Maal Tech
Back to Course
⚖️
2

Regulations and Compliance in Saudi Market

Session Objectives

  • Understanding regulatory requirements for Fintech companies
  • Learning Saudi regulations (PDPL, AML, CTF)
  • Exploring CMA and SAMA requirements
  • Understanding licensing and compliance process

Session Content

1

Regulatory Framework in Saudi Arabia

Regulatory Authorities and Powers

  • SAMA: Banks, Payments, Transfers, Lending
  • CMA: Securities, Crowdfunding, Robo-Advisors

SAMA Fintech Licenses

  • Payment License (PSP): Capital 5-50M SAR, duration 6-12 months
  • Lending License: Capital 30-100M SAR, SIMAH integration
  • Money Exchange License: Capital 10+M SAR
  • Licensing steps: Initial → Assessment → Documents → Review → Sandbox → Final

CMA Requirements for Investment and Trading

  • Crowdfunding: Capital 5+M SAR, investment limit 100K SAR/year
  • Robo-Advisors: Advisory license, capital 5-10M SAR, approved algorithms
  • Licensed platforms: Scopeer, Manafa, Fundable, Wahed
2

Core Compliance Regulations

Personal Data Protection Law (PDPL)

  • Protected data: Identity, Financial, Location, Digital, Health, Biometric
  • Principles: Consent, Minimization, Security, Transparency, Access & Deletion rights
  • Requirements: Explicit consent, encryption, clear privacy policy
  • Penalties: Fines up to 3M SAR, service suspension

Anti-Money Laundering & Counter Terrorist Financing

  • KYC: Identity verification (Absher/Nafath), contact info, source of funds
  • Transaction monitoring: Large amounts, frequent transfers, high-risk countries, unusual patterns
  • SAR: Report suspicious activities within 15 days
  • Sanctions Screening: Check UN, OFAC, EU, Saudi lists
  • Penalties: Fines up to 50M SAR, license revocation, imprisonment

Other Requirements

  • Cybersecurity: ISO 27001, PCI DSS, SAMA Cybersecurity Framework
  • Reporting: Monthly, quarterly, annual
  • Consumer protection: Fee transparency, complaint mechanism, response within 15 days
3

Practical Application - Compliance Checklist

Group Activity: Building Digital Wallet

  • Licensing: PSP from SAMA, capital 10M
  • KYC/AML: Absher integration, transaction monitoring, Sanctions Screening
  • PDPL: Privacy policy, consent forms, encryption
  • Security: ISO 27001, PCI DSS, MFA
  • Consumer protection: Transparency, complaints system
  • Technical infrastructure: Cloud, Disaster Recovery, backups

Resources & Links

📚Resources

  • PDPL Full Text
  • SAMA Rules for Payment Service Providers
  • AML Guide - SAMA

🔗Useful Links

Previous SessionNext Session