Archive for the ‘Security and Compliance’ category

Microsoft Azure Stack announced this week at Microsoft Ignify 2015

May 6th, 2015

Microsoft Ignite this week- the company announced that it is making available a version of Azure that can be hosted in your own datacenter.
The new software, called Microsoft Azure Stack allows you to run your own version of the company’s cloud platform on your own servers. The idea is that you’ll be able to use the same application development and deployment techniques from the hosted cloud platform on your own terms.
Azure Stack is essentially everything you see on the hosted version of the company’s cloud service, including the portal, in a single package for running on premise. The software will be available for the first time “this summer.”

Microsoft’s competitors like: Amazon’s EC2 and Google Cloud Compute don’t provide offerings for hosting your own service.

Summary of Technet Guest post by Mike Neil, General Manager for Windows Server, Microsoft:
Chicago at the Microsoft Ignite conference

Hybrid cloud is an ideal solution for many organizations bringing together the agility of public cloud and the control of on-premises systems.
“Today, we are announcing several new solutions that will continue to expand the industry’s most complete cloud:
• Microsoft Azure Stack, a next generation cloud infrastructure that brings Azure IaaS and PaaS capabilities to customers’ datacenters.
• Windows Server 2016 and System Center 2016, the next versions of the popular application platform and management solutions.
• Microsoft Operations Management Suite, a new hybrid management solution that helps you manage your corporate workloads no matter where they run: Azure, AWS, Windows Server, Linux, VMware, or OpenStack.”

Building Hybrid Clouds
Microsoft is the only cloud vendor that both builds, and runs its own hyper-scale datacenters and delivers that same technology back to customers’ and partners’ datacenters.

Next wave of cloud infrastructure.
Microsoft Azure Stack
- Microsoft Azure Stack delivers IaaS and PaaS services into your datacenter
- Easily blend enterprise applications such as SQL Server, SharePoint, and Exchange with modern distributed applications and services while maintaining centralized oversight.
- Azure Resource Manager (just released in preview last week), gives consistent application deployments every time, whether provisioned to Azure in the public cloud or Azure Stack in a datacenter environment. This approach is unique in the industry and gives developers the flexibility to create applications once and then decide where to deploy t later – all with role-based access control to meet your compliance needs.

- Azure Stack includes a scalable and flexible software-defined Network Controller and Storage Spaces Direct with: – automated sync and failover.
Shielded VMsand Guarded Hosts to bring “zero-trust” software-defined security to your private cloud. Securely segment organizations and workloads and centrally control and monitor access and administration rights.

Preview Azure Stack starting this summer.

New Technical Preview of Windows Server 2016 – Now Available
The next version of Windows Server will introduce Windows Server Containers and Hyper-V Containers (expected in the third Technical Preview of Windows Server 2016 this summer).

Windows Server 2016 will also offer Azure Service Fabric, a platform for building and hosting application services that automatically scale and heal, bringing you the same underlying technology used to power highly scalable services like Skype for Business, Azure SQL Database, and Cortana.
The second Technical Preview of Windows Server 2016. offers a first look at Nano Server. Extending the advanced virtualization features:
• Rolling upgrades for Hyper-V and Storage clusters for even faster adoption of new updates and operating systems.
• Compute resiliency so virtual machines (VMs) continue running even if the compute cluster fabric service fails.
• Storage Replica updates for synchronous storage replication for affordable backup and disaster recovery.

Managing a Hybrid World
Today’s hybrid reality means applications and data are spread across multiple vendors’ environments. While you may not control all the platforms they run on you still need to manage and control these assets to help your organization meet business, compliance and regulatory needs.
Microsoft Operations Management Suite (OMS)
OMS now extends your System Center investments and Microsoft best practices to simplify management of your assets at a lower cost than competitive solutions, wherever they live-
- any instance (physical, virtual or container)
- and any cloud, including: your data center, Azure, AWS, Windows Server, Linux, VMware, and OpenStack,
OMS tracks and manages:
Log Analytics: collect and search millions of records in seconds across thousands of machines to identify the root cause of operational issues.
Security: identify malware status and missing system updates, and collect security related events to perform forensic, audit and breach analysis.
Availability: enable application and data protection for all servers and applications, no matter where they reside with cloud-based backup and site recovery.
Automation: orchestrate complex and repetitive operations for more efficient and cost-effective hybrid cloud management.

Expect cloud-based patching, inventory, alerting, container management, and more later in the year.

New Technical Preview of System Center 2016 – Available This Week
System Center 2016 has new; provisioning, monitoring and automation capabilities for your software-defined datacenter. iT adds:
• Improved Linux management, including Desired State Configuration (DSC) support, native SSH support, and improved LAMP stack monitoring.
• Software Defined Datacenter management, including mixed mode cluster upgrades, enhanced Scale-Out File Server (SOFS) management, and deployment of software-defined networking (SDN) at scale.
• Powerful new monitoring for Azure, Office365, SQL Server and Exchange.

FATCA and the UAE January 2015

January 12th, 2015

The governments of the US and the UAE have reached an agreement in substance, a model 1 Intergovernmental Agreement (IGA).
The UAE has consented to disclose this status.

In accordance with this status, the text of such IGA has not been released and financial institutions in the UAE are allowed to register on the FATCA registration website consistent with the treatment of having an IGA in effect until December 31, 2014.

