Home / Knowledge Hub / Regulatory & Legal Updates

Oman raises the bar on consumer protection


In a recent edition of The Oath Magazine, Arsalan Tariq and Yasin Chowdhury offer commentary on the new CBO Financial Consumer Protection Regulatory Framework - a milestone for financial consumer protection and economic growth in the Sultanate. 

On 29 December 2021, the Central Bank of Oman (“CBO”) issued the Financial Consumer Protection Regulatory Framework (“FCPRF”) by its Circular BM 1184, intending to provide a strong consumer protection regime to benefit consumers, enabling them to make well-informed decisions in relation to the use of financial services. FCPRF will also contribute to the growth of healthy and competitive financial markets in Oman.

By introducing this framework and the accompanying standards, the CBO seeks to ensure that all the applicable licensed entities in the Sultanate of Oman are in line with the international standards when it is associated with consumer protection. FCPRF is mainly a principle-based framework. It contains the principles of disclosure and transparancy, fair treatment and business conduct, data protection and privacy, dispute resolution mechanisms and financial education and stability. These principles are in accordance with the financial consumer protection regulatory framework as proposed by the multilateral orgaizations such as the OECD and World Bank. 

To whom does FCPRF apply?
FCPRF applies to all licensed entities i.e. licensed banks and finance and leasing companies (“FLCs”) in relation to the products and services they offer to individual customers and small and medium enterprises (“SMEs”) including; liability offerings and loan, investment, bancassurance, and other products. However, since FLCs hold restricted licenses and are authorized to conduct only certain activities, some requirements stated in FCPRF do not apply to them. 

Who are the beneficiaries of FCPRF protection?
All individual consumers and SMEs availing products and services offered by licensed entities i.e. banks and FLCs are entitled to protection enshrined in FCPRF.

The term consumer is used generically throughout the framework to refer to both potential and existing customers, whereas the term customer is used to refer to an existing customer who has purchased a product or service. 

Principles
Licensed entities shall follow the requirements of FCPRF as enshrined under the principles discussed below –

1. Principle of Disclosure and Transparency:
This principle establishes a comprehesive disclosure guideline aimed at improving information disclosure on financial products and sevices offered to the consumer. It covers the content on financial products and services including the format and manner of disclosure, advertising and sales materials, disclosure of terms and conditions, disclosure of product risk, disclosure of conflicts of interest, key fact statements, contract notes, statements, and notification of changes in rates, terms, and conditions. 

The principle contains the requirement of disclosure of product risk and conflict of interest. Licensed entities should disclose to consumers the risks and consequences of investing in different investment products. The risks and consequences of any services, investment strategies, trading strategies, trading systems, etc. should also be disclosed. Licensed entities should also disclose to customers all material conflicts of interest that it has with a customer. Licensed entities are under a duty to actively manage any conflict they have with customers, and should disclose how the conflict is being managed.

2. Principle of Unfair Terms & Conditions
The principle requires licensed entities to ensure that their relationships with consumers are fair, just, and honest. Treating consumers fairly should be an affirmative obligation for licensed entities and an integral part of their corporate and risk culture. Licensed entities will need to demonstrate how the concept of “treating customers fairly” is embedded in their business model and practices, from the product research to the post-sales stage. 

Licensed entities are required to formulate detailed guidelines and rules governing the activity of debt collection; these should include what constitutes both appropriate and inappropriate debt collection practices.

3. Data Protection & Privacy
Licensed entities are allowed to collect customers’ data within the limits established by law or regulatory requirements and, where applicable, with the customer’s consent. However, licensed entities are required to comply with the following principles relating to the processing of personal data:

a) Lawfulness, fairness, and transparency - data related to the customer should be processed lawfully, fairly and in a transparent manner.
b) Purpose limitation - data should be collected for specific, explicit and legitimate purposes and should not be further processed in a manner that is incompatible with those purposes.
c) Accuracy – inaccurate data should be erased or rectified without delay.
d) Storage/retention limit - data must not be kept in a form that permits the identification of customers for longer than is necessary for the purposes for which the personal data is being processed.
e) Integrity and confidentiality - data should be processed in a manner that ensures appropriate data security.
The principle also requires the licensed entities to protect the consumers’ financial and personal information through appropriate control and protection mechanisms. These mechanisms should define the purposes for which the data may be collected, processed, held, used, and disclosed. The mechanisms should also acknowledge the rights of consumers to be informed about data-sharing, access data and obtain the prompt correction of data.

