shared services group

In 2025, the Shared Services Group of alrajhi bank continued to leverage technology, infrastructure and expertise accrued over the years to power the transition of the bank and its subsidiaries into a digital ecosystem, in line with the bank’s ‘harmonize the group’ strategy.

Information Technology

In 2025, the IT Department continued to advance the transformation of the group’s IT infrastructure, strengthening capabilities in Digital, Data, Cloud, and AI to enhance group-wide synergies, to create seamless customer experiences, and ensure the group’s technology landscape remains agile, secure, and future ready.

The IT Department worked towards achieving several strategic objectives, that when executed accordingly, will support alrajhi group’s transformation into an ecosystem of financial solutions, thereby realising the overarching vision of ‘harmonize the group’. These objectives include:

• Increasing centralisation and standardisation: Optimising and increasing the maturity level of IT infrastructure across the alrajhi group; leading to improved response time, minimised complexity and reduced cost.
• Achieving agile delivery through automation and efficiency: Improving operational efficiencies and providing faster turnaround time (TAT) to enhance customer satisfaction.
• Creating Group-wide customer journeys and leveraging scale: Improving group-wide synergies to provide a seamless digital customer journey through multiple product and service portfolios across the group; accelerating speed-to-market and growing the bank’s customer base.
• Enhancing and maintaining regulatory compliance: Expand the coverage of fraud, AML, Security, and maintain a compliance-by-design approach to ensure an ‘always-compliant’ state to protect both bank and customers.
• Operational resilience and continuity: Strengthening the bank’s ability to anticipate, withstand, and recover from disruptions through resilient systems and proactive risk management.
• Developing third-party income: Enhancing technology capabilities and enabling digital services that generate new revenue streams across the group’s ecosystem.

In order to achieve these objectives, the IT Department launched focused strategic initiatives in 2024, which continued their progress during the 2025 reporting year. These initiatives include:

Strategic initiative 01: Establishing the ARB Centers of Excellence

The IT Department established a dedicated Centre of Excellence (CoE), integrating collective IT capabilities from across the alrajhi group to leverage accrued expertise more effectively. This strategic consolidation continued to yield significant benefits in 2025, substantially enhancing operational efficiency, accelerating process optimisation, and driving higher levels of automation throughout the group's operations, to collectively result in significant economies of scale.

2025 saw continued progress in strengthening group-wide service delivery, standardisation, and operational efficiency. The CoE extended its support model across a wider set of subsidiaries, achieving 100% service desk coverage for alrajhi bank, Al Rajhi Capital, neoleap, tawtheeq, atmaal, and Al Rajhi Takaful. This expansion has reinforced consistent service quality and enhanced response times across the group, ensuring all teams benefit from unified support processes.

A group Testing Centre of Excellence (TCoE) was launched in collaboration with alrajhi’s technology arm Ejada, achieving 80% adoption across key subsidiaries including Al Rajhi Capital, Emkan, alrajhi bank, neoleap, and tawtheeq. This progress reflects the broader shift across the group toward aligned testing standards, helping accelerate release cycles while maintaining robust assurance practices. Strengthening interoperability across the group, expanding advanced testing capabilities, and further integrating CoE services have greatly contributed to ongoing efforts to enhance scalability, consistency, and operational resilience across the alrajhi group.

Automation accelerated across key processes, with credit card processing reaching 85% automation and SLA performance of 85%. These enhancements delivered efficiency gains equivalent to 200 FTEs against the budget plan.

Strategic initiative 02: Advancing the Cloud Journey

The bank continued to accelerate its cloud transformation agenda in 2025, alongside strong national directives encouraging cloud adoption. The IT Department advanced several key modernisation initiatives, ensuring that critical applications are equipped to benefit from cloud-driven performance, scalability, and enhanced reliability. Throughout the transition, rigorous testing and security measures were enforced to safeguard data integrity and maintain control over the migration process.

During the year, significant milestones were achieved, including the completion of the cloud modernisation and automation projects, as well as security enforcement for eight applications on Oracle Cloud Infrastructure (OCI). The team also finalised Disaster Recovery runbooks, completed a full assessment of migration and replication tools, and successfully built the bank’s first Graphics Processing Unit (GPU) computing environment, enabling advanced computing capabilities to support the group’s growing AI-driven workloads.

Looking ahead, the bank will continue to deepen its cloud adoption by finalising assessments for remaining cloud-ready applications. The IT Department will also look into implementing migration and replication tooling for cloud instances, while pursuing its strategic ambition to adopt hyperscaler technologies to further expand the bank’s ability to leverage cutting-edge cloud capabilities across its digital ecosystem.

