Have a question? +971 56 404 0503
Financial
AI-Driven Cybersecurity in MENA Banking: Why It’s Time to Rethink Our Defenses
By Omar Mansur, Managing Director – APAC, Codebase Technologies
In an age where digital transformation is moving faster than ever, banks around the Middle East and North Africa (MENA) are forced to confront a growing and increasingly evolving threat: cybercrime and fraud. It’s not just about an increase in the number of incidents; it’s about smarter threats. Nefarious agents are utilizing more complex methods such as leveraging artificial intelligence (AI) to outsmart traditional IT security systems, using everything from deepfake-powered scams to AI-generated phishing campaigns along with social engineering strategies.
In the UAE alone, about 21% of cybersecurity incidents in recent years targeted banks and financial institutions, second only to government entities (Lemos, 2025). With costly breaches on the rise cybersecurity has become a top board-level concern. However globally, 71% of leaders report that small organizations can no longer adequately secure themselves against the growing complexity of cyber risks (WEF, 2025). It’s a high-stakes game and I have personally seen how AI and cybersecurity has taken the spotlight in board meetings and discussion with clients from across the GCC and Levant regions.
This urgency has forced MENA banks to explore AI-driven security solutions that can match the speed and complexity of modern threats, protecting both their customers and their bottom line. The conversation is no longer “if” we need AI-driven defenses—it’s how quickly we can deploy them, and how can we optimize them to adapt to the ever-changing tactics of nefarious agents
Where We Stand
It wasn’t that long ago that Gen AI in banking was mostly used to train and create chatbots for customer support, but this is changing quickly. In the UAE, over 70% of banks have rolled out or upgraded their AI capabilities, and not just to streamline operations, but to actively combat cybercrime (PwC, 2023). Across multiple projects I have seen an overarching focus on AI being incorporated into all manner of digital solutions, particularly in the MENA region where cyber fraud has become a prevalent issue affecting credibility and customer confidence.
The push is being led by both necessity and ambition. Saudi Arabia and the GCC states are investing heavily in national digital strategies, and banks are stepping up with AI systems to detect fraud, verify identities, and stay ahead of financial crime. As many countries in the Middle East position themselves as financial and fintech hubs, ensuring security for customers and institutions is a prime concern in garnering not only customer confidence but regional credibility. That’s pushed regional cybersecurity budgets to grow by double digits, with MENA’s total spend expected to exceed $3.3 billion in 2025, driven by Gen-AI, cloud adoption, talent gaps, and evolving threats (Gartner, 2024).
A True Strategic Advantage or Just a Security Upgrade?
Artificial intelligence isn’t just helping plug holes in defenses, it’s defining the rules for how security is built into every layer of operations. Integrating AI into banking operations gives banks a real edge in regions where speed really matters. Having worked with several banks across the region, I’ve seen firsthand how traditional security models are starting to break under the weight of elaborate AI based threats.
For banks in the MENA region, where rapid digitalization coincides with heightened cyber threats, adopting AI-driven systems enhances operational resilience, reduces financial losses due to fraud, and boosts customer trust. AI not only fortifies security frameworks, it also fosters innovation, empowering banks to confidently pursue new digital business models and expansion opportunities.
AI defenses monitor account activity 24/7 and can react in seconds to anomalies, reducing the window of time attackers can exploit. AI-based user behavior analytics can spot an account takeover attempt at the moment it diverges from normal patterns and automatically disable the account, preventing fraud before it escalates. Early-adopting banks in the UAE report that AI systems have sharply reduced successful fraud incidents and enabled rapid intervention in potential cyber attacks.
AI isn’t just a nice to have security upgrade, it’s a question of survival.
How are Banks Using AI for Cyber Security
A simple example of successful AI usage in a cybersecurity context is during a next-gen digital onboarding process. With many regulators now strong encouraging or mandating digital onboarding, banks have been able to benefit from using AI-powered systems to prevent fraud before it has a chance to run rampant. Next gen AI-powered onboarding and eKYC minimizes friction for customers looking to open accounts, while providing a secure backend environment to recude the risks for attacks. Such solutions utilize a variety of AI enabled features such as next-gen biometrics, deep ID document validation, Arabic language detection, glare reduction in ID photos, all ensuring a secure authentication and verification of a new customer. An example of this application can be the digital onboarding process implemented by UAE-based Ajman Bank, which has registered a significant reduction in fraud attempts after implementing an AI-based digital onboarding system as part of its digital transformation.