More than 100 countries including India, China and Russia have already entered into agreements with the US on the Foreign Account Tax Compliance Act (FATCA) and with new FATCA requirements coming into effect on 1st of January 2015 applying to U.S. and non-U.S insurers and insurance brokers, large portions of the financial services sector are being affected.

After a relatively quiet four-year ramp up, America’s global tax law is now being enforced.

FATCA requires foreign banks to reveal Americans with accounts over $50,000 and considering the risks of being frozen out of U.S. markets, everyone is complying.

Firms that fail to comply with FATCA will be subjected to a stringent 30% withholding tax on any US sourced income even if they do not have any US customers.

The compliance aspects being forced upon financial services firms globally by the US tax authorities are complex and costly. It includes amending everything, from more thorough KYC requirements to changes in the account opening processes for new customers to take into account the new information required under FATCA, and systems will have to be updated to comply with the withholding taxes if so required. Insurers and insurance brokers will have to comply with new information gathering and reporting rules when U.S. insurance and reinsurance premiums are sent outside the U.S.

A Model 1 IGA is treated as ‘in effect’ by the US Treasury as of May 21, 2014. (
On 3 June 2013, the Governor of the DIFC signed a Memorandum of Understanding with the UAE Ministry of Finance which named the DIFC Registrar of Companies as the DIFC’s contact point for any international tax agreement entered into between the UAE and another country. FATCA is an example of such an agreement.

According to DIFC release as of 17 November 2014, “The reporting form will be available (for financial institutions) on the Registrar’s website at a time agreed and instructed by federal officials. Further instructions will be circulated as soon as the reporting framework is in place, and the guidance will be made available to DIFC entities as soon as it is finalised by the Ministry of Finance”.

Who will be affected by FATCA?
• Banks and deposit taking institutions;
• Trust company – Custodial institutions;
• Investment entities – those businesses involved in trading in transferable securities; money market instruments, foreign exchange derivatives etc.; individual or collective portfolio management or otherwise investing, administering or managing funds, money or financial instruments on behalf of other persons;
• Certain types of insurance companies that have cash value products or annuities;
• Family offices would be included in the definition;
• Certain holding companies or treasury centres.

FATCA objective

Disclosure of assets and income of U.S. taxpayers (US person) held with foreign financial institutions.

Definition of US person:
• a citizen or resident of the United States,
• a domestic partnership,
• a domestic corporation,
• any estate (other than a foreign estate) and
• any trust if:
1. a court within the United States is able to exercise primary supervision over the administration of the trust, and
2. one or more United States persons have the authority to control all substantial decisions of the trust.
How will financial institutions be affected?
If a Foreign Financial Institution (FFI) fails to address FATCA requirements promptly, all relevant US-sourced payments, such as dividends and interest paid by US corporations, will be subject to a 30% withholding tax.
The same 30% withholding tax will also apply to gross sale proceeds from the sale of relevant US property.
This will be inconvenient for the customers of the Foreign Financial Institution who will then need to claim refunds from the U.S. IRS after proving that they are non U.S. persons, and not liable for tax.

The definition of a Foreign Financial Institution which is an Investment Entity in Model 1 IGA covers:
• Investment managers;
• Investment advisors;
• Fund administrators.
However, the IGA includes a deemed compliant category for Investment Advisors and Managers, whereas an Investment entity established in a FATCA Partner Jurisdiction can obtain a status of Non-Reporting Financial Institution if it is a financial institution solely because it:
• Renders investment advice to, and acts on behalf of, or;
• Manages portfolios for, and acts on behalf of a customer for the purpose of investing, managing or administering funds deposited in the name of the customer with a Financial Institution other than an Non-Performing Foreign Financial Institution (NPFFI).

It is important to note that if an Investment Advisor / Investment Manager provides services of investment advice or manages portfolios of customers whose funds are deposited with the financial institution which is non-compliant with FATCA, or is located in a jurisdiction other than a FATCA Partner jurisdiction, the DFSA regulated Investment Advisor / Investment Manager might have FATCA reporting obligation for those clients.

According to a notice1 from the UAE Central Bank, at the start of 2014 banks and other financial institutions in the UAE must complete the following actions to facilitate the signing of the IGA:
1.Identify customer accounts that are a “US Reportable Account”, which is defined as a financial account maintained by a reporting UAE financial institution and held by one or more specified US persons or by a non-U.S. entity with one or more controlling persons that is a specified U.S. person (implementation date: 19 November 2013).
2.Adopt FATCA’s due diligence procedures for identifying and reporting on US Reportable Accounts and for payments to certain nonparticipating financial institutions (implementation date: 1 January 2014).
3.Prepare relevant systems for establishing electronic connection to the Central Bank’s FATCA Reporting System, currently in development. All banks and other financial institutions should expect to be contacted for this purpose during the first quarter of 2014 (implementation date: 1 March 2014).
4.Be prepared to register via the IRS portal to obtain a “Global Intermediary Identification Number” (final registration date: 1 November 2014).
5.Adopt reporting procedures specified in the IGA (first report for 2014 must be sent to the Central Bank by 1 August 2015).

The Central Bank, with help from a US law firm, will provide legal support and conduct workshops to assist banks and other financial institutions in implementing the FATCA requirements.

