Oman banking perspectives 2019 A digital, regulated and sustainable future

April 2019

kpmg.com/om Foreword

Our evaluation of the key financial indicators for the past year suggests a positive outlook for the banking sector in Oman, with promising profit growth that has only slightly been tempered by the introduction of new accounting standards.

I am pleased to introduce you to the Force (FATF) evaluation of Oman is second edition of our annual Oman expected to begin in 2021, and will banking perspectives publication. trigger an independent review of We examine pertinent issues and anti-money laundering (AML) and trends affecting the global banking sanctions compliance rules. industry today, with a particular focus Banks could consider encouraging on Oman. Our subject matter experts a healthy corporate culture, and have shared their views on key practices that are in line with the topics, identified the main challenges sustainability agenda. Strides in faced by the banking sector and digital innovation can be exploited proposed strategies to combat to their full potential as traditional these. We are grateful for the high banking methods are transformed by level of interest generated by the processes like customer identity and previous edition; in this publication access management (CIAM). we elaborate on a broad spectrum of themes, ranging from effective This publication complements our governance to Islamic finance. GCC listed banks results report, which sets out some of the key financial In the constant drive for growth, indicators and issues of the day for Emilio Pera banks would do well to swiftly adapt the banking industry in the region. Partner | Head of Financial Services to a shifting regulatory and consumer On behalf of KPMG Lower Gulf, T: +971 4 403 0323 landscape. Banks need not, however, we look forward to delving deeper M: +971 56 508 5073 be overtly cautious of venturing into into the topics discussed within this E: [email protected] uncharted territory. Rather, they publication, and exploring how your can pioneer practices and products Emilio leads KPMG’s financial services organization can make the most of that cater to gaps in the market or practice in the Lower Gulf (the UAE the opportunities that lie ahead. improve operational efficiency and and Oman). He has worked in the competitive positioning. financial services industry – both as a consultant and as a banker – for Technological innovation and a almost 30 years and has been based flourishing demand for Islamic in the UK, the Middle East and Africa. financial institutions can disrupt the He has led a number of risk, finance industry, while risk functions must Emilio Pera and credit advisory engagements, contend with challenges like the Partner and Head including leading governance and replacement of the London Interbank of Financial Services cost-efficiency reviews. Emilio has Offered Rate (LIBOR). been the lead partner on the external Over the past few years, the Central audits of a number of major, bluechip Bank of Oman has issued a range of financial institutions in Africa and directives that clearly signal Oman’s in the region. He was a member of intent to align with global best the IAASB’s ISA540 task group with practice in terms of prudent market a focus on revising the standard in regulation and consumer protection. preparation for the audit of IFRS 9. In addition, the Financial Action Task Contents

Foreword 2

Executive summary 4

Performance highlights 6

Innovation and technology 8

Accelerating and expediting the innovation agenda 10

Single digital identity for customers: will it live up to expectations? 12

Regulation and risk 16

Headwinds as banks prepare for LIBOR transition 18

Managing operational risk effectively 20

Mitigating financial crime risk 22

The future of Islamic finance 24

Culture and sustainability 26

Strengthening governance and internal controls 28

Culture: the root of misconduct? 32

Environmental and social opportunities 34

Key banking indicators 36

About KPMG 41

Oman banking perspectives 2019 3 Executive summary

A strong focus on innovation, regulatory compliance, rigorous self-review, risk management and creating a fair corporate culture, will likely stand banks in good stead as they navigate an evolving banking environment.

While economic growth has been somewhat muted over Meanwhile, risk functions of banks must exercise the past year1, the top eight Omani banks have enjoyed constant vigilance to cope with an influx of challenges: a healthy surge of 11.5% in net profits. This occurred in the London Interbank Offered Rate (LIBOR) is being the wake of the replacement of IAS 39 with IFRS 9 at phased out, gradually being replaced with alternatives the beginning of 2018. It transformed banks’ approach to such as risk-free rate (RFR) benchmarks. There are the assessment of impairments in their loan portfolios. likely to be operational issues in the early stages, Higher current provisions and more stringent Liquidity and banks will need to reduce LIBOR exposures and Coverage Ratio and Net Stable Funding Ratio calculations build demand for RFR-linked products. Information seem to have led to a spike in the cost of liquidity. There strategy, and outstanding hedge relationships and was improvement in the Capital Adequacy Ratio and other agreements may need to be amended. Along Return on Equity, despite IFRS 9 adjustments being with changes to valuation tools and risk models, banks passed through retained earnings. Despite a promising would be well advised to consider the interaction financial year, financial institutions must contend with between LIBOR transition and the implementation of the an incursion of new regulations and a burgeoning Fundamental Review of the Trading Book (FRTB). demand for innovative new products and systems to Operational risk is becoming an increasingly significant meet consumer demands in a market that is increasingly area of focus. Headwinds may take the form of cyber digitally enabled. threats, third-party concerns, trading, conduct and culture Across the banking sector, companies have embraced issues, anti-money laundering fines and sanctions, or innovation teams. However these can suffer from stress-testing requirements. The fraud Risk regulations limited authority, lack of resources, and inadequate laid out by the Central Bank of Oman (CBO) provide support from senior stakeholders. A structured detailed clarity on what banks should be doing to achieve management process, and a more open-minded best practice. They point out the main areas for banks approach to solving problems may help drive the to focus on: governance, identification and assessment, innovation agenda. Improved communication and control and mitigation, business continuity management, collaboration between departments and with regulators information technology and systems, and reporting. will help banks remain agile in the face of the gamut of To an extent, a specific subset of risk, financial crime technological advances like fintech. risk, can be reduced via a step-by-step method. This With the advent of the digital revolution, many would involve reviewing the compliance risk assessment banks are turning to customer identity and access framework and the monitoring program, to validate the management (CIAM) to build stronger relationships annual compliance plan, transaction monitoring and know with their customers. CIAM’s features facilitate your-customer procedures. Technological developments addressing numerous customer needs, delivering like machine learning could be leveraged to maximize personalized experiences, intelligent solutions, operating efficiencies, and risk mitigation measures protection against cyber fraud and ease of digital designed and implemented to ensure compliance interaction. The success of implementing CIAM, with the regulatory provisions on AML and sanctions. however, will depend on factors like the ability of a Oman is anticipating its Financial Action Task Force vast variety of stakeholders to work together, and how (FATF) Mutual Evaluation to be held in 2021, and readily users embrace learning new software. independent evaluations of local banks’ AML and sanctions compliance frameworks have been undertaken to prepare for this.

1. Increase of 1.9% as per the IMF World Economic Outlook Database, October 2018, https://www.imf.org/external/pubs/ft/weo/2018/02/weodata/weorept. aspx?sy=2017&ey=2018&scsm=1&ssd=1&sort=country&ds=.&br=1&pr1.x=60&pr1.y=10&c=449&s=NGDP_RPCH&grp=0&a= The waxing crescent of the Islamic financial market is becoming systemically important as the GCC consolidates its position as a globally significant economic hub. The growth of Islamic finance may be sustained by addressing some key points. These include the ‘form over substance’ debate and the need for harmonization of standards. There is a pressing need for greater transparency, more Islamic banking experts, and strengthening the public’s confidence in the Shari’ah compliance of the products and services being offered. With the arrival of a number of new local and international regulations, the scope of the compliance function is broadening, requiring skills that can consider risks facing the banks more holistically. Banks should update their compliance policies and procedures accordingly and ensure that they have implemented a comprehensive monitoring program. Self-evaluation of the board committee’s effectiveness will assist those charged with governance in the bank to formulate a clear plan of action to bring its operations in line with best practice, a process which may be aided by the appointment of an independent facilitator. In conjunction with a strong control environment and robust regulatory procedures, equally vital is management’s approach to corporate culture. To restore or maintain public trust, it is imperative that organizations implement business strategies that place the interests of customers and the integrity of the markets ahead of profit maximization. Finally, as banks internationally now include certain performance measures beyond key financial indicators, sustainability reporting is emerging as an essential consideration within Oman. While there may be some regulatory and policy gaps, banks are beginning to include environmental and social data to exhibit greater responsibility towards their stakeholders. Sustainability disclosures may help banks access new markets, and implement more rounded risk management processes. Stakeholders tend to no longer want their banks to simply exceed their financial targets, but to formulate a canny, forward-looking strategy for the long term.

