How Open Banking Works in Saudi Arabia: An Operations Perspective

Q: How does open banking work in Saudi Arabia?

Open banking in Saudi Arabia, regulated by SAMA (Saudi Central Bank), allows licensed fintech platforms to connect to users' bank accounts with their consent via secure APIs. Users can view all their accounts in one place, initiate payments, and access investment products. Platforms like Malaa Technologies use open banking to provide integrated personal finance management and investment tools to Saudi users.

Q: What are the operational challenges of open banking in Saudi Arabia?

Key operational challenges include maintaining stable bank API integrations as Saudi banks implement open banking connectivity, ensuring transaction journal accuracy across multiple bank connections, managing consent workflows under SAMA's data sharing requirements, achieving Shariah compliance for investment products, and building real-time reconciliation systems that can handle the scale of multiple bank integrations simultaneously.

Q: What is the difference between open banking and traditional banking in Saudi Arabia?

Traditional banking in Saudi Arabia requires users to manage each bank account separately, with no unified view of their finances. Open banking allows licensed fintech platforms to securely connect all of a user's bank accounts in one place, with the user's consent. This enables services like unified financial dashboards, cross-bank investment products, and automated financial management — all regulated under SAMA's framework.

What open banking in Saudi Arabia actually is

Open banking in Saudi Arabia is a regulatory framework built by SAMA (the Saudi Central Bank) that allows licensed fintech platforms to securely connect to users' bank accounts — with the user's explicit consent — via standardised APIs. It lets people see all their accounts in one place, move money more easily, and access investment and financial management products that were previously impossible without visiting multiple banks.

This isn't a trend or a pilot programme anymore. In March 2026, SAMA issued its first formal open banking licences, transitioning the ecosystem from a regulatory sandbox into a fully-licensed, regulated industry. Saudi Arabia now has one of the most clearly defined open banking frameworks in the region — and the operational complexity behind it is significant.

I work at Malaa Technologies — Saudi Arabia's first open banking and investment platform. We were among the early platforms operating within SAMA's regulatory sandbox. This article is written from inside the operational engine of a live open banking platform in KSA.

2021

SAMA launched open banking sandbox

2026

First formal licences issued by SAMA

10M+

Saudis with smartphone banking access

How the technical infrastructure actually works

When a user connects their bank account to a platform like Malaa, it triggers a structured consent and data flow that has several moving parts — each of which needs to work flawlessly, every time.

User initiates connection

The user selects their bank in the fintech app and authorises the connection. They are redirected to their bank's authentication system — the bank, not the fintech, handles credential verification.

Consent is recorded

SAMA's framework requires explicit, scoped consent. The user specifies what data they're sharing (account information, transaction history) and for how long. This is logged, auditable, and revocable at any time.

Bank API returns data

The bank's open banking API — built to SAMA's technical standards — returns account balances, transaction history, and account metadata to the licensed fintech in a standardised format.

Operations layer processes the data

This is where the real work happens. The data must be validated, normalised, reconciled against internal records, and stored securely. Any discrepancy triggers an ops review process.

User sees a unified view

The user sees their connected accounts, balances, and transaction history in a single interface — and can take actions like investing, tracking spending, or setting savings goals.

The operational challenges nobody talks about

Most open banking coverage focuses on the consumer experience or the regulatory framework. The operational complexity that makes it work is rarely discussed. Here's what it actually involves from the inside:

Bank API stability

Saudi banks are at different stages of open banking API readiness. Some have mature, well-documented APIs. Others are still building. When a bank's API goes down, goes slow, or returns inconsistent data, it is the fintech's operations team that has to detect it, diagnose it, escalate it, and manage the user impact — all while the bank resolves its own issues on their own timeline.

At Malaa, maintaining clear SLAs and escalation paths with each bank integration is a core operational responsibility. Real-time monitoring, alerting, and fallback processes are not optional — they are the difference between a user trusting your platform and losing them.

Transaction journal accuracy

Every transaction that flows through an open banking platform must be reconciled. Withdrawals, deposits, investment executions, interest credits — each one must match across your internal ledger, the bank API data, and any investment platform records. Discrepancies are not just a compliance risk; they erode user trust instantly.

I spend significant time working with product and data teams to validate transaction journal accuracy, building automated reconciliation checks, and designing processes for exception handling when things don't match.

