UAE banking perspectives 2019 - A digital, regulated and sustainable tomorrow April 2019 - assets.kpmg
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
UAE banking perspectives 2019 A digital, regulated and sustainable tomorrow April 2019 kpmg.com/ae kpmg.com/om
Foreword
Our evaluation of the key financial indicators for the past year
suggests a positive outlook for the banking environment in the UAE,
with promising profit growth that has only slightly been tempered
by the introduction of new accounting standards.
I am pleased to introduce you to the to begin this year, and will trigger an
fourth edition of our annual UAE banking independent review of anti-money
perspectives publication. We examine laundering (AML) and sanctions
pertinent issues and trends affecting compliance rules.
the global banking industry today,
Banks could consider encouraging
with a particular focus on the United
a healthy corporate culture, and
Arab Emirates (UAE). Our subject
practices that are in line with the
matter experts have shared their
sustainability agenda. Strides in
views on key topics, identified the
digital innovation can be exploited
main challenges faced by the banking
to their full potential as traditional
sector and proposed strategies to
banking methods are transformed by
combat these. We are grateful for the
processes like customer identity and
high level of interest generated by
access management (CIAM).
previous editions; in this publication
we elaborate on a broad spectrum This publication complements our
of themes, ranging from effective GCC listed banks results report, which
governance to Islamic finance. sets out some of the key financial
indicators and issues of the day for
In the constant drive for growth,
the banking industry in the region. Emilio Pera
banks would do well to swiftly adapt
On behalf of KPMG Lower Gulf, Partner | Head of Financial Services
to a shifting regulatory and consumer
we look forward to delving deeper T: +971 4 403 0323
landscape. Banks need not, however,
into the topics discussed within this M: +971 56 508 5073
be overtly cautious of venturing into
publication, and exploring how your E: emiliopera@kmpg.com
uncharted territory. Rather, they
organization can make the most of
can pioneer practices and products Emilio leads KPMG’s financial services
the opportunities that lie ahead.
that cater to gaps in the market or practice in the Lower Gulf (the UAE
improve operational efficiency and and Oman). He has worked in the
competitive positioning. financial services industry – both as
a consultant and as a banker – for
Technological innovation and a
almost 30 years and has been based
flourishing demand for Islamic financial
in the UK, the Middle East and Africa.
institutions can disrupt the industry, Emilio Pera
He has led a number of risk, finance
while risk functions must contend with Partner and Head
and credit advisory engagements,
challenges like the replacement of the of Financial Services
including leading governance and
London Interbank Offered Rate (LIBOR).
cost-efficiency reviews. Emilio has
Over the past year, the UAE Central been the lead partner on the external
Bank has issued a range of directives audits of a number of major, bluechip
that clearly signal the UAE’s intent financial institutions in Africa, the
to align with global best practice in UAE. He was a member of the
terms of prudent market regulation IAASB’s ISA540 task group with a
and consumer protection. In addition, focus on revising the standard in
the Financial Action Task Force (FATF) preparation for the audit of IFRS 9.
evaluation of the UAE is expected
Contents
Foreword 2
Executive summary 4
Performance highlights 6
Innovation and technology 8
Accelerating and expediting the innovation agenda 10
Single digital identity for customers: will it live up to expectations? 12
Regulation and risk 16
Headwinds as banks prepare for LIBOR transition 18
Managing operational risk effectively 20
Mitigating financial crime risk 22
The future of Islamic finance 24
Culture and sustainability 26
Strengthening governance and internal controls 28
Cultural diversity in the UAE 32
Environmental and social opportunities 34
Key banking indicators 36
About KPMG 41
UAE banking perspectives 2019 3
Executive summary
A strong focus on innovation, regulatory compliance, rigorous
self review, risk management and creating a fair corporate
culture, will likely stand banks in good stead as they navigate
an evolving banking environment.
While economic growth has been somewhat muted over asymmetries will require a clear client communication
the past year1, the top 10 UAE banks have enjoyed a healthy strategy, and outstanding hedge relationships and other
surge of 11.5% in net profits. This occurred in the wake of agreements may need to be amended. Along with changes
the replacement of IAS 39 with IFRS 9 at the beginning of to valuation tools and risk models, banks would be well
2018. It transformed banks’ approach to the assessment of advised to consider the interaction between LIBOR transition
impairments in their loan portfolios and added another capital and the implementation of the Fundamental Review of the
conservation buffer. Higher current provisions and more Trading Book (FRTB).
stringent Liquidity Coverage Ratio and Net Stable Funding
Operational risk is becoming an increasingly significant
Ratio calculations seem to have led to a spike in the cost of
area of focus. Headwinds may take the form of cyber
liquidity. IFRS 9 adjustments were passed through retained
threats, third-party concerns, trading, conduct and culture
earnings, which in turn triggered an adverse impact on the
issues, anti-money laundering fines and sanctions, or
Capital Adequacy Ratio and Return on Equity. Despite a
stress-testing requirements. In 2018, the Central Bank
promising financial year, financial institutions must contend
of the UAE (CBUAE) published a number of regulations
with an incursion of new regulations and a burgeoning demand
as well as a ‘Standards’ release which stipulates what
for innovative new products and systems to meet consumer
banks should be doing to achieve best practice. It points
demands in a market that is increasingly digitally enabled.
out the main areas for banks to focus on are: governance,
Across the banking sector, companies have embraced identification and assessment, control and mitigation,
innovation teams. However these can suffer from limited business continuity management, information technology
authority, lack of resources, and inadequate support and systems, and reporting.
from senior stakeholders. A structured management
To an extent, a specific subset of risk, financial crime
process, and a more open-minded approach to solving
risk, can be reduced via a step-by-step method. This
problems may help drive the innovation agenda. Improved
would involve reviewing the compliance risk assessment
communication and collaboration between departments
framework and the monitoring program, to validate the
and with regulators will help banks remain agile in the face
annual compliance plan, transaction monitoring and know-
of the gamut of technological advances like fintech.
