Did you know that there are more than 150 tech startups in Oman? With the Sultanate’s digital transformation project playing a key role in enhancing the digital economy, the country has embraced technology as a key aspect in building a prosperous and sustainable future. This recent digital growth, in line with Oman’s Vision 2040 has made it one of the leading digital pioneers in the MENA region.
The country’s technological advancements are in line with the Omani government’s vision of improving the quality of services and transforming government, e-commerce, fintech, infrastructure, digital industry and cybersecurity industries.
With this expansion of technology, digital identity verification has also grown rapidly in the Sultanate. This in turn has increased cybercrimes and fraud in the country, with 58% of people in Oman exposed to financial crime-related issues. Along with this, there has been a steady increase in fraudulent e-transactions in the country.
To fight against these financial crimes, the Sultanate has implemented numerous AML/CFT regulations, where financial institutions in the country are required to follow stringent risk assessment and customer due diligence regulations.
Who is the financial regulator in Oman?
The Central Bank of Oman (CBO) and the Capital Market Authority are the official financial regulators of Oman, complying with the FATF (Financial Action Task Force), OFAC (Office of Foreign Assets Control) and MENAFATF (Middle East and North Africa Financial Action Task Force) guidelines. The CBO is responsible for maintaining and promoting the financial stability of the country and fostering the growth of its banking and financial landscape.
The Central Bank regulates all types of financial institutions in the country, including
- Financial Institutions that perform activities including financial transactions, trading, investing, insurance and any other activity or transaction specified by the Committee.
- Non-financial businesses and professions including real estate brokers and agents, traders in precious metals and stones, attorneys, accountants carrying out transactions on behalf of customers, and any other activity specified by the Committee.
According to the Royal Decree No. 30/2016 on Combating Money Laundering and Terrorism Financing, financial institutions must establish and implement enhanced due diligence measures in high-risk cases. In low-risk cases, entities may identify and conduct simplified due diligence measures provided there is no suspicion of money laundering or terrorism financing.
Oman’s National ID Database
The Oman National ID card, issued by the Royal Oman Police is the mandatory identity document for all Omani citizens above 10. The biometric national ID card can be used for multiple purposes, including
- Banking
- Government transactions
- Travel
The Oman Residence Card also issued by the Royal Oman Police is the mandatory identity document for all expatriates in the country. The Residence Card can be used at electronic gates and as a financial electronic wallet.
What are the KYC requirements in Oman?
The Central Bank of Oman issued Royal Decree No. 30/2016 (Law on Combating Money Laundering and Terrorism Financing) making it necessary for companies to comply with KYC/AML protocols to protect their customers.
According to Chapter 5 of the Royal Decree, financial institutions in Oman must
- Determine and verify the identity of customers based on reliable and independent sources, documents, data and information. These documents include:
- Civil card for Omani nationals and non-Omani residents
- Passport or travel document for persons not residing in the Sultanate of Oman
- Any other approved official identification documents
- Identify and verify the identity of any person acting on behalf of a customer and seek
proof of the authenticity of their agency - Identify and verify beneficial owners, and understand the ownership and control structure of the customer
- Know the purpose of the business relationship, and obtain related information
- Continuously update the data and information related to its customers and beneficial owners whenever necessary
The identity information required by the CBO includes:
- Legal Name
- Permanent address
- Contact telephone number
- Date and place of birth
- Nationality
- Occupation, public position held and/or name of employer
- Official personal identification number or other unique identifier contained in a document that bears a photograph
- Signature
Screening Customers in Oman
Once a potential customer has been identified, the next step is to screen them against comprehensive sanction lists. Oman’s AML/CFT law consists of numerous measures to prevent money laundering and terrorism financing, which include:
- Risk Assessment: Financial institutions must assess the money laundering and terrorism financing risks (low, normal and high risk) associated with their business, including
- Customer risk
- Country from which the customer operates
- Nature of product/transaction
- Customer Due Diligence: Financial institutions should implement customer due diligence methods
- before establishing a business relationship with a customer
- before carrying out high-value transactions
- when there is a suspicion of money laundering or terrorism financing
- when identity documents are suspicious
- Continuous Monitoring: Financial institutions must have ongoing monitoring measures to ensure that a customer’s transactions are consistent with the information, activities, and risk profile.
- Suspicious Transactions Reporting: Financial institutions are required to notify authorities of any suspicious transactions, such as
- Transactions that appear complex, where beneficiaries cannot be identified
- Transactions that are inconsistent with a customer’s usual activity
- Unusual high-valued transactions
- Transactions involving high-risk countries
While complying with these regulations, financial institutions are required to screen their customers against the following lists:
- Sanction lists
Sanction lists are those lists published by government and international authorities and contain official lists of names of those engaged in criminal activity. A few examples are;- Financial Action Task Force (FATF) grey and black lists
- United Nations Sanction List
- Office of Foreign Assets Control (OFAC) Sanctions List
- Middle East and North Africa Financial Action Task Force (MENAFATF) List
- Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG) List
- Money laundering lists
- Terrorist financing lists
- Drug trafficking lists
- Human rights violations lists
- PEPs
PEPs (Politically Exposed Persons) are those individuals with prominent leadership roles in international organizations or high-profile government positions. They typically pose a greater danger to companies because of their influence over governmental and/or international agencies. PEP screening refers to identifying these individuals and evaluating their risk profiles during their onboarding process. - Adverse Media Lists
Adverse media screening refers to identifying potentially damaging information about individuals in the news and other data sources. This helps companies identify potential risks such as money laundering, terrorist financing, tax evasion and corruption, thereby protecting their reputation.
Authentication of Customers in Oman
Once users are identified and screened, they can access a digital platform after being authenticated. Some authentication methods include:
- Passwordless login: This authentication method eliminates the need for password-based login, by using methods such as OTPs, biometric authentication, or security keys. Eliminating the need for users to remember multiple passwords, this method ensures a seamless experience while protecting against identity theft and fraud.
- Biometric authentication: This method uses an individual’s unique biometric characteristics to verify their identity. This includes fingerprint, facial, voice and iris recognition. Being distinct to individuals, this method of authentication is very difficult to replicate and highly fraud-proof.
- Two-factor authentication: 2FA authenticates users using two distinct forms of identity verification, generally a combination of something the user is (facial features, fingerprint or voice), something the user knows (password or PIN code) or something the user has (OTP or security code). The added layer of security protects customers and companies from identity fraud.
How can your company onboard customers in Oman?
uqudo’s fully digital identity platform lets you onboard customers securely with the following steps.
- Step 1 – AI Document Scanning + Verification
- Use our powerful AI document verification to quickly read and scan identity documents, including
- Passports
- ID cards
- Driving Licences
- Verify the authenticity of the identity document, and check if it is a digital copy or a physical document.
- Identify necessary fields on the document, and identity extract data using OCR.
- Use our powerful AI document verification to quickly read and scan identity documents, including
- Step 2 – Face Verification and Liveness Detection
- Detect and capture the user’s image using a standard camera on the onboarding mobile app, and verify if the individual matches the identity document
- Detect if the person on the camera is live and not a spoof.
- Step 3 – Identity verification
- Once the user is identified, access government repositories to verify their identities.
- Step 4 – Screening
- Check if the individual is worth doing business with, using AML, sanction, PEP and adverse media screening.
- Step 5 – Passwordless login
- Once a user has been onboarded, let them log in to your platform in a hassle-free manner using facial recognition.
Are you ready to onboard users in Oman? Get in touch with us to learn more!