AML Policy Drafting in Jeddah
Last Updated:
July 12, 2026
- Supervised by Lawyer Sunaitan Al-Subaie
- AML Policies
- Know Your Customer (KYC)
- Due Diligence
- Risk Assessment
- Internal Reporting
Does Your Company Need an Anti-Money Laundering Policy?
Send your company’s activity type, customer profile, how you receive payments, the scale of operations, and any current policies, so we can determine whether you need an AML policy or an update to your due diligence procedures.
Select Your Company Type:
- Fintech Company
- Financial Institution
- KYC Policy
- Customer Dealings
- Digital Payments
- Suspicious Activity Indicators
What Are AML Policies in Jeddah?
AML policies in Jeddah are internal policies that govern how a company identifies its customers, assesses their risk, monitors transactions, identifies suspicious activity indicators, and documents due diligence procedures based on the nature of its activity. These policies matter even more for financial institutions, fintech companies, companies that receive frequent payments, or establishments handling customer data or funds.
A generic policy copied from a ready-made template isn’t enough, since a fintech company’s risks differ from a traditional service company’s, and individual customer risks differ from commercial customer risks. That’s why the drafting process starts with understanding the company’s business model, then building an AML policy suited to the nature of its operations and relevant regulatory requirements.
Professional Supervision: Lawyer Sunaitan Mohammed bin Hayef Al-Subaie
BMS Legal’s AML policy drafting service is provided under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie, a licensed lawyer and member of the Saudi Bar Association, with professional qualifications in governance, compliance, risk management, and anti-money laundering.
This track focuses on tying the AML policy to the company’s actual activity, so it includes practical mechanisms for customer identification, risk classification, due diligence, suspicious activity indicators, internal documentation, and handling cases that require escalation or further review.
Professional Qualifications Related to Anti-Money Laundering

Certificate in Compliance – Kingdom of Saudi Arabia
A professional qualification in compliance within the Kingdom, suited to understanding the compliance environment and corporate policies.

GRCP – Governance, Risk and Compliance Professional
A professional qualification in governance, risk management, and compliance, suited to building a corporate GRC framework.