your-customer procedures. Technological developments
With the advent of the digital revolution, many banks are like machine learning could be leveraged to maximize
turning to customer identity and access management operating efficiencies, and risk mitigation measures
(CIAM) to build stronger relationships with their customers. designed and implemented to ensure compliance with
CIAM’s features facilitate addressing numerous customer the regulatory provisions on AML and sanctions. The UAE
needs, delivering personalized experiences, intelligent is anticipating its Financial Action Task Force (FATF)
solutions, protection against cyber fraud and ease of digital Mutual Evaluation to be held in 2019, and independent
interaction. The success of implementing CIAM, however, evaluations of local banks’ AML and sanctions compliance
will depend on factors like the ability of a vast variety of frameworks have been undertaken to prepare for this.
stakeholders to work together, and how readily users
The waxing crescent of the Islamic financial market is
embrace learning new software.
becoming systemically important as the GCC consolidates its
Meanwhile, risk functions of banks must exercise constant position as a globally significant economic hub. The growth
vigilance to cope with an influx of challenges: the London of Islamic finance may be sustained by addressing some key
Interbank Offered Rate (LIBOR) is being phased out, gradually points. These include the ‘form over substance’ debate and
being replaced with alternatives such as risk-free rate (RFR) the need for harmonization of standards. There is a pressing
benchmarks. There are likely to be operational issues in the need for greater transparency, more Islamic banking experts,
early stages, and banks will need to reduce LIBOR exposures and strengthening the public’s confidence in the Shari’ah
and build demand for RFR-linked products. Information compliance of the products and services being offered.
1. Increase of 1.7% http://wam.ae/en/details/1395302751977
With the arrival of a number of new local and
international regulations, the scope of the compliance
function is broadening, requiring skills that can consider
risks facing the banks more holistically. Internal Audit’s
(IA) role is also becoming wider, with banks required to
publish their IA charter and review it every three years (as
per CB UAE Internal Controls, Compliance and Internal
Audit Standards 161/2018, Article 4.14). Self-evaluation
of the board committee’s effectiveness will assist those
charged with governance in the bank to formulate a
clear plan of action to bring its operations in line with
best practice, a process which may be aided by the
appointment of an independent facilitator.
In conjunction with a strong control environment and
robust regulatory procedures, equally vital is management’s
approach to corporate culture, in particular: power
distance, uncertainty avoidance, individualism versus
collectivism and masculinity versus femininity. The UAE is
home to a colorful mélange of nationalities, with 88.5%2
of its population composed of expatriates. Resolving
differences and having open conversations to build a
respectful and productive environment becomes key in
such an ethnically diverse milieu.
Finally, as banks internationally now include certain
performance measures beyond key financial indicators,
sustainability reporting is emerging as an essential
consideration within the UAE. While there may be some
regulatory and policy gaps, banks are beginning to
include environmental and social data to exhibit greater
responsibility towards their stakeholders. Sustainability
disclosures may help banks access new markets, and
implement more rounded risk management processes.
Stakeholders tend to no longer want their banks to simply
exceed their financial targets, but to formulate a canny,
forward-looking strategy for the long term.
2. https://www.globalmediainsight.com/blog/uae-population-statistics/
UAE banking perspectives 2018 5
Performance
highlights
Total assets
(US$ billion)
578.40 623.82
Net profit
(US$ billion) 7.9%
9.80 10.93
11.5%
Net impairment
charge on loans
and advances
(US$ billion)
3.40 2.96
-12.9%
Regulatory capital
(US$ billion)
79.40 77.05
-3.0%
Cost-to-income
ratio (%)
35.90% 37.47%
1.6%
Capital
Adequacy Ratio
(%)
18.70% 17.33%
-1.4% Return Return
on equity (%) on assets (%)
13.50% 13.70% 1.70% 1.71%
0.2% 0.0%
Liquidity ratio
(%)
33.00% 33.52%
0.5%
Coverage ratios on
loans – by stage
(%)
2017
68.6% Stage 3
61.1%
Total loans subject Stage 2
14.3% Stage 1
to ECL– by stage as 0.9%
at 31 December 2018
Stage 1 (%)
91.8%
Stage 2 Stage 3
5.1% 3.1%
Non-performing
loan ratio
(%)
Key
4.30% 3.13%
%
-1.2% 2017
2018
Y-o-y improvement
No change
Y-o-y deterioration
UAE banking perspectives 2019 7
Innovation and technology
Accelerating and expediting
the innovation agenda
In an era where traditional banking methods are gradually being
usurped by fintech and digital banking, the industry must remain
alert and responsive to technological developments. Umair Hameed
explores strategies to enable innovation in the sector.
Most banks and other financial Opening sometime soon 1. Senior stakeholder commitment:
institutions have increasingly been Even with the ostensibly innovative While some banks have verbally
recruiting specialists to spearhead banking apps that have been committed to driving innovation,
innovation as a formal business launched in the UAE (and in other they have not always dedicated
discipline. At the same time, a countries), many appear to be front- adequate funds and human
number of financial free zone entities end platforms with limited integration resource support for the innovation
such as Abu Dhabi Global Market with the back-office service-delivery team. Most innovation teams
(ADGM) and Dubai International operations. As a customer of one of set up by banks are still largely a
Financial Centre (DIFC) have launched the banks in the UAE, I recently tried one-person show. In the absence
regulatory sandboxes to encourage the to apply for a new savings account of resources to work with, there
development of new and innovative through their mobile app, hoping is only so much the lone innovator
financial products and services. that the process would be a truly can do on their own.
digital one. It was surprising to see
Whilst the financial industry harbors 2. Empowerment: Although the
a screen pop up, requesting me to
a sincere intent to innovate, it Head of Innovation is given
populate my name, contact details
appears there is still some way to the responsibility of – and
etc., all of which the bank already
go, before this desire becomes a accountability for – driving the
had. Upon submission, a message
tangible and visible reality from a innovation agenda, he or she
was displayed proclaiming that a
customer experience perspective. often has limited influence or
bank’s representative would call
authority over the different
Across the financial services me back within two days to discuss
‘siloes’ of customer experience,
spectrum, from basic retail and next steps. The representative
business development, and digital
commercial banking, to wealth never called and instead I ended
channels, which can further
management, it is observed that up going into the branch to get the
exacerbate the issue.
