AML Policy Drafting in Jeddah

AML Policy Drafting in Jeddah

Last Updated:

July 12, 2026

Internal policies that help a company organize customer identification, risk assessment, due diligence, and suspicious activity indicators.
Anti-money laundering policies aren’t written as a formality tucked into a company file; they need to be tied to the nature of the activity, customer type, scale of operations, sources of funds, regulators, and the level of potential risk. That’s why companies with financial, digital, or regulated dealings need a clear policy that defines how customers are identified, risks assessed, transactions monitored, and procedures documented. BMS Legal offers AML policy drafting services in Jeddah as part of our corporate governance and compliance track, under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie, a licensed lawyer and member of the Saudi Bar Association, with professional qualifications in governance, compliance, risk management, and anti-money laundering. The service focuses on building a policy that can actually be applied within the company, not just a generic template that doesn’t reflect its activity.

Does Your Company Need an Anti-Money Laundering Policy?

Send your company’s activity type, customer profile, how you receive payments, the scale of operations, and any current policies, so we can determine whether you need an AML policy or an update to your due diligence procedures.

Select Your Company Type:

What Are AML Policies in Jeddah?

AML policies in Jeddah are internal policies that govern how a company identifies its customers, assesses their risk, monitors transactions, identifies suspicious activity indicators, and documents due diligence procedures based on the nature of its activity. These policies matter even more for financial institutions, fintech companies, companies that receive frequent payments, or establishments handling customer data or funds.

A generic policy copied from a ready-made template isn’t enough, since a fintech company’s risks differ from a traditional service company’s, and individual customer risks differ from commercial customer risks. That’s why the drafting process starts with understanding the company’s business model, then building an AML policy suited to the nature of its operations and relevant regulatory requirements.

Professional Supervision: Lawyer Sunaitan Mohammed bin Hayef Al-Subaie

BMS Legal’s AML policy drafting service is provided under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie, a licensed lawyer and member of the Saudi Bar Association, with professional qualifications in governance, compliance, risk management, and anti-money laundering.

This track focuses on tying the AML policy to the company’s actual activity, so it includes practical mechanisms for customer identification, risk classification, due diligence, suspicious activity indicators, internal documentation, and handling cases that require escalation or further review.

Professional Qualifications Related to Anti-Money Laundering

شهادة امتثال للمحامي صنيتان محمد بن هائف السبيعي

Certificate in Compliance – Kingdom of Saudi Arabia

A professional qualification in compliance within the Kingdom, suited to understanding the compliance environment and corporate policies.

شهادة GRCP للمحامي صنيتان محمد بن هائف السبيعي في مجال الحوكمة والمخاطر والامتثال

GRCP – Governance, Risk and Compliance Professional

A professional qualification in governance, risk management, and compliance, suited to building a corporate GRC framework.

شهادة GRCA للمحامي صنيتان محمد بن هائف السبيعي في تدقيق الحوكمة والمخاطر والامتثال

GRCA – Governance, Risk and Compliance Auditor

A professional qualification in auditing governance, risk, and compliance, suited to assessing internal policies and procedures.

What Are the Core Elements of an AML Policy?

AML policies vary depending on the company’s activity, but there are core elements that help build a clearer, more enforceable policy.

Defining the Policy Scope

Clarifying who within the company the policy applies to, and which operations, products, or services fall under AML procedures.

Know Your Customer (KYC)

Determining the data and documents required to identify the customer, verify their identity, and understand the purpose of the business relationship.

Due Diligence

Setting standard or enhanced due diligence procedures based on the risk level and the nature of the customer or transaction.

Risk Classification

Setting criteria for classifying customers or transactions as low, medium, or high risk.

Suspicious Activity Indicators

Identifying practical examples of indicators that call for internal review or escalation, based on the nature of the company's activity.

Internal Reporting & Escalation

Organizing the internal reporting mechanism, who receives reports, and how the review is documented without disrupting daily operations.

Documentation & Record-Keeping

Determining which documents and records must be kept, how they're accessed, and how they're updated when needed.

Training & Updates

Establishing a mechanism to train relevant employees and update the policy when the activity or regulatory requirements change.

BMS Legal's AML Policy Services

This service helps companies prepare or review an AML policy suited to their activity, customers, and the level of risk they face.

Drafting an AML Policy

Preparing an AML policy from scratch after studying the company's activity, customers, operations, and the nature of its financial or digital dealings.

Reviewing an Existing AML Policy

Examining the current policy and determining whether it suits the company's activity or needs amendment and updating.

Preparing KYC Procedures

Drafting customer identification procedures, required data, documents, verification steps, and customer information updates.

Preparing Due Diligence Procedures

Determining when standard due diligence is sufficient, and when the company needs enhanced due diligence.

Classifying Customer & Transaction Risk

Setting internal criteria to help classify customers and transactions based on risk level and the nature of the dealing.

Drafting Suspicious Activity Indicators

Preparing practical indicators tied to the company's activity, helping employees understand which cases require internal review.

Preparing the Internal Reporting Path

Organizing the mechanism for receiving observations, escalation, documentation, and the role of those responsible within the company.

Updating AML Policies

Reviewing policies when the company's activity changes, operations expand, or new regulatory requirements emerge.

When Does a Company Need to Draft or Update an AML Policy?