Oman banking perspectives 2018 5 Performance Total assets highlights (US$ billion) 70.7 76.2

Net profit (US$ billion) 7.3%

884.1 985.9 11.5%

Net impairment charge on loans and advances (US$ billion)

0.20 0.25

Ravikanth Petluri Associate Partner 22.8% T: +968 2 474 9290 E: [email protected] Ravi specializes in IFRS audit and advisory engagements, primarily in Regulatory capital the investment management and (US$ billion) banking sectors. He is a director in the financial services audit department and is registered with DFSA as audit principal. He is currently a part of the 11.2 11.7 IFRS technical group which assists audit teams in addressing complex IFRS and auditing issues. Ravi also leads the 4.0% investment management audit segment of KPMG in the UAE. Ravi has been Cost-to-income consulted as a subject matter expert in ratio (%) various advisory engagements including financial due diligence, process and procedures reviews and development of 58.6% 53.3% a group accounting manual.in the Lower Gulf, Harris spent seven years providing energy and natural resources-related 5.3% advisory services at KPMG in Canada. Capital Adequacy Ratio (%) 16.9%0.1%17.0% Return Return on equity (%) on assets (%)

1.1% 6.6%1.8%8.4% 0.9%0.2%

Liquidity ratio (%) 14.6%4.0% 18.7%

Coverage ratios on loans – by stage (%) 2017 Stage 3 57.7% 56.6%

Total loans subject to ECL– by stage as Stage 2 Stage 1 4.6% 0.5% at 31 December 2018

Stage 1 (%) 76.2%

Stage 2 20.7% Stage 3 3.1% Non-performing loan ratio (%) Key 2.2% 3.1% % 0.9% 2017 Y-o-y improvement 2018 No change Y-o-y deterioration

Oman banking perspectives 2019 7 Innovation and technology

Accelerating and expediting the innovation agenda

In an era where traditional banking methods are gradually being usurped by fintech and digital banking, the industry must remain alert and responsive to technological developments. Umair Hameed explores strategies to enable innovation in the sector.

Most banks and other financial Innovation factors 3. Process for managing innovation: institutions have increasingly been Cognizant of the challenges and Whilst innovation requires some recruiting specialists to spearhead opportunities for banks to enhance unstructured and unconventional innovation as a formal business their innovation capabilities, KPMG thinking, there is nevertheless a discipline. Meanwhile, the financial launched its Digital Village in the need for a structured process to regulators are also assessing the region as an Innovation Centre. Based manage innovation. It is advisable prospects of setting up regulatory on extensive experience of working that banks ensure innovation of sandboxes to encourage the with banks in Oman and other products and services have an development of new and innovative parts of the world, there are some appropriate lifecycle, passing financial products and services. factors that we believe may lead to through the stages of ‘ideation’ accelerating innovation for here: (ideas creation), acceleration Whilst the financial industry harbors (proof of concept), pilot and finally a sincere intent to innovate, it 1. Senior stakeholder commitment: implementation, rather than taking appears there is still some way to While some banks have verbally a haphazard approach. go, before this desire becomes a committed to driving innovation, tangible and visible reality from a they have not always dedicated 4. Proactive collaboration: For customer experience perspective. adequate funds and human innovation to happen, internal resource support for the innovation and external stakeholders Across the financial services team. Most innovation teams ought to be collaborating spectrum, from basic retail and set up by banks are still largely a proactively. Internal turf battles, commercial banking, to wealth one-person show. In the absence apprehensions with approaching management, it is observed that of resources to work with, there the regulator, and limited know- there has generally been a paucity is only so much the lone innovator how on how to truly engage of innovation in the products and can do on their own. customers through the product services being offered in the market. design and delivery life cycle, can 2. Empowerment: Although the Today, digital banking appears to be all hinder the innovation process. Head of Innovation is given more of a ‘renovation’ of the service the responsibility of – and 5. Fear of failure: For organisations delivery channel than true ‘innovation’, accountability for – driving the to excel at innovation, employees a process that has long since innovation agenda, he or she should not have a fear of a failure occurred in other industries such often has limited influence or or retribution. Senior stakeholders as e-commerce. Banking services authority over the different can encourage employees to “try that were accessible at physical ‘siloes’ of customer experience, and eventually succeed” rather branches or websites are now being business development, and digital than not try at all. offered through smart phone apps. In channels, which can further essence, many banks have emulated exacerbate the issue. and replicated what was happening elsewhere, albeit with a time lag, than having truly innovated. 6. Key performance indicators (KPIs) and metrics: Employees tend to “Today, digital perform in line with how they will be measured. Introducing specific banking seems KPIs and metrics that track performance and progress of the innovation agenda, not just of the more of a Head of Innovation, but rather of every single employee in the bank, ‘renovation’ of the could go a long way to making the workforce more conscious of the service delivery need to innovate. 7. One size does not fit all: Innovation channel than true is about solving problems. Just as there are many problems to solve, ‘innovation’.” there are many possible solutions. As problems evolve, the way in which we solve them also ought to evolve. As both FinTech and the proliferation of Islamic financial institutions disrupt the banking industry, the need for banks to rapidly adapt to change, by pioneering and testing new practices, has become more pressing than ever before.

Umair Hameed Partner | Advisory T: +971 5 0658 4486 E: [email protected] Umair is a management consultant with 15 years’ experience advising and collaborating on complex business transformation initiatives across the Middle East, North Africa, South-East Asia, the USA and Europe. He has a particular focus on Financial Services innovation, FinTech and RegTech.

Oman banking perspectives 2019 11 Single digital identity for customers: will it live up to expectations? Across the Gulf Cooperation Council (GCC) region, digital identity is emerging as a key differentiator for customer experience. Sheikh Shadab Nawaz reflects how banks can best take advantage of Customer Identity and Access Management (CIAM) to enhance relationships with their clients.

The future of banking looks to personalized experiences that Protection Regulation (GDPR). be customer centric. As digital reflect their individual security Regulators around the world are transformation has gathered preferences. Mature CIAM enforcing harsher penalties for pace, effective CIAM has become environments enable seamless banks that allow personal data a key business driver within the use of preferred authentication loss and unauthorized use of GCC banking sector. Clients would techniques across different personal data. like to have faster and more channels, with enhanced 5. Protection against cyber frequent access. There are five key contextual security and behavioral frauds: Cyber-attacks and fraud customer needs that make CIAM analytics capabilities. techniques, internationally and a strategic enabler for the Omani 3. Intelligent solutions: Omani in Oman, are increasing in terms banking sector: customers expect faster solutions of sophistication and impact, 1. Ease of digital interactions: to their unique financial needs. adding complexity to the balance Customers expect their banks Through the precept of a single between customer experience and to enable a seamless user digital identity that connects security. Single identity can help experience in terms of onboarding customer relationships across build better oversight and control and authentication across multiple different channels, banks’ by Omani banks over any cyber channels e.g. internet banking, intelligent platforms can offer security breaches by removing mobile banking, call centers, customers the products best the overhead costs of managing automated teller machines, and suited to their financing needs. multiple identities and associated augmented reality interface. Such capabilities may transform access rights. Mature CIAM environments may the competitive landscape within Many benefits enable customers to complete the banking sector. CIAM plays an integral role in identity verification or know-your- 4. Exercise privacy needs: providing a secure interface customer (KYC) processes online, Customers want to exercise between the customer and banking saving Omani banks cost and time their privacy rights – for example, applications through a seamless to maintain an offline KYC process. consent management and customer experience at extreme 2. Personalized experiences: personal data access rights scale and performance, no matter The viability of modern banking – seamlessly across different which channels customers use to institutions relies on their ability banking channels. Legislative engage with the bank. It enables to adapt to shifting customer changes also require Omani banks multiple functionalities to turn mere expectations. Not all expectations to implement robust data privacy customer experience into true are alike, so they are looking for capabilities (e.g. General Data customer engagement, for instance: –– Unified identity – A single identity is used to manage access to Through all channels accounts and preferences across multiple channels. This provides a ‘360-degree view’ of the customer by tracking not only customer identity but also the customer’s relationship within the bank’s ecosystem, such as interfaces with the sales team, business partners and other banking units. Identity –– User registration: An easy to use registration interface spans multiple and access channels, allowing customers to management register once and use services across web, mobile, automated teller machine (ATM), call center or any other emerging channels. Functions of identity For –– –Single sign-on: Users may move between screens and applications seamlessly, without interruption.

–– Advanced authentication: Unified Advanced People... Balancing security requirements identity authentication – Customers with the customer experience – Partners requires advanced authentication – Vendors techniques, e.g. biometrics and – Employees voice recognition, for high risk banking transactions. User Preference –– Preference management: An easy registration management to use interface allows users to manage their account profile and preferences, such as credentials, Devices... notifications, consent, access grants. – Devices associated Single sign Device with people –– Device Profiling: Out-of-band on management validation of customer devices at the time of registration would validate a device that belongs to With governance, an authorized user (separate from policies and standards user authentication).

