Financial Services Regulation 2025 Comparisons

Capital Markets Law

The Capital Market Authority (CMA) is one of the key financial regulators in Saudi Arabia (the Kingdom) mandated to supervise, develop and regulate the capital markets in accordance with the Capital Market Law issued by Royal Decree No M/30 of 2003 (CML). Its framework is designed to create a balanced and sustainable marketplace that combines investor protection with economic growth. Broadly, the CMA seeks to enhance fairness, efficiency and transparency in the financial system, while ensuring compliance with international standards. The regulator’s objectives extend beyond the monitoring of day-to-day securities activities; it seeks to position the Kingdom’s capital markets as a global hub, aligned with the ambitions of Vision 2030 (as further detailed in the Financial Sector Development Plan (FSDP) – see 6.1 Financial Services Reforms), by attracting foreign investment, deepening liquidity and diversifying financial instruments. The CMA also plays a pivotal role in safeguarding investors against unfair practices such as fraud, insider trading and market manipulation, while requiring full disclosure from issuers to ensure that investment decisions are based on accurate and timely information. The CMA emphasises the three pillars of its strategic plans facilitating the market’s role in financing economic transformation, activating the financial institutions and products ecosystem, developing rules and regulations and protecting investors, thereby maintaining trust in the system.

• There are several implementing regulations that govern how institutions and individuals must operate within the market. Among the cornerstone regulations are the Capital Market Institutions Regulations (CMIR), which set out the licensing, governance, business and conduct requirements for firms engaged in securities business. Such firms include dealers, arrangers, custodians, fund managers and advisers.
• The Securities Business Regulations (SBR) more precisely define what constitutes securities activities and who may conduct them. The regulations clearly specify the scope of services in relation to dealing, arranging, advising, managing and custody and make clear that such activities require CMA authorisation. They also regulate the manner in which securities advertisements and promotions are conducted in order to prevent misleading or aggressive marketing practices.
• Complementing the above are the Market Conduct Regulations, which provide an ethical and behavioural framework for all participants. These regulations strictly prohibit insider trading, market manipulation, and the dissemination of false or misleading information. They also set standards for the fair treatment of investors and establish restrictions on trading by substantial shareholders, directors and senior executives.
• As well as regulating the conduct of institutions and issuers, the CMA framework also covers collective investment vehicles. The Investment Funds Regulations provide the structure under which fund managers may establish, manage and market their investment funds. These rules cover public and private funds specialised funds and traded funds, stipulating the requirements for offering documents, valuation procedures, redemption mechanisms and investor disclosures. In parallel, the Real Estate Investment Fund Regulations govern the establishment and operation of public real estate funds, including traded REITs. These provisions deal with the governance of fund boards, custodian responsibilities, disclosure standards and investor rights.
• The CMA also provides a dedicated framework for mergers and acquisitions through the Merger and Acquisition Regulations. These regulations govern takeover offers, mergers involving listed companies, and acquisitions that result in significant changes in control.

Banking and Finance Regulations

The Saudi Central Bank (SAMA) is the Kingdom’s other key financial regulator. It has a mandate to oversee and regulate banks, finance companies and payment service providers. Established originally as the Saudi Arabian Monetary Agency in 1952 and reconstituted as the Saudi Central Bank under Royal Decree No M/36 of 2020, SAMA is entrusted with maintaining monetary stability, promoting confidence in the financial system and supporting balanced economic growth. Its regulatory framework is grounded in ensuring the safety and soundness of financial institutions, protecting consumers and fostering innovation in line with the Kingdom’s Vision 2030. By issuing and supervising the implementation of laws, regulations and prudential requirements, SAMA seeks to align the Kingdom with global standards such as those of the Basel Committee on Banking Supervision and the Financial Stability Board (FSB), while tailoring these frameworks to local economic realities.

Key Legislation for the Banking Sector

The Kingdom’s banking sector is governed by a suite of core regulations designed to ensure stability, transparency and consumer protection.

• The Banking Control Law (BCL) (Royal Decree No M/5 dated 22/2/1386H) sets out the licensing, operational and prudential requirements for banks, including minimum capital, deposit protection and comprehensive supervisory powers for SAMA.
• The Credit Information Law (Royal Decree No M/37 dated 5/7/1429H) regulates the collection, exchange and confidentiality of consumer credit data, mandating the licensing of credit bureaus, consumers’ rights to access and correct their records, as well as strict controls on data use and disclosure.
• To safeguard the wider financial system, the Law of Systemically Important Financial Institutions (Royal Decree No M/38 dated 25/4/1442H) establishes the framework for identifying, regulating and resolving institutions whose failure could threaten financial stability. This law empowers SAMA and the CMA not only to require that disaster recovery and resolution plans are in place, but also to intervene in crises, and ensure the continuity of critical banking functions, with clear procedures for asset transfers, creditor rights and cross-border co-ordination.

Key Legislation for the Finance Sector

Non-bank finance in Saudi Arabia is regulated through several targeted laws.

• The Finance Companies Control Law (FCCL) (Royal Decree No M/51 dated 13/8/1433H) provides the overarching framework for the licensing, supervision and regulation of non-bank finance companies, including those offering consumer finance, leasing, SME finance and microfinance. It sets out capital requirements, governance standards and activity restrictions to ensure their soundness and consumer protection.
• The Real Estate Finance Law (Royal Decree No M/50 dated 14/8/1433H) specifically governs mortgages and property-backed lending, establishing licensing requirements for real estate finance entities, standards for contracts and consumer disclosures, and mechanisms for government subsidy and secondary market refinancing.
• The Finance Lease Law (Royal Decree No M/48 dated 13/8/1433H) regulates finance leasing activities, requiring written contracts, asset registration, maintenance obligations, and clear rules for repossession and dispute resolution.

Together, these laws ensure that finance companies operate transparently, protect borrowers, and contribute to the stability and development of the credit market.

Key Legislation for the Payment Services Sector

The payments ecosystem in Saudi Arabia is underpinned by robust regulation to ensure safety, innovation and resilience. The Law of Payment and Payment Services (Royal Decree No M/32 dated 5/4/1442H) provides the legal basis for the licensing and supervision payment service providers, electronic money institutions and payment system operators. It covers settlement finality, safeguarding of client funds, interoperability and risk management, thereby supporting the development of a secure and efficient digital payments market.

