Based on SAMA's commitment to improve cybersecurity practices within the financial institutions under its supervision, and referring to SAMA Circular No. 381000091275 dated 28/08/1438 H regarding the obligation of financial institutions to comply with the Cyber Security Framework and Maturity Level 3, SAMA emphasizes its dedication to enhance and support cybersecurity measures in the financial sector and the proper implementation of the regulatory framework by financial institutions.

Accordingly, we inform you that SAMA has extended the deadline for compliance with the requirements outlined in the Cyber Security Framework to no later than the end of the fourth quarter of 2019. SAMA also emphasizes the necessity of adhering to the requirements stated in the aforementioned circular, in addition to the following instructions:

First: Financial institution leaders must provide the necessary support to the Information Security Management and provide them with qualified national staff, technical tools, and appropriate training to effectively fulfill their roles.

Second: Quarterly reports must be submitted starting from the end of the second quarter of 2019 until the financial institution complies with SAMA's requirements.

Based on the above, SAMA reaffirms the importance of complying with the Cyber Security Framework according to the issued instructions and regulations, noting that SAMA will conduct field visits to verify compliance with these instructions.