Seeking Stability in
Uncertain World Seeking Stability in
Ranjit Khanna Head of PB: Europe, Middle East & Global Sth. Asia & Chief Executive, DIFC Branch, Bank of Singapore
Prepared to Persevere
Welcome the March 2026 issue of MEA Finance. Usually, that greeting precedes or follows topical commentary or observation, often in a lighthearted vein. But now the spotlight is on our region for reasons that nobody wanted. So, it is important that we do not lose sight of the achievements, strengths and sophistication that has been embedded into the regional banking and financial markets. Over recent years, well managed determination, smart and inciteful governance, thoughtful and forward-looking regulation and much hard work has built the foundation of our region's resilience. These structures and characteristics are why we will not only get through these challenging days, but will continue at pace to become a leading global financial hub.
Underlining this, George Hojeige, Group CEO at Virtugroup reminds us there are moments in history that test not just the strength of economies, but the character of nations, and that every time the UAE has faced such moments, from the pandemic to natural calamities, it has emerged stronger.
This cover story for this edition features Ranjit Khanna Head of Private Banking: Europe, Middle East and Global South Asia - Chief Executive, DIFC Branch, at Bank of Singapore, explains how they are geared to seek stability in an uncertain world and why they have selected the UAE, and Dubai as their regional operations centre.
This month, our main features include a look at the evolution of regional wealth management and whether the market has matured enough to steward wealth intelligently. We examine security in banking and finance and how the engineering of trust will be a defining characteristic for banks.
In a look at the energy market we discuss how price volatility in the Middle East energy market in is being affected by current conditions. And instant payments are spotlighted with a look at why in the Middle East and Africa, they are no longer merely operational mechanisms, but instruments of economic strategy.
Our Market Focus is on the United Arab Emirates and how it has put in place a financial system with the resilience that will take it through the current troubles, and lead on to continued growth as a global financial centre.
This edition carries the coverage of two of our most recent roundtable debates. Firstly we showcase the debate hosted by GBM and Splunk, that focused on cybersecurity in banking and how it has evolved from a defensive posture to something far more dynamic. The second of the roundtables covered was hosted by Loxon and discussed how resilience and greater effectiveness has been built into credit management with the development early warning systems.
Also looking at technology and AI in lending, Ncino's Mohamed Moneim shows how AI in commercial lending, while greatly enhancing the key tasks of processing data, speeding decisions and maintaining compliance.
Also inside, Abdallah Abu-Sheikh Founder of Mal, the world’s first, AI-native Islamic Digital bank provides an opinion piece that makes the pointed assertion that Islamic Banking today does not feel like it is built for someone whose financial life is part of their faith and values.
Perseverance is the essence of much of the content in this edition. Looking up the definition of the word online it says, " the steadfast, continued effort to achieve a goal or adhere to a belief despite difficulties, setbacks or discouragement. It is the quality of holding on, staying motivated, and not giving up when facing challenges". We feel that it is a fitting description of our region's banking and financial system, and the wider economy that it powers.
Abu Dhabi Islamic Bank launches “Sanadna” to support frontline heroes with financial relief and banking benefits
Deferred instalments on existing personal and auto-finance facilities for up to three months with no additional charges
Abu Dhabi Islamic Bank (ADIB) has launched “Sanadna”, a dedicated initiative to support the nation’s frontline personnel, recognising those who continue to serve and safeguard the UAE. The Sanadna initiative reflects ADIB’s commitment to standing alongside those who serve the nation, recognising
the dedication and resilience of frontline personnel who contribute to the UAE’s strength and stability. Through “Sanadna”, the bank delivers meaningful financial support that responds to real needs with immediacy and care, focusing on solutions that enhance flexibility, ease financial commitments and improve access to essential banking services, ensuring customers feel supported at every stage.
As part of the initiative, eligible front line customers including members of the UAE Armed Forces, Ministry of defence and Interior, police, civil defence members and emergency medical services, will benefit from a range of targeted measures aimed at easing financial commitments. These include the option to defer instalments on existing personal and auto-finance facilities for up to three months with no additional charges. Frontline personnel will also receive access to exclusive banking benefits, including a 0.99% rate on Al Yusr Salary Advance Finance, profitfree instalment plans for school and tuition payments, a 7-month grace
period on Personal Finance buyout and a six month grace period on Auto Finance.
For eligible frontline customers seeking longerterm financial security, the initiative offers 3 months of complimentary life takaful insurance on new home finance, along with access to household and home protection takaful solutions. In addition, ADIB will waive 100% of ATM fees, minimum balance requirements and fees on selected banking services.
Eligible customers will also receive an annual fee waiver on new digital cards including Exceed and Cashback, reinforcing ADIB’s commitment to accessible and costefficient digital banking solutions.
In parallel, ADIB has extended “Sanadna” to support small and mediumsized enterprises that play a critical role in powering the national economy. The initiative provides SMEs with practical solutions designed to enhance business continuity and flexibility during challenging periods, including instalment deferral options of 30 to 60 days on request from April to June 2026, takaful protection to help safeguard businesses against unforeseen events and up to a 50% fee waiver on new POS services to support daytoday operations.
This initiative reinforces ADIB’s broader commitment to customer-centric innovation and social responsibility, ensuring that frontline personnel are recognised through tangible support that enhances their financial wellbeing. It reflects the bank’s ongoing focus on delivering practical solutions that strengthen resilience, deepen trust and contribute to the long-term stability of the communities it serves.
Discover Distinction
with Mashreq Private Banking
Our cutting-edge technology offers you a one-stop solution for all your wealth management and daily banking needs.
RAKBANK and Network International complete merchant acquiring transaction in the UAE
RAKBANK and Network International have completed a strategic merchant acquiring transaction in the UAE, strengthening their combined capabilities to deliver advanced payment solutions, accelerate digital commerce adoption, and support the growth of SMEs and corporates in an increasingly competitive fintech landscape
As part of the partnership, Network will provide its stateof-the-art payment solutions to serve RAKBANK’s customers across SMEs and large corporates, furthering strengthening its position in
the region’s rapidly growing payments and fintech ecosystem. Network will also offer innovative value-added services, reinforcing the commitment to empower the SME ecosystem and support the UAE’s Digital Economy Strategy.
The acquisition also enables Network to serve the growing merchant demand for digital commerce solutions in Ras Al Khaimah, a growing Emirate poised for significant economic development.
RAKBANK and Network International will work closely with existing merchants to ensure a seamless transition and access to the new and enhanced solutions that this partnership enables.
This milestone reflects a shared commitment to enhancing payment capabilities, driving innovation, and supporting the continued growth of businesses across the UAE.
RAKBANK continues to maintain a strong balance sheet, with one of the highest capital and liquidity positions in the UAE banking sector.
This further reinforces the Bank’s ability to support its customers, invest in future growth and deliver on its strategy of being a digital bank with a human touch.
We provide the reach, resiliency, security and innovation you need to compete in the world of digital payments
Connectivity
Scale globally and accept payments across channels and devices with over 200 acquirer connections
Flexibility
Exceed customer needs with a dynamic suite of services, partners and solutions
Security
Innovation
With the right connections, anything is possible
mastercard.com/gateway
Protect all players from fraud and risk with advanced technology and built-in compliance Mastercard Gateway
Futureproof your business and lead the competition in an always evolving market
From Aspiration to Achievement
The UAE has built a financial system that is domestic in strength and international in posture. Its resilient banking sector, with everything in place to continue at pace come the end of the current regional crises, sits beneath a rapidly evolving regulatory framework, an expanding instant payments infrastructure and two financial centres that have positioned Dubai and Abu Dhabi as a bridge between global pools of capital
There are financial centres that grow because capital finds them, and there are financial centres that grow because a country builds the conditions that deserve it. Notwithstanding the dramatic and highly concerning recent outbreak of hostilities and following attacks on the nations of the GCC and the wider region, the United Arab Emirates continues to follow the second path with rare consistency. Yet the UAE’s most important achievement is less visible than any skyline: it is the steady institutional work of credibility. With the dirham’s peg imposing monetary discipline, with compliance reforms reshaping market conduct, and with new rules emerging for virtual assets and open finance, the UAE is demonstrating that ambition in modern finance is not measured by speed alone, but by the quality of the planning that allows innovation to scale without fragility.
The UAE’s banking and financial system has matured into a national platform, one that supports domestic economic diversification while projecting an outward-facing role as a regional intermediary for trade, investment and liquidity. This platform is not a single institution or policy. It is an interlocking system: a central bank that has been steadily modernising its frameworks; banks that have consolidated into nationally significant champions; regulatory free zones that have created credible legal environments for international firms; and an innovation agenda that is moving from rhetoric into rails.
The significance of this is best understood by what it demands. Modern finance does not reward aspiration without compliance. It does not tolerate innovation without operational resilience. It does not sustain growth without credible oversight. The UAE has learned, sometimes under international scrutiny, that the legitimacy of a financial system must be engineered, not assumed. The country’s removal from the Financial Action Task Force’s “increased monitoring” list in February 2024 was one such marker: not a declaration of perfection, but a recognition that reforms had addressed previously identified strategic deficiencies. This matters because credibility is cumulative. And in the UAE, the work of credibility is now embedded into the direction of travel, and supported by four pillars.
CBUAE
The first of these pillars is at the centre of this architecture sits the Central Bank of the UAE. In its 2024 Annual Report, the CBUAE frames its role in terms that align with the country’s financial ambition: safeguarding financial stability, strengthening regulatory frameworks and advancing the financial sector through policy innovation. The language is instructive. This is not a regulator merely keeping pace; it is a regulator shaping the conditions for scale.
Monetary architecture is the first constraint and, paradoxically, one of the UAE’s advantages. The UAE dirham’s peg to the US dollar is an anchor of predictability. It reduces exchangerate uncertainty for trade and inward investment and supports a confidence framework that global institutions understand intuitively. The peg also transmits US monetary conditions into domestic funding costs, creating a discipline that is structural rather than
purely domestic intermediaries. They are regional operators with the balancesheet scale to finance large projects, support cross-border trade and compete for institutional relationships. Consolidation over the last decade has reinforced this trend, producing fewer but stronger institutions able to invest in compliance, digital infrastructure and cyber resilience. The strategic point here is not that the UAE has “big banks”,many countries do. It is that the UAE now has
THIS MATTERS BECAUSE CREDIBILITY IS CUMULATIVE. AND IN THE UAE, THE WORK OF CREDIBILITY IS NOW EMBEDDED INTO THE DIRECTION
OF TRAVEL
discretionary. That discipline is visible in the way UAE financial policy is often discussed by multilateral institutions: stability is partly engineered through the policy framework, not solely through market outcomes.
This is not to suggest the peg is frictionless. A pegged regime can produce periods where imported monetary conditions may not match domestic cycles. But for an economy positioning itself as a capital corridor and a predictable base for international financial services, the peg has historically served as a stabilising signal, particularly in a region where volatility elsewhere can be transmitted rapidly through capital movements. That is not marketing. It is simply how global capital behaves.
The banking sector
The second pillar is the banking sector itself. The UAE’s largest banks such as First Abu Dhabi Bank, Emirates NBD, Abu Dhabi Commercial Bank, Dubai Islamic Bank and others—are no longer
banks with the institutional capacity to behave like platforms: providing liquidity, custody, payments, investment services and corporate banking at a level that attracts international counterparties, and this platform-building becomes more visible when you look at the rails. Payments are not a back-office detail in modern finance; they are national infrastructure. In October 2023, Al Etihad Payments (described by the CBUAE as its subsidiary) announced the launch of Aani, an instant payments platform intended to transform digital payment transactions in the UAE and positioned as a milestone in the CBUAE’s Financial Infrastructure Transformation (FIT) programme. The fact of Aani matters not because “instant payments are fashionable”, but because a 24/7 payments environment changes the tempo of the economy: it compresses settlement time, reduces working-capital delays and forces banks to modernise fraud controls to operate in real time. Instant payments are where innovation and resilience collide.
In a real-time environment, the old comfort of delay disappears. Fraud detection must become embedded in transaction flow rather than performed after the fact. Liquidity management becomes continuous rather than episodic. And as the payments ecosystem grows more connected to merchants, fintechs and open finance participants, the weakest operational link becomes a systemic question. This is why the regulatory tone around information security is not incidental. The CBUAE Rulebook’s Chapter 14 on Information Security exists precisely because digital acceleration, without commensurate controls, increases systemic risk.
Free zones
The third pillar is the UAE’s financial free zones, the international-facing engines that turn domestic stability into global participation. DIFC and ADGM have become recognisable brands within global financial services, not only because of geography but because they offer institutional frameworks international firms can navigate. DIFC’s own announced annual results for 2025, published in early 2026, position the centre as scaling in active registered companies, financial services professionals and revenues. While the exact metrics are important (and we will use them precisely where needed), the editorial point is structural: DIFC frames itself as a mature ecosystem rather than a property development. It sells regulation, talent density, market access and a sense of permanence.
ADGM’s trajectory reinforces the dualhub strategy: Abu Dhabi’s pitch is not identical to Dubai’s, and that is a strength. ADGM’s Financial Services Regulatory Authority has published an Annual Report for 2024, reflecting priorities such as innovation, safe markets and growth through sound regulation and cooperation. This is exactly how a jurisdiction signals seriousness: not by promising the future, but by publishing the machinery of supervision.
Innovation
The fourth pillar is innovation, particularly where the UAE has opted for regulated engagement rather than reactive prohibition. Dubai’s Virtual Assets Regulatory Authority (VARA) is explicitly grounded in law. VARA’s own rulebook introduction states that it was established and authorised by Dubai Law No. (4) of 2022 Regulating Virtual Assets to regulate virtual assets and virtual asset service providers. In a global environment where digital asset regulation has been inconsistent across jurisdictions, the UAE’s approach has
significant as the products. The rails are becoming as strategic as the banks. And yet, the most consequential aspect of this architecture may be the least glamorous: the discipline of compliance reform.
The UAE’s February 2024 Financial Action Task Force (FATF) delisting was not a public relations victory in isolation. It was a marker that international bodies view as consequential because it affects how the world prices risk. Correspondent banking relationships, institutional due diligence, onboarding friction and cross-border capital comfort, are shaped by credibility
FOR A COUNTRY POSITIONING ITSELF AS A GLOBAL CAPITAL CORRIDOR, THAT IS NOT AN ADMINISTRATIVE DETAIL. IT IS A STRUCTURAL REQUIREMENT
been to build a named regulator with defined authority and publish rulebook infrastructure. That alone does not eliminate risk, crypto markets remain volatile by nature, but it does signal a governance posture: innovation is allowed, but not ungoverned.
At a national strategy level, the UAE has also formalised its ambition for the digital economy. The official UAE government platform states that the Digital Economy Strategy aims to double the digital economy’s contribution to GDP, from a stated baseline in 2022 to a higher target by 2031. Again, the precise numbers are less important than the institutional signal: digitisation is being treated as economic policy, not a marketing theme.
Taken together, these pillars explain why the UAE’s financial story is now being written as infrastructure rather than individual episodes. The institutions are becoming more important than the headlines. The rules are becoming as
signals as much as by profitability. FATF’s own outcomes statement explicitly framed the UAE’s removal as recognition of significant progress addressing previously identified AML/ CFT deficiencies.
For a country positioning itself as a global capital corridor, that is not an administrative detail. It is a structural requirement.
The deeper question is whether the UAE can keep all these vectors aligned as complexity increases. Because complexity is what maturity looks like. It is easy to grow fast when the ecosystem is simple. It is difficult to grow responsibly when the ecosystem becomes dense, with banks, fintechs, virtual asset firms, global asset managers, cross-border payment flows and a rising expectations of regulatory scrutiny all operating simultaneously. From our current standpoint, based on all that has led up to this point, the answer is that it looks like it can.
From Processor to Partner
Mohamed Moniem Regional Vice President for the Middle East Region at nCino clearly explains how AI in commercial lending, while greatly enhancing the key tasks of processing data, speeding decisions and maintaining compliance, it also allows banks to proactively identify benefits for their commercial clients
What do you judge to be the top two benefits of the application of AI to commercial lending?
The two most impactful benefits of AI are speed and insight. Commercial lending involves tedious, manual tasks. Many institutions still use siloed and outdated systems to manage mountains of data: financial statements, credit reports, collateral valuations, industry benchmarks. AI augments commercial bankers’ everyday tasks so they can focus on more strategic initiatives.
But without insight, what good is speed? AI can also identify patterns and correlations across vast amounts of data, especially when dealing with complex commercial relationships. For banks managing diverse portfolios across multiple sectors and geographies, AI can surface insights about emerging risks or opportunities that inform smarter credit decisions.
The key? Balance. AI should not replace experienced bankers; it should amplify their expertise by handling the heavy lifting of manual, routine processes and synthesising data so credit officers can focus on nuanced judgment calls that require market knowledge, relationship context and strategic thinking. That is
where commercial banking expertise really matters.
Can AI truly be more effective when assessing risk?
Yes, absolutely—but only when it is transparent, keeps the banker in the loop and operates within institutional guardrails.
“AI is great at processing vast datasets to easily spot early warnings and risk indicators. It analyses numerous borrower financial characteristics simultaneously and continuously learns
from new data. Intelligently automating manual, inefficient tasks — especially covenant testing, reviews and financial analysis — allows more focus on complex credit cases and so becoming an advisor clients trust”.
But here is the critical point: the AI has to operate responsibly and be trustworthy - meaning it has to be explainable, keep the banker in the loop for reviews and approvals and operate within risk thresholds. In commercial lending, decisions involve substantial capital and regulatory requirements. AI that cannot explain its reasoning is not useful, no matter how accurate it might be. Explainable AI allows credit officers to validate the logic against their expertise.
Commercial banks traditionally rely on manual, reactive processes, with scattered data making it difficult to get a holistic picture of borrower credit health. AI changes this by monitoring portfolio health continuously and alerting teams to early warning signs and risk status changes, enabling proactive intervention before issues escalate. In markets where banking relationships involve personal knowledge of business owners and local dynamics, AI provides the data-driven foundation that relationship managers enhance with contextual intelligence about political considerations, cultural factors, or market conditions that pure data analysis cannot capture.
How has AI enhanced or improved loan origination?
AI has transformed loan origination from a manual document-heavy process into an intelligent and streamlined workflow that accelerates decisions. One area of significant improvement is data extraction and document validation. Commercial loan applications involve extensive documentation, like tax returns, financial statements, entity structures
Mohamed Moniem, Regional Vice President for the Middle East Region at nCino
and collateral records. AI automatically extracts data, validates information and pre-populates fields while also filing documents in the proper placeholders, which can significantly reduce origination time.
AI provides bankers with instant access to credit policies, which can be lengthy. Readily accessing this information accelerates the origination process. Bankers can quickly determine whether a loan and its terms fit the bank’s credit policy and meet all requirements, reducing delays and improving decision speed.
For banks managing diverse portfolios, AI eliminates manual data entry and document processing, freeing bankers to focus on decision-making. This reduces operational risk and increases operational efficiency while improving the client experience. The result? Faster decisions, fewer errors and loan officers spending time on booking new business strategic work rather than paperwork
How is AI changing the underwriting process?
Manual spreading eats up underwriter time and introduces inconsistencies that can delay credit decisions. AI solves this by automating data extraction from financial documents, cutting spreading time dramatically so underwriters can focus on accuracy instead of repetitive tasks.
AI goes further with financial analysis by identifying trends, spotting risks and generating insights that prepare underwriters for more productive borrower conversations. It is not just about speed. It is about making every credit decision smarter.
Critically, AI does not eliminate underwriter judgment; it elevates it. By automating data extraction and analysis, AI allows senior underwriters to focus on complex loans, dive deeper into financial analyses and make faster, more informed credit decisions.
The technology handles the data processing. Experienced credit
professionals handle the judgment calls. That division of labour makes underwriting both faster and better.
What are the main challenges when making AI a core part of the commercial lending process?
The biggest challenges are data quality, organisational change and regulatory compliance.
Fir st, AI needs good data. Many banks have lending data scattered across legacy systems with inconsistent formats and incomplete records. Before AI can deliver value, banks must consolidate, cleanse and standardise data. For institutions that have grown through acquisitions or operate across multiple markets, this integration work is substantial but necessary.
Successful AI adoption requires cultural change. A change management plan is essential. Key measures include
These challenges are surmountable, but having a trusted, industry-leading tech partner with embedded AI into existing workflows for easier, faster adoption can help mitigate these challenges.
What are the most apparent benefits of AI in commercial lending from a client standpoint?
Clients value two things above all: faster decisions and proactive, tailored service. Speed cannot be understated. AI-powered lending platforms provide preliminary credit decisions in hours rather than weeks, allowing businesses to respond quickly to market opportunities or manage working capital needs effectively. For businesses in fast-moving markets or managing seasonal cash flow, this responsiveness is a competitive advantage. Perhaps most strategically, AI enables banks to be proactive partners and trusted advisors. By analysing financial health
THE BANK SHIFTS FROM REACTIVE TRANSACTION PROCESSOR TO STRATEGIC FINANCIAL PARTNER
identifying internal champions to promote buy-in, educating teams on how AI augmentation enhances their workflow and pinpointing high-value use cases before implementation. Regulatory compliance is also paramount. Commercial lending decisions must be defensible to regulators and auditors. AI models must provide clear explanations, maintain audit trails and comply with fair lending regulations. In regions where regulatory frameworks vary significantly, ensuring AI operates transparently within appropriate guidelines requires careful design and ongoing governance.
indicators, industry trends and business performance, AI helps relationship managers identify when clients might benefit from additional credit, alternative products, or restructured facilities— before the client asks. The bank shifts from reactive transaction processor to strategic financial partner. For familyowned enterprises and SMEs, this combination of speed, transparency and proactive service strengthens banking relationships in ways that matter operationally while preserving the personal relationship banking model that remains fundamentally important to commercial lending.