In parallel, the Law of Systemically Important Financial Institutions (Royal Decree No M/38 dated 25/4/1442H) extends to payment systems deemed critical to financial stability, empowering SAMA to designate, supervise and, if necessary, initiate procedures against such entities to prevent systemic disruption. This includes powers to intervene in the management of systemically important payment institutions, ensure continuity of services, and co-ordinate with international authorities on cross-border payment infrastructure.

These frameworks collectively ensure that payment services in the Kingdom are resilient, innovative and aligned with global best practice.

The types of products and services regulated by the CMA and SAMA and the various licences required for conducting specific business activities as required by the CMA or SAMA are now discussed.

Regulated Capital Markets Activities

Capital markets products and services are set out in the SBR, where the CMA defines “securities business” as engaging in any securities activity by way of business. In order to carry out such activities in the Saudi capital market, a person must obtain one or more of the five licences prescribed under the SBR, namely: Dealing, Arranging, Managing, Advising and Custody. Each licence corresponds to a distinct category of activity.

• Dealing licence – covers transactions where a person buys, sells, subscribes for or underwrites securities, whether acting as principal or as agent.
• Arranging licence – applies to activities where a person introduces parties in connection with the offering of securities, structures underwriting arrangements or advises on corporate finance transactions.
• Managing licence – required where a person manages securities belonging to another party, particularly where such management involves the exercise of discretion, or where the person operates collective investments.
• Advising licence – covers the provision of advice in relation to securities, including evaluating the merits of dealing in such securities, exercising rights attached to them, or providing financial planning and wealth management advice.
• Custody licence – applies where a person safeguards securities or other assets on behalf of another person, or arranges for a third party to provide such safekeeping, which may also involve undertaking related administrative measures.

The SBR also recognises that, in certain cases, specific persons may be exempted from this licensing requirement. These exempt persons are permitted to carry out securities activities without holding a formal CMA licence and are afforded the same authority as licensed persons for the scope of activities defined by the regulation. Further detail on exempt persons, including the scope of their authority, is provided in 2.2 Exemptions.

Regulated Banking Activities

The banking and finance sectors are regulated by SAMA, which provides regulatory supervision of those entities licensed by SAMA to provide banking and financing services. The BCL (and its implementing regulations) and SAMA together established, among other things, the scope of permissible activities, licensing requirements, supervisory obligations and prudential safeguards. To understand the range of regulated services, it is essential to understand the foundational definition of banking business.

Article 1(b) of the BCL defines “Banking Business” broadly as “the acceptance of money in current or fixed deposit accounts, the opening of current accounts, the issuance of letters of credit, the issuance of letters of guarantee, the payment and collection of cheques, payment orders, promissory notes, and similar papers of value, as well as discounting of bills of exchange and other commercial papers, and foreign exchange transactions”. This root definition reflects the core financial intermediation function:

• mobilising deposits from the public;
• facilitating payments;
• extending credit; and
• managing instruments of value.

These functions are the backbone of the banking system and are reserved exclusively for licensed banks.

Building on this foundation, the BCL provides a detailed framework for the specific types of regulated products and services that banks may offer, such as the following.

• Deposit-Taking Services – Banks may accept deposits in the form of current accounts and fixed-term deposits.
• Credit and Financing Services – Lending is central to banking business. Banks may grant loans, extend credit facilities and issue financial guarantees, but these activities are subject to concentration limits.
• Trade Finance and Guarantees – Banks are authorised to issue letters of credit and letters of guarantee, which play a key role in international and domestic trade.
• Payment and Settlement Services – The BCL explicitly covers the handling of cheques, payment orders, promissory notes and other instruments of value. Banks are responsible for the collection and settlement of these instruments, embedding them at the core of the national payments systems.

Regulated Finance Company Activities

The regulated products and services of finance companies are comprehensively outlined in the FCCL and its implementing regulations. At the root of this framework lies the statutory definition of finance, which is the extension of credit under a contract for activities permitted by the FCCL. Unlike banks, which are defined by deposit-taking and other activities within the scope of services, finance companies are specialised companies licensed by SAMA to provide specific forms of credit, always subject to Shariah principles, consumer protection rules and practical oversight.

Article 10 of the FCCL specifies the types of finance activities that companies are licensed to undertake. Types of financing include:

• real estate finance, such as mortgage lending and property-backed finance;
• production asset finance, where companies fund equipment or productive assets for businesses;
• small and medium-sized enterprise (SME) finance, designed to support the capital needs of smaller businesses;
• finance leases, a Shariah-compliant structure where the company retains ownership of the asset while the customer pays instalments;
• credit card finance, covering the issuance and management of credit cards facilities;
• consumer finance, which includes payment by instalments for goods and services provided to individuals;
• microfinance, aimed at supporting micro-entrepreneurs and craftspeople under strict limits; and
• any other finance activity approved by SAMA.

Article 11 of the FCCL prohibits finance companies from engaging in activities outside the above scope. They may not accept deposits (current or fixed-term), trade in currencies, gold or securities, or engage in retail/wholesale trade. This ensures finance companies remain narrowly focused on their licensed credit activities, avoiding risks associated with banking or commercial operations. Licensing is activity-specific, meaning that a company must obtain authorisation for each type of finance activity it wishes to conduct.

In outlining the scope of exemptions under the Kingdom’s financial regulations, the discussion will now highlight activities excluded from CMA licensing, categories of exempt persons under the SBR and specific exemptions under the BCL and FCCL.

Applicable Exemptions Under Capital Market Regulations

The CMA, under its SBR, governs the conduct of securities business in the Kingdom. The regulations require that any person carrying on securities business in the Kingdom must be authorised by the CMA or qualify as an exempt person. Chapter Two of the SBR sets out a list of activities that are excluded from the requirement to obtain CMA authorisation. These exclusions are critical in delineating the boundaries of regulated securities business and are summarised as follows.

