Archive for the ‘Security and Compliance’ category

Central Bank of Kuwait -Euromoney conference 2014

September 9th, 2014

A speech delivered by H.E. the Governor of the Central Bank of Kuwait (CBK), Dr. Mohammad Y. Al-Hashel in Euromoney Conference held in the State of Kuwait, September 9th 2014. The Speech can be found in both English and in Arabic

The speech outlines the role of the Central Bank as a regulatory capacity and the considerable progress towards adoption of Basel lll in Kuwait. It also addressed the real estate sector finance regulation and prudential risk

From the closing remarks:
“Finally, I observe that the global banking and financial industry is witnessing
a new era of structural and regulatory reform aimed at strengthening
monetary and financial stability and in the long run establishing overall
economic stability. Therefore, we, the regulatory authorities and banking
and financial units, should derive benefits from such reforms by adopting
the correct approach in developing our banking and financial systems in
view of the regional and international experiences, as well as implementing
the best international practices taking into consideration the vital role of
banks in the national economy and their deep relations with the society. ”

Home depot- biggest credit card breach ever?

September 5th, 2014

Home Depot may have earned the dubious distinction of being responsible for the biggest compromise ever involving credit and debit card data.

Security blogger Brian Krebs, whoreported the data breach Tuesday, updated his report yesterday with new information gathered from the cyber underground. According to Krebs, the data strongly suggests that a breach occurred at nearly all of Home Depot’s 2,200 stores in the U.S.

Krebs based his conclusion on a review of stolen credit and debit card data posted on an online store that sells such information. The site lists each card, along with the city, state and ZIP code of the card owner, as well as the store code where the data was stolen.
Several companies have reported data breaches in recent days, including grocery chain Supervalu, UPS Stores Inc. and Dairy Queen.

The breaches have highlighted escalating concerns over a point of sale (PoS) system malware tool dubbed “Backoff” that was used in the massive data heists at Target and others like Neiman Marcus and P.F. Chang’s.

According to federal law enforcement authorities, Backoff has infected PoS systems at around 1,000 retailers. Security firm Kaspersky Labs, which conducted its own research of the malware, believes the number could be much higher.

Basel III and Islamic Banks -ask Synergy Software Systems

September 4th, 2014

The tough Basel III regulatory standards, also pose questions for Islamic lenders that could prove expensive:
- Will regulators treat their deposit the same way?
- How will this affect banks with separate Islamic branches.?

Islamic finance frowns on monetary speculation, so their balance sheets are largely clear of the derivatives and complex, risky assets that surfaced in other banks during the global financial crisis. These factors were reported for example last month in However, the issues are wider than the balancde shet.

Interest payments are not allowed by sharia principles, so Islamic banks obtain deposits mostly through profit-sharing investment accounts (PSIAs), which are generally considered to be more volatile than conventional deposits. So Islamic banks are expected to be required to offset that volatility under Basel III by increasing the amount of high-quality liquid assets (HQLAs) that they hold.

This is easier said than done. Islamic securities markets are relatively immature , than conventional markets, so sharia-compliant HQLAs are in short supply –

Islamic commercial banks held about $1.2 trillion worth of assets at the end of last year, according to a study by Thomson Reuters. Those banks account for roughly a quarter of deposits in Gulf Arab countries and over a fifth in Malaysia.

Basel III requires banks to hold enough HQLAs to cover net cash outflows for a 30-day period under a high-stress scenario. Outflows are calculated by applying different weights to funding sources, including PSIAs. The riskier the funding source, the larger the amount of HQLAs needed to cover it.

With the exception of Malaysia and Bahrain, few central banks actively issue instruments which qualify as HQLAs.. Government-issued sukuk qualify, but most sovereign sukuk are either not listed on developed markets or are not actively traded, making those very hard for Islamic banks to obtain. This contrasts with conventional banks’ access to huge markets in high-quality government debt such as U.S. Treasuries and German Bunds. Alternatives such as the short-term sukuk issued by the Malaysia-based International Islamic Liquidity Management Corp, which was established to promote a cross-border market in Islamic instruments, remain small compared with the overall size of the industry..

Much depends on the weightage or “run-off rates” that national regulators who will implement Basel III in their own jurisdictions, choose to assign to PSIAs.

Regulators are keen to develop their Islamic banking sectors, so are unlikely to assign punitive weights. However, they may not be able to treat PSIAs as benignly as conventional bank deposits. For instance, PSIAs held by Islamic banks tend to have relatively short maturities..

The uncertainty looks unlikely to be cleared up at least before next year, when the Malaysia-based Islamic Financial Services Board (IFSB), a global standard-setting body, is expected to release a guidance note on the subject.

The note will deal with issues such as the contractual rights of depositors, for example whether they can withdraw money in fewer than 30 days without a significant penalty, said a source familiar with the IFSB’s deliberations.

Malaysia’s central bank has issued some guidance on PSIAs, saying it will classify them as two types: general PSIAs, broadly equivalent to conventional retail deposits, and specific or restricted PSIAs, deemed similar to managed investment accounts. It has given Islamic banks a two-year transition period to differentiate between those types. Yet while the central bank has already spelled out ratios and weights for Basel III capital adequacy rules, it has not yet announced run-off rates or HQLA requirements for PSIAs.

