We’ve delivered across the UK, Europe and the GCC. But right now, our focus is the UAE, Saudi Arabia and the United Kingdom — three markets where our regulatory knowledge, delivery experience and network run deepest.
Our Home Market
Dubai is where we’re based and where we deliver most of our work. As the UAE’s regulatory landscape rapidly evolves (PDPL, DIFC, ADGM), we help organisations stay compliant while scaling confidently under D33-driven growth.
• Navigate overlapping UAE regulations (PDPL, DIFC, ADGM, sector regulators) with clarity
• Build governance programmes that support secure, resilient growth
• Align compliance with fast-paced business expansion under D33
• Deep local expertise — operating on-ground, not remotely
High-Growth, High-Regulation Market
Saudi Arabia’s Vision 2030 is accelerating transformation, alongside stricter enforcement of PDPL, NCA ECC-2, NDMO, and SAMA regulations. We help organisations build compliance into their foundations—so growth is aligned with regulation from day one.
• Navigate complex regulatory frameworks (PDPL, NCA ECC-2, NDMO, SAMA) with confidence
• Build compliance architecture early to avoid costly retrofitting
• Operate effectively in-kingdom with awareness of Saudisation and local realities
• Delivered via direct engagement and licensed Saudi partner network
UK-GCC Regulatory Compliance Made Simple
Amana’s expertise is rooted in the United Kingdom, where we’re registered and where our governance framework is shaped by FCA oversight, UK GDPR, and operational resilience standards. Our mission is to help UK organisations navigate the challenges of expanding into the Gulf and GCC, ensuring seamless compliance with UK regulatory frameworks while adapting to the complexities of the Gulf market.
• Bridge cross-border regulatory gaps, managing dual obligations across UK and GCC markets
• Navigate complex UK governance frameworks, including FCA and GDPR, with localised insight
• Ensure smooth data transfers and governance structures that work in both environments
• Delivered through direct engagement and local partner networks across the Gulf region
We work in sectors where the stakes are high, the regulation is complex and getting it wrong has real consequences.
Banking, insurance, fintech and investment management are under more regulatory pressure than at any point in the last decade. In the GCC, SAMA, CBUAE and DFSA are tightening expectations around cyber resilience, data privacy and operational continuity. In the UK, FCA and PRA are pushing firms on operational resilience, consumer duty and AI governance. Cross-border firms face all of it simultaneously.
We work with financial services organisations because we understand the regulatory landscape from the inside. Richard’s career was built in this sector. We know how to design compliance programmes that satisfy multiple regulators without duplicating effort, build cyber resilience that meets board expectations, and deliver transformation programmes at a pace the business can sustain.
How we help:
Regulatory compliance programmes across SAMA, DFSA, FCA and CBUAE. Cyber maturity and resilience. Programme governance for large-scale technology and operational transformation. Operating model design. Board and executive reporting.
Governments in the Gulf are building at breakneck speed. That usually means governance gets left behind. We make sure it keeps up. From UAE digital mandates to Saudi Vision 2030 programme offices, we bring the rigour that public accountability demands.We work with government because the programmes are complex, the accountability is high and the consequences of failure affect real people. We bring the programme governance discipline that these environments demand — and the experience to navigate the politics without getting lost in them.
How we help:
Programme and portfolio governance. Digital service design and delivery oversight. Data governance and privacy. Cyber resilience for critical national infrastructure. Change management for large-scale public sector reform.
Healthcare is being reshaped by digital investment, patient data regulation and the pressure to do more with less. In the GCC, major healthcare investments are transforming how care is delivered. In the UK, NHS trusts and private providers face workforce shortages alongside digital modernisation. Privacy regulation is tightening globally.
We work in healthcare because the human consequences of getting it wrong are real. Patient data needs genuine protection, not just policy documents. Transformation needs to happen without disrupting care. And change programmes need to bring clinical and operational teams with them — not impose change from the top.
How we help:
Data protection and privacy compliance (PDPL, UK GDPR). Cyber resilience for healthcare environments. Programme governance for digital transformation. Change management that respects clinical culture. Governance architecture for health systems.
Energy companies are managing the most complex transition in a generation — balancing profitability, sustainability targets and regulatory obligations while keeping critical infrastructure secure. GCC national energy companies are diversifying. UK and European firms face net-zero mandates. Cyber threats against operational technology are escalating.