Oman banking perspectives 2019 13 Unification of functions CIAM involves multiple business Business Security and trust Risk management and risk management functions. functions fuctions Its transformation can be initiated Audit and by business functions to improve Retail assurance the customer experience, or by risk Banking management to address fraud risk, Fraud and Wholesale CIAM forensics cyber risk, or compliance risk. Banking Cyber security Corporate Banking Privacy and compliance Managing headwinds –– Poor user experiences: Legacy By investing in CIAM capabilities, systems are designed primarily Omani banks may elevate their around security for well- digital identity management to established reasons. However, enhance the way they provide value personalized experience is key to to customers. However, there are engage with today’s customers. several challenges to consider: It is not only important to store customer information in a –– Involvement of a wide variety of centralized and secure manner, Sheikh Shadab Nawaz stakeholders: CIAM implementation but also to ensure that this data is Associate Director | Head will involve stakeholders from available for use in real-time in an of Cyber Security, IT Advisory different business units, including optimum manner that serves the T: +971 4 424 8973 legal, compliance, cyber security needs of the customer. E: [email protected] and privacy. The success of CIAM implementation will depend upon –– Lack of scale: Whilst employee, Shadab has thirteen years’ common understanding and clear partner and vendor identities experience in cyber security; expectations amongst all the are generally measured in the information technology (IT) stakeholders of the bank. This thousands, customer identities governance, risk and compliance can be a daunting task for any are often measured in the millions. (GRC); data, software and cloud project manager. Lack of an architecture that can security; and IT Disaster Recovery. deliver performance requirements –– Too many priorities: Involvement He has worked on over 100 complex regardless of the volume, variety or of stakeholders from different technology projects across a number velocity of incoming data streams, areas, background, mindsets and of industry verticals, including may degrade the user experience. viewpoints can lead to multiple and banking and financial institutions; conflicting priorities. Prioritizing –– Security and privacy of personal telecommunications; retail; oil demands at an early stage in data: Customer data often contains & gas; aviation and government. the process is critical to avoiding personal information which is He has been based in the Middle project delays. An essential part of sensitive and subject to a variety East, India and South East Asia. the planning process is drawing a of laws and regulations, both Shadab holds a bachelor’s degree distinction between what people Oman-specific and international. in electrical engineering, a master’s want and the actual outcome that So the CIAM technology that in IT and a post-graduate diploma in is important for the bank, bearing collects and manages this data systems management. His current in mind the constraints of time, is likely to be a major concern research interests focus on security effort and money. for security, compliance, legal, analytics, breach investigation and and audit departments. Thus it cyber insurance. –– Lack of business involvement in the is vital to adequately plan CIAM actual implementation: Business implementation with a defined set stakeholders play a larger role of priorities (use cases) and the at the outset of the process. IT ultimate objectives of an enhanced departments are, however, held customer experience clearly accountable when it comes to delineated. Continuous involvement actual implementation of the CIAM from different stakeholders within solution. The end result may often the bank should be encouraged, be a CIAM solution that does not while concurrently ensuring quite meet the expectations of compliance with security, privacy business users. It is important to and other legal requirements. keep all stakeholders well informed during every stage of development and implementation, so that course corrections can be made as needed. –– Lack of product training: Because “CIAM plays an integral role in providing a CIAM impacts so many aspects of a bank, it is not possible for every affected party to have secure interface between the customer experience working with the platform. If business users are and banking applications through a unable to effectively navigate the CIAM platform, it is unlikely they seamless customer experience.” will want to continue using it on a regular basis.

Oman banking perspectives 2019 15 Regulation and risk

Headwinds as banks prepare for LIBOR transition The phasing out of the London Interbank Offered Rate (LIBOR) will likely trigger an upheaval within the operations of financial institutions globally. Steve Punch addresses how the risks associated with its replacement could be managed.

The transition will most likely change a bank’s market risk profiles, requiring changes to risk models, valuation tools, product design and hedging strategies. In addition, financial institutions which have approval to use their own internal models to calculate regulatory capital for their trading book exposures will also need to consider the interaction between LIBOR transition and the implementation of the Fundamental Review of the Trading Book (FRTB). Determining an action plan Given the degree of uncertainty and complexity, LIBOR transition is likely to be a significant transformation program for banks. In practice, transition planning will require mobilizing a cross- business unit and geography transition LIBOR is currently the reference Risk-free rate benchmarks program clarifying the individual interest rate for millions of contracts In 2017 the UK’s Financial Conduct accountabilities for the steering globally, ranging from syndicated Authority (FCA) announced that committee. The key activities include: loans and retail mortgages to after 2021 it would no longer complex derivative products. persuade or compel panel banks –– Identifying financial exposures and However, LIBOR’s central role in to submit the rates required to defining the approach to transition the financial system appears to be calculate LIBOR. In its stead, there –– Launching RFR-linked products and coming to an end. Following the is now a clear global direction of building RFR volumes 2012 rate-fixing scandals, substantial travel towards alternative risk-free efforts have been made to improve rate benchmarks (RFRs) based on –– Transitioning the back book/legacy trades rate setting. However, significantly actual transactional data. –– Switching off LIBOR processes reduced volumes of interbank The transition from LIBOR to RFRs and infrastructure unsecured term borrowing, could introduce considerable costs which is the basis for LIBOR, is Containing risk and risks for financial institutions if calling into question its ability to A disorderly transition from LIBOR could not managed properly. The proposed continue playing this central role. be detrimental to financial institutions as alternative rates are calculated Consequently, LIBOR is now based well as to the broader market. There is, differently and payments under on less reliable expert judgment, therefore, a strong incentive to identify contracts referencing the new which may inherently be vulnerable and manage delivery risks as early and rates will likely differ from those to manipulation. efficiently as possible to avoid problems referencing LIBOR. in the future. The table shows how this might be done. The process of moving from IBORs Identification of key Potential early mitigants to the new RFRs does not appear potential risks to be straightforward or without risk The broader impact of transition, –– Educating senior stakeholders as uncertainties remain about the including operational issues and about requirements of the practicalities of transition – including existing regulatory rules, may lead transition program whether IBORs will remain in existence to delays. post 2021. LIBOR transition is expected –– Ring-fencing adequate time and to be unlike any other transformation resources in their transition plans program and the risks are significant. to address operational issues Boards would do well to devise and the ways in which LIBOR a planning strategy for individual may be integrated into other banks, as well as the wider financial processes industry. The complexity and scope Financial exposures to LIBOR –– Target reducing LIBOR of the task ahead does not look to continue to grow and lead to exposures and consider ways allow room for complacency or inertia. systemic risk by issuing new in which they can build demand LIBOR-linked contracts. in RFR-linked products over the course of the next few years There are information –– A client communication strategy, asymmetries, inadequate underpinned by rigorous disclosures and conflicts of interest programme controls, is required as moving from legacy products –– Implement segmentation to RFR-linked product give rise to of customers impacted by conduct risk. transition Steve Punch Director | Head of Financial Risk Contractual continuity gives rise –– When identifying financial Management to legal risk as methodologies for exposures, firms should analyze T: +971 4 356 9870 calculating LIBOR and RFRs differ. the contractual language used E: [email protected] LIBOR may become unavailable and the counterparties that will Steve has 25 years’ experience in even though products referencing be affected. The vast majority of Australia, UK, Japan, New Zealand it remain in force. contracts that run beyond the end and Hong Kong. He has worked of 2021 will need to be amended for several blue-chip, international to deal with the permanent investment banks and has also been an discontinuation scenario. independent consultant to a number Insufficient RFR liquidity makes –– Banks should monitor liquidity in of other, large global banks across it difficult to build a curve and both legacy LIBOR and new RFR Finance, Risk and Compliance. Before price products. As the proposed linked products across jurisdictions joining KPMG in 2011, Steve was a alternative rates are mostly and should also assess whether a Director at UBS Investment Bank in overnight rates, derivation of term rate is essential for all parts Hong Kong leading a regional ASPAC term structure for new rates is of the market. initiative covering 16 countries from not defined. However, even if Japan to India to Australia. He has a –– The preferred Alternative RFR for term-adjusted reference rates are particular interest in evolving banking US jurisdictions would be secured produced, payments will still differ regulation as a means to building overnight financing rate (SOFR), from the LIBOR rates, creating stronger banking systems. having the Federal Reserve as the significant valuation differences RFR administrator, while the UK would have the reformed sterling overnight index average (SONIA) with the Bank of England as the “The transition administrator. Accounting implications may result –– Banks should identify their will likely change in de-recognition of contracts LIBOR exposures and or discontinuation of hedge outstanding hedge relationships, banks’ market relationships. consider whether amendment is needed and, if it is, evaluate how risk profiles.” their existing hedges might be affected by it.