Basel III says national regulators around the world could assign run-off rates of 3 per cent or higher to stable, conventional bank deposits, and as much as 10 per cent to less stable deposits, according to S&P. Islamic banks may end up being assigned numbers within that range; given the size of the deposits at stake, a variation of several percentage points will make a big difference to how much HQLAs the banks are forced to hold.

The PSIA issue may increase pressure on central banks and governments to address longstanding problems in Islamic finance.

As part of its efforts to develop as an Islamic financial centre, Dubai is actively trying to list sukuk on its exchanges and encouraging its state-linked firms to issue trade-able sukuks, but it may be years before supply begins to meet demand.

Another problem is deposit insurance. For bank deposits to be deemed stable they need to be protected by an insurance scheme, but sharia-compliant schemes are rare, partly because government support for domestic banks is considered implicit in many Gulf countries.

Bahrain introduced Islamic deposit insurance in 1993.

In May this year, Qatar said it would develop an Islamic deposit insurance scheme.

In June, Bangladesh said Islamic deposits would be covered under an existing scheme managed by the central bank.

The first sukuk to have claimed to be in compliance with Basel III requirements was issued in November 2012 by Abu Dhabi Islamic Bank (ADIB). The issuance was worth USD1bln and classified as AT1 capital requirements. This issuance generated an overwhelming response with an order book of USD15.5bln (more than 30 times over-subscribed on the initial benchmark size), and carries
a profit rate of 6.375%, the lowest ever coupon for an instrument of this type. This supports proposition that sukuk issuers have an opportunity to tap into the Basel III-compliant sukuk market.

The Islamic Financial Services Board (IFSB) released draft guidelines on capital adequacy for Islamic banks in November 2012 which clarifies the use of sukuk as additional capital. As per the IFSB Exposure Draft 15, sukuk issued against assets owned by an Islamic bank may be used by that bank as additional capital to meet regulatory minimum requirements. The minimum maturity of the sukuk is five years and it should not have step-up features, such as periodic increases in the rate of return, giving an incentive for the issuer to redeem it.

Over the past two years three UAE based Islamic banks such as Abu Dhabi Islamic Bank, Dubai Islamic Bank and Al Hilal Bank have opted for Tier 1 sukuk issuance totalling $2.5 billion. Issuers of these sukuk say that they qualify as Additional Tier 1 (AT1) capital under Basel III.

The ADIB USD1bln sukuk was based on the contract of Mudharabah and is classified as equity, which therefore does not include principal loss absorption or equity conversion features. Periodic distributions are fully discretionary and non-cumulative. The sukuk is unrated, but will be included in Fitch-eligible capital with a 50% equity credit. It has no maturity date while ADIB can choose to repay the sukuk on certain dates from 2018 if it wishes.

This has significant implications in particular for regional banks that deal with both conventional and Islamic finance. They will have to establish processes to ensure
that the two sets of rules are implemented across two divisions simultaneously. For those banks already specialising in either conventional or Islamic finance,
the impact is no less significant. They will have to comply with new regulatory measures around their liquidity ratios. They will also have to implement strategies for stress testing that allow for complex data to be analysed in order to demonstrate compliance with the Relevant Central Bank’ Basel III directives.

These requirements call for considerable technology change at many banks to ensure that the required financial and risk data can be accurately gathered, cleansed, analysed and reported to board members and the regulator in the
formats required.

Meeting the regulations as they are currently shaped, for Basel III is not a one-time compliance exercise. The requirements will evolve and banks will benefit from taking a long-term view of regulatory compliance. This means developing a framework for implementing consistent compliance practices and implementing a regulatory reporting framework with in-built enterprise-wide risk management tools to ensure ongoing compliance.

Basel 111 – and money laundering

August 24th, 2014

Basel III is proceeding globally, with tangible differences evident between jurisdictions such as pace of adoption, the degrees of strict compliance to the Basel Committee guidance, and the resulting technical infrastructure challenges banks face. Some countries in the Middle East have accelerated
capital deduction phase-in periods or changed limited deductions to
full deductions.

Basel III largely focuses on the liability side of the balance sheet, and modifies requirements for both the quantity and the quality of loss-absorbing capital.

There new requirements for a leverage ratio, and for liquidity and stable funding requirements (a short-term 30-day liquidity coverage ratio and a 1-year
net stable funding ratio). Basel III requires more high-quality common equity Tier 1 (CET1) capital relative to total Tier 1 and Tier 2 capital, and adds a number of capital buffers which can only be met with CET1 capital. These buffers are above regulatory minimums that range from an additional 2.5% of risk-weighted assets up to 8.5%, and even higher in some regions. Basel III recommends an additional loss-absorbing buffer for global and domestic systemically important banks, which can range up to 3.5% – and depend on a bank’s cross-jurisdictional activity (only for G-SIBs), size, interconnectedness, substitutability, and complexity.

