How Regional Compliance Regulations Affect Payment Gateway Choice in MENA
Your payment gateway was processing transactions fine on Tuesday. By Thursday, Visa and Mastercard transactions were declining at 40%. By Friday, the gateway suspended your account entirely.
This scenario happens more often than vendors admit. The cause, almost every time: the gateway was not properly licensed with the local central bank, and the card networks quietly stopped routing through it.
Compliance in the MENA region is not an afterthought. It directly determines whether your payments actually work — not theoretically, but in practice, transaction by transaction. This piece covers what the major MENA regulatory bodies actually require, how licensing gaps affect approval rates, and what to look for before signing with a gateway.
Why MENA Compliance Is Different From Anywhere Else
Most Western markets have centralised payment oversight. The EU has PSD2. The US has the CFPB. You deal with one framework.
MENA has eight separate central banks, each with its own licensing regime, data residency rules, and technical standards. A gateway that is fully compliant in the UAE may be operating in a grey area in Saudi Arabia, or completely unlicensed in Kuwait. The card networks (Visa, Mastercard) enforce this — they will not route transactions through processors that lack local central bank authorisation.
The result is that approval rates are not just a technical problem. They are a compliance problem.
Licensing Requirements by Country
| Country | Regulator | Payment Service Provider License | Key Requirement |
|---|---|---|---|
| UAE | Central Bank of UAE (CBUAE) | Required for all PSPs | UAE entity or sponsored by licensed bank |
| Saudi Arabia | Saudi Central Bank (SAMA) | Required | Saudi CR mandatory for local acquiring |
| Kuwait | Central Bank of Kuwait (CBK) | Required | KNET integration mandatory for local cards |
| Bahrain | Central Bank of Bahrain (CBB) | Required | FinTech Bay regulatory sandbox available |
| Qatar | Qatar Central Bank (QCB) | Required | QCB pre-approval for all payment services |
| Oman | Central Bank of Oman (CBO) | Required | OmanNet integration for local debit |
| Egypt | Central Bank of Egypt (CBE) | Required | Egyptian entity required for local acquiring |
| Jordan | Central Bank of Jordan (CBJ) | Required | JoPACC oversight for real-time payments |
These are not formalities. The CBUAE revoked licences for three payment service providers between 2023 and 2025 for non-compliance. SAMA actively audits cross-border payment flows monthly. Qatar's QCB requires physical presence review before granting any payment licence.
How Licensing Gaps Show Up in Your Data
If you have ever wondered why your approval rate drops specifically on certain card types or in certain countries, licensing is usually part of the answer.
Here is how it plays out technically:
Direct acquiring vs. indirect routing: A properly licensed gateway acquires transactions directly through local bank relationships. An unlicensed one routes through an international acquirer. Card networks flag this, and issuing banks — particularly in Saudi Arabia and Kuwait — reject transactions routed through unlicensed channels at much higher rates.
Mada specifically: Saudi Arabia's national debit network (Mada) only works through SAMA-licensed processors. There is no workaround. If your gateway is not SAMA-licensed and integrated with Mada, you simply cannot process Saudi debit cards. Full stop. This affects a significant portion of Saudi transactions since Mada accounts for roughly 65% of Saudi in-store payments and a growing share of online payments.
KNET in Kuwait: Same situation. KNET requires direct integration with a CBK-licensed entity. Gateways that route Kuwaiti transactions through international acquirers will fail on KNET transactions every time.
BENEFIT in Bahrain: CBB-licensed processors only. Non-licensed gateways attempting Bahraini card transactions face elevated decline rates from local banks, which are instructed not to route through non-compliant PSPs.
Which Gateways Are Licensed Where
| Gateway | UAE (CBUAE) | Saudi (SAMA) | Kuwait (CBK) | Bahrain (CBB) | Qatar (QCB) | Oman (CBO) | Egypt (CBE) |
|---|---|---|---|---|---|---|---|
| Checkout.com | Yes | Partial | No | No | No | No | No |
| Network International | Yes | No | No | No | No | No | No |
| PayTabs | Yes | Yes | Yes | Yes | Yes | No | Yes |
| Tap Payments | Yes | Yes | Yes | Yes | Yes | Yes | No |
| MyFatoorah | Yes | No | Yes | Yes | Yes | Yes | No |
| Telr | Yes | No | No | No | No | No | No |
| HyperPay | No | Yes | No | No | No | No | Yes |
| Moyasar | No | Yes | No | No | No | No | No |
| Paymob | No | No | No | No | No | No | Yes |
| Fawry | No | No | No | No | No | No | Yes |
| Stripe | Yes (UAE) | No | No | No | No | No | No |
Licensing status as of April 2026. Always verify directly with the gateway before going live.