New FAQ on IGA registration issued by IRS

On 22 December 2014, the IRS posted updated FAQs regarding IGA Registration to the FATCA website. This update acknowledges Announcement 2014-38 and addresses whether Reporting Model 1 FFIs in certain jurisdictions need to register and obtain a Global Intermediary Identification Number (“GIIN”) before 1 January 2015. This update confirms that a jurisdiction which was treated in 2013 as if it has an IGA in effect, but which has not yet signed an IGA, retains such status beyond December 31, 2014, provided the jurisdiction continues to demonstrate firm resolve to sign the IGA that was agreed in substance.
New Form W-9 and accompanying instructions released by IRS

The IRS has published on its website a new revised version of Form W-9 (revision date December 2014) as well as the Instructions for the Requestor of Form W-9.

Ask us about BRS Analytics Regulatory reporting platform.

Qatar Financial Centre Regulatory Authority (QFCRA) – 2015 new Banking Business Prudential Rules and Investment Management and Advisory Rules

January 6th, 2015

Happy New Year!

2014 was the year of record settlements between banks and regulators with the total amount of fines and settlements globally passing USD 56 billion. The biggest single hit was the settlement of USD 16.65 billion between Bank of America and the United States Department of Justice in relation to the misleading of investors with mortgage backed securities.

Local regulators are tightening their compliance legislation. The QFCRA has introduced enhancements to its prudential framework for QFC authorised firms undertaking banking, investment management or advisory business. Two new sets of prudential rules were introduced: the Banking Business Prudential Rules 2014 and the Investment Management and Advisory Rules 2014. The new Rules come into force on 1 January 2015.

The new Banking Business Rules bring enhancements focused on the following areas:
•The Internal Capital Adequacy Assessment Process
•Capital adequacy and capital requirements
•Credit risk
•Market risk
•Interest rate risk in the banking book
•Liquidity risk
•Group risk

The new Investment Management and Advisory Rules bring enhancements focused on the Minimum paid-up share capital and liquid assets requirement, Risk management, Professional Indemnity Insurance and on the Client money and asset protection.

Prophix 11 Service Pack 3

December 17th, 2014

Oman – National Committee for Anti Money Laundering and Combating Terrorism Financing

December 14th, 2014

The National Committee for Anti Money Laundering and Combating Terrorism Financing which held its first meeting of the year on Monday, December 8th 2014 I the Central Bank of Oman reviewed major pertinent issues concerning Anti-money laundering and counter terrorism financing laws in the country.

Held at the CBO premises, the meeting was chaired by H.E. Hamoud bin Sangour al- Zadjali, The Executive President of the CBO who is also the Chairman of the National Committee. All the members of the National Committee hailing from organizations such as ROP, FIU, Public Prosecution, Ministry of Commerce & Industry, Ministry of Justice, Capital Market Authority, Ministry of Housing, and Ministry of Social Development also attended the meeting.

The meeting discussed a number of issues listed in the agenda and took appropriate decisions in this respect. The Committee welcomed the decision of the Sultanate assuming the chairmanship of the Middle East and North Africa Financial Work Group for 2015 along with hosting the upcoming 21st General Meeting of the Group in the same year.

The Committee also reviewed the executive stance of the Technical Cooperation Program with the International Monetary Fund and the anticipated visit of the IMF experts in January 2015.

Additionally, the Committee reviewed the status quo of the project for amending the Law on Combating Money Laundering and Financing Terrorism issued under Royal Decree No. (79/2010) in addition to examining the findings of the 3rd regular follow-up report on the Law on Combating Money Laundering and Financing Terrorism in the Sultanate of Oman by the Regional Financial Work Group.

The report is an analysis of the actions taken and implemented in the Sultanate as a party to the international standards framework and the joint evaluation systems developed for combating money laundering and terrorism financing.

EU General Data Protection Regulation (GDPR) – are you ready?

December 11th, 2014

The EU General Data Protection Regulation (GDPR) was proposed in 2012 and aims to apply a single set of data protection rules across the European Union (EU) to protect user’s data.

Organisations will be expected to report a breach in 72 hours, and give data owners the right to request a copy of the personal data they hold, and the right to have personal data erased.

The regulation will impose greater fines on organisations that break the law -compliance failures will carry fines of up to €100m or 5% of global turnover – whichever is greater.

The proposed regulations are planned to begin at the end of 2014, coming into effect over the next two years.

A recent survey from network management and monitoring software specialist, Ipswitch showed that
- over half of employees could not accurately describe GDPR
- and 52% admitted their firms were not ready for the changes the regulations might bring.

FATF guidance – risk based approach for banks – Synergy Software Systems

November 4th, 2014

The FATF has adopted guidance which will help in the design and implementation of the risk-based approach for the banking sector, taking into account national risk assessments and the national legal and regulatory framework.
The risk-based approach is an essential component of the effective implementation of the FATF Recommendations. Countries, competent authorities and reporting entities are expected to identify, assess and understand the money laundering / terrorist financing risks they are exposed to so that they can develop the risk-based measures to mitigate these risks.

Basel Core Principle
Element of Supervision

Principle 1 Responsibilities, objectives and powers:
An effective system of banking supervision has clear responsibilities and objectives for each authority
involved in the supervision of banks and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorise banks, conduct ongoing supervision, address compliance with laws
and undertake timely corrective actions to address safety and soundness concerns.
Principle 2 Independence, accountability, resourcing and legal protection for
The supervisor possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable
for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisor.
Principle 3 Cooperation and collaboration:
Laws, regulations or other arrangements provide a framework for cooperation and collaboration
with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.
Principle 5 Licensing criteria:
The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of Board members and senior management) of the bank and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisor is obtained.

