Innovation in Saudi Arabia’s Capital Markets: CMA issues FinTech experimental permit instructions
Consistent with the technology and innovation aspect underpinning much of Vision 2030, Saudi Arabia’s Capital Market Authority has issued its Financial Technology Experimental Permit Instructions (Board Resolution Number 1-4-2018 of 23/4/1439H – 10 January 2018) (‘Instructions’). In this article, we outline some key considerations arising in the Instructions.
Essentially a regulatory framework for the adoption of innovative technology in the Saudi capital markets, the Instructions are intended to enable applicants to develop securities-related FinTech products, services and business models, and to test and deploy them within specified parameters and timeframes.
The Instructions seek to promote innovation in an environment where the consequences of failure can be contained. A “FinTech ExPermit” does not provide a mechanism for avoiding local laws and regulations. The Instructions make clear that applicants must be familiar with the Capital Market Law (Royal Decree No M/30 dated 2/6/1424H – 16 June 2003).
The Instructions set out a number of parameters that would generally disqualify a proposed solution from eligibility for a FinTech ExPermit. Besides circumstances where the solution does not relate to securities/capital markets, the Instructions also make clear that solutions that are similar to those already available in Saudi Arabia will not be eligible unless the applicant can show that a different technology is used, or that the same technology is used differently. A FinTech ExPermit is not to be used as a new channel for expanding the market of an existing FinTech solution.
An applicant that considers a FinTech ExPermit to be the most appropriate framework for testing a Fintech solution can apply for a permit, and the Capital Market Authority (‘CMA’) will make a decision as to whether or not to accept or reject the application. Amongst other criteria, the CMA needs to be satisfied that the applicant has adequate resources, will establish a local commercial presence, and will ultimately roll-out the FinTech solution in the Kingdom. There is also a focus on the applicant being fit and proper.
Applicants do not need to be ‘authorised persons’ pursuant to the Capital Markets Law. If an authorised person’s existing CMA licence permits the contemplated activity, and the proposed FinTech solution otherwise complies with relevant regulatory requirements, the authorised person does not need to apply for a FinTech ExPermit (if its existing licence does not cover the contemplated activity, then it would need to apply to the CMA to have the scope of its licence extended).
Generally speaking, to be considered for a FinTech ExPermit licence, a FinTech product needs to:
- involve a security activity within the scope of CMA’s authority;
- promote innovation, both in terms of business application and the technological method of deployment;
- have potential to enhance growth, efficiency or competition, improve compliance or risk management, or provide greater choice to customers; and
- be at a sufficiently advanced stage to allow a ‘live test’ of the product.
There is also a significant focus on customer-facing considerations, such as ensuring risks of conflicts of interest are managed appropriately, communicating in a way that is clear and not misleading, and ensuring client confidentiality. Compliance with anti-money laundering and terrorism financing rules is also a requirement.
The licence application requirements also contemplate suitable detail on matters such as relevant technical and business expertise, the identification of target clients, milestones and intended outcomes, and fair and proper exit strategies. The CMA has broad discretion to impose additional requirements to those specified in the Instructions.
A FinTech ExPermit is valid for two years from the CMA’s approval. In exceptional circumstances, the validity period may be extended upon application to the CMA, subject to the CMA being satisfied that suitable reasons exist to grant an extension.
“The Financial Technology Experimental Permit Instructions are intended to promote innovation in an environment where the consequences of failure can be contained.”
At the end of the FinTech ExPermit validity period, and subject to any CMA direction to the contrary, the applicant can either execute its exit strategy, or deploy the FinTech solution in the Saudi market. Deployment of the solution ‘in the wild’ would require both the applicant and the CMA to be satisfied that the solution has met the intended outcomes, and the applicant has a suitable strategy in place for its roll-out. The applicant also needs to be able to comply with the Capital Markets Law and any other applicable regulatory requirements.
The Instructions contemplate a variety of scenarios in which the CMA may withdraw a FinTech ExPermit. These include:
- an irreparable flaw in the FinTech product that results in disproportionate risk versus benefit;
- failure to meet intended purpose (based on test scenarios, expected outcomes and schedule); and
- failure to comply with relevant legal and regulatory requirements.
Where the CMA withdraws a FinTech ExPermit, the applicant’s exit strategy needs to be implemented immediately.
Although it is still very early days, the Instructions show the CMA’s clear commitment to the increased adoption of innovative solutions in the capital market in Saud Arabia. This provides opportunities for both established players and newcomers. We note that the Saudi Arabian Monetary Authority, which is the regulator of commercial banks in the KSA, has also recently launched “FintechSaudi”, an initiative focused on supporting the FinTech ecosystem with a view to promoting the KSA as a FinTech hub and assisting the development of FinTech products. We expect to see continued investment in this sector, in line with the global financial services technology trend, and the move towards greater adoption of technology in the Kingdom.
Al Tamimi & Company’s Technology, Media and Telecommunications team and its Banking & Finance team work closely on technology matters in the financial services sector. For further information, please contact Nick O’Connell (firstname.lastname@example.org) or Rafiq Jaffer (email@example.com).