The pattern here is clear: no single gateway is fully licensed across all MENA markets. If you sell across multiple countries, you either use a gateway with the broadest regional coverage (PayTabs and Tap Payments come closest) or you integrate multiple gateways per market — which is common but adds integration overhead.
Data Residency: The Hidden Compliance Layer
Licensing is visible. Data residency requirements are less obvious but increasingly enforced.
Saudi Arabia's Personal Data Protection Law (PDPL), which came into full effect in 2023, requires that personal data of Saudi residents be processed with specific controls. For payment processors, this means transaction data involving Saudi cardholders must meet defined handling standards. The practical effect: gateways that store Saudi transaction data exclusively on servers outside the Kingdom face legal exposure, and SAMA is increasingly asking for data handling attestations during licence renewals.
UAE's Federal Decree-Law No. 45 of 2021 has similar implications. The CBUAE's 2024 payment system guidelines added data localisation expectations for systemically important payment providers.
Egypt's CBE requires that payment data related to Egyptian transactions be processed through CBE-approved switches, which effectively means Egyptian data stays within Egyptian banking infrastructure.
When evaluating a gateway for multi-country MENA operations, ask specifically: where is our transaction data stored, and can you provide a data residency map per country?
VAT and E-Invoicing Integration
This is relatively new but rapidly becoming a compliance issue in its own right.
Saudi Arabia's ZATCA e-invoicing (Fatoorah) Phase 2 requires that all B2B transactions above certain thresholds generate a compliant e-invoice that is transmitted to ZATCA in near real-time. Your payment gateway needs to either generate this invoice or integrate with a certified e-invoicing system. Several payment gateways in the Saudi market now offer ZATCA-integrated invoicing — check whether your gateway does before assuming your invoicing workflow is compliant.
UAE's Federal Tax Authority has a separate e-invoicing mandate in development (expected phased rollout from 2026). The specific requirements are still being finalised, but the trajectory is clear: payment processors operating in the UAE will need to integrate with the FTA's invoicing infrastructure.
Practical Checklist Before You Sign
Before committing to a payment gateway for MENA operations, run through this:
1. Verify the licence, not just the claim Ask for the actual licence number from the relevant central bank. Most legitimate gateways will provide this without hesitation. Do not accept "we operate under a bank partnership" as sufficient — ask which bank, and whether that bank's licence covers the specific transaction types you process.
2. Check local payment method support Mada (Saudi), KNET (Kuwait), BENEFIT (Bahrain), QPAY (Qatar), OmanNet (Oman), Fawry and Meeza (Egypt) — each requires a direct relationship with the local network. If the gateway supports these "through a partner", find out who the partner is and whether they are locally licensed.
3. Request country-specific approval rate data Any reputable gateway will share approval rate benchmarks by country and card type. If they refuse, that tells you something. Specifically ask for Mada approval rates in Saudi Arabia and KNET approval rates in Kuwait — these are the hardest to fake.
4. Ask about data residency documentation Request a written statement on where transaction data is stored per country. If they cannot provide this, assume it goes to their primary data centre (often in Europe or the US) and evaluate whether that meets your compliance obligations.
5. Check the ZATCA integration status for Saudi If you operate in Saudi Arabia at any scale, ask specifically: are you ZATCA Phase 2 certified for e-invoicing? What is your integration timeline if not?
The Practical Reality
There is no single payment gateway that is fully compliant across every MENA market, supports every local payment method natively, and offers the best approval rates everywhere simultaneously. That gateway does not exist.
What the best-run MENA e-commerce operations actually do: they use one primary gateway for their largest market, one regional gateway with broad compliance coverage (typically PayTabs or Tap Payments) for secondary markets, and they have a local payment specialist on retainer to flag regulatory changes before they become outages.
The compliance landscape in MENA is not static. Saudi Arabia has updated its payment regulations three times since 2021. UAE issued new payment guidance in 2024. Egypt's CBE is actively expanding its digital payment oversight. A gateway that is fully compliant today may have licensing gaps twelve months from now.
Build the compliance check into your annual vendor review — not just your initial selection process.
Subscribe to our newsletter
Get the latest Gulf SaaS insights delivered to your inbox.