Talk to us to find out how BRSAnalytics can help you clearly demonstrate effective robust management of governance and compliance.

Leverage Ratio Standards for Kuwaiti banks

November 4th, 2014

Mohammad Y. Al-Hashel, Governor of the Central Bank of Kuwait (CBK) recently announced that CBK’s Board of Directors has approved the instructions for implementing the Leverage Ratio Standards to Kuwaiti banks, both conventional and Islamic.

The implementation of the Leverage Ratio Standards comes within the framework of the CBK’s measures to fully apply the International regulatory framework for banks (Basel III) reforms and guidelines. It also aims to keep abreast of the developments in field of banks control,Al-Hashel reiterated that the CBK is firmly committed to complete implementing Basel III reforms and guidelines
The leverage ratio is the proportion of debts that a bank has compared to its equity/capital.

The Governor pointed out that the CBK, through the new instructions, seeks to curb the accumulation of leverage ratio in the banking sector which could put pressures on the financial system or the whole economy. It also aims to boost capital adequacy requirements.

Under the new instructions, a Banks’ leverage ratio should not exceed three percent. The new instruction is effective 31 December 2014.
The CBK is moving forward toward accomplishing the other standards of Basel III set of reforms, liquidity ratios standards, according to a well-planned schedule and taking into consideration the comprehensive quantitative impact study (QIS) outcomes, The Governor said that final Basel III Leverage ratio standard instructions are now published on the CBK website for those interested in the banking and financial business.

“Basel III” is a comprehensive set of reform measures, developed by the Basel Committee on Banking Supervision, to strengthen the regulation, supervision and risk management of the banking sector. These measures aim to: improve the banking sector’s ability to absorb shocks arising from financial and economic stress, whatever the source; improve risk management and governance; strengthen banks’ transparency and disclosure”s.

Recent Banking regulatory news.

October 31st, 2014

The videos below from PWC provide an interesting insight into the current status and future direction of banking

Learn more at –
“Powerful forces are reshaping the banking industry, creating an imperative for change. Banks need to chose what posture they want to adopt – to lead the change, to follow fast, or to manage for the present. Whatever their chosen strategy, leading banks will need to balance execution against 6 critical priorities and have a clear sense of the posture they wish to adopt. However, each of them is important, and success will come from a balanced execution across these priorities — and a balance of tactical initiatives and longer-term programs, all coming together as an integrated whole.”

Banking Banana Skins 2014 Overview

Regulators want to ensure that banks, implement effective corporate governance. The scope of corporate governance to address has increased exponentially The separation between ownership and control in firms could result in managers exploiting corporate assets for their own individual interests.”

In the mid-1900s Legislators introduced a wave of corporate governance regulations to mitigate risk with new requirements for the role of the board overseeing the firm’s business strategy and financial soundness, key personnel decisions, internal organisation, governance structures and risk management practices. So long as boards did their job, it then seemed that investors would be protected.

Now a bank’s corporate governance has to protect against all the risks that bank’s business may experience. and there is zero tolerance of a bank’s failure to manage its risks. Not to mention adverse negative media attention and steep regulatory fines. The fallout of the 2007 financial crisis, perhaps overlooks the risks inherent in a bank’s business model – with governments, regulators, investors and customers all demanding change.

New laws impose more stringent requirements and intensified scrutiny and pressure from regulators. Significant problems remain. The Financial Stability Board (FSB) has asserted that much more work is needed to “establish effective risk governance frameworks” (2013).

The Basel Committee on Banking Supervision (BCBS) recently revised its Guidelines Corporate governance principles for banks on 10 October 2014. This further raises the standards in corporate governance at banks and emphasizes the critical role of the board and its risk committees in ensuring a bank’s risk governance.

The BCBS suggests that boards should be more involved in “evaluating and promoting a strong risk culture in the bank” by setting the banks” risk appetite and overseeing the implementation of this. The increased focus on risk and the supporting governance framework includes identifying the responsibilities of different parts of the bank for addressing and managing risk. These areas are often referred to as the “three lines of defence”:
- business units
- risk management function
- internal audit.

Regardless of the structure, responsibilities for each line of defence should be well defined and communicated and supported by the board.

Managing risks includes identifying, assessing and reporting such exposures, taking into account the bank’s risk appetite and its policies, procedures and controls. The manner in which the front line a business unit executes its responsibilities should reflect the bank’s existing risk culture—in a top-down fashion directly aligned to the approach set by the board.

An effective risk management function complements the business unit’s risk activities by monitoring and reporting against responsibilities. Among it is responsible for overseeing the bank’s risk-taking activities and assessing risks and issues independently from the business line. This requires an independent and effective compliance function responsible for routinely monitoring compliance with laws, corporate governance rules, regulations, codes and policies to which the bank is subject. The function must have sufficient authority, stature, independence, resources and access to the board.

An independent and effective internal audit function . should “provide independent review and assurance on the quality and effectiveness of the bank’s risk governance framework including links to organisational culture, as well as strategic and business planning, compensation and decision-making processes”. The board should ensure that the risk management, compliance and audit functions are properly positioned, staffed and resourced and carry out their responsibilities independently and effectively.

