Globally, the regulatory environment is becoming more stringent for financial institutions, and Oman is no exception. Over the years, the Central Bank of Oman (CBO) has issued a number of regulations all in line with the regulator’s aim to enhance the governance, risks and controls environment across the banking sector, and to encourage financial institutions to adopt international leading practices.
Regionally, the regulations and standards pertaining to internal controls, compliance, and internal audit have been subject to development. We have seen several central banks across the GCC move to strengthen the internal control environment of banks in order to meet the changing market conditions and ensure the soundness and stability of the banking sector.
While the regulations do not specifically make reference to any internationally recognised frameworks, elements can closely be aligned to that of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Although most large banks in the region have defined internal control processes, they would be well advised to reassess their frameworks by conducting a diagnostic review of their existing target operating model, policies and procedures across the three lines of defence.
Keeping pace with regulatory changes
Additionally, banks should also revisit their board and board committees’ (particularly the audit committee) terms of reference and agendas. Along with adequacy of coverage, the board and board committees need to reassess the quality of discussions surrounding internal controls, compliance and internal audit. It is important to determine whether the board committees have access to senior management, are asking the right questions and receiving appropriate information on areas such as the impact of new technologies, emerging risks, risk limits, compliance observations and upcoming regulatory changes. This should enable the board and board committees to set the correct tone at the top and take relevant and timely strategic decisions.
Another key requirement is to have a strong and capable compliance function that can keep pace with regulatory obligations. Banks should update their compliance policies and procedures, streamline their activities and ensure they have an effective and comprehensive monitoring programme in place. In order to maintain independence and objectivity of this function from the operations of the bank, it’s important to clearly articulate the dual reporting lines to the CEO and board or board committee. The compliance function is also required to be audited by the independent internal audit function.
Preventing money laundering and terrorism financing
With greater international pressure on the region to counter terrorist funding, the accountability and responsibility of compliance functions has also increased. Traditionally, job descriptions of compliance officers have been limited to reporting of suspicious transactions pertaining to anti money laundering (AML) and combating financing of terrorism (CFT). Without a complete regulatory repository, skilled compliance personnel and experienced head of compliance, banks may find themselves struggling to cope with an evolving regulatory environment.
Internal audit’s traditional role is also evolving from performance of appraisals to that of a strategic partner to the stakeholders of the bank. The function is required to stay abreast of the emerging risks, rapidly changing regulatory requirements and business challenges.
Areas subject to assessment
Carrying out annual assessments of the internal control framework, compliance function, and internal audit function by the board is another area that the banks should think about addressing in the short-term. The board of directors/board committees may be well advised to obtain independent external evaluations of the compliance and internal audit functions. The potential elements subject to such a review may include both internal audit and compliance areas, such as perception, positioning, capability, capacity, technology, policies and procedures, communication and training, or reporting.
Strong self-review processes
Another area of importance is annual self-evaluation of board and board committee’s effectiveness. In Oman, the Capital Markets Authority has made it mandatory to conduct a board and board committee self-assessment via its Code of Corporate Governance. With increasing responsibility, it is imperative that the board and board committees measure performance against their set objectives. Rather than being a tick-box exercise, the results of the evaluations should provide actionable plans to improve effectiveness of agendas and discussions. The board may consider appointing an independent facilitator to ensure transparency of the process and unbiased results.
The changing regulatory requirements mark a clear shift to a more regulated environment as prevalent in American, European and some Asian financial sectors. Not only should banks ensure compliance with the current regulations but forward looking banks should also try to adopt leading practices from developed markets to meet the demands of key stakeholders.
By Harris Matin, director – advisory at KPMG Lower Gulf
The views and opinions expressed in this column are solely those of the author and do not necessarily represent those of Muscat Daily or Apex Media Publication
© 2021 Apex Press and Publishing. All Rights Reserved.