Thomas Murray's Risk Committee met throughout July to review three key markets. There was a focus on notable developments and proposed alterations to risk assessments across multiple regions. This month, we present an overview of our findings and insights for Kenya, Portugal, Slovenia, South Korea, Iceland, and Pakistan.
For further regional insight, please contact Ana Giraldo, Chief Risk Officer and Director Americas, who will be able to connect you with one of our experts.
Kenya
Against a backdrop of deep political unrest, the Kenyan financial market is undergoing significant changes, with a focus on improving Anti-Money Laundering (AML) and Counter Terrorism Financing (CTF) deficiencies to remove Kenya from the Financial Action Task Force’s Grey-List.
The Capital Markets Authority (CMA) is working to tighten its supervision in this area, and new regulations have been introduced to address AML/CTF, especially regarding virtual assets. The market is also looking to adopt modern technologies, such as a new trading platform system for the Nairobi Securities Exchange (NSE) and the Central Depository and Settlement Corporation (CDSC) is planning to upgrade their systems by the end of 2026. However, the market still faces challenges, including manual processes and a lack of interoperability between banks and the CSD.
The banking sector in Kenya has remained stable and has focused on digitisation and automation. The banks are looking to shape market developments with their advocacy, especially regarding the automation of broker contract notes, and overall, the relationships between entities in the market are good. The banks are also included in working groups driving key developments in the market, such as the CSD’s system upgrade.
The assessment of financial institutions in Kenya has highlighted some areas of strength, including improvements in asset servicing. However, some institutions still face challenges related to operational risk, including weaknesses in internal controls and risk management practices. The institutions are working to address these challenges, with a focus on improving their risk management.
Overall, Kenya's financial market is evolving, with a focus on improving regulatory compliance and adopting new technologies to drive growth and development.
Portugal
The financial sector in Portugal is characterised by a high level of stability, with institutions demonstrating a strong commitment to risk management and control. They are well-placed to navigate the challenges and opportunities of the financial sector.
The overall risk profile of the sector remains positive, with institutions maintaining a robust framework for managing operational, financial, and asset-related risks,
In terms of asset safety, institutions in Portugal have implemented processes and controls to ensure the secure custody and administration of assets regarding account segregation and reconciliation practices. Financial risk management practices are also well-established. Risk scores have either remained stable or upgraded across the board, with one bank’s upgrade attributed to three years of improved Tier1 and capital adequacy ratios (CAR) trends.
Operational risk management is another area of strength, with institutions investing in robust systems and controls to mitigate the risk of errors, fraud, and other operational disruptions. However, one institution faced challenges in this area, including changes to their business continuity planning and internal audit practices.
The update for Portugal indicates that there have been no significant developments or changes in the market that would impact the risk profile of the custodian banks in the country. The focus remains on maintaining a robust risk management framework and ensuring that institutions are well-equipped to manage the risks associated with their operations.
Slovenia
The risk landscape in Slovenia is characterised by a mix of stability and improvement, with some institutions demonstrating enhanced risk management practices, with others facing challenges related to data breaches and control deficiencies.
Improved asset safety processes, with a focus on automation and enhanced tracking of discrepancies, have been noted, highlighting the efforts of custodians to strengthen their risk management frameworks. For instance, some have upgraded their processes to fully automate reconciliations, which has improved the accuracy and efficiency of their asset safety procedures.
Operational risk has also seen improvements, with institutions conducting annual external audits and implementing penetration testing by external firms. This demonstrates a proactive approach to identifying and mitigating potential risks and is a positive development for the sector. However, data breaches have been reported by some institutions, highlighting the need for ongoing vigilance and review of risk management practices. The impact of these breaches on operational risk grades was carefully considered, with manual adjustments being applied to reflect the severity of the incidents.
The overall sentiment is one of cautious optimism, with institutions prioritising the development of robust risk management frameworks and enhancing their controls to mitigate potential threats. The regulatory environment is also playing a key role in shaping the risk landscape, with institutions responding to changes in regulations and guidelines to improve their risk management practices.
As institutions continue to adapt to the evolving risk landscape, it is likely that we will see further improvements in their risk management practices, and a corresponding reduction in the risk of data breaches and other control deficiencies. Overall, the risk landscape in Slovenia is characterised by a mix of stability and improvement, with institutions demonstrating a commitment to enhancing their risk management practices and mitigating potential threats.
South Korea
The risk reports for South Korea indicate a stable financial sector, with some institutions demonstrating improvements in their risk management practices. The reports highlight enhancements in areas such as asset safety, financial risk, and operational risk, driven by updates to risk management practices and the implementation of new controls and procedures. However, the decision to maintain current risk grades is precautionary, with a preference for reviewing grades once evidence of the effectiveness of the changes.
The sector as a whole appears to be prioritising the development of robust risk management frameworks, with a focus on mitigating potential threats and ensuring the stability of the financial system.
The regulatory environment is playing a key role in encouraging institutions to improve their risk management practices.
Overall, the risk reports for South Korea indicate a banking sector that is committed to maintaining stability and improving its risk management capabilities.
Iceland
The risk reports for Iceland indicate a mixed picture, with some institutions demonstrating improvements in their risk management practices, while others face challenges related to regulatory fines and control deficiencies. Some institutions have made progress in areas such as know-your-customer (KYC) procedures, risk control self-assessments (RCSA), and data protection, leading to upgrades in their operational risk grades.
However, other institutions have been impacted by regulatory fines, which have highlighted deficiencies in their controls and risk management frameworks. These fines have resulted in downgrades to their operational risk grades, reflecting the need for improved risk management practices and enhanced controls.
The reports suggest that the regulatory environment is playing a key role in shaping the risk landscape in Iceland, with institutions responding to changes in regulations and guidelines to improve their risk management practices.
Overall, the risk reports for Iceland indicate a sector that is focused on addressing operational risk concerns and enhancing its risk management capabilities, with a view to maintaining stability and supporting the country's economic growth and development.
The tone of the reports is one of vigilance, with emphasis on the need for ongoing monitoring and review of risk management practices to ensure that the sector remains resilient and stable. The downgrades and upgrades reflect the dynamic nature of the risk landscape, and the need for institutions to continually adapt and improve their risk management practices to meet evolving regulatory requirements and industry standards.
Pakistan
The primary challenges that banks face in the Pakistani market are multifaceted. Geopolitical and domestic instability pose a varying risk to banks operating in the country. The uncertain political and economic environment can have a direct impact on banks' financial performance and stability.
Another key challenge is sovereign risk. The poor sovereign risk grade of Pakistan affects the financial risk assessment of banks operating in the country, particularly those with subsidiary structures.
In addition to these macro-level challenges, banks in Pakistan also face operational risks. Cyber security and data protection are becoming increasingly important in the banking sector, and banks must invest in robust systems and processes to mitigate potential risks. This requires significant investment and expertise, and banks must be vigilant in staying ahead of emerging threats. Operational risk scores have remained stable, with one bank’s upgrade attributed to changes in relevant scoring methodology.
Finally, banks in Pakistan must also navigate a complex regulatory landscape. The country's regulatory framework is subject to ongoing developments and updates, and banks must stay up to date with the latest requirements and guidelines. This can be a challenge, particularly for international banks operating in the country, and requires a strong understanding of the local regulatory environment. Overall, the challenges facing banks in Pakistan are significant, and require a proactive and nuanced approach to risk management and financial planning.
Philippines
The overall risk rating for the Philippines remains stable, with a generally positive sentiment prevailing in the financial sector. Our assessment indicates robust resilience and stability, with some areas of improvement noted in asset servicing and financial risk management. The country's financial institutions have demonstrated a strong ability to navigate challenges and maintain a stable operating environment.
However, there are some cautionary notes, with certain institutions facing challenges related to profitability and risk framework weaknesses. Specifically, concerns have been raised regarding the impact of declining net profits on financial stability, as well as the need for enhanced risk management practices to mitigate potential threats. As a result, the outlook for these entities is being closely monitored, with a focus on addressing these areas of concern.
In terms of operational risk, the sector has shown improvement, with enhanced controls and procedures being implemented to minimise the risk of errors, fraud, and other operational disruptions. Additionally, the country's financial institutions have made significant strides in improving their asset safety and servicing capabilities, with a focus on providing high-quality services to clients.
On balance, the sentiment is one of cautious optimism, with the country's financial sector demonstrating a strong foundation and a commitment to improving its risk management practices.
While there are areas for improvement, the overall risk rating for the Philippines remains favourable, suggesting a relatively low-risk environment for investors and businesses. The country's financial sector is expected to continue to evolve and strengthen, with a focus on maintaining stability, improving efficiency, and enhancing risk management capabilities.