Effective internal corporate governance provisions doesn’t just benefit small stakeholders. Ensuring effective oversight of managerial actions should result in lower equity and debt capital cost for the bank, a reduction of labour costs and higher value in products and services from clients but it also poses many challenges for the banks and their regulators. . Complexity can take many forms such as the evaluating the quality of a bank’s loan portfolio or ascertaining the importance of off-balance sheet operations. The BCBS’s revised principles provide a framework within which banks and supervisors should operate to achieve robust and transparent risk management and decision-making and, in doing so, promote public confidence and uphold the safety and soundness of the banking system.

EU banks s(bar Italy) stood-up pretty well to the EBA’s stress test. Only 25 failed (CET> 5.5%) from the 130 banks tested. About half of those had already taken actions to remedy their alleged failings, .

So outside of Italy, EU banks should be more confident to lend again and rebuild their damaged balance sheets.. Banks will eventually have to open their cheque books and start lending again. Moreover, the Banking Union will further break-down barriers to cross-border lending within the Eurozone. Banks will no longer have any endogenous constraints to lending in any Eurozone country.

External constraints still need to be considered. The Eurozone economy is on the verge of tipping into its third recession in only six years. The Eurozone is “marching towards stagnation and deflation” according to the Economist (25 October 2014). A large portion of its private sector is actually minimising debt instead of maximising profits following the housing collapse in the 1990s, to repair their balance sheets. This deleveraging reduces aggregate demand and throws the economy into a very special type of recession. There are signs that the EU may be suffering from a similar fate to Japan.. Governments and central banks don’t have any easy solutions to put things right again.

Other financial institutions are considering taking a larger slice of the credit market. Insurance firms provide one option – they take in more than €1 trillion in premiums each year. As with the banks, new rules will force insurers to hold more capital than before against corporate loans. Equity investment or debt finance from asset managers and other shadow bank players are also increasingly another option for obtaining credit. Regulatory action to facilitate some types of credit is also being considered. For example, the EBA is seeking views on what is required to simulate a “prudentially sound securitisation market” with a view to “widening long-term funding opportunities for the European economy”. It

The EBA published its Work Programme 2015 on 10 October 2014 (dated 30 September 2015). Drafting regulatory and technical standards on CRD IV, BRRD and the revision of the Deposit-Guarantee Schemes Directive will take-up the majority of the EBA’s workload in 2015. The EBA also expects to contribute to the various legislative processes (e.g. shadow banking), monitor implementation (e.g. CRD IV), calibrate rules (liquidity and leverage ratios) and develop various ad-hoc reports (e.g. Bitcoin).

The FSB revised its Key Attributes of Effective Resolution Regimes for Financial Institutions (Key Attributes) on 15 October 2014,to incorporate recently published guidance on the resolution of FMIs and insurers, client asset protection and information sharing. The FSB also published Guidance on Cooperation and Information Sharing with Host Authorities of Jurisdictions Not Represented on CMGs where a G-SIFI has a Systemic Presence on 17 October 2014.

The ECB will take over responsibility for prudential supervision of Eurozone banks from 4 November 2014. This change represents a significant milestone in the evolution of EU banking regulation.
Also, on 20 October 2014, it published a Decision of the European Central Bank of 17 September 2014 on the implementation of separation between the monetary policy and supervision functions of the European Central Bank (ECB/2014/39). The decision sets out the ECB’s arrangements for complying with the separation of the monetary policy function from the new supervisory function under SSM. It outlines arrangements related to professional secrecy and the exchange of information between the two functions. The decision will enter into force on the day of its publication in the Official Journal.

Further to our recent meetings with many banks at Gitex. We will be hosting BRSAnalytics principals and software authors, Computime and holding a series of meetings and proof of concepts with local banks in mid November. Meet with our expert team and understand how the purpose designed data model and regulatory processes built into BRSAnalytics proven in many bank over over the last 8years, can help you comply with current and future regulatory compliance with a rapid implementation. Slash reporting time, and cost and risk of error and relax in the knowledge of expert local support that will keep reports current with Central Bank requirements.

Call us on 0097143365589

Bank Regulatory Reporting update – Middle East – October 2014 – Synergy Software Systems

October 26th, 2014

The importance of transparency in bank reporting was the subject of an extended article in Gulf News. “In a recent discussion paper, it is appropriate and long overdue that the Basel Committee on Banking Supervision recognised the need to incorporate the accounting, non-risk weighted leverage into the framework of assessing capital adequacy. “
Dr. R. Seetharaman, Group CEO, Doha Bank spoke at the fifth US- MENA Private Sector Dialogue on correspondent banking, which was hosted by the Union of Arab Banks at BNY Mellon, New York on 14th and 15th October 2014
I the session “Customer risk ratings and evolving nature of financial crime” he said that Banks should strengthen their fight against financial crime to protect against reputation risks. Dr. Seetharaman also gave insights on current trends in Correspondent Banking. “Banks have looked forward to scale their vast Correspondent Banking networks to reduce risks and strengthen controls, expand their client coverage and geographic reach by striking up new banking partnerships. However with the onslaught of new financial regulation banks need to reassess and redefine this business. With banking revenues under pressure, many banks are questioning whether they can continue to try to offer all services to clients in all markets, combined with rising costs related to new regulations. Banks are selectively increasing the global banking partnerships. … After crisis, letters of credit re-emerged as the key solution for alleviating the spike in credit risk concerns. During the financial crisis, it was correspondent banking, which played a pivotal role as many global banks retreated towards their home market, leaving constraints in trade funding and risk mitigation. Local banks became vital, both for local corporates and their international trading partners. When it came to securing the handling of trade flows despite a spike in perceived risks during the crisis, local banks proved that their knowledge of local companies was critical to keep trades flowing.”

