Playbook · Saudi Arabia · Financial services

AI governance for Saudi banks & financial services:
a supervisor-ready roadmap

SAMA supervision, SDAIA's AI ethics and Responsible AI direction, and the PDPL now define how Saudi financial institutions build, deploy and prove their AI — and enterprise buyers ask for the evidence in every security review. Here is the 5-phase roadmap regulators and buyers inspect, and the runtime gap your existing stack cannot close.

SAMA SDAIA AI ethics & Responsible AI PDPL · NCA ISO 42001 · NIST · OWASP
The mandate

What Saudi regulators and buyers now expect

National AI direction plus financial-sector supervision. Three bodies of expectation set the bar for any Saudi financial firm building or deploying AI.

SAMA

Saudi Central Bank · supervisory

IT governance, cyber-security and model-risk frameworks for supervised institutions that extend to AI — the primary financial-sector lens on how you deploy and control it.

SDAIA + PDPL

Enforceable · data & AI ethics

SDAIA AI Ethics Principles (2023), GenAI guidelines and a draft Responsible AI policy with risk tiers; the PDPL for personal data (fines up to SAR 5M).

Global baselines + NCA

Procurement · cybersecurity

NCA cybersecurity controls, plus ISO/IEC 42001 and the NIST AI RMF that buyers ask for — and the EU AI Act where you serve the EU.

Overlays that may apply: sector rules from SAMA and, for capital markets, the CMA · SFDA for health-linked use cases · OWASP LLM Top 10 & MITRE ATLAS for AI security.
The through-line

What every Saudi expectation converges on

Accountability sits with the institution, not the model
Risk-tiered controls proportionate to use
Human oversight & ethical, transparent AI
Documented evidence, not assertions
The roadmap

Five phases regulators & buyers will inspect

A supervisor-ready sequence that maps to SAMA expectations, the SDAIA principles and risk tiers, and the PDPL.

PHASE 0
Govern
Own the risk before AI ships
AI policy & board oversight · AI inventory & SDAIA risk tiering · PDPL mapping · roles
PHASE 1
Build & Test
Prove it's safe before it ships
Red-teaming · OWASP LLM Top 10 & MITRE ATLAS · bias & safety testing · ethics review
PHASE 2
Deploy & Enforce
Control what the AI can access & do
Access control & agent guardrails · human oversight · shadow-AI & PDPL data controls · NCA controls
PHASE 3
Monitor & Respond
See it, contain it, report it
Monitoring & logging · drift & output checks · incident response · third-party oversight
CONTINUOUS
Assure & Disclose
Answer regulators, buyers & the board
Audit-ready evidence · ISO 42001 alignment · transparency disclosures · security-questionnaire responses
The readiness gap

Why this is urgent, not theoretical

Adoption has outpaced control — and that gap is the exposure.

88%
had a confirmed or suspected AI-agent security incident this year
80%
report moderate-to-pervasive shadow AI
18%
have a formal AI security policy
21%
have mature governance for AI agents
Sources: Gravitee (survey of 919 organizations), ISACA & industry surveys, 2026.
The blind spot

The gap your existing stack cannot close

Your IAM/PAM, WAF and API gateways, DLP/CASB, SIEM and EDR are built for deterministic software. None can catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy — the dominant 2026 failure mode (prompt injection, the "lethal trifecta", agentic data exfiltration).
IAM / PAM
identity authenticated, in scope
waved through
WAF / API gateway
request well-formed
waved through
DLP / CASB
sanctioned tool & channel
waved through
SIEM / EDR
no known-bad signature
waved through
Every layer says "yes." None can see the AI's intent vs your policy.
Where Trampolyne fits

Make your AI stay within intended bounds — and prove it

From pre-deployment testing, through runtime, to audit-ready evidence. Trampolyne supplies the technical controls and evidence that make each phase credible — the policies, documentation and processes stay yours.

Product Govern Build & Test Deploy & Enforce Monitor & Respond Assure
AI Red-Teaming
Shadow AI Detection & Runtime Control
Enterprise AI Security & Runtime Control
AI Compliance Assistant
core control & evidence Trampolyne provides  ·  supporting input.

AI Red-TeamingAWS Marketplace

Continuous adversarial testing on a scheduled cadence and on every material change. 27+ attack classes, working exploits + fixes, mapped to OWASP LLM Top 10 & MITRE ATLAS — the validation and buyer evidence your security reviews ask for.

OWASP LLM Top 10MITRE ATLASNIST MAP + MEASUREEthics-review input

Enterprise AI Security & Runtime Control

Sits inline and evaluates every request before the model or agent acts — RBAC/ABAC/PBAC/NGAC enforcement in milliseconds. A deterministic guardrail over a non-deterministic model. No model rewrites.

Human oversightNCA controlsISO 42001 controls

Shadow AI Detection & Runtime Control

Sits between employees and every public AI tool. Classifies data by type, provenance and role, blocks sensitive data before it leaves, and logs every interaction — without killing productivity.

Data leakage to public AISaudi PDPLISO 42001 data controls

AI Compliance Assistant

Turns enforcement, red-team and runtime evidence into review-ready answers — a continuous, per-decision audit trail for SAMA supervision, your board and enterprise-buyer security questionnaires.

ISO 42001 audit evidenceSDAIA transparency evidenceBoard reporting
FAQ

AI governance questions we hear from Saudi financial firms

Which rules govern AI for financial firms in Saudi Arabia?
Several layers apply. SAMA sets IT governance, cyber-security and model-risk expectations for supervised institutions that extend to AI. SDAIA issues national AI direction: the AI Ethics Principles (2023), generative-AI guidelines, and a draft Responsible AI policy with risk tiers. The PDPL governs personal data (fines up to SAR 5M), and the NCA sets cybersecurity controls. ISO/IEC 42001 and the NIST AI RMF increasingly appear in vendor reviews.
What are the SDAIA AI Ethics Principles?
SDAIA's AI Ethics Principles (2023) set national expectations around fairness, accountability, transparency, privacy, safety and human oversight. SDAIA has since issued generative-AI guidelines and a draft Responsible AI policy that classifies AI into risk tiers, with heavier obligations for higher-risk uses. Institutions should map use cases to these tiers and evidence the corresponding controls.
Does the Saudi PDPL apply to AI systems?
Yes. The PDPL governs the processing of personal data — including data flowing into and out of AI systems — with requirements around lawful basis, transparency, data-subject rights and cross-border transfer, and fines up to SAR 5 million. Runtime controls that classify and block sensitive data before it reaches a public model reduce this exposure directly.
Can our existing security stack secure AI agents?
No. IAM, DLP, WAF and SIEM are built for deterministic software. They cannot catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy — the dominant 2026 failure mode. SAMA, SDAIA and NCA expectations point directly at closing this runtime gap.
More playbooks

Governance playbooks for other markets

Same 5-phase structure, tuned to each market’s regulators and buyers.

See where your Saudi AI program stands

Take the 2-page roadmap to your board, regulators and buyers — then pressure-test your position in a 20-minute call.

Positioning collateral, not legal advice. Trampolyne AI helps you align with regulatory and supervisory expectations; it does not issue certifications.