Another strategy for catching instances of fraud is by using AI for anomaly detection. A machine learning model can study what “normal” looks like, in terms of user behavior, transaction patterns, system activity; and flag anything that stands out. This allows banks to see unusual patterns – e.g. a late-night login or peculiar fund transfers, which would evade static rule-based systems. Unsupervised algorithms (like isolation forests or one-class SVMs) and neural network autoencoders sift through vast streams of events to pinpoint such outliers. Such strategies, can be deployed to facilitate analysis over large numbers of accounts, which can then be flagged to a human for additional intervention and review.
This tactic can work hand in hand with automating routine security tasks with AI, making cybersecurity operations more efficient. This not only addresses the talent shortage by doing more with less, but also lowers costs associated with manual monitoring and investigation. AI-based security solutions have been shown to improve incident response times and cut costs by reducing trivial alerts and speeding up analysis. Banks in MENA benefit by reallocating human experts to higher-value activities like threat hunting and fortifying security architecture, while letting AI handle the heavy lifting of round-the-clock surveillance.
Neural networks can analyze huge volumes of transactional data, cross-referencing dozens of variables to catch fraud in ways that traditional systems simply can’t. Banks train neural networks on historical transactions to recognize subtle indicators of fraud that humans might miss. An ensemble of decision trees (random forests) or a deep neural network can analyze dozens of features (transaction size, timing, location, device, user profile) to instantly assess whether a transaction is suspicious. These models adapt as fraud tactics evolve, improving over time. Similarly, neural networks in intrusion detection systems learn to spot network traffic behaviors that resemble known cyberattacks. This leads to faster, more accurate threat detection and frees up human analysts for higher-level decision-making.
Phishing remains a prime concern for many banks as targeting customers can be a much simpler way to compromise a system than to go after the bank itself. In fact, in 2024 there was a sharp increase in phishing and social engineering attacks, with 42% of organizations reporting incidents (WEF, 2025). To mitigate such threats, many cyber security experts are turning to Natural Language Processing or NLP, which has become a dynamic way in recent years that helps banks detect malicious intent in emails, texts, and even chat messages. NLP enables AI to “read” and analyze text for signs of fraud or attack. An NLP-driven system can scan incoming emails to employees and flag phishing attempts based on language patterns and malicious links. Banks use NLP to monitor chat messages and transaction memos for red flags, like someone soliciting account details. By understanding context in language, AI adds an extra layer of defense to catch social engineering and scam attempts that purely numeric data monitoring might overlook.
By deploying these AI-powered strategies in tandem, banks can create a multi-pronged defense system, akin to a digital immune system, ready to tackle a multitude of afflictions. An anomaly detection system might catch unusual account behavior, while an NLP filter flags a related phishing email – together giving a fuller picture of an attack in progress. This intelligent automation amplifies human analysts’ effectiveness, allowing them to focus on verified threats and complex investigations rather than sifting through noise.
Looking Towards a Future of Cyber Resilience
We’re entering a new era in banking security. One where artificial intelligence and generative-AI doesn’t just assist, but actively drives how banks detect, prevent, and respond to threats. The emerging champions won’t be those with the biggest budgets, but those with the clearest strategy, and those who understand that AI is both a weapon and a shield in the modern cybersecurity landscape. One that must be deployed correctly to protect institutions and customers.
When implemented wisely, AI can dramatically boost a bank’s ability to prevent breaches, detect fraud in real time, and operate securely at scale – all essential for maintaining customer trust. At the same time, banks must remain vigilant: as attackers innovate with AI, defensive strategies must keep adapting, and governance must ensure ethical, compliant use of artificial intelligence.
So, here’s a question worth asking at the next board meeting is, are we using AI to its full potential, not just to defend our systems, but to build customer trust, support innovation, and lead the market in resilience?
Financial
HOW GLOBAL SECURITY AND VALUABLES LOGISTICS PROVIDERS ARE ADAPTING OPERATIONS AMID RISING GEOPOLITICAL TENSIONS
By Nader Antar, Executive Vice President and President for Brink’s Global Services (BGS)
Much like a stable internet connection or accessibility to clean water, when we consider global finance we tend to take continuity for granted – until it is tested. Capital moves, liquidity flows, and billions in high-value assets cross borders each day, all with an expectation of certainty. Yet courtesy of the ongoing conflicts across the region, that certainty is being challenged in real time.
The Iran war is both reshaping geopolitical dynamics and disrupting the very corridors through which global trade and financial flows depend. Volatile energy markets, heightened concerns about broader economic spillovers, and early signs of how critical trade arteries such as the Strait of Hormuz can suddenly turn stability to systemic risk have sharpened the focus on resilience across the Gulf.