Dr. Seetharaman also gave his views on the regulatory focus on correspondent banking. He said “Regulators continue to scrutinise due diligence and risk management practices in the Correspondent Banking arena due to the inherent risks associated with processing transactions as well as cases in which Correspondent Banking accounts have been used to move illicit funds. Recent regulatory actions have resulted in record-breaking financial penalties and have highlighted the vulnerabilities which financial institutions are exposed to when there are failures in in the areas of governance, client due diligence, risk assessment and transaction monitoring.“

Dr. Seetharaman further highlighted recent Financial Crimes, and AML lawsuits faced by financial institutions. “Certain banks failed to conduct basic due diligence on some of its account holders, assign the appropriate risk categories and ignored warnings that monitoring systems are not adequate. Violation of Know Your Customer (KYC) norms also exposed them to fraud risks. Certain banks failed to check and monitor the relationships its corporate customers had with politically exposed people. Some banks failed to identify high risk transactions. Financial crimes have increased the penalties for banks and also affected the reputation risks.”

Islamic Banking continues to grow in the region but what exactly is it?
You will find a lot of useful information on this portal. Islamic Finance News Portal – Bringing you the latest updates in global Shariah finance
The 4th Annual World Islamic Retail Banking Conference was officially inaugurated this month with more than 150 delegates – The conference started with a panel discussion outlining regulatory changes and the impact those will have on retail banking.

In the USA On October 17th the Federal Reserve Board (FRB) released instructions and guidance (Guidance) for CCAR 2015 and finalized amendments to the Capital Plan rule, providing more clarity . Modifications to the Capital Plan rule are consistent with the June proposal, and the Guidance provides additional information on content and the organization of capital plan submissions. The Guidance’s focuses on: internal controls, model inventory, risk identification, and organization

This indicates both that the FRB’s emphasis is now moving from quantitative to qualitative judgments and that the regulators’ expectations continue to rise and this is likely to reflected in this region’s regulatory authority focus. Some key points
Completeness in risk identification is key.
Documentation for internal controls -increased expectation.
Methodology and model inventory must be mapped to FR Y-14 and be subject to internal audit.
This follows on form September when, the Office of the Comptroller of the Currency (“OCC”) finalized its risk governance framework for large banks and thrifts (“Guidelines”) that was proposed in January 2014.

The responsibility to oversee risk management in the USA clearly remains squarely with the Board of Directors, which retains the ultimate risk governance oversight role. The Guidelines clarify that the Board need not take on responsibility for day-to-day managerial duties. This however require consideration of risk appetite and risk profile, lines of reporting, talent management training and retention, regulatory reporting systems – robustness, ease of use, auditability, adaptability and scalability etc..

You can register now for our next free seminar on Bank Regulatory Reporting to be held at Microsoft Gulf, Offices, DIC during the morning of 17 November 2014


Credit reporting in the GCC

October 20th, 2014

Marwan Ahmad Lutfi, CEO of Al Etihad Credit Bureau (AECB), the UAE federal government company mandated to implement and operate a credit reporting system across the UAE, stressed the importance of strengthening communication, collaboration and knowledge exchange between GCC countries in order to support the regional credit reporting industry and in turn enhance GCC economies and credit markets.

Speaking during a panel discussion ­ ‘credit reporting growth in the GCC region: progress with the credit reporting infrastructure and business models in the GCC region’ at today’s World Consumer Credit Reporting Conference (WCCRC) in Dubai, Mr. Lutfi said:

“In light of the GCC’s continuing economic recovery and the ongoing development of the region’s financial infrastructure, there is a need for certain precautions to be taken in order to protect the lending sector, by providing a clear picture of credit behaviour patterns and minimising any risks to the credit market. This will help banks and financial institutions to reduce costs and lower provisions for credit losses, as well as allow individuals and companies with good credit profiles to access better loan terms and interest rates.”

The 9th World Consumer Credit Reporting Conference (WCCRC) is being held until October 21st in Dubaifor the first time in the Middle East\.

Mr. Lutfi added: “The banking sector in the GCC, and particularly in the UAE, has experienced a number of positive developments in recent years, through the implementation of high quality credit reporting and enhanced transparency. Credit bureaux will provide reliable and accurate credit information to help banks and financial institutions effectively evaluate risk, enabling them to make positive decisions in order to reduce credit losses from non-performing loans. This will, in turn, enhance the financial and regulatory infrastructure across GCC countries.”

GITEX 2014 BRSAnalytics – see us at the Synergy stand

September 30th, 2014

Following the successful launch of BRSANALYTICS at GITEX 2013 Comoutime and its regional Middle East partners Synergy Software Systems will be exhibiting from Stand D7-10 at Gitex Technology Week in Dubai 12th – 16th October.

The annual GITEX technology conference brings together the biggest technology brands and cutting-edge conference programmes This year 3,700 exhibitors will converge from all corners of the globe .
The overwhelming response witnessed during our last visit at GITEX has inspired us to return this year with an application geared to deliver bigger and better functionality,” says Enterprise Group Channel and Business Development Executive Daniel Buttigieg. “We believe we have achieved this with the second generation BRSANALYTICS technology.”