Risk Committee Updates
Stay informed with Thomas Murray for the latest on market dynamics and regulatory trends – subscribe to Risk Committee Updates on LinkedIn.
We safeguard clients and their communities

Petroleum Development Oman Pension Fund
“Thomas Murray has been a very valuable partner in the selection process of our new custodian for Petroleum Development Oman Pension Fund.”

ATHEX
"Thomas Murray now plays a key role in helping us to detect and remediate issues in our security posture, and to quantify ATHEX's security performance to our directors and customers."

Northern Trust
“Thomas Murray provides Northern Trust with a range of RFP products, services and technology, delivering an efficient and cost-effective solution that frees our network managers up to focus on higher Value activities.”
Insights

Understanding supply chain and concentration risks in cloud services
The major incident on Friday, 19 July highlighted the high levels of concentration risk emerging from our technology landscape.

Thomas Murray launches OrbitAI
Thomas Murray is proud to launch OrbitAI, starting with a virtual cyber security consultant integrated into our Orbit Security platform.

Thomas Murray launches Cyber Risk practice with key strategic hire
Leading global risk intelligence firm Thomas Murray has announced the launch of its Cyber Risk advisory practice.

Tabletop exercises: Where to start
Knowing how to deal with the fallout from a major cyber incident is just as important as knowing how to prepare for one.