FORGING AHEAD:
The UAE Displays Peerless Resilience & Determination Amidst Regional Uncertainty
In the midst of the current regional crisis, George Hojeige Group CEO at Virtugroup reminds us there are moments in history that test not just the strength of economies, but the character of nations, and that every time the UAE has faced such moments, from the pandemic to natural calamities, it has emerged stronger
As the country faces regional uncertainty, I want to examine the UAE’s leadership, governance and national strategy for managing unprecedented events, restoring stability and growth and resolutely paving the way for a future characterised by a thriving economy, prosperity and opportunities for all.
Setting a benchmark for crisis response
When COVID-19 brought the world to a standstill in early 2020, responses varied dramatically across countries. While many nations struggled with overwhelmed healthcare systems, economic paralysis and institutional disorder, the UAE found a way forward and brought a sense of normalcy far earlier than even the most developed economies.
Within the first 100 days of the pandemic, the UAE established drivethrough testing centres, launched
George Hojeige, Group CEO at Virtugroup
national sterilisation protocols and implemented strict community guidelines for safe distancing.
The country led the world in COVID-19 testing per capita, higher than any other developed nation at the time. The UAE also established a quarantine facility for 10,000 patients in just nine days, showcasing impressive agility in emergency preparedness and crisis management.
In addition, Dubai became the first city to reopen to international tourists, and by mid-2021, it achieved one of the highest vaccination rates globally. With these milestones, the UAE ranked first in the region in the COVID Economic Recovery Index, further earning an Aa2 sovereign credit rating from Moody’s with a stable outlook.
Facing a new test: Geopolitical uncertainty in the region
Today, the UAE faces a different kind of challenge in the form of geopolitical uncertainty across the Gulf, which has disrupted the region’s aviation, logistics, trade and financial markets.
Once again, however, the UAE has responded with clearly defined measures and strategic initiatives.
For one, the UAE resumed airport operations, primarily at the Dubai International Airport, Al Maktoum International Airport and Zayed International Airport in Abu Dhabi, by identifying and establishing safe air corridors to keep connectivity ongoing.
To ensure public safety, alerts have been issued to keep residents informed while promoting preparedness and order.
The government has moved swiftly to protect food supply chains, with the Ministry of Economy and Tourism reassuring residents that essential food supplies remain stable and supermarkets well-stocked nationwide. UAE residents trusted the government’s communications calmly and panic-buying at supermarkets was nowhere to be seen, unlike the first days of the pandemic. Trust is earned, as they say.
Covering a 1,200-kilometer network, the UAE’s national railway, Etihad Rail, also stepped in to ensure the uninterrupted movement of goods. By Day 9 of the conflict, the network had already transported over 459,000 tonnes of cargo and more than 7,900 containers.
The UAE’s local business community has also shown remarkable resilience and unity, with many establishments offering complimentary access, memberships and special discounts, which not only stimulate the economy but also promote a positive mindset among its residents and citizens: calm, resilience and drive.
Strongly positioned to withstand and recover economically
S&P Global has affirmed the UAE’s AA/A-1+ sovereign credit ratings with a stable outlook, noting that the country’s consolidated net asset position, estimated to reach 184% of its gross domestic product (GDP) this year, provides a significant buffer against external shocks. The government also holds liquid assets with an estimated value of 210% of its GDP.
Furthermore, its government debt remains low, standing at approximately 27% of GDP, in addition to having a fiscal surplus averaging 5.6% over the 2021–2025 period.
In an interview with CNBC, His Excellency Abdullah bin Touq Al Marri, Minister of Economy and Tourism, stated the country is “resilient and built to withstand economic shocks,” and that
short-term tensions will not alter the UAE’s long-term trajectory.
Over the years, the UAE has built a highly robust and diversified economy largely hinged on technology, finance, logistics, manufacturing, trade and clean energy, which has successfully increased its non-oil GDP contribution to 74% and reduced economic vulnerability and reliance on oil.
The solid foundation that the UAE has laid in recent years puts the country in an optimal position, one that significantly diminishes the repercussions of black
800 billion and increasing foreign trade to AED 4 trillion.
Echoing the same resolve, Dubai continues to aim to amplify the value of its foreign trade for goods and services to AED 25.6 trillion, boost its foreign direct investment (FDI) to AED 60 billion annually and raise private sector investment to AED 1 trillion in the next 10 years.
The emirate also seeks to generate an annual contribution of AED 100 billion from digital transformation projects and expand its key trading partners by adding 400 cities to its existing network.
NOTWITHSTANDING THE RECENT EVENTS, THE UAE IS OPTIMISTIC THAT IT CAN ACHIEVE ITS NATIONAL ECONOMIC TARGETS
swan events, while allowing it to swiftly pivot and rebuild a stronger and more resilient framework for its economy and national policies.
Proven blueprint for economic resurgence
Notwithstanding the recent events, the UAE is optimistic that it can achieve its national economic targets. In 2025, its GDP reached approximately AED 1.4 trillion, signifying a 5.1% year-on-year growth.
Non-oil sectors were the primary driver, expanding 6.1% to exceed AED 1 trillion, a figure that directly reflects the progress of the country’s long-term diversification strategy. Over 35,000 new companies were registered in Dubai alone during the first half of 2025, indicating sustained investor confidence.
Building on these feats, the UAE remains undeterred in realising its goals, particularly the ones outlined in its “We the UAE 2031” vision, including doubling its GDP from AED 1.49 trillion to AED 3 trillion, raising the value of non-oil exports to AED
Alongside these objectives, national investment is being directed toward technology, artificial intelligence, healthtech, edtech, life sciences and the digital economy, sectors identified for their long-term growth potential and for their role in further minimising reliance on hydrocarbon revenues.
It is exactly this forward-looking orientation, one that treats uncertainty not as a deterrent but as a catalyst for growth and innovation, that defines the UAE’s approach to the current moment and truly sets it apart from other business hubs in the world.
Guided by strong leadership, a clear vision for the future and an inimitable spirit of unity, the UAE’s community of entrepreneurs, founders and SMEs continues to demonstrate unmatched resilience, agility and single-minded determination to move forward, defying odds and forging a path towards stability and growth.
Having this tenacity and mindset is precisely what certain long-standing residents of the UAE define as its “soul.”
The Stewardship of Capital
Despite the ongoing regional crisis many managers report that long-term clients are staying put, but also taking a wait and see approach. At the conclusion of hostilities, the market fundamentals and infrastructure developed
years will be in place
region
in recent
and it remains that the question is no longer whether the
can generate wealth but whether it can steward that wealth intelligently
across generations, jurisdictions and technological disruption
Across the GCC, even before the outbreak of hostilities involving Iran, private banks were recalibrating their models, and no longer competing solely on access or brand prestige. They are competing on architecture — the depth of advisory capability, cross-border structuring expertise, succession planning integration and technological enablement.
With the current crisis and the associated uncertainties, wealth managers are advising clients to move funds to navigate the volatility, though with some portfolios staying positive via heavy diversification despite the circumstances. However, to mitigate concerns, some are currently using “booking centres” in Singapore and Hong Kong for clients looking to move assets out of the immediate region.
But the maturation of wealth management in our region, the accompanying services sophistication and underlying operational infrastructure that has developed in the regional market are fundamentals that are in place and
ready to bring the sector back up to, and likely beyond pre-crisis levels of activity.
Among the reasons for this is that national transformation agendas have accelerated wealth creation beyond traditional sectors. Vision 2030 in Saudi Arabia has catalysed new industries. The UAE continues to attract global entrepreneurs and family offices. Financial centres such as DIFC and ADGM have expanded regulatory frameworks that accommodate complex wealth structures.
The proposition
The question confronting wealth managers is not whether capital will grow. It is whether propositions will evolve fast enough to match its sophistication.
Building a strong wealth proposition in a rapidly maturing market requires structural differentiation: consolidated reporting across jurisdictions, governance frameworks for family councils, philanthropic structuring, Sharia-compliant alternatives, succession planning advisory and digital transparency.
Regional private banks are responding by deepening investment advisory capabilities, expanding global custody networks and integrating alternative investment access. The growth of private markets — private equity, venture capital and infrastructure exposure — is reshaping allocation strategies among ultra-high-net-worth families. Wealth managers must therefore operate with institutional-grade research and risk assessment frameworks.
Advisory firms have observed that regional wealth is becoming more professionally managed, with family offices adopting governance structures resembling those of mid-sized institutions. This maturation alters expectations. Informal advisory is insufficient; structured governance is demanded.
Regional banks are responding by establishing dedicated External Asset Manager (EAM) desks. These desks provide operational infrastructure, custody support and product access while allowing independent managers to retain advisory autonomy. Financial centres
such as DIFC and ADGM have created regulatory frameworks accommodating independent asset managers, further encouraging ecosystem expansion.
The strategic calculus is clear. By supporting EAM relationships, private banks broaden asset inflows while maintaining custodial and transactional revenue. For clients, the model enhances independence and choice. The growth of EAM desks is not universal, but it is increasing — particularly among institutions seeking to position themselves as regional wealth hubs rather than purely domestic advisors.
At the same time, the regulatory environment is tightening. The global tax transparency agenda, including OECD-led frameworks and automatic exchange of information standards, has altered crossborder wealth structuring dynamics. Wealth managers must integrate tax advisory within portfolio strategy, often in collaboration with specialised tax firms.
The mention of “2025 tariff declarations” — widely interpreted as references to shifting global trade policies and fiscal adjustments in major economies — has also had indirect implications for private banks operating in the region. Trade tensions and tariff adjustments influence capital flows, currency exposure and portfolio diversification strategies. Private banks in the Gulf, serving globally diversified clients, have had to recalibrate asset allocation advice in response to volatility triggered by tariff announcements. While the region itself may not be directly affected by such tariffs, its clients’ global exposure necessitates adaptive risk management. Wealth management, therefore, cannot operate in isolation from geopolitical and macroeconomic shifts.
Perhaps nowhere is this more evident than in succession planning. For years, succession planning was discussed quietly within family offices, often deferred or addressed informally. As first-generation entrepreneurial wealth transitions toward second and third generations, the urgency has increased.
Private banks are increasingly integrating succession advisory into core propositions including collaboration with legal specialists, trust structuring professionals and governance consultants. The growing prioritisation of succession planning reflects maturation. It must be stewarded intentionally. This stewardship increasingly intersects with technology.
AI x (WM+PB) =
The integration of AI within wealth management is no longer speculative. Artificial intelligence has already begun reshaping wealth management operations but the emergence of agentic AI introduces a new dimension.
For example, in a multi-jurisdictional portfolio, an AI-driven system could monitor regulatory updates affecting tax treatment, automatically suggest allocation adjustments or execute rebalancing within predefined thresholds. In volatile markets, liquidity stress modelling could trigger defensive positioning aligned with client risk parameters.
Agentic AI systems, capable of autonomously executing defined objectives within constraints, could transform wealth advisory. Portfolio rebalancing based on real-time market signals, tax optimisation adjustments aligned with regulatory changes and dynamic risk modelling are potential applications. However, private banking operates within a relationship model built upon trust and relational accountability. Autonomous execution without transparency risks undermining that foundation.
The degree to which agentic AI should operate autonomously is therefore a strategic question. The answer lies in calibration. The most sustainable path forward is likely augmentation rather than replacement — AI as a decision-support architecture, with human oversight retained for strategic direction.
In discretionary portfolio management mandates, algorithmic rebalancing is already embedded. Yet high-net-worth and ultra-high-net-worth clients often value bespoke judgement. Agentic AI may
therefore operate most effectively as augmentation rather than replacement — providing predictive modelling, liquidity optimisation and risk alerts while preserving human accountability.
The degree of AI integration will vary by institution and client segment. Digitalnative wealth platforms may embrace higher degrees of automation. Traditional relationship-led private banks may integrate AI gradually within operational layers rather than client-facing execution. The question is how much autonomy should be delegated within a domain defined by fiduciary responsibility? The answer will evolve, but governance must precede acceleration.
A maturing market
Wealth in the Middle East and Africa is no longer concentrated within a narrow set of legacy industries. Technology founders in Riyadh and Dubai are building companies with international investor bases. Logistics, healthcare, renewable energy and fintech ventures are generating liquidity events earlier in entrepreneurial cycles. Regional sovereign and institutional capital flows are increasingly sophisticated. Capital pools are not merely large; they are structurally complex. Private banks must therefore compete not on familiarity, but on architecture.
A compelling proposition in this maturing market begins with clarity of identity. Institutions that attempt to serve every segment without distinction risk dilution. Some regional banks are positioning themselves as full-spectrum private wealth houses, integrating investment advisory, trust services, lending, philanthropy structuring and cross-border custody under one umbrella. Others are refining niche strengths — Sharia-compliant wealth advisory, family office governance consulting or alternative investment access.
The competitive landscape now includes not only traditional private banks, but multi-family offices, independent asset managers and global custodians establishing stronger regional footprints.
WEALTH MANAGEMENT
Financial centres such as the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) have cultivated regulatory frameworks that attract international wealth managers, external asset managers and specialised advisory firms. The result is a denser ecosystem in which differentiation is structural rather than cosmetic.
The growth of External Asset Managers (EAMs) across the region is emblematic of this maturity. As client sophistication deepens, so too does the appetite for independent advisory layered atop robust custody infrastructure.
Dedicated EAM desks within regional banks are increasingly visible. These platforms provide operational support, execution capability, structured product access and reporting infrastructure while allowing EAMs to retain advisory independence. For private banks, the model expands assets under custody without absorbing full advisory liability. For clients, it enhances diversification of opinion.
The regulatory infrastructure has evolved to accommodate this development. DIFC and ADGM both provide licensing frameworks for asset managers, reinforcing the legitimacy and scalability of the EAM model.
Partnership, rather than competition, is becoming the defining strategy. Private banks that recognise this dynamic are reframing themselves as platforms rather than gatekeepers. They facilitate open architecture product access, multicustodian reporting and cross-border structuring solutions. In doing so, they respond to a client base that no longer accepts concentration of advisory power within a single institution.
The maturation of the market is equally evident in client behaviour following global macroeconomic shifts. The tariff declarations and trade policy adjustments that intensified through 2024 and 2025 in major economies did not target the Gulf directly. However, their ripple effects were felt within globally diversified portfolios managed by regional private banks. Clients with exposure to US–China trade
THE QUESTION CONFRONTING WEALTH MANAGERS IS NOT WHETHER CAPITAL WILL GROW. IT IS WHETHER PROPOSITIONS WILL EVOLVE FAST ENOUGH TO MATCH ITS SOPHISTICATION
dynamics, European industrial sectors or global supply chain equities required recalibration of allocation strategies.
Private banks operating in the region reported heightened demand for diversification beyond concentrated public market exposures. Alternative investments — infrastructure, private equity, real assets — gained attention as hedging instruments against tariff-induced volatility. Currency risk management became more central to portfolio construction conversations. Fixed income allocations were reassessed in light of interest rate recalibration linked to global trade uncertainty.
The region’s own economic diversification agendas mitigated direct exposure to some trade policy volatility. However, the wealth of its citizens is internationally invested. Private banks were therefore compelled to integrate macro sensitivity analysis more deeply within advisory frameworks.
This recalibration underscores a broader structural truth: Middle Eastern wealth is global wealth.
The integration of tax transparency regimes over the past decade has further intensified the complexity of crossborder structuring. OECD-led Common Reporting Standard (CRS) frameworks and automatic exchange of information protocols require wealth managers to ensure that portfolio strategies align with reporting obligations across jurisdictions. The era of opaque structuring has given way to one of regulated transparency.
This shift does not diminish the region’s attractiveness as a wealth hub. On the contrary, it enhances credibility. Clients increasingly prioritise compliant, defensible structures over aggressive opacity.
Advisory firms have consistently emphasised that governance, compliance integration and cross-border tax planning are now central pillars of private wealth management in emerging financial centres. Private banks that embed such capabilities within their core proposition demonstrate maturity aligned with global standards.
Legacy stewardship
Perhaps the most consequential transformation underway, however, lies in succession planning and the region’s increasing prioritisation of this further underscores institutional maturation.
For decades, succession planning was treated as sensitive and sometimes deferred. Today, it is discussed openly within private banking engagements. Wealth managers report greater willingness among clients to formalise inheritance strategies, establish trusts and define nextgeneration governance roles.
Financial centres such as DIFC and ADGM have strengthened trust and foundation regimes to facilitate structured wealth transfer. These frameworks provide legal clarity aligned with international standards while respecting regional considerations. The availability of such vehicles reflects a region that understands that generational continuity is as important as capital growth.
This shift is demographic as much as economic. A younger generation of wealth holders — often educated internationally, digitally native and entrepreneurially ambitious — brings different expectations. They demand transparency, sustainability considerations and digital accessibility. They are comfortable with data-driven analysis and increasingly receptive to technology-enabled advisory.
For many Gulf economies, familyowned enterprises remain foundational to national output. As first-generation wealth creators age, the transfer of control and capital becomes inevitable. Historically, succession conversations were often deferred, handled informally or addressed only when urgency compelled action. Today, the priority has shifted. Private banks across the region report growing engagement around formalised succession planning frameworks. This includes the establishment of family councils, structured trust vehicles, foundations for philanthropic continuity and governance charters defining roles for next-generation members.
Succession planning is no longer peripheral advisory; it is strategic preservation.
Private banks that position themselves as long-term stewards rather than transactional advisors strengthen relational durability. The value of advisory in this domain extends beyond asset management into institutional continuity.
Institutionalise competitiveness
Wealth management in the Middle East and Africa is no longer in its formative stage. It is entering consolidation — where institutions differentiate through depth, governance maturity and technological discipline rather than novelty.
The region has demonstrated its capacity to generate capital at scale. The challenge now is to steward that capital across generations, jurisdictions and volatility cycles without sacrificing integrity. In this environment, differentiation is not a marketing exercise. It is structural.
The maturation of wealth management and private banking across the Middle East and Africa is not occurring in isolation. It is unfolding alongside broader financial centre ambitions, regulatory evolution and demographic transition. The decisive question is not whether the region can compete globally in private wealth. It already does. The more nuanced question is whether it can institutionalise that competitiveness across cycles.
The Gulf’s financial centres — Dubai, Abu Dhabi, Riyadh, Doha and Manama — have invested heavily in legal and regulatory infrastructure designed to attract capital and professional advisory talent. DIFC and ADGM operate under internationally recognised legal frameworks derived from common law principles. Saudi Arabia has accelerated reforms aimed at strengthening capital markets and financial services under Vision 2030. Qatar and Bahrain continue to refine regulatory clarity to support asset management and family office activity.
These frameworks are not symbolic. They are structural signals to international investors and domestic wealth holders alike: that the region’s private banking industry is operating within globally credible standards.
Private banks operating within these jurisdictions therefore compete not only with one another, but with established hubs such as Switzerland, Singapore and London. The competitive advantage of the Middle East does not rest solely on geography or capital abundance. It rests increasingly on alignment between regulatory sophistication, digital infrastructure and advisory depth.
To build enduring propositions in this environment, private banks must institutionalise four structural capabilities.
The first is integrated advisory depth. Wealth is no longer static and domestic. It is diversified, often multi-jurisdictional and subject to cross-border tax regimes. Banks must embed investment strategy, legal structuring and tax awareness into cohesive advisory frameworks. Collaboration with specialised legal advisors and Big Four consultants is often necessary. The days when private banking could operate independently of complex structuring expertise are receding.
The second is governance facilitation. Family businesses transitioning across generations require structured frameworks. The private bank that can facilitate family councils, define governance charters and coordinate succession strategies becomes more
than a portfolio manager; it becomes a continuity partner.
The third is technological credibility. Realtime reporting, cybersecurity assurance and consolidated visibility across assets are now baseline expectations. Clients operating global portfolios expect digital transparency equal to that provided in established financial hubs.
The fourth is capital access breadth. Private markets exposure — private equity, venture capital, infrastructure and direct investments — increasingly forms a significant component of ultra-high-networth allocations. Regional banks that expand access to such opportunities differentiate themselves meaningfully.
The presence of External Asset Managers reinforces the platform model emerging within regional financial centres. Rather than centralising all advisory functions, private banks are positioning themselves as infrastructure enablers — custody, execution and product access — while independent advisors provide portfolio discretion. This diversification enhances ecosystem resilience.
Inflection point
The Middle East and Africa now stand at an inflection point in private wealth stewardship. The region’s capital pools are expanding. Entrepreneurial liquidity events are increasing. Regulatory infrastructure is maturing. Financial centres are attracting international advisory talent. EAMs are integrating into the ecosystem. Succession planning is being prioritised. Technology is embedding itself within advisory frameworks.
This convergence suggests not an emerging market in wealth management, but a consolidating one where the strategic imperative now is durability. Will private banks maintain differentiation as competition intensifies? Will governance frameworks keep pace with generational transition? Will regulatory alignment sustain cross-border credibility? Will AI integration enhance advisory depth without eroding relational trust?
These questions will define the next decade.
The Architecture of Trust
In an era of perpetual connectivity and algorithmic decision-making, the institutions that will define the next decade of regional banking are not those that innovate fastest, but those that engineer trust most intelligently
For much of modern banking history, security was conceived as a protective layer — an outer shell guarding the institution’s assets. It was important, certainly, but it was not transformative. Strategy was about expansion, market share and product innovation. Security was about control.