In the EU the Capital Requirements Directive (CRD IV) which relates to Basel
III creates an additional buffer known as a systemic risk buffer, which is applied to the whole financial sector, and subsets of it, to prevent and to mitigate long-term non-cyclical systemic and macro-prudential risks. EU member states can apply systemic risk buffers of 1% – 3% for all exposures, and up to 5% for domestic exposures, without having to seek prior approval from the European Commission. 6 For banks subject to both a systemically important bank buffer and the
systemic risk buffer, the higher of the two will apply, but if the systemic risk buffer applies to domestic exposures only, they will be combined. Expect similar legislation to follow in this region at some point in the not too distant future.

The Basel III framework includes revisions to risk-weighted assets (RWAs) related to counterparty credit risk, including the treatment of “wrong-way” risk.

Globally,jurisdictions look to be implementing the minimum capital
requirements according to the BCBS schedule (by 2015) or even more
rapidly, with a faster phase-in for some of the largest banks. Many regions will adopt the BCBS phase-in schedule (which begins in 2016), but some Middle Eastern countries may require faster compliance.

The Islamic Financial Services Board’s (IFSB) revised capital requirements for Bassel III could help strengthen the Islamic finance industry, according to a recent Standard & Poor’s Ratings Services report. The report titled ‘Basel III Offers An Opportunity For Islamic Banks To Strengthen Their Capitalization And Liquidity Management,” sets out how Islamic banks will implement Basel III.

A liquidity coverage ratio might address some of the industry’s long-standing weaknesses, particularly the lack of high quality liquid assets (HQLA), said the report. The implementation of Basel III will also test the treatment of profit sharing investment accounts (PSIAs) from liquidity and funding perspective.
PSIA holders are, in theory, obliged to share any losses, but this could increase their volatility and liquidity coverage requirements and reduce their role as stable funding sources, The IFSB is likely to release its guidance note on the parameters and calculation of the liquidity coverage ratio and net stable funding ratio in early 2015.

The $300 million settlement between Standard Chartered (SC) and the New York Department of Financial Services (DFS), announced on 19 August, again highlights operational and regulatory risks for the bank, says Fitch Ratings.
The New York Department of Financial Services (DFS) said the British bank’s internal compliance systems had failed to detect or act on a large number of “potentially high-risk transactions” mostly originating from Hong Kong and the United Arab Emirates. Banking group Standard Chartered is liable to legal action in the UAE after it agreed to close some customers’ UAE accounts in an anti-money laundering settlement with US regulators, the UAE central bank said “because of the material and moral damage which is falling on them”
‘The new punishment came two years after the bank paid US regulators US$667 million to settle charges it violated US sanctions by handling thousands of money transactions involving Iran, Myanmar, Libya and Sudan.

In 2011 Dubai-based Noor Islamic Bank, since re-named Noor Bank, halted a business in which it channelled billions of dollars from Iranian oil sales through its accounts, as Washington stepped up sanctions over Iran’s disputed nuclear plans.

In May last year, the UAE revoked the licences of two local money exchange companies for non-compliance with regulations including rules against money laundering.

Last month The Basel Committee on Banking Supervision last week proposed standards on money laundering risks, which require banks to include AML within their firm-wide risk management process. “Basel’s commitment to AML is fully aligned with its mandate to strengthen the regulation, supervision and practices of banks worldwide, with the purpose of enhancing financial stability,” the committee stated on issuing the proposal for consultation.

AML is a new area for Basel, which usually deals with prudential standards such as the Basel III capital rules. Its efforts are in addition to those of the Financial Action Task Force (FATF), which issued global AML standards in 2012 and a flurry of practice guidelines last week. Basel supports individual country implementation of FATF standards, and views their proposed standards as supplemental to these, including cross-references back to these in its text.

In Iraq last year political and economic Iraqi circles confirmed the presence of extensive money-laundering operations. Weak monitoring systems and political conflicts of interest, were reasons advanced that prevented the exposure of these operations. Ahmad al-Jabouri, a member of the Integrity Committee in the Iraqi parliament, said in a statement that the amount of money subject to laundering operations are around “20% of Iraq’s investment budget.” Iraq’s 2013 general budget is more than $115 billion, $46 billion of which are investment expenditures. According to Jabouri, money-laundering operations make up $9 billion per year

Basel III in Oman

August 18th, 2014

Oman is not yet one of the 27 national members of the BCBS.

However, the CBO has called upon Omani banks to comply with Basel III standards and issued guidelines on how to implement compliance to this standard which started phasing in from January 2013 and will continue until December 2018,- line with the global timeline set out in Basel III for the implementation of its reforms.

Will Basel III work in Oman, particularly with regards to Islamic financing? It seems so! HE Hamood Sangour Al-Zadjali, Executive President of the CBO, in an interview for the Oman Economic Review in April 2014, discussed Oman’s compliance with international best banking practices and stated:

“We have prescribed minimum regulatory capital for banks at 12 per cent of risk-weighted assets, much higher than that prescribed by the Basel norms. Moreover, the actual capital adequacy ratio is much higher at around 16 per cent. The CBO is well ahead in the implementation of Basel III framework, issued in November 2013. Some of the main features of these final guidelines prescribed by the CBO include: minimum common equity tier 1 ratio has been prescribed at seven per cent of risk weighted assets, while minimum Tier 1 capital ratio has been prescribed at nine per cent of risk weighted assets and the minimum total capital adequacy ratio has been prescribed at 12 per cent of risk weighted assets. All these norms … are in line with the international best practices prescribed by the Basel III.”

