Cloud, HCI, and AI built for the questions SAMA is asking now.
A KSA bank running customer data on a hyperscaler region is not the same as a KSA bank running on sovereign infrastructure. Your auditor knows the difference. We built MomentumX for the second answer — SAMA‑aligned, NCA‑mapped, in‑country, with documented exit clauses.
Why financial services is different
KSA’s regulatory environment for cloud has tightened materially. SAMA’s Cloud Computing Framework, NCA CCC‑2, and CST cloud guidance have moved from advisory to enforced. CIOs at SAMA‑regulated institutions are being asked specific questions: where does the data sit, who has key custody, what’s the exit path, what happens under cross‑border legal pressure. “Regional cloud zone” answers don’t survive those questions.
The harder problem: the same banks need AI capability. Fraud detection, document understanding, KYC automation, regulatory reporting, customer analytics — all GPU workloads, all on customer data, all subject to the same residency and access constraints. Sending that data to OpenAI or Azure OpenAI through a regional zone is not a sufficient compliance posture.
The SAMA Cloud Framework, mapped to MomentumX
Each SAMA requirement and how MomentumX delivers — reviewable by your compliance team under NDA.
| SAMA requirement | How MomentumX delivers |
|---|---|
| Data residency in KSA | Hyper Private Cloud and HyperEdge 500 deployments in KSA‑hosted facilities. Exact data centre disclosed on request. |
| Controlled access | Tenant isolation by default. Customer‑managed KMS or HSM. SAMA‑aligned logging. |
| Audit trail of privileged actions | Full operational logging, audit‑exportable, retained per regulatory schedule. |
| Provider/tenant separation | OpenStack tenancy model. No shared root paths. Independent control plane access. |
| Documented incident response | 24/7 incident response, MENA‑based ops team, documented runbooks shareable under NDA. |
| Exit clause and data portability | OpenStack‑native APIs. Standard image and data formats. 30‑day full data return. No proprietary lock‑in. |
Reference architecture for a SAMA‑regulated bank
Three layers, integrated through OpenStack APIs. Workloads can move between layers as compliance requirements evolve.
Production workloads on Hyper Private Cloud (VDC)
Core banking, regulatory reporting systems, customer‑facing applications, transaction processing. Deployed on sovereign Hyper Private Cloud with KSA data residency. Monthly billing, predictable cost.
On‑prem extension on HyperEdge 500
For workloads requiring physical air‑gap or stricter residency than even a regional cloud zone — high‑value data archives, cryptographic operations, audit servers. HyperEdge 500 deployed at the bank’s primary or DR site.
AI workloads on HyperAI
GPU‑accelerated workloads — fraud detection models, AML pattern matching, document understanding, customer service AI, risk model training. Sovereign HyperAI cluster with H100/H200 GPUs, deployed in KSA. Data never leaves the country.
Use cases, named
Four real banking AI workloads, no hand‑waving.
Fraud detection and AML
GPU‑accelerated anomaly detection on transaction streams. Real‑time scoring against models trained on the bank’s own historical data — never leaving KSA. SAMA reporting integrated.
Document understanding (KYC, loan origination)
Sovereign LLM + OCR pipeline running on HyperAI. Customer ID documents, loan packages, contracts processed inside the bank’s jurisdiction. Outputs structured into the core system.
Regulatory reporting automation
LLM‑assisted drafting of regulatory submissions (SAMA, GASTAT) using internal data. Reviewed by humans before submission. The drafting model never sees data outside KSA.
Customer analytics and personalisation
Recommendation models, churn prediction, segment analysis trained on customer behaviour data. PDPL‑style residency for any data subject to that regime; SAMA residency for KSA customer data.
How we compare for a SAMA bank specifically
Banking‑specific dimensions, side by side.
| International hyperscalers | Regional sovereign provider | MomentumX | |
|---|---|---|---|
| Legal entity | US‑headquartered, regional zone | KSA telco subsidiary | MENA‑registered |
| Operations team jurisdiction | Mixed — global + local | KSA | KSA + Egypt |
| Encryption key custody | Provider‑managed by default | Provider‑managed by default | Customer‑managed by default |
| AI / GPU workloads in‑country | Yes, but data leaves the bank’s control | Limited GPU offering | HyperAI 24‑GPU clusters in KSA |
| Vendor lock‑in | High — proprietary services | Telco bundle dependence | OpenStack — exit anytime |
| Egress and sustained pricing | Egress traps, complex SKUs | Bundle pricing | Transparent, predictable |
Reference customers
Verified deployments. Additional banking customers under NDA.
- Raya Data Center
- BuduCloud
- Al‑Motammem
- PRIMA
- Sahara Net
- MGM
Verified customers only. Banking‑specific case study coming Q3 2026 — see /customers/.
Bring your SAMA matrix. We’ll walk through it.
A 30‑minute call with a MomentumX architect, focused on your specific SAMA control set and your specific workload mix. We’ll map your obligations to our architecture and tell you — honestly — where we’re a fit and where we’re not yet there.
Book a SAMA architecture walkthrough
Apply for a 14‑day HyperAI POC