Consent management at scale

SAMA's framework requires that user consents are properly scoped, stored, and honoured. When a user revokes consent, all related data flows must stop immediately and all stored data must be handled according to regulatory requirements. Building the operational process behind this — and auditing it regularly — is non-trivial.

Shariah compliance

Investment products offered through Saudi open banking platforms must comply with Islamic finance principles. This adds an additional operational layer — product governance, Shariah board approvals, and ongoing compliance monitoring. It's a real operational requirement, not a box-ticking exercise, and it requires deep coordination between operations, product, and compliance teams.

Two regulators, one ecosystem: SAMA and CMA

One of the most common misconceptions about Saudi Arabia's fintech landscape is treating SAMA and CMA as interchangeable. They are not — and understanding the distinction is essential for anyone building or operating in this space.

SAMA (Saudi Central Bank) regulates the open banking infrastructure — the rules for connecting to bank accounts, sharing financial data, initiating payments, and managing user consent. If a fintech wants to read your bank balance or move money from your account, that is SAMA territory.

CMA (Capital Market Authority) regulates investment products — ETF portfolios, fund management, securities trading, and wealth management products. If a platform wants to invest your money in assets, offer portfolio management, or manage funds, that requires CMA authorisation.

At Malaa Technologies, both regulators are relevant. The open banking layer — connecting users' Saudi bank accounts — operates under SAMA's framework. The investment products we offer to users — Shariah-compliant portfolios, goal-based investing — are regulated by the CMA. Operating compliantly across both simultaneously is one of the defining operational challenges of building a platform like Malaa.

Why this matters for Saudi Arabia's financial future

Saudi Arabia has one of the youngest, most mobile-first populations in the world — and historically, one of the most underserved in terms of investment access. The vast majority of Saudi savings sit in bank accounts earning minimal returns. Vision 2030 explicitly targets growing the percentage of Saudis who invest.

Open banking is the technical and regulatory infrastructure that makes this possible at scale. By connecting bank accounts to investment platforms, millions of Saudis can now invest in ETF portfolios, track their net worth in real time, and manage their money intelligently — from their phones, without visiting a bank branch.

The operational work required to make this seamless is enormous. It is unglamorous. It involves late nights debugging reconciliation errors, rebuilding bank integration flows after API changes, and navigating regulatory requirements that are still evolving. But it is the work that determines whether fintech in Saudi Arabia actually delivers on its promise.

Frequently asked questions

How does open banking work in Saudi Arabia?

Open banking in Saudi Arabia, regulated by SAMA, allows licensed fintech platforms to connect to users' bank accounts via secure APIs — with the user's consent. Users can view all their accounts in one place, initiate payments, and access investment products. SAMA issued its first formal open banking licences in March 2026, completing the transition from sandbox to licensed industry.

What is SAMA's role in Saudi Arabia's open banking framework?

SAMA (Saudi Central Bank) is the regulator and architect of Saudi Arabia's open banking framework. SAMA developed the Open Banking Policy and Technical Standards, ran a regulatory sandbox from 2021, and in March 2026 issued the first full open banking licences. SAMA sets rules for data sharing, security, consent management, and operational requirements for all open banking providers in KSA.

Which companies are licensed for open banking in Saudi Arabia?

SAMA issued its first open banking licences in March 2026. Lean Technologies became the first fully licensed open banking provider in Saudi Arabia. Malaa Technologies was among the early platforms operating within SAMA's regulatory sandbox. The ecosystem is growing rapidly as SAMA expands the framework beyond account information to include payment initiation services.

What are the main operational challenges of open banking in Saudi Arabia?

Key operational challenges include: maintaining stable bank API integrations as Saudi banks roll out open banking connectivity at different speeds; ensuring transaction journal accuracy across multiple bank connections; managing consent workflows under SAMA's data sharing requirements; achieving Shariah compliance for investment products; and building real-time reconciliation systems that handle multiple bank integrations simultaneously.

What is the difference between open banking and traditional banking in Saudi Arabia?

Traditional banking requires users to manage each bank account separately, with no unified financial view. Open banking allows licensed fintech platforms to securely connect all of a user's bank accounts in one place — with explicit consent. This enables unified financial dashboards, cross-bank investment products, and automated financial management. The open banking connectivity is regulated by SAMA (Saudi Central Bank); investment products built on top of it are regulated by the CMA (Capital Market Authority).

Working in fintech or open banking in KSA?

I'm always open to conversations about building and operating in Saudi Arabia's fintech ecosystem.

Send me an email → View my profile