Quick summary
Saudi Arabia’s Council of Ministers approved amendments to its AML Law in April 2026, touching five articles and adding one new one. Key changes include immigration consequences for convicted non-Saudi nationals, expanded asset confiscation powers, a formalised national risk policy function under the Permanent Committee, and a recalibrated approach to NPO oversight. No grace period has been signaled. Firms should update governance documentation now rather than waiting for the implementing regulations that follow.
Introduction
On 17 April 2026, Saudi Arabia’s Council of Ministers approved amendments to the Kingdom’s Anti-Money Laundering Law — the statute issued under Royal Decree No. (M/20) in 1439H in the Islamic calendar (2017) that has anchored the country’s financial crime framework ever since. The changes mark a clear shift toward a more assertive, risk-based compliance posture, which includes stricter border controls for convicted individuals, broader confiscation and seizure powers, and heightened transparency expectations for both legal entities and financial institutions. The law itself isn’t being replaced, but its character is changing.
This analysis is aimed at compliance officers, MLROs, and financial crime leaders at financial institutions and corporates operating in or with exposure to Saudi Arabia and the wider Gulf Cooperation Council (GCC). The changes are modest in word count but meaningful in direction. Here’s what changed, what it means in practice, and what FIs and corporates should be doing about it now.
What Changed: The Royal Decree No. (M/20) Amendments Explained
The amendments touch five articles and add one new one.
- Articles 14, 15, 16, and 18 covering AML policies and procedures, suspicious transaction reporting, the tipping-off prohibition, and SAFIU requests no longer name non-profit organizations (NPOs) directly.
NPOs are no longer captured by the AML Law’s core obligation articles, but they still face AML duties under sector-specific charity, fundraising, and licensing rules. Oversight shifts, but it doesn’t disappear. - Article 28(1) has been amended to clarify the position of non-Saudi individuals convicted of money laundering, with the amendments flagging real immigration consequences (including deportation and restricted re-entry rights) for foreign nationals caught up in AML convictions.
- A new Article 49 assigns the Permanent Committee for Combating Money Laundering explicit responsibility for developing, coordinating, and periodically reviewing national risk-based AML policy, including the assessment of money laundering risk by country. The Governor of the Saudi Central Bank (SAMA) is authorized to issue the Committee’s internal governing regulations.
- Article 50 has been amended to clarify that the Implementing Regulations of the AML Law — and any future amendments to them — will be issued by the President of State Security, in agreement with the Minister of Finance, the Public Prosecutor, and the SAMA Governor. That’s a four-way sign-off structure for any future technical detail, which tells you where the real rule making power now sits.
Underneath the legal language, the broader direction reported alongside the amendments is unmistakable: tighter border controls for convicted individuals and an expanded confiscation and seizure regime, including exposure for unexplained assets disproportionate to lawful income where linked to criminal conduct.
What the Saudi AML Amendments Mean in Practice
This is less about adding new regulated activities and more about recalibrating who bears direct statutory weight and how aggressively the state can act once a conviction is secured.
- Sharper individual accountability. Non-Saudi individuals convicted of money laundering face immigration consequences layered on top of criminal penalties – a meaningful escalation for any financial institution with cross-border customer or counterparty exposure
- Wider asset recovery reach. Unexplained wealth disproportionate to known income, where tied to criminal conduct, becomes exposed to confiscation – pushing source-of-wealth and source-of-funds analysis further up the risk agenda
- A formalised national risk policy function. The Permanent Committee’s new Article 49 mandate institutionalises country and sector risk assessment in a way that wasn’t explicit before, which should, over time, produce more authoritative high-risk-jurisdiction guidance for FI’s to calibrate against
- Recalibrated NPO oversight. The sector isn’t exempted from AML expectations, it’s redirected toward sector-specific regulatory channels rather than the AML Law’s core obligation articles.
Saudi AML 2026 Compliance Timeline: When Do the Changes Take Effect?
There is currently no published phased compliance timetable, grace period, or remediation window attached to these amendments. The changes took legal effect through publication of the Royal Decree, and regulated entities are expected to reflect the updated scope and structure of the law in their AML policies, procedures, and training materials going forward.
