SDC conducts periodic tests in cooperation with its members to examine the readiness of business continuity & Disaster Recovery sites.
Providing advanced security and protection systems: The SDC uses advanced systems to protect and monitor electronic systems and communication networks to ensure information security and the continuity of business and services without interruption.
Classification of registers: registers are classified in accordance with their nature and legislative organization into confidential data, statistical data, and aggregate data, while adhering to data confidentiality and reducing any risks related to information confidentiality.
Coordination with the National Cyber Security Center: The SDC cooperates with the National Cyber Security Center to obtain technical security services that ensure the protection and enhancement of the integrity and availability of information and data, and reduce any risks in this regard.

Safekeeping, registration, and transferring the ownership of securities

Establishing a database for issuers: The SDC organizes a comprehensive database for all issuers of securities within its electronic system, which ensures the registration and safekeeping of ownership of securities transparently in the Kingdom’s stock market.
Identifying the investor with the unified investor number (SDC number): This number has been approved to prevent any confusion, especially regarding the similarity of names. As for the reference number, which is used for trading purposes only, it is the number given to the investor by the broker for trading purposes and linked to the SDC number, so every investor can deal with any number of brokers by obtaining a reference number for trading purposes from each broker and all these reference numbers remain linked to only one SDC number consisting of ten digits.
Applying the principle (Know Your Customer-KYC): The SDC is committed to the policies and procedures of anti-money laundering and anti-terrorism policies and procedures used to determine the true identity of the customer, through applying the “Know Your Customer” (KYC) principle by exerting the due diligence to determine the true identity of the customer, and verifying that investors are not linked to the national list of money laundering and terrorist financing, or to the lists issued by the penalties’ committees of the Security Council- United Nations.

Clearing and Settlement

Settlement Guarantee Fund Management: The SDC manages the Fund that was established in accordance with the provisions of the Securities Law as a financially independent legal entity to ensure coverage of the cash deficit and deficits in the securities account of a Fund member in connection with his sales of securities on the market.
Electronic linkage with the Stock Exchange: The electronic linking between the SDC’s systems and the stock exchange’s trading system through an electronic system called the Central Control System (CCM) with the aim of improving the technical environment of capital market institutions by controlling trading operations and reducing the risks associated with those operations (Order Verification).
Linking with the Real Time Gross Settlement System (RTGS): The electronic SDC system has been linked with the Real Time Gross Settlement System through the global SWIFT network in order to receive and send for the settlement of securities prices using the latest means in the field of linking and exchanging messages and information with all banks (MX messages – ISO 20022).
Developing a comprehensive emergency plan: The SDC develops and updates a comprehensive emergency plan that ensures the continuity of its operations in all circumstances. This plan includes an analysis of risks and potential problems to establish a preventive strategy to avoid risks and disasters and to cope with them in case they occur, in accordance with international standards and best practices.
Strict procedures for defaulting brokers: The SDC imposes strict procedures on brokers who do not commit to paying the amounts due for settlement as of day T+1, including suspension of trading to reduce risk and control them.
Buy in and Sell out measures: These procedures are applied to ensure that the sold security is delivered in exchange for payment of its price.
Application of the Delivery versus Payment (DvP) principle: The SDC ensures that the sold security will not be delivered and its ownership transferred until its price has been paid, which enhances the security and reliability of trading operations.

Risk Management and Internal Control

The organizational structure of the SDC includes a Risk Management Unit and an Internal Audit Department, both of which are linked to the Board of Directors and are entrusted with the following tasks:

First: Risk Management Unit

• Identify, analyze and evaluate potential risks that the SDC may face.
• Develop and implement strategies and plans for risk management.
• Monitor, review and update plans and policies based on developments.
• Submit periodic reports to the Board of Directors on the status of risk management and the actions taken.

Second: Internal Audit Department

• Auditing all operations, activities and procedures in all financial, administrative and technical aspects.
• Ensuring that the SDC and its employees adhere to the specified standards and procedures, whether internal or external.
• Submitting periodic and annual supervisory reports to the audit committee emanating from the SDC Board of Directors to enable issuing the necessary recommendations and decisions to address any observations contained in those reports.