But in today’s Middle East and Africa, that hierarchy has reversed. Digital transformation has redrawn the operational map of banking. Across Saudi Arabia, the United Arab Emirates, Qatar and Bahrain, financial institutions have embraced real-time payment systems, open banking frameworks and digital-first
operating models as central components of national economic ambition. Vision 2030 in Saudi Arabia, the UAE’s Digital Economy Strategy and Qatar’s financial sector modernisation agenda have collectively accelerated fintech integration and customer digitisation at remarkable speed.
The shift has been structural rather than cosmetic. Instant payment rails such as Saudi Arabia’s SARIE and the UAE’s Aani are not merely convenience tools; they represent a fundamental redefinition of settlement expectations. Transactions that once relied upon defined clearing windows now execute continuously. Liquidity flows without pause. Retail customers and corporate treasurers alike operate in a real-time financial environment.
With speed comes fragility. When money moves instantly, error and fraud propagate instantly. When systems are interconnected through APIs and cloud infrastructure, vulnerabilities extend beyond internal firewalls. When artificial intelligence governs transaction monitoring and credit decisions, the integrity of algorithms becomes inseparable from institutional credibility. Security, therefore, is no longer defensive. It is architectural.
The concept of Zero Trust has emerged as the defining doctrine of this new era. Though frequently invoked, it is often misunderstood. Zero Trust does not imply suspicion of customers or friction in every interaction. Rather, it represents a disciplined acknowledgement that digital ecosystems are inherently porous. Access cannot be presumed safe simply because it originates within a network boundary.
The National Institute of Standards and Technology’s Special Publication 800207 formalised Zero Trust architecture as a model built upon continuous verification, least-privilege access and micro-segmentation. Its logic resonates strongly in the Gulf context, where digital ecosystems are expanding rapidly across hybrid cloud environments and crossborder integrations.
In practical terms, Zero Trust reorients security around identity rather than perimeter. Every access request is evaluated contextually. Devices are authenticated continuously. Privileges are granted only as required and revoked dynamically when risk indicators shift.
For banks operating instant payment platforms, this continuous verification model is not an optional enhancement. It is a necessity.
Historically, payment systems benefited from temporal buffers. Batch processing allowed fraud teams time to review anomalies before settlement finalised. Real-time rails remove that buffer entirely. Verification must therefore occur at the speed of execution.
The concern often voiced in executive discussions is whether such verification
inevitably slows digital experience. The evidence suggests otherwise.
Modern risk-based authentication systems assess behavioural baselines in milliseconds. If a transaction aligns with historical patterns, it proceeds without interruption. If deviations are detected — unusual geography, unfamiliar device signature, atypical transaction value — escalation mechanisms activate proportionately. The distinction is critical. Zero Trust does not demand visible friction; it demands invisible intelligence.
SECURITY, THEREFORE, IS NO LONGER DEFENSIVE. IT IS ARCHITECTURAL
This architectural evolution aligns closely with regulatory direction. The Saudi Central Bank’s Cybersecurity Framework establishes mandatory controls across governance, defence, resilience and thirdparty management. It explicitly requires financial institutions to implement layered defence and continuous monitoring mechanisms. Similarly, the Central Bank of the UAE’s Information Security Regulation and Standards emphasise authentication, risk assessment and incident reporting obligations. Qatar Central Bank’s technology risk guidelines reinforce parallel expectations. The supervisory message is consistent across jurisdictions: digital growth must be matched by demonstrable security maturity.
Rise of resilience
Yet Zero Trust addresses only one dimension of a broader recalibration. The more profound shift lies in the movement from prevention to resilience.
For decades, cybersecurity strategy emphasised perimeter fortification.
If breaches could be blocked, systemic disruption would be avoided. This assumption no longer reflects operational reality. The sophistication of threat actors has increased markedly, and the attack surface has expanded through vendor ecosystems, remote access channels and cloud integration.
Global cyber intelligence consistently identifies financial services as a prime target for ransomware and phishing campaigns. The Middle East, with its rapidly digitising financial infrastructure and geopolitical visibility, presents attractive incentives for sophisticated adversaries. The strategic question for bank boards is therefore not whether to invest in prevention — that is assumed — but whether resilience frameworks are robust enough to withstand inevitable stress.
Resilience reframes cybersecurity as continuity management. It recognises that breaches may occur, but their impact can be contained through rapid detection, isolation and recovery. It requires institutions to test disaster recovery protocols rigorously, to simulate crisis scenarios realistically and to integrate cyber risk within enterprise risk management structures.
Across the GCC, regulatory frameworks have elevated operational resilience to supervisory priority. Institutions are expected to maintain business continuity plans capable of sustaining critical services under adverse conditions. Incident response times are scrutinised. Reporting obligations are formalised. For instant payment ecosystems, resilience is particularly consequential. An interruption in a real-time payment network does not merely inconvenience customers; it disrupts commerce. The systemic implications underscore why security must now be understood as financial stability infrastructure rather than IT expenditure.
In The Cloud
Cloud adoption introduces further complexity into this architecture of trust. Cloud platforms offer scalability and
elasticity well suited to digital banking growth, particularly for analytics-intensive functions such as fraud detection and customer personalisation. However, cloud security is frequently oversimplified as an outsourcing of risk. In practice, the shared responsibility model demands rigorous internal governance. While providers secure underlying infrastructure, banks remain accountable for data configuration, access management and encryption standards.
Misconfiguration has emerged globally as a leading source of cloudrelated vulnerabilities. Excessive access privileges, unencrypted storage buckets or poorly monitored APIs can expose sensitive data despite robust infrastructure. Regional regulators have responded proactively. SAMA’s Cloud Computing Framework outlines requirements for risk assessment, data residency compliance and vendor oversight. The Central Bank of the UAE similarly mandates comprehensive governance of outsourced technology arrangements.
Cloud therefore enhances resilience when managed effectively but amplifies exposure when oversight is fragmented. The strategic imperative is not to avoid cloud, but to govern it intelligently.
The AI dimension
Artificial intelligence adds yet another dimension to this evolving security landscape. Fraud detection, anti-money laundering monitoring and credit risk modelling increasingly rely upon machine learning algorithms capable of processing vast volumes of transactional data in real time.
The advantage is precision. Unlike static rule-based systems, AI models adapt to behavioural shifts. They reduce false positives by contextualising anomalies. They enable institutions to sustain instant payment velocity without compromising fraud interception.
Yet AI is neither neutral nor immune to exploitation. Threat actors leverage machine learning to automate phishing
campaigns, generate synthetic identities and craft persuasive social engineering strategies. Adversarial attacks targeting model integrity are emerging as a distinct category of risk. Consequently, AI governance must evolve alongside AI deployment. Model explainability, validation procedures and bias mitigation are not theoretical concerns; they are operational necessities. Advisory bodies such as the Bank for International Settlements have highlighted algorithmic accountability as an emerging supervisory priority.
Across the Middle East, leading consultancies including Deloitte, PwC, EY and KPMG have emphasised the importance of AI governance frameworks integrated within enterprise risk management. For banks, embedding such oversight ensures that innovation enhances trust rather than undermines it. Security, in this context, becomes cumulative. It is not a single project or framework. It is the integrated architecture through which digital ambition becomes sustainable.
to experimental pilots. It is embedded within fraud analytics platforms, antimoney laundering transaction monitoring systems, credit underwriting engines and increasingly within customer engagement interfaces. Banks process millions of data points every minute. Manual oversight alone is no longer viable. The strategic implication is clear: AI enables scale without proportional expansion of human resource. But scale without governance is exposure.
Fraud analytics offers perhaps the clearest illustration of AI’s dual power and risk. Historically, fraud detection systems operated on rule-based triggers — transaction amounts exceeding thresholds, payments originating from high-risk geographies, repeated login failures. These static frameworks were effective in slower settlement environments. They are inadequate in an instant ecosystem.
Machine learning models accumulate behavioural baselines over time. They assess context: frequency, timing,
ZERO TRUST DOES NOT DEMAND VISIBLE FRICTION; IT DEMANDS INVISIBLE INTELLIGENCE
Our region’s financial sector stands at a pivotal moment. Digital infrastructure is expanding. Payment rails are accelerating. Artificial intelligence is permeating operational workflows. Regulatory scrutiny is intensifying. The institutions that will define the next decade are those that internalise a simple but profound reality: security is not the cost of innovation. It is its enabler.
If Zero Trust represents the structural philosophy of modern security, and resilience its operational posture, artificial intelligence has become the cognitive engine driving both. Across the Middle East and Africa, AI is no longer confined
device signature, merchant category, transaction history. Rather than reacting to isolated anomalies, they interpret patterns. This interpretive capability significantly reduces false positives — a crucial advantage in competitive retail markets where customer experience is paramount.
In instant payment systems such as SARIE and Aani, fraud must be intercepted before settlement. There is no opportunity for post-clearing review. AI therefore operates as a gatekeeper within milliseconds. It distinguishes between legitimate deviation and malicious intent.
Yet the same technological evolution is accessible to adversaries. Phishing campaigns increasingly employ generative tools to craft persuasive messages tailored to regional dialects and financial behaviour. Synthetic identities are constructed using data scraped from compromised databases. Deepfake audio has introduced concerns around voice authentication systems.
This dynamic introduces a strategic truth: AI is not merely a defensive tool; it is an accelerant on both sides of the threat equation.
Consequently, AI governance has emerged as a board-level concern. Models must be transparent in their decision pathways. Bias must be assessed and mitigated. Training data must be curated responsibly. The Bank for International Settlements has repeatedly underscored the need for explainability in AI-driven financial decision-making, particularly where customer outcomes are affected.
Within the GCC, while comprehensive AI-specific regulatory frameworks are still evolving, supervisory expectations around model risk management are intensifying. Institutions cannot deploy opaque algorithms and assume immunity from scrutiny. Model validation, documentation and oversight committees are increasingly formalised within governance structures.
The Third-Party
The integration of AI into fraud analytics also intersects with another emerging challenge: data sovereignty and localisation.
As cloud adoption expands, data may be processed across distributed environments. Regulators such as SAMA and the Central Bank of the UAE have articulated requirements around data residency and oversight. Financial institutions must therefore ensure that AI models operating on sensitive transactional data comply with localisation standards while maintaining operational efficiency.
This balancing act between sovereignty and scalability defines the cloud-security intersection in our region.
The migration to cloud infrastructure has been driven by clear strategic incentives. Elastic computing power supports analytics-intensive workloads. Disaster recovery capabilities improve through geographic redundancy. Deployment cycles accelerate.
However, as banks increasingly operate within hybrid and multi-cloud environments, complexity multiplies. Identity governance must extend seamlessly across on-premises and cloud systems. Access rights must be harmonised. Monitoring must provide consolidated visibility.
Third-party risk management has therefore become central to security strategy. Fintech partnerships, outsourcing arrangements and vendor integrations expand the digital ecosystem beyond institutional walls. Each connection introduces dependency.
Regulatory frameworks across the GCC reflect this awareness. SAMA’s Cloud Computing Framework and its broader Cybersecurity Framework mandate structured oversight of third-party relationships. The UAE Central Bank’s outsourcing guidelines emphasise accountability and audit rights. Institutions remain responsible for safeguarding customer data even when services are delivered through external providers. The message is unequivocal: outsourcing infrastructure does not outsource responsibility.
Beyond technical architecture, security transformation demands cultural recalibration. This shift reflects recognition that digital risk is systemic risk. Board-level accountability for digital risk is therefore expanding. Risk committees increasingly incorporate cyber expertise. Independent audits evaluate security posture. Investment in cybersecurity talent is rising.
For large regional institutions scale compounds responsibility. Banks operating across multiple jurisdictions,
serve millions of customers and underpin significant portions of national payment infrastructure. Their security posture influences systemic stability. The strategic horizon now extends beyond immediate threat mitigation to long-term architectural design.
Secure Borders
One of the most consequential developments shaping this next phase is cross-border interoperability. The Gulf states are deepening payment integration frameworks, while broader regional initiatives across Africa are working toward more seamless settlement systems. Crossborder instant transfers promise efficiency, liquidity optimisation and enhanced trade facilitation. Yet interoperability expands the threat landscape.
When payment systems interconnect, vulnerabilities can propagate beyond national boundaries. Authentication standards must be harmonised. Fraud detection protocols must be aligned. Incident reporting frameworks must be coordinated. A breach in one node of an interconnected system has the potential to create cascading impact across jurisdictions.
This is why central banks across our region are not merely supervising cybersecurity — they are actively shaping its doctrine. The Saudi Central Bank (SAMA), through its Cybersecurity Framework and Cloud Computing Framework, has embedded security expectations directly within licensing and supervisory processes. The Central Bank of the UAE has integrated operational risk, outsourcing governance and information security into its Rulebook architecture. Qatar Central Bank has strengthened technology risk regulations for banks and payment service providers. These frameworks do more than mandate controls. They signal an evolving philosophy: digital financial infrastructure is part of national infrastructure.
As digital finance becomes systemic, cyber risk becomes macroeconomic. This macro dimension is increasingly
recognised internationally. The Bank for International Settlements (BIS), through its Basel Committee on Banking Supervision, has published principles for operational resilience and sound management of operational risk, highlighting the systemic implications of technology disruption in banking. These global principles resonate strongly in the GCC context, where digital infrastructure underpins ambitious economic transformation agendas.
Central banks are therefore not simply referees; they are architects of digital trust. Their evolving oversight includes stress testing operational resilience, requiring scenario analysis for cyber incidents and mandating clear governance accountability at board level. In effect, cyber preparedness is being treated with similar seriousness to capital adequacy and liquidity buffers.
Competitive Advantage
For commercial banks, this supervisory evolution necessitates cultural change. Security strategy can no longer reside solely within IT departments. Risk committees must integrate cyber risk into enterprise risk frameworks. Boards must develop literacy in digital resilience. Investment decisions must consider longterm security architecture rather than short-term deployment speed.
This cultural recalibration intersects with talent strategy. The demand for cybersecurity specialists, cloud architects and AI governance experts is intensifying across our region. Institutions compete not only with one another, but with technology firms and global consultancies for scarce expertise.
Advisory firms such as Deloitte, PwC, EY and KPMG have expanded cybersecurity and digital trust practices across the Middle East in response to this demand. Their role often extends beyond audit and compliance to architectural design, maturity benchmarking and resilience scenario planning. While accountability ultimately rests with financial institutions, external advisory ecosystems contribute significantly to capability development.
Yet even with robust frameworks, advanced AI and layered controls, absolute certainty remains elusive. Digital systems are inherently dynamic. Threat actors innovate continuously. Regulatory expectations evolve. Customer behaviour shifts rapidly.
The question, then, is not whether risk can be eliminated. It cannot. The question is whether risk can be understood, governed and absorbed without
Biometric verification, behavioural analytics and contextual authentication will operate continuously across channels. Password-based access will diminish further.
AI-driven analytics will evolve from reactive fraud detection to predictive threat modelling. Systems will identify emerging patterns before widespread exploitation occurs. However, this predictive capability will require
AI IS NOT MERELY A DEFENSIVE TOOL; IT IS AN ACCELERANT ON BOTH SIDES OF THE THREAT EQUATION
undermining confidence. This is where the concept of security as competitive advantage crystallises.
In increasingly sophisticated markets such as the UAE and Saudi Arabia, product differentiation alone is insufficient. What distinguishes institutions increasingly is reliability. Reliability is not merely uptime. It is the assurance that personal data remains protected. It is the confidence that fraudulent transactions will be intercepted. It is the expectation that even in the event of disruption, recovery will be swift and transparent.
Trust compounds through consistency. When a customer experiences seamless authentication without visible friction, trust deepens. When a payment clears instantly yet securely, trust reinforces. When a bank communicates transparently during system maintenance or incident response, trust stabilises. In this sense, security is not only technical infrastructure — it is brand equity.
What of the future?
Looking ahead, several trajectories appear likely. Identity will become the primary security perimeter.
increasingly sophisticated governance to ensure fairness and accountability.
Cloud ecosystems will mature into unified hybrid environments governed through centralised security orchestration. Visibility across multicloud and on-premises systems will become standard expectation.
Regulatory harmonisation may deepen across the GCC, particularly as crossborder payment integration accelerates. Shared standards around incident reporting and operational resilience could strengthen systemic stability.
Finally, cyber resilience will be tested not only through technical incidents but through geopolitical volatility. Digital infrastructure will remain attractive targets for state-sponsored and financially motivated actors alike.
The resilience of regional banking will therefore depend upon disciplined architectural design rather than episodic response. In reflecting upon the transformation underway, one conclusion becomes unavoidable: digital ambition without security discipline is unsustainable. Security must no longer be perceived as a brake on progress, but the mechanism allowing progress to endure.
The Velocity of Value
Payments in the Middle East and Africa are no longer merely operational mechanisms; they are instruments of economic strategy. As domestic instant rails, cross-border platforms and ISO 20022 migration programmes reshape the region’s financial architecture, settlement is becoming a test of resilience, sovereignty and systemic intelligence
There are inflection points in financial history when infrastructure ceases to be invisible. The machinery beneath markets becomes a matter of strategy. The clearing system becomes an expression of sovereignty. The Middle East and Africa are approaching such a juncture.
Initiatives such as Aani, SARIE, Buna, AFAQ and Project Aber demonstrate ambition that extends far beyond technological upgrade. Yet as the velocity of value accelerates, banks and regulators face a defining challenge: how to preserve trust in an era where money moves in seconds and systems never sleep
For much of modern banking, payments were treated as plumbing. Reliable, essential, rarely strategic. Settlement cycles followed predictable rhythms. Liquidity management revolved around defined windows. Cross-border transfers navigated correspondent networks whose complexity was accepted as structural necessity.
Today, that rhythm has dissolved. Across Riyadh, Abu Dhabi, Doha and beyond, the movement of value has accelerated to the point where settlement is no longer a backoffice function. It is a strategic instrument of economic policy. Real-time domestic payment rails operate continuously. Cross-border platforms are emerging with regional ambition. Messaging standards are being harmonised with global frameworks. Central banks are not simply supervising change — they are orchestrating it. The acceleration of settlement is not merely technological modernisation. It is repositioning.
When payments move seamlessly and securely, capital circulates more efficiently. SMEs operate with improved liquidity. Digital commerce expands. Cross-border trade encounters less friction. Financial centres signal reliability to global investors.
The velocity of value has become a measure of competitiveness. Saudi Arabia’s SARIE modernised high-value settlement while embedding instant retail capability under the supervision of the Saudi Central Bank. The Central Bank of the UAE introduced Aani to enable domestic real-time transfers through simplified digital identifiers, redefining retail expectations. The Arab Monetary Fund launched Buna as a multilateral cross-border settlement platform for Arab institutions. The GCC’s AFAQ initiative linked RTGS systems across member states. Project Aber, a joint initiative between the UAE and Saudi central banks, explored the feasibility of wholesale cross-border settlement using distributed ledger technology. These initiatives are not isolated upgrades. They represent layered architecture — domestic, regional and experimental — forming a settlement ecosystem designed for permanence rather than patchwork.
Speed and trust
Yet acceleration carries consequence and the structural question is whether the architecture of trust is evolving at the same pace as the architecture of speed. Instant payments compress time — and with it, compress trust.
Under traditional clearing regimes, customers accepted delay as a feature of settlement. Institutions relied upon that delay to manage risk. In an instant ecosystem, finality and instruction converge.
For leading regional banks this convergence has required recalibration at the deepest operational levels. Fraud detection cannot remain external to settlement. It must sit within it. Authentication cannot be episodic. It must be contextual and continuous.
Machine learning engines now assess transaction behaviour within milliseconds. Device signatures, beneficiary familiarity, velocity thresholds and historical baselines are evaluated simultaneously. Transactions that align with expected behaviour proceed without friction. Anomalies trigger proportionate escalation — biometric confirmation, multifactor authentication or step-up validation.
The equilibrium is precise. Too much friction undermines confidence in instant rails. Too little vigilance invites loss.
ISO 20022
While retail instant payments capture public imagination, the transformation of RTGS systems through ISO 20022 migration represents an equally consequential evolution.
ISO 20022 provides structured, extensible messaging capable of carrying richer remittance information and enhanced compliance data. It aligns regional settlement infrastructure with global migration programmes led by SWIFT and major central banks.
THE VELOCITY OF
VALUE
HAS BECOME A MEASURE OF COMPETITIVENESS
Regulatory frameworks across the region embed this balance. SAMA’s Cybersecurity Framework mandates layered defence and continuous monitoring. The Central Bank of the UAE’s Information Security Regulation establishes transaction oversight obligations. Payments integrity is therefore a matter of systemic governance, not discretionary policy.
Yet domestic vigilance alone is insufficient in an interconnected ecosystem. As cross-border initiatives such as Buna and AFAQ expand, payment systems interlink. Interoperability enhances efficiency, but multiplies interdependence. Fraud intelligence sharing, coordinated incident response and harmonised cybersecurity standards become critical to preventing systemic contagion.
The compression of settlement time is mirrored by compression of systemic tolerance.
Saudi Arabia’s alignment of SARIE with ISO 20022 integrates its wholesale infrastructure into global messaging architecture. The UAE’s payment systems have similarly modernised. Cross-border platforms such as Buna benefit from harmonised standards, reducing translation friction and enhancing scalability.
The benefits are structural. Enhanced remittance data improves corporate reconciliation efficiency. Structured fields strengthen anti-money laundering screening. Transparency increases without proportional manual burden. ISO 20022 does not make payments faster by itself. It makes them more intelligent. Advisory firms across the region have consistently framed ISO migration as foundational transformation rather than incremental update. System redesign, governance adaptation and integration realignment have accompanied the transition.
