Compliance Guide

CMA — Capital Market Authority Cybersecurity Regulations

Cybersecurity and governance requirements for Saudi capital market entities. Mandatory for listed companies, authorized persons, and market infrastructure.

What are CMA regulations?

The Capital Market Authority (CMA) of Saudi Arabia enforces cybersecurity and corporate governance requirements for entities operating in the Saudi capital markets. These regulations complement NCA ECC-2 and SAMA CSF with sector-specific requirements for market participants, focusing on protecting market integrity, investor data, and trading system continuity.

Tadawul
Capital Markets
Listed
Companies
Governance
Focus
Annual
Audit

Who must comply?

  • Companies listed on Tadawul (Saudi Exchange)
  • Authorized Persons (brokers, investment managers)
  • Fund managers
  • Market infrastructure operators
  • Securities intermediaries

Key CMA requirements

Corporate governance

Board oversight of cybersecurity risk, risk committee responsibilities, executive accountability. Annual cybersecurity governance reporting to the board.

Information security

Protection of market-sensitive information, insider trading prevention, data classification for material non-public information.

Business continuity

Trading continuity requirements, disaster recovery for market-critical systems, regular BCP testing and documentation.

Reporting & disclosure

Incident disclosure obligations to CMA, annual cybersecurity assessment reporting, board-level risk dashboards.

How CYDER automates CMA compliance

Board-level reporting

Auto-generate executive cybersecurity reports for board risk committees. Arabic and English formats aligned with CMA disclosure requirements.

Cross-framework compliance

CMA requirements mapped alongside NCA ECC-2 and SAMA CSF. Eliminate duplicate controls and streamline evidence collection.

Continuous monitoring

Real-time security posture monitoring. Alert on compliance drift before it becomes an audit finding.

Request a compliance demo

Book a demo →