• Intra-Goup and Joint Enterprises Activities – Article 8 exempts transactions and services provided between members of the same group or participants in a joint enterprise, provided that the activities are for the purpose of the joint enterprise.
• Activities Ancillary to Non-Securities Business ‒ Article 9 exempts securities activities carried out in the course of a profession or business that does not otherwise involve/concern business securities, where such activities are a necessary part of its services and not remunerated separately. This includes, for example, legal or accounting firms providing incidental arranging or advisory services in the course of their ordinary business.
• Sale of Goods and Supply of Services – Article 10 exempts securities activities between a supplier and a customer if carried out for the purposes of and reasonably necessary for or ancillary to the sale or supply of goods or services, provided that the supplier’s main purpose is not securities business.
• Execution of Wills – Article 11 exempts securities activities carried out by an executor of a will, provided that the executor does not hold out that they are carrying on securities business and the executor is not separately remunerated for the activity.
• Acquisition or Disposal of Unlisted Companies – Article 12 exempts transactions for the purpose of acquiring or disposing of 50% or more of the voting shares in a company whose shares are not listed on the exchange.
• Dealing as Principal in Certain Circumstances – Article 13 provides several exemptions for dealing as principal, including:
1. dealing in non-contractually based securities, unless the person holds out as dealer or solicits from the public;
2. dealing in contractually based securities as principal if a Capital Market Institution (CMI) or exempt person is involved;
3. acceptance of instruments creating indebtedness in respect of loans or guarantees;
4. issuance of a person’s own shares, debt instruments or warrants; and
5. a CMI investing its own money.
• Arranging Exclusions – Article 14 exempts the arranging of transactions to which the arranger is a party, arrangements involving acceptance of indebtedness, arranging the issuance of one’s own securities, and introductions for custody services.
• Advising Exclusions – Article 15 exempts advice given in writing in newspapers or periodicals, or in broadcasts, where the principal purpose is not to advise or induce persons to deal.

Exempt Persons in Capital Markets

Annex 1 to the SBR lists specific categories of exempt persons who may carry on securities business without CMA authorisation, including:

• the government of the Kingdom of Saudi Arabia;
• SAMA;
• the Exchange and other approved stock exchanges;
• the Depository Centre;
• CCP (Central Counterparty);
• recognised supranational authorities;
• insolvency practitioners (in their capacity as such);
• insurance companies (in relation to insurance activities regulated by the Insurance Authority); and
• other persons as determined by the CMA.

Reverse Solicitation Exemption

Alongside the formal exemptions in the SBR, the CMA’s published FAQs indicate that reverse solicitation is tolerated in limited cases. Foreign financial institutions licensed in comparable jurisdictions may provide securities business to clients in Saudi Arabia without CMA authorisation if:

• the client is either an investment company (as defined in the CMA’s Glossary) or a natural person with at least SAR50 million in investments or net assets;
• the client initiates the request for services (ie, there is no marketing or solicitation by the foreign institution); and
• the services do not relate to securities issued or listed in Saudi Arabia (except Saudi government bonds), or to structured products where 50% or more of the underlying assets are Saudi securities.

Exemptions Under Banking Regulations

The exempt persons under the BCL include juristic persons that are already licensed under other jurisdictions or special decrees, licensed moneychangers, and entities holding pre-existing recognised licences.

• Juristic persons licensed under other laws or special decrees – Article 2-A of the BCL provides that juristic persons licensed under other laws or special decrees to carry on banking business may practise such business within the limits of their intended purposes. This means that certain entities, such as government institutions or specialised financial entities established by royal decree or specific legislation, may be exempt from the licensing requirements applicable to commercial banks, provided that their activities remain within the scope of their founding instruments or constitutional documents.
• Licensed moneychangers – Article 2-B allows licensed moneychangers to engage in currency exchange (notes and coins), but prohibits them from conducting other banking activities. This narrow exemption is strictly limited to currency exchange and does not extend to deposit-taking or lending.

As for exemptions from prohibitions and certain requirements, the BCL clarifies that the limitations on the amount of credit extended to a single person or entity do not apply to transactions between banks, head offices and their branches, or between branches as per Article 8. Also, Article 21 of the BCL grants the Minister of Finance (previously, Minster of Finance and National Economy), in exceptional circumstances and with the prior approval of the Council of Ministers, the authority to exempt any bank from the provisions of the BCL and its implementing regulations for a limited period and subject to specified conditions.

Exemptions Under Finance Company Regulations

The FCCL mentions in Article 4(3) and Article 5 of the Implementing Regulations that the financing by a natural or corporate person of its own products and services for its clients is subject to SAMA’s control and any instructions issued by SAMA, rather than the full licensing regime. This exemption is designed to allow manufacturer, retailers or service providers to offer instalment sales or similar arrangements without being classified as finance companies, provided that they comply with SAMA’s specific rules.

Regulation of Crypto-Assets in Saudi Arabia

Through its participation in the Standing Committee for Awareness on Dealing in Unauthorised Securities in the Foreign Exchange Market, SAMA has cautioned the public against trading or investing in cryptocurrencies and similar virtual assets. In an official statement issued in August 2018, the Committee confirmed that cryptocurrencies such as “Bitcoin” are not recognised within the Kingdom, are not legal tender, and no persons or entities are licensed to engage in such activities.

This position was reiterated in August 2019 by the Ministry of Finance, which warned against misleading marketing that seeks to associate cryptocurrency products with the Saudi riyal, national symbols or official state emblems. The Ministry emphasised that any claims linking the Kingdom to so-called Crypto Riyal, or similar products, are false and unauthorised and that the use of national identifiers in such promotions constitutes a legal violation. While SAMA has pursued controlled experimentation with central bank digital currencies (CBDC) and blockchain technology for wholesale and cross-border settlement, such initiatives are entirely separate from public cryptocurrency markets.

SAMA’s stance is that cryptocurrency trading and investments are unauthorised, and the public is strongly advised to refrain from participating in such activities in the absence of further formal updates from SAMA or the Ministry of Finance.

Current Regulatory Structure

The Kingdom’s financial system is regulated by two complementary authorities with distinct mandates: the CMA, which supervises the securities and capital markets ecosystem; and SAMA, which oversees policy and the wider financial sector including banks, finance companies and payment systems.

CMA: roles and responsibilities

The CMA is the statutory regulator for the Kingdom’s capital markets and is responsible for regulating and developing the market, licensing and supervising capital market institutions, policing market conduct, and overseeing disclosure and offering regimes so that the issuance and trading of securities occurs in a fair, efficient and transparent way. The CML provides the CMA with investigative powers and empowers it to issue the implementing regulations that govern market infrastructure and participants. In practice, the CMA’s remit includes:

• approval of public offerings and listings;
• supervision of CMIs (dealers, arrangers, managers, advisers, custodians);
• enforcement measures against market abuse; and
• system-level oversight of the exchange, depository and clearing house.

Chapter Three of the Capital Market Law establishes clear provisions regarding the Exchange, the Depository Center, and the Clearing Center. No person may establish or operate these functions without a licence from the CMA.