Strategic initiative 03: Implementing Centralised Platform for IT service management

In 2025, the bank continued to build on the strong foundation established with the centralised IT Service Management (ITSM) model. The transition to a unified platform has enabled the IT Department to streamline processes, reduce redundancies, and strengthen cost efficiencies across the group’s technology operations. By standardising service management practices and embedding automation across workflows, the bank has further enhanced operational agility, service quality, and overall stakeholder experience.

During the reporting period, the full ServiceNow project implementation was successfully completed, with core modules now live in production. These include Incident Management with SLA monitoring, Change Management, the Service Catalogue and Service Request modules, the Knowledge Base, and the Configuration Management Database (CMDB). Together, these capabilities have improved visibility, traceability, and governance across IT services, building a mature and integrated ITSM environment.

The year also saw the successful launch of a mobile application for the IT service platform extending the platform’s functionality to mobile devices and enabling employees to access services, submit requests, and manage incidents seamlessly, from anywhere, anytime.

Strategic initiative 04: Building a world-class data platform

In line with the bank’s ambition to build a modern, scalable, and intelligence-driven technology ecosystem, the IT Department continued advancing its world-class data platform in 2025. Designed to power enterprise-wide analytics and enable AI-driven decision-making, the platform brings together comprehensive capabilities in data transformation, visualisation, processing and storage, to governance and orchestration of data, ensuring the bank complies with the laws, regulations and standards required to safeguard the data of the bank as well as its customers.

During the reporting period, significant progress was achieved across the bank’s data modernisation agenda. The on-premise technology refresh of the Teradata Enterprise Data Warehouse (EDW) was successfully completed, upgrading the environment to an industry-leading massively parallel processing platform, capable of supporting growing analytical workloads with greater speed and efficiency. The bank also advanced its AI utilisation, with AI model outputs integrated across data and customer communication channels for Next Best Offer (NBO) campaigns, enabling more personalised and context-aware engagement.

The IT team also continued advancing the Big Data consolidation programme, which remains on track for delivery. This initiative will unify disparate data ecosystems, enhance data consistency and accessibility, and further accelerate the group’s ability to harness advanced analytics and emerging technologies at scale.

Strategic initiative 05: Creating a Command Centre for Proactive Incident Management

In 2025, the bank completed the establishment of its Modern Command Centre, including tooling, physical space, and onboarding of teams across all major business and IT functions. With real-time monitoring, intelligent dashboards, and consolidated visibility across critical systems, the Command Centre now provides a unified operational view that enables faster, proactive decision-making, early detection and prevention of incidents, and overall improved service reliability.

The IT Department also initiated a comprehensive Automation Project during the reporting period to further enhance incident management. The project will introduce auto-detection, auto-assignment, auto-escalation, and auto-closure capabilities, reducing manual intervention and ensuring consistent, rapid response to emerging incidents.

Strategic initiative 06: Expanding the group-wide digital ecosystem

In 2025, the bank continued to modernise its core systems, enhance interoperability, and strengthen customer-centric digital services across the Group. These initiatives support seamless integration with third-party platforms, increasing operational agility, thereby enabling the delivery of superior digital experiences.

During the reporting period, the bank published over 300 group-wide digital APIs, further accelerating the development of integrated, data-driven customer journeys. Interoperability was enabled for 53 products, resulting in smoother cross-platform interactions. Additionally, the bank completed 59 Open Banking customer information services, with payment-related services progressing in line with SAMA’s implementation roadmap.

The IT Department advanced the DigiCore initiative in 2025, completing the full transformation of Personal Finance while bringing Auto-Lease, Cards, and all five Mortgage products into production. At the close of the year, more than 2.5 million contracts were active on the new technology stack, and 1.36 million Personal Finance contracts were successfully migrated from the previous legacy system. The mobile marketplace migration to the new, group-ready Marketplace was also successfully completed at the close of the year.

Stringent adherence to regulatory compliance

Operating within a rapidly evolving multi-regulatory environment, the IT Department remains highly vigilant in maintaining regulatory compliance and strong governance across the Group’s technology landscape. The Department adheres to national data management and protection regulations and relevant regulatory frameworks at the Group level. During the reporting period, significant progress was achieved in implementing key data protection and governance requirements, further strengthening the bank’s data compliance management practices. The bank also successfully completed regulatory technology governance assessments during the year, demonstrating a strong level of compliance and maturity in its IT governance and control framework. These achievements reflect the bank’s continued commitment to maintaining robust governance, risk management, and regulatory alignment across its technology operations.