The long-term value of standardisation compounds. As transaction volumes expand and cross-border corridors deepen, the connective power of harmonised messaging becomes increasingly visible.
Liquidity discipline and AI
Speed without structure is volatility. Structure without speed is stagnation. The region’s settlement architecture is attempting to balance both.
The velocity of value, however, is not measured solely by the speed at which funds move from one account to another. It is measured by the resilience
INSTANT PAYMENTS IN THE GCC
DATA SECURITY
of the architecture that supports that movement. And resilience, in a 24-hour settlement environment, is inseparable from liquidity discipline.
Under legacy clearing cycles, liquidity management operated within temporal boundaries. Banks balanced inflows and outflows against defined settlement windows. Overnight buffers absorbed mismatches. Treasury functions aligned with business hours. Instant settlement dissolves those boundaries.
In systems such as SARIE and Aani, transactions clear continuously. The clock no longer provides a structural pause. Liquidity must be sufficient at any moment.
For large regional institutions treasury sophistication has long been embedded within operational DNA. Yet even for these institutions, perpetual settlement requires recalibration. Intraday monitoring evolves into continuous monitoring. Forecasting becomes predictive rather than periodic. Liquidity buffers must be dynamically allocated across domestic and crossborder systems.
The challenge is more pronounced for smaller institutions and new digital entrants. Instant rails democratise access to settlement infrastructure, but they also impose continuous liquidity discipline. Without advanced forecasting models, perpetual settlement may strain capital positioning.
This is where the next evolution of artificial intelligence begins to intersect with payments architecture. To date, AI in payments has largely been analytical. The emerging conversation around agentic AI introduces a more autonomous dimension. Agentic systems do not merely analyse; they act. Within defined parameters, they can initiate liquidity transfers, optimise routing decisions and rebalance positions across accounts in pursuit of efficiency objectives.
In a 24/7 settlement environment, such autonomy has clear appeal. Rather than manually monitoring funding thresholds, AI-driven treasury agents could forecast peak transaction volumes and reposition liquidity pre-emptively.
Cross-border routing decisions could be optimised based on cost, speed and currency exposure in real time.
The efficiency gains are evident. The governance implications are equally profound. Payments are irrevocable. Once value settles, it is final. Autonomous execution therefore demands structured oversight. Decision logic must be transparent. Override mechanisms must be explicit. Accountability must remain human, even as execution becomes algorithmic.
increasingly interconnected lattice. Interconnection reduces friction. It also deepens interdependence.
A technical disruption within one node of a highly integrated ecosystem may have implications beyond national borders. A cyber incident affecting one settlement platform could reverberate through linked systems. As domestic rails interoperate with cross-border corridors, systemic risk becomes regional rather than localised.
AS DOMESTIC RAILS INTEROPERATE WITH CROSS-BORDER CORRIDORS, SYSTEMIC RISK BECOMES REGIONAL RATHER
THAN LOCALISED
The Bank for International Settlements has emphasised that AI integration in financial services must be accompanied by robust governance frameworks. In the payments domain — where settlement finality intersects with systemic trust — this principle is magnified.
Agentic AI will likely reshape liquidity management and payment optimisation over the coming decade. But it will do so within regulatory guardrails, not outside them.
Concentration risk
As infrastructure matures, the conversation inevitably extends beyond efficiency to concentration.
Interoperability is one of the region’s greatest strengths in payments modernisation. Aani operates domestically in the UAE. SARIE operates domestically in Saudi Arabia. Buna facilitates crossborder transfers among participating Arab institutions. AFAQ links RTGS systems across GCC member states. Project Aber demonstrated potential wholesale digital settlement between central banks.
Individually, these systems are robust. Collectively, they form an
Regulators across the region have recognised this trajectory. SAMA’s cybersecurity guidance integrates resilience and third-party risk management as core pillars. The Central Bank of the UAE’s supervisory framework embeds operational risk governance within its Rulebook architecture. Cross-border initiatives such as Buna operate under multilateral governance structures that reflect shared oversight. Yet concentration risk is not eliminated by structure alone. It must be actively monitored.
Coordinated incident response planning, cross-border threat intelligence sharing and harmonised security testing become essential components of resilience. As payment systems accelerate, recovery frameworks must be equally agile.
Data richness
Another structural dimension of modern settlement is data richness.
ISO 20022 has enhanced the informational depth of payment messages. Remittance data fields are structured and extensible. Compliance screening benefits
from consistency. Corporate reconciliation becomes more efficient.
However, richer data increases the sensitivity of settlement flows. Structured remittance information, when compromised, may reveal commercial relationships or transaction intent. Data protection frameworks must therefore scale proportionately with messaging sophistication.
Encryption standards, access controls and monitoring systems are not peripheral safeguards. They are integral to settlement credibility.
Advisory ecosystems across the region have increasingly reflected these complexities. Deloitte, PwC, EY and KPMG have all emphasised payments transformation and ISO 20022 migration within Middle East insights. Their engagement with regional banks spans architecture redesign, governance alignment and operational resilience planning.
Institutional maturity
Yet the ultimate determinant of success is institutional maturity. Payments transformation is no longer a project. It is an operating philosophy.
Boards now engage with settlement strategy at the same level as capital allocation and credit risk. Payment rail participation, cross-border integration and ISO 20022 alignment are strategic positioning decisions, not purely technical ones.
The Middle East’s aspiration to operate as a global financial corridor depends not only on market sophistication but on settlement reliability. International corporates evaluating regional headquarters assess payment efficiency. SMEs expanding regionally depend upon
THE MIDDLE EAST’S ASPIRATION TO OPERATE AS A GLOBAL FINANCIAL CORRIDOR DEPENDS NOT ONLY ON MARKET SOPHISTICATION BUT ON SETTLEMENT RELIABILITY
seamless transfers. Investors interpret settlement resilience as proxy for systemic stability.
The region’s progress is substantial. Domestic instant rails operate effectively. Wholesale RTGS systems align with global standards. Cross-border platforms expand gradually. Regulatory frameworks emphasise operational resilience and cybersecurity.
But preparedness is iterative. Transaction volumes will grow. Interoperability will deepen. Cyber threats will evolve. Liquidity demands will intensify. AI integration will expand. The next decade will test whether acceleration has been matched by institutional discipline.
Two concerns, in particular, warrant sustained strategic focus. The first is systemic cyber concentration. As payment infrastructures interlink domestically and regionally, vulnerabilities may propagate more rapidly. The resilience of the ecosystem depends not solely on individual institutions, but on coordinated defence.
The second is structural liquidity strain in a perpetual settlement world. Continuous settlement demands continuous funding capability. Institutions that fail to modernise treasury frameworks risk operational fragility, particularly during stress scenarios. These are not arguments against acceleration.
INTEROPERABILITY, WHILE
ADVANCING, REMAINS LAYERED RATHER THAN FULLY HARMONISED
They are reminders that acceleration must be governed.
The Middle East and Africa have moved decisively to modernise payments architecture. Instant rails, cross-border platforms and messaging harmonisation collectively signal ambition and capability. The decisive question now is durability. Speed attracts attention. Settlement earns trust. And trust — once earned — becomes the most valuable form of capital in any financial system.
The evolution of payments and settlements across the Middle East and Africa has not been incremental; it has been architectural. Domestic instant rails now operate continuously in major economies. Wholesale RTGS systems align with global messaging standards. Cross-border corridors are being redesigned through multilateral platforms rather than historical correspondent chains. Central banks have positioned themselves not as passive overseers but as designers of infrastructure.
The question now is whether this architecture is sufficiently mature for what lies ahead. In structural terms, the region is better positioned than at any previous point in its financial development.
True preparedness depends on depth — depth of interoperability, depth of governance, depth of liquidity resilience and depth of cybersecurity coordination. Interoperability, while advancing, remains layered rather than fully harmonised. Institutional corridors are strengthening, but seamless crossborder retail instant transfers across the GCC are still evolving. The strategic ambition for regional integration is clear; the operational convergence continues.
Seeking stability in an uncertain world
In a world facing society changing technological advances and shifting geo-political dynamics, Ranjit Khanna Head of Private Banking: Europe, Middle East and Global South Asia and Chief Executive of the DIFC Branch, shares how Bank of Singapore guides clients to face today’s challenges and why our region provides important opportunities for the bank and their clients
How does Bank of Singapore seek out stability in our currently uncertain world?
With the ever-shifting geo-economic environment, evidenced by the ebbs and flows of macro, trade and geopolitical dynamics, investors are confronted with the challenges of constructing robust long-term portfolios that can withstand the test of time. If we add to this mix the emergence of gamechanging technological innovations and demographic shifts, visibility of the next five years eludes even the most seasoned forecasters.
To help our clients navigate uncertain times, we are committed to building intellectual capital, bringing together leading minds and encouraging diversity of thought. In 2024 we established the Bank of Singapore CIO Global Advisory Council (CIO-GAC) that comprises experts from leading think-tanks and asset managers around the world, designed to augment research and insight on the most critical issues of the time.
The Council’s work resulted in the inaugural CIO Supertrends Report of 2024, which is refreshed annually. This report focuses on structural trends over a five-year horizon for clients to frame their investments with longer term lenses to consider existing and emerging structural trends.
The Council’s work resulted in the inaugural CIO Supertrends Report of 2024, which is refreshed annually. This report focuses on structural trends over a five-year horizon for clients to frame their investments with longer term lenses to consider existing and emerging structural trends.
Ranjit Khanna, Head of Private Banking: Europe, Middle East and Global South AsiaChief Executive, DIFC Branch
Which key Supertrends has the Bank of Singapore’s annual Supertrends Report identified for 2026?
In our 2026 CIO Supertrends Report we have identified five key Supertrends. These structural shifts are already rapidly unfolding and will continue to play out over the next five years:
1. New World Order: Trading Places
2. Whole Portfolio Resilience
3. AI’s Quantum Leap
4. Advantage Asia
5. Live, Play, Love
New World Order: Trading Places
The previous US-led order of free markets, free trade and globalisation that prevailed after the end of the Cold War is fast transitioning into a new world order of great power rivalry, regional wars, steep trade barriers and populist policies. Following the shocks of the pandemic in 2020 and the start of wars in Ukraine in 2022 and Israel-Gaza in 2023, the second Trump administration has accelerated the fracturing of world order through major trade wars in 2025, the ousting of Venezuela’s president in 2026 and US-Israeli attacks on Iran in 2025 and again in 2026. The disruption is causing middle powers in the Americas, Europe, the Middle East, Africa and Asia to increase spending on defence, semiconductors, artificial intelligence (AI), energy supplies and critical minerals, to reshape supply chains to increase resilience, and to repair frayed relations as India, Canada and China have done this year. Investors should therefore pursue diversified portfolios that are positioned for higher interest rate and currency volatility, while being resilient enough to withstand the greater volatility and likely shocks in the new world order.
Whole Portfolio Resilience:
Building Enduring Returns with Robust Diversification
We believe that building robust, resilient portfolios is a structural anchor for long-term wealth compounding.
While seasoned investors are comfortable or experienced with periodic drawdowns in their portfolios, the tendency of many is to attempt to forecast and time these episodes, or to reference historical moves as the basis of their actions. Our analysis has shown that the predictive power of observable metrics across past cycles are good risk markers but do not provide robust forecasting signals.
When we compare the starting conditions of severe, moderate and mild drawdowns to long run averages, while it is evident that severe crises often cluster around late-cycle vulnerabilities, moderate and mild setbacks are far less predictable. These recurring markers help explain fragility but do not provide a reliable signal for forecasting the timing or depth of the next decline.
Hence, building resilience through diversification, incorporating defensive assets, carrying out disciplined rebalancing and behavioural preparedness should be the anchors for building enduring returns and long term investing. This translates to aligning portfolios with true risk tolerances, holding sufficient safe assets to avoid forced selling and committing in advance to disciplined rebalancing during periods of fear.
The “Whole Portfolio Approach” to building resilient investment portfolios using our robust asset allocation methodology fixes our focus on the north star of long term risk-adjusted returns. We advocate well-diversified and optimised portfolios that avoid severe drawdowns whipsawed by the velocity of news flow and volatility of markets.
AI’s Quantum Leap
As we enter the fourth year of bullish technology sector performance led by AI developments, AI monetisation will differentiate winners from losers as the pecking order within the sector evolves. Beyond the AI infrastructure buildout, AI applications will take centre stage with agentic and physical AI broadening the investment landscape. Among the segments, we favour infrastructure
buildout beneficiaries such as selected hyperscalers, internet and semiconductor players such as wafer fabrication equipment (WFE) while maintaining caution on software leaders vulnerable to disruption by AI natives rolling out commercial applications.
Another technological breakthrough is quantum computing, which has given mankind an avenue to solve problems that traditional computers are unable to in any feasible amount of time. Unlike classical computing which is built on bits (unit of information that can be stored as either a 0 or 1), quantum computing is built on qubits which can store both 0s and 1s, and any combination of those digits simultaneously (otherwise known as superposition). The potential economic value from quantum computing by 2035 could be significant. Nonetheless, there are some limitations with quantum computing that investors need to be aware of. At this juncture, the challenge is in demonstrating that a quantum computer can solve a real-world problem quicker than a classical computer (i.e. quantum advantage).
Advantage Asia
Asia’s future growth will be driven by its relentless pursuit for technology and sustainability leadership amid geoeconomic fragmentation and climate change. Asia is transforming from the world’s factory floor into hubs for game changing technology backed by a dominant semiconductor supply chain, surging AI demand, proactive government support and a deep reservoir of scientific talent.
Taiwan and South Korea are deeply embedded in the global AI chip supply chain, while China’s stated AI ambition is to become “an intelligent economy and an intelligence society” by 2035 with AI adoption of over 90%. While North Asia accelerates growth in industrial automation, robotics and humanoid technology, Southeast Asia will become embedded into the semiconductor supply chain with data centre developments in coming years.
Asia takes up the mantle of sustainability leadership in both policymaking and technology, at a time when other regions waver in their commitments, while availability of renewable energy and clean technology will fuel sustainable technologies as climate realities materialise.
Live, Play, Love
All around the world, demographic changes will reshape lifestyles and consumer behaviour. Countries face demographic dilemmas driven by longevity due to healthcare improvements combined with declining birth rates. The rising fiscal burden to support the aging population poses macro challenges that will reshape private insurance, wealth management, technology and healthcare sectors. Private sector wealth management including insurance could step up to serve the financial needs of a longer retirement life, supplementing government’s social security payouts. Pay-as-you-go (PAYG) welfare systems would inevitably come under increasing strain with a higher dependency ratio and face reform pressures to alter the contribution and benefit mechanisms at some point. Hence, the responsibility for one’s financial security could tilt from the state towards the individual and lead to a greater demand for wealth management services.
Entertainment and experiences (e.g. travel) may benefit as seniors might value them over durable goods such as cars and electronics. For instance, seniors comprise the highest percentage of cruise tourists.
The next generation of global digital natives and digital nomads will live, play and love in ways that challenge the prevailing demographic status quo in both Developed Markets (DM) and Emerging Markets (EM). Ironically, this generation will likely bridge the geopolitical landscapes into borderless data ecosystems posing both exciting utopias and cybersecurity risks − across everything, everywhere and all at once.
WE BELIEVE THAT BUILDING ROBUST, RESILIENT PORTFOLIOS IS A STRUCTURAL ANCHOR FOR LONG-TERM WEALTH COMPOUNDING
What currently are the main portfolio implications for longterm investors?
Rather than react to short-term signals, investors should adjust their investment portfolios for longer-term outcomes. In light of current oil price rises, market outcomes will depend heavily on the prevailing macro environment – especially inflation levels and central bank policy – at the time of the shock. Previous oil supply disruptions primarily affected markets via higher energy prices, inflation pressures and costs, rather than through sustained financial instability. Assets commonly viewed as “safe havens” show mixed and regime-dependent performance following oil shocks; bonds hedge growth shocks better than inflation shocks, currencies behave unevenly and volatility spikes are typically short-lived. Real assets – especially oil and, to a lesser extent, gold – exhibit the most consistent positive response to supply-driven shocks, reflecting their direct linkage to the source of risk. Effective portfolio hedging requires moving beyond labels and focusing on instruments whose payoffs align directly with the dominant transmission channel of the shock, complemented by the selective use of derivatives, alternatives and quality tilts in equities and credit.
While structural growth drivers such as AI and digital infrastructure will continue to support equity performance, the downward adjustments in valuations does not fully reflect the increase in range of outcomes on the downside arising from rising energy costs and increased growth uncertainty. This suggests adopting a more neutral positioning for equities.
In fixed income, we maintain a neutral portfolio duration and prefer investment grade over high yield in DM. Within EM, we favour Latin America on relatively attractive valuations, local central banks’ easing bias in monetary policy and potential election of market-friendly leaders in upcoming elections.
Overall, active risk management remains key in managing wealth portfolios. Diversifying across asset classes, regions, return drivers and style managers helps avoid over-reliance on any single forecast or risk factor. Avoid concentration risks, excessive leverage and stay alert to dislocations and tactical opportunities through rigorous focus on fundamentals of every investment.
What
led Bank of Singapore to select the UAE, and Dubai as the centre for your regional operations?
Bank of Singapore’s strategic presence in the Middle East, anchored by our office in the Dubai International Financial Centre (DIFC), underscores our commitment to serving clients in this dynamic region. As the Middle East’s foremost financial hub, the DIFC offers a robust regulatory framework, world-class infrastructure and a vibrant ecosystem of financial institutions and fintech innovators. This unique vantage point positions Bank of Singapore at the crossroads of East and West, enabling us to engage closely with regional investors and institutions. It allows us to tailor our insights and solutions to the unique opportunities and challenges faced by our clients in the region. Moreover, UAE’s role as a gateway to emerging markets in Asia, Africa and
beyond further enhances our ability to serve clients seeking access to these fast-evolving economies.
How do you see our region developing as a wealth and private banking hub into the 2030’s?
The Middle East is poised to solidify and expand its position as a leading wealth and private banking hub well into the 2030s, driven by several key dynamics.
Economic diversification efforts across the Middle East continue to create fertile ground for wealth creation, attracting high-net-worth and ultra-high-net-worth individuals seeking sophisticated wealth management solutions.
Financial centres like Dubai, supported by progressive regulatory frameworks that enhance transparency and governance, are increasingly viewed as trusted and attractive destinations for global wealth structuring and investment.
Although the current US-Iran situation remains challenging, everyone here remains calm. Clients are closely monitoring market developments but are generally taking a wait and see approach for now. This measured response reflects
both the maturity of investors in the region and the confidence they have in their long term strategies.
A notable trend shaping the region’s future is families setting up family offices to institutionalise wealth management strategies, reflecting a maturing market that demands tailored advisory services, especially around generational wealth transfer, legacy planning and philanthropy.
This evolution underscores the growing complexity and sophistication of client needs, requiring private banks to blend investment performance with deep advisory capabilities that address both financial and cultural capital.
Dubai’s emergence as a strategic hub bridging the Middle East, Europe and Asia is particularly significant. The city’s ability to attract global talent and capital, coupled with its status as one of the top destinations for millionaire migration, positions it as a magnet for wealth flows. The strengthening economic and investment ties between the Gulf and Asia will further deepen, with institutions leveraging regional insights and global connectivity to offer diversified, long-term opportunities aligned with clients’ risk and return profiles.
In this environment, private banks that invest in intellectual capital, advisory expertise and culturally aligned service models will be best placed to meet the rising expectations of discerning clients. The region’s wealth management landscape is not only growing in scale but also in sophistication, making it a vibrant and strategic hub for private banking throughout the coming decade.
At Bank of Singapore, we operate through two booking centres - Singapore and Hong Kong. Our core positioning is firmly rooted in the stability of Singapore and its robust financial and regulatory ecosystem. This stability, combined with our extensive global platform, continues to be the cornerstone of our value proposition. We remain committed to supporting our clients through these times and providing them with secure and seamless access to investment opportunities across our key markets.
Please provide our readers with some of Bank of Singapore’s key facts and figures Bank of Singapore was established in 2010 following the acquisition of ING Asia Private Bank and is a wholly owned subsidiary of OCBC, Southeast Asia’s second-largest financial services group by assets. With our headquarters at 63 Market Street, Bank of Singapore Centre, Singapore, we maintain a global presence with offices in Hong Kong, Dubai, London, Malaysia and the Philippines, all backed by a workforce of more than 2,500 professionals worldwide.
Our clientele comprises high-net-worth individuals and wealthy families across Asia, Greater China, the Middle East, the Indian subcontinent and other international markets. We are backed by our parent company, OCBC, which enjoys one of the world’s highest credit ratings (Aa1 by Moody’s and AA- by both Fitch and S&P).
We aim to increase Middle East’s contribution to 20% of overall revenue and private banking assets over the next 3–5 years, showing our clear and determined dedication to and belief in the region.
Islamic Banking Has a Distribution Problem, Not a Product Problem
Abdallah Abu-Sheikh Founder of Mal, the world’s first AI-native Islamic Digital bank, makes the trenchant assertion that Islamic banking today omits its Sharia soul
Abdallah Abu-Sheikh, Founder of Mal
Let me start with something the Islamic finance industry rarely admits out loud: we have spent decades solving the wrong problem.
Brilliant legal minds have spent careers perfecting Murabaha structures. Shariah supervisory boards meet quarterly to ensure every product passes theological scrutiny. Sukuk frameworks have been refined to a level of sophistication that would impress any capital markets lawyer.
