Taking too long? Close loading screen.

Taxflash 11 April 2019

This week’s TaxFlash is out! Updates from Bahrain, Kuwait, the UAE and Saudi Arabia – and technical tips for the education sector, as well as payment portals with the first return now just around the corner. Contact us to be added to our mailing list.

Taxflash 4 April 2019

This week’s TaxFlash is out! Updates from Bahrain, Kuwait, the UAE and Saudi Arabia – and technical tips for the healthcare sector. Contact us to be added to our mailing list – you would be amazed at who reads us every week!

NBR issues financial services VAT guide

Bahrain’s National Bureau for Revenue (NBR) has recently circulated welcome guidance in the form of a financial services VAT guide which sets out VAT principles specifically relevant to the financial services and insurance sectors. Keypoint’s market-leading tax team has analysed the 119 page guide and highlight key findings in the attached VAT alert.

To discuss this development – or any VAT issue – with one of our VAT specialists, contact the VAT team at vat@keypoint.com or +973 1720 6809.

IRS FAQ update

The IRS has released (issue 2019-3 dated 28 March 2019) new FAQs clarifying compliance for foreign financial institutions (FFIs).

The highlights:

  1. FAQ20 explains the certification requirements of sponsoring entities with certification period ending 31 December 2017
  2. FAQ17 clarifies steps for FFIs whose status is initiated, incomplete or under review for a period of six months or more
  3. FAQ7 reinforces the importance of constantly updating contact information of an FFI’s person of contact (POC) and responsible officer (RO)

For more details please contact:

Dr Mukund Ballal

Advisor, Financial Regulatory Compliance


+973 1720 6813


Sindhu Balasubramanian

Senior Manager, Financial Regulatory Compliance


+973 1720 6838


Osama Al Alawi

Manager, Financial Regulatory Compliance


+973 1720 6857

FATCA & CRS reporting

The Central Bank of Bahrain (CBB) issued circular OG/144/2019 on 24 March 2019 announcing:

  • FATCA and CRS reporting for the year ending 31 December 2018 starts on 1 April 2019 through the CBB’s AEOI portal
  • Reports must be submitted by 2 May 2019
  • FATCA and CRS report submission deadlines from now on will be 2 May every year
  • There are 60 reportable CRS jurisdictions* for the year ending 31 December 2018
  • Reporting financial institutions (RFIs) must comply with CBB requirements, ensuring information is accurate and complete
  • Delays in submission will be penalised
  • Please refer to the CRS standards for CRS compliance guidelines

Please refer to the IGA for FATCA compliance guidance.

For more details on both these updates, please click here or contact:

Dr Mukund Ballal

Advisor – Financial Regulatory Compliance

T +973 1720 6813




Compliance updates – AML & FATCA

The CBB has extended its deadline for all licensees to submit their annual anti-money laundering reviews – the deadline for the 2018 review is now 30 September 2019.

The US’ Internal Revenue Service (IRS) has updated one of its FATCA FAQs and added a new FAQ on withholding and reporting requirements for trusts.

For more details on both these updates, please click here or contact:

Dr Mukund Ballal

Advisor – Financial Regulatory Compliance

T +973 1720 6813



Are CISOs right to be scared of artificial intelligence

Artificial intelligence (AI) has become a buzzword for next generation technocrats, who swear by the capability of AI-based systems to accurately mimic and, in some cases, improve human behaviour – but without the inconsistencies arising from “being human”. Perceived benefits – including increased cost effectiveness and strategic differentiators – have motivated businesses to invest in and deploy AI-based systems in various walks of life.

Will AI remain a tool simply for business users? History indicates otherwise. Nearly every invention intended to improve our lives has been distorted in some way and used for nefarious activities. AI is most unlikely to be an exception.

Even as AI applications find a foothold in the market, the concept has been highjacked by cyber criminals. You should expect to see autonomous malware with AI capabilities that can modify, adapt and repurpose itself based on contextual learning from the target environment, security measures in place and information collected. This exponentially increases the cost of detection and prevention and in many ways nullifies the ability to respond using automated solutions. Manual solutions may be no match either.

What are security solution and service providers doing to react to this growing threat?

For more details:

Srikant Ranganathan

Senior Director

IT Consulting

+973 1720 6827

+973 3626 6286


Bahrain’s personal data protection law (PDPL)

Bahrain issued Law 30 of 2018 – the personal data protection law (PDPL) – on 19 July 2018. The PDPL, which comes into effect on 1 August 2019, applies to almost every entity processing personal data. The PDPL will dramatically change the way businesses in Bahrain process personal data. Businesses are required to seek approval before collecting, processing or storing personal data. There are also new rules for how businesses manage data.

The PDPL, in a first for the region, also introduces criminal penalties, with prison terms of up to one year for serious offences.

Keypoint’s data privacy team has deep data privacy and protection experience, having been engaged on a number of projects related to data classification, end-to-end data process reviews and data life cycles. We have also been engaged by clients to implement various information security-related controls.

For more details on how the PDPL will impact your business – and how Keypoint can help assess and mitigate that impact – please download or contact:

Srikant Ranganathan

Senior Director

+973 1720 6827

+973 3626 6286


CBB releases crypto-assets module (CRA)

Following industry-wide consultation, the Central Bank of Bahrain (CBB) has issued a crypto-assets module (CRA) under Volume 6 (Capital Markets) of the CBB Rulebook. The new module outlines four licensing categories, with capital requirements dependent on the scope and type of crypto-asset services offered. Bahrain is the first country in the region to have an on-shore regulatory framework for crypto-assets.

The CRA module includes requirements for licensing and supervising crypto-asset exchanges and other crypto-asset services, including trading, dealing, advisory, and portfolio management in accepted crypto-assets as principals, agents or custodians. The module introduces specific rules relating to market abuse, manipulation and enforcement and explains how the CBB will penalise late – or non-compliant – submission of date-sensitive requirements.

The CBB’s regulatory sandbox currently has 11 companies that provide a wide range of crypto-asset services.

For more information on crypto-assets, please contact Osama Al Alawi at osama.alalawi@keypoint.com or +973 1720 6857.

CBB drafts rules on cyber security

In a possible sign of things to come, the Central Bank of Bahrain has proposed changes to Volume 4 of its Rulebook (investment firms), revising the authorisation module, drafting a new module on digital financial advice and adding a chapter on cyber security risk measures, as well as adding to Volume 4’s glossary. The new cyber security chapter is a complete rewrite of the existing regulation and goes into detail on areas including accountability and responsibility, roles and responsibilities, and policies and procedures. Licensees providing internet services are required to test their systems twice a year – and to report the findings to the CBB within two months. These tests must be conducted by external, independent security professionals, such as ethical hackers. The proposed rules – which currently apply only to investment firms – are available on the CBB website in the ‘open consultations’ section.

For more details, please read here or contact Srikant Ranganathan at srikant.ranganathan@keypoint.com or Rayan Britto at rayan.britto@keypoint.com