All countries
Saudi Arabia

Saudi Arabia

Largely Compliant Effectiveness: Moderate Assessed 2024 by FATF

21

Regulations covered

273

Rules extracted

1,615

Obligations scored

Largely Compliant

FATF rating

Country overview

Key facts

Capital Riyadh
Population 36.9M
GDP (USD) $1.1T
Currency Saudi Riyal (SAR)
Region Middle East
CPI Score 52/100

FATF assessment

Assessment body FATF
Assessment year 2024
Overall compliance Largely Compliant
Overall effectiveness Moderate
FATF profile View source →

AuditDSS regulation coverage

We cover 21 Saudi Arabia regulations with 273 rules and 1,615 obligations scored

Banking & Financial Services

🇸🇦 regulation

CMA ESG

Requires listed companies in Saudi Arabia to disclose environmental, social, and governance information.

23 rules 120 obligations SA-CMA
🇸🇦 regulation

CMA Governance Regs

Saudi Capital Market Authority rules on board composition, shareholder rights, disclosure, and internal controls for listed companies. Applies to companies listed on the Saudi Exchange (Tadawul).

10 rules 43 obligations SA-CMA
🇸🇦 regulation

Saudi Labor Law

Saudi employment law governing employment contracts, wages, working hours, leave entitlements, and termination procedures. Applies to employers and employees in the private sector in Saudi Arabia.

12 rules 52 obligations SA-MHRSD
🇸🇦 regulation

CCC-2:2024

NCA cybersecurity controls for cloud computing services covering cloud governance, identity management, and data protection. Applies to organisations using or providing cloud services in Saudi Arabia.

24 rules 175 obligations SA-NCA
🇸🇦 regulation

CSCC-1:2019

NCA cybersecurity controls for critical national infrastructure covering industrial control systems and operational technology security. Applies to operators of critical systems in Saudi Arabia.

21 rules 105 obligations SA-NCA
🇸🇦 regulation

DCC-1:2022

NCA cybersecurity controls for data governance, classification, protection, and privacy across the data lifecycle. Applies to national organisations handling sensitive data in Saudi Arabia.

10 rules 46 obligations SA-NCA
🇸🇦 regulation

NCA ECC-2:2024

NCA baseline cybersecurity controls covering governance, defence, resilience, and third-party security for national organisations. Applies to government and critical private sector entities in Saudi Arabia.

28 rules 108 obligations SA-NCA
🇸🇦 regulation

TCC-1:2021

NCA cybersecurity controls for remote work covering device security, secure connectivity, and data protection during telework. Applies to national organisations enabling remote work in Saudi Arabia.

16 rules 63 obligations SA-NCA
🇸🇦 regulation

SAMA AML/CTF Guide

SAMA anti-money laundering and counter-terrorism financing requirements covering customer due diligence, transaction monitoring, and suspicious activity reporting. Applies to financial institutions regulated by SAMA.

10 rules 42 obligations SA-SAMA
🇸🇦 regulation

SAMA Open Banking

SAMA framework for open banking covering API standards, data sharing consent, and third-party provider accreditation. Applies to banks and fintech companies operating in Saudi Arabia.

10 rules 46 obligations SA-SAMA
🇸🇦 regulation

ZATCA E-Invoicing

ZATCA e-invoicing regulations requiring electronic generation, validation, and integration of invoices through the FATOORA platform. Applies to VAT-registered taxpayers in Saudi Arabia.

7 rules 36 obligations SA-ZATCA
🇸🇦 framework

SAMA CSF

Establishes cybersecurity requirements for financial institutions supervised by the Saudi Arabian Monetary Authority, covering governance, risk management, access control, and incident response. Applies to banks, insurance companies, and finance companies operating in Saudi Arabia.

16 rules 64 obligations SAMA
🇸🇦 law

PDPL

Regulates the collection, processing, disclosure, and retention of personal data in Saudi Arabia, establishing data subject rights and controller obligations. Applies to organizations processing personal data of individuals within the Kingdom of Saudi Arabia.

10 rules 135 obligations SDAIA

Score your Saudi Arabia compliance

Run probabilistic risk scores across 1,615 Saudi Arabia obligations. See exactly where your gaps are.

Get started