A company may need an AML policy when it handles customer funds, receives frequent payments, offers financial or fintech services, or is subject to regulatory requirements related to anti-money laundering and counter-terrorism financing.

When Handling Customer Funds or Payments

The more financial dealings a company has with customers, the greater the need for clear identification, verification, and documentation procedures.

When Operating a Digital or Fintech Business Model

Fintech companies usually need AML policies tied to their digital model and how they deal with customers and transactions.

When There Are Regulatory Requirements

Some activities require written, up-to-date policies as part of a compliance file, licensing, or regulatory review.

When Expanding Products or Services

Adding a new service may change the risk level, which calls for a review of the AML policy.

When Clear KYC Procedures Are Missing

If a company doesn't know what data is required from customers or how it's reviewed, it likely needs to build KYC procedures.

When Internal Indicators or Observations Arise

Unusual transactions or observations from employees may reveal the need for an escalation and internal reporting policy.

6 Steps to Drafting an AML Policy

Understanding the Company's Activity
We start by studying the activity, customer type, how funds are received, the scale of operations, products, and relevant authorities.
Determining the Risk Level
Potential risks are identified based on customers, regions, products, operations, and the nature of the business relationship.
Building KYC Procedures
The data and documents required to identify the customer, verify their identity, and update their information are determined.
Drafting Due Diligence
Standard or enhanced due diligence procedures are drafted based on the risk classification and the nature of the dealing.
Setting Suspicious Activity Indicators & Reporting
Practical indicators and a clear internal escalation mechanism are drafted, with responsibilities and documentation methods defined.
Delivery & Review
The policy is delivered in an organized format, with instructions on how to use it, update it, and connect it to the company's other policies.

Documents Needed to Draft an AML Policy

The following documents help us understand the company’s activity and build a suitable AML policy instead of using a generic template.

Common Mistakes That Weaken an AML Policy

Using a Generic Policy Unrelated to the Activity

A generic policy may not address the nature of customers, payment methods, or the actual risk level within the company.

Lack of Risk Classification

Knowing the customer isn't enough without classifying their risk level, since procedures differ between low-risk and high-risk customers.

Neglecting Enhanced Due Diligence

Some cases need deeper scrutiny and can't be handled with the same standard procedures.

Lack of Clear Suspicious Activity Indicators

If employees don't understand when a transaction is considered unusual, the policy won't be practically enforceable.

Confusing Policy With Operating Procedures

A policy defines the framework and responsibilities, while procedures explain the practical steps. Confusing the two causes ambiguity in implementation.

Not Updating the Policy

Changes in activity, services, or customer type require periodic policy review to keep it suited to current risks.

AML Policy Drafting in Jeddah

This page serves companies in Jeddah that need to prepare or review AML policies, especially companies with a financial or digital nature, or those handling customer funds or data. A large part of the work can be carried out remotely once the documents are clear and shareable.

Service Areas Within Jeddah

Cities We Can Coordinate With When Needed

Why Choose BMS Legal for Your Corporate Compliance Review?

Specialized Professional Supervision

The service is reviewed under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie, with professional qualifications in governance, compliance, and risk management.

A Policy Tied to the Company's Activity

The policy isn't drafted as a generic template, but according to the company's activity, customers, operations, and risk level.

Tying AML to General Compliance

AML policy is usually connected to compliance, conduct, and risk policies, so it's reviewed as part of an integrated framework.

Focus on Practical Application

The goal is for employees and management to understand what to do when identifying a customer or when a suspicious indicator arises.

Drafting That Preserves the Scope of Responsibility

The policy is drafted clearly, without promises of eliminating risk, but by organizing internal procedures and responsibilities.

Trust Details to Support Your Decision Before Sharing Customer Data or Policies

Before sharing your company’s policies, business model details, or customer procedures, you can review the firm’s and team’s details through the dedicated verification pages on the website.

Lawyer Sunaitan Mohammed bin Hayef Al-Subaie

Lawyer Sunaitan's professional profile shows license details and professional qualifications related to governance and compliance.

Lawyers' Licenses

You can review the license details of the lawyers on our team.

Commercial Registration

This page shows professional membership details for our team. BMS Legal is registered as an active commercial entity, in the form of a professional company.

License & Registration

A single page bringing together the firm's verification and accreditation details.

Does Your Company Need a Clear AML Policy?

Send your activity type, customer profile, how funds are received, and any current policies, so we can determine the appropriate scope of AML policy for your company.

Frequently Asked Questions About Corporate Compliance in Jeddah

What does an AML policy mean?

It’s an internal policy that governs customer identification, risk assessment, due diligence, suspicious activity indicators, and internal documentation.

KYC procedures mean collecting and verifying customer data and understanding the purpose of the business relationship before or during the dealing.

You need it when handling funds, payments, customers, or a regulated activity that requires clear compliance procedures.

No, since an AML policy needs to be built around the company’s activity, customers, risks, and operations.

KYC focuses on identifying the customer, while due diligence includes assessing risk, understanding the relationship, and following up on information when needed.

Yes, the current policy can be reviewed and updated if it no longer suits the activity, risks, or regulatory requirements.

Yes, the service is offered as part of our corporate governance and compliance track, under the supervision of lawyer Sunaitan Mohammed bin Hayef Al-Subaie.

The first step is to send a description of the activity, customer profile, how funds are received, and any current policies.

Scroll to Top