Oman banking perspectives 2019 19 Managing operational risk effectively

The hazards of various types of operational risk are wide ranging. Steve Punch takes a look at how bankers and regulators navigate compliance with a new standard, the identification of control weaknesses that leave institutions susceptible to fraud, and the need for stronger governance frameworks.

In recent years, banks globally and Taking notice of this, the Central Due to the inherently qualitative in Oman were occupied by the Bank of Oman (CBO) issued more nature of managing operational risk implementation of IFRS 9. This specific guidelines pertaining to (through implementing a robust tended to dwarf all other competing fraud under Circular BM 1153. This internal control environment coupled priorities for the Risk and Finance is part of a growing trend across with strong process-level controls), teams. Regulators, too, appeared the GCC, with several regulators many banks tend to believe that to be significantly engaged in the recently issuing new rules or refining they are already “best in class” implementation of IFRS 9 and spent existing rules relating to operational with respect to their operational risk considerable time and resources risk and fraud Risk that are in line with framework. Accordingly, regulators reviewing calculated expected international best practice. often see the need to spell out credit loss (ECL) charges under principles, standards and rules for Capital and guidance the new rules. Operational risk has banks to follow. from Central Bank now become a heightened area of Operational risk is often regarded as KPMG’s recent experience working focus for financial institutions as the the most challenging risk for both with several GCC banks on industry wrestles with challenges regulators and banks. The rationale for operational risk initiatives implies arising from cyber threats, third this is that nothing can prevent a bank there may be room for improvement party concerns, trading, conduct and from experiencing a significant adverse in enhancing operational risk culture issues, anti-money laundering event. Ultimately, allocation of Pillar 1 frameworks and how the seven fines and sanctions, stress-testing capital (the regulator’s core measure of operational risk event types (as requirements, and technological a bank’s viability, usually common stock defined by the Basel Committee) are innovations driving greater and disclosed reserves) is designed managed. The event types comprise: opportunities for process automation to at least encourage bank boards and and digitization. –– Internal fraud senior management to discuss how The Basel Committee on Banking best to manage operational risk. –– External fraud Supervision (BCBS) first released In most cases, Pillar 1 capital will likely –– Employment practices and Principles for the BCBS 195, Sound be lower than the loss history for workplace safety Management of Operational Risk nearly all banks. The first reason is that in 2011. A review by the committee –– Clients, products, and ‘boundary events’ tend to get lumped undertaken in 2014 highlighted that business practice 100% under credit risk losses, with banks globally had not sufficiently no allowance for apportionment for –– Damage to physical assets implemented these principles which related operational risk failures involved culminated in an additional BCBS –– Business disruption and in credit losses, such as inappropriate paper, Review of the Principles systems failures models, insufficient monitoring or for the Sound Management of fraud. Secondly, losses resulting from –– Execution, delivery, and process Operational Risk, BCBS 292. operational risk generally tend to be management under-reported, primarily due to the potential consequences and lack of awareness by bank staff. “ Central banks normally include fraud risk reviews in their inspections and Omani banks need to be prepared for this”

Next steps –– Establishing robust operational It seems there is much work for risk dashboards supported by banks to do as they strive toward integrated data and tools to operational risk excellence, including: deliver consistently meaningful reporting to business lines, risk –– Further positioning the operational risk teams, executive management, management framework so that it is and the board. fully aligned with the banks’ strategy and viewed as an enabler of strategic In particular, mitigating internal and Steve Punch change, business performance, and external fraud losses is an area that Director | Head of Financial Risk customer experience is receiving significant focus from Management regulators and banks. The fraud –– Elevating first and second lines of T: +971 4 356 9870 risk regulations laid out by the CBO defense (LOD) involvement and E: [email protected] provide detailed clarity on what results in strengthening risk culture banks should be doing to achieve Steve has 25 years’ experience in –– Enhancing first LOD communication best practice. Some of the key Australia, UK, Japan, New Zealand and escalation of issues outside of areas for banks to focus on are the and Hong Kong. He has worked established risk appetite fraud risk framework, governance, for several blue-chip, international systems, prevention and detection, investment banks and has also been an –– Improving the communication alerts and reporting. Whilst banks independent consultant to a number between the first and second have made some progress on of other, large global banks across LODs on emerging risks and meeting the requirements under the Finance, Risk and Compliance. Before changes to the internal and circular, there is still a long way to go. joining KPMG in 2011, Steve was a external environment Director at UBS Investment Bank in Several Omani banks have already –– Deploying end-to-end process risk Hong Kong leading a regional ASPAC undertaken fraud risk framework assessments across business initiative covering 16 countries from reviews, whilst others are identifying lines and divisions to develop a Japan to India to Australia. He has a material processes susceptible more complete picture of risk, particular interest in evolving banking to fraud and undertaking fraud dependencies, hand-offs, and regulation as a means to building risk assessments. The CBO will redundant controls stronger banking systems. undoubtedly include fraud risk –– Expanding convergence efforts reviews in its inspections in the beyond risk taxonomies and future and banks need to be rating scales to drive increased prepared for them. efficiencies and more effective analysis and management of risk –– Enhancing control testing to create more dynamic and efficient monitoring, escalation and management of exposure

Oman banking perspectives 2019 21 Mitigating financial crime risk

As Oman gears up for the Financial Action Task Force (FATF) Mutual Evaluation, Katerina Pagoni contemplates how banks in Oman can build more robust anti-money laundering and sanctions compliance frameworks, through the effective use of technology.

Financial institutions in Oman may to be turning into an increasingly b) Achieve operating efficiencies soon start preparing for the country’s challenging task, as the cost of through, for example, integration FATF Mutual Evaluation, which has compliance is rising exponentially of intelligent automation and been tentatively scheduled for 2021. with the accelerating pace of innovative technology into the The publication of the results would regulatory change. existing technology infrastructure. be critical for the image and reputation Compliance leaders could explore A step-by-step method of the country’s financial services and leverage new technology The question arises how sector, as the outcome is likely to play capabilities to automate their organizations can simultaneously a profound role in determining the way compliance activities alongside prepare for the FATF evaluators, Oman’s anti-money laundering (AML) similar transformations being meet strategic compliance regime is perceived globally. undertaken by their business objectives, minimize compliance counterparts. For instance, In pursuit of ensuring that the cost and effectively manage financial robotic process automation (RPA) financial services sector is ready crime risk. can assist in retrieving data for when the FATF evaluators arrive, The answer may lie in a three-fold money-laundering investigations it is possible that the Central Bank approach: and scanning public databases of Oman (CBO) may require an for changes to laws, rules and independent evaluation of their a) Prioritize a review of: regulations. Machine learning AML and sanctions-compliance i) the compliance risk assessment may be used to identify risks frameworks similar to that mandated framework, to ensure it covers using public information and by the Central Bank of the UAE. all business areas and enables historical outcomes of previous Having completed the assessments financial institutions to identify investigations. Meanwhile, for multiple financial institutions and adequately prepare for cognitive technology may be used, between 2017 and 2018 in the money-laundering risks. These capable of mimicking aspects of UAE, KPMG gained some insight are continuously evolving with human judgment to, for example, into the AML programs adopted by the entry of new financial interpret transaction activity. financial institutions. Most financial products and players in the c) There should be a greater focus on institutions performed well in terms of competitive market, as well effectiveness by ensuring that key governance, training and assurance, as with Fintech developments risks are clearly understood, and and two areas were highlighted such as digital finance and mitigation measures are designed for potential improvement: risk cryptocurrency and implemented to ensure assessment and monitoring. ii) the monitoring programme in compliance with the regulatory The reality is that compliance order to validate that the annual provisions on AML and sanctions. functions have been striving to compliance plan, transaction strike a balance between ensuring monitoring and know-your- effective management of regulatory customer (KYC) processes address developments and reducing regulatory requirements and are compliance cost. This appears aligned with the firm’s risk profile Clear protocol and canny investment Moreover, in the process of re- assessing their AML regime, financial institutions should not overlook their conduct risk management programme. Money- laundering scandals and the ensuing enforcement actions continue to plague the financial sector. We can therefore expect regulators to remain keenly focused on business ethics and the demonstrable actions taken by financial institutions, both proactively and reactively, to prevent and manage misconduct. In order to be operational and effective, the compliance risk management and conduct risk management programmes should be aligned and governed by clear escalation and reporting protocols. Banks are likely to benefit from compliance-driven investment in technology, systems and innovation that will equip them for fighting increasingly sophisticated financial crime. This should complement business-driven investment in strategic tools that empower sustainable growth and revenue.

