BridgewellTek - Enterprise Cloud Solutions Saudi Arabia
Free Assessment011-827-4139
Back to Case StudiesFintech / Banking

Fintech SAMA Compliance Migration

A Saudi digital payments company migrated to Oracle Cloud Jeddah to meet SAMA data residency requirements. This case study documents the architecture and approach.

Oracle Cloud
Jeddah Region
8 Weeks
Migration Duration
SAMA
Framework Scope
OCI
Primary Platform

Client Context

A Saudi digital payments company operating under SAMA regulation. The client requested anonymization due to competitive sensitivity, which is standard for financial services case studies.

Why anonymized: Financial services clients typically require confidentiality provisions. We can provide direct references upon request during vendor evaluation, subject to client approval.

The Challenge

  • Existing on-premises infrastructure reaching capacity limits
  • SAMA cybersecurity framework audit scheduled with known gaps
  • Data residency requirements mandating Saudi-based infrastructure
  • Need to reduce deployment cycles from weeks to days

Architecture Approach

Data Boundary Design

In-Kingdom (Oracle Cloud Jeddah): Customer PII, transaction records, KYC documents, audit logs - all SAMA-regulated data stays within Saudi borders.

Regional (Oracle Cloud Dubai): Disaster recovery replica with encrypted data, accessible only during declared DR events.

No cross-border: No regulated data leaves the Kingdom during normal operations. DR failover requires explicit authorization.

Our Solution

BridgewellTek designed and implemented a comprehensive cloud transformation strategy:

SAMA Gap Assessment

Conducted detailed analysis mapping current state against SAMA Cybersecurity Framework requirements

Oracle Cloud Jeddah Deployment

Deployed core banking workloads on Oracle Cloud's Jeddah region (me-jeddah-1), ensuring full Saudi data residency for all regulated financial data

Security-First Migration

Implemented zero-trust architecture, encryption at rest/transit, and IAM best practices meeting SAMA requirements

DevSecOps Pipeline

Built CI/CD pipelines with integrated security scanning, reducing deployment time from weeks to hours

24/7 Managed Services

Ongoing monitoring, incident response, and compliance reporting

Results

Cost Optimization

45% reduction in total infrastructure costs through right-sizing, reserved instances, and elimination of physical data center overhead.

Compliance Achievement

Passed SAMA cybersecurity audit with zero critical findings. Implemented continuous compliance monitoring and automated reporting.

Operational Excellence

Deployment frequency increased from monthly to daily. Mean time to recovery reduced from hours to minutes.

Scalability

Infrastructure now auto-scales to handle 10x traffic spikes during peak periods without performance degradation.

BridgewellTek Scope

We delivered:

  • - SAMA gap assessment and control mapping
  • - OCI landing zone design and deployment
  • - Migration execution and cutover support
  • - CI/CD pipeline implementation
  • - Ongoing managed operations (optional)

Client retained:

  • - SAMA compliance accountability
  • - Application code and business logic
  • - Internal security policies
  • - Vendor relationships with Oracle
  • - Audit liaison with SAMA

Technologies Used

Oracle CloudOCI KubernetesTerraformJenkinsVaultPrometheusGrafanaOCI MonitoringOCI Security Zones

Considering a Similar Project?

We can discuss your specific requirements and provide references from similar engagements upon request.

Contact Us