As a result of the economic growth and increasing technology usage, financial systems are becoming pervasive and automate customer processes and data. These systems, like other systems that are governed by law, are required to comply with governmental regulations. However, this requirement is not easy to implement because of the challenge that comes from domain-specific definitions and the ambiguities that exist in laws. Moreover, mining financial data requires a combination of domain and technical knowledge plus an understanding of how the financial markets are manipulated. Thus, there is a business need to formalize security texts, extract rules, and then enforce them throughout the supply chain. Most of the approaches that have tried to achieve this need were validated on healthcare systems. Using a case study from Saudi Arabia, we applied a well-known approach proposed by Breaux and Antón on a quite different domain, Saudi stock exchange (Tadawul). Security in Saudi Arabia is an issue because of the highincome Saudi economy. Without such validation on non-healthcare domains, it is premature to automate Breaux and Antón approach which is currently performed manually. We also used readability analysis of Tadawul's regulations based on proven metrics. As a result, we extracted and formalized two rights, eight obligations, eighteen constraints, and seven rules. From readability view, Tadawul's regulations considerably need reading skills. Our analysis can help standards organizations, requirements engineers, systems administrators, and policy makers by ensuring that their systems conform to law.