SAMA: roles and responsibilities

SAMA is the Kingdom’s central bank. Under Article 2 of the Saudi Central Bank Law (SCBL), SAMA is a financially and administratively independent legal person that reports directly to the King. Meanwhile, Article 3 of the SCBL sets SAMA’s objectives, which are monetary stability, financial sector stability and trust, and supporting growth. Article 4 of the SCBL then enumerates its/SAMA’s core powers and duties including:

• issuing and regulating the national currency;
• overseeing and supervising financial institutions in accordance with the FCCL and its implementing regulations and any other relevant laws by SAMA;
• conducting monetary policy;
• managing foreign reserves; and
• acting as the government’s banker and financial adviser.

In addition to the aforementioned activities, SAMA is also responsible for establishing, operating, licensing and overseeing national payment, settlement and clearing infrastructures, and supporting financial technology platforms to ensure their alignment with Vision 2030.

SAMA’s supervisory perimeter includes:

• banks under the BCL and its implementing regulations;
• finance companies;
• money exchanges;
• credit bureaus; and
• payment systems/services.

The SAMA rulebook also captures its consumer protection powers and enforcement remit, reflecting its role not only as a prudential supervisor, but also as a conduct regulator for banks and financial institutions.

The CMA and SAMA issue their rules, regulations and guidance through their official publications, which are made publicly available online. These regulatory processes are not isolated: they are tied to national legal and policy architecture through the Bureau of Experts at the Council of Ministers (BOE) and the National Public Consultations Platform (Istitlaa), which ensures that regulatory proposals are subject to review, transparency and stakeholder participation before they become binding.

CMA Rules and Guidance

The CMA provides a consolidated portal for its regulatory framework on its website under the section “Laws and Regulations”. This serves as the central repository for hard law instruments, including the Capital Market Law, all implementing regulations such as the SBR, CMIR, Rules on the Offer of Securities and Continuing Obligations and the Market Conduct Regulations. In addition to these binding instruments, the CMA also publishes soft law materials, such as circulars and instructions. Alongside these binding instruments, the CMA issues guidelines and FAQs to aid interpretation.

SAMA Rules and Guidance

SAMA publishes its regulatory material through the SAMA Rulebook, which organises laws, regulations and guidance by sector. Within these categories, users can find hard law (laws, regulations, implementing rules) and soft law instruments (circulars, supervisory frameworks, risk management frameworks, FAQs, etc).

The Bureau of Experts at the Council of Ministers (BOE)

The BOE is a central legal drafting and review body within the Saudi Council of Ministers. It plays a role in reviewing and consolidating laws and regulations across all ministries and regulatory authorities. Its functions include:

• reviewing draft laws and regulations prepared by regulators such as SAMA and the CMA;
• ensuring consistency with Shariah, existing statutes and national policy frameworks; and
• publishing the final approved versions of royal decrees, laws and regulations on its portal for public access.

For financial services, this means that once the CMA or SAMA prepares draft legislation, the draft passes to the BOE for legal vetting and integration into the national legislative framework. The BOE’s official website is therefore the authoritative resource for accessing the final, legally binding texts of financial laws and regulations, in both Arabic and English.

Public Consultation Platform (Istitlaa)

The Istitlaa platform is Saudi Arabia’s official public consultation portal managed by the National Competitiveness Center. It centralises all draft regulations, rules and policy proposals from ministries and regulators, including the CMA and SAMA, for stakeholder and public review.

Implementation of Basel III in Saudi Arabia

In Saudi Arabia, SAMA is the authority charged with implementing Basel III standards in the local banking sector. SAMA has published detailed guidance, oversight mechanisms and enforceable regulations to align Saudi banks with the Basel framework. According to SAMA’s own “Regulatory Capital Under Basel III” section in the SAMA Rulebook, SAMA maintains a finalised guidance document and capital rules consistent with Basel III principles.

The Kingdom has recently moved forwards implementing the final Basel III reforms (as promulgated by the Basel Committee in December 2017) or the “Basel III Endgame”. On 1 January 2023, SAMA officially announced that the Basel III final reforms were in force for Saudi banks, thus formally beginning the transition to the full set of enhancements, including output floors and recalibrated risk approaches.

However, full conformity with all elements of the “final” Basel III paradigm is being phased in over time. For instance, the output floor(s) (being limits beneath which banks may not reduce risk-weighted assets via internal model(s)) are being introduced gradually from January 2023 to January 2028 with a phased approach aimed at scaling them from 50% to 72.5%. While many of the core elements are already in place, several transitional provisions require multi-year implementation. In that sense, it can be said the Kingdom has begun implementing the final Basel III regime, but some elements are still being phased in.

In terms of how Basel III is implemented in the Kingdom, SAMA adopts a multi-pronged approach:

• regulatory capital rules and guidance;
• supervisory oversight and enforcement;
• phased transition and buffers;
• calibration and local adjustment;
• disclosure and market discipline (Pillar 3);
• pilot and readiness phases; and
• periodic review and alignment with RCAP.

The Kingdom’s securities market currently operates on a T+2 settlement cycle, and there is currently no public commitment to shift to T+1 yet. In its “Trading and Membership Procedures”, Tadawul confirms that the default settlement cycle for negotiated deals is T+2 unless the buyer and seller agree on a different cycle ranging from T+0 to T+5. In terms of whether Saudi Arabia has indicated a future move to T+1, there has been no definitive public announcement.

The following outlines the Kingdom’s ESG framework for financial services, covering the CMA’s sustainable debt and disclosure initiatives, Tadawul’s reporting guidelines, greenwashing prevention, and SAMA’s supervisory and innovation-focused approach.

CMA ESG Approach and Focus

In the capital market, the most concrete policy development is the CMA’s Guidelines for Issuing Green, Social, Sustainable, and Sustainability-Linked Debt Instruments (collectively known as “sustainable debt”), which came into effect on 27 May 2025 (the “Guidelines”). These Guidelines were approved by the CMA Board as part of the CMA’s Sustainability Strategy and its 2024–26 plan to deepen the sukuk and debt market. Importantly, the Guidelines define and cover four categories:

• green debt instruments;
• social debt instruments;
• sustainable debt instruments; and
• sustainability-linked debt instruments.