IMF staff reports U.A.E. – Basel 111 article 1V consultation

August 12th, 2014

The IMF published a staff report and a selected issues report last month for the 2014 Article IV Consultation with the United Arab Emirates. The IMF reveals that the authorities have stepped up the implementation of Basel III. They :

» Plan to phase in Basel III capital and liquidity standards over 2015–19

» To consult with banks about technical issues such as the definition of high-quality liquid assets, and a simple liquidity rule for smaller banks

Directors took note of the ample liquidity and capital buffers in the banking sector. They:

» Welcomed the recently introduced loan concentration limits

» Encouraged the development of domestic debt markets, which would support banks’ liquidity management in preparation for the introduction of the Basel III liquidity framework

Also see this IMF document:
This Staff Report was completed on June 11, 2014 and contains

- An Informational Annex prepared by the IMF.
- A Press Release summarizing the views of the Executive Board as expressed during its
June 26, 2014 discussion of the staff report that concluded the Article IV consultation.
– A Statement by the Executive Director for the United Arab Emirates.

Last month the Central Bank of the U.A.E. announced that the ratio of Emirati employees working at the Bank reached 64% at the end of the first half of 2014. The ratio of Emiratisation by job categories reached 100% within the leadership and Supervisory category, 71 % within the executive category and 44% within the specialised/technical category.

The Central Bank’s management has developed specialised training programmes to improve performance of staff, particularly national employees, in collaboration with leading international training institutions.

Meanwhile, the ratio of Emiratisation at national banks reached 34%, and 21% at non-national banks, with a total Emiratisation ratio of 32%. The Central Bank emphasises on all occasions the need for raising the ratio of Emiratisation in banking and other financial institutions in the U.A.E. and supports the call through its regulations issued in this regard.

Brisbane G20 – FSB – Central Banks and GLAC

August 6th, 2014

The FSB chairman and Bank of England Gov. Mark Carney sent a letter to G20 Finance Ministers and Central Bank Governors On 4 April 2014 about their plans for the November 2014 G20 summit to be held in Brisbane in November this year.

The letter summarises the priorities for completing reforms by the G20 summit in Brisbane. These are:
- ending too-big-to-fail
- transforming shadow banking
- making derivatives markets safer

Making resolution work in Europe and beyond – the case for going concern loss absorbing capacity was the subject of a recent speech given by Andrew Gracie, Executive Director, Resolution, Bank of England at the Bruegel breakfast panel event, Brussels Thursday 17 July 2014 . see

Some more unusually clear source of information on this topic Basel Committee Post Crisis Reform: “Finishing the job!” /em>
Laurent Clerc Director Financial Stability Banque de France

and this presentation:
The FSB Key Attributes of Effective Resolution Regimes Bail-in Framework by Ruth Walters

The problem of ‘too big too fail’ of course was discussed as long back as Cannes in 2011.
The FSB will publish a consultation on ‘gone-concern loss-absorbing capacity’ (GLAC), to assess the capacity of G-SIFIs to absorb losses when they fail. The FSB will be seeking agreement at the Brisbane Summit on three issues:
- the criteria that liabilities should meet to be considered as GLAC
- the appropriate amount of GLAC banks should hold
- where this should be held in the banks’ group structure.

An open issue is whether GLAC should be based on risk-weighted assets or on a non-risk-weighted measure. Thee is merit in both approaches. Using a risk-weighted approach would be coherent with Basel III capital requirements; but from an EU perspective, a non-risk weighted concept would be preferable, because this would be compatible with the resolution regime envisaged by the EU’s directive on bank recovery and resolution.

Big firms that straddle national borders present additional problems for regulators:
- Who exactly should take the hit when things go wrong?
- Which regulator should take the lead in sorting it out?
- What happens when different regulators disagree over what to do?
- Whose laws are applied when things go awry?

On the resolution of cross-border banks, the letter states that this must be supported by contractual or statutory approaches for cross-border recognition of resolution actions, including temporary stays on close-out and cross-default rights in financial contracts when a firm enters resolution, and bail-in of debt issued under foreign law. Mike Callaghan, programme director of the G20 Studies Centre at the Lowy think-tank in Sydney, Australia, says “that n agreement on resolving complex, cross-border institutions would be “pretty difficult to achieve by Brisbane”.

The FSB’s agenda will also tackle “shadow banking,” where non-regulated firms act much like banks and could pose a risk to the financial system.

FSB members are divided about the amounts of “bail-inable” debt that should be carried, and the form it should take, Japan officials argue that forcing banks to issue a single type of bail-inable bond ignores the fact that its own sector is heavily deposit-funded. Tokyo has already overhauled its resolution regime, and is not eager to do it again. France, too, seems reluctant to add new requirements for bail-inable debt on top of newly introduced EU-specific resolution rules. China ‘s state-owned banking sector seems clear that public money will be used in a crisis, and would see bail-in as a foreign concept. There is also debate about whether any surplus equity that banks are holding should be counted towards GLAC. Some Asian countries argue for this.