there has generally been a paucity account opened. The process to
of innovation in the products and open the account had not changed in 3. Process for managing innovation:
services being offered in the market. substance: it was only the initiation Whilst innovation requires some
that the bank had ‘innovated’. unstructured and unconventional
Today, digital banking appears to be
thinking, there is nevertheless a
more of a ‘renovation’ of the service Cognizant of the challenges and
need for a structured process to
delivery channel than true ‘innovation’, opportunities for banks to enhance
manage innovation. It is advisable
a process that has long since their innovation capabilities, KPMG
that banks ensure innovation of
occurred in other industries such launched its Digital Village in the UAE
products and services have an
as e-commerce. Banking services as an Innovation Centre. Based on
appropriate lifecycle, passing
that were accessible at physical extensive experience of working with
through the stages of ‘ideation’
branches or websites are now being banks in other parts of the world
(ideas creation), acceleration
offered through smart phone apps. In and in the UAE, there are some
(proof of concept), pilot and finally
essence, many banks have emulated factors that we believe may lead to
implementation, rather than taking
and replicated what was happening accelerating innovation for here:
a haphazard approach.
elsewhere, albeit with a time lag, than
having truly innovated.4. Proactive collaboration: For
innovation to happen, internal and
external stakeholders ought to be
“Today, digital
collaborating proactively. Internal
turf battles, apprehensions with
banking seems
approaching the regulator, and
limited know-how on how to more of a
truly engage customers through
the product design and delivery
Umair Hameed
Partner | Advisory ‘renovation’ of the
life cycle, can all hinder the
innovation process.
T: +971 5 0658 4486
E: uhameed@kpmg.com service delivery
5. Fear of failure: For organisations
to excel at innovation, employees
Umair is a management consultant
with 15 years’ experience advising channel than true
should not have a fear of a failure
or retribution. Senior stakeholders
can encourage employees to “try
and collaborating on complex
business transformation initiatives
across the Middle East, North
‘innovation’.”
and eventually succeed” rather Africa, South-East Asia, the USA and
than not try at all. Europe. He has a particular focus on
6. Key performance indicators (KPIs) Financial Services innovation, FinTech
and metrics: Employees tend to and RegTech.
perform in line with how they will
be measured. Introducing specific
KPIs and metrics that track
performance and progress of the
innovation agenda, not just of the
Head of Innovation, but rather of
every single employee in the bank,
could go a long way to making the
workforce more conscious of the
need to innovate.
7. One size does not fit all:
Innovation is about solving
problems. Just as there are many
problems to solve, there are many
possible solutions. As problems
evolve, the way in which we solve
them also ought to evolve.
As both FinTech and the proliferation
of Islamic financial institutions
disrupt the banking industry, the
need for banks to rapidly adapt to
change, by pioneering and testing
new practices, has become more
pressing than ever before.
UAE banking perspectives 2019 11Single digital identity for
customers: wil it live up
to expectations?
Across the Gulf Cooperation Council (GCC) region, digital identity
is emerging as a key differentiator for customer experience.
Sheikh Shadab Nawaz reflects how banks can best take advantage
of Customer Identity and Access Management (CIAM) to enhance
relationships with their clients.
The future of banking looks to personalized experiences that Protection Regulation (GDPR).
be customer centric. As digital reflect their individual security Regulators around the world are
transformation has gathered pace, preferences. Mature CIAM enforcing harsher penalties for
effective CIAM has become a key environments enable seamless banks that allow personal data
business driver within the United use of preferred authentication loss and unauthorized use of
Arab Emirates (UAE) banking sector. techniques across different personal data.
Clients would like to have faster and channels, with enhanced
5. Protection against cyber
more frequent access. There are contextual security and behavioral
frauds: Cyber-attacks and fraud
five key customer needs that make analytics capabilities.
techniques, internationally and in
CIAM a strategic enabler for the UAE
3. Intelligent solutions: UAE the UAE, are increasing in terms
banking sector:
customers expect faster solutions of sophistication and impact,
1. Ease of digital interactions: to their unique financial needs. adding complexity to the balance
Customers expect their banks Through the precept of a single between customer experience
to enable a seamless user digital identity that connects and security. Single identity
experience in terms of onboarding customer relationships across can help build better oversight
and authentication across multiple different channels, banks’ and control by UAE banks over
channels e.g. internet banking, intelligent platforms can offer any cyber security breaches by
mobile banking, call centers, customers the products best removing the overhead costs of
automated teller machines, and suited to their financing needs. managing multiple identities and
augmented reality interface. Such capabilities may transform associated access rights.
Mature CIAM environments may the competitive landscape within
Many benefits
enable customers to complete the banking sector.
CIAM plays an integral role in
identity verification or know-your-
4. Exercise privacy needs: providing a secure interface
customer (KYC) processes online,
Customers want to exercise between the customer and banking
saving UAE banks cost and time to
their privacy rights – for example, applications through a seamless
maintain an offline KYC process.
consent management and customer experience at extreme
2. Personalized experiences: The personal data access rights scale and performance, no matter
viability of modern banking – seamlessly across different which channels customers use to
institutions relies on their ability banking channels. Legislative engage with the bank. It enables
to adapt to shifting customer changes also require UAE banks multiple functionalities to turn mere
expectations. Not all expectations to implement robust data privacy customer experience into true
are alike, so they are looking for capabilities (e.g. General Data customer engagement, for instance:–– Unified identity – A single identity
is used to manage access to Through all channels
accounts and preferences across
multiple channels. This provides a
‘360-degree view’ of the customer
by tracking not only customer
identity but also the customer’s
relationship within the bank’s
ecosystem, such as interfaces with
the sales team, business partners
and other banking units.
