Lending Compliance in Saudi Arabia and the UAE: What Lenders Need to Know

The GCC lending landscape is changing fast. Saudi Arabia and the UAE — the two largest financial markets in the region — have both introduced significant regulatory updates in recent years, and the pace of change shows no sign of slowing. For banks, fintechs, and licensed lenders operating in these markets, compliance is no longer a back-office concern. It's a growth lever.

Saudi Arabia: SAMA's Evolving Framework

The Saudi Central Bank (SAMA) has been progressively updating its regulatory framework to accommodate digital lending while maintaining consumer protection standards.

Key requirements for lenders operating under SAMA oversight include:

Total Debt Burden Ratio (TDBR): Consumer loans must not result in monthly debt obligations exceeding 33% of a borrower's net salary. For some categories of government employees, this ceiling differs. Systems need to calculate and enforce TDBR at origination.
Early settlement rights: Borrowers have the right to settle loans early. SAMA mandates how early settlement fees are calculated and caps them. Any loan management system must calculate settlement amounts accurately and in real time.
Disclosure requirements: Lenders must provide borrowers with an accurate APR, fee breakdown, and repayment schedule before disbursement. These disclosures need to be generated automatically and stored for audit purposes.
AML/KYC integration: SAMA requires enhanced due diligence for high-value transactions and politically exposed persons (PEPs). Automated KYC workflows with AML screening are no longer optional.

SAMA has also introduced a regulatory sandbox framework, allowing licensed fintechs to test new products under supervision. This has accelerated the entry of digital lenders — but it's also increased scrutiny on the infrastructure those lenders use.

UAE: CBUAE and the DIFC/ADGM Landscape

The Central Bank of the UAE (CBUAE) governs most lending activity across the seven emirates. However, lenders operating from the Dubai International Financial Centre (DIFC) or Abu Dhabi Global Market (ADGM) fall under separate regulatory regimes — the DFSA and FSRA respectively.

For CBUAE-regulated lenders:

Interest rate caps: The UAE has specific guidelines on maximum interest rates for personal loans. Variable-rate products require clear documentation of how rates can change.
Debt collection regulations: The CBUAE has issued detailed guidelines on acceptable collection practices, including prohibited contact hours, required communication formats, and how to handle distressed borrowers.
Credit bureau reporting: Lenders are required to report to Al Etihad Credit Bureau (AECB) and to check AECB scores during origination. This integration needs to be built into the loan origination workflow.

For DIFC and ADGM entities, the frameworks are modelled on international standards (primarily UK FCA principles), but with local adaptations. Lenders operating across both onshore and offshore frameworks need systems that can handle multiple regulatory configurations simultaneously.

What Compliance Looks Like in Practice

The gap between regulatory intent and operational reality is where most compliance failures happen. Common issues include:

Manual calculation errors: TDBR calculations done in spreadsheets are error-prone. A single data entry mistake can result in a loan being approved that shouldn't be — creating regulatory liability.
Audit trail gaps: Regulators in both markets can request transaction histories, customer communications, and approval records. If these aren't systematically captured, reconstructing them after the fact is expensive and unreliable.
Delayed reporting: Both SAMA and CBUAE require periodic regulatory reports. Lenders relying on manual data exports often miss deadlines or submit inaccurate data.

The lenders with the cleanest compliance records in the GCC are those that have built compliance logic into their core lending platform — not bolted it on as an afterthought.

The Role of Technology in GCC Compliance

A modern loan management system operating in Saudi Arabia or the UAE should:

Enforce TDBR and debt cap rules at origination — automatically blocking loans that would breach the threshold
Generate compliant disclosure documents — with accurate APR, fee schedules, and repayment tables, pre-formatted for regulatory requirements
Automate AML screening — screening applicants against international and local sanctions lists at application, disbursement, and periodically throughout the loan lifecycle
Produce audit-ready reports — on demand, covering every decision made on every loan
Integrate with credit bureaus — pulling scores automatically and logging the decision rationale

As regulators in both markets continue to raise the bar, the cost of non-compliance is increasing. A lending platform that treats compliance as a configuration, not a custom build, is becoming a prerequisite for operating at scale in the GCC.

Adlend is a loan management platform built for lenders in the GCC and across the broader Middle East and Africa region. If you're navigating compliance requirements in Saudi Arabia, the UAE, or any other market we cover, we'd be glad to walk you through how Adlend handles it.

Ready to modernize your lending operation?

See Adlend in action. Our team will walk you through the platform and show you exactly how it fits your use case.

Request a Demo →

← Back to Blog