4. Principle of Dispute Resolution Mechanisms
The principle requires the licensed entities to have an accessible and efficient recourse mechanism that allows consumers both to know and to assert their rights to have their complaints addressed and resolved in a transparent and just way within a reasonable timeframe. The timely resolution of complaints, including the provision of redress where warranted, is the primary responsibility of licensed entities.

The principle requires the licensed entities to have an adequate structure in place as well as written policies regarding their complaints handling procedures (as per the extant CBO directives) and systems to resolve complaints registered by consumers against them effectively, promptly, and justly. 

5. Principle of Financial Education & Financial Capability
The principle emphasizes the necessity of financial education and capacity building among the consumers as strengthening the financial capability of consumers benefits. Not only consumers but also financial service providers and the nation at large. It helps consumers protect themselves against financial risks, exercise their rights as financial consumers, and be less vulnerable to mis-selling and financial frauds and scams. Thus, the principle obliges the licensed entities to undertake consumer awareness and financial education activities, and to develop and implement specific financial capability programs. 

Compliance with FCPRS
Licensed entities are required to adopt necessary organizational structures, policies, procedures, systems and controls, and oversight governance mechanisms to ensure full compliance with the Framework. CBO will continue to challenge licensed entities where focus is not on delivering positive consumer outcomes. All other relevant instructions previously issued by the Central Bank of Oman shall still be in force unless they are inconsistent with these instructions. Licensed entities should ensure that they comply with all relevant laws (including the Law on Combating Money Laundering and Terrorism Financing Royal Decree No. 30/2016) and regulatory requirements at all times.

Responsibility of the Board and Senior Management of Licensed Entities under FCPRS
Given that executive level support is critical to the effective implementation of the FCPRS, the board of directors and senior managment of licensed entities are expected to ensure that proper systems and processes are in place to ensure compliance with FCPRS and that it is adopted throughout the institution. Any reference to the board of directors in FCPRS should be read as head office/controlling office for branches of foreign banks operating in the Sultanate of Oman. Islamic banks and Islamic windows of conventional banks should ensure that all their products and services are Shari’a compliant in accordance with the Regulation on Islamic Banking Business, the Islamic Banking Regulatory Framework (IBRF) of CBO, and other relevant instructions issued from time to time.

Licensed entities should form separate management-level committees to oversee the implementation of FCPRS. Both the internal audit department and the compliance department of the licensed entities have important roles to play in ensuring the implementation of FCPRS. The risk management department is required to ensure that key ‘consumer risks’/‘conduct risks’ are properly identified and prioritized and that consumer protection actions to deal with these risks are devised.

The board of directors and senior management are expected to provide direction and oversight in ensuring that the FCPRS are adopted throughout the institution with adequate resources allocated to effectively implement the FCPRS. 

Enforcement
CBO will take regulatory action where compliance standards are not being met. Violations of FCPRS may be subject to penalties and other measures as deemed appropriate by CBO under extant regulations and circulars.

The Next Steps for Licensed Entities
Licensed entities are required to conduct an impact analysis of FCPRF and submit to CBO a board-approved plan of action to bring their structures, policies, procedures, practices ,and systems, in compliance with FCPRS within six (6) months of the issuance of FCPRS. Licensed entities are also required to formulate a board-approved Charter of Consumer Rights and a Statement of Consumer Responsibilities, which should be publicized widely, including on their websites. Licensed entities should ensure that all rectification actions are completed within eighteen (18) months of the issuance of FCPRS.

The full article, as published in The Oath Magazine can be downloaded here: Oman raises the bar on consumer protection.


Related Insights
Got a question or enquiry? Contact us