Security and fraud prevention remained a top priority during the reporting period. A full suite of security solutions such as endpoint protection, privileged access management, threat intelligence, email phishing prevention, database monitoring, and cloud security, have been deployed group-wide. The IT Department was also instrumental in setting up anti-fraud initiatives across the group; fraud management system and enhancements in anti-fraud measures reduced fraudulent cases significantly. Additional integrations, including the eBusiness portal with SAS Fraud and the first phase of ARB Global Limit for critical transactions, further strengthened customer protection.

Talent and capability development

The Shared Services Group planned a comprehensive suite of learning and capability-building programmes in 2025, tailored for IT Operations, IT Solutions, the Command Centre, and Shared Services Control teams, ensuring alignment with the latest tools, technologies, and industry practices.

Training modules covered Core Banking and Production Operations; Cloud, Infrastructure and Integration Technologies; Data, AI and Advanced Analytics; DevOps, Automation and Quality Engineering; and Enterprise Architecture and

Project Delivery. Additional courses on compliance, regulatory requirements and risk management strengthened teams’ awareness of the evolving banking and regulatory landscape. Specialised, role-specific training was also delivered for critical positions.

Business continuity and crisis management

As alrajhi bank and its subsidiaries continue to evolve into a larger and more interconnected ecosystem through the execution of its ‘harmonize the group’ strategy, ensuring resilience against expected challenges and adaptability to unexpected disruptions remains a critical priority. Since the approval of the first Business Continuity Policy in 2009, the bank’s approach to Business Continuity and Crisis Management (BCM) has been one of continuous improvement. Drawing on years of preparedness, robust plans, well-defined processes, and skilled personnel, alrajhi bank has consistently leveraged intelligent tools and technologies to remain agile and responsive in the face of unprecedented change.

In 2025, the BCM function focused on further strengthening organisational resilience across the Group. The Business Continuity Management Policy was maintained under the rigorous oversight of internal audit and SAMA recommendations, ensuring that the framework remained effective, relevant, and aligned with evolving risks, while ongoing initiatives continue to advance maturity toward higher levels of operational resilience.

Enhancing resilience through automation

Automation of the BCM function continued to transform the bank’s approach to preparedness in 2025. The Business Impact Analysis (BIA) and Threat Risk Assessment (TRA) were fully digitised within the AutoBCM platform, allowing complete data capture, end-to-end approval tracking, and dynamic reporting for senior management. Business Continuity Plans (BCPs) can now be auto-generated from BIAs, ensuring response and recovery strategies are consistently aligned with real-time changes across the Bank. These enhancements have strengthened governance, reporting accuracy, traceability, and overall operational control, further advancing compliance with regulatory and international resilience standards. A dedicated Project Management Office (PMO) continues to oversee the implementation of active-active projects supporting operational resilience and ensure timely delivery of key initiatives. Delays arising from the absence of established operational resilience frameworks, guidelines, and internal expertise were mitigated by engaging experienced third-party specialists to support the development and implementation of the bank’s operational resilience projects.

Crisis management and response

The Crisis Communications Team continues to enhance readiness through dedicated communication channels for rapid coordination and a personal hotline that is currently being established as a fall-back for critical communications in the event of formal communication systems failing during a crisis situation.

Several major tests and drills were conducted during the reporting period to validate the bank’s resilience capabilities. These included a 12-day full-week live IT Disaster Recovery test for alrajhi bank, which was completed successfully, and a 14-day SAMA surprise test, also concluded with successful results. In addition, comprehensive fire drills were carried out across key operational locations, further reinforcing the bank’s readiness and adherence to safety and continuity protocols. Supplier continuity was also assessed, and contingency plans developed for critical third-party partners, ensuring resilience across the supply chain.

Training, awareness, and organisational preparedness

Organisational readiness was strengthened through extensive training and awareness programmes during the reporting period. Employees across the Group completed mandatory e-learning modules, designated BC Champions participated in role-based workshops, and selected staff members obtained internationally recognised certification through specialised external courses delivered by the Professional Evaluation and Certification Board (PECB). The Crisis Management Team carried out a table-top exercise to ensure that the bank’s crisis activation and response capabilities remain effective, coordinated and aligned with the expectations of the BCM, Crisis Management and ARB’s Overall resilience objectives.