Identity
–– User registration: An easy to use
registration interface spans multiple and access
channels, allowing customers to management
register once and use services
across web, mobile, automated
teller machine (ATM), call center or
any other emerging channels. Functions of identity For
–– Single sign-on: Users may move
between screens and applications
seamlessly, without interruption.
–– Advanced authentication: Unified Advanced People...
Balancing security requirements identity authentication – Customers
with the customer experience – Partners
requires advanced authentication – Vendors
techniques, e.g. biometrics and – Employees
voice recognition, for high risk
banking transactions. User Preference
–– Preference management: An easy to registration management
use interface allows users to manage
their account profile and preferences,
such as credentials, notifications, Devices...
consent, access grants. – Devices associated
Single sign Device with people
–– Device Profiling: Out-of-band
on management
validation of customer devices
at the time of registration would
validate a device that belongs to With governance,
an authorized user (separate from policies and standards
user authentication).
UAE banking perspectives 2019 13Unification of functions
CIAM involves multiple business Business Security and trust Risk management
and risk management functions. functions fuctions
Its transformation can be initiated Audit and
by business functions to improve Retail assurance
the customer experience, or by risk Banking
management to address fraud risk, Fraud and
cyber risk, or compliance risk.
Wholesale CIAM forensics
Banking
Cyber security
Corporate
Banking Privacy and
complianceManaging headwinds –– Poor user experiences: Legacy
By investing in CIAM capabilities, systems are designed primarily
UAE banks may elevate their digital around security for well-
identity management to enhance the established reasons. However,
way they provide value to customers. personalized experience is key to
However, there are several engage with today’s customers.
challenges to consider: It is not only important to store
customer information in a
–– Involvement of a wide variety of
centralized and secure manner, Sheikh Shadab Nawaz
stakeholders: CIAM implementation
but also to ensure that this data is Associate Director | Head
will involve stakeholders from
available for use in real-time in an of Cyber Security, IT Advisory
different business units, including
optimum manner that serves the T: +971 4 424 8973
legal, compliance, cyber security
needs of the customer. E: snawaz1@kpmg.com
and privacy. The success of CIAM
implementation will depend upon –– Lack of scale: Whilst employee,
common understanding and clear partner and vendor identities Shadab has thirteen years’
expectations amongst all the are generally measured in the experience in cyber security;
stakeholders of the bank. This thousands, customer identities information technology (IT)
can be a daunting task for any are often measured in the millions. governance, risk and compliance
project manager. Lack of an architecture that can (GRC); data, software and cloud
deliver performance requirements security; and IT Disaster Recovery.
–– Too many priorities: Involvement He has worked on over 100 complex
regardless of the volume, variety or
of stakeholders from different technology projects across a number
velocity of incoming data streams,
areas, background, mindsets and of industry verticals, including
may degrade the user experience.
viewpoints can lead to multiple and banking and financial institutions;
conflicting priorities. Prioritizing –– Security and privacy of personal telecommunications; retail; oil
demands at an early stage in data: Customer data often contains & gas; aviation and government.
the process is critical to avoiding personal information which is sensitive He has been based in the Middle
project delays. An essential part of and subject to a variety of laws and East, India and South East Asia.
the planning process is drawing a regulations, both UAE-specific and Shadab holds a bachelor’s degree
distinction between what people international. So the CIAM technology in electrical engineering, a master’s
want and the actual outcome that that collects and manages this data in IT and a post-graduate diploma in
is important for the bank, bearing is likely to be a major concern for systems management. His current
in mind the constraints of time, security, compliance, legal and research interests focus on security
effort and money. audit departments. analytics, breach investigation and
–– Lack of business involvement Thus it is vital to adequately plan cyber insurance.
in the actual implementation: CIAM implementation with a defined
Business stakeholders play a larger set of priorities (use cases) and the
role at the outset of the process. ultimate objectives of an enhanced
IT departments are, however, customer experience clearly
held accountable when it comes delineated. Continuous involvement
to actual implementation of the from different stakeholders within
CIAM solution. The end result may the bank should be encouraged,
often be a CIAM solution that does while concurrently ensuring
not quite meet the expectations compliance with security, privacy
of business users. It is important and other legal requirements.
to keep all stakeholders well
informed during every stage of
development and implementation,
so that course corrections can be
made as needed.
–– Lack of product training: Because
“CIAM plays an integral role in providing a
CIAM impacts so many aspects of
a bank, it is not possible for every secure interface between the customer
affected party to have experience
working with the platform. If and banking applications through a
business users are unable to
effectively navigate the CIAM
platform, it is unlikely they will want
seamless customer experience.”
to continue using it on a regular basis.
UAE banking perspectives 2019 15Regulation and risk
Headwinds as banks
prepare for LIBOR transition
The phasing out of the London Interbank Offered Rate (LIBOR) will
likely trigger an upheaval within the operations of financial institutions
globally. Steve Punch addresses how the risks associated with its
replacement could be managed.
The transition will most likely change
a bank’s market risk profiles, requiring
changes to risk models, valuation tools,
product design and hedging strategies.
In addition, financial institutions which
have approval to use their own internal
models to calculate regulatory capital
for their trading book exposures will
also need to consider the interaction
between LIBOR transition and the
implementation of the Fundamental
Review of the Trading Book (FRTB).