On paper, the compliance architecture of Islamic banking is genuinely remarkable. And yet, open almost any Islamic banking app today, what you get is a conventional bank in a thobe. Same interface. Same notification language. Same onboarding flow that some product team lifted from a Western neobank and adjusted just enough to pass a Shariah review. Your money might be sitting in a technically compliant profit-sharing structure, but the message you receive
when your account opens reads: “Hello, your account is now active.”
That is, it. That is the welcome. From an institution whose entire value proposition is rooted in a tradition of ethical, valuesdriven finance that predates most of the world’s banking system. Hello. Your account is now active.
This is not a product problem. The products are fine. This is a distribution problem, and I mean that in the broadest possible sense. Not just geographic distribution, though that is broken too. I mean the distribution of Islamic banking’s actual identity: its values, its language, its emotional register, its promise. None of it is reaching the people it’s supposedly built to serve.
The compliance trap
There is a pattern that repeats itself across the industry. A conventional bank decides to launch an Islamic window, or a new Islamic bank gets its license, and the first question asked in the product meeting is: “What do we need to change to be compliant?” That is entirely the wrong starting point. It begins with a conventional banking blueprint and works backwards. Compliance becomes the destination rather than the foundation, and what you end up with is a product that is technically halal and experientially hollow.
I understand why it happens. The talent pool for Islamic banking has historically been concentrated in legal and Shariah expertise, not in product design, customer experience or storytelling. The easiest path to market is to take something that already works
operationally and adjust the financial mechanics. It is faster, cheaper and the regulatory pathway is clearer.
But somewhere in that process, the soul of the thing gets stripped out.
What Islamic-by-nature actually means
At Mal, the question we keep returning to is not “is this compliant?”. That is the baseline, not the ambition. The question is: does this feel like it was built for someone whose financial life is an extension of their faith and their values?
That distinction shows up in places you might not expect.
It shows up in language. When someone opens an account with us, we are not going to tell them their account is active. We’re going to tell them: “Alhamdulillah, your account is open, we will hold your money in Amanah.” That is a completely different statement. Amanah is not a product feature you can copy from a competitor. It is a covenant. It is the institution saying: we understand that what you have handed us is not just a deposit, but it is trust. That single word carries a weight that no compliance certificate can replicate.
It shows up in how financial difficulty is handled. Islamic ethics are unambiguous about how you treat someone who is struggling. With compassion, with patience, with a genuine orientation toward resolution rather than extraction. An Islamic bank built by nature would reflect that in its collections approach, its hardship policies, its communications. Not because it is good PR, but because it is the right thing to do, and because the principles demand it.
It shows up in how savings goals are framed, how financial education is delivered, how the institution talks about money at all. Wealth in Islamic tradition is not an end in itself. It is a means, and it carries responsibility. A bank that genuinely holds that view would build products that reflect it. Most don not, because they never started from that place.
The geography of missed opportunity
Now layer on top of this the actual distribution problem. The geographic one. Islamic banking today is heavily concentrated in two markets: the GCC and Malaysia. Both are relatively wellserved. Both have regulatory frameworks that support Islamic finance. Both have educated, largely banked populations with access to multiple providers.
Meanwhile, the global Muslim population is roughly 2 billion people. The majority of them live in South Asia,
assessment: it measures progress by the growth of Shariah-compliant assets under management, by the number of licenses issued, by the sophistication of new product structures. These are meaningful metrics. But they measure the floor, not the ceiling.
The floor is in compliance. The ceiling is culture, and almost nobody in this industry has reached for it yet.
Reaching for it means accepting that the work does not end when the Shariah board signs off. It means asking whether the person in Jakarta or Nairobi
THE QUESTION IS: DOES THIS FEEL LIKE IT WAS BUILT FOR SOMEONE WHOSE FINANCIAL LIFE IS AN EXTENSION OF THEIR FAITH AND THEIR VALUES?
Sub-Saharan Africa, Southeast Asia and in significant diaspora communities across Europe and North America. These are populations that are frequently underbanked, overwhelmingly mobilefirst, and actively looking for financial services that do not ask them to compromise on their values in order to participate in the formal financial system. Nobody is meaningfully building for them. There are neobanks with a halal badge. There are apps that offer Islamic savings accounts as a feature. But there is no institution that has genuinely said: these communities are our primary user, we are building around their lives, their languages, their financial behaviours, their values - and then actually done it at scale.
That gap is not an accident. It is the product of an industry that optimised for the markets closest to it and called that a global strategy.
The industry is measuring the wrong thing
Here is what I think the Islamic finance industry gets wrong in its self-
or Birmingham who opens your app feels seen, feels understood, feels that this institution was genuinely built with them in mind. It means having the intellectual honesty to admit that most Islamic banking products today would fail that test badly.
The moment we are in
The opportunity in front of this industry is not incremental. We are at an inflection point where mobile-first infrastructure, genuine product ambition and a new generation of Muslim consumers who are more identity-conscious than any generation before them are converging at the same moment.
The question is whether the institutions that have the license and the capital to serve them will do so with the seriousness the moment deserves, or whether they will send another push notification that says, “your transaction has been processed” and wonder why adoption is slower than it should be.
At Mal, we have made our choice.
The Price of Energy - How Gas Market Volatility is Reshaping the Middle East’s Economic Trajectory and Redefining Banking Strategy
Energy has always shaped the economics of the Middle East. Yet in 2026, the volatility of gas prices, driven by geopolitical disruption, supply constraints and structural shifts in global demand is redefining inflation dynamics, altering capital flows, testing fiscal resilience and forcing banks across the region to rethink risk, liquidity and strategy. In an interconnected global economy, the price of gas is no longer just an energy story. It is a financial one
There are moments in economic history when a single variable begins to exert influence beyond its traditional boundaries, moving from being one factor among many to becoming the force through which all others are interpreted. In 2026, that variable is gas. Natural gas has re-emerged not merely as a commodity, but as a systemic signal. Its pricing no longer reflects only
supply and demand fundamentals, but the intersection of geopolitics, infrastructure fragility, global trade realignment and the uneven pace of energy transition. For our region, structurally embedded in global energy flows, this transformation carries implications that extend well beyond export receipts or fiscal balances. The impact is cumulative, layered and increasingly structural.
Across the Gulf, the fragility of global energy systems has become more visible. Maritime corridors such as the Strait of Hormuz remain central to global hydrocarbon flows, and even the perception of disruption can alter pricing behaviour in international markets. According to the U.S. Energy Information Administration, a significant share of global oil trade transits through the Strait, reinforcing its position as one of the world’s most critical energy chokepoints. While gas flows follow different logistical routes, the broader energy ecosystem remains interconnected. Disruption in one segment reverberates across others.
Shifting patterns
At the same time, global demand patterns have shifted. Europe’s recalibration of its energy sourcing strategy has increased reliance on LNG imports, while Asia continues to drive incremental demand growth. This has intensified competition for supply, particularly in spot markets
where pricing is most sensitive to shortterm disruptions. The International Energy Agency has noted that LNG markets have become tighter and more reactive in recent years, reflecting both demand growth and supply-side constraints. The result is a pricing environment characterised less by equilibrium and more by volatility.
For the Middle East, this introduces a dual dynamic. On one side, elevated gas prices generate fiscal strength. Exporting nations benefit from increased revenues, which support public spending, infrastructure investment and sovereign wealth accumulation. Qatar, as one of the world’s largest LNG exporters, remains central to this dynamic, with long-term expansion projects reinforcing its role in global supply.
Saudi Arabia and the UAE, while less dominant in LNG compared to Qatar, still benefit from broader hydrocarbon-linked revenue cycles. These inflows support diversification agendas, including investments in nonoil sectors, financial infrastructure and technological development.
Structural complications
Yet the benefits of higher prices are accompanied by structural complications. Volatility introduces uncertainty, and uncertainty reshapes economic behaviour. Budget planning becomes more complex as price assumptions become less reliable. Sovereign investment strategies must account for both upside scenarios and downside risks. Capital allocation decisions become more cautious, particularly when volatility is driven by factors beyond domestic control.
This complexity extends into the broader economy. Gas prices influence input costs across multiple sectors. Electricity generation, industrial production and logistics are all directly or indirectly affected by energy pricing. As costs rise, businesses pass these increases on to consumers, contributing to inflationary pressures.
The International Monetary Fund has highlighted that sustained increases
in energy prices can lead to higher inflation and slower growth, particularly in economies where energy costs are embedded across supply chains. For the Middle East, this creates a paradox: the region benefits from higher prices at the macro level while simultaneously managing inflationary pressures at the domestic level.
The financial system
This paradox becomes more pronounced when viewed through the financial system. Banks operate at the centre of these dynamics. They are exposed to corporate borrowers whose cost structures are influenced by energy prices, to government spending cycles shaped by revenues and to consumers affected by inflation and interest rates. In periods of energy volatility, the role of banks evolves. They become not only intermediaries of capital, but managers of systemic pressure.
The first dimension of this role is liquidity. Energy revenues influence the flow of deposits within the banking system. In periods of elevated prices, government entities, state-owned enterprises and energy firms generate increased liquidity. This liquidity often flows into domestic banks, strengthening deposit bases and supporting lending activity. Institutions such as First Abu Dhabi Bank and Emirates NBD are central to this dynamic. Their scale allows them to absorb large inflows while maintaining diversified lending portfolios across sectors.
However, liquidity abundance does not eliminate risk. At the same time that deposits increase, global monetary conditions influence funding costs. With Gulf currencies pegged to the US dollar, interest rate movements in the United States are transmitted into domestic markets. As global rates rise, borrowing costs increase across the region. Banks must therefore operate within a dual environment, one characterised by strong liquidity inflows and tightening financial conditions. Managing this balance requires discipline.
The second dimension is credit allocation. Energy price volatility
affects sectors unevenly. Energy producers may benefit from higher prices, improving profitability and strengthening balance sheets. However, energy-intensive industries, including aviation, manufacturing, construction and logistics face rising costs. Borrowers in these sectors may experience margin compression, affecting their ability to service debt. Banks must therefore reassess sectoral exposure. Credit models that rely on stable cost assumptions must be recalibrated to account for volatility which requires more granular risk assessment.
Banks must evaluate not only sectorlevel exposure, but firm-level resilience. Companies with strong pricing power or hedging strategies may withstand volatility better than those with fixed-cost structures. Stress testing becomes more dynamic and scenarios must incorporate prolonged periods of elevated gas prices, supply disruptions and secondary effects such as inflation and interest rate changes.
The third dimension is inflation transmission. As energy costs rise, their effects cascade through the economy. Transportation costs increase. Utility expenses rise. Production costs escalate. These pressures accumulate and translate into higher consumer prices. Inflation influences central bank policy. For Gulf economies, monetary policy alignment with the US Federal Reserve means that inflationary pressures are addressed through higher interest rates. This increases borrowing costs, affects credit demand and influences investment decisions.
The banking system sits within this feedback loop. Retail lending, corporate financing and capital markets activity all respond to shifts in interest rates and inflation expectations. Banks must therefore manage not only financial risk, but macroeconomic transmission.
Strategic priorities
Beyond these immediate dynamics, gas price volatility is reshaping longer-term strategic priorities across the region.
REGIONAL ENERGY MARKET
Energy transition considerations are accelerating. While natural gas remains a critical component of global energy supply, its volatility has reinforced the importance of diversification. Governments across the Middle East have announced netzero commitments and sustainability strategies aimed at reducing long-term reliance on hydrocarbons.
For banks, this introduces a dual mandate. On one side, traditional energy financing remains significant. LNG projects, petrochemical infrastructure and related industries continue to require capital. On the other, financing for renewable energy, green infrastructure and sustainability-linked initiatives is expanding. Institutions such as Qatar National Bank and Saudi National Bank are increasingly involved in financing both conventional and renewable energy projects, reflecting the transitional nature of the region’s economic trajectory. This dual-track approach is not temporary. It reflects the structural complexity of the energy transition.
The geopolitical dimension amplifies these challenges. The Gulf operates within a heightened risk environment defined by evolving security dynamics, technological advancements in missile and drone capabilities and ongoing maritime concerns. The Strait of Hormuz remains central to this environment. Any perceived disruption influences global markets. Shipping costs increase, insurance premiums rise and supply chains adjust. Even without direct physical disruption, the perception of risk can alter pricing behaviour and financial markets respond accordingly. Banks must incorporate geopolitical risk into their frameworks. This includes not only direct exposure, but second-order effects like supply chain disruption, inflationary pressure and shifts in investor sentiment.
Institutional resilience
Regulatory frameworks have strengthened. Compliance standards have aligned with international expectations. Financial centres such as
DIFC and ADGM provide legal clarity and governance certainty. This institutional strength supports confidence and confidence supports capital flows.
The broader question, however, is not whether gas prices will remain volatile, because they will.The question is how the region will adapt. The Middle East is no longer defined solely by its role as an energy supplier. It is increasingly defined by its ability to manage the consequences of energy volatility.
Banks sit at the centre of this transformation. Their ability to manage liquidity, allocate credit and support economic diversification will determine how effectively the region navigates the current cycle.The price of gas is no longer just a commodity signal, it is a systemic one. If the first-order effects of gas price volatility are visible in inflation, fiscal balances and liquidity, its second-order consequences are felt in structure — in the way economies allocate capital, in the way banks price risk and in the way financial systems redefine their role within increasingly uncertain environments.
Volatility, once episodic, is becoming embedded. For the region, this represents a transition from cyclical adjustment to structural adaptation. The transmission mechanism through which this occurs is both global and regional. Energy pricing, particularly within LNG markets, is now influenced by multiple overlapping forces: geopolitical positioning, long-term supply contracts, spot market competition and infrastructure constraints. This complexity means that price signals are no longer clean reflections of supply-demand balance. They are composite indicators of risk, scarcity and expectation.
For banks, this changes the nature of forecasting. Traditional economic cycles allowed for relatively stable modelling assumptions. Energy prices would rise or fall within predictable bands, allowing financial institutions to calibrate lending strategies accordingly. In the current environment, those bands have widened and scenario planning must now account
for volatility as a constant rather than an exception.
This has direct implications for capital allocation. Banks across the region are increasingly shifting from static lending frameworks to more dynamic portfolio management approaches. Exposure limits are adjusted more frequently. Sectoral allocations are reassessed in real time. Risk-weighted assets are monitored with greater granularity. Institutions such as Qatar National Bank have expanded their regional and international footprint while simultaneously strengthening internal risk frameworks, reflecting the need to balance growth with resilience. Similarly, Saudi National Bank has continued to support large-scale infrastructure and energy-related projects while maintaining capital discipline aligned with regulatory expectations.
Project finance.
The balance between growth and prudence is becoming more delicate and this is particularly evident in project finance. Large-scale energy projects, whether LNG terminals, petrochemical complexes or renewable infrastructure, require longterm capital commitments. In a volatile pricing environment, the assumptions underpinning these projects become more complex. Revenue projections must incorporate wider price ranges. Financing structures must account for potential delays or cost overruns.
Banks must therefore deepen their due diligence. Partnership models evolve and syndicated lending structures become more common, distributing risk across multiple institutions. Sovereign involvement, whether through guarantees or co-investment, provides additional layers of security.
The role of sovereign wealth funds becomes increasingly central in this context. Institutions such as the Abu Dhabi Investment Authority and Mubadala Investment Company provide not only capital but strategic direction. Their ability to deploy long-term capital across cycles reinforces stability within domestic
financial systems. During periods of elevated energy prices, increased inflows strengthen their investment capacity, allowing for counter-cyclical deployment when required. This creates a reinforcing loop. Energy revenues support sovereign wealth accumulation. Sovereign wealth supports investment and diversification. Diversification reduces long-term dependency on energy.
Banks operate within this loop. They finance projects aligned with national strategies. They intermediate capital flows between sovereign entities and private sector participants. They support economic transformation initiatives that extend beyond hydrocarbons.
The UAE provides a particularly illustrative case of how this loop functions in practice. The country’s diversification strategy has been consistent and deliberate. Financial services, logistics, aviation and technology have grown alongside traditional energy sectors. As a result, the UAE’s banking system is exposed to a broader economic base than many of its regional peers. Institutions operate across multiple sectors and geographies, providing resilience through diversification. Their lending portfolios span corporate banking, trade finance, retail lending and international operations and this diversification reduces concentration risk. However, it also introduces complexity and banks must manage exposure to global markets, regional dynamics and domestic economic conditions simultaneously. Gas price volatility influences all three.
Trade finance
Trade finance provides a clear example. As energy prices influence global trade flows, shipping volumes, logistics costs and supply chain reliability are affected. Banks financing trade transactions must account for these variables. Credit risk extends beyond borrower strength to include supply chain stability.
Insurance costs, particularly in maritime transport, become relevant factors. The Strait of Hormuz remains
a critical corridor in this context. Any perceived increase in risk can lead to higher insurance premiums, rerouting of shipments and delays in delivery. These factors influence trade financing structures, pricing and risk assessment. Banks must therefore integrate geopolitical considerations into operational frameworks. This integration extends to liquidity management.
In periods of elevated energy prices, liquidity within the banking system may increase. However, this liquidity is not evenly distributed. Government-related entities and large corporates may generate significant deposits, while smaller businesses face tighter margins due to rising costs so banks must allocate liquidity efficiently. This involves balancing lending to high-quality borrowers with support for sectors under pressure. It also requires maintaining sufficient buffers to absorb potential shocks.
Regulatory frameworks
Regulatory frameworks play a critical role in this process. Central banks across the region, including the Central Bank of the UAE and the Saudi Central Bank, have aligned supervisory practices with international standards. Basel III capital requirements, liquidity coverage ratios and stress testing frameworks provide structural safeguards. These frameworks are not static, evolving in response to changing conditions and operational resilience has become a focal point of this evolution.
The Basel Committee’s principles emphasise the need for banks to maintain critical operations under severe disruption scenarios. In the context of energy volatility and geopolitical uncertainty, this includes ensuring continuity of payment systems, data infrastructure and customer access.
Cybersecurity is integral to this. As financial systems become more digitised, the potential for disruption increases. Geopolitical tensions can amplify cyber risks, making robust security frameworks essential. Banks must invest in technology, governance and incident
response capabilities to protect critical infrastructure. The UAE’s regulatory emphasis on information security reflects this reality. Financial resilience is no longer defined solely by capital adequacy. It is defined by operational continuity.
Regional outlook
Beyond institutional responses, gas price volatility is also reshaping the strategic outlook for the region.The energy transition, often discussed in long-term terms, is being influenced by short-term volatility. High gas prices can accelerate investment in alternative energy sources. Renewable projects become more economically viable. Governments are incentivised to diversify energy portfolios. At the same time, natural gas remains essential, providing baseload power, supporting industrial activity and complementing intermittent renewable sources. The transition, therefore, is not a replacement but a rebalancing. Banks must navigate this duality. Financing decisions must support both current energy needs and future sustainability goals. Risk frameworks must account for transition risks, including regulatory changes, technological advancements and shifts in investor preferences.
Sustainability-linked financing instruments are becoming more prominent. Green bonds, sustainabilitylinked loans and ESG-focused investment strategies are expanding across the region. Banks are aligning portfolios with national and international sustainability objectives and this alignment is not purely reputational, it reflects changing capital flows. Global investors are increasingly integrating ESG considerations into allocation decisions. Financial institutions that align with these trends gain access to broader pools of capital.
The Middle East, with its combination of energy resources and financial capacity, is uniquely positioned to influence this transition. The region can continue to supply global energy markets while investing in future systems but the challenge lies in execution.
From Regulation to Resilience
Held on the 5th of February 2026 at JW Marriot Hotel, Dubai Marina, the lively and enthusiastic panelists taking part in the Loxon and MEA Finance Roundtable, discussed the key issue of early warning systems for more effective credit risk management and as strategic engines of risk and resilience, and how they help banks address CBUAE rulebook
and IFRS 9 staging challenges
There is a moment, early in every meaningful industry conversation, when the tone shifts—from presentation to realisation. At the MEA Finance roundtable hosted in partnership with Loxon, that shift came not with a question, but with a premise.
“We are not talking about systems anymore,” opened Tamas Erni, setting the tone with quiet precision. “We are talking about an integrated business and risk system”.
It was a subtle but important distinction. What followed over the next three hours was not a discussion about tools, models or compliance checklists. It was a deeper, more urgent conversation about how banks in the GCC, and increasingly across global markets, must rethink the very architecture of credit risk.
Erni’s opening remarks traced the evolution of Loxon’s journey from Europe
into the Middle East, but quickly moved beyond institutional history into something more structural. The banking industry, he suggested, is no longer able to operate through fragmented layers of early warning, collections and provisioning. These are no longer separate disciplines. They are, in practice, one continuous process—one that must be understood, managed and optimised as a whole.
The regulatory backdrop has only accelerated this convergence. Under the Central Bank of the UAE Rulebook, the expectation is no longer limited to accurate reporting, but extends to demonstrable foresight. Banks are required to show not only what has happened within their portfolios, but what is likely to happen—and why.
That shift, from hindsight to foresight, became the thread that carried the discussion forward. What Erni laid out
was not simply a technical roadmap, but a philosophical one. Data, in this new environment, cannot be partial or incomplete, it must be exhaustive. Financial statements alone are no longer sufficient indicators of creditworthiness. Banks must now incorporate qualitative observations, behavioural patterns, industry signals and external market intelligence into a single, integrated view. “We have to collect each and every possible information,” he noted, “not only financial data… but all non-financial qualitative information… and all externally available information”.
This widening of the data lens was not viewed as a purely technical shift, but as a necessary correction to longstanding blind spots within traditional risk frameworks. As the discussion unfolded, it became evident that several participants were already confronting
the consequences of incomplete data assumptions in their own portfolios.