Katerina Pagoni Associate Director | Head of Anti- Money Laundering and Sanctions services (Forensics) T: +971 4 424 8979 “The question arises E: [email protected] Katerina has 20 years’ experience how organizations can of working with global financial institutions in: money-laundering simultaneously prepare for the deterrence, sanctions, regulatory compliance and business risk management. Her recent MBA from FATF evaluators, meet strategic Imperial College Business School (London) included a thesis on how compliance objectives, minimize global financial institutions can concurrently be exemplary compliant compliance cost and effectively with no hindrance to organizational entrepreneurship and innovation. manage financial crime risk.”

Oman banking perspectives 2019 23 The future of Islamic finance

The demand for Islamic finance is growing substantially, creating opportunities for experts to enhance industry standards and develop market-leading innovative solutions. Abbas Basrai ponders the steps that need to be taken to retain the momentum of the industry’s expansion.

Islamic financial assets were of standards, more Islamic banking Towards compliance estimated to be valued at USD 2 experts, and reinforcing the public’s External Shari’ah audits can address trillion2 in 2018, and are expected confidence that the products and the last challenge. Compliance with to grow in excess of 30% over services being offered conform to Shari’ah is the backbone of the the next two years, reaching USD Shari’ah principles. These issues global Islamic financial industry and 3.2 trillion by 20203. Some of the are examined below. a unique value proposition offered fastest growing economic hubs by the industry to its stakeholders. include the Gulf Cooperation Council (GCC) region, Indonesia and Turkey. Muslims constitute approximately a quarter of the world’s population4, and are expected to grow to 29.7% by 20505. Research indicates, however, that there is a significant opportunity worldwide to include Muslims in the formal financial system, and Islamic finance is also an attractive alternative for non-Muslims. Islamic finance has become widely accepted in global financial markets with sukuk (Shari’ah-compliant bonds) issuance totaling USD 44.2 billion worldwide in the first half of 20186. Several conventional banks have set up Islamic windows. With significant growth over the last 30 years, Islamic finance is well established as an alternative finance offering in global markets. As the sector matures, however, there are a number of areas requiring attention in order to sustain and accelerate this growth. These can include the ‘form over substance’ debate, the need for increased transparency, a requirement for harmonization

2. https://www.gulf-times.com/story/596054/Islamic-finance-industry-assets-surpass-2tn-mark, 3. https://www.arabianbusiness.com/islamic-finance-assets-forecast-be-worth- 3-2trn-by-2020-641156.html, 4. http://guides.library.cornell.edu/IslamAsiaExhibit/MuslimPopulations, 5. http://www.pewresearch.org/fact-tank/2017/01/31/worlds-muslim- populationmore-widespread-than-you-might-think/, 6. https://www.difc.ae/thebottomline/files/1015/3794/8517/Islamic_Finance_2019.pdf Generally, internal Shari’ah In addition, we understand that only auditors have the task of providing a handful of Islamic banks disclose assurance over whether the financial their profit and loss sharing formulae, institutions’ activities are performed profit equalization reserves, or “Islamic finance in accordance with the rules set by investment risk reserves. The latter the institution’s Shari’ah board. While were created to help smooth the has become this model has provided an additional return on deposits during volatile layer of control, details are not economic conditions and reduce widely accepted typically disclosed to the public. liquidity risk. The Accounting and Auditing If the Islamic finance marketplace is in global financial Organization for Islamic Financial to achieve a measure of global unity Institutions (AAOIFI) and the Islamic as regards its legal framework, the markets with Financial Services Board (IFSB) has standards should be harmonized. already made significant strides in At present, basic transactions, sukuk issuance enhancing standards. Some local including sukuk issuance, can be regulators have implemented more complex and time consuming due robust governance frameworks to a lack of standardized legal and totaling USD 44.2 and several have created a central Shari’ah documentation. This is made Shari’ah authority. A centralized more challenging by the fact that billion worldwide.” model is increasingly being adopted different markets may have different across the industry, with Oman, definitions of what is and is not Bahrain, Malaysia, Indonesia and Shari’ah-compliant. Which means Pakistan having established unified, Shari’ah documentation cannot be government-established Shari’ah easily applied across borders. The boards in recent years. This is a trend process of issuing a sukuk should that is anticipated to spread to other be as straightforward as issuing a jurisdictions, which are likely to learn conventional bond but this is not from one another. usually the case at present. We believe greater Shari’ah Towards innovation governance efforts will be high on the The shortage of Islamic banking Abbas Basrai agenda of regulators as the industry experts and a possible lack of Partner | Financial Services becomes systemically important in innovation have created a gap T: +971 4 403 0484 certain countries. This will in turn in the market for the creation of E: [email protected] increase the credibility of the industry new products that do not have a Abbas is a banking specialist and and boost stakeholder confidence. similar counterpart in conventional focuses on audit and advisory finance. There seems to be a Towards harmonization services within the financial strong imperative for new blood in Increased transparency is likely services sector. He has considerable the industry. Innovation requires to help address the ‘form over experience of working with banks expertise, including dedicated and substance’ debate. In theory, deposit (both conventional and Islamic), well-trained personnel to research holders are entitled to share not only sovereign wealth funds, investment new ideas, their commercial the profits related to the activities and asset management companies application and the development that their deposits finance, but are and private equity funds. He has a of novel concepts. also required to shoulder their burden particular interest and experience of the losses. This principle has Necessity can be the mother of in the accounting, regulatory and likely not been applied consistently invention: a problem may encourage control aspects of banking operations in the past and no Islamic bank has stakeholders to exert every creative (from risk assessments to full transferred any losses to customers effort to solve the problem. The reviews of front office supervision, over the past 30 years7. Nevertheless Muslim world is ready for pioneering product control, treasury, risk and there has been steady progress banking solutions that will fulfil their operations functions), including towards the implementation of this financial requirements while allowing extensive work with regard principle in recent years. An example them to remain true to their religious to derivatives and structured is the Malaysian authorities’ decision values. It is the collective responsibility transactions. Abbas qualified as to make such accounts truly loss of scholars, regulators, bankers and a chartered accountant (ICAEW) absorbent from June 2016vii, giving government legislators to take heed while with KPMG in London. customers the option of choosing of and respond to its needs. between loss-absorbent accounts and non-loss absorbent accounts.

7. https://gulfnews.com/business/banking/governance-structures-of-islamic-finance-needs-fine-tuning-1.1932448 Oman banking perspectives 2019 25 Culture and sustainability

Strengthening governance and internal controls

In an increasingly competitive market, with an ever-changing risk and technological landscape, it is advisable for banks to have mature corporate governance frameworks in place. Harris Matin elaborates on the aspects banks may want to consider while establishing a better internal controls and compliance environment.

Globally, the regulatory environment Keeping pace with Preventing money laundering is becoming more stringent for regulatory changes and terrorism financing financial institutions, and Oman is no Additionally, banks should also revisit With greater international pressure exception. Over the years, the Central their board and board committees’ on the region to counter terrorist Bank of Oman (CBO) has issued (particularly the audit committee) terms funding, the accountability and a number of regulations all in line of reference and agendas. Along with responsibility of compliance with the regulator’s aim to enhance adequacy of coverage, the board and functions has also increased. the governance, risks and controls board committees need to reassess the Traditionally, job descriptions of environment across the banking quality of discussions surrounding internal compliance officers have been sector, and to encourage financial controls, compliance and internal audit. limited to reporting of suspicious institutions to adopt international It is important to determine whether transactions pertaining to anti money leading practices. the board committees have access laundering (AML) and combating to senior management, are asking the financing of terrorism (CFT). Without Regionally, the regulations and right questions and receiving appropriate a complete regulatory repository, standards pertaining to internal information on areas such as the impact skilled compliance personnel and controls, compliance, and internal of new technologies, emerging risks, experienced head of compliance, audit have been subject to risk limits, compliance observations and banks may find themselves development. We have seen several upcoming regulatory changes. This should struggling to cope with an evolving central banks across the GCC move enable the board and board committees regulatory environment. to strengthen the internal control to set the correct tone at the top and take environment of banks in to order to Internal Audit’s traditional role is relevant and timely strategic decisions. meet the changing market conditions also evolving from performance and ensure the soundness and Another key requirement is to have of appraisals to that of a strategic stability of the banking sector. a strong and capable compliance partner to the stakeholders of the function that can keep pace with the bank. The function is required to stay While the regulations do not increasing regulatory obligations. abreast of the emerging risks, rapidly specifically make reference to any Banks should update their compliance changing regulatory requirements internationally recognized frameworks, policies and procedures, streamline and business challenges. elements can closely be aligned to their activities and ensure they have that of the Committee of Sponsoring an effective and comprehensive Organizations of the Treadway monitoring program in place. In order to Commission (COSO). Although most maintain independence and objectivity large banks in the region have defined of this function from the operations internal control processes, they would of the bank, it is important to clearly be well advised to reassess their articulate the dual reporting lines to frameworks by conducting a diagnostic the chief executive and board or board review of their existing target operating committee. The compliance function model, policies and procedures across is also required to be audited by the the three lines of defense. independent internal audit function. Areas subject to assessment Carrying out annual assessments of the internal control framework, compliance function, and internal “Along with adequacy of coverage, the audit function by the board is another area that banks should think about boards need to reassess the quality addressing in the short term. The board of directors/board committees may be well advised to obtain independent of discussions surrounding internal external evaluations of the compliance and internal audit functions. The controls, compliance and internal audit.” potential elements subject to such a review may include the following:

