A Complete Guide to Compliance Saudi Arabia
Compliance in Saudi Arabia operates at the intersection of an ambitious financial sector transformation and a regulatory architecture built explicitly to international FATF standards.
The Kingdom's Anti-Money Laundering Law, originally issued under Royal Decree in 2003 and substantially amended since, established a comprehensive legal framework that the IMF, FATF, and SAMA's own enforcement record confirm is now applied with genuine rigour.
The Saudi Arabian Financial Intelligence Unit operates under the Presidency of State Security, receiving and analysing suspicious transaction reports from across the regulated sector. SAMA, the CMA, and the Ministry of Commerce each supervise distinct segments of the compliance landscape, and a financial institution operating across banking and brokerage activities faces examination cycles, reporting obligations, and compliance documentation requirements from multiple regulators simultaneously.
This is a compliance environment of genuine consequence. Corporate liability under Saudi AML law is explicit — a legal entity can be fined and stripped of its operating licence independent of any individual prosecution, a structural feature that places direct commercial pressure on every regulated institution to maintain compliance functions of real substance rather than nominal presence.
For compliance professionals who develop genuine expertise in this multi-regulator environment — who understand the specific obligations that SAMA, the CMA, and SAFIU each impose, and who bring the Islamic finance literacy that Saudi Arabia's predominantly Sharia-compliant banking sector requires — the Kingdom offers one of the most professionally consequential and commercially rewarding compliance career markets in the Gulf.
The regulatory architecture governing Saudi compliance
Saudi financial services compliance operates within a framework defined by the Anti-Money Laundering Law, the Law on Combating Terrorism Crimes and Financing, their Implementing Regulations, and the supervisory authority of three primary regulators whose jurisdiction is determined by institution type and activity.
SAMA is the primary AML/CFT supervisor for banks, exchange houses, payment service providers, and insurance companies. Its authority derives directly from the Anti-Money Laundering Law and the Terrorism Financing Law, and it exercises that authority through binding circulars, the AML/CTF Guide that lays out regulatory expectations across governance, internal control, risk management, reporting, and customer due diligence, and an active programme of onsite examinations. SAMA's role is explicitly described as both preventive and corrective — setting compliance expectations through regulatory guidance while conducting audits and enforcing corrective actions where deficiencies arise.
This dual posture means that compliance professionals at SAMA-regulated institutions must build frameworks that are both technically compliant with prescribed rules and genuinely effective at preventing the financial crime risks that SAMA's examinations probe.
The Capital Market Authority holds equivalent authority over broker-dealers, investment funds, and licensed securities firms operating within the Saudi capital markets. The CMA's AML/CTF rules mirror SAMA's framework in structure but are calibrated to securities-sector risks — collective investment schemes, margin lending, and the digital asset offering platforms that Saudi Arabia's growing fintech sector is generating.
The CMA has signalled its intent to introduce stricter ultimate beneficial owner disclosure and verification obligations, and to give greater regulatory weight to advanced monitoring techniques including machine learning, anomaly detection, and real-time cross-asset pattern recognition — directly shaping the technology investment that compliance functions at CMA-regulated firms will need to make over the coming years.
The Saudi Arabian Financial Intelligence Unit — SAFIU — operates under the Presidency of State Security and is the body responsible for receiving, analysing, and disseminating financial intelligence regarding suspected money laundering and terrorism financing activity across all regulated sectors. Every reporting entity in the Kingdom — whether supervised by SAMA, the CMA, or the Ministry of Commerce for designated non-financial businesses and professions — files suspicious transaction reports through SAFIU, making it the central node of Saudi Arabia's financial intelligence architecture regardless of which regulator holds primary supervisory authority over the reporting institution.
This multi-regulator structure creates genuine practical complexity for institutions operating across multiple licensed activities. A bank with a licensed brokerage arm faces both SAMA and CMA examinations, with separate reporting obligations and separate compliance documentation requirements for each regulatory relationship. Compliance professionals who can manage this cross-regulator complexity — harmonising policies and controls across overlapping but distinct regulatory expectations — are among the most valuable practitioners in institutions with diversified financial services licences.