Determining an action plan
Given the degree of uncertainty and
complexity, LIBOR transition is likely to
be a significant transformation program
for banks. In practice, transition
planning will require mobilizing a cross-
business unit and geography transition
program clarifying the individual
LIBOR is currently the reference Risk-free rate benchmarks accountabilities for the steering
interest rate for millions of contracts In 2017 the UK’s Financial Conduct committee. The key activities include:
globally, ranging from syndicated Authority (FCA) announced that after
loans and retail mortgages to 2021 it would no longer persuade or –– Identifying financial exposures and
complex derivative products. compel panel banks to submit the defining the approach to transition
However, LIBOR’s central role in rates required to calculate LIBOR. In –– Launching RFR-linked products
the financial system appears to be its stead, there is now a clear global and building RFR volumes
coming to an end. Following the direction of travel towards alternative
2012 rate-fixing scandals, substantial risk-free rate benchmarks (RFRs) –– Transitioning the back book/legacy
efforts have been made to improve based on actual transactional data. trades
rate setting. However, significantly –– Switching off LIBOR processes
The transition from LIBOR to RFRs
reduced volumes of interbank and infrastructure
could introduce considerable costs
unsecured term borrowing,
and risks for financial institutions if Containing risk
which is the basis for LIBOR, is
not managed properly. The proposed A disorderly transition from LIBOR could
calling into question its ability to
alternative rates are calculated be detrimental to financial institutions as
continue playing this central role.
differently and payments under well as to the broader market. There is,
Consequently, LIBOR is now based
contracts referencing the new therefore, a strong incentive to identify
on less reliable expert judgment,
rates will likely differ from those and manage delivery risks as early and
which may inherently be vulnerable
referencing LIBOR. efficiently as possible to avoid problems
to manipulation.
in the future. The table shows how this
might be done.The process of moving from IBORs to
Identification of key Potential early mitigants
the new RFRs does not appear to
potential risks
be straightforward or without risk
The broader impact of transition, –– Educating senior stakeholders as uncertainties remain about the
including operational issues and about requirements of the practicalities of transition – including
existing regulatory rules, may lead transition program whether IBORs will remain in existence
to delays. post 2021. LIBOR transition is expected
–– Ring-fencing adequate time and to be unlike any other transformation
resources in their transition plans program and the risks are significant.
to address operational issues Boards would do well to devise a
and the ways in which LIBOR planning strategy for individual banks,
may be integrated into other as well as the wider financial industry.
processes The complexity and scope of the task
Financial exposures to LIBOR –– Target reducing LIBOR ahead does not look to allow room for
continue to grow and lead to exposures and consider ways complacency or inertia.
systemic risk by issuing new in which they can build demand
LIBOR-linked contracts. in RFR-linked products over the
course of the next few years
There are information –– A client communication strategy,
asymmetries, inadequate underpinned by rigorous program
disclosures and conflicts of interest controls, is required
as moving from legacy products
–– Implement segmentation
to RFR-linked product gives rise to
of customers impacted by
conduct risk. Steve Punch
transition
Director | Head of Financial Risk
Contractual continuity gives rise –– When identifying financial Management
to legal risk as methodologies for exposures, firms should analyze T: +971 4 356 9870
calculating LIBOR and RFRs differ. the contractual language used E: spunch1@kpmg.com
LIBOR may become unavailable and the counterparties that will
Steve has 25 years’ experience in
even though products referencing be affected. The vast majority of
Australia, UK, Japan, New Zealand
it remain in force. contracts that run beyond the end
and Hong Kong. He has worked
of 2021 will need to be amended
for several blue-chip, international
to deal with the permanent
investment banks and has also been an
discontinuation scenario.
independent consultant to a number
Insufficient RFR liquidity makes –– Banks should monitor liquidity in of other, large global banks across
it difficult to build a curve and both legacy LIBOR and new RFR- Finance, Risk and Compliance. Before
price products. As the proposed linked products across jurisdictions joining KPMG in 2011, Steve was a
alternative rates are mostly and should also assess whether a Director at UBS Investment Bank in
overnight rates, derivation of term rate is essential for all parts Hong Kong leading a regional ASPAC
term structure for new rates is of the market. initiative covering 16 countries from
not defined. However, even if Japan to India to Australia. He has a
–– The preferred Alternative RFR particular interest in evolving banking
term-adjusted reference rates are
for US jurisdictions would be regulation as a means to building
produced, payments will still differ
secured overnight financing stronger banking systems.
from the LIBOR rates, creating
rate (SOFR), having the
significant valuation differences
Federal Reserve as the RFR
administrator, while the UK
would have the reformed sterling
“The transition
overnight index average (SONIA)
with the Bank of England as the
administrator.
Accounting implications may result –– Banks should identify their will likely change
in de-recognition of contracts
or discontinuation of hedge
relationships.
LIBOR exposures and
outstanding hedge relationships,
consider whether amendment is
banks’ market
needed and, if it is, evaluate how
their existing hedges might be
risk profiles.”
affected by it.
UAE banking perspectives 2019 19Managing operational
risk effectively
The hazards of various types of operational risk are wide ranging.
Steve Punch takes a look at how bankers and regulators navigate
compliance with a new standard, the identification of control
weaknesses that leave institutions susceptible to fraud, and the
need for stronger governance frameworks.
In recent years, banks globally and Taking notice of this, the Central insufficient monitoring or fraud.
here in the UAE were occupied by Bank of the UAE (CBUAE) issued Secondly, losses resulting from
the implementation of IFRS 9. This draft Operational Risk Standards operational risk generally tend to be
tended to dwarf all other competing and Operational Risk Regulations in under-reported, primarily due to the
priorities for the Risk and Finance 2016. Finalized and issued in August potential consequences and lack of
teams. Regulators, too, appeared 2018 under CBUAE Operational Risk awareness by bank staff.
to be significantly engaged in the Standards and Regulations 163/2018,
The August 2018 regulations laid
implementation of IFRS 9 and spent we are seeing this is as part of
out by the CBUAE are accompanied
considerable time and resources a growing trend across the Gulf
by a separate ‘Standards’ release
reviewing calculated expected Cooperation Council (GCC). Several
which provides additional clarity
credit loss (ECL) charges under regulators have recently issued new
on what banks should be doing
the new rules. Operational risk has rules or are refining existing rules
to achieve best practice. The key
now become a heightened area of relating to operational risk that are in
areas for banks’ attention under
focus for financial institutions as the line with international best practice.