Ayman Desouky brought this sharply into focus, redirecting attention upstream—towards origination itself. “It’s the onboarding,” he said candidly. “If we go deeply about onboarding… banks are looking for profit… they ignore it”.
He continued, expanding on the tension between growth and discipline: “Some of them… they are trying to cover their eyes… they don’t care about the quality right now… they are looking for profit”.
His remarks introduced an uncomfortable but necessary truth: early warning systems, no matter how advanced, are ultimately reactive to decisions already made.
The implication is both operational and cultural. It requires institutions to rethink not only how they collect data, but how they interpret it, how they act on it and critically, how quickly they respond. Because if there was one theme that surfaced repeatedly throughout the discussion, it was time.
Time, as several participants would later emphasise, is the most underappreciated variable in credit risk.
The conversation naturally transitioned into the mechanics of early warning itself, but even here, the framing was different. Early warning systems, the panel agreed, are too often misunderstood as compliance tools; boxes to be ticked in alignment with IFRS 9 or regulatory mandates. In reality, their value lies elsewhere.
They are, as Erni described, the mechanism through which a bank can “understand before things happen, what might happen and what we have to do to avoid that”. That idea—anticipation rather than reaction—was echoed by multiple voices around the table.
Drawing from his own experience, Sahil Kumar reflected on the transformation brought about by IFRS 9. The introduction of expected credit loss frameworks marked a decisive shift away from backward-looking metrics. “Thirty plus days past due is a lagging indicator,”
THIRTY PLUS DAYS PAST DUE IS A LAGGING INDICATOR. IT TELLS US WHAT HAS ALREADY HAPPENED, NOT WHAT IS GOING TO HAPPEN
– Sahil Kumar
he said. “It tells us what has already happened, not what is going to happen”.
The conversation at this point began to branch into how these lagging indicators are often misinterpreted—not because of model limitations, but because of structural mismatches within lending frameworks themselves. Rajesh Malghani illustrated this with a practical example rooted in facility design. “When we are structuring the facility… rents are collected across the quarter, instalment comes on one day,” he explained. “We are missing this link… then we realise he’s a good client… it’s only the cash flow”. He added: “So the structuring of facility… it adds up”.
The implication was clear—what appears as early warning may, in some cases, be a reflection of misaligned structuring rather than genuine credit deterioration. This distinction, while widely acknowledged in theory, remains unevenly applied in practice. Many institutions, despite sophisticated systems, still rely heavily on indicators that only surface risk after it has materialised.
It was at this point that the discussion began to deepen. Khurram Chishti, speaking with the conviction of someone who has seen these systems implemented firsthand, challenged the room to reconsider the purpose of early warning altogether”.The 30-day DPD backstop is not a signal,” he said. “It’s the last acceptable”. What banks need, he argued, is not confirmation of distress, but prediction of behaviour. “Our biggest risk isn’t a model error,” he continued. “It’s a human delay”.
Several participants around the table acknowledged this point, noting that in many cases the issue is not the absence of data, but the delay in acting upon it.
“There is always a lag between knowing and doing,” one participant added, reinforcing the operational gap that continues to challenge even wellequipped institutions. The line resonated across the room. It captured, in a single sentence, the central tension facing modern risk management: the gap between insight and action.
Early warning systems, when properly designed, do not eliminate risk. They compress the time available to respond to it. And in doing so, they create optionality— arguably the most valuable asset in credit management.
That optionality was illustrated in practical terms by several participants. Mahvish Khan spoke to the impact on capital efficiency, noting that early intervention can fundamentally alter the trajectory of a distressed exposure. “You can take a haircut early,” she explained, “rather than wait for multiple restructurings and recover only a fraction later”.
The financial implications are significant. Earlier action means lower provisioning, reduced loss severity, and ultimately, stronger balance sheet resilience.
Yet the discussion was far from one-sided. As the conversation moved deeper into real-world application, Manoj Jayasooriya introduced an important counterpoint—one rooted not in models or regulation, but in human behaviour. “There are customers who have the ability to pay, but not the willingness,” he observed.
This behavioural complexity opened the door to a broader reframing of early warning—not only as a defensive mechanism, but as a strategic tool.
Andras Bali introduced this perspective with a shift in emphasis. “We have been talking about early warning
as something that prevents something bad from happening,” he said. “But that same data… the same analytics… can also be used to predict something good”. He continued: “The data you collect… from internal, external, history… you can also use it to increase business… not only to prevent”.
This reframing expanded the role of early warning from risk mitigation to opportunity identification—positioning it as a dual-purpose capability embedded within the broader credit lifecycle. In such cases, rigid adherence to staging rules can distort the true quality of a portfolio. A client may be temporarily delinquent, yet fundamentally sound. The system, however, does not always account for
Bryan Stirewalt captured this reality succinctly. “In this market… it’s very easy to leave,” he said, referring to the transient nature of the expatriate population. For banks, this creates a unique form of risk. The window for intervention is shorter. The consequences of inaction are more immediate. Early engagement is not just beneficial—it is essential.
This was reinforced by Nivedita Khanna, who highlighted a gap that remains largely unresolved across the region: the inability to effectively identify “skippers”— customers who exit the market before obligations are fulfilled. “That’s the biggest challenge that we have,” she noted.
The limitations of visibility became even more pronounced when viewed from
cultural nuances, payment behaviours or local market dynamics. This tension between standardisation and context would emerge as a recurring theme throughout the session.
Responding to this, Erni drew a clear line between regulatory classification and risk understanding. “We don’t classify someone as Stage 2 because the early warning system says so,” he clarified. “We classify because regulation says so… but the model may still show that the customer will cure”.
In other words, early warning is not about replacing regulation, but about seeing beyond it. It provides a parallel lens—one that allows banks to differentiate between temporary signals and structural deterioration.
This distinction becomes particularly critical in markets such as the UAE, where structural characteristics differ markedly from more mature economies.
where access to real-time behavioural data is often limited. “We don’t have realtime data,” he said. “If the customer is with another bank… we depend on that”. He elaborated on how this shapes their approach: “It’s more critical… how to use this existing data to onboard a customer… and manage the existing portfolio… to prevent non-performing”. He further noted: “We see employees from one company… defaulting… we assess the whole employee performance… and take proactive action”.
This introduced a broader dimension to early warning—one that extends beyond individual borrowers to group-level and ecosystem-based risk patterns. While macroeconomic indicators are widely
institutions operating outside traditional banking infrastructure. This was echoed by another participant, who noted that while macroeconomic indicators are increasingly accessible, “the real issue is visibility at the individual level… we still don’t see early enough what is happening on the ground”. The observation reinforced the broader concern that early warning systems, despite their advancement, remain constrained by incomplete ecosystem-level data.
Maniraj Manickaraj highlighted the constraints faced by finance companies,
available, micro-level intelligence—sectorspecific stress, employment volatility, behavioural signals—remains fragmented. As a result, many institutions are still operating in a reactive mode, responding to events rather than anticipating them.
And yet, despite these challenges, the conversation remained firmly forward-looking. If anything, the diversity of perspectives underscored a shared understanding: that early warning systems are no longer optional enhancements. They are foundational to the future of banking.
THERE ARE CUSTOMERS WHO HAVE THE ABILITY TO PAY, BUT NOT THE WILLINGNESS
– Manoj Jayasooriya
What is changing is not just the technology, but the mindset. The shift is from compliance to intelligence. From monitoring to prediction. From reaction to strategy. And as the discussion would go on to explore— particularly in the context of AI, digital engagement, and integrated collections—this transformation is only just beginning.
There is a tendency in banking conversations—particularly those framed around regulation—to begin with structure, with frameworks, with definitions. Yet what unfolded at the MEA Finance roundtable in partnership with Loxon was something altogether different. It began not with regulation, but with a reframing of intent.
“We are not talking about separate systems,” said Tamas Erni, almost
no longer sufficient to demonstrate accuracy in hindsight. Institutions are now required to evidence foresight— continuously, consistently and at scale.
And foresight, as became clear, is not something that can be engineered through isolated datasets or siloed systems.
“We have to collect each and every possible information,” Erni continued, expanding on the breadth of what this new paradigm demands. “Not only financial data… but qualitative information… external information… everything that can determine what will happen to the customer”.
The room understood the implication immediately. This is not incremental change. This is a redefinition of how risk is observed, interpreted and acted upon.
immediately shifting the room away from conventional thinking. “Early warning, collections, provisioning… provide actually one integrated business and risk system”. It was not just an opening remark. It was a recalibration.
For much of the past decade, banks across the GCC—and indeed globally— have approached early warning as a compliance layer, an extension of IFRS 9 requirements, a mechanism to satisfy regulatory expectations around staging, provisioning and reporting. What Erni articulated instead was something far more structural: that early warning is not a function. It is an operating model.
From that point onward, the discussion moved with a quiet intensity, anchored in the recognition that the regulatory environment, particularly under the Central Bank of the UAE Rulebook, has fundamentally altered the expectations placed on financial institutions. It is
It is a point that has been made in many forums. But here, within the context of the GCC market, it carried a different weight. Because the region’s unique dynamics—transient populations, rapidly evolving sectors, concentrated exposures—compress the timeline within which risk materialises. And if time is compressed, then the margin for error narrows accordingly.
Khurram Chishti leaned into this idea, reframing the conversation in terms that resonated beyond technical implementation. “The 30-day DPD (Days Past Due) is not a signal,” he said. “It’s the last acceptable”. What followed was perhaps one of the most defining insights of the session.“Our biggest risk isn’t a
Because once the premise shifts from reporting to prediction, the entire architecture of credit risk must evolve with it.
The traditional model—built around discrete checkpoints such as days past due, covenant breaches or cheque returns—begins to feel insufficient, even outdated. These are, at best, confirmation signals. They tell the bank what has already happened. They do not provide the time advantage required to intervene meaningfully.
That distinction was articulated with clarity by Sahil Kumar, who placed IFRS 9 within its proper context—not as an accounting standard, but as a structural shift in risk philosophy. “They moved from a reactive approach to a forward-looking approach,” he noted, reflecting on the evolution since its introduction. “Thirty plus is a lagging risk metric… it tells us what has already happened”.
model error,” he added. “It’s a human delay”. The remark captured, with striking simplicity, the central tension facing modern banking institutions. It is not that banks lack data. Nor is it that they lack models. It is that the translation of insight into action remains uneven—often slowed by process, by culture, by uncertainty.
Early warning systems, in their truest form, are not designed to eliminate risk. They are designed to compress the time between awareness and action. And in doing so, they fundamentally alter the economics of credit. In distressed scenarios the timing of intervention can determine the difference between controlled loss and systemic erosion. This is where early warning transitions from theoretical value to measurable impact. Earlier intervention reduces loss given default, stabilises provisioning requirements, and ultimately enhances capital efficiency.
Yet as the conversation unfolded, it became equally clear that prediction alone is not enough.
Because banking, particularly in markets such as the UAE, is not governed solely by data. It is shaped by behaviour, by culture, by human decision-making that does not always conform to modelled expectations.
Manoj Jayasooriya introduced this complexity with a perspective that challenged the room to think beyond system outputs. “There are customers who have money,” he observed, “but they don’t want to pay it now… they manage their finances differently”. In such cases, the rigidity of staging frameworks can distort reality. A customer may technically breach thresholds that trigger
residents carries profound implications for credit risk. In more stable markets, deterioration often follows a gradual trajectory, allowing multiple intervention points. In the UAE, that trajectory can be abrupt. The exit risk—whether through business closure, relocation or financial disengagement—is structurally higher. Which means early warning, in this context, is not simply about better prediction. It is about faster engagement and identifying stress signals while the customer is still within reach,operationally, financially and geographically.
Yet even as banks refine their internal capabilities, gaps remain at the ecosystem level. Nivedita Khanna brought this into sharp focus, highlighting
provisioning, yet remain fundamentally creditworthy. The system, however, does not always capture nuance. This tension between regulatory standardisation and real-world variability runs through the fabric of credit risk in the region.
Responding to this, Erni drew a necessary distinction.“We don’t classify someone as Stage 2 because the early warning system says so,” he clarified. “We classify because regulation says so… but the model may still show that the customer will cure”.
In that statement lies the duality of modern risk management. Regulation defines the framework. Early warning defines the understanding. And the ability to operate effectively within both is what separates reactive institutions from strategic ones.
The discussion then widened, moving from individual customer behaviour to broader market dynamics. The market, comprising high levels of ex-patriate
This disconnect between capability and visibility would become a recurring undercurrent throughout the discussion. Because if early warning is to fulfil its promise, it must extend beyond internal data. It must incorporate external signals, behavioural indicators and, increasingly, alternative data sources that provide a more complete picture of customer reality. It was at this juncture that the conversation began to edge toward the role of technology—not as a standalone solution, but as an enabler of scale.
Erni returned to the floor to emphasise a point that is often overlooked in discussions around digital transformation.
“When I talk about digitalisation,” he said, “it doesn’t mean that we simply take the
the persistent challenge of identifying “skippers”, customers who exit the system entirely. “That’s the biggest challenge that we have,” she said.
While macro indicators such as oil prices, PMI or sector performance are widely available, micro-level intelligence remains fragmented. Employment volatility, sector-specific downturns, behavioural shifts at the individual level are often only visible after the fact. As a result, many institutions find themselves operating in a reactive posture, despite having invested heavily in predictive frameworks.
current manual processes and support them with an IT system”. Instead, it requires a rethinking of the process itself.
This distinction is critical. Many institutions, in their pursuit of efficiency, digitise existing workflows without questioning their underlying logic. The result is faster execution of fundamentally unchanged processes. What is required instead is process transformation is a redefining how early warning, collections and customer engagement are structured in a digital-first environment. And nowhere is this more evident than in customer interaction.
WHEN I TALK ABOUT DIGITALISATION, IT DOESN’T MEAN THAT WE SIMPLY TAKE THE CURRENT MANUAL PROCESSES AND SUPPORT THEM WITH AN IT SYSTEM
– Tamas Erni
“Mobile phone is the primary channel,” Erni noted. “Customers will be reached through primarily their mobile channel… and they will act differently”.
This shift in behaviour has direct implications for early warning and collections. Digital-native customers respond differently to outreach. They engage differently with repayment options. They expect immediacy, transparency and convenience. Which means the effectiveness of early warning is no longer determined solely by the accuracy of the signal, but by the relevance of the response.
This is particularly evident in the divergence between digitally originated loans and traditionally originated ones.
For every discussion about predictive modelling, there must be an equally rigorous conversation about explainability, fairness, and trust. And perhaps most importantly, about adoption.
As Erni recounted from a recent implementation, even the most sophisticated systems can fail if the organisation itself is not prepared to change.
The example was telling. A bank transitioning from manual processes to automated early warning and collections initially experienced operational disruption—not because the system was flawed, but because the people using it were not ready. “They used the system in the morning and the late afternoon,”
As Erni highlighted, customers who enter through digital channels are significantly more likely to engage with digital selfservice collection mechanisms. The implication is clear: origination strategy and risk management are no longer independent variables. They are part of the same lifecycle.
As the discussion deepened further, the introduction of advanced analytics and artificial intelligence began to surface—not as abstract concepts, but as practical tools shaping the next phase of early warning evolution.Yet even here, the tone remained grounded.“Everybody is now trying to understand how to use AI,” Erni remarked, with a hint of understatement. The challenge, as he outlined, is not the availability of technology, but the readiness of institutions to use it effectively.
Because AI, in this context, is only as powerful as the data that feeds it—and the governance structures that surround it.
of the industry’s current ambition,and confusion, resides.
The discussion was then guided toward the evolving role of predictive intelligence, with Andrew Cover, the discussion moderator, prompting a broader reflection on how far early warning systems could realistically extend. “Are we now at a stage where early warning can go beyond customerlevel signals,” he asked, “and begin to anticipate macro-level shocks, industry disruptions or systemic risks before they fully materialise?” His question set the tone for the next phase of the conversation, moving the discussion from operational frameworks into the frontier of data science and predictive modelling.
he said, “and the rest of the time they worked manually”. It is a reminder that transformation in banking is as much about culture as it is about technology. And that early warning, for all its technical sophistication, ultimately depends on human judgement, organisational alignment and the willingness to trust data-driven decisions.
As the room settled into this realisation, the conversation prepared to shift once again—this time toward the intersection of data science, connectivity and the next generation of predictive intelligence.
If the first phase of the discussion established the urgency of early warning as a structural imperative, the next phase moved decisively into the question of how far predictive intelligence can go, and what it actually requires to be meaningful.
It was at this point that the conversation shifted from banking frameworks into the domain of data science, where theory meets application, and where much
Gabor Bendek, introduced not as a technologist but as a “business expert who can explain data so normal people understand it,” immediately grounded the discussion in experience rather than abstraction. “My career started about 25, 26 years ago,” he began, drawing a direct line between early telecom churn models and modern early warning systems. “There was no data science at that time. There was no AI… we called ourselves data explorers or data miners”. The room leaned in, not because of nostalgia, but because the analogy was precise.
What Bendek described was, in essence, the earliest form of early warning: identifying behavioural patterns before an outcome materialises. In telecommunications, the outcome was churn. In banking, it is default. The principle, however, remains identical. “We were trying to find the patterns in the data to predict churn probabilities… and if the company is able to find this
early warning signal then they can do some proactive churn management,” he continued. “That is the main idea of every early warning system… we don’t want to wait until something bad is happening… we want to do something proactive”. What followed was not just a historical account, but a subtle critique of how the industry has evolved.
Despite decades of advancement in computational power, modelling techniques and data availability, the core challenge remains unchanged: identifying meaningful signals early enough to act. And yet, as Bendek pointed out, the nature of those signals is changing dramatically.
“For many years,” he admitted candidly, “I was telling my team—don’t touch unstructured data. Don’t analyse photos, videos, texts… we will never be able to crack it”.
The turning point came with the emergence of generative AI.“After ChatGPT appeared in 2022,” he said, “I told my colleagues, okay, now you can touch unstructured data… now you can crawl the internet, find patterns… this is the new era”.
This shift from structured, transactional datasets to unstructured, contextual information, marks one of the most significant evolutions in early warning capability. It expands the horizon of what can be observed, introduces entirely new categories of signals and perhaps most importantly, it allows banks to begin connecting information in ways that were previously impossible.
Which brings us to what Bendek described as the “special flavour on the cake”: graph analytics. “In a graph,” he
explained, “everything can be connected to everything… our world can be described much better with this interconnectedness of objects”. This idea of interconnectedness would go on to underpin some of the most advanced thinking in the room. Because if risk is no longer isolated at the customer level, but instead exists within a network of relationships, for example between industries, geographies, counterparties, then early warning must evolve accordingly. It must move from linear prediction to network-based intelligence. And it is here that the conversation began to stretch beyond traditional banking boundaries.
The question posed by the moderator, whether macroeconomic shocks, geopolitical events, or industry disruptions could be integrated into early warning frameworks, opened a new dimension of debate. Andrew Cover sharpened that macro lens further by asking whether external developments should themselves become early signals: “Does something like bad news… trigger awareness or put a little red flag up…?” He then widened the frame still more, asking whether a geopolitical or trade shock—“if a large economic power decided… we’re going to have tariffs”— would prompt institutions to watch existing exposures more closely while also identifying new lending opportunities. Could banks, for example, anticipate the ripple effects of tariffs, sovereign crises or sectoral downturns? Could early warning move from micro-level prediction to macro-level simulation?
Mahvish Khan framed the challenge with clarity. “When you step away from the commercial and corporate segments,”
ARE WE NOW AT A STAGE WHERE EARLY WARNING CAN GO BEYOND CUSTOMER-LEVEL SIGNALS AND BEGIN TO ANTICIPATE MACRO-LEVEL SHOCKS, INDUSTRY DISRUPTIONS OR SYSTEMIC RISKS BEFORE THEY FULLY MATERIALISE?
– Andrew Cover
she said, “you may have an industry wave… a sovereign crisis… a regulatory announcement… how does AI help predict that?” It is a question that sits at the frontier of current capability, and Bendek’s response was both ambitious and grounded.“With graph models,” he explained, “it is possible to show the connections… and simulate if something is hit here, how it moves across your customers”.
The concept is powerful: a domino simulation of risk propagation, where shocks in one part of the system can be traced through interconnected exposures. Yet, even as he described the potential, Bendek was careful to highlight the limitations. “It’s not easy,” he admitted. “You probably have to use your own data… nobody is going to share their data with you”.
And therein lies one of the fundamental constraints of modern risk modelling. Each institution operates within its own data ecosystem; rich, but inherently incomplete. Which introduces bias, limits generalisability, and which ultimately means that early warning models are not commodities.
“The early warning model is not something you take from the shelf,” he said. “Everybody has to cook from what they have”.
The metaphor resonated because it reframes early warning not as a product, but as a capability—one that must be built, refined and continuously adapted. And one that carries its own paradox.
“If you build a good early warning model,” Bendek continued, “and you use it to avoid defaults, those saved customers cannot be used for further training”. In other words, success reduces the availability of failure data. A model that works well begins to erode its own training base. It is a nuance that underscores the complexity of sustaining predictive systems over time.
As the discussion absorbed this, the conversation began to pivot once more— this time toward the practical realities of implementation across different types of financial institutions. Because while banks operate within structured regulatory environments, fintechs operate under
entirely different constraints. Menna Mustafa articulated this contrast with striking clarity.“For banks,” she said, “it has already matured… there are books, practices, regulation… you can work as per the book”. But fintech, she argued, is an entirely different landscape. “In fintech, it’s totally different, totally challenging… with short-term loans… three instalments, that’s it. You need to predict the risk very, very early”. There is no margin for delayed detection, no extended recovery cycle and no structural cushion. “You need to be way more cautious even than banks,” she added. “Especially when launching new products where basically, we don’t have any data”.