The proposals are likely to forward a numerical range for GLAC coupled with a second “pillar”, leaving considerable discretion to the national regulator when dealing with individual institutions.

The new framework will be applied to the list of 29 G-SIFIs after the consultation is completed and a ‘comprehensive’ impact assessment is

EBA Implementing Technical Standards (ITS)

July 8th, 2014

The European Banking Authority (EBA) today published an XBRL taxonomy to be used by competent authorities for remittance of data under the EBA Implementing Technical Standards (ITS) on supervisory reporting. \

It presents the data items, business concepts, relations, visualisations and validation rules described by the EBA Data Point Model (DPM) contained in the ITS on supervisory reporting, including the amendments relating to asset encumbrance, forbearance and non-performing exposures.

The reference date is as of 30 September 2014 onwards and it includes the first reports under FINREP.

The taxonomy defines a representation for data collection under the reporting requirements related to own funds, financial information, losses stemming from: lending collateralised by immovable property, large exposures, leverage ratio, liquidity ratios and asset encumbrance.

As part of enhancing regulatory harmonisation in the EU banking sector and facilitating cross-border supervision, uniform data formats are necessary to enable comparable data on credit institutions and investment firms across the EU.

The EBA XBRL taxonomy was primarily developed for data transmission between competent authorities. The EBA, many authorities have been using it for the collection of supervisory reporting from the credit institutions and investment firms they supervise. The taxonomy proposed by the EBA will lead to convergence of supervisory practices across Members States and also facilitate supervisors to identify and to assess risks consistently across the EU and to compare EU banks in an effective manner.

The updated taxonomy issued today incorporates corrections to the COREP and FINREP reporting structures in line with the published ITS, and new reporting structures for asset encumbrance.

It includes the following technical documents:
• The set of XML files forming the XBRL taxonomy
• A description of the architecture of the XBRL taxonomy
• The DPM of which the taxonomy is a standardised technical implementation, includes both database and document representations, along with a description of the formal modelling approach on which it is based.

Date of applicability
The existing taxonomy (2.0.1) related to the September 2013 framework release is to be used for remittance to the EBA for reports with reference dates prior to 30 September 2014.

Reports with reference dates as of 30 September 2014 and beyond are to use this revised taxonomy (2.1), which is related to the March 2014 framework release. Remittance of FINREP reports will, therefore, commence using this revised taxonomy.

Legal basis and next steps
This XBRL taxonomy was developed based on the final draft ITS on supervisory reporting including amendments regarding asset encumbrance, forbearance and non-performing exposures (and incorporating some revisions arising from the publication and adoption process of the Commission Implementing Regulation (EU) No 680/2014) and in accordance with Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms (Capital Requirements Regulation – CRR).

While the original ITS were adopted by the European Commission and published in the Official Journal of the European Union on 28 June 2014, the ITS amendments regarding asset encumbrance, forbearance and non-performing exposures are pending adoption and publication. Hence, this taxonomy is subject to further necessary revisions following the publication and adoption process and based on any critical technical corrections that may be identified.

Later this year, the EBA expects to publish a further revision of its XBRL taxonomy incorporating further alignment corrections, and additional reporting requirements regarding funding plans, which is expected to be used for reports with reference dates as of 31 December 2014 and beyond.

It seems probable that similar reporting formats will be introduced to this region. So consider this when selecting your regulatory reporting solution, BRS Analytics data model and report outputs have already been extended to meet the COREP and FINREP requirements.

FATCA – now in effect from 1 July 2014

July 2nd, 2014

Does the Foreign Account Tax Compliance Act (FATCA), affect you? The legislation came into full effect on the 1st of July 2014 and has many implications, particularly for US expatriates and for financial institutions with which they deal.

FATCA, a U.S. tax avoidance measure that requires foreign (non- U.S.) financial institutions (FFIs) to identify, report on and, in some circumstances, withhold on payments to account holders. The point of FATCA is increase transparency for the IRS with respect to U.S. persons that may be investing and earning income through non-U.S. institutions. FATCA imposes tax withholding where the applicable documentation and reporting requirements are not met.

U.S. taxpayers owning financial assets in excess of $50,000 in foreign accounts must report those assets every year on a new Form 8938 to be filed with the 1040 tax return.

The law requires foreign financial institutions (FFIs) to enter into an agreement with the Internal Revenue Service to identify their U.S. account holders and to disclose the account holders’ names, tax identification numbers, addresses and the transactions of most types of accounts.

FFI’s are now required to report the following:
1) The name, address and U.S. tax identification number (TIN) of each account holder that is a specified U.S. person;
2) In the case of any account holder that is a U.S. entity with one or more U.S. owners, the name, address and TIN of each substantial U.S. owner of such entity;
3) The account number;
4) The year-end account balance or value; and
5) Gross receipts and gross withdrawals or payments from the account.

If an FFI does not enter into an agreement with the IRS, all relevant U.S.-sourced payments, such as dividends and interest paid by U.S. corporations, will be subject to a 30 percent withholding tax.

Many Americans residing overseas are faced with ‘banking lock-out’ because financial institutions have in some cases chosen to eliminate their US client basis to minimize their exposure to FATCA reporting requirements, withholding fees and potential penalties.