the Operational Risk Standards
industry wrestles with challenges
Capital and guidance are: governance, identification and
arising from cyber threats, third-
from Central Bank assessment, control and mitigation,
party concerns, trading, conduct and
Operational risk is often regarded as business continuity management,
culture issues, anti-money laundering
the most challenging risk for both information technology and systems,
fines and sanctions, stress-testing
regulators and banks. The rationale and reporting.
requirements, and technological
for this is that nothing can prevent a
innovations driving greater Due to the inherently qualitative
bank from experiencing a significant
opportunities for process automation nature of managing operational risk
adverse event. Ultimately, allocation
and digitization. (through implementing a robust
of Pillar 1 capital (the regulator’s
internal control environment coupled
The Basel Committee on Banking core measure of a bank’s viability,
with strong process-level controls),
Supervision (BCBS) first released usually common stock and disclosed
many banks tend to believe that
Principles for the BCBS 195, Sound reserves) is designed to at least
they are already “best in class”
Management of Operational Risk encourage bank boards and senior
with respect to their operational risk
in 2011. A review by the committee management to discuss how best to
framework. Accordingly, regulators
undertaken in 2014 highlighted that manage operational risk.
often see the need to spell out
banks globally had not sufficiently
In most cases, Pillar 1 capital will principles, standards and rules for
implemented these principles which
likely be lower than the loss history banks to follow. The Risk Based
culminated in an additional BCBS
for nearly all banks. The first reason Supervisory approach adopted
paper, Review of the Principles
is that ‘boundary events’ tend to by CBUAE should ensure that a
for the Sound Management of
get lumped 100% under credit spectrum of results are possible
Operational Risk, BCBS 292.
risk losses, with no allowance for when viewing how banks apply the
apportionment for related operational new standards.
risk failures involved in credit losses,
such as inappropriate models,“The transition will likely
change a bank’s market
risk profiles, requiring
changes to risk models,
valuation tools, product
design and hedging
strategies.”
KPMG’s recent experience working –– Elevating first and second lines of
with several GCC banks on operational defense (LOD) involvement and
risk initiatives implies there may be results in strengthening risk culture
room for improvement in enhancing
–– Enhancing first LOD communication
operational risk frameworks and how
and escalation of issues outside of
the seven operational risk event types
established risk appetite
(as defined by the Basel Committee) are
managed. The event types comprise: –– Improving the communication
between the first and second Steve Punch
–– Internal fraud
LODs on emerging risks and Director | Head of Financial Risk
–– External fraud changes to the internal and Management
external environment T: +971 4 356 9870
–– Employment practices and
E: spunch1@kpmg.com
workplace safety –– Deploying end-to-end process risk
assessments across business Steve has 25 years’ experience in
–– Clients, products, and business practice
lines and divisions to develop a Australia, UK, Japan, New Zealand
–– Damage to physical assets more complete picture of risk, and Hong Kong. He has worked
dependencies, hand-offs, and for several blue-chip, international
–– Business disruption and systems failures
redundant controls investment banks and has also been an
–– Execution, delivery, and process independent consultant to a number
–– Expanding convergence efforts
management of other, large global banks across
beyond risk taxonomies and
Finance, Risk and Compliance. Before
In particular, mitigating internal and rating scales to drive increased
joining KPMG in 2011, Steve was a
external fraud losses is an areas that efficiencies and more effective
Director at UBS Investment Bank in
is receiving significant focus from analysis and management of risk
Hong Kong leading a regional ASPAC
regulators and banks. It is observed
–– Enhancing control testing to initiative covering 16 countries from
that several banks are undertaking
create more dynamic and efficient Japan to India to Australia. He has a
fraud risk framework reviews, whilst
monitoring, escalation and particular interest in evolving banking
others are identifying material
management of exposure regulation as a means to building
processes susceptible to fraud and
stronger banking systems.
carrying out fraud risk assessments. –– Establishing robust operational
risk dashboards supported by
Next steps
integrated data and tools to deliver
It seems there is much work for
consistently meaningful reporting to
banks to do as they strive toward
business lines, risk teams, executive
operational risk excellence, including:
management, and the board.
–– Further positioning the operational risk
management framework so that it is
fully aligned with the banks’ strategy
and viewed as an enabler of strategic
change, business performance, and
customer experience
UAE banking perspectives 2019 21Mitigating financial
crime risk
As the UAE gears up for the Financial Action Task Force (FATF) Mutual
Evaluation, Katerina Pagoni contemplates how banks can build more
robust anti-money laundering and sanctions compliance frameworks,
through the effective use of technology.
Financial institutions in the UAE are compliance cost. This appears to ii) the monitoring program in
preparing for the country’s FATF be turning into an increasingly order to validate that the annual
Mutual Evaluation later in 2019. The challenging task, as the cost of compliance plan, transaction
publication of the results would be compliance is rising exponentially monitoring and know-your-
critical for the image and reputation with the accelerating pace of customer (KYC) processes address
of the country’s financial services regulatory change. regulatory requirements and are
sector, as the outcome is likely to play aligned with the firm’s risk profile
A step-by-step method
a profound role in determining the
The question arises how b) Achieve operating efficiencies
way the UAE’s anti-money laundering
organizations can simultaneously through, for example, integration
(AML) regime is perceived globally.
prepare for the FATF evaluators, of intelligent automation and
In pursuit of ensuring that the financial meet strategic compliance innovative technology into the
services sector is ready when the objectives, minimize compliance existing technology infrastructure.
