Articles + field notes.
Observations from real engagements with GCC banks, NBFCs, fintechs and insurers. Substance — not industry commentary.
Latest writing.
-
Regulatory inspection readiness — continuous posture, not crisis preparation
When an inspection is announced, many teams shift to crisis mode. The supervisory signal this sends is unfavourable: a mature framework is inspection-ready continuously, not on announcement. This article addresses the gap between the two states and the investments that close it.
Read article -
Internal controls at scale — the case against manual proliferation
As institutions grow, manual controls multiply without matching risk reduction. The CBUAE three-lines framework requires effective controls, not numerous ones. The discipline of distinguishing risk-reducing controls from procedural overhead is the harder governance investment.
Read article -
Operational risk in a digital-first environment — what legacy frameworks miss
Operational risk frameworks built for branch-era banking don't map to cloud-hosted, API-integrated services. The CBUAE Operational Risk Standards require all categories to be managed — including technology concentration, vendor dependency, and API integrity.
Read article -
Model risk management as a continuous discipline — beyond the validation cycle
Many institutions treat MRM as a series of validation events. Between cycles, models operate without governance oversight. The CBUAE MMS requires something different: a lifecycle framework with continuous monitoring, tiered governance, and clear ownership throughout.
Read article -
Validating AI and machine learning models under CBUAE MMS — the explainability obligation
ML-based credit scoring carries real model risk. Under CBUAE MMS, algorithmic models require independent validation — but limited interpretability, feature drift, and vendor opacity make that validation materially harder than for traditional scorecards.
Read article -
Stress testing and capital planning — closing the institutional silo
In many banks, stress testing lives in risk and capital planning lives in finance. The CBUAE ICAAP framework is explicit: stress test outcomes must directly shape capital planning, not sit beside it as a separate regulatory deliverable.
Read article -
Corporate restructuring and remediation — beyond the tenor extension
When a corporate exposure enters distress, the reflex is tenor extension. The deeper question — whether the restructuring is sustainable or merely defers a credit event — is one IFRS 9, audit, and supervisory dialogue increasingly press hard.
Read article -
Commercial real estate concentrations — the supervisory question beneath the LTV
LTV at origination addresses one dimension of CRE risk. Sector concentration, master-developer dependency, and rental-yield sensitivity address several others. The frameworks that survive supervisory dialogue have moved well beyond origination-time metrics.
Read article -
Portfolio de-risking in shifting credit cycles — beyond the rear-view mirror
Conventional credit metrics are backward-looking by design. Effective de-risking requires acting on leading indicators of cycle shift, recalibrating limits dynamically, and tightening origination at segment level before realised losses arrive.
Read article -
SME early warning indicators — the move from past-due to behavioural
Days-past-due is lagging by definition. By the time it triggers, deterioration has typically been visible in transactional data for weeks or months. BCBS 2025 credit risk principles reinforce the supervisory expectation that EWI frameworks incorporate behavioural indicators.
Read article -
The risk appetite statement as a living document — beyond the board binder
The CBUAE Risk Management Regulation requires a board-approved RAS with limits for all material risk categories. The FSB 2013 Principles set the international baseline. Supervisors increasingly test the gap between stated appetite and how it actually constrains daily decisions.
Read article -
Reverse stress testing — the question conventional stress tests don't ask
Conventional stress tests measure capital impact of assumed shocks. Reverse stress tests start from a defined failure outcome and work backward. CBUAE Pillar 2 §122 mandates the exercise annually. Where it tends to produce insight and where it becomes a documentation deliverable.
Read article -
ICoFR as continuous discipline — beyond the annual testing cycle
ICoFR was conceived under COSO as a continuous discipline. In practice, in many institutions it has become a sequence of annual testing exercises around year-end. The substantive difference between continuous and periodic ICoFR, and where the largest control gaps tend to cluster.
Read article -
Credit underwriting at the growth-quality frontier
Loan growth and asset quality are not in fundamental tension. What is in tension is growth velocity and origination discipline. What data-driven underwriting looks like in practice, how early warning systems should connect to IFRS 9 staging, and where the binding constraint sits.
Read article -
When risk policies stop protecting — the case for periodic deep refresh
Risk policies not substantively updated since before the pandemic are common and increasingly a supervisory concern. Risk vectors have evolved materially. The policies governing them often have not. What a serious refresh covers, and where the gap sits in practice.
Read article -
Risk policies for fintechs — between the framework of a bank and the speed of a product
Fintechs in DIFC and ADGM face a structural tension. Copying a bank's risk policies will paralyse the business. Ignoring regulatory frameworks won't survive supervisory dialogue. What right-sized risk governance actually looks like for fintechs and NBFCs at scale.
Read article -
Data quality under CBUAE MMS — the six dimensions that get tested in supervision
Under CBUAE MMS, the defensibility of any risk model depends on the data feeding it. The standard specifies six data quality dimensions and requires the data management function to be functionally separate from operational risk data. Where the largest gaps usually sit.
Read article -
CBUAE Model Management Standards — the structural shifts that get under-appreciated
The CBUAE Model Management Standards, in force since late 2022, reshaped how UAE banks govern quantitative models. Most requirements are tractable. A small number of structural shifts — governance separation, third-party dependency, data ownership — is where the work sits.
Read article -
Model drift and the case for independent validation
Models degrade as portfolios evolve, macro relationships weaken, and policy changes accumulate. A model defensible two years ago can become indefensible without code changing. What drift looks like, why developer-led monitoring misses it, and what independent validation covers.
Read article -
Stress testing severity — when historical scenarios stop being enough
Stress scenarios most GCC institutions use were calibrated against historical episodes that no longer represent current exposure. What severity now means in supervision, where the gap shows in liquidity, and how to design scenarios that hold up to board scrutiny.
Read article -
ICAAP as strategic instrument — not as annual paperwork
ICAAP is, in most institutions, treated as a regulatory deliverable. The Pillar 2 standard was designed for something else. What ICAAP was meant to do, what supervisors increasingly expect, and where compliance ICAAP falls short of strategic ICAAP in practice.
Read article -
Beyond oil — calibrating forward-looking IFRS 9 scenarios for the GCC
Generic global scenarios were never right for GCC ECL models, yet remain in production at many institutions. What IFRS 9 requires for forward-looking calibration, why off-the-shelf scenarios understate regional cyclicality, and what defends in supervisory review.
Read article -
Beyond the black box — what IFRS 9 ECL transparency actually requires
Nearly a decade into IFRS 9 production, early implementations have aged into vendor lock-in. What transparency actually requires under IFRS 9 and CBUAE MMS, where it breaks down, and what an auditable ECL model should let an institution do.
Read article -
The IFRS 9 / ICAAP / Stress Testing trinity: how the three actually connect
Many GCC financial institutions run IFRS 9, ICAAP, and stress testing as three separate exercises with three separate teams. The three are mathematically and structurally one framework. Treating them as one is where the real value is
Read article
No articles match your search. Try a different keyword.
Riskweise Field Notes.
Each substantive piece — articles and white papers — is announced via Riskweise Field Notes, our LinkedIn Newsletter. Subscribe there to be first to read each piece as it publishes.
Subscribe on LinkedIn linkedin.com/company/riskweiseOpens LinkedIn in a new tab. You'll need a LinkedIn account to subscribe. Field Notes publishes monthly.
Have a methodology question now?
Send it directly. We answer technical questions from risk and finance teams even outside engagement scope. No obligation.
Ask a question