Oman banking perspectives 2019 29 Internal –– Perception: Does Internal Audit meet the expectations of its stakeholders (i.e. Audit committee, Audit executive management, senior management, etc.) by adding value to the bank and enhancing business processes? –– Positioning: Is internal audit independent and objective, and is the function viewed as a valued contributor to the bank’s strategy? –– People and skills: Does Internal Audit have the right people strategy (internal auditing skill sets, relevant qualifications, technical expertise in the core and support functions of the bank – including IT, cyber security, regulatory compliance, risk management) to achieve its objectives? –– Technology: Does the Internal Audit use technology (e.g. testing and filing of work plans)? –– Processes: Are Internal Audit’s processes* efficient, effective, and aligned with the Institute of Internal Auditors (IIA) standards and leading practices? *NB: internal audit processes subject to the review may include the following: –– Does Internal Audit have adequate and approved policies and procedures? –– Is there an annual risk assessment process (in collaboration with Senior Management and the Board)? –– Does the risk based internal audit plan cover potential emerging risks, new projects which are prone to high risks? Does the risk based internal audit plan include an appropriate mix of audits between the core and support functions and consulting engagement? –– Is there sufficient time spent in audit planning? Is the audit scope comprehensive, relevant and appropriate? Does internal audit utilize data analytics in the audit planning phase? –– Are the entrance and exit meetings effective in communicating the purpose, scope and results of the Internal Audit? –– Are audits executed in line with the IIA standards and leading practices? –– Are audit observations clearly, objectively and adequately reported in the Final Internal Audit Report (e.g. was the IA Report clearly understood, well-written, and organized?) –– Are follow up audits conducted regularly and are the results communicated to the Board Audit Committee on a timely manner? Compliance –– Policies and procedures: Does the Compliance function have comprehensive and up-to-date policies and procedures? –– Communication and training: Does Compliance engage in regular and frequent communications and training programs for all of the bank’s key stakeholders (including board and employees)? –– Technology: Does Compliance use technology to support its compliance program (testing, training records, etc.)? –– Compliance monitoring – Does Compliance monitor and track regulatory change on a timely basis? Is a compliance risk assessment conducted to evaluate the residual risks of all regulations? Does it conduct transactional, process and control testing? Is third party and employee compliance due diligence included in Compliance’s monitoring program? –– Issues management and investigations: Does Compliance respond to government investigations/ exams/inspections in an effective and timely manner? Are response plans and processes for investigating alleged non compliance appropriate and formally approved? –– Reporting: Is there periodic reporting to management and the board/board subcommittees on relevant compliance matters? Are all required regulatory reporting submitted completely, accurately, and in a timely manner? –– People and skills: Are the roles and responsibilities pertaining to compliance clearly defined and communicated to all stakeholders? Are performance management and compensation/incentives of those charged with compliance matters in line with the applicable regulatory requirements? Strong self-review processes Another area of importance is annual self-evaluation of board and board committee’s effectiveness. In Oman, the Capital Markets Authority has made it mandatory to conduct a board and board committee self-assessment via its Code of Corporate Governance. With increasing responsibility, it is imperative that the board and board committees measure performance against their set objectives. Rather than being a tick-box exercise, the results of the evaluations should provide actionable plans to improve effectiveness of agendas and discussions. The board may consider appointing an independent facilitator to ensure transparency of the process and unbiased results. The changing regulatory requirements mark a clear shift to a more regulated environment as prevalent in American, European and some Asian financial sectors. Not only should banks ensure compliance with the current regulations but forward looking banks may try to adopt leading practices from developed markets to meet the demands of key stakeholders.

Harris Matin Director T: +968 24 749 244 E: [email protected] Harris is a director within the Advisory (Risk) function with experience in large scale business transformation and assurance projects in the leisure, hospitality, real estate, manufacturing, energy and natural resources sectors. Prior to joining KPMG in the Lower Gulf, Harris spent seven years providing energy and natural resources-related advisory services at KPMG in Canada.

Oman banking perspectives 2019 31 Culture: the root of misconduct?

Culture has moved rapidly up the global agenda of financial institutions in recent years, with increasing interest in Oman. The opportunity to deliver value and improve risk management by paying more attention to culture is significant, argues Kenneth Macfarlane.

The one common thread through the Now some banking regulators, such heart of the business model and myriad of regulatory and innovation as the Dutch Central Bank, have having a social responsibility toward challenges facing the banking sector responded by incorporating culture maintaining market integrity. today is that an adequate response is considerations into their supervisory It embodies the ethics of reciprocity only possible if you have a strong and (oversight) guidance. These (treating others as you yourself positive corporate culture. This goes developments are triggering would wish to be treated) at all points well beyond legalistic conformity to a sea change in governance, of interaction between a firm and detailed rules. Banks also need to risk management, and internal its customers, and between the ask themselves some fundamental audit focus. employees of the firm. This would questions about their desired culture Increasing focus on culture foster an environment that is conducive and values, and how these are The opportunity to deliver value and to timely recognition, escalation, and reflected across their organization – improve risk management through control of emerging risks and risk- and be prepared before regulators more focused attention on culture taking activities that are beyond a firm’s ask them much the same questions. is significant. What is ‘culture’ and risk appetite. A strong and positive It is now widely accepted that a less why does it matter? Culture is the culture can help address some of the than desirable culture was at the intangible that is reflected in the challenges, as shown in the diagram. root of the 2007-2008 global financial choices and behavior of a firm’s Culture is a complex but highly valuable crisis and that the ‘soft stuff’, i.e. poor employees. The values, goals, and asset for organizations operating in leadership, behavior and informal priorities chosen by a firm to define competitive markets such as Oman. norms, can no longer be ignored. ‘business success’ work together It is therefore important to observe, The response by global regulators to create a firm’s culture. ‘Good monitor and change their culture and the business community largely culture’ is marked by specific values over time to support the successful missed the fact that a focus on ‘hard – integrity, trust, and respect for realization of the organization’s vision controls’ is not enough: culture plays a the law – carried out in the spirit and strategic priorities. The focus here significant role. of a fiduciary type duty toward is on the risk culture of a firm and customers. That means keeping related behavior, and not on all other Instances of misconduct, for example the customer’s best interest at the aspects of corporate culture. professional misbehavior, ethical lapses and compliance failure, have also been reported with troubling frequency, many of which have resulted in negative financial impact “Board members and senior management, on customers and markets, with significant monetary and reputational as the leadership of their organizations, costs to financial firms. The underlying reasons for this misconduct lie principally in the underestimation or are directly responsible for establishing ignorance of the role of culture and conduct in any given organization. and maintaining their firms’ culture.” A strong and positive culture can:

Reduce The risk misconduct

Diminish The risk of regulatory scrutiny and the risk of related supervisory action and monetary fines, as well as diminish other potential cost, such as operating or capital charges

Strengthen Asset quality Questioning culture executives, as they look to create Promote Given the current industry the culture of their institutions for Innovation and new challenges, it is the right time for generations to come. Culture change product development Omani banks to ask themselves will take years, perhaps a generation. designed to serve some fundamental questions about Decisions made by banking customers their desired culture and values and executives today have the potential how these are reflected across their to shape the future success of their Attract and Retain organization. In order to set up the institutions. The banking leaders of Highly qualified talent tone of culture within a financial today have a unique opportunity that similary values a institution, we believe that the board to create a cultural framework that strong positive culture members and senior management, will last a lifetime. Only by grasping behavior, and reduce as the leadership of their this opportunity can banks provide counter productive organizations, are directly responsible the basis upon which trust can be behavior and employee for establishing and maintaining their restored and maintained in the turnover firms’ culture. Regulators consider coming years. that to restore or maintain public trust it is imperative that each firm Protect implements business strategies that The life of the brand place the interests of customers (retail, commercial, and wholesale) Enhance and the integrity of the markets A firm’s reputation ahead of profit maximization. with: That is, they must conduct business –– Customers/clients in the ‘right’ way (right price, Kenneth Macfarlane (who perceive the right allocation, right product, Partner in Charge | Oman firm to be looking fair treatment followed by ongoing T: +968 2 474 9649 out for their interets) execution) – doing what they should E: [email protected] rather than what they can. Beyond Kenneth has worked in the Middle –– Employees and this directive, limited regulatory East for over 20 years, and has management (who guidance has been made available been based in Oman, Saudi Arabia have an alliance with and firms are largely responsible for and Bahrain. He was previously the a postive corporate defining their own parameters of a Senior Partner for another Big 4 firm citizen) ‘good culture’. in Oman and Bahrain, and is now –– Shareholders Creating truly sustainable, ethical Partner in Charge for KPMG in Oman. –– Regulators (who cultures may mean in some cases Kenneth’s primary focus is providing perceive the firm to be abandoning policies and practices audit and related accounting services less risky, i.e., more that have served Omani banks well to financial services clients; he also “safe and sound”) in the past. This will require some has extensive experience in advisory tough decisions for banking and compliance engagements.