BRSANALYTICS v2, a regulatory reporting solution for banks, is packed with features for a robust, user-friendly experience. The new browser-based interface provides intuitive navigation and system configurations, business rules, process management, and other reference data are accessed directly from the application by authorised functional users.

Daniel, also mentioned “The built in system ETL process and audit trails and workflow approvals provide robust data management and simplified submission of returns in the Central Banks formats. BRSAnalytics also features built in dashboards to assist management with analysis and monitoring of performance trends and KPIs and provides an ad hoc query for compliance officers to drilldown to rapidly find answers to both Central Bank and management queries. .”

This software is particularly suited to address the requirements of Middle Eastern financial institutions,” adds Head of Sales and Marketing Neil Bianco. “For instance, because Islamic banks obtain deposits mostly through profit-sharing investment accounts (PSIAs) – typically considered to be more volatile than conventional deposits. Basel III requires that all banks offset that volatility by increasing their high-quality liquid assets (HQLAs).
Banks must implement strategies for stress testing complex data to demonstrate compliance with the relevant Central Bank’ Basel III directives.

Out-of-the-box BRSANALYTICS reporting packs directly cater for regulatory standards by systematically gathering, cleansing, analysing and reporting to board members and the regulator in the required formats.”

Having visited the UAE numerous times over the past few years, we look forward to meeting again with our valued business partner, colleagues and customers.”

To see show case presentations and product demos, visit Stand D7-10 to meet with Daniel and Neil and the Synergy Software Systems team. We invite you to discuss in more detail how BRSANALYTICS can rapidly and cost effectively help your financial institution to meet the tide of newly emerging regulatory requirements.

Stephen Jones, Director Synergy Software Systems commented “We focus on proven branded international solutions, to ensure an ongoing product road map, built on familiar Microsoft technologies. This ensures rapid deployment, low risk and better value for our clients. This is one reason that Microsoft presented us with the Highest Customer Satisfaction award 2014. “

As one regional financial controller out it “Go with Synergy and sleep at night”

Central Bank of Kuwait -Euromoney conference 2014

September 9th, 2014

A speech delivered by H.E. the Governor of the Central Bank of Kuwait (CBK), Dr. Mohammad Y. Al-Hashel in Euromoney Conference held in the State of Kuwait, September 9th 2014. The Speech can be found in both English and in Arabic

The speech outlines the role of the Central Bank as a regulatory capacity and the considerable progress towards adoption of Basel lll in Kuwait. It also addressed the real estate sector finance regulation and prudential risk

From the closing remarks:
“Finally, I observe that the global banking and financial industry is witnessing
a new era of structural and regulatory reform aimed at strengthening
monetary and financial stability and in the long run establishing overall
economic stability. Therefore, we, the regulatory authorities and banking
and financial units, should derive benefits from such reforms by adopting
the correct approach in developing our banking and financial systems in
view of the regional and international experiences, as well as implementing
the best international practices taking into consideration the vital role of
banks in the national economy and their deep relations with the society. ”

Home depot- biggest credit card breach ever?

September 5th, 2014

Home Depot may have earned the dubious distinction of being responsible for the biggest compromise ever involving credit and debit card data.

Security blogger Brian Krebs, whoreported the data breach Tuesday, updated his report yesterday with new information gathered from the cyber underground. According to Krebs, the data strongly suggests that a breach occurred at nearly all of Home Depot’s 2,200 stores in the U.S.

Krebs based his conclusion on a review of stolen credit and debit card data posted on an online store that sells such information. The site lists each card, along with the city, state and ZIP code of the card owner, as well as the store code where the data was stolen.
Several companies have reported data breaches in recent days, including grocery chain Supervalu, UPS Stores Inc. and Dairy Queen.

The breaches have highlighted escalating concerns over a point of sale (PoS) system malware tool dubbed “Backoff” that was used in the massive data heists at Target and others like Neiman Marcus and P.F. Chang’s.

According to federal law enforcement authorities, Backoff has infected PoS systems at around 1,000 retailers. Security firm Kaspersky Labs, which conducted its own research of the malware, believes the number could be much higher.

Basel III and Islamic Banks -ask Synergy Software Systems

September 4th, 2014

The tough Basel III regulatory standards, also pose questions for Islamic lenders that could prove expensive:
- Will regulators treat their deposit the same way?
- How will this affect banks with separate Islamic branches.?

Islamic finance frowns on monetary speculation, so their balance sheets are largely clear of the derivatives and complex, risky assets that surfaced in other banks during the global financial crisis. These factors were reported for example last month in However, the issues are wider than the balancde shet.

Interest payments are not allowed by sharia principles, so Islamic banks obtain deposits mostly through profit-sharing investment accounts (PSIAs), which are generally considered to be more volatile than conventional deposits. So Islamic banks are expected to be required to offset that volatility under Basel III by increasing the amount of high-quality liquid assets (HQLAs) that they hold.

This is easier said than done. Islamic securities markets are relatively immature , than conventional markets, so sharia-compliant HQLAs are in short supply –

Islamic commercial banks held about $1.2 trillion worth of assets at the end of last year, according to a study by Thomson Reuters. Those banks account for roughly a quarter of deposits in Gulf Arab countries and over a fifth in Malaysia.

Basel III requires banks to hold enough HQLAs to cover net cash outflows for a 30-day period under a high-stress scenario. Outflows are calculated by applying different weights to funding sources, including PSIAs. The riskier the funding source, the larger the amount of HQLAs needed to cover it.