This introduces a new dimension to early warning: operating under uncertainty. Where banks rely on historical datasets, fintechs often operate in datasparse environments. Where banks refine models, fintechs must build them in real time. And yet, both are converging toward the same objective: predicting behaviour before it manifests.
The divergence, however, becomes even more pronounced when viewed through the lens of economics. Somu Roy introduced a perspective that cut through much of the technological enthusiasm. “At a 50% APR,” he said bluntly, “you don’t need AI… you can run a profitable model on Excel”. The remark drew laughter, but its implications were serious. When margins are sufficiently high, the incentive to invest in sophisticated risk management diminishes. Risk becomes priced in, rather than managed. “You make your money even if they default,” he continued, describing segments where high yields offset losses.
Which raises an uncomfortable but necessary question. Is the adoption of early warning driven by necessity—or by constraint? As Roy suggested, it is often regulation or margin compression that forces innovation. “If there is a rate cap,” he argued, “you will get risk management involved”.
Bryan Stirewalt reinforced this with a parallel from the US market.
THAT IS THE MAIN IDEA OF EVERY EARLY WARNING SYSTEM… WE DON’T WANT TO WAIT UNTIL SOMETHING BAD IS HAPPENING… WE WANT TO DO SOMETHING PROACTIVE
– Gabor Bendek
“When liability changed… risk management got attention,” he said, highlighting how regulatory shifts can fundamentally alter institutional behaviour. This interplay between economics, regulation and innovation sits at the core of the early warning evolution. Because while technology enables capability, it is constraint that drives adoption. And nowhere is this more evident than in markets undergoing structural change.
Tamas Erni returned to this theme with a long-term perspective. “You might ask… do we have a risk problem? No. Do we have a profitability problem? No,” he recounted from a European banking project. “So why invest? Because when the next crisis comes, we will be ready”. It is a statement that speaks directly to strategic foresight. Early warning, in its most mature form, is not a response to current stress. It is a preparation for future uncertainty. “If you start then,” he warned, “it’s far too late”. That sentiment lingered because it encapsulates the central paradox of early warning investment: its value is most visible only when it is already too late to implement. And yet, as the discussion would go on to reveal, the industry is beginning, slowly but decisively,to move in that direction. Not because it is convenient, but because it is becoming unavoidable.
If the earlier stages of the discussion established the architecture of early warning and the expanding role of data, the final phase of the roundtable brought the conversation to its most practical and consequential dimension: execution. Because if early warning is to fulfil its promise, it cannot exist in isolation.
It must connect directly, continuously and intelligently with the next stage of the credit lifecycle. Collections. And it was here that the discussion shifted from theory to reality.
The integration of early warning and collections is often spoken about conceptually, yet rarely implemented in a way that reflects the true continuity of customer behaviour. What emerged in the room was a shared recognition that the separation of these functions, organisationally, operationally and technologically, is one of the most persistent inefficiencies in modern banking.
Khurram Chishti provided perhaps the most vivid illustration of what true integration looks like. Not in model design, but in action. “What happens is that… we got this news of a particular person about to skip,” he began, recounting a real case. “So I, along with the relationship manager, went to this customer… we told him we are launching a new product… priced lower than your existing one… but you need to settle this facility first”. The strategy was simple, but precise. “So what the customer did, he paid up the facility,” Chishti continued. “As soon as he paid… we cancelled the account… and we managed to save around 6 million dirhams”. The significance of this example extends far beyond the number itself. It demonstrates that early warning is not merely about identifying risk—it is about creating options. Options in pricing, in restructuring and in engagement. And critically, options that are only available when the signal arrives early enough to act.
Chishti was explicit in drawing the distinction. “Early warning is not about predicting fraud,” he clarified. “It’s about
determination of credit worthiness early enough so that we have sufficient choices”. This idea, choice as a function of time, became the defining principle of the final discussion. Because once time is lost, choice disappears, and with it, the ability to influence outcomes.
Sahil Kumar extended this thinking into a more structured framework, articulating what could be described as the operational backbone of integrated early warning.“There are three parts,” he said. “First is the signal, second is segmentation and then comes the treatment”. The simplicity of the framework belies its importance. Signals, no matter how sophisticated, have no value unless they are contextualised. Segmentation ensures that signals are interpreted correctly, distinguishing between high-risk exposures, behavioural anomalies and temporary deviations. Treatment, ultimately, determines the outcome. Whether that treatment is a soft nudge, a restructuring or a strategic exit depends not only on the signal itself, but on the bank’s ability to act with precision. And this is where the integration challenge becomes most visible.
Ahmad Jarrar brought this into sharp focus, challenging the very notion that early warning and collections should exist as separate systems. “Collection and early warning system… it should be one system actually,” he said. “Because you start the collection based on what you have in your data as early warning signs… everything is in the early warning system”. The implication is both logical and profound. If collections teams operate without full visibility into the behavioural signals that preceded default, they are effectively operating blind. “They have to understand what was happening,” Jarrar continued. “Then they continue… this is the way it has to be done”. This continuity, between pre-default behaviour and postdefault action, is what defines a truly integrated risk system.
As the discussion progressed, another participant highlighted that even when signals are identified early, “the challenge
IN FINTECH, IT’S TOTALLY DIFFERENT, TOTALLY CHALLENGING… WITH SHORT-TERM LOANS… THREE INSTALMENTS, THAT’S IT. YOU NEED TO PREDICT THE RISK VERY, VERY EARLY
– Menna Mustafa
is aligning internal teams fast enough… risk, collections and business don’t always move at the same speed”. This further underscored the importance of integration—not just at a system level, but across organisational structures.
Returning to the operational realities of risk management, Ayman Desouky reinforced the importance of anticipating failure beyond model outputs. “Expect what is not expected,” he said. “Choose the worst scenario”. He illustrated this through process-level vulnerabilities, noting how seemingly routine operational decisions can introduce unintended exposure: “Who will guarantee… this guy will not run away?” His intervention served as a reminder that early warning systems do not eliminate uncertainty, they simply make it visible sooner. And yet, in many institutions, it remains fragmented, data is handed over, context is lost and the opportunity to intervene intelligently is diminished.
The discussion then moved toward one of the most debated and contested topics in modern banking: data sharing. Because while individual institutions can build increasingly sophisticated models, there are limits to what can be achieved within isolated datasets. Madhavi Bhatia raised the question directly. “Once data sharing comes in, maybe that will actually help in the collections process,” she suggested. “You are able to predict the behaviour of the customer way ahead of time”.
The moderator, Andrew Cover brought the open-banking implications into the room with equal directness: “With the flourishing of open banking and open finance, will financial institutions become more comfortable over time with sharing information?” His question
captured the cautious optimism around broader visibility, even as participants acknowledged that competitive, compliance and privacy concerns would continue to slow full-scale data sharing. The idea of shared intelligence, whether it be through open banking, consortium models or centralised platforms, holds obvious appeal. More data leads to better prediction and better prediction leads to earlier intervention which leads to improved outcomes.
But as the discussion quickly revealed, the reality is more complex. Tamas Erni responded with measured scepticism. “This is a very longstanding concept,” he noted, “and it is always blocked… because if someone has that, then that someone knows everything”. The tension between data utility and data privacy remains unresolved. While credit bureaus have achieved significant progress, particularly in markets such as Kuwait, there are structural limits to what can be shared. Transactional data, behavioural insights and real-time signals remain largely confined within institutional boundaries. And yet, as Gurcharan Chhabra pointed out, alternative models do exist. “In fraud consortiums, we don’t share personally identifiable information,” he explained. “We share device-related information… and that’s very effective”. The distinction is critical. It suggests that collaboration does not require full transparency, but rather targeted intelligence sharing that is enough to identify risk patterns without compromising privacy. This approach, already proven in fraud prevention, may well represent a viable path forward for early warning. Because at its core, early warning is not about ownership of data.
It is about visibility of risk. And visibility, as the discussion repeatedly highlighted, remains uneven across the ecosystem.
This is particularly evident in the gap between real-time and lagging systems. From a fraud perspective, Chhabra noted, alerts can be generated within seconds. “In fraud, we get a transaction alert in three seconds,” he said. “I don’t think collections colleagues get that”. The contrast is striking. While fraud systems operate in near real-time, collections processes often rely on delayed signals that can be days, weeks, sometimes months after the initial behaviour change. Which raises an important question. If real-time detection is possible in one domain, why not in another? The answer, as became clear, lies not in technology, but in prioritisation. Fraud represents immediate financial loss. Credit deterioration, by contrast, unfolds over time.
But as the industry evolves, that distinction is beginning to blur. Because the earlier a signal is detected, the more effectively it can be acted upon. And the more effectively it is acted upon, the less likely it is to become a loss.
This brings us back, once again, to time. Time as the defining variable. Time as the differentiator between reactive and proactive institutions. Time as the bridge between data and decision. Yet even as systems become faster, models more sophisticated and data more abundant, one element remains constant - the human.
Throughout the discussion, there was a consistent acknowledgement that no matter how advanced early warning systems become, they cannot, and should not operate in isolation. “The qualitative side… the character of the person… willingness to pay,” Chishti emphasised. “That needs human intervention”. It is a reminder that credit, at its core, is not purely a mathematical construct. It is a behavioural one. And behaviour, by its nature, resists full automation.
Erni reinforced this balance, aligning both with common sense and regulatory direction. “You must keep a human in
the loop,” he stated. “We cannot simply let algorithms decide”. This principle— human-in-the-loop decision making—is rapidly becoming a cornerstone of AI governance across financial markets. Not because models are unreliable, but because accountability, fairness and interpretability remain essential.
The future of early warning, therefore, is not fully automated. It is augmented. Where machines identify patterns and humans interpret context. Where algorithms generate signals and institutions decide how to act.
There was a shared acknowledgement across the table that while models continue to evolve, decision-making remains inherently human. “One thing is clear,” a participant noted. “We can improve the signals, we can improve the models… but ultimately, someone has to take the decision”.
As the discussion approached its conclusion, what emerged was not a single solution, but a convergence of perspectives. Early warning systems are evolving from compliance tools to strategic platforms, from lagging indicators to predictive intelligence and from isolated functions to integrated ecosystems.
But perhaps more importantly, they are redefining the role of risk itself. No longer as a passive measure of exposure, but as an active driver of decision-making, customer engagement and long-term value creation.
The MEA Finance roundtable in partnership with Loxon underscored a fundamental shift in how early warning systems are understood and deployed across the GCC banking sector. What was once viewed as a regulatory necessity is rapidly becoming a strategic capability - one that sits at the intersection of risk, technology and customer engagement.
First, the conversation made clear that early warning cannot remain a fragmented function. The integration of early warning, collections and provisioning into a single, continuous system is no longer aspirational, it is essential. Institutions that fail to bridge these functions will continue
to operate with incomplete visibility and delayed response cycles.
Second, the transition from lagging indicators to forward-looking signals is both necessary and incomplete. While IFRS 9 has set the direction, many institutions remain anchored in backward-looking metrics. The real value of early warning lies not in identifying default, but in predicting behaviour early enough to influence outcomes.
Third, data is both the enabler and the constraint. The expansion into qualitative, behavioural and external data sources is critical, yet challenges around data availability, sharing and governance persist. The future will likely be defined not by full data transparency, but by targeted collaboration including consortium models, alternative datasets and intelligent aggregation.
Fourth, technology alone is insufficient. AI, advanced analytics and graph models offer powerful capabilities, but their effectiveness depends on organisational readiness, data quality and governance frameworks. Without these foundations, even the most sophisticated systems will fail to deliver value.
Fifth, time remains the most critical variable. Early warning systems do not eliminate risk, they compress the time available to act on it. Institutions that can translate signals into decisions faster will consistently outperform those that cannot.
Finally, and perhaps most importantly, the human element remains central. As models become more advanced, the need for judgement, context and ethical oversight becomes more, not less important. The future of early warning is not fully automated. It is human-led and machine-enabled. In this sense, early warning systems are no longer just about risk, they are also about readiness to anticipate, readiness to act and readiness to navigate uncertainty in a market where change is constant and margins for error are narrowing.
And as the discussion made abundantly clear, the institutions that embrace this shift today will be the ones best prepared for the disruptions of tomorrow.
SECURITY AND ANALYTICS:
Threat Prediction and Operational Optimisation
On the 12th of November 2025, at the Four Seasons Resort Dubai, MEA Finance held a roundtable hosted by GBM and Splunk, focused on cybersecurity in banking which has, over the past decade, evolved from a defensive posture to something far more dynamic, systemic and intrinsically tied to business performance
What was once treated as a technical function, confined to IT departments and compliance frameworks, now sits at the very centre of institutional resilience, customer trust and competitive differentiation. Across the Middle East, this transformation is unfolding at pace.
Financial institutions are simultaneously accelerating digital adoption through open banking frameworks, instant payment infrastructures such as Aani and API-driven ecosystems, all while facing an increasingly complex and relentless threat landscape. The convergence of these forces has created a paradox: the more seamless and instantaneous
banking becomes, the more exposed it is to risk.
It is within this context that MEA Finance convened senior leaders from across the banking, technology and regulatory ecosystem convened in Dubai for a roundtable hosted by GBM in partnership with Splunk. The discussion, titled “Security and Analytics: Threat Prediction and Operational Optimisation,” brought together a cross-section of industry voices, from CISOs and digital banking leaders to fraud specialists, infrastructure providers and data strategists, to examine how financial institutions can balance speed, security and intelligence in a rapidly shifting environment.
From the outset, it was clear that the discussion would not be confined to theory. Instead, it would reflect the lived realities of institutions operating at the frontlines of cyber risk—where regulatory expectations, customer behaviour and adversarial innovation intersect in real time.
The session opened with a welcome address from Fabian John D’Mello, Security Leader at GBM, who set the tone by reframing the discussion away from individual technologies and towards systemic transformation.
He began by acknowledging the historical position of banks as early adopters of both technology and security frameworks, noting that financial institutions have long invested ahead of other sectors in areas such as infrastructure resilience, identity management and regulatory compliance. However, he argued that the current environment represents a structural shift— one in which banks are no longer setting the pace, but increasingly responding to it.
“We see of late that business has evolved to a state where you›re actually playing catch up in many aspects,” he observed, pointing to the rapid acceleration of digital services and customer expectations that now outpace traditional security architectures.
This shift, he explained, is not driven by a single factor but by the convergence of multiple pressures. Chief among them is the evolution of cyber threats themselves.
Drawing on GBM’s experience across sectors, including banking, healthcare and enterprise, he highlighted the growing sophistication and persistence of threat actors, noting that attacks are no longer isolated incidents but part of coordinated, multi-vector campaigns.
WE SEE OF LATE THAT BUSINESS HAS EVOLVED TO A STATE WHERE YOU’RE ACTUALLY PLAYING CATCH UP IN MANY ASPECTS
– Fabian John D’Mello
The rise of supply chain vulnerabilities and social engineering tactics, such as domain spoofing and typosquatting, has further complicated the threat landscape. Even well-informed users and mature organisations are now susceptible to breaches that exploit human behaviour as much as technological gaps.
Alongside this, regulatory pressure continues to intensify. Financial institutions operate within one of the most heavily regulated environments globally, particularly in the UAE, where central bank directives and national cybersecurity frameworks impose stringent requirements on data protection, operational resilience and incident response.
At the same time, customer expectations have undergone a fundamental transformation. The demand for real-time services such as instant payments, seamless onboarding and frictionless digital interactions has redefined what constitutes a competitive banking experience. Security, traditionally positioned as a control mechanism, is
now expected to operate invisibly within this ecosystem, enabling rather than hindering customer journeys.
This tension between speed and security, D’Mello suggested, is one of the defining challenges of modern banking.
Compounding these pressures is the internal reality of banking operations. Institutions are increasingly focused on cost optimisation, operational efficiency and workforce rationalisation priorities that often conflict with the need for continuous investment in security capabilities.
“Almost everyone knows banks actually work on three things... cost reduction, operational efficiency, cutting down manpower,” he noted. “And they migrate to new agile infrastructures and processes.”
Yet, these same objectives can inadvertently create vulnerabilities, particularly when legacy systems are retained beyond their optimal lifecycle. The issue of technical debt, where outdated but functional systems remain embedded within core infrastructure, emerged as a critical concern. While such systems may continue to perform their intended functions, they often lack the adaptability required to respond to emerging threats.
Closely linked to this is the challenge of integration complexity. As banks adopt new technologies such as cloud platforms, APIs and digital channels, their environments become increasingly fragmented. This fragmentation creates blind spots, making it difficult to maintain consistent visibility and control across the entire infrastructure.
D’Mello also highlighted the persistent issue of talent and skills gaps within the cybersecurity domain. Despite significant investment in technology,
many institutions struggle to attract and retain the specialised expertise required to manage complex security environments. Competition from fintechs, technology firms and other industries further exacerbates this challenge.
Cultural and organisational resistance adds another layer of complexity. Transformation initiatives often encounter friction within institutions, particularly when they involve significant changes to established processes or systems. Without adequate training and change management, even welldesigned solutions can fail to deliver their intended outcomes.
However, D’Mello was equally clear that banks are not starting from a position of weakness. On the contrary, the industry has already established strong foundations in areas such as identity and access management, regulatory compliance, incident response and employee training. These capabilities provide a solid platform upon which further transformation can be built.
The challenge, he argued, lies in moving beyond these established practices and embracing a more proactive, adaptive approach to security.
One area requiring particular attention is the ability to simulate and respond to real-world attack scenarios. While many institutions conduct tabletop exercises and disaster recovery drills, these often fail to capture the complexity and unpredictability of actual cyber incidents. More advanced simulation techniques, such as controlled malware injections and behavioural analysis, can provide deeper insights into how both systems and personnel respond under pressure.
Data security also emerged as a critical focus area. Traditional approaches, such as data loss prevention and encryption, are no longer sufficient in environments where data is distributed across multiple platforms and geographies. The adoption of more comprehensive frameworks, including Data Security Posture Management (DSPM), is becoming increasingly important to ensure visibility,
control and protection across the entire data lifecycle.
Similarly, API security represents a growing area of concern. As banks expand their digital ecosystems, APIs have become essential for enabling interoperability and innovation. However, they also introduce new vulnerabilities, particularly when they operate outside traditional gateway controls. Managing the full lifecycle of API security, from development to deployment and monitoring, has therefore become a strategic priority.
Central to addressing these challenges is the need for greater automation, orchestration and tool consolidation.
D’Mello illustrated this through real-world examples, including the implementation of Security Orchestration, Automation and Response (SOAR) solutions that have significantly enhanced operational efficiency.
In one instance, a seven-person security team was able to perform the equivalent work of fifty personnel through the use of automation, allowing resources to be redirected towards more strategic activities. However, he cautioned that reliance on legacy tools, even highly effective ones, can introduce new risks, particularly when vendors cease to provide updates or support.
The broader lesson, he suggested, is the importance of continuous reassessment. Technologies that were once considered best-in-class can quickly become liabilities if they are not regularly evaluated and updated.
This principle extends to the consolidation of tools and platforms. Fragmented environments, with multiple overlapping solutions, can create inefficiencies and hinder effective incident response. By integrating IT operations and security functions,
WHAT SORT OF SECURITY DO WE HAVE IN PLACE, AND HOW CAN WE ENSURE THAT THE CUSTOMER CONSENT IS VERY MUCH IN PLACE AND MONITORED?
– Madhavi Bhatia
institutions can achieve greater visibility, faster resolution times and improved overall resilience.
Bringing his address to a close, D’Mello emphasised the importance of moving beyond compliance-driven approaches to security. While regulatory frameworks provide essential guidance, they should not be treated as the endpoint of security strategy.
“Assess your current posture. Don’t hide behind compliance. Don’t hide behind regulation,” he urged.
Instead, institutions must adopt a more holistic perspective; one that prioritises security hygiene, continuous improvement and collaboration with trusted partners.
With the strategic context firmly established, moderator Andrew Cover transitioned the discussion towards a more interactive exchange, posing a central question that would underpin the session:
How can banks transform their security and intelligence capabilities to achieve both optimal cybersecurity and enhanced customer experience, while balancing the competing demands of speed, safety and data-driven insight?
The framing of the question reflected the complexity of the challenge. It is no longer sufficient for banks to secure their systems; they must also leverage data and analytics to drive better outcomes for customers and the business. This dual imperative—protection and performance— defines the modern security agenda.
The discussion opened with Madhavi Bhatia, who brought immediate focus to one of the most pressing issues facing the industry: the intersection of instant payments and open banking.
Drawing on recent discussions within industry forums, she highlighted the operational realities of implementing real-time payment systems such as Aani, where customer expectations for immediacy must be balanced against the need for robust security controls.
At the same time, the transition towards open banking introduces new
complexities. The sharing of data across institutions, often through open platforms, raises critical questions around consent management, data protection and crossinstitutional alignment.
“What sort of security do we have in place, and how can we ensure that the customer consent is very much in place and monitored?” she asked, articulating a concern shared by many institutions navigating this transition.
Beyond the technical challenges, Bhatia emphasised the importance of customer education. As banking services become more open and interconnected, customers play an increasingly active role in managing their data and
made instantaneously, with a high degree of confidence.
This creates a tension between operational monitoring and business responsiveness. Banks must not only detect anomalies but also determine, in real time, whether a transaction is legitimate; often under conditions of uncertainty.