While there is speculation that this law will make it less desirable for foreigners to do business with Americans and even a reduced desire to hold dollar-based assets there is still a need for Middle East FIs to address this reporting requirement.

US citizens working here should seek independent financial advice or speak to a tax advisor for more information and visit the IRS website –

(From Notice 2014-33: Comments received after the publication of the temporary Chapter 4 regulations have indicated that the release dates of the final Forms W-8 and accompanying instructions present practical problems for both withholding agents and FFIs to implement the new account opening procedures beginning on 1 July 2014. In consideration of these comments, the US Treasury and the IRS intend to amend the Chapter 4 regulations to allow a withholding agent or FFI to treat an obligation held by an entity that is issued, opened, or executed on or after 1 July 2014, and before 1 January 2015, as a pre-existing obligation for purposes of implementing the applicable due diligence, withholding, and reporting requirements under Chapter 4. The proposed amendments to the Chapter 4 regulations will only be available to obligations held by entities. ) This user guide FATCA XML V1.1 sets out the xml schema and the information required in each data element.

Once FFIs register with the IRS through the agency’s website, they will receive a notice that the registration has been accepted and will be issued a Global Intermediary Identification Number (GIIN), to be used for reporting purposes. Approximately 77,000 banks and financial institutions from 70 countries have already registered, according to news reports. Reuters reported that more than 500 U.S. businesses have also registered, including Citibank and JPMorgan Chase. As of June 13, 2014, 36 nations had signed agreements with the IRS, including Australia, France, Germany, Japan, Mexico, South Africa, the United Arab Emirates and the United Kingdom. Many places where Americans have traditionally hidden assets, including Switzerland, the Cayman Islands and the Bahamas, have signed agreements as well. Forty-two other nations have reached “agreements in substance.”

The IRS issued a notice in May 2014 announcing that calendar years 2014 and 2015 will be regarded as a “transition period” for FATCA enforcement. The transition period is “intended to facilitate an orderly transition” for financial institutions struggling to achieve FATCA compliance, according to the IRS.

Take note that the July 1, 2014, effective date is not postponed and the legal obligations imposed by FATCA have not changed. “An entity that has not made good-faith efforts to comply with the new requirements will not be given any relief from IRS enforcement during the transition period,” the notice states.

The IRS is just letting the international financial community know that a good-faith attempt at compliance will be acceptable until January 2016. Instead of aggressive policing of reporting accuracy, the IRS may check on the status of FFIs’ filing of W-8 and W-9 forms and take into account whether a withholding agent has made reasonable efforts to modify its account opening practices and procedures.


July 1st, 2014

According to Price Waterhouse Cooper’s ‘Banking Banana Skins 2014’ survey, published last motnh new regulations are becoming excessive and could dampen economic recovery and growth.Regulation topped the list of risks among the region’s banking industry. The poll is based on responses from more than 650 bankers, banking regulators and close observers of the banking industry in 59 countries.

A fast-rising risk in the Banana Skins ranking is technology risk, which has risen from No. 18 to No. 4,

Azure – new back up solution – Azure Site Recovery (ASR)

June 28th, 2014

No backup data center?

Microsoft Azure Site Recovery will keep applications and services running on the cloud should disaster strike.

Microsoft cloud-based disaster recovery is coming with Azure Site Recovery (ASR)).

Abhishek Hemrajani, a Microsoft program manager,in the company’s official blog announced new capabilities that enable disaster recovery (DR) in the cloud. Enterprise and small and midsized businesses (SMBs) “can now protect, replicate, and failover Virtual Machines directly to Microsoft Azure.”

In short, a cloud-based DR site that can span multiple geographies.

ASR, formerly Hyper-V Recovery Manager, provides a guaranteed safety net, whether customers “enable Disaster Recovery across On-Premise Enterprise Private Clouds or directly to Azure,” said Hemrajani.
He added that “virtualized workloads will be recovered accurately, consistently, and with minimal downtime.”

Businesses no longer need to view cloud-based DR with suspicion, according to Microsoft’s Brad Anderson, corporate vice president of Windows Server and System Center. “If you’re an enterprise that has viewed previous cloud-based DR solutions with skepticism—brace yourselves for the details of this announcement,” he said in a statement. – See more at:

Cumulative Update #2 for SQL Server 2014 RTM

June 28th, 2014

Fix for the index corruption issue is now available for SQL Server 2012 Service Pack 2 – available for download for via the hotfix download link in the KB article. See KB

Health data on the internet – good or bad?

June 28th, 2014

The new “Google Fit” health data tracking service will compete with Apple’s recently announced HealthKit data collection services, according to a report.