Oman banking perspectives 2019 33 Environmental and social opportunities

Today, lenders and investors increasingly look for ‘better quality information’ to assist them in making informed decisions, and sustainability is at the top of their agenda. Daniel Gribbin presents the case for detailed, well-regulated sustainability disclosures.

Several factors have contributed to the wealth shifts and investing preferences recent, heightened awareness of the change, environmental, social, and Barriers to sustainable development importance of sustainability and its governance issues will be increasingly Although there has been an increase social, economic and environmental material to corporate valuations.”10 in the dialogue and rhetoric regarding effects – particularly in the banking sustainable finance in the region, the In the Middle East, the Boursa Kuwait sector. The Paris Agreement on climate mobilization of both private sector and Stock Exchange, the Tadawul Stock change and the UN’s sustainable government capital continues to be Exchange (Saudi Arabia), the Qatar development goals (SDGs) have resulted measured. Some of the key barriers Stock Exchange, Abu Dhabi Exchange in a USD12 trillion8 market each year, to sustainable finance include: and Dubai Financial Markets are all now and the potential for USD 90 trillion9 members of the Sustainable Stock – Regulatory and policy gaps investment opportunities before 2030. Exchange Initiative (joining 83 global (including uncertain and Changing investor concerns and stock exchanges globally including inconsistent regulatory/policy increasing engagement in environment the New York Stock Exchange and regimes and differing regulatory and social issues has given rise to London Stock Exchange). This initiative regimes across regions) emerging mandates and legislation. aims to enable peer-to-peer learning – Transfer of knowledge and skills These include: the European Union’s for exploring how stock exchanges from the developed world to the mandatory disclosure on sustainability can enhance transparency and developing world, particularly in performance by the financial services environmental, social and governance the area of project generation sector for large public-interest (ESG) related performance in order to companies and the Financial Stability encourage sustainable investment. – Technology innovation to Board’s Task Force on Climate Related reduce cost (new technology/ So what is the banking sector’s role Financial Disclosures (TCFD). improvements) in supporting the growing space Larry Fink, CEO of Blackrock, one of of sustainable finance, and how is – Challenges of attracting and the world’s largest investors, in his sustainability reporting supporting mobilizing finance/investment 2017 letter to investees stated “As this trend? into emerging economies given the level of inherent risk and risk/reward balances – Challenges and costs associated with relevant small ‘micro’ “Sustainability reporting could also projects and/or the lack of large improve stakeholder engagement, brand scale projects in the region – Need for sound transparent disclosures (most importantly reputation and social license to operate data) to support investment decisions and due diligence for banks, beyond the carbon footprint.” processes, analysis and emerging new valuation methodologies.

8. http://report.businesscommission.org/report, 9. https://newclimateeconomy.net/content/press-release-economic-growth-and-action-climate-change-can-now-be- achievedtogether-finds, 10. https://www.blackrock.com/corporate/investor-relations/larry-fink-ceo-letter 17.http://wam.ae/en/details/1395302732894 The role of sustainability reporting –– New sophisticated in-valuation The lack of disclosure of With credit risk and valuation approaches have emerged, where sustainability data can represent a approaches increasingly shaped banks look to incorporate non- challenge. However this is gradually by environmental, social and financial considerations into being addressed by governments governance-related input, there is a valuations, recognizing that the in the region and stock exchanges. pressing need for better reporting ability to see the whole picture is Christiana Figueres, former and market disclosures. Financial fundamental to valuing a company head, United Nations Framework data alone is no longer sufficient. or asset. Considering sustainability Convention on Climate Change related performance has been found (UNFCCC), said that “Rivers of In the Middle East, banks are to identify potential upsides, ‘alpha’, capital need to flow to assets and only beginning to leverage the where companies manage such projects that are the right ones for available environmental and social issues better than their peers.13 the 2050 world we have to build.”14 data to inform actionable business Organizations would be well advised insight. At the same time, they are –– Sustainability reporting could to include sustainability reporting gradually putting more emphasis on also improve stakeholder within this list of projects, as it can sustainability reporting – though there engagement, brand reputation act as an enabler for sustainable is room for improvement. In KPMG’s and social license to operate for finance and facilitate the promotion 2017 Corporate Responsibility banks. Other stakeholders such of sustainable development. Reporting Survey, of the companies as consumers, governments and Increasingly, investors, employees, surveyed in Oman, only 30 percent non-governmental organizations customers, and other stakeholders of all entities were reporting their (NGOs) are demanding greater are calling for greater focus by sustainability performance.11 transparency and accountability. banks on the long term, as set out In the banking sector, sustainability Going beyond the minimum in KPMG’s ESG strategy, and the reporting may be useful in the Sustainability reporting goes beyond long view – a framework for board following key areas. the carbon footprint and health oversight 2017.15 and safety initiatives. Frameworks –– Sustainability considerations and prescribe that companies should analysis may allow banks to access report on topics that are material to new markets and explore new their company and their stakeholders. client engagement approaches. Financial institutions differ from Examples include the Australian most organizations in that their main New Zealand Banking Group, impact is indirect, through their which announced a sustainable investments or lending portfolios, so finance12 target of USD 7.1 sustainability performance should million, and appointed a head of include both indirect and direct Daniel Gribbin sustainable finance. First Abu effects. Considerations include: Sustainability Services Dhabi Bank issued the only green T: +971442496513 bond in the MENA market in 2017. –– Disclosure of sustainability or E: [email protected] We have also seen banks begin to the environmental, social and introduce ‘green loans’ and SDGs governance (ESG) policy of the bank. Daniel joined KPMG Lower Gulf in social bonds. 2018 as a Senior Manager in the –– Disclosure of the exposure to Sustainability services team as a –– Banks are aiming to implement environment and social risks subject matter expert specializing sound risk-management through lending and investments. in Global Reporting Initiative (GRI) processes, which involves –– Set targets and report on the reporting, strategy implementation aggregating, managing and impact made through lending and development, corporate social integrating sustainability data investment activities. responsibility, health and safety, and and metrics with financial data to environmental management. Daniel help understand and reduce their has extensive industry experience risk exposure. The assessment working in the financial services, of climate risk exposure across minerals and mining, logistics and lending portfolios is an example. consumer manufacturing industries. Article co-authored by Hanife Ymer, KPMG Lower Gulf director as of 8 April 2019.

11. https://assets.kpmg/content/dam/kpmg/xx/pdf/2017/10/kpmg-survey-of-corporate-responsibility-reporting-2017.pdf, 12. http://www.anz. com/resources/4/a/4a92c630-7b83-4db4-bae7-9d5b70864623/2018-cdp-response-full.pdf?MOD=AJPERES, 13. https://assets.kpmg/content/ dam/kpmg/pdf/2015/06/introduction-kpmg-values.pdf, 14. https://docplayer.net/19324808-Green-bonds-financing-the-development-of-low- carbonclimate-resilient-cities.html, 15. https://assets.kpmg/content/dam/kpmg/lu/pdf/lu-en-esg-strategy-framework-for-board-oversight.pdf Oman banking perspectives 2019 35 Key banking indicators

LDR CAR

0% 30% 60% 90% 120% 150% 0% 5% 10% 15% 20% 25%

Ahli 112.7% 16.7% 112.6% 17.5%

Alizz 97.0% 16.7% 94.4% 15.3% 105.9% Dhofar 15.4% 108.0% 17.3%

Muscat 112.3% 18.6% 105.6% 19.2%

Nizwa 106.5% 17.2% 97.9% 16.2%

Sohar 127.8% 16.2% 123.8% 15.0%

HSBC 72.2% 16.9% 72.1% 19.4%

NBO 107.8% 17.3% 114.6% 16.3%

2017 2017 2018 2018

ROE/ROA

12% 11.3% 10.7% 10.7% 10.3% 10.1% 10% 9.5% 9.3% 8.9% 8.9% 8.4% 8.2% 8% 6.0%

6% 5.6%

4% 3.8% 2.9% 2.6%

2% 1.6% 1.5% 1.4% 1.4% 1.3% 1.3% 1.3% 1.2% 1.2% 1.0% 1.0% 0.9% 0.8% 0.6% 0.6% 0.2% 0% Ahli Alizz Dhofar Muscat Nizwa Sohar HSBC NBO

2017 2017 ROE ROA 2018 2018 The ECL numbers presented All the Omani banks mentioned, within this report are on loans and except the National Bank of Oman advances (including financing assets (NBO), report net impairment of for Islamic banks) for the top 8 listed financial assets which includes banks in Oman. recoveries. Recoveries are presented separately in NBO’s statement of profit or loss.

