Advances such as cloud technology, data analytics, artificial intelligence and robotic automation are improving profitability and competitiveness for companies. However, financial regulators need to invest in a broad range of expertise to understand this new digital revolution and regulate accordingly.

Regulations and the digital economy

Technology awareness in the Middle East is high. A recent report published by global management consultancy AT Kearney found that more than two-thirds of the GCC population use the internet with penetration in the UAE and Qatar exceeding 90 percent (including fixed and mobile).

Furthermore, as GCC countries attempt to diversify their economies away from an over-reliance on petroleum production, they are aware innovative technologies such as cloud computing will become increasingly important for business connectivity and performance.

This can be seen in Saudi Arabia's Vision 2030, which has plans to "improve the business environment by pursuing public-private partnerships, facilitating the flow of private investment, developing the necessary capabilities to increase the quality and reliability of services and review regulations."

Amid concerns over data sovereignty and national cloud strategies, safeguarding businesses and protecting against cybercrime are becoming top priorities among legislators. To add to the complexity, the level of regulatory support differs depending on the maturity of financial innovation in each country. 

However, GCC countries are making significant improvements in terms of technology infrastructure and the legal and regulatory environment surrounding it. 


In July 2016, Saudi Arabia's Communications and Information Technology Commission (CITC) issued a public consultation on the proposed regulation of cloud computing. The CITC is proposing a cloud infrastructure and services licence for cloud service providers with data centres in the Kingdom and those processing or storing sensitive user content.

Hosting data outside the Kingdom is still a sensitive issue. Kellie Blyth, senior associate at law firm Clyde & Co, points out that "confining data hosting to within the boundaries of the Kingdom will make it harder in terms of innovation and cloud security." However, she notes that the draft cloud law was offered for consultation to market participants, which is among a number of positive steps.

Practical steps

The UAE government, responding directly to cyber security concerns, recently launched the Security Industry Regulatory Authority (SIRA), a platform for decision makers to discuss the laws governing the security industry's framework. SIRA aims to safeguard businesses using both physical and cyber security.

In early January 2017, the Central Bank of UAE, the state institution responsible for managing the country's currency, monetary policy and banking regulation, published a new framework covering digital payments.

The UAE has also issued digital government initiatives such as Smart Dubai and Abu Dhabi, which facilitate collaboration among private sector and government partners.

Abu Dhabi Global Market, the international financial centre, set out proposals for a regulatory laboratory (RegLab) in May 2016. RegLab is a tailored framework that allows firms deploying innovative technology in the financial services sector to conduct their activities in a controlled and cost-effective environment.

In tandem with these initiatives comes increased cooperation with industry, as Tom Bicknell, senior associate at Clyde & Co, explains. "Our clients appreciate more engagement with regulators in a more consultative fashion; when new regulations land on our desk it would be beneficial to receive some guidance or information memorandums to aid the process."

The raft of new legislation proves that governments are committed to the process of digital transformation. Blyth notes that she would like to see increased and open dialogue between regulators and the private sector as well as longer consultation periods, adding, "both UAE and Saudi Arabia have made significant inroads towards a full digital economy."

Digital Safeguarding: Are Financial Regulators Doing Enough?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.