Google will debut its plans for a new health data tracking service called “Google Fit” at the upcoming Google I/O developers conference as part of its recent push into high-tech wearables. – Google has also been working recently on other device-related health projects, such as experiments unveiled in January with special contact lenses that are equipped with miniaturized sensors that can analyze the tears in the eyes of diabetes patients to determine when their blood sugar levels need to be adjusted. – See more at:

It seems perverse coincidence to read on the same day that possibly 1.3 million records were stolen when hackers broke into Montana’s health care system presumably with the intent of identity theft. , Montana has taken the steps necessary to shore up security. Government officials have confirmed that the personal information of 1.3 million people has been hacked. State of Montana officials are now notifying potential victims that hackers broke into a Department of Public Health and Human Services (DPHHS) computer server

Captial requirements for credit risk – new ECB consultation paper

June 28th, 2014

26th June 2014, Brussels: The European Banking Authority (EBA) has just released a consultation paper pertaining to the sequential approach of the Internal Ratings-Based (IRB) approach to capital requirements for credit risk. This paper also covers the limited permanent use under the Standardised Approach (SA) (Articles 148 (6), 150 (3) and 152 (5) of the EU Regulation 575/2013 under the Capital Requirements Regulation (on prudential requirements for credit institutions and investment firms).
Following its release, the EBA is inviting proposals, particularly relevant questions and/or points the body should take into consideration up till the 26.09.2014, following which it will subsequently submit the draft Regulatory Technical Standards (RTS) to the commission by the 31.12.2014. The Authority, following analysis of potential pegged costs as well as associated advantages, has also requested the option of the Banking Stakeholder Group (BSG) as per Article 37 of Regulation (EU) 1093/20102.
Supplementing EU Regulation 575/2013, this consultation paper assumes that specific exposure categories may be treated under the Standardised Approach permanently, depending on a predetermined subset of criteria (materiality of size and risk of the exempted exposures). This permanence will also prevail in situations where technical or operational difficulties are encountered during the deployment of the IRB approach. As a general rule of thumb, the paper advises that “competent authorities should ensure that the higher the potential for underestimating the risks stemming from its design, the quicker this potential should be reduced.”
The adoption of this regulation is sectioned into the following facets:
Article 1 defines the General principles related to all the relevant ‘exposure values’ and their associated ‘risk-weighted exposure amount’. Specifically, a) equity exposures as referred to in Articles 133 (1) and 147 (6) of Regulation (EU) No 575/2013 and b) all exposures for which the institutions have received permission to apply the Standardised Approach on the basis of Article 150 (1) (d) to (f), (i) and (j) of Regulation (EU) No 575/2013.
Article 2 defines the conditions of application of points (a) and (b) of Article 150(1) as per Regulation (EU) No 575/2013, related to conditions such as the aggregate threshold of 8% of all exposures as well as the aggregate risk-weighted exposure amount assigned to the class similarly does not exceed 8%; as well as the consideration to counterparties being materially significant (>= 10% total exposure of the institutions eligible capital). Article (2) also takes into consideration accessibility and availability of information, cost of developing the said ratings system as well as the institution’s operational capability to determine suitability for such rating-system implementation.
Article 3 treats the relevant conditions of point (c) of Article 150 (1) insofar as to application the SA being limited to classes or exposure types whose magnitude as well as risk profile is considered immaterial.
Article 4 deals with the specific conditions according to which competent authorities shall determine the various characteristics as well as scheduling of the successive IRB rollout. Contained within Article 148 (3) of the regulation, this consultation paper advises that (competent authorities) “shall ensure that the higher the potential for underestimating the risks, the quicker this potential shall be reduced” as well as sets forth a series of conditions that need to be adhered to insofar as permission being granted to apply the IRB approach. These include total exposure value and total risk-weighted exposures >= 50% of the set relevant exposures. Following the inclusions of the IRB Approach for a particular exposure class, Article (4) also states a set of considerations the EBA will take into account for an institutions’ rollout timing. These incorporate the availability of time series data, the institutions capability, acumen and preceding experience in developing the rating system as well whether there are occurrences of tied affiliates to the institution who are not subject to Regulation (EU) No 575/2013 or to the corresponding respective country’s legislature.
Article 5 decrees that the regulation shall come into force on the twentieth (20th) day following “its publication in the Official Journal of the European Union”
EBA Consultation Paper – Deadline 26th September 2014
Regulation (EU) No 575/2013 of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012
Back to News

BASEL 111 and BCBS 239 what does it mean for Middle East banks?

June 28th, 2014

A BI vendor surveyed banks in in December 2013 in Europe, North America and Asia-Pacific to explore data governance initiatives, highlights the need for Board-level representation and ownership to ensure that data governance frameworks meet the business objectives. Data governance has become more important following the global financial crisis, yet over two thirds (63%) of financial industry executives do not consider it to be a Board-level issue. .
The study also showed that one third (31%) of financial institutions do not have defined roles and responsibilities in the data governance space. despite the many business drivers for data governance in the financial world.
Achieving regulatory compliance and r educing regulatory risk .was recognized by 94% of banking executives as a business driver, followed closely by ensuring data consistency across the enterprise (88%) .and improving transparency of financial data and information (63%). Why the change of heart?
The Basel Committee on Banking Supervision’s BCBS 239 principles paper was introduced to transform the way risk data management and reporting is carried out internationally. It requires that be underway to meet their January 2016 deadline.
Originally released for comment in June 2012, the 14 principles of BCBS 239 cover a lot of ground, addressing areas ranging from IT infrastructure and governance arrangements, to the way that risk management departments generate ad hoc reports.
The BCBS 239 principles also affect G-SIBS (those subject to additional capital requirements), and additional D-SIBS requirement defined by local central banking authorities, who will only have three years to meet compliance.
The list of principles may seem overwhelming, and time is running out. Covering everything from IT infrastructure to governance and timeliness, the principles are an opportunity for firms to renovate, innovate, and proof their business with the most effective people and processes in place.
Three questions, to help you decide on an action plan for compliance on schedule and to also support growth and productivity.
1. Current status?
What are your real Strengths and Weaknesses, Opportunities and Threats on data risk management compliance?. In future supervisors will require documentation and proof, and this means you need a formal system and processes.
2. Which IT systems do you use now – are those adequate?
Near real-time aggregated data is key for timely alert to risk. BCBS’s report, ‘Progress highlights that banks feel they do have a compliant with strong IT infrastructure and data architecture.
Is your technology efficient and effective? Scalable and agile?