The implications of this are evident in evolving customer interactions. As fraud risks increase, banks are adopting more intrusive verification processes, including direct calls to customers to confirm transactions. While effective from a security standpoint, such measures can impact the customer
STANDARDISATION
COMING
FROM THE GOVERNMENT AS WELL AS THE CENTRAL BANK IN EACH COUNTRY IS ACTUALLY THE KEY
TO SOLVING THINGS FASTER WHEN IT COMES TO SECURITY THREATS
– Hana ElMayergi
permissions. Ensuring that they fully understand what they are consenting to, and the implications of those decisions, is therefore essential.
However, she also acknowledged that education alone is not sufficient. The industry must develop mechanisms to ensure that data remains secure as it moves between institutions, aligning security practices and standards across the ecosystem.
Caglar Dogan built on this perspective by highlighting the operational dimension of the challenge. From his experience working with financial institutions, he noted that security is often approached from a monitoring standpoint, focused on detecting and responding to events.
Yet, the increasing speed of transactions requires a shift towards real-time decision-making. When money or data is in motion, decisions must be
experience, highlighting the delicate balance institutions must maintain.
Hana ElMayergi introduced a broader, cross-market perspective, drawing on her experience with large-scale data transformation initiatives in Egypt.
Her work with the national credit bureau illustrated the complexities of consolidating fragmented data environments into unified, real-time systems. The transition from siloed, manually updated datasets to API-driven, instant reporting platforms represents a significant leap in both capability and risk.
The implementation of such systems is not merely a technical exercise. It requires extensive coordination, regulatory alignment and organisational change. Resistance from within institutions, particularly among teams accustomed to legacy processes, can slow progress and introduce additional challenges.
However, ElMayergi emphasised the critical role of regulatory leadership in driving transformation. Mandates from central banks and government authorities can accelerate adoption, standardise approaches and reduce friction between stakeholders.
“Standardisation coming from the government as well as the central bank in each country is actually the key to solving things faster when it comes to security threats,” she noted.
Her insights underscored a recurring theme: that effective security transformation is as much about governance and collaboration as it is about technology.
At this stage, the discussion began to broaden, bringing in perspectives from digital banks, traditional institutions and technology providers. The interplay between these different viewpoints would reveal both the diversity of approaches within the industry and the shared challenges that underpin them.
As the discussion progressed, the abstract tension between speed and security began to crystallise into more concrete institutional realities. The theoretical balance outlined in the opening exchanges, between customer experience, regulatory compliance and cyber resilience, was now being tested against operational practice.
Wissam Farran, representing a digitalonly banking model, provided a critical inflection point in the conversation. His perspective challenged a commonly held assumption within the industry: that traditional banks are inherently more secure than their digital counterparts.
“Actually, we started digital, so our setup is digital, which makes it easier for us than other legacy banks that are converting to digital,” he explained, reframing the debate not as one of safety versus risk, but of structural complexity versus architectural clarity.
For digital-native institutions, security is embedded from inception. Systems are designed with modern frameworks, integrated controls and unified data environments. This eliminates many of
the legacy constraints that traditional banks face when attempting to retrofit security into fragmented infrastructures.
However, Farran was equally clear that this advantage does not eliminate the fundamental challenge of balancing customer satisfaction with security imperatives. The same pressures apply across all institutions, particularly in areas such as fraud monitoring and customer verification.
“There’s a very fine line between customer satisfaction and security,” he noted, highlighting the constant negotiation between frictionless experiences and protective controls.
This tension is most evident in regulatory interactions. Farran pointed to the evolving role of the UAE Central Bank, which has transitioned from a reactive posture to a
more proactive and directive approach in recent years. This shift has been accompanied by increased coordination across the banking ecosystem, particularly through the UAE Banks Federation (UBF), which acts as an intermediary between regulators and financial institutions.
The result is a more structured and collaborative regulatory environment, where directives are not only issued but actively operationalised across the sector.
Yet, even within this framework,
contradictions persist. Farran illustrated this through the example of instant payments and the introduction of cooling periods for beneficiary additions. While instant payment systems such as Aani are designed to enhance customer convenience, cooling periods are implemented to mitigate fraud risk.
The coexistence of these mechanisms creates a fundamental dilemma: how can banks deliver immediacy while enforcing delays?
“We’re talking about Aani and instant payment… but how do you manage between the cooling period of four hours and Aani that needs to make it instant?” he asked.
This is not merely a technical issue, but a structural one, reflecting the broader challenge of aligning regulatory intent
IF THE BOARD DOES NOT ADOPT THAT CULTURE, IT’S VERY DIFFICULT FOR PEOPLE TO TAKE IT FORWARD
– Maher Al Kaabi
with operational execution. The financial burden of fraud further complicates this balance, as banks often bear the cost of reimbursement, reinforcing a more cautious approach to risk.
Maher Al Kaabi expanded the discussion by introducing a strategic and historical perspective, drawing on decades of experience across global banking environments.
Positioning banks “between two burning, electrifying wires,” he described
the dual imperative of delivering speed and agility while safeguarding data and assets. This balancing act, he suggested, is not new, but it has intensified significantly in the current environment.
To contextualise this, Al Kaabi reflected on early implementations of machine learning in fraud detection, long before the widespread adoption of artificial intelligence as a formalised discipline. These systems relied on behavioural patterns and probabilistic models to identify anomalies, enabling banks to automate decision-making processes and reduce reliance on manual intervention.
The evolution of these models has led to increasingly sophisticated predictive capabilities, where systems can anticipate customer behaviour and flag deviations in real time. This has allowed banks to refine their approach to verification, focusing on high-risk transactions while allowing low-risk activities to proceed without friction.
However, Al Kaabi emphasised that technology alone is insufficient. The effectiveness of these systems depends on continuous learning, scenario analysis and adaptive response mechanisms.
Cybersecurity, in this context, is not a static capability but a dynamic process that must evolve alongside threat actors.
He also highlighted the importance of organisational alignment, particularly at the board level. While operational teams may recognise the urgency of cybersecurity investments, strategic prioritisation must be driven from the top.
“The significant challenge we faced was at the board level,” he noted. “If the
board does not adopt that culture, it’s very difficult for people to take it forward.”
This observation underscores a critical dimension of security transformation:
THIS IS THE ONLY AREA WHERE THE INVESTMENT IS INCREASING
– Somu Roy
governance. Without executive-level commitment, even the most advanced technologies and frameworks may fail to achieve their intended impact.
Al Kaabi further pointed to the broader national context, noting the scale of cyber threats facing the UAE. With hundreds of thousands of attacks occurring daily, the country’s position as a regional economic hub makes it a prime target for adversarial activity. This reality reinforces
the need for continuous vigilance and investment across the sector.
Thomas Friesleben introduced an adjacent but equally significant dimension to the discussion: the importance of cross-industry learning.
Drawing parallels with sectors such as gaming, he highlighted the advanced fraud detection and user behaviour analytics being developed outside traditional banking environments. These industries, characterised by high
transaction volumes and sophisticated user interactions, have pioneered innovative approaches to identifying and mitigating risk.
“If you’re looking in, for example, in the gaming sector… there are some very, very smart digital solutions out there,” he observed.
The implication is clear: banks must expand their perspective beyond their own industry. By examining how other sectors address similar challenges, particularly in areas such as real-time monitoring and behavioural analytics, financial institutions can accelerate their own innovation cycles.
This perspective also aligns with earlier points raised by D’Mello regarding the value of diverse talent. Recruiting individuals from outside the banking sector can introduce new ways of thinking, challenge entrenched assumptions and drive more effective transformation initiatives.
However, Friesleben’s comments also touched on a deeper cultural challenge. The ability to “take the blinkers off,” as the moderator phrased it, requires a willingness to question established practices and embrace unfamiliar approaches.
For institutions with long histories and deeply embedded processes, this can be one of the most difficult aspects of transformation.
Returning to the earlier discussion on cultural resistance, D’Mello reinforced the importance of looking beyond traditional frameworks and adopting a more outward-facing approach.
He pointed to retail as a sector that has successfully navigated many of the challenges now facing banks, particularly in areas such as consent management, data sharing and customer engagement. Retail organisations, operating in highly competitive environments with low customer loyalty thresholds, have developed sophisticated mechanisms for balancing security with user experience.
By leveraging insights from such sectors, banks can better address questions around customer retention, data privacy and operational efficiency, particularly in the context of open banking.
At the same time, D’Mello acknowledged the inherent difficulty of driving change within banking institutions. As early adopters of many technologies, banks often develop a sense of maturity that can hinder further evolution.
Overcoming this requires not only new tools and frameworks, but also a shift in mindset.
The discussion then moved towards the operational realities of managing large-scale payment ecosystems, with Somu Roy offering insights from a network-level perspective.
Representing an organisation that processes transactions across hundreds of banks, Roy highlighted the sheer scale and complexity of the environment. The volume of data, combined with the diversity of participants, from large institutions to smaller niche banks, creates a multifaceted challenge that cannot be addressed through isolated solutions.
“This is the only area where the investment is increasing,” he stated, referring to cybersecurity as a nonnegotiable priority within an otherwise cost-optimised environment.
Roy emphasised the importance of partnerships in addressing these challenges. By collaborating with global fraud and security providers, organisations can access broader intelligence networks, including insights into emerging threats and compromised assets across multiple markets.
This collective approach enhances the ability of individual institutions to
respond to threats, effectively pooling knowledge and resources to improve overall resilience.
However, Roy also introduced a critical nuance to the discussion: the role of merchants within the payment ecosystem. While banks and regulators implement stringent controls, merchants operate under different regulatory frameworks, creating potential vulnerabilities.
“A very large merchant can say, ‘Don’t do anything, I will approve your transaction,’” he noted, highlighting a gap that can undermine even the most robust banking controls.
This fragmentation underscores the need for a more holistic approach to ecosystem security; one that extends beyond banks to include all participants in the transaction lifecycle.
Roy also returned to the central theme of “safety over speed,” referencing real-world examples where security breaches have had significant financial and reputational impacts. The case of a major retail organisation experiencing prolonged disruption following a cyber incident illustrated the broader consequences of inadequate resilience.
Yet, even within this context, the tension remains. Enhancing security
often introduces friction, while reducing friction can increase exposure to risk.
Navigating this balance requires not only technological solutions but also strategic decision-making at the highest levels.
From a global banking perspective, Mohit Bablani provided insights into how large, multinational institutions approach cybersecurity.
While global organisations benefit from shared intelligence and coordinated responses, they also face constraints related to data sharing and regulatory compliance across different jurisdictions. This necessitates a hybrid approach, combining global frameworks with localised execution.
Bablani highlighted the importance of continuous testing and validation, noting that systems must be regularly challenged through drills and simulations to ensure their effectiveness. The assumption that breaches will occur (rather than attempting to prevent them entirely) has led to a greater focus on resilience and containment.
“You need to trust your systems… is it foolproof? No, definitely not,” he acknowledged, reinforcing the idea that cybersecurity is an ongoing process rather than a fixed state.
This perspective aligns with the broader industry shift towards resiliencebased strategies, where the emphasis is on rapid detection, response and recovery rather than absolute prevention.
Ghezali Hassan further developed this theme by focusing on data-centric security approaches.
He highlighted the concept of protecting the “crown jewels” of an organisation— its most critical data assets—through enhanced visibility and control mechanisms. This includes tracking how data moves across environments, particularly in relation to data sovereignty requirements.
The adoption of Data Security Posture Management (DSPM) frameworks enables institutions to monitor data flows across geographies, identify vulnerabilities and enforce compliance with regulatory requirements.
This approach represents a shift from perimeter-based security models towards more granular, data-driven strategies, reflecting the increasingly distributed nature of modern banking environments.
From a technology provider perspective, Toby Smillie of Splunk brought the discussion back to the role of platforms in enabling both security and operational efficiency.
He emphasised the convergence of security and data challenges, noting that many of the issues discussed, whether related to fraud detection, customer experience or regulatory compliance, are fundamentally data problems.
The next phase of the conversation would delve deeper into these human and behavioural dimensions, exploring issues such as customer awareness, internal risk and the cultural factors that ultimately determine the effectiveness of security strategies.
As the roundtable entered its final phase, the discussion shifted decisively from systems and strategy towards the most unpredictable variable in the cybersecurity equation: human behaviour.
If the earlier exchanges had established that technology, regulation and operational frameworks are all evolving at pace, the consensus
THEY WILL TRY 1,000 TIMES… THEY JUST NEED ONE BIG FISH
– Ayman Desouky
By integrating Security Information and Event Management (SIEM) capabilities with broader operational analytics, organisations can achieve a more unified view of their environments, enabling faster and more informed decision-making.
A key theme in Smillie’s contribution was the importance of tool consolidation. Reducing the number of disparate systems not only improves operational efficiency but also enhances the ability to respond to incidents in a coordinated manner. This aligns with earlier points raised by D’Mello, reinforcing the need for integrated, end-to-end solutions that bridge the gap between IT operations and security functions.
As the discussion continued, it became increasingly clear that while the specific challenges and approaches varied across institutions, the underlying themes were consistent. The industry is navigating a complex and evolving landscape, where technological innovation, regulatory frameworks and human behaviour intersect in unpredictable ways.
in the room was that human factors, both internal and external, remain the most difficult to control, and often the most consequential.
This was articulated most forcefully by Ayman Desouky, who brought a practitioner’s perspective grounded in day-to-day fraud management and operational risk. While much of the conversation had focused on external threats, Desouky challenged the room to consider the equally significant risk posed by internal vulnerabilities—whether through negligence, gaps in process or deliberate misconduct.
“We are only concentrating about the external fraud, and we neglect about the internal fraud,” he noted, drawing attention to a dimension that is often underrepresented in broader cybersecurity discussions.
This internal dimension is particularly complex because it cannot be addressed solely through technology. It is shaped by organisational culture, employee behaviour and incentive structures;
factors that are inherently more difficult to standardise and control.
Desouky also highlighted the limitations of current approaches to customer awareness. While banks invest heavily in communication campaigns such as emails, SMS alerts and in-app notifications, the effectiveness of these measures remains uncertain.
“I cannot assure what’s the percentage of the customer they are reading about this awareness,” he observed,
“They will try 1,000 times… they just need one big fish,” he remarked, encapsulating the disproportionate advantage held by adversaries.
This asymmetry reinforces the need for continuous adaptation. Static controls and one-time interventions are no longer effective; instead, institutions must adopt dynamic, iterative approaches that evolve in response to emerging threats.
Building on this, the discussion turned towards regulatory developments and their
pointing to a fundamental disconnect between information dissemination and behavioural change.
The challenge, therefore, is not simply to inform customers, but to engage them in a way that drives meaningful understanding and action. Passive communication, in isolation, is insufficient in an environment where fraudsters are continuously refining their tactics and exploiting behavioural patterns.
of continued reliance on outdated methods. Banks that fail to modernise their authentication frameworks face not only increased exposure to fraud but also direct financial losses through reimbursement obligations.
At the same time, the transition is not uniform across the sector. While larger institutions may have the resources and infrastructure to implement advanced authentication systems, smaller banks face additional challenges, particularly
implications for authentication and liability.
A key theme was the transition away from traditional OTP-based authentication mechanisms, which have become increasingly vulnerable to exploitation. Regulatory directives are now pushing institutions towards more secure alternatives, including in-app authentication and multi-factor verification.
when operating without fully developed digital platforms.
This disparity introduces a broader systemic risk, as vulnerabilities in one part of the ecosystem can have cascading effects across the network.
This shift represents more than a technical upgrade, it fundamentally alters the allocation of liability within the ecosystem. As authentication mechanisms
YOU NEED TO TRUST YOUR SYSTEMS… IS IT FOOLPROOF? NO, DEFINITELY NOT
– Mohit Bablani
He further underscored the asymmetry between attackers and defenders. Fraudsters operate with a singular objective and are willing to experiment repeatedly until they succeed, whereas banks must balance security with operational efficiency, customer satisfaction and regulatory compliance.
become more robust, responsibility for fraudulent transactions can shift between banks and customers, depending on the level of verification achieved.
The urgency of this transition was underscored by Gurcharan Chhabra, who highlighted the financial impact
The conversation also returned to the theme of first-party fraud; cases where customers themselves exploit system vulnerabilities or regulatory protections. Somu Roy provided a striking example of this phenomenon, describing scenarios where individuals knowingly initiate transactions and subsequently dispute them, leveraging chargeback mechanisms to recover funds.
The complexity of such cases lies in the difficulty of proving intent. Investigations can be resource-intensive, often exceeding the value of the disputed transaction, creating a cost-benefit dilemma for institutions. This highlights a broader challenge: the intersection of technology, regulation and human behaviour can create unintended incentives that are difficult to mitigate through conventional controls.
Against this backdrop, Dhiraj Sasidharan offered a more integrated
perspective, emphasising the importance of a holistic approach to security and customer experience. Rather than viewing security as a standalone function, he described it as an outcome of interconnected processes, spanning data management, operational intelligence and customer interaction.
Central to this approach is the effective utilisation of data. Modern financial institutions generate vast volumes of information across multiple systems,
The human dimension of fraud was further illustrated through real-world anecdotes shared during the session. Tariq Alkade reinforced this point by reflecting on how even informed individuals can fall victim to increasingly sophisticated fraud tactics, particularly as attackers leverage social engineering techniques that mimic legitimate institutional interactions.
“The level of sophistication we are seeing today is completely different,” he
creating what Sasidharan referred to as “rich data lakes.” The challenge lies in unlocking the value of this data; integrating insights from different teams and applying them in real time to inform decision-making.
When executed effectively, this approach enables institutions to deliver seamless customer experiences while maintaining robust security controls. Transactions can be assessed dynamically, drawing on a wide range of data points, from device intelligence and behavioural patterns to historical transaction data, without introducing visible friction. “The amount of data that is being reviewed… is enormous,” he noted, highlighting the scale of analysis required to support even a single transaction.
This underscores a key shift in the industry: security is no longer about isolated checkpoints, but about continuous, invisible evaluation across the entire customer journey. However, Sasidharan also emphasised that this is not a one-time transformation. It requires ongoing process reengineering, regular review and constant refinement to adapt to changing conditions.
noted. “Even customers who are aware, who are educated, can still be caught off guard.”
AI-driven social engineering), traditional assumptions about user behaviour are being challenged.
This raises important questions about the future of customer authentication and the role of behavioural analytics in identifying and mitigating risk.
As the discussion drew to a close, the conversation returned to a broader strategic question: is it possible, or even realistic, for banks to prevent all cyber incidents?
He added that the challenge is no longer limited to detecting fraudulent transactions, but extends to understanding behavioural manipulation in real time, where trust is exploited before systems can intervene.
“It’s no longer just about the transaction,” he said. “It’s about how the customer is being influenced before that transaction even happens.”
The consensus, implicitly reinforced throughout the session, was that absolute prevention is neither achievable nor sustainable. Instead, the focus must shift towards resilience—building systems and processes that can absorb, respond to and recover from attacks with minimal impact.
This perspective aligns with the evolving regulatory and industry approach, where the emphasis is increasingly on detection, response
THERE’S A VERY FINE LINE BETWEEN CUSTOMER SATISFACTION AND SECURITY
– Wissam Farran
Tariq Alkade recounted personal experiences that underscored the increasing sophistication of fraud tactics, even among individuals who are aware of security risks. These examples reinforced a recurring theme: awareness alone does not guarantee protection. As attackers leverage advanced techniques (including
and recovery rather than solely on prevention.
It also reflects a more mature understanding of the threat landscape. Cybersecurity is not a problem to be solved, but a condition to be managed; one that requires continuous investment, collaboration and adaptation.
In synthesising the insights from the roundtable, several overarching themes emerge.
First, the convergence of speed and security is reshaping the foundations of banking. Instant payments, open banking and digital-first models are redefining customer expectations, while simultaneously expanding the attack surface.
Second, technology alone is insufficient. While advanced tools and platforms are essential, their effectiveness depends on integration, governance and human behaviour. Organisational culture, leadership alignment and cross-functional collaboration are critical enablers of successful transformation.
Third, the ecosystem perspective is becoming increasingly important. Banks do not operate in isolation; they are part of a broader network that includes regulators, technology providers, merchants and customers. Ensuring security across this ecosystem requires coordinated action and shared responsibility.
Fourth, data has emerged as both an asset and a vulnerability. The ability to harness data effectively, through analytics, automation and real-time processing will determine the success of security strategies in the years ahead.
Finally, resilience is the defining objective. In a world where threats
are constant and evolving, the ability to respond and recover quickly is as important as the ability to prevent.
The discussion closed not with definitive answers, but with a shared recognition of the complexity of the challenge ahead. The path forward will require continuous dialogue, experimentation and collaboration across the industry.
function, integral to customer experience, regulatory compliance and institutional resilience.
The interplay between speed and security will remain a defining tension, particularly as instant payment systems and open banking frameworks continue to expand. Successfully navigating this tension will require not only technological innovation but also cultural
IT’S NO LONGER JUST ABOUT THE TRANSACTION, IT’S ABOUT HOW THE CUSTOMER IS BEING INFLUENCED BEFORE THAT TRANSACTION EVEN HAPPENS
– Tariq Alkade
Yet, there was also a sense of confidence grounded in the progress already made and the collective expertise represented in the room, that the sector is not only capable of meeting these challenges, but of turning them into opportunities for innovation and growth.
The roundtable underscored a fundamental shift in how cybersecurity is understood within the banking sector. No longer confined to technical silos, it now operates as a strategic
transformation and regulatory alignment. Equally important is the recognition that security is a shared responsibility. From boards and executives to frontline employees and customers, every participant in the ecosystem has a role to play in mitigating risk.
As the industry moves forward, the ability to integrate data, streamline operations and foster collaboration will be critical in building resilient, futureready institutions.
