Resilience in the financial services industry has transcended beyond the technological capability to restore services after a disruption, evolving into a strict compliance requirement and a strategic imperative.
This shift requires institutions to adopt a holistic and proactive approach that integrates robust cybersecurity measures, comprehensive risk management frameworks, and continuous monitoring capabilities, according to a new report by cybersecurity firm Fortinet.
A primary driver of this urgency is the rise of AI-generated deepfakes. These sophisticated AI generation tools allow criminals to deceive victims by creating realistic synthetic video and audio. They have proliferated over the past years, with fraud operations based on deepfake technology increasing globally by a staggering 1,300% in 2024. This reflects the growing accessibility of these technologies and their use in executing high-impact social engineering schemes.
At the same time, governments worldwide are introducing new rules to address this rapidly changing environment, further burdening financial institutions with more compliance obligations that require significant investment in technology and personnel.
In the Middle East, the United Arab Emirates (UAE) issued in September 2025 an anti-financial crime upgrade, directly targeting evolving risks including crypto-related fraud, cross-border scams, and complex laundering schemes.
The upgrade introduces new offenses including the proliferation of financing, and expands the scope to include digital systems and virtual assets, aligning with Financial Action Task Force (FATF) standards and modern fraud typologies. It also imposes obligations on companies in scope, including implementing a risk-based anti-money laundering (AML) compliance program, conducting rigorous customer due diligence (CDD) and know-your-customer (KYC) processes, and establishing continuous transaction monitoring. Furthermore, entities must identify and maintain accurate Ultimate Beneficial Ownership (UBO) records and promptly report suspicious activities to authorities.
In Saudi Arabia, the Saudi Data and Artificial Intelligence Authority (SDAIA) released in April 2025 two significant draft documents that, together, signal a shift toward a more structured and expansive data protection framework.
These documents include proposed amendments to the Implementing Regulations of the Personal Data Protection Law, and a new set of Draft Controls Governing Commercial, Professional, and Non-Profit Activities Related to Personal Data Protection.
The amendments aim to clarify internal data processing obligations for businesses, while the newly introduce Controls focus on regulating external actors, such as consultants, training providers, and event organizers, who operate within the data protection sector.
Practical obligations for companies now include defining and documenting how and why personal data is processed, demonstrating ongoing compliance and accountability across the full data lifecycle, and involving any organization in the personal data ecosystem, not just those directly processing data.
Recommendations for organizations
While significant progress has already been made to address the evolving digital risk landscape, industry stakeholders anticipate further regulatory developments. According to a 2025 study of more than 550 operational technology (OT) professionals by Fortinet, 66% of organizations expect additional regulations in the next five years. Of these, 40% believe that new rules are likely to emerge in the next two to five years, while 26% anticipate new regulatory measures to impact them within a year.
To navigate this complex environment, the Fortinet report advises financial services companies to strengthen operational resilience by identifying the services that are most vulnerable to disruption. They should then determine how much disruption these services can tolerate before stability is threatened.
Institutions must also keep track of critical services. This requires persistent monitoring, along with robust mechanisms for measuring performance, incidents and response.
Proper integration of technologies is vital as well. For example, banks must ensure that new mobile apps and AI tools are well integrated with their existing legacy systems to ensure that interface failures don’t lead to service outages.
In addition, organizations must under the complex interconnections of today’s financial ecosystems, which now rely on open banking, tokenization, aggregations, and cloud application programming interfaces. This means that failures in one area can quickly cascade to others, making end-to-end security and resilience of system interfaces critical.
Addressing cloud adoption and AI integration
Financial services companies can also leverage AI to enhance cybersecurity and combat fraud. In Saudi Arabia, FOCAL is an AI-powered compliance and fraud prevention platform developed by Riyadh-based enterprise AI company Mozn. The platform is designed to detect financial crime, including money laundering and fraud, while integrating with existing banking systems.
FOCAL is used by a range of organizations, including traditional banks, digital banks, fintech firms, electronic money institutions (EMIs), payment companies, and other financial service providers. Malik Alyousef, co-founder of Mozn, notes that some large EMI clients have reported fraud reductions of up to 90% from using FOCAL.
In the Middle East, adoption of cloud computing is also soaring. The region’s cloud services market is projected to grow at a compound annual growth rate (CAGR) of 15%, rising from US$5.75 billion in 2023 to US$10.05 billion in 2027, according to a 2025 PwC report.
Cloud computing and AI are the most adopted emerging technologies among financial services companies globally. According to McKinsey Future of Cybersecurity 2023, cloud and edge computing lead applicability rankings, with 84% of respondents recognizing their relevance to their businesses. Among those respondents, six in ten reported that more than 25% of their workload now resides in the cloud.
Cloud computing is also the most mature emerging technology used across financial-services companies. Over 70% of companies have moved beyond the pilot phase, while 42% consider their capabilities fully adopted and in the maintenance stage.
Applied AI gets nearly as much attention, with 78% of respondents calling it relevant to their businesses. Unlike with cloud adoption, however, the maturity level of applied AI is still evolving. Most of use cases remain in the early stages of development, with 70% of the survey respondents reporting being in the pilot stage or earlier. Some use cases including financial-crime, financial-risk, and asset modeling are recording higher maturity levels.
Featured image: Edited by Fintech News UAE, based on image by BillionPhotos via Freepik