3. Do you have the right people on the job?
Risk management comes down to people. Technology can maximize their essential productivity in processing data, and reduce errors with in-built validations and standard data transformation and aggregation , with comments, logs, version controls and audit trials, risk. Help them better to manage risk by turning data into timely intelligence with kpis to manage, report and inquire on information.
The BCBS 239 framework can be broadly categorised into 4 main pillars.
“Pillar 1 Governance and Infrastructure.”
Governance entails implementing appropriate organisational and process structures to ensure that risk aggregation receives the same strategic importance of any of the bank’s other business critical processes.
This encompasses day to day management structures and the senior management and C-level ownership of risk data.
This Pillar requires organisations to put in place the right kind of technology and process infrastructure, not only for risk aggregation requirements, but also to offer an extensible framework that will allow easy incorporation of newer forms of risk and sudden spikes in computation capabilities in stress or crisis scenarios.
Pillar 2 “Risk aggregation” .
A bank must ensure that it has in place the right capability and resources to provide:
◾Accuracy and reliability via data quality processes
◾Adherence to an “enterprise data dictionary”
◾Well documented unambiguous processes – either automatic or manual
◾Completeness in terms of data usage and coverage
◾Consistent latency for aggregating risk within agreed SLAs
◾Flexibility and adaptability to provide new aggregations easily
Pillar 3 “Risk reporting”
The supervisors will need to be confident confident that the bank has a suitable risk reporting infrastructure that is:
◾Accurate with appropriate data quality processes
◾Comprehensive – covering all the agreed risk across agreed organisational entities i.e. asset classes, organisational structures, locations, counterparties, etc.
◾Clear, intuitive and useful for the end users to easily comprehend
◾Available and refreshed at agreed frequencies
◾Distributed to the users using appropriate content distribution processes
Pillar 4 “Review, Collaborate and Act”
Timely reports on aggregated risk data should be available. Supervisors require appropriate means to review the aggregated risk output, to inquire further and to make any remedial changes as part of the workflow.
Data Accuracy
Another essential factor to consider is data accuracy. Most big banks tell us they still struggle with data quality issues. Large global banks are often the product of complex mergers, that involves its own set of data and technology challenges. Banks have multiple systems introduced often ad hoc for new revenue streams from different asset classes. The systems were never designed to capture the data in a manner to support the reporting required by regulators. There is often very little integration in the front office and there are often more than 50 systems and subsystems that hold data. Each desk has its own: trading, booking, pricing and reporting systems. New product are then built on those legacy systems and copy data from middle-office risk aggregation systems and may receive risk in more than one data channel for the same asset class,. Risk managers need to know what is the real risk and it is not practical to do this efficiently or in a timely manner form front office systems aggregate din Excel.
The completeness and quality of data in the back office is more important than the mathematics underlying risk calculations in the front office. If you don’t have the right information, at the right time about a position, (or don’t even know it exists) then your risk calculations are irrelevant. IT investment in integrating and normalising banks data is even more important than updating risk engines. Consider whether your reporting solution should embed a risk engine maintained by the software author in lien with regulatory requirements.
BCBS requires board level review of the risk data aggregation for new product approval and also for other strategic business decisions such as: mergers, spinoffs and acquisitions. The uncertain nature of financial markets, makes it both more difficult and more important for investment banks to build an agile infrastructure and reporting capabilities to make faster and better informed investment and decisions.
There is an overlap of what BCBS 239 prescribes and similar initiatives supporting other regulatory frameworks (e.g. Basel III, MIFID II, COREP, CRD IV, etc.). Forward-looking finance executives are using high-performance technologies to create fundamentally superior, compliant risk reporting processes which also help executives meet their goal of sustainable profitability.

Buy vs Build?
KPMG’s Managing the data challenge in banking advises that firms needs to ask themselves whether they have a clear Data Architecture to support the principles of Risk Data Aggregation and whether they are able to create future data capabilities that will enable them to comply with the BCBS principles by the required deadline of 1 Jan 2016.

In Deloitte’s 2013 global risk management survey, only 31 percent of respondents said that their data quality efforts were effective and only 20 percent were confident in their data management and maintenance efforts. Their advice? Automation.

Ask us about BRSAnalytics – purpose built for bank regulatory reporting.
Hasan: 0097143365589