LR Total loans by stage % (2018) vs. NPL % (2017)

0% 10% 20% 30% 40% 80% 90% 100% 1% 2% 3% 4% 5%

Ahli 10.6% 10.0% 89.6% 8.7% 1.7% 1.2% Alizz 10.5% 12.3% 93.5 5.3% 1.2% 0.2% Dhofar 19.0% 35.4% 76.1% 20.2% 3.7% 3.1% Muscat 18.4% 19.8% 71.2% 25.7% 3.1% 2.9% Nizwa 12.7% 13.9% 89.5% 10.5% 0% 0.2% Sohar 11.1% 14.2% 78.0% 18.7% 3.3% 2.3% HSBC 13.4% 23.8% 71.8% 26.3%1.9% 3.8%

NBO 21.4% 20.0% 77.0% 18.2% 4.8% 4.1%

2017 Stage 1 2017 2018 2018 Stage 2 Stage 3

Coverage ratios on loans by stage (2018) vs. NPL coverage ratios (2017)

140% 129.5%

120%

100% 89.2%

80% 72.0% 70.7% 69.1% 64.0%

60% 56.1% 53.5% 53.7% 48.3% 46.6% 42.9%

40% 36.4% 34.1% 33.0%

20% 15.2% 7.7% 6.1% 4.8% 3.8% 4.5% 3.3% 3.7% 3.4% 0.5% 0.5% 0.6% 0.6% 0.2% 0.7% 0.4% 0% 0.4% Ahli Alizz Dhofar Muscat Nizwa Sohar HSBC NBO

Stage 1 2017 2018 Stage 2 Stage 3

Source: KPMG analysis of released figures for the top 10 listed banks Oman banking perspectives 2019 37 Regulatory capital (US$ billion)

0 1 2 3 4 5

0.7 0.1 Ahli 0.9 0.1

0.2 0.0 Alizz 0.2 0.0

1. 4 0.2 Dhofar 1. 7 0.2

4.3 0.4 Muscat 4.6 0.3

0.3 0.0 Nizwa 0.3 0.0

1. 0 0.2 Sohar 1. 0 0.1

0.8 0.0 HSBC 1. 0 0.0

1. 3 0.1 NBO 1. 3 0.1

Tier 1 capital 2017 Tier 2 capital 2017 Tier 1 capital 2018 Tier 2 capital 2018

0.9 FY18

1.1

FY17

10.1

10.8 Tier 1 capital Tier 2 capital Net impairment charge on loans and advances CIR (US$ million)

0 20 40 60 80 100 120 0% 40% 80% 120%

Ahli 9.3 35.3% 1 7. 4 40.8% Alizz 5.4 113.1% 2.1 83.1% Dhofar 30.0 46.5% 12.9 50.5% Muscat 57.1 42.0% 109.5 42.6% Nizwa 5.0 73.3% 5.4 61.5%

Sohar 18.2 45.5% 0.3 45.4 42.2% 64.2% HSBC 14.4 4.5 57.5% 62.8 48.8% NBO 48.5 47.9%

2017 2017 2018 2018

Credit rating

Credit rating S&P Moody’s Fitch agency Long-term Outlook Long-term Outlook Long-term Outlook Bank issuer rating issuer rating issuer rating

Ahli NA NA NA NA BB Stable

Alizz NA NA NA NA NA NA

Dhofar NA NA Ba2 Negative BB Stable

Muscat BB Stable Ba2 Negative BB+ Stable

Nizwa NA NA Ba2 Negative NA NA

Sohar NA NA Ba2 Negative BB Stable

HSBC NA NA Ba2 Negative BB+ Negative

NBO NA NA Ba2 Negative BB Stable

Overall country BB Stable Ba1 Negative BB+ Stable rating

Note: NA = Rating not available on ThompsonOne database, checked on 29 March 2019.Islamic banks have been presented in italics. For source data refer to the data table (page xx-xx) in the Appendix section. Oman banking perspectives 2019 39 Contributors

The information in this report is based on our authors’ in-depth knowledge of Oman’s financial services industry, allied with detailed analysis of banks’ financial performance. The GCC listed banks results report compares the performance of approximately 60 of the GCC’s leading listed banks. A snapshot of those findings is included on pages 36-39. About KPMG

KPMG Lower Gulf Limited provides KPMG Lower Gulf is part of KPMG and Infrastructure are due to participate audit, tax and advisory services International Cooperative’s global in the program, which begins with one- to a broad range of domestic and network of professional member on-one meetings to identify coaching international clients across all sectors firms. The KPMG network includes requirements, followed by individual of business and the economy. We approximately 207,000 professionals development plans for each member. work closely with our clients, assisting in over 153 countries around the KPMG was proud to be an Official them to mitigate risks and highlight world. KPMG in Oman is well Supplier of the Special Olympics World opportunities. Established in 1973, connected with its global member Games Abu Dhabi 2019 and the Official KPMG Lower Gulf now consists of network and combines its local Sponsor of the Global Youth Leadership approximately 1,250 staff members, knowledge with international Summit. We were delighted to including more than 100 partners and expertise, providing the outstanding contribute to the world’s largest directors, across six offices: Muscat, sector and specialist skills required humanitarian sporting event and global Dubai (three), Abu Dhabi and Sharjah. by our clients. KPMG was the first movement. This aligns directly with The KPMG member firm in Oman, along major firm of its kind to organize our values of inspiring confidence and with the member firm in the United Arab itself along industry lines– a empowering change, of inclusion and Emirates, form KPMG Lower Gulf. structure which enabled us to diversity, of passion and purpose. We develop in-depth knowledge of our KPMG is widely represented in the are honored to be associated with clients’ businesses and provide Middle East and also has offices in such a momentous and meaningful them with an informed perspective. Saudi Arabia, Bahrain, Qatar, Egypt, event, and for the opportunity to Kuwait, Jordan and the Lebanon. As In April 2019, KPMG Lower Gulf contribute to making it a life-changing well as having many of the region’s launched the Omani National experience for everyone. leading organizations and government- Development Program, Al Falaj. related entities as its clients, KPMG The initiative aims to provide Omani in the Lower Gulf has been party to employees with mentorship and numerous milestone engagements in career counselling. Approximately 75 the Middle East. employees across Advisory, Audit, Tax

Major global KPMG Focus on quality More than 1250 services offered locally client service professionals

Audit, Tax and Emphasis on communities Commitment to Al Falaj, the Omani Advisory services and the environment National Development Program

Oman banking perspectives 2019 41 KPMG Financial Services

KPMG’s dedicated financial services KPMG has experience in providing practice in Oman offers access to audit and other business services on various key financial marketplaces. a range of risk and financial issues It delivers best practice advice and to local and major multinational recommendations through an up-to banks and insurance companies the minute understanding of the vital operating in Oman. issues facing the local and international financial services industries.

Globally KPMG member firms provide professional services to:

64% 77% 73% 92% of the World’s of the top financial of the financial of the largest 500 largest services companies services companies banking companies banks in the Global 1200 in the Financial Times in the Fortune Global 500 Global 500

Details of all the services we offer can be found on our website: www.home.kpmg.com/om/en/home Contact us

Nader Haffar Emilio Pera Kenneth Macfarlane CEO Partner | Head of Financial Services Partner in Charge | Oman T: +971 4 403 0400 T: +971 4 403 0323 T: +968 2 474 9649 E: [email protected] E: [email protected] E: [email protected]

www.kpmg.com/ae www.kpmg.com/om

Follow us on: kpmg-mesa

@kpmg_lowergulf

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2019 KPMG Lower Gulf Limited, operating in the UAE and Oman, member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. Designed by Creative UAE Publication name: Oman banking perspectives 2019 Publication number: J2250 Publication date: April 2019