Crypto Platforms And Fiat Rails In Saudi Arabia: Understanding The Regulatory Perimeter

Saudi Arabia continues to attract attention from global fintech and digital asset operators assessing cross-border expansion models. Yet, despite growing market interest, the Kingdom does not currently operate a standalone, comprehensive licensing regime for retail virtual asset service providers (VASPs). Virtual currencies are not recognised as official currency, and no parties are licensed domestically to conduct retail crypto intermediation.

The absence of a dedicated crypto licensing regime is sometimes misread as regulatory flexibility. In reality, it redirects the analysis to existing statutory perimeters – particularly payments and capital markets regulation.

No dedicated crypto licence - but no regulatory vacuum

Saudi regulators have publicly warned that virtual currencies are not approved as official currency in the Kingdom. Domestic financial institutions, including licensed banks and payment service providers, do not support onshore crypto exchange or payment functionality.

However, the regulatory landscape does not stop at crypto-specific classification. Instead, Saudi Arabia relies on existing statutory frameworks, most notably:

• The Law of Payments and Payment Services (LPPS) and its Implementing Regulations (under the supervision of the Saudi Central Bank (SAMA); and
• The Capital Market Law, where a tokenised instrument may fall within the securities perimeter.

The result is a framework in which crypto itself may not be licensed, but associated activities may still fall squarely within regulated territory.

The critical issue: fiat on- and off-ramps

For most crypto-related models, the key regulatory exposure lies not in token custody or execution, but in fiat payment functionality, including:

• Customer top-ups in SAR or foreign currency;
• Holding of fiat balances;
• Withdrawals;
• Payment aggregation or acquiring services;
• Cross-border remittance flows.

Under the LPPS, operating a payment system or providing regulated payment services in the Kingdom requires SAMA authorisation. The definition of "payment services" is function-based rather than technology-based. Structuring through a digital asset wrapper does not displace the underlying regulatory character of fiat transfer, safeguarding or execution. Importantly, the presence of a crypto leg does not de-regulate the fiat leg. Regulatory classification therefore turns on the functional characteristics of the fiat activity itself, irrespective of the surrounding digital asset architecture

In addition, Saudi payment regulations contain express extraterritorial hooks. Marketing, inducement, or "holding out" to users in the Kingdom may trigger regulatory scrutiny even where core functions are performed offshore.

Not a free zone

Certain offshore platforms remain technically accessible to Saudi users. However, accessibility should not be confused with authorisation.

In the absence of a dedicated VASP framework, some cross-border models appear to operate within a regulatory grey area - neither expressly licensed nor expressly approved. This grey-zone positioning remains subject to SAMA's supervisory discretion and evolving policy direction.

Of equal importance are AML/CFT considerations. Any KSA-facing fiat rails engage domestic anti-money laundering and sanctions compliance expectations. AML/CFT considerations introduce an additional layer of regulatory sensitivity that requires careful calibration.

What this means for market participants

For fintech and digital asset businesses evaluating Saudi exposure, the key questions are not merely structural — they are perimeter-driven:

• Does the model involve KSA-facing fiat payment functionality?
• How is the service positioned or marketed to users in the Kingdom?
• Could statutory "holding out" triggers be engaged?
• Is the compliance framework calibrated to heightened AML/CFT sensitivity?

These issues require model-specific and require careful regulatory analysis. The absence of a crypto licence does not eliminate risk — it shifts the analysis to perimeter interpretation and supervisory posture.

Saudi Arabia's approach to digital assets remains dynamic. Innovation pathways such as regulatory sandboxes exist, but a comprehensive retail crypto framework has yet to be published. Until clearer policy articulation emerges, cross-border models involving Saudi users should be approached with measured caution. Any future framework, when introduced, is likely to interact closely with existing payment and AML regimes rather than displace them.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.