The Anti-Money Laundering Law and its practical obligations
The Anti-Money Laundering Law defines money laundering broadly to include the concealment, conversion, or transfer of any proceeds of a predicate crime, and expressly covers self-laundering — closing a gap that exists in some less comprehensive AML frameworks. Reporting entities are required to implement customer due diligence, conduct ongoing monitoring of customer relationships and transactions, file suspicious transaction reports with SAFIU, and maintain records for a minimum of ten years — a retention period that is longer than the five to seven years typically required in UK or Australian frameworks and that reflects the seriousness with which Saudi Arabia treats the evidentiary requirements of financial crime investigation.
Corporate liability under the law is explicit and significant. A legal entity found to have inadequate AML controls can be fined and stripped of its operating licence — a corporate-level sanction that operates independently of whether any individual employee is separately prosecuted. This structural feature elevates AML compliance from an individual professional responsibility to an existential institutional concern, and it explains why major Saudi financial institutions invest substantially in their compliance functions and treat AML compliance officer roles as among the most consequential positions in their organisational structure.
Saudi Arabia's compliance with FATF's forty recommendations has been a sustained national priority, reflecting the Kingdom's broader ambition to be recognised as a transparent, well-regulated, and internationally trusted financial centre — an ambition directly aligned with Vision 2030's goal of attracting international capital and establishing Riyadh as a genuine global financial hub. International cooperation with FATF, the Gulf Cooperation Council, and bilateral counterpart financial intelligence units is an explicit and ongoing dimension of Saudi Arabia's AML/CFT framework, and compliance professionals who understand this international dimension — how Saudi AML enforcement connects to the broader global financial crime prevention architecture — bring genuine value to institutions whose international banking relationships depend on confidence in Saudi Arabia's regulatory credibility.
The Islamic finance compliance dimension
Compliance in Saudi Arabia cannot be practised at a genuinely competent level without deep engagement with Islamic finance governance, because the majority of Saudi banking assets sit within institutions that are either fully Sharia-compliant or that offer Islamic banking windows alongside conventional products.
Sharia governance compliance requires regulated institutions to maintain Sharia supervisory boards — panels of qualified Islamic scholars who review and approve new products, transactions, and business practices for compliance with Islamic principles before they are implemented. Compliance professionals working at Islamic financial institutions must understand the Sharia governance process deeply enough to support it effectively — ensuring that new product development incorporates Sharia board review at the appropriate stage, that documentation accurately reflects approved structures, and that ongoing monitoring confirms that approved products continue to be administered in a manner consistent with the Sharia board's approval.
This dimension of compliance has no equivalent in conventional Western financial services compliance frameworks, and it represents one of the most genuinely distinctive professional competencies that Saudi compliance professionals develop. The combination of conventional AML/CFT and regulatory compliance expertise with genuine Sharia governance literacy is rare outside the Gulf and Southeast Asian Islamic finance centres, and professionals who develop it credibly are significantly differentiated in the Saudi compliance market.
The disciplines of Saudi compliance
AML and financial crime compliance is the highest-profile and most enforcement-intensive discipline in the Saudi compliance landscape, encompassing the design and operation of customer due diligence programmes, transaction monitoring systems, suspicious transaction reporting to SAFIU, and the staff training that the Anti-Money Laundering Law's implementing regulations require. AML compliance officers at major Saudi banks manage a function whose adequacy is directly tied to the institution's operating licence under the corporate liability provisions of the AML Law, creating genuine institutional priority for the quality of AML programme design and execution.
Regulatory compliance encompasses the interpretation and implementation of SAMA, CMA, and Insurance Authority requirements across the full range of a firm's licensed activities. The pace of regulatory development in Saudi Arabia — the Personal Data Protection Law's full enforcement from September 2024, SAMA's evolving Cybersecurity Framework, forthcoming Model Risk Management guidelines, the CMA's strategic plan for asset management sector development, and the ongoing FSDP regulatory reform programme — creates sustained demand for compliance professionals who can translate regulatory developments into institutional policy and procedure with speed and accuracy.