On the listing and issuer disclosure side, Tadawul has issued ESG disclosure guidelines for listed companies. These guidelines are non-binding, but they are a road map for what to disclose and how, and are periodically updated to align with global practices. Tadawul sees the guidelines as a “useful resource for listed companies to help them navigate ESG”, with the stated aim of catalysing sustainable and inclusive market growth through better, more consistent voluntary reporting. For issuers and investors building ESG programmes and funds, Tadawul’s guide is a day-to-day reference on metrics, structure and reporting expectations.

Greenwashing

The Saudi regime addresses greenwashing through broad conduct and disclosure rules that prohibit false or misleading statements, including those related to ESG claims. The CMA’s Market Conduct Regulations ban manipulative and deceptive practices, such as making untrue statements or omitting key facts to influence securities prices. These rules apply to all claims, including sustainability-related ones, and provide for civil liability if material facts are misrepresented. Issuers falsely labelling instruments as “green” or “sustainable” can be penalised under these rules. The CMA take enforcement action against fraud and misrepresentation, making it clear that misleading statements (regardless of theme) are sanctionable, without the need for separate ESG-specific rules.

The CMA’s strategic agenda supports sustainable debt growth by both encouraging increased issuances and improving market infrastructure, with rising sukuk and debt volumes evidencing a growing platform for sustainability instruments. To curb greenwashing, it requires issuers to clearly define and categorise sustainable instruments with specific use-of-proceeds or KPIs and to disclose any non-compliance with sustainability guidelines, thereby reinforcing general prohibitions on misleading conduct. For funds, the emphasis is on accurate and complete ESG disclosures to ensure products marketed as “ESG” or “green” provide truthful disclosures and ongoing reports aligned with their stated strategies under the CMA’s conduct and disclosure rules.

SAMA ESG Approach and Focus

Turning to SAMA, the central bank’s materials reflect a growing focus on sustainability in supervision and innovation, even if it has not issued a dedicated standalone “ESG investing rulebook”. SAMA’s publicly available rulebook includes an ESG checkpoint within the regulatory sandbox application guidance (“D4 – Focus on Environmental, Social and Governance”), which asks innovators to indicate whether their business pursues ESG goals. The sandbox’s objective is to generate evidence for new guidelines and rules. As technologies and business models evolve, this will be a policy lever SAMA can use to integrate ESG-relevant standards into licensing or supervision once pilot data supports it. In its Financial Stability Reports and other communications, SAMA has referenced sustainability and climate-related themes in the context of risking and resilience of the financial system, but again without a single, prescriptive ESG code that targets investment activity in the way a capital markets regulator would.

SDAIA’s AI Guidelines

The Saudi Data & Artificial Intelligence Authority (SDAIA) is the Kingdom’s central body responsible for developing, regulating and overseeing AI and data policies across both public and private sectors. SDAIA’s mandate is to enable the Kingdom’s transformation to become a global leader in data-driven innovation and AI governance, in line with Vision 2030.

On 1 January 2024, SDAIA issued two complementary Generative AI Guidelines.

• The first (Public GenAI) guideline applies to public and private sector stakeholders, including developers and users of financial services. It sets out ethical principles for using AI, such as fairness, reliability and safety, transparency, explainability, accountability and responsibility, privacy and security. The principles also cover Human, Social and Environmental benefits for users and developers.
• The second (Government GenAI) guideline applies to government entities and establishes mandatory rules for using AI with government data. It requires human oversight for critical decisions, restricts inputs to public data unless approved under the PDPL, and mandates the creation of internal policies, Data Management Offices and staff training programmes. These measures ensure responsible use of AI within the public sector, while safeguarding privacy, accuracy and security.

Public Versus Government Use of AI – What the Official Guidance Says

SDAIA’s public guideline tells private entities (including those in financial services) to operationalise the national ethical principles and sets concrete mitigations. For example:

• watermarking outputs (to help detect deepfakes);
• content moderation/filters;
• KYC-style verification for providers of services;
• source citation and fact-checking;
• user education; and
• policies prohibiting users from entering sensitive/classified data into third-party tools.

The guideline directly addresses the risks that matter for banks and CMIs such as deepfakes and misrepresentation (fraud/market manipulation risk), safety threats, hallucination/misinformation, classified-data leaks, IP infringement and variability of outputs, while promoting pragmatic controls such as organisational policies, technical labelling, model updates tracking and due diligence on training data and/or IP.

AI in Financial Services Regulation

SAMA and the CMA continue to operate sandboxes or fintech labs to test AI-driven solutions, among other things. Other than these controlled environments, there is no specific guidance as yet.

Saudi Arabia’s approach to fintech is pro-innovation and pro-safety. The CMA and SAMA lead the way on policy and licensing in their respective domains: SAMA on banking, finance companies, payments, and the CMA on securities-related innovations (market intermediation, crowdfunding, robo-advice, tokenised capital market use cases, etc). Both regulators use controlled-experimentation regimes covering SAMA’s Regulatory Sandbox and CMA’s FinTech Lab to allow innovators to test business models with real users under strict time-bound conditions with supervisory oversight. This “test-and-scale” posture is explicitly tied to Vision 2030’s Financial Sector Development Program (FSDP), which tasks the financial regulators with deepening the capital markets, widening access, increasing payments digitalisation and attracting world-class fintech talent and investment.

CMA’s FinTech Lab

CMA’s FinTech Lab allows eligible companies to test innovative securities market products and services under controlled conditions before full licensing thereof, ensuring investor protection and market integrity. Fintech companies receive experimental permits to operate within defined parameters, and the CMA publicly lists these participants’ conditions. The programme’s design signals a clear regulatory attitude: the CMA will enable new capital market fintech propositions, including equity crowdfunding, robo-advisory variants, smart order/analytics tools and investment account innovations, provided that they are tested in a ring-fenced, time-limited environment with appropriate risk controls and disclosures. This encourages competition and product variety without compromising the truthful-disclosure and fair-dealing duties that underpin market conduct.

SAMA’s Regulatory Sandbox

SAMA’s Regulatory Sandbox enables eligible FinTech companies to test innovative solutions in payments, lending, RegTech/AML and related areas with real customers under controlled conditions, and to seek market authorisation if successful. The sandbox supports Vision 2030 by promoting financial inclusion, competition and digital transformation, and SAMA publicly lists participating FinTech companies. SAMA’s policy focuses on enabling innovation through structured pilots, strengthening resilience with strong consumer protection and risk controls, with proven models graduating set to achieve full licensing. Additionally, SAMA is actively exploring Central Bank Digital Currencies (CBDC) for wholesale and cross-border payments, participating in international projects like Projet Aber and mBridge, while maintaining a cautious stance on retail cryptocurrencies, reflecting its commitment to responsible fintech advancement and global leadership.