GRCA – Governance, Risk and Compliance Auditor
A professional qualification in auditing governance, risk, and compliance, suited to assessing internal policies and procedures.
What Are the Core Elements of an AML Policy?
AML policies vary depending on the company’s activity, but there are core elements that help build a clearer, more enforceable policy.
Defining the Policy Scope
Clarifying who within the company the policy applies to, and which operations, products, or services fall under AML procedures.
Know Your Customer (KYC)
Determining the data and documents required to identify the customer, verify their identity, and understand the purpose of the business relationship.
Due Diligence
Setting standard or enhanced due diligence procedures based on the risk level and the nature of the customer or transaction.
Risk Classification
Setting criteria for classifying customers or transactions as low, medium, or high risk.
Suspicious Activity Indicators
Identifying practical examples of indicators that call for internal review or escalation, based on the nature of the company's activity.
Internal Reporting & Escalation
Organizing the internal reporting mechanism, who receives reports, and how the review is documented without disrupting daily operations.
Documentation & Record-Keeping
Determining which documents and records must be kept, how they're accessed, and how they're updated when needed.
Training & Updates
Establishing a mechanism to train relevant employees and update the policy when the activity or regulatory requirements change.
BMS Legal's AML Policy Services
This service helps companies prepare or review an AML policy suited to their activity, customers, and the level of risk they face.
Drafting an AML Policy
Preparing an AML policy from scratch after studying the company's activity, customers, operations, and the nature of its financial or digital dealings.
Reviewing an Existing AML Policy
Examining the current policy and determining whether it suits the company's activity or needs amendment and updating.
Preparing KYC Procedures
Drafting customer identification procedures, required data, documents, verification steps, and customer information updates.
Preparing Due Diligence Procedures
Determining when standard due diligence is sufficient, and when the company needs enhanced due diligence.
Classifying Customer & Transaction Risk
Setting internal criteria to help classify customers and transactions based on risk level and the nature of the dealing.
Drafting Suspicious Activity Indicators
Preparing practical indicators tied to the company's activity, helping employees understand which cases require internal review.
Preparing the Internal Reporting Path
Organizing the mechanism for receiving observations, escalation, documentation, and the role of those responsible within the company.
Updating AML Policies
Reviewing policies when the company's activity changes, operations expand, or new regulatory requirements emerge.
When Does a Company Need to Draft or Update an AML Policy?
A company may need an AML policy when it handles customer funds, receives frequent payments, offers financial or fintech services, or is subject to regulatory requirements related to anti-money laundering and counter-terrorism financing.
When Handling Customer Funds or Payments
The more financial dealings a company has with customers, the greater the need for clear identification, verification, and documentation procedures.
When Operating a Digital or Fintech Business Model
Fintech companies usually need AML policies tied to their digital model and how they deal with customers and transactions.
When There Are Regulatory Requirements
Some activities require written, up-to-date policies as part of a compliance file, licensing, or regulatory review.
When Expanding Products or Services
Adding a new service may change the risk level, which calls for a review of the AML policy.
When Clear KYC Procedures Are Missing
If a company doesn't know what data is required from customers or how it's reviewed, it likely needs to build KYC procedures.
When Internal Indicators or Observations Arise
Unusual transactions or observations from employees may reveal the need for an escalation and internal reporting policy.
6 Steps to Drafting an AML Policy
Documents Needed to Draft an AML Policy
The following documents help us understand the company’s activity and build a suitable AML policy instead of using a generic template.
- Commercial registration and the company's basic details.
- A description of the company's activity and business model.
- Types of target customers.
- How payments are received or transactions are carried out.
- The countries or regions the company deals with, if any.
- Current internal policies, if any.
- KYC forms, if any.
- Current due diligence procedures, if any.
- Any requirements or observations from a regulator.
- The purpose of the policy: licensing, updating, operations, internal review, or expansion.
Common Mistakes That Weaken an AML Policy
Using a Generic Policy Unrelated to the Activity
A generic policy may not address the nature of customers, payment methods, or the actual risk level within the company.
Lack of Risk Classification
Knowing the customer isn't enough without classifying their risk level, since procedures differ between low-risk and high-risk customers.
Neglecting Enhanced Due Diligence
Some cases need deeper scrutiny and can't be handled with the same standard procedures.
Lack of Clear Suspicious Activity Indicators
If employees don't understand when a transaction is considered unusual, the policy won't be practically enforceable.
Confusing Policy With Operating Procedures
A policy defines the framework and responsibilities, while procedures explain the practical steps. Confusing the two causes ambiguity in implementation.
Not Updating the Policy
Changes in activity, services, or customer type require periodic policy review to keep it suited to current risks.
AML Policy Drafting in Jeddah
This page serves companies in Jeddah that need to prepare or review AML policies, especially companies with a financial or digital nature, or those handling customer funds or data. A large part of the work can be carried out remotely once the documents are clear and shareable.
Why Choose BMS Legal for Your Corporate Compliance Review?
Specialized Professional Supervision
The service is reviewed under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie, with professional qualifications in governance, compliance, and risk management.
A Policy Tied to the Company's Activity
The policy isn't drafted as a generic template, but according to the company's activity, customers, operations, and risk level.
Tying AML to General Compliance
AML policy is usually connected to compliance, conduct, and risk policies, so it's reviewed as part of an integrated framework.
Focus on Practical Application
The goal is for employees and management to understand what to do when identifying a customer or when a suspicious indicator arises.
Drafting That Preserves the Scope of Responsibility
The policy is drafted clearly, without promises of eliminating risk, but by organizing internal procedures and responsibilities.
Trust Details to Support Your Decision Before Sharing Customer Data or Policies
Before sharing your company’s policies, business model details, or customer procedures, you can review the firm’s and team’s details through the dedicated verification pages on the website.
Lawyer Sunaitan Mohammed bin Hayef Al-Subaie
Lawyer Sunaitan's professional profile shows license details and professional qualifications related to governance and compliance.
Lawyers' Licenses
You can review the license details of the lawyers on our team.
Commercial Registration
This page shows professional membership details for our team. BMS Legal is registered as an active commercial entity, in the form of a professional company.
License & Registration
A single page bringing together the firm's verification and accreditation details.
Does Your Company Need a Clear AML Policy?
Send your activity type, customer profile, how funds are received, and any current policies, so we can determine the appropriate scope of AML policy for your company.
Frequently Asked Questions About Corporate Compliance in Jeddah
What does an AML policy mean?
It’s an internal policy that governs customer identification, risk assessment, due diligence, suspicious activity indicators, and internal documentation.
What are Know Your Customer (KYC) procedures?
KYC procedures mean collecting and verifying customer data and understanding the purpose of the business relationship before or during the dealing.
When does a company need an AML policy?
You need it when handling funds, payments, customers, or a regulated activity that requires clear compliance procedures.
Does one policy work for all companies?
No, since an AML policy needs to be built around the company’s activity, customers, risks, and operations.
What's the difference between KYC and due diligence?
KYC focuses on identifying the customer, while due diligence includes assessing risk, understanding the relationship, and following up on information when needed.
Does the service include updating an outdated AML policy?
Yes, the current policy can be reviewed and updated if it no longer suits the activity, risks, or regulatory requirements.
Does lawyer Sunaitan supervise this service?
Yes, the service is offered as part of our corporate governance and compliance track, under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie.
What's the first step in drafting an AML policy?
The first step is to send a description of the activity, customer profile, how funds are received, and any current policies.