Supply chain management

In 2025, alrajhi bank’s Procurement Department continued to strengthen the bank’s competitive position by ensuring the acquisition of high-quality goods and services through its fully automated procurement process. The department continued to foster strategic and mutually beneficial partnerships with key vendors and expanded its supplier base in line with emerging business needs.

The Procurement Department received 12,355 requests that were validated, challenged, negotiated, and processed to achieve a significant increase of 75% YoY in cost savings in 2025:

• 75% increase YoY in cost savings
• 480 bids/tenders – 217% increase YoY
• 2,161 purchase orders issued – 18% increase YoY
• 18,119 Blanket Purchase Agreements (BPAs) released

• 560 contracts issued – 130% increase YoY

Following the successful completion of Phase 1 of the Procurement Transformation Project in 2024, a high service level delivery performance was effectively maintained at the close of the year.

Enhancing the procurement process

The Online Procurement Portal was upgraded in 2025 to support registrations from both local and international vendors, fostering a more competitive global vendor base and improving sourcing flexibility. Vendor alignment was strengthened through regulatory awareness sessions, Counter-Fraud training, and the introduction of the Monsha’at Jadeer Certificate as a mandatory onboarding requirement. The Jadeer Certificate is issued to verify that an SME meets national standards for capability, compliance and readiness to work with large organisations, and is expected to drive fair competition while enhancing the credibility of suppliers. Other communication channels such as email, telephone as well as physical visits were also consistently made available throughout the year, to ensure a smooth, reliable and well aligned procurement operation.

Strengthening the local supplier network

The Procurement Department participated in BIBAN Global 2025, Saudi Arabia’s flagship SME forum organised by Monsha’at, reinforcing the bank’s commitment to supporting the local SME ecosystem, strengthening supplier diversity, and advancing local content in line with Vision 2030 objectives. The event offered direct engagement with emerging local suppliers, enhancing the Department’s strategic sourcing capabilities. A comprehensive Terms of Business that fully integrates all regulatory requirements needed to elevate internal governance standards, while establishing essential rules of engagement for all external parties was implemented in 2025, setting a benchmark for supply chain best practices across the banking sector.

At the close of the year, alrajhi bank’s Online Procurement Portal registered 132 new vendors in 2025, taking the total active vendors on the Portal to 1,545.

By ensuring that procurement decisions are driven by total cost of ownership as well as non-cost-related factors such as fitness for purpose, quality, delivery time, service and support, the Procurement Department was able to decrease procurement spend and deliver greater value for money during the reporting period. The percentage of spending on local suppliers increased from 94% in 2024 to 96% in 2025, reflecting the bank’s commitment to prioritise locally established businesses.

Reinforcing strong regulatory compliance

Over the past several years, the Procurement Department has successfully unified sourcing requirements across alrajhi group by aligning procurement policy, procedures and systems, thereby ensuring consistent governance and operational standards across alrajhi bank and its subsidiaries. Given the rapidly evolving regulatory environment of Saudi Arabia, the Procurement Department effectively aligned with all regulatory and compliance requirements issued by SAMA, the Saudi Data and AI Authority (SDAIA), and alrajhi bank’s internal stakeholders by automating and embedding all mandated controls across every procurement engagement. These controls covered a wide range of areas including Third-Party Risk, Counter Fraud, IT Governance Framework, Business Continuity, Anti-Money Laundering, Cybersecurity, Compliance and Governance, ensuring alignment with both external mandates and internal governance needs.

During the reporting period, a dedicated team was assigned to address all internal and external audit requirements and document requests by alrajhi bank and its subsidiaries. Additionally, establishing centralised document repository in the system to ensure timely access to all required records.

The procurement policy of alrajhi bank

The bank’s Procurement Policy aligns with industry standards, and remains compliant with all internal regulatory requirements. It aims to minimise procurement-related risks and ensure that the process is conducted in a transparent and efficient manner, respecting ethical and fairness principles with zero discrimination. The Policy safeguards alrajhi from challenges that may arise from last-minute contract changes, vendor negotiations, and late sourcing requests. Every team member involved in the procurement process on behalf of the bank is required to be familiar with this Policy and abide by it through internal awareness sessions. The procurement team has been further equipped with knowledge on the bank’s Business Continuity and Crisis Management (BCM) function and Counter Fraud measures through awareness sessions held during the reporting period.

During 2025, the department updated its Procurement Committee Charter and related procedures to align with evolving strategic objectives and participated in reviewing charters for overseas branches in Kuwait and Jordan.