Of course, even amid these heightened tensions, the region continues to project stability, with governments advancing long-term infrastructure and supply chain strategies. Saudi Arabia’s new Logistics Corridors Initiative – which among its objectives aims to establish Red Sea routes capable of bypassing Hormuz entirely – reflects a deliberate approach to ensure the movement of goods, and especially the movement of value, remains uninterrupted.
Within this environment, the transport of high-value assets – banknotes, precious metals, and other commodities – has come under increased scrutiny. These flows are deeply embedded in the functioning of financial systems, linking central banks, commercial institutions, and global markets. When disruption occurs, the consequences extend beyond delayed shipments and can impact everything from liquidity to market confidence to operational continuity.
The question then, during a period of geopolitical conflict, is not whether disruption will occur, but how quickly and smoothly systems can adapt when it does. At Brink’s, our approach to this particular challenge is anchored in three core principles: Infrastructure, diversification, and visibility.
Infrastructure is the foundation of resilience. A globally distributed network of high-security facilities across major trade hubs ensures continuity by allowing rapid shifts when disruptions occur. Whether that is in the UAE, Switzerland, Singapore, or the United States, these facilities enable valuable commodities to be securely stored, repositioned, and mobilised as conditions evolve. In an unpredictable environment, the ability to absorb shocks and shift assets quickly without compromising security or compliance is crucial.
Diversification ensures flow flexibility. Traditional logistics models, often optimised for efficiency along fixed corridors, are no longer sufficient. Today’s operating environment demands multi-route, multi-modal strategies that allow shipments to be rerouted rapidly when disruptions occur. By integrating storage and transport into a single, coordinated system, it becomes possible to maintain continuity even as specific routes or markets face constraints.
Visibility, however, is what brings resilience into focus. Real-time monitoring across operations provides the situational awareness needed to anticipate risks and respond proactively. Through centralised platforms, our teams maintain continuous oversight of shipments, facilities, and transport networks. This level of transparency goes far deeper than simply tracking assets; it is about enabling faster, more informed decision-making in moments where timing is critical.
The UAE offers a compelling example of how these principles come together in practice. As one of the most stable and strategically positioned logistics hubs in the world, the Emirates has built an ecosystem defined by advanced infrastructure, strong regulatory frameworks, and deep connectivity across global trade corridors. In many respects, operations remained business as usual throughout these past couple of months. Yet this continuity is not accidental; it is the result of deliberate investment in systems designed to withstand disruption — even when the country found itself pulled into what might yet be one of the most consequential conflicts in recent history.
Beyond transport, the scope of secure logistics continues to expand. From safeguarding high-value assets at major international exhibitions to ensuring the uninterrupted availability of cash through extensive ATM networks, resilience must be embedded across the entire financial ecosystem. In markets such as India, innovation is also reshaping how cash and digital systems interact, creating new models that enhance both security and accessibility.
None of this happens in isolation. Secure logistics operates within a broader framework that depends on close coordination with regulators, customs authorities, and law enforcement agencies. These partnerships are essential to maintaining compliant, uninterrupted cross-border flows, particularly during periods of heightened geopolitical tension.
What we are witnessing today is a broader transformation in how the logistics sector approaches risk. The emphasis is moving from efficiency to adaptability, from linear supply chains to dynamic, interconnected networks. Resilience, flexibility, and visibility are now considered non-negotiables.
Global trade will continue to evolve, shaped by shifting geopolitical dynamics and emerging economic corridors. But one constant will remain: The need for trust. It is only with this that assets will move securely, that systems will hold under pressure, and that continuity will be maintained.
In the end, the true measure of a network — be it global finance, logistics, or indeed telecommunications — is not how it performs when conditions are stable, but how effectively it responds when they are not.
Exclusive interview with Michael Ayres, Group CEO & Partner at Rostro Group
What strategic factors made the UAE the next major market for Rostro?
The UAE represents a very deliberate choice for us, rather than just a natural expansion step. What sets it apart is the alignment between ambition, regulation, and execution. You have a government that is actively shaping the future of financial services, a regulatory environment that is evolving at pace, and a private sector that is willing to innovate and adopt new models. That combination is rare.
From a strategic standpoint, the UAE sits at the intersection of global capital flows. It connects East and West, and increasingly serves as a base for institutional participants looking to access both developed and emerging markets. We’re seeing a growing presence of hedge funds, family offices, and proprietary trading firms establishing themselves here, which naturally increases demand for more sophisticated infrastructure around liquidity, execution, and risk management.