FATF evaluators arrive, the Central cost and effectively manage financial Compliance leaders could explore
Bank of the UAE (CBUAE) mandated crime risk. and leverage new technology
an independent evaluation of their capabilities to automate their
The answer may lie in a three-
AML and sanctions-compliance compliance activities alongside similar
fold approach:
frameworks. First for the national transformations being undertaken
banks in 2017, and subsequently the a) Remediate the areas for by their business counterparts. For
branches of foreign banks and the development identified through instance, robotic process automation
exchange houses in 2018. the recent assessment of the (RPA) can assist in retrieving data
AML program. Hence, in view of for money-laundering investigations
Having completed the assessments
the outcome of the assessments, and scanning public databases
for multiple financial institutions
financial institutions should for changes to laws, rules and
between 2017 and 2018, KPMG
prioritize a review of: regulations. Machine learning may
gained some insight into the AML
be used to identify risks using
programs adopted by financial i) the compliance risk
public information and historical
institutions. Most financial assessment framework
outcomes of previous investigations.
institutions performed well in aimed to ensure it covers all
Meanwhile, cognitive technology
terms of governance, training business areas and enables
may be used, capable of mimicking
and assurance, and two areas them to identify and adequately
aspects of human judgment to, for
were highlighted for potential prepare for money-laundering
example, interpret transaction activity.
improvement: risk assessment risks. These are continuously
and monitoring. evolving with the entry of new c) There should be a greater focus on
financial products and players in effectiveness by ensuring that key
The reality is that Compliance
the competitive market, as well risks are clearly understood, and
functions have been striving to
as with Fintech developments mitigation measures are designed
strike a balance between ensuring
such as digital finance and and implemented to ensure
effective management of regulatory
cryptocurrency compliance with the regulatory
developments and reducing
provisions on AML and sanctions.Clear protocol and
canny investment
Moreover, in the process of re-
assessing their AML regime, financial
institutions should not overlook
their conduct risk management
program. Money-laundering scandals
and the ensuing enforcement
actions continue to plague the
financial sector. We can therefore
expect regulators to remain keenly
focused on business ethics and
the demonstrable actions taken by
financial institutions, both proactively
and reactively, to prevent and
manage misconduct. In order to
be operational and effective, the
compliance risk management and
conduct risk management programs
should be aligned and governed
by clear escalation and reporting
protocols.
Banks are likely to benefit from
compliance-driven investment in
technology, systems and innovation
that will equip them for fighting
increasingly sophisticated financial
crime. This should complement
business-driven investment in
strategic tools that empower
sustainable growth and revenue.
Katerina Pagoni
Associate Director | Head of Anti-
Money Laundering and Sanctions
services (Forensics)
T: +971 4 424 8979 “The question arises
E: kpagoni@kpmg.com
Katerina has 20 years’ experience how organizations can
of working with global financial
institutions in: money-laundering simultaneously prepare for the
deterrence, sanctions, regulatory
compliance and business risk
management. Her recent MBA from
FATF evaluators, meet strategic
Imperial College Business School
(London) included a thesis on how
compliance objectives, minimize
global financial institutions can
concurrently be exemplary compliant compliance cost and effectively
with no hindrance to organizational
entrepreneurship and innovation. manage financial crime risk.”
UAE banking perspectives 2019 23The future of
Islamic finance
The demand for Islamic finance is growing substantially, creating
opportunities for experts to enhance industry standards and
develop market-leading innovative solutions. Abbas Basrai ponders
the steps that need to be taken to retain the momentum of the
industry’s expansion.
Islamic financial assets were estimated requirement for harmonization of Towards compliance
to be valued at USD 2 trillion3 in 2018, standards, more Islamic banking External Shari’ah audits can address
and are expected to grow in excess of experts, and reinforcing the public’s the last challenge. Compliance with
30% over the next two years, reaching confidence that the products and Shari’ah is the backbone of the
USD 3.2 trillion by 20204. Some of services being offered conform to global Islamic financial industry and
the fastest growing economic hubs Shari’ah principles. These issues are a unique value proposition offered
include the Gulf Cooperation Council examined below. by the industry to its stakeholders.
(GCC) region, Indonesia and Turkey.
Muslims constitute approximately a
quarter of the world’s population5, and
are expected to grow to 29.7% by
20506. Research indicates, however,
that there is a significant opportunity
worldwide to include Muslims in the
formal financial system, and Islamic
finance is also an attractive alternative
for non-Muslims.
Islamic finance has become widely
accepted in global financial markets
with sukuk (Shari’ah-compliant
bonds) issuance totaling USD 44.2
billion worldwide in the first half of
20187. Several conventional banks
have set up Islamic windows. The
UAE’s vision is well defined to
establish its position as the global
capital of the Islamic economy.
With significant growth over the
last 30 years, Islamic finance is well
established as an alternative finance
offering in global markets. As the
sector matures, however, there are a
number of areas requiring attention
in order to sustain and accelerate
this growth. These can include the
‘form over substance’ debate, the
need for increased transparency, a
3. https://www.gulf-times.com/story/596054/Islamic-finance-industry-assets-surpass-2tn-mark, 4.https://www.arabianbusiness.com/islamic-finance-assets-forecast-be-worth-3-
2trn-by-2020-641156.html, 5.http://guides.library.cornell.edu/IslamAsiaExhibit/MuslimPopulations, 6.http://www.pewresearch.org/fact-tank/2017/01/31/worlds-muslim-population-
more-widespread-than-you-might-think/, 7.https://www.difc.ae/thebottomline/files/1015/3794/8517/Islamic_Finance_2019.pdf, https://gulfnews.com/business/banking/governance-
structures-of-islamic-finance-needs-fine-tuning-1.1932448, 8. https://gulfnews.com/business/banking/governance-structures-of-islamic-finance-needs-fine-tuning-1.1932448Generally, internal Shari’ah In addition, we understand that only
auditors have the task of providing a handful of Islamic banks disclose
assurance over whether the financial
institutions’ activities are performed
their profit and loss sharing formulae,
profit equalization reserves, or “Islamic finance
in accordance with the rules set by
the institution’s Shari’ah board. While
investment risk reserves. The latter
were created to help smooth the has become
this model has provided an additional
layer of control, details are not
typically disclosed to the public.
return on deposits during volatile
economic conditions and reduce
liquidity risk.
widely accepted
The Accounting and Auditing If the Islamic finance marketplace is in global financial
Organization for Islamic Financial
Institutions (AAOIFI) and the Islamic
Financial Services Board (IFSB) has
to achieve a measure of global unity
as regards its legal framework, the
standards should be harmonized.