Client and investor protection in the Kingdom is a central pillar of the regulatory system. Both the CMA and SAMA recognise that consumers and investors are often faced with complex products that could lead to their financial exposure to unlimited liabilities. Accordingly, each regulator embeds protections into its core regulations: the CMA through CMIR and investor protection initiatives, and SAMA through the BCL and its principle of fair treatment of banking customers. Together, these frameworks ensure individuals engaging with financial institutions, whether in capital markets or retail banking, are treated fairly, transparently and with access to an effective compensation mechanism.

CMA: Investor Protection and Fair Dealing

The CMA’s regulations (CMIR) establish foundational duties for CMIs, including the obligation to act with integrity, skill and care to ensure that all client communications are clear, fair and not misleading. The rules require that clients must be classified as retail, qualified or institutional, with enhanced safeguards for retail clients, who are more likely to be vulnerable.

Crucially, CMIs must assess the suitability of products and services for each client and ensure that the customer understands the risks involved. In doing so, CMIs should/must take into account the client’s education, financial capacity and investment experience. In addition, the CMA requires CMIs to provide written terms of business, maintain proper records and safeguard client assets.

Moreover, the CMA has published an “Investor Protection Guide”, which highlights common fraudulent practices, warns against dealing with unlicensed persons, and explains how investors can verify the licensing status of market participants. It sets out complaint procedures and reporting channels, which clarify the difference between making a complaint and submitting a violation report, and emphasises the right of investors to pursue legal recourse for errors or misconduct. Taken together, the above measures strengthen transparency and help prevent the exploitation of unsophisticated investors.

SAMA: Consumer Protection in Banking

The BCL places the safety of depositors and the integrity of the banking sector at its core. It prohibits unlicensed entities from engaging in banking business, ensuring that only supervised institutions can accept deposits or provide credit. To protect consumers, the BCL imposes safeguards such as capital and reserve requirements, liquidity buffers and lending concentration limits, thereby reducing the risk of bank failure that would directly harm depositors.

In parallel, SAMA has issued the Banking Consumer Protection Principles, which require banks and finance companies to ensure fair treatment, transparency in advertising and fees, accessibility of service, and effective complaints handling. Customers must be provided with clear account information, transparent pricing and secure digital services. The principles also require institutions to have an accessible complaints channel and to resolve disputes in a timely and fair manner.

The principles emphasise fair treatment across the entire customer journey from account opening and loan servicing, to digital banking channels. Institutions must avoid misleading advertising, disclose fees in a clear and understandable way, and provide products that are appropriate for the customer’s circumstances. This focus on transparency and fairness directly benefits vulnerable customers who may otherwise struggle to assess risks or costs. They also highlight effective complaints handling and compensation mechanisms.

Banks are required to establish clear procedures for receiving, documenting and resolving customer complaints. Resolution must be timely, impartial and communicated in plain language. Institutions must also track complaints systematically and report trends to management and regulators, ensuring that recurring issues are corrected at the root. These safeguards not only provide relief to individual customers, but also drive structural improvements in service quality across the sector.

Overall Approach

In conclusion, the Kingdom’s financial regulators adopt a dual but complementary approach to protecting vulnerable customers. The CMA focuses on safeguarding investors through disclosure, suitability, fair dealing and accessible complaints procedures underpinned by the CMIR and Investor Protection Guide. Meanwhile, SAMA, through the BCL and Consumer Protection Principles, protects depositors and banking clients by ensuring that only well-capitalised supervised banks can operate and by mandating fair treatment, transparency and redress. Collectively, these frameworks reflect the Kingdom’s commitment to fostering trust, stability and confidence in its financial system to attract investors, while increasing market liquidity by monitoring compliance and ensuring that CMIs and banks adhere to the applicable regulations and frameworks issued by the regulators.

Shadow banking in the Kingdom is addressed through regulatory frameworks for non-bank finance. The following discusses SAMA’s licensing and supervision of finance companies and BNPL providers and the CMA’s oversight of alternative financing models such as crowdfunding platforms and direct financing funds.

Shadow Banking in the Kingdom

Shadow banking generally refers to credit intermediation activities performed by entities and instruments outside the traditional banking system. In the Kingdom, SAMA and the CMA do not formally label such activities as “shadow banking”. Instead, they regulate non-banking financial institutions and alternative finance providers through specific licensing frameworks. The guiding principle is clear: any institution that wishes to collect deposits must apply for a full banking licence under the BCL, whereas companies that provide financing without deposit-taking do not require a full banking licence, such as those providing Buy Now Pay Later (BNPL), crowdfunding platforms, or direct financing funds. Such activities shall fall within the perimeter of non-banking finance, which generally can be seen as shadow banking.

SAMA and Non-Bank Finance Companies

Under the FCCL, SAMA supervises a wide array of finance companies that provide credit intermediation without being licensed banks. These entities are prohibited from taking deposits, but may carry out specialised financing such as real estate finance, leasing, consumer finance and microfinance.

SAMA has also explicitly designated BNPL providers as a subcategory of consumer finance. Companies such as Tabby, Tamara, MIS Pay and others have obtained permits to operate BNPL products in the Kingdom under SAMA’s oversight. These companies provide short-term instalment financing at the point of sale but, crucially, they do not take deposits from the public.

CMA and Alternative Financing Models

The CMA supervises several non-bank financing channels that intersect with capital markets, including crowdfunding platforms and direct financing funds. Crowdfunding platforms licensed through the CMA’s FinTech Lab’s experimental permit connect investors directly with SMEs and projects and are subject to disclosure, governance and investor protection requirements before they can graduate to full CMI licensing. In parallel, direct financing funds regulated under the Investment Fund Regulation allow capital to be channelled into lending activities such as corporate loans, receivables financing or project-specific credit. Together, these models provide regulated alternatives to traditional bank lending, while enabling institutional and qualified investors to access new asset classes.

The process of becoming authorised to carry out regulated financial services in the Kingdom of Saudi Arabia depends on the type of activity foreseen, and is overseen either by the CMA or by SAMA. Each regulator has established a detailed legal framework that defines who may enter the market, under what conditions, and their ongoing obligations.

