Saudi Arabia’s Insurance Regulator Has Changed
The Insurance Authority (IA) is the Kingdom’s unified, independent insurance regulator — operational since 23 November 2023, and now the sole supervisor of insurers, reinsurers, and insurance intermediaries in Saudi Arabia. Competencies that previously sat with the Saudi Central Bank (SAMA) and the Council of Health Insurance were consolidated into the IA, giving the sector one regulator, one supervisory relationship, and — progressively — one rulebook.
For compliance teams, that is not a paperwork detail. A new regulator means new supervisory expectations, new reporting relationships, new enforcement priorities, and a stream of new instructions as the IA builds out its own regulatory framework. Insurance Authority compliance is now its own discipline — and it is what we deliver.
What Applies to Insurers Right Now
During the transition, the regulatory framework the sector already operates under — the rules and instructions issued by SAMA and the Council of Health Insurance — remains in force until the IA issues superseding regulations. In practice, IA-supervised entities today must:
- Maintain existing obligations — the governance, cybersecurity, business continuity, outsourcing, anti-fraud, and market-conduct requirements the sector implemented under previous supervision continue to apply.
- Track IA issuances — the Authority is actively publishing new rules, licensing requirements, and instructions; each one can change your obligations.
- Prepare for a new supervisory style — a newly established regulator building its examination practice tends to look closely; evidence quality matters more, not less.
- Re-anchor accountability — board reporting, compliance registers, and regulatory correspondence all need to point at the right authority.
Our Insurance Authority Compliance Services
Regulatory gap assessment
A structured assessment of your current compliance posture against the obligations attached to your licence — covering governance, risk management, cybersecurity, business continuity, outsourcing, and conduct requirements — with a defensible scoring baseline and a prioritized roadmap.
Transition review
For entities that built their programs under SAMA supervision: a focused review of what carries over, what has changed, and what the IA’s own issuances have already superseded — so your compliance register reflects today’s obligations, not last year’s.
Implementation and remediation
Policies, procedures, and controls built alongside your teams — from board-level governance structures to technical cybersecurity and continuity controls — with evidence engineered from day one so every control can be demonstrated to a supervisor.
Audit and regulator readiness
Internal compliance audits, mock supervisory reviews, and support through IA inquiries, inspections, and information requests.
Continuous regulatory watch
Ongoing monitoring of Insurance Authority publications with impact analysis for your licence class — so new instructions land on a plan, not on a deadline.
Why This Matters Now
- Supervision is active — the IA is operational, staffed, and consolidating the sector’s regulation; early engagements with the new supervisor set the tone for years.
- The rulebook is moving — a sector-wide regulatory rebuild means obligations will keep changing; compliance programs need a tracking discipline, not a one-time project.
- Maturity carries over — evidence may not — frameworks implemented under prior supervision remain your foundation, but a new regulator will form its own view of what good evidence looks like.
- Market confidence — reinsurers, bancassurance partners, and enterprise clients increasingly ask where you stand with the IA.
Why Choose GRC360
- A decade and a half in regulated financial services — established in the UK in 2010, we have spent years auditing and implementing the governance, cybersecurity, and continuity frameworks the Saudi financial sector runs on.
- Deep fluency in the sector’s existing framework base — the obligations insurers carry today were built under the Kingdom’s financial-sector frameworks; we audit and implement these daily, which makes transition mapping fast and precise.
- Assessor’s discipline — as a PCI SSC Qualified Security Assessor, we build compliance evidence designed to survive independent scrutiny — the standard a new, attentive regulator deserves.
- One partner across regulators — insurers rarely answer to the IA alone; we cover the adjacent NCA, CST, PDPL, and PCI DSS obligations in the same engagement.
Frequently asked
Questions we hear about Insurance Authority (IA) Compliance
Who regulates insurance companies in Saudi Arabia now?+
The Insurance Authority (IA), which became operational on 23 November 2023 as the Kingdom's unified, independent insurance regulator. Supervisory competencies previously held by the Saudi Central Bank (SAMA) and the Council of Health Insurance were transferred to the IA, which is now the sole regulator of insurers, reinsurers, and insurance intermediaries.
What compliance obligations do IA-supervised insurers have today?+
During the regulatory transition, the rules and instructions previously issued by SAMA and the Council of Health Insurance for the insurance sector remain in force until the Insurance Authority issues superseding regulations. That means insurers must maintain their existing regulatory compliance programs — including cybersecurity, business continuity, and governance obligations — while tracking every new IA issuance.
What does an Insurance Authority compliance engagement with GRC360 cover?+
A gap assessment of your current compliance posture against the obligations that apply to your licence, a prioritized remediation roadmap, implementation support for governance, cybersecurity, business continuity and outsourcing controls, evidence preparation, and support through regulator reviews and inquiries.
We were SAMA-compliant before the transfer — are we covered?+
Your existing framework maturity is a strong foundation, and much of it continues to apply. But supervision has changed hands, the IA is actively issuing new instructions, and evidence that satisfied one supervisor may need restructuring for another. A transition-focused review confirms where you stand and what to monitor.
Do you work with brokers and intermediaries as well as insurers?+
Yes. The IA supervises the full insurance ecosystem — insurers, reinsurers, brokers, agents, and other intermediaries — and our engagements are scoped to the obligations attached to each licence class.
