.svg)
On November 17, 2024, the Saudi Central Bank (SAMA) published E-Wallet Rules as part of its reforms to the supervision of electronic money institutions (EMIs). The new rules include provisions and obligations related to the requirements for opening electronic wallets (e-wallets) and the verification of clients’ identities.
The new rules, which come as part of a broader push towards a cashless society in Saudi Arabia, are designed to establish the basic requirements for the opening, safeguarding and management of e-wallets. Companies providing e-wallets must adopt these rules to protect participants in the sector and enhance the sector's integrity and stability.
The rules include provisions and obligations related to the requirements for opening e-wallets, the verification of clients’ identities, and considerations for classifying and managing inactive wallets.
The Bigger Picture
The rules form one part of Vision 2030, a strategy from the Saudi Arabian government aimed at diversifying the country’s economy and reducing its dependence on oil. The strategy seeks to modernise the Saudi economy and push towards a “cashless society”, enhancing the quality of life for citizens, and positioning the country as a global hub for investment and innovation through digital transformation of the financial sector.
The new rules for e-wallets are designed to advance this objective and encourage greater uptake of digital payment systems in the Kingdom. A Capco survey, conducted in May 2024, stated six in ten (57 percent) respondents named digital wallets as a preferred payment method. These rules encourage the adoption of digital payment systems, which is a critical milestone under Vision 2030’s financial sector development programme.
The rules highlight the growing need for diligent client identity verification processes and robust management of dormant wallets to build consumer trust in digital financial services, while enhancing transparency and protecting users' interests. This is essential for Vision 2030’s objective of creating a secure and transparent financial landscape.
Why Should You Care?
The rules establish a range of new obligations for EMIs, including more stringent data protection requirements, heightened identity verification protocols and reinforced measures to promote transparency and safeguard consumers.
Article 4 of the rules requires regulated entities to review and classify e-wallets promptly, enforce user classification to prevent transactions beyond SAMA's financial limits and maintain detailed records of clients and transactions (for at least ten years from the end of the relationship with the consumer). All personal and financial data must be securely stored electronically in line with SAMA’s technical standards for accessibility and legal compliance. The compliance department must oversee all phases to ensure full adherence to these e-wallet rules.
Article 5 requires companies to ensure staff are trained to assess client risk levels, link each national ID (Iqama), commercial register or freelance certificate to only one e-wallet, and verify that the phone number registered matches the client’s identity through a trusted source. Companies must also follow SAMA’s controls to verify clients and prevent fraud, use automated systems for fraud detection and prevention with real-time capabilities and regularly evaluate anti-fraud strategies using key performance indicators to measure effectiveness. The compliance department must have quick access to client data and records, to ensure checks and balances are in place.
EMIs should pay attention to these new regulations for several reasons:
- Regulatory compliance: Adhering to SAMA's rules is mandatory for EMIs to legally operate within the Kingdom. Non-compliance can lead to penalties, which include fines, suspension or revocation of licences.
- Market competitiveness: Compliance with the new regulations enhances trust among consumers and business partners, potentially leading to increased market share and competitiveness.
- Risk management: Article 5 emphasises fraud prevention, highlights robust client verification procedures and automated fraud prevention controls. The regulations aim to mitigate risks such as fraud and money laundering. By adhering to these rules, EMIs can strengthen their internal controls and risk management frameworks.
- Promotion of innovation: By setting clear guidelines, the rules create a predictable regulatory environment that encourages EMIs to innovate within a defined framework.
Next Steps:
The rules apply to companies licensed by SAMA to provide e-wallet services in the Kingdom and will come into effect 90 days after publication, on February 15, 2025.
To adapt to the SAMA e-wallet rules effectively, EMIs should consider the following steps:
- Conduct a gap analysis: Review and update existing policies, procedures and systems to address the requirements for onboarding, recordkeeping and fraud prevention.
- Enhance governance measures: Implement automated fraud detection systems and periodic evaluations of anti-fraud measures, ensuring the effectiveness of preventive controls.
- Optimise recordkeeping: Implement secure, compliant systems to maintain records for at least ten years.
- Optimise reporting capabilities: Prepare to submit detailed annual reports on inactive wallets, including classifications and balances, as mandated by SAMA.
- Address dormant wallets: Develop and implement communication strategies to engage owners of inactive wallets, while adhering to financial liability reporting obligations, fostering transparency and compliance.
- Enhance training: Train staff on risk assessment, client verification and fraud prevention aligned to SAMA’s standard.
The introduction of SAMA’s e-wallet rules marks a pivotal shift in Saudi Arabia’s financial ecosystem, reinforcing the integrity, security and efficiency of digital payment systems. For EMIs, these rules represent not only regulatory obligations but also an opportunity to strengthen operational resilience, foster innovation and contribute to the Kingdom’s ambitious Vision 2030 objectives.