What that means practically:
- No grandfathering signaled. Unlike frameworks that build in multi-year transition periods, there’s no indication here of a remediation runway for existing customer files or legacy systems
- More detail is coming. The amendments explicitly point forward to further guidance from the Permanent Committee and to anticipated amendments to the Implementing Regulations.
- Practical first move: policy and training. Given the four-way sign-off structure now governing future Implementing Regulations, firms should expect the next layer of technical detail to take time and therefore should not wait for it before updating governance documentation to reflect the amended articles.
Technology and System Changes Required for Saudi AML Compliance Because the amendments are currently institutional and definitional rather than technical, the immediate build list is shorter than a full regulatory overhaul would demand, but it still touches core control infrastructure:
- Source-of-wealth/source-of-funds tooling. With unexplained-asset confiscation now explicit, enhanced due diligence workflows need stronger capability to flag and document income-asset disproportion, particularly for high-net-worth and PEP-adjacent relationships
- Country and sector risk-rating refresh capability. As the Permanent Committee’s national risk assessments mature under Article 49, institutions will need risk engines that can ingest updated high-risk-country designations without a full model rebuild each cycle
- NPO due diligence segmentation. With NPOs partially repositioned outside core AML Law articles, customer risk models may need to distinguish more clearly between AML Law-driven NPO due diligence and sector/charity-regulation-driven due diligence, to avoid gaps or duplication
- Cross-border customer monitoring for non-Saudi nationals. Given the immigration-consequence linkage in Article 28(1), case management & investigation systems should be able to flag non-Saudi customers under active AML proceedings, since the downstream consequences now extend beyond the institutions’ relationship itself
- Policy and training version control. A clear audit trail showing AML policies and training materials were updated to reflect the amended articles, ready to evidence to SAMA or SAFIU on request.
Saudi Arabia and EU AMLA: A Parallel Worth Noting
It’s tempting to read this alongside the EU’s AMLA harmonization programme, where the AML Regulation is now being layered with Regulatory and Implementing Technical Standards and Guidelines through 2026 and beyond, and there is a genuine echo: both reflect a pattern of hardening enforcement and institutional mandate ahead of the granular technical detail, which arrives later through a separate rule making track. However, the resemblance stops there. AMLA is building new supranational supervisory infrastructure across 27 member states, while Saudi Arabia’s amendments tighten and clarify an existing single-jurisdiction law without creating any equivalent new layer of binding technical standards.
Saudi Arabia AML Law 2026: The Bottom Line for Financial Institutions
These amendments are a calibration, not a rebuild. The direction is consistent with where Saudi Arabia has been heading since joining FATF in 2019: more assertive enforcement, sharper individual accountability, and an increasingly formalised risk-based policy apparatus. Saudi Arabia’s 2018 FATF Mutual Evaluation, conducted ahead of its full membership, which identified deficiencies in beneficial ownership transparency and financial institution supervision, has been the engine driving successive rounds of AML reform, including these amendments. The technical detail that will determine real operational uplift (the updated Implementing Regulations, Permanent Committee risk guidance) hasn’t landed yet. The entities that move now to align governance and documentation, rather than waiting for that next layer, will be the ones with the shortest gap to close when it does.
SymphonyAI helps financial institutions operating across EMEA and the GCC build the AML controls, risk-rating infrastructure, and governance frameworks that regulators increasingly expect. Explore how Symphony Risk Intelligence supports financial crime compliance across jurisdictions.
Related resources:
UAE AML/CFT 2026: What financial institutions need to know
The UK’s New Fraud Strategy 2026-2029: What it means for financial crime and compliance
Webinar Replay: From Regulation to Action: Getting EU AMLA-ready
Agentic AI & Embedded Risk Intelligence – Leader’s Guide
FCA Insurance Financial Crime Review 2026: Six Findings Insurers Needs to Act On
Learn more about Symphony Risk Intelligence
Find out more about Symphony Risk Intelligence and Always-on Compliance, and how it can improve your approach to transaction monitoring, KYC/CDD, fraud, and screening.