As Saudi Arabia’s financial services sector embraces digital innovation, the need to safeguard sensitive information and digital services from cyber risk has become paramount. In this pursuit, the Saudi Arabian Monetary Authority (SAMA) has introduced a set of minimum verification controls in addition to the SAMA regulations.
The primary aim of these controls is to protect financial information and digital services from emerging cyber threats. They provide a set of guidelines and best practices that SAMA-regulated organizations must adhere to, ensuring the security of their operations and the safety of their customers.
For SAMA-regulated organizations, adhering to these controls is paramount, both from a business continuity management as well as compliance perspective.

Syed Sajjad, a Senior Manager at ECOVIS Al Sabti, a leading Saudi-based risk consultancy, outlines the contours of the minimum verification controls and what is expected from financial institutions.
These controls apply to member organizations that offer e-wallets, lending products, crowdfunding, or other fintech business models under SAMA’s supervision. Let’s break down these controls into simple language to understand their importance and relevance.
In addition to the above controls, lending companies must adhere to the following:
In an era of digital finance, safeguarding sensitive information and ensuring the security of financial services is crucial.
SAMA’s minimum verification controls provide a roadmap for financial organizations to navigate these challenges and protect their customers and operations effectively. By implementing these controls, member organizations can enhance their cybersecurity posture, build trust with their users, and enhance their brand reputation.

source