The Central Bank of Oman issues the Financial Consumer Protection Regulatory Framework for licensed banks and finance and leasing companies

The Central Bank of Oman (the “CBO”) issued the Financial Consumer Protection Regulatory Framework (“FCPRF”) for licensed banks and finance and leasing companies (the “Licensed Entities”) in December 2021 which covers all products and services offered by Licensed Entities to individual consumers and small and medium enterprises.

FCPRF Principles

The FCPRF introduces five principles that shall apply to all Licensed Entities, consistent with international best practices of financial consumer protection. The five principles under the FCPRF are as follows:

• Disclosure and Transparency: covers key points such as the format and manner of disclosure, advertising and sales materials, disclosure of terms and conditions, product risks and conflicts of interests. Licensed Entities must also produce a ‘Key Fact Statements’ and periodic written statements of accounts it operates for consumers, summarising the key characteristics of the financial products and emphasis is added to the requirements that all statements need to be self-explanatory, comprehensive, objective and clear.
• Fair Treatment and Business Conduct: requires that Licensed Entities treat consumers fairly as an affirmative obligation. Licensed entities must abstain from unfair practices by strictly observe appropriate sales practices, product suitability and appropriateness, responsible financing, customer mobility and professional competence. This principle goes further by ensuring that Licensed Entities appropriately compensate staff and agents to minimise conflicts, are liable for fraud and misuse of customer assets and prohibition of abusive debt-collection practices.
• Data Protection and Privacy: Licensed Entities must observe the requirements relating to the lawful collection and usage of customer data, confidentiality and security of customer data and sharing of customer information. All Licensed Entities are required to notify the CBO of significant breaches without undue delay. Further, local Licensed Entities are required to form a separate unit that is responsible for data protection and privacy (whereas other Licensed Entities are encouraged to do, but are required to have a responsible data protection and privacy officer).
• Dispute Resolution Mechanisms: Licensed Entities must ensure that there are internal complaints handling mechanisms allowing consumers to know and to assert their rights to have complaints addressed and resolved. The FCPRF emphasises that the timely resolution of complaints and provision of redress is the primary responsibility of Licensed Entities.
• Principle 5 – Financial Education and Financial Capability: Licensed Entities must undertake consumer awareness and financial education activities by developing and implementing specific financial capability programmes. The Board of Licensed Entities must formulate annual plans covering consumer awareness, financial education and financial capability strategies. Further, Licensed Entities are now required to send annual reports (from January to December) on financial education and financial capability activities to the CBO, by 31 January of each year.

Compliance Requirements

The application of, and compliance with, the FCPRF is the responsibility of the board of directors of Licensed Entities. In this regard, local Licensed Entities are encouraged to form separate board level committees to oversee the application of the FCPRF, and at a minimum, all Licensed Entities must include the FCPRF in the terms of reference of existing board level committees.

Licensed Entities will be required to disclose the status of financial consumer protection in their annual reports from the financial year ending of 2023 (details of such disclosure will be conveyed in due course by the CBO).

Actions Required by Licensed Entities

The FCPRF requires that all Licensed Entities conduct an impact analysis of the FCPRF, and submit to the CBO a board approved plan of action to ensure its structures, policies, procedures, practices and systems comply with the Framework within six months of the issue of the FCPRF. Subject to the outcome of the impact analysis, Licensed Entities are subsequently required to ensure that all rectification actions are completed within eighteen months of issue of the Framework.

The CBO will take any necessary regulatory actions where the standards of the FCPRF are not being met. Violations may be subject to penalties and other measures are the CBO deems to be appropriate.

The CBO shall issue further details regarding the application and implementation of the FCPRF in due course.

How we can help

The impact of the FCPRF will undoubtedly require Licensed Entities in Oman to apply the regulatory requirements introduced by the FCPRF. Al Tamimi & Company’s Banking & Finance team helps clients navigate compliance requirements and the actions required under the FCPRF. For any queries in Oman, please don’t hesitate to contact the lawyer below.