We work in energy because the programmes are inherently complex, the stakeholder landscapes are demanding and the security requirements are non-negotiable. We understand how to govern programmes that span multiple jurisdictions, multiple regulators and multiple operating environments.
How we help:
Cyber resilience for OT and IT environments. Regulatory compliance across multiple jurisdictions. Programme governance for large-scale operational transformation. Change management in safety-critical cultures. Data governance for asset-heavy organisations.
Retail is being reshaped by omnichannel expectations, data-driven personalisation and an explosion of customer data that needs protecting. PCI DSS compliance is a baseline. PDPL and GDPR apply to every customer interaction. Cyber threats — particularly ransomware and supply chain attacks — are targeting retail at record levels.
We work in retail because we’ve governed security and compliance programmes for organisations operating across hundreds of locations and millions of customer records. We know how to make compliance operational at scale without creating bureaucracy that slows the business down.
How we help:
PCI DSS compliance. Data protection and privacy. Cyber resilience and incident readiness. Programme governance for omnichannel and digital transformation. Operational governance across multi-country retail operations.
Tech and telco firms are expected to move fast. But speed without governance creates technical debt, security exposure and regulatory risk. As AI adoption accelerates, data governance and algorithmic accountability are becoming board-level concerns. GCC regulators are catching up quickly.
We work with technology firms because they often have the ambition and the talent but lack the governance maturity to match. We help you build the structures that let you move fast without breaking things — and that stand up when a regulator or a customer asks how you protect their data.
How we help:
Governance architecture for scale-ups. AI governance and readiness. Data governance and compliance. Cyber resilience. Programme governance for product and platform transformation.
You’re growing fast. Investors are asking about your security posture. Clients want to see your compliance certificates. Your team is stretched and governance hasn’t kept pace. You know the foundations need strengthening but you can’t afford to slow down.
We work with SMEs and startups because the big firms won’t touch you at your budget, and the freelancers can’t give you the governance maturity you need. We’re in the middle — senior enough to be credible with your investors and practical enough to build something your team can actually run.
How we help:
Security foundations and maturity assessment. Compliance essentials (ISO 27001, PDPL, UK GDPR). Governance architecture that grows with you. Fractional CISO support. Talent Architect — designing the right function before you hire.
Education institutions hold some of the most sensitive personal data of any sector — student records, safeguarding information, research data. Digital transformation is reshaping how learning is delivered. Privacy regulation applies to every interaction with students, parents and staff.
We work with education because the data protection obligations are serious and the sector is often under-resourced to meet them. We help institutions build governance that protects their community and supports their growth without creating compliance burden that distracts from their mission.
How we help:
Data protection compliance (PDPL, UK GDPR, safeguarding). Cyber resilience. Digital transformation governance. Change management for academic environments. AI governance for research and administration.
Law firms, accountancies, consultancies and media companies — your reputation is your business. A data breach, a compliance failure or a governance scandal can destroy years of client trust overnight. Cyber threats are increasingly targeting professional services firms because of the sensitive client data they hold.
We work with professional services because we understand the reputational stakes. We help you build security and compliance programmes that protect client confidence and support growth — without creating processes that slow your professionals down.
How we help:
Cyber resilience and incident readiness. Data governance and client data protection. Compliance programmes. Governance architecture for partnerships and multi-office structures. Culture and change programmes that professional staff will actually adopt.
Multi-generational businesses are the backbone of the GCC economy. They’re modernising, diversifying and professionalising. But governance can’t be imposed on a family business the way it can on a corporation — it needs to respect family dynamics, succession sensitivities and the culture that built the business in the first place.
We work with financial services organisations because we understand the regulatory landscape from the inside. Richard’s career was built in this sector. We know how to design compliance programmes that satisfy multiple regulators without duplicating effort, build cyber resilience that meets board expectations, and deliver transformation programmes at a pace the business can sustain.
How we help:
Governance architecture that respects family dynamics. Succession and leadership transition planning. Professionalised operations and controls. Cyber resilience and data governance. M&A readiness for portfolio businesses.
Not sure where to start? That’s fine. Most of our conversations begin with I’m not sure what we need. We’ll help you figure it out.