The Saudi Central Bank (SAMA) has issued an official mandate prohibiting financial institutions and banks within the Kingdom from utilizing instant messaging platforms, such as WhatsApp, as a channel for customer engagement.

Under the new regulatory directives, banks are required to restrict user communications to secure, proprietary alternatives integrated directly into the organizations' infrastructure. These include Live Chat or ChatBot services within mobile banking applications or official websites, contingent upon strict compliance with personal data protection standards. The SAMA directive further instructs banks to conduct mandatory training on these new communication protocols across all departments, branch personnel, and customer support teams.

The primary objective of this measure is to bolster the protection of sensitive customer data and to combat the rising incidence of financial fraud and phishing, where third-party messaging apps frequently serve as the primary vector for cybercriminals.

Complementing the directive, the Media and Awareness Committee at Saudi Banks has also highlighted this issue. Threat actors are continuously evolving their social engineering tactics, impersonating legitimate entities and charitable organizations to demand "processing fees" or trick victims into clicking phishing links. The Committee emphasized that official institutions never utilize social media or messaging apps to communicate with recipients of payouts or donations.

Such regulatory interventions underscore the critical importance of maintaining control over data transmission channels. Social media and public messaging platforms remain a significant source of confidential data leaks. Given the high risk of exposure, migrating customer service to closed-loop banking environments is a necessary step in ensuring corporate cybersecurity, particularly within the financial sector.

While migrating customer communications from public platforms to closed, integrated systems–such as proprietary banking apps and live chat portals–closes a significant external loophole, it does not eliminate all internal risks.

Secure communication tools are a baseline requirement. However, it’s also of crucial importance to ensure security of data transmission operations within popular data transmission channels and prevent leaks. This is where DLP (Data Loss Prevention) class systems become essential. The DLP system takes under protection data transfer channels and prevents potentially dangerous and illicit data transmission operations. A Next-Gen DLP system like Risk Monitor ensures that even within these protected digital ecosystems, sensitive customer information remains shielded from unauthorized access, accidental exposure, or malicious exfiltration. Learn more about the capabilities of the SearchInform Risk Monitor, Next-Gen DLP system.