For Rostro, that is exactly where we operate. We’re not just building products; we’re building infrastructure that supports how modern markets function. The UAE gives us the platform to do that at scale, while remaining close to clients who are actively shaping the next phase of the industry. It’s a market that is not only growing, but evolving, and that makes it an ideal environment for long-term investment.
How is Rostro managing liquidity sourcing in the UAE given the current market environment?
The current market environment has made one thing very clear: liquidity is no longer just about access; it’s about resilience. Periods of volatility, geopolitical uncertainty, and concentrated positioning expose the limitations of traditional liquidity models, particularly those that rely heavily on internalisation or a narrow set of counterparties.
Our approach is to move away from that dependency and towards a more diversified, structured model. We combine OTC liquidity with direct access to exchange-traded markets, allowing us to provide clients with both flexibility and transparency. This is particularly important in volatile conditions, where pricing integrity and execution certainty become critical.
We’re also seeing a clear shift in client behaviour. Institutional participants are becoming more conscious of execution quality, counterparty exposure, and the underlying mechanics of how liquidity is sourced. That is driving increased interest in exchange-traded products, as well as institutional-grade crypto liquidity, where market fragmentation has historically created inefficiencies.
By building infrastructure that brings these elements together – across OTC, exchange-traded derivatives, and digital assets – we’re able to offer a more stable and consistent execution environment. The objective is not just to perform in favourable conditions, but to remain reliable when markets are under pressure.
Amit Dua, President, SunTec Business Solutions
E-invoicing in the UAE is no longer a distant policy idea; it is a dated commitment. From July 2026, the Federal Tax Authority (FTA) will begin the first mandatory phase of a national e-invoicing regime, with larger taxpayers required to comply from January 2027 and smaller businesses following later that year. Penalties of up to AED 5,000 per violation have already been announced for non-compliance.
This is happening against the backdrop of a fast-expanding non-oil economy. At the same time, artificial intelligence is projected to contribute close to 14 percent of UAE GDP by 2030, the highest relative impact in the region.
In such an environment, e-invoicing is not a narrow tax exercise. It is a test of whether companies can manage real-time regulatory obligations while improving the speed, integrity, and usefulness of their financial data. Firms that treat it as another compliance chore will scramble to catch up. Those that approach it as a strategic capability will emerge with cleaner processes, faster cash conversion, and better insight into how their businesses actually work.
Four disciplines, in particular, will separate the merely compliant from the genuinely prepared.
1. Start by really understanding the new rulebook
The first discipline sounds obvious but is frequently ignored: know the rules in detail. Under the UAE framework, an invoice will no longer be a PDF attachment travelling quietly from seller to buyer. It will be a structured data packet, typically in XML, and in some cases JSON, that must be generated by the supplier’s systems, routed through an accredited service provider operating on the Peppol five-corner model, and delivered simultaneously to the buyer and to the FTA.
This architecture is deliberately more complex than the old email-and-attachment world. Each invoice must pass schema checks, integrity checks, and business-rule validations before it is accepted as a tax-compliant document. The FTA will then use the incoming data stream to pre-populate returns, reconcile declarations with actual invoice flows, and flag discrepancies almost in real time.
There is also a long tail of procedural obligations. Businesses must understand which transactions fall within scope in each phase, how credit notes and cancellations will be handled, how to deal with cross-border supplies, and which exemptions, if any, apply to their sector. Beneath all of this sits a familiar but often neglected requirement: record-keeping. UAE tax law already obliges businesses to retain accounting records, including tax invoices, for at least five years after the end of the relevant tax period, with longer periods for certain assets and real estate. E-invoicing will not replace this obligation; it will tighten it, because the Authority will have its own copy of every invoice.
Companies that only half-understand this rulebook will find themselves constantly reacting to surprises. The ones that invest early in a precise, shared understanding, across finance, tax, IT and operations, will be able to design systems and processes that meet the requirements without strangling the business.
2. Redesign the systems, not just patch them
The second discipline is technical, but it cannot be delegated entirely to IT. Large and mid-sized UAE businesses typically run a patchwork of ERPs, billing engines, and industry-specific platforms. Many were built for a world where an “invoice” was whatever the system could print. They were not designed to produce standardized, structured e-invoices or to connect to a Peppol-based network in which every document is validated by an external access point before it counts.
Trying to bolt e-invoicing on to this kind of landscape in the last quarter of 2026 would be professionally reckless. Boards must insist on a hard-headed mapping of how invoices are currently created, routed, approved, and stored.