CMA Licensing: Securities Business and Market Membership

Under the SBR, any person who wishes to conduct securities business in the Kingdom must obtain authorisation from the CMA. Article 2 of the SBR defines securities activities broadly as dealing, arranging, managing, advising and custody activities. However, Article 5 makes it clear that only authorised CMIs or exempt persons may engage in one or more of securities business licences.

The application process requires submission of information regarding the following:

• ownership;
• governance;
• internal systems and controls;
• financial resources; and
• proposed activities.

The CMA undertakes a thorough fit and proper assessment of controllers, directors and senior managers. Successful applicants are authorised as CMIs.

Submission of Business Plan and Required Documents Under CMIR

Companies intending to engage in trading activities must obtain membership of Tadawul, which oversees securities listing and trading. Similarly, institutions involved in custody and settlement must obtain membership of Edaa, which is responsible for securities registration and safekeeping, and of Muqassa, which provides central counterparty clearing services.

SAMA Licensing: Banks

In the banking sector, the authorisation framework is governed by the BCL. Article 2 of the Law prohibits any person, natural or juristic, from carrying on banking business unless licensed. Furthermore, Article 3 of the BCL requires applications for licences to be addressed to SAMA, which examines them and submits its recommendations to the Minister of Finance.

For national banks, the BCL stipulates that the bank must be incorporated as a Saudi joint stock company, with a minimum paid-up capital, reputable founders and directors, and articles of association approved by the Minster. For foreign banks, the establishment of a branch in the Kingdom is subject to conditions imposed by the Council of Ministers on the recommendation of the Minister of Finance and SAMA, with the licence formally issued by the Minister after the Council of Ministers’ approval. Once licensed, banks are subject to stringent prudential requirements, including:

• capital adequacy;
• reserve deposit with SAMA;
• liquidity buffers; and
• limits on lending concentrations.

Additionally, SAMA has specific instructions for Foreign Bank Branches (FBBs), where a foreign bank seeking to open a branch must satisfy SAMA that it can comply with Saudi Arabia’s practical requirements. While foreign branches are not always required to maintain capital in the Kingdom, SAMA has discretion to impose local capital or funding ratio requirements, particularly for branches engaged in high-risk or large retail operations. The instructions for FBBs also emphasise that the foreign parent bank must obtain written consent from its home supervisory authority to establish operations in the Kingdom before SAMA will consider the licence application.

SAMA Licensing: Finance Companies

Alongside banks, SAMA licenses non-bank finance companies under the FCCL. Article 4 prohibits any person from engaging in finance activities without a licence. Article 5 sets out the conditions for applying:

• founders must submit details of their organisational structures, operational systems and investment plans;
• the company must have sufficient capital as specified by SAMA; and
• both founders and executives must meet fit and proper standards.

Applications are then reviewed by SAMA, which must issue its decision within 60 days. If approved, the applicant proceeds to incorporate the company under the Companies Law and, after incorporation and registration, SAMA issues the licence for a renewable five-year term.

Licensed finance companies may be authorised for one or more specific activities listed in Article 10:

• real estate finance;
• production asset finance;
• SME finance;
• finance leasing;
• credit card finance;
• consumer finance;
• microfinance; and
• any other related activity approved by SAMA.

Unlike banks, finance companies are prohibited from taking deposits. This ensures that credit intermediation remains distinct from banking activities.

The process of becoming authorised in Saudi Arabia is therefore multi-tiered and designed to ensure that only competent, well-capitalised and well-governed institutions can access the financial system.

CMA Authorisation Process

Once the CMA confirms receipt of a completed application, Article 7 requires the Authority to reach a decision within 30 days. The CMA may approve, conditionally approve or reject the application, provided that it gives reasons for its decision. In practice, the overall process often takes longer than a month because the 30-day clock starts only after all the required documents have been provided. Applicants should therefore expect an extended preparatory stage in which the CMA requests clarifications, additional documents, or even modifications to governance and compliance systems.

If granted, the licence has a term of ten years and is automatically renewable provided that the institution continues to satisfy ongoing conditions such as prudential requirements, minimum capital thresholds and annual fee payments. The regulations also require that applicants pay “such fees as may be prescribed by the Authority” at the licensing application submission stage and annually thereafter. These fees are published by the CMA and vary depending on the scope of activities: higher fees apply to companies engaging in dealing or custody activities compared with those focusing solely on advising or arranging. The CMA is the legal regime that authorises application, renewal and amendment fees. However, the specific amounts depend on the type of institution or activity, and some (such as for CRAs) are explicitly set out in the CMA guidance.

SAMA: Banking Sector

While the BCL does not prescribe an exact statutory timeframe, the Implementation Rules indicate that SAMA may take up to 60 days to evaluate an application, particularly where prior approvals are required (such as loans to non-residents or participation in foreign facilities). In practice, banking licences require extensive due diligence, and the process often extends well beyond the formal minimum.

Banks are required to pay statutory fees and charges linked to their licensing and supervision requirements, including contributions to SAMA for supervisory inspections and compliance monitoring. Additionally, they must maintain a statutory deposit with SAMA of not less than 15% of their deposit liabilities, as provided in Article 7 of the BCL. This statutory deposit functions as both a safeguard and an indirect cost of authorisation.       

SAMA: Finance Companies

For non-bank lenders, the FCCL provides a more detailed timeframe. Article 5 explicitly states that SAMA must issue its decision to approve or reject an application within 60 days of receiving a completed file. Upon approval, the application is referred to the Ministry of Commerce for incorporation. Once incorporation is completed, SAMA issues a renewable five-year licence.

The FCCL stipulates that applicants must pay fees “for issuing, renewing and amending the licence” as determined by SAMA. These fees vary depending on the type of financing activity (eg, real estate finance, leasing and microfinance). In addition to the application fees, finance companies must also allocate a percentage of their deposits (if authorised to accept certain types of deposits) to SAMA and comply with ongoing supervisory levies.

SAMA’s Rulebook provides for specific licence fees in certain contexts:

• Article 12 of the SAMA Rulebook states that SAR5,000 is payable for the initial issuance of a licence, and SAR2,000 for licence renewal or amendment.
• Article 15 (Licence Fees) confirms that SAMA charges SAR5,000 for licence issuance and SAR2,000 for renewal or amendment.

For finance companies, the Implementing Regulation of the Finance Companies Control Law sets out detailed licensing fee amounts:

• Article 22 of that regulation specifies:
1. SAR200,000 for issuing a licence (to standard finance company);
2. SAR100,000 for licence renewal; and
3. SAR 50,000 for amendment.
• For microfinance licences, the fees are lower: SAR10,000 for issuance, renewal or amendment.