markets with
already made significant strides in
enhancing standards. Some local
At present, basic transactions,
including sukuk issuance, can be
sukuk issuance
regulators have implemented more
robust governance frameworks
complex and time consuming due
to a lack of standardized legal and totaling USD 44.2
and several have created a central
Shari’ah authority. A centralized
model is increasingly being adopted
Shari’ah documentation. This is made
more challenging by the fact that
different markets may have different
billion worldwide.”
across the industry, with Oman, definitions of what is and is not
Bahrain, Malaysia, Indonesia and Shari’ah-compliant. Which means
Pakistan having established unified, Shari’ah documentation cannot be
government-established Shari’ah easily applied across borders. The
boards in recent years. This is a trend process of issuing a sukuk should
that is anticipated to spread to other be as straightforward as issuing a
jurisdictions, which are likely to learn conventional bond but this is not
from one another. usually the case at present.
We believe greater Shari’ah Towards innovation
governance efforts will be high on the The shortage of Islamic banking Abbas Basrai
agenda of regulators as the industry experts and a possible lack of Partner | Financial Services
becomes systemically important in innovation have created a gap T: +971 4 403 0484
certain countries. This will in turn in the market for the creation of E: abasrai1@kpmg.com
increase the credibility of the industry new products that do not have a Abbas is a banking specialist and
and boost stakeholder confidence. similar counterpart in conventional focuses on audit and advisory
finance. There seems to be a services within the financial
Towards harmonization
strong imperative for new blood in services sector. He has considerable
Increased transparency is likely
the industry. Innovation requires experience of working with banks
to help address the ‘form over
expertise, including dedicated and (both conventional and Islamic),
substance’ debate. In theory, deposit
well-trained personnel to research sovereign wealth funds, investment
holders are entitled to share not only
new ideas, their commercial and asset management companies
the profits related to the activities
application and the development and private equity funds. He has a
that their deposits finance, but are
of novel concepts. particular interest and experience
also required to shoulder their burden
of the losses. This principle has Necessity can be the mother in the accounting, regulatory and
likely not been applied consistently of invention: a problem may control aspects of banking operations
in the past and no Islamic bank has encourage stakeholders to exert (from risk assessments to full
transferred any losses to customers every creative effort to solve reviews of front office supervision,
over the past 30 years8. Nevertheless the problem. The Muslim world product control, treasury, risk and
there has been steady progress is ready for pioneering banking operations functions), including
towards the implementation of this solutions that will fulfil their extensive work with regard
principle in recent years. An example financial requirements while to derivatives and structured
is the Malaysian authorities’ decision allowing them to remain true to transactions. Abbas qualified as a
to make such accounts truly loss their religious values. It is the chartered accountant (ICAEW) while
absorbent from June 2016vii, giving collective responsibility of scholars, with KPMG in London.
customers the option of choosing regulators, bankers and government
between loss-absorbent accounts legislators to take heed of and
and non-loss absorbent accounts. respond to its needs.
UAE banking perspectives 2019 25Culture and sustainability
Strengthening governance
and internal controls
In an increasingly competitive market, with an ever-changing risk
and technological landscape, it is advisable for banks to have mature
corporate governance frameworks in place. Maryam Zaman elaborates
on aspects banks may want to consider while establishing a better
internal controls and compliance environment.
Globally, the regulatory environment by conducting a diagnostic review of and ensure they have an effective
is becoming more stringent for their existing target operating model, and comprehensive monitoring
financial institutions, and the UAE policies and procedures across the program in place. In order to maintain
is no exception. The Central Bank three lines of defense. independence and objectivity of
of UAE (CBUAE) issued a number this function from the operations of
Keeping pace with
of regulations in the second half the bank, it is important to clearly
regulatory changes
of 2018. These are all in line with articulate the dual reporting lines
Additionally, it is advisable for banks
the regulator’s aim to enhance to the chief executive and board or
to also revisit their board and board
the governance, risks and controls board committee. The Compliance
committees’ (particularly the audit
environment across the banking function is also required to be
committee) terms of reference
sector, and to encourage financial audited by the independent internal
and agendas. Along with adequacy
institutions to adopt international audit function.
of coverage, the board and board
leading practices.
committees need to reassess the Preventing money laundering
The regulations and standards quality of discussions surrounding and terrorism financing
pertaining to internal controls, internal controls, compliance and With greater international pressure
compliance, and internal audit internal audit. It is important to on the region to counter terrorist
issued by CBUAE came into effect determine whether the board funding, the accountability and
in October 2018. Their objective is committees have access to senior responsibility of compliance
to strengthen the internal control management, are asking the right functions has also increased.
environment of banks in order to questions and receiving appropriate Traditionally, job descriptions of
meet the changing market conditions information on areas such as compliance officers were limited to
and ensure the soundness and the impact of new technologies, reporting of suspicious transactions
stability of the banking sector. emerging risks and risk limits, pertaining to anti-money laundering
compliance observations and (AML) and combating the financing
While the regulation does not
upcoming regulatory changes. This of terrorism (CFT). Now their duties
specifically mention any internationally
could help enable the board and have broadened to include bi-annual
recognized frameworks, the five
board committees to set the correct assessments of and reporting on
elements of the internal control
tone at the top and take relevant and AML and CFT frameworks, as well as
framework it has defined is closely
timely strategic decisions. operational review for identification
aligned to that of the Committee
of money laundering and terrorist-
of Sponsoring Organizations of the Another key requirement is to have
financing activities. Without a
Treadway Commission (COSO). a strong and capable compliance
complete regulatory repository,
Although most large banks in the function that can keep pace with the
skilled compliance personnel and
UAE have defined internal control increasing regulatory obligations.
an experienced head of compliance,
processes, they would be well Banks are also advised to update
banks may find themselves
advised to reassess their frameworks their compliance policies and
struggling to cope with the new
procedures, streamline their activities
regulatory environment.You can also read