Sharia compliance, as described above, is a distinctive specialisation that sits at the intersection of conventional regulatory compliance and Islamic jurisprudence, requiring practitioners to support the governance processes through which Sharia supervisory boards review and approve the products and practices of Islamic financial institutions.
Capital markets compliance covers the specific obligations that apply to CMA-licensed firms — including the AML/CTF rules calibrated to securities sector risks, market conduct obligations, disclosure requirements, and the governance standards applicable to listed companies under the CMA's corporate governance regulations. With 188 CMIs licensed by the CMA as of February 2025, and the Kingdom's ambitious IPO pipeline generating continuous new public company formation, capital markets compliance professionals are managing a growing and increasingly complex regulatory environment.
Data protection and cybersecurity compliance has grown rapidly in importance following the Personal Data Protection Law's full enforcement from September 2024. The PDPL has significantly raised expectations around data governance, cross-border data transfers, and vendor oversight, and 2025 saw increased levels of enforcement and penalties as Saudi regulators signalled their intent to treat data privacy obligations with genuine seriousness. Compliance professionals who understand both the PDPL's specific requirements and SAMA's Cybersecurity Framework — which has itself generated over SAR 20 million in penalties across more than fifty violations in 2025 — are managing one of the fastest-growing compliance risk areas in the Saudi financial sector.
Types of employers
Saudi National Bank, Al Rajhi Bank, Riyad Bank, Banque Saudi Fransi, and the other major domestic banks maintain the largest compliance functions in the Kingdom, each managing the full scope of SAMA's AML/CFT, conduct, and prudential compliance requirements across institutions whose scale and systemic importance create correspondingly significant regulatory obligations. Al Rajhi Bank's compliance function carries the additional dimension of comprehensive Sharia governance oversight given its status as the world's largest fully Islamic bank.
CMA-licensed capital market institutions — including SNB Capital, Al Rajhi Capital, anb capital, and the 188 CMIs operating in the Saudi market — maintain compliance functions focused on securities-sector AML/CFT obligations, market conduct, and the governance standards that capital markets activity demands. The growth of this sector, reflected in anb capital's record SAR 556 million operating income in 2025, is creating sustained compliance hiring demand as licensed firms scale their operations.
International banks with Riyadh operations — HSBC, Citi, Deutsche Bank, JPMorgan, and their peers, alongside the Riyadh branches of international firms including UBS — maintain compliance functions aligned with their global frameworks while managing the specific obligations of operating under SAMA and CMA supervision. UBS Saudi Arabia's compliance function, for example, performs compliance risk assessment and implements compliance action plans specific to its Riyadh branch operations, reflecting the localised compliance infrastructure that international firms must build even while leveraging global compliance methodologies.
Fintech firms and payment service providers represent a rapidly growing compliance employer segment, driven by Saudi Arabia's explicit target of 525 fintech companies by 2030 and the corresponding expansion of SAMA's regulatory sandbox and licensing activity. These firms face the full scope of SAMA's Cybersecurity Framework, AML/CTF obligations, and PDPL compliance requirements, often with smaller compliance teams managing the same breadth of regulatory obligation as much larger established banks — creating demand for versatile compliance professionals capable of building comprehensive frameworks from a relatively early institutional stage.
PIF and its portfolio companies, alongside the major giga-project entities, employ compliance professionals managing anti-bribery and corruption, sanctions, and governance compliance across some of the most commercially significant and internationally connected entities in the Kingdom.
Salary and compensation
Compliance compensation in Saudi Arabia spans a considerable range reflecting the variation between junior operational roles and the senior compliance leadership positions that carry direct institutional accountability for AML/CFT programme adequacy.
Entry-level compliance officers in Saudi Arabia earn total compensation starting around SAR 79,000 to SAR 108,000 annually per GrabJobs and PayScale survey data, with the full amount retained due to zero personal income tax. Mid-career compliance professionals earn average total compensation of SAR 105,696 to SAR 185,237 depending on the specific role and survey source, with ERI's Riyadh-specific data confirming an average of SAR 185,237 for compliance officers in financial roles specifically — reflecting the premium that financial sector compliance commands over compliance roles in other industries, and the further premium that Riyadh's concentration of major financial institutions adds to compensation.