With the exception of Malaysia and Bahrain, few central banks actively issue instruments which qualify as HQLAs.. Government-issued sukuk qualify, but most sovereign sukuk are either not listed on developed markets or are not actively traded, making those very hard for Islamic banks to obtain. This contrasts with conventional banks’ access to huge markets in high-quality government debt such as U.S. Treasuries and German Bunds. Alternatives such as the short-term sukuk issued by the Malaysia-based International Islamic Liquidity Management Corp, which was established to promote a cross-border market in Islamic instruments, remain small compared with the overall size of the industry..

Much depends on the weightage or “run-off rates” that national regulators who will implement Basel III in their own jurisdictions, choose to assign to PSIAs.

Regulators are keen to develop their Islamic banking sectors, so are unlikely to assign punitive weights. However, they may not be able to treat PSIAs as benignly as conventional bank deposits. For instance, PSIAs held by Islamic banks tend to have relatively short maturities..

The uncertainty looks unlikely to be cleared up at least before next year, when the Malaysia-based Islamic Financial Services Board (IFSB), a global standard-setting body, is expected to release a guidance note on the subject.

The note will deal with issues such as the contractual rights of depositors, for example whether they can withdraw money in fewer than 30 days without a significant penalty, said a source familiar with the IFSB’s deliberations.

Malaysia’s central bank has issued some guidance on PSIAs, saying it will classify them as two types: general PSIAs, broadly equivalent to conventional retail deposits, and specific or restricted PSIAs, deemed similar to managed investment accounts. It has given Islamic banks a two-year transition period to differentiate between those types. Yet while the central bank has already spelled out ratios and weights for Basel III capital adequacy rules, it has not yet announced run-off rates or HQLA requirements for PSIAs.

Basel III says national regulators around the world could assign run-off rates of 3 per cent or higher to stable, conventional bank deposits, and as much as 10 per cent to less stable deposits, according to S&P. Islamic banks may end up being assigned numbers within that range; given the size of the deposits at stake, a variation of several percentage points will make a big difference to how much HQLAs the banks are forced to hold.

The PSIA issue may increase pressure on central banks and governments to address longstanding problems in Islamic finance.

As part of its efforts to develop as an Islamic financial centre, Dubai is actively trying to list sukuk on its exchanges and encouraging its state-linked firms to issue trade-able sukuks, but it may be years before supply begins to meet demand.

Another problem is deposit insurance. For bank deposits to be deemed stable they need to be protected by an insurance scheme, but sharia-compliant schemes are rare, partly because government support for domestic banks is considered implicit in many Gulf countries.

Bahrain introduced Islamic deposit insurance in 1993.

In May this year, Qatar said it would develop an Islamic deposit insurance scheme.

In June, Bangladesh said Islamic deposits would be covered under an existing scheme managed by the central bank.

The first sukuk to have claimed to be in compliance with Basel III requirements was issued in November 2012 by Abu Dhabi Islamic Bank (ADIB). The issuance was worth USD1bln and classified as AT1 capital requirements. This issuance generated an overwhelming response with an order book of USD15.5bln (more than 30 times over-subscribed on the initial benchmark size), and carries
a profit rate of 6.375%, the lowest ever coupon for an instrument of this type. This supports proposition that sukuk issuers have an opportunity to tap into the Basel III-compliant sukuk market.

The Islamic Financial Services Board (IFSB) released draft guidelines on capital adequacy for Islamic banks in November 2012 which clarifies the use of sukuk as additional capital. As per the IFSB Exposure Draft 15, sukuk issued against assets owned by an Islamic bank may be used by that bank as additional capital to meet regulatory minimum requirements. The minimum maturity of the sukuk is five years and it should not have step-up features, such as periodic increases in the rate of return, giving an incentive for the issuer to redeem it.

Over the past two years three UAE based Islamic banks such as Abu Dhabi Islamic Bank, Dubai Islamic Bank and Al Hilal Bank have opted for Tier 1 sukuk issuance totalling $2.5 billion. Issuers of these sukuk say that they qualify as Additional Tier 1 (AT1) capital under Basel III.

The ADIB USD1bln sukuk was based on the contract of Mudharabah and is classified as equity, which therefore does not include principal loss absorption or equity conversion features. Periodic distributions are fully discretionary and non-cumulative. The sukuk is unrated, but will be included in Fitch-eligible capital with a 50% equity credit. It has no maturity date while ADIB can choose to repay the sukuk on certain dates from 2018 if it wishes.

This has significant implications in particular for regional banks that deal with both conventional and Islamic finance. They will have to establish processes to ensure
that the two sets of rules are implemented across two divisions simultaneously. For those banks already specialising in either conventional or Islamic finance,
the impact is no less significant. They will have to comply with new regulatory measures around their liquidity ratios. They will also have to implement strategies for stress testing that allow for complex data to be analysed in order to demonstrate compliance with the Relevant Central Bank’ Basel III directives.

These requirements call for considerable technology change at many banks to ensure that the required financial and risk data can be accurately gathered, cleansed, analysed and reported to board members and the regulator in the
formats required.

Meeting the regulations as they are currently shaped, for Basel III is not a one-time compliance exercise. The requirements will evolve and banks will benefit from taking a long-term view of regulatory compliance. This means developing a framework for implementing consistent compliance practices and implementing a regulatory reporting framework with in-built enterprise-wide risk management tools to ensure ongoing compliance.