The UAE framework gives firms some architectural freedom. They can consolidate invoice generation in a central “hub” that talks to multiple access points, or they can adopt a more decentralized model with business-unit-specific systems feeding into a common provider. But there are hard deadlines. Large taxpayers with annual revenues above AED 50 million must appoint an accredited service provider by 31 July 2026 and go live with e-invoicing by 1 January 2027; smaller taxpayers follow six months later, with their own appointment and go-live dates in 2027.
Accredited service providers themselves face strict requirements on uptime, performance, and information security. Many must demonstrate ISO/IEC 27001-level controls and keep pace with evolving FTA specifications. Choosing one in a hurry, without proper due diligence on their scalability and roadmap, will store up trouble. The more disciplined approach is to treat system redesign as a staged program: clean up master data, rationalize templates, decide which systems are sources of truth and which are consumers, and only then build or buy the integration layer that connects to the Peppol network.
3. Train the organization for real-time tax
The third discipline is organizational. E-invoicing looks, at first glance, like a back-office affair. In reality, it will touch sales, procurement, operations, customer service, and even treasury. Every group that raises, approves, disputes or chases an invoice will have to change behavior.
In markets that have already implemented similar regimes, many of the worst early-stage problems had little to do with software. They arose from people trying to work around the new rules. Sales teams promised bespoke formats or unusual discount structures that the system could not express in a valid e-invoice. Shared service centers reverted to spreadsheets when confronted with a new edge case. Managers asked IT to “override” rejections to recognize revenue faster, undermining both controls and audit trails.
The UAE will not be an exception. Training cannot be limited to a single webinar or a set of user manuals. Front-line staff need to understand what makes an invoice “real” in the new world, which fields are non-negotiable, and what to do when an invoice fails validation. Middle managers need to know how to interpret new exception reports and how to balance commercial pressures with compliance obligations. Senior leadership needs a clear view of key metrics such as rejection rates, average time from issue to acceptance, and the volume of manual interventions as leading indicators of whether the new regime is bedding in or beginning to buckle.
The most effective organizations are already running “shadow” or pilot cycles, issuing e-invoices alongside traditional ones and using the results to refine processes ahead of the legal deadlines. That kind of rehearsal requires coordination, and coordination requires visible sponsorship. When the CEO, CFO and CIO jointly own e-invoicing, it becomes a transformation initiative. When it is dumped quietly into the IT work queue, it becomes an expensive troubleshooting exercise.
4. Treat data, security, and retention as strategic infrastructure
The fourth discipline goes beyond the launch date. E-invoicing will generate one of the richest, most sensitive data streams in a business. Each invoice reveals who is paying whom, on what terms, for what goods or services, and under what tax treatment. In the UAE’s Peppol-based five-corner model, this data will flow more widely than before, passing through access points and central systems on its way to the FTA.
Regulators have attempted to pre-empt security concerns. Accredited providers must meet rigorous information-security standards, and the technical specifications call for encryption, digital signatures and auditable logs. But no external standard can compensate for weak internal governance. Boards must be asking very basic questions now: who can change tax codes or customer master data; how access rights are granted and revoked; what happens if an access point is compromised or goes offline; and how quickly the company can detect unusual patterns, such as repeated rejections for a particular counterparty.
Record-keeping deserves similar attention. Existing VAT rules already require businesses to retain tax records, including invoices, for at least five years after the end of the relevant tax period, with longer retention periods for some categories. E-invoicing will make it easier to store these records in a structured way, but it also raises the bar. If the Authority holds a copy of every invoice, gaps or inconsistencies in a company’s own archive will be harder to explain.
If managed well, this new data environment is an asset. Structured e-invoice data can give leadership teams a real-time view of receivables, payables, pricing, and discount patterns across business units and geographies.
From four steps to one mindset
The UAE’s e-invoicing mandate will not dominate headlines in the way that new trade agreements or record non-oil trade figures do. Yet, quietly, it will shape how companies in the country bill, collect, report and plan. It is tempting for boards to think of it as a discrete project with a defined end date. In reality, it marks a shift to a more transparent, data-intensive relationship between business and state, one that will continue to evolve as tax rules, digital infrastructure, and trade flows change.
The four disciplines outlined here, understanding the rulebook, redesigning systems, training the organization, and treating data and security as strategic infrastructure, are not an exhaustive checklist. They are, however, a good proxy for mindset. Companies that embrace them are likely to find that e-invoicing improves the quality of their numbers, the