Senior compliance officers and compliance managers with specialist AML/CFT expertise earn total compensation of SAR 270,000 to SAR 355,000 per PayScale data for compliance officers with regulatory compliance skills specifically, with the 90th percentile reaching SAR 270,000 in base salary alone before bonus. ERI SalaryExpert confirms average compliance officer compensation across all experience levels at SAR 280,275 to SAR 280,713 depending on role title, with experienced senior compliance positions reaching as high as SAR 1,215,504 at the most senior and specialised end of the market per GrabJobs survey data.
Chief Compliance Officers at major Saudi financial institutions earn average total compensation of SAR 467,746 per ERI SalaryExpert data — a figure that reflects the genuine institutional significance of the role given the corporate liability provisions of the Anti-Money Laundering Law and the direct personal accountability that CCOs carry for AML/CFT programme adequacy under SAMA and CMA supervision. The most senior compliance leaders at the largest and most systemically significant Saudi institutions command compensation well above this average, reflecting both the scarcity of practitioners who combine deep AML/CFT expertise with Islamic finance governance literacy and the institutional premium placed on compliance leadership credibility with SAMA and CMA supervisory teams.
The tax-free structure of Saudi compensation transforms the comparative value of these figures substantially. A Chief Compliance Officer earning SAR 470,000 in Riyadh — approximately USD 125,000 — retains the entirety of that compensation. The equivalent gross earnings required to achieve comparable net take-home in the United Kingdom, accounting for income tax and national insurance at this income level, would approach USD 210,000 to USD 220,000 — a difference that compounds substantially over a multi-year career in the Saudi market.
Career progression
Compliance careers in Saudi Arabia typically begin at analyst or junior officer level within a specific function — AML, regulatory compliance, or capital markets compliance — before broadening as regulatory knowledge and institutional credibility develop. The Saudization dynamic that shapes career development across Saudi financial services applies directly to compliance, with strong demand for well-qualified Saudi national compliance professionals creating genuine career acceleration opportunities, while senior and specialist roles requiring deep AML/CFT or Islamic finance governance expertise remain accessible to international professionals who bring expertise the domestic talent pipeline cannot yet fully supply.
From analyst, the path moves through compliance officer, senior compliance officer, manager, and director levels, with each stage reflecting deeper regulatory knowledge, growing direct engagement with SAMA and CMA supervisory teams, and increasing responsibility for the overall adequacy of the institution's compliance framework. The Chief Compliance Officer role represents the apex of the Saudi compliance career, carrying genuine personal and institutional accountability under the corporate liability provisions of Saudi AML law.
Professional credentials valued across the Saudi compliance profession include the Certified Anti-Money Laundering Specialist designation from ACAMS, which is widely recognised across the GCC compliance community and increasingly expected for AML-track roles at major institutions. The International Compliance Association's qualification framework provides broadly recognised compliance credentials. Our Core Regulatory Programme for Saudi Arabia provides the jurisdiction-specific regulatory foundation that compliance professionals operating across the SAMA, CMA, and SAFIU framework need to understand with genuine depth — from the Anti-Money Laundering Law's specific obligations and the corporate liability framework that makes compliance adequacy an institutional survival question, to the Islamic finance regulatory standards that apply across the Kingdom's predominantly Sharia-compliant banking sector. Our Investment Advisor Certificate and Financial Advisor Certificate are directly relevant to compliance professionals working in investment management, private banking, and financial advisory environments where the interaction between regulatory compliance and the licensed advisory activity being governed requires both regulatory knowledge and genuine understanding of the financial products and client relationships involved.
Compliance in Saudi Arabia is a profession whose importance is structurally embedded — not merely encouraged by regulatory guidance, but enforced through a legal framework that makes AML compliance adequacy a condition of an institution's continued right to operate. For compliance professionals who develop the multi-regulator fluency, the Islamic finance governance literacy, and the genuine financial crime expertise that this market demands, Saudi Arabia offers a career of real institutional consequence, strong and growing financial reward, and a professional position at the centre of a Kingdom's effort to build a financial sector worthy of the international trust its Vision 2030 ambitions require.