For non-bank finance companies, there is explicit legal justification for relatively substantial application and renewal fees.

In Summary

The timeframe for becoming authorised in Saudi Arabia varies by regulator and type of licence. SAMA finance company licence applications must be decided within 60 days, with a five-year renewable licence term and specified licensing and renewal fees. Banking licences involve additional layers of approval, including from the Minister of Finance and the Council of Ministers, and, although no strict statutory limit is imposed, the process is highly selective and may extend well beyond two months.

Senior individuals in the Kingdom’s financial institutions are regulated. The following discusses the CMA’s registration requirements for key functions under the CMIR, SAMA’s oversight of senior executives in banks under the BCL, and SAMA’s direct supervision of board members and managers in finance companies under the FCCL.

CMA: Registrable Functions Under the CMIR

The CMIR devotes an entire part (Part 4) to “Registered Persons”. It expressly defines the senior roles that require direct regulatory approval. Article 19 establishes the concept of registrable functions, which are functions within a CMI that may be performed only by a registered person. These functions include Chief Executive Officer, compliance officer, finance officer, risk management officer, as well as other key executives or managers whose decisions materially impact the conduct of securities business.

Article 20 provides that no person may perform a registrable function without being registered with the CMA. This requirement ensures that senior executives cannot assume or continue in office without the regulator’s approval. The process is further elaborated in Articles 21 and 22, which set out the requirements for registration. Each candidate must demonstrate appropriate qualifications, professional experience and integrity, and applications must be made in the format prescribed by the CMA and supported by evidence of competence.

The CMA also retains the power to reject or cancel a registration under Article 25 if the individual fails to maintain fit and proper standards, commits misconduct, or is otherwise deemed unsuitable. Article 24 emphasises the responsibilities of registered persons, requiring them to discharge their duties diligently, protect client interests, and uphold regulatory obligations. Thus, the CMA directly regulates senior individuals through a combination of mandatory registration, approval processes and ongoing fitness and propriety standards.

SAMA: Senior Executives in Banking Institutions

The BCL extends direct regulatory oversight to individuals managing licensed banks. Article 3 stipulates that the founders and members of the board of directors of any applicant bank must be of “good reputation” as a condition for obtaining a licence. This embeds the requirement for SAMA to vet the character and fitness of senior figures before authorising a bank to operate.

Further, the BCL regulates the ongoing conduct of senior figures by imposing conflict-of-interest restrictions. For example, Article 9 prohibits banks from granting unsecured loans or credit facilities beyond certain limits to members of their own board of directors, auditors or employees, with any contravention deemed to warrant a resignation by operation of law. This provision illustrates SAMA’s direct influence over the permissible activities of senior officers, in effect holding them personally accountable for compliance.

In practice, SAMA also requires that banks submit details of their senior management structure and any proposed changes for SAMA’s prior approval. The implementation rules reinforce this by mandating reporting lines and governance arrangements, and by ensuring that senior individuals can demonstrate relevant banking expertise and integrity.

SAMA: Senior Executives in Finance Companies

Under the FCCL, SAMA exercises a similar direct regulatory role in respect of senior individuals in non-bank financial institutions. Article 5 requires that persons nominated to perform monitoring and executive duties for finance companies satisfy stringent competence requirements, including demonstrating theoretical and practical knowledge of finance, a clean regulatory history, and integrity.

Article 16 explicitly disqualifies individuals from serving as board members if they are simultaneously directors of another finance company, have been dismissed for misconduct by another financial institution, declared bankrupt, or convicted of crimes compromising their integrity. Article 17 goes further by making board members, the general manager, senior executive directors and branch managers personally liable for any breaches of the law or regulations committed by their companies.

The FCCL therefore creates a direct line of responsibility between SAMA and the senior managers of finance companies. This applies both before they are appointed (by requiring them to be vetted) and during their time in the role, as they can be held liable for any violations that occur while they are in charge.

The Kingdom’s Financial Sector Development Program (FSDP, or the “Program”) (one of Vision 2030’s executive programmes) continues to frame the next wave of regulatory change by deepening capital markets, broadening access to finance, and accelerating digitalisation. At a high level, the Program’s stated role is to “create a diversified and effective financial sector” that stimulates savings, finance and investment, with 2024–25 priorities centred on:

• growing the listings;
• expanding the asset-management base;
• deepening the sukuk and debt market; and
• making the market more accessible to international investors and SMEs.

Capital Markets Under the FSDP

On the capital markets side, the CMA is preparing reforms designed to enhance liquidity and foreign participation. In particular, the CMA has published draft regulations for consultation that would allow non-resident foreign investors to directly invest in the Main Market (TASI), a major change from the existing qualified investor and swap routes. Alongside this, the CMA has proposed a new Offshore Securities Business Licence, which would establish a tailored regime for companies conducting offshore securities activities under CMA supervision. These measures, though not yet finalised, signal the regulator’s intent to simplify foreign access, diversify the financial services ecosystem, and align Tadawul more closely with the Kingdom’s global peers. Together, they complement the FSDP’s goals of increasing market depth, increasing foreign ownership of free-float shares, and encouraging micro and SME listings as a proportion of the total market.

SAMA’s Role Under the FSDP

On the banking side, SAMA is advancing reforms that balance financial stability with inclusion. A particularly significant step is SAMA’s approval of the Visitor ID (issued by the Ministry of Interior) as an acceptable identification document for opening bank accounts in the Kingdom. This initiative will allow visitors to Saudi Arabia, many of whom are in the Kingdom temporarily for tourism, work or religious purposes, to access banking services, including current accounts and payment solutions. Banks will be required to adapt their digital onboarding, AML/CFT controls, and KYC processes to incorporate this new type of ID, but the expected result is greater financial inclusion, enhanced convenience for visitors and expanded retail banking opportunities. The move also supports the broader Vision 2030 objective of improving the ease of doing business and enhancing the financial experience for residents and non-residents alike.

Outlook

Looking ahead, reforms in both the capital markets and banking sectors are expected to reinforce two outcomes. First, broader market access and new licensing regimes under the CMA will deepen liquidity and make the Saudi market more attractive to international institutional investors. Second, SAMA’s Visitor ID reform is set to expand customer reach, support the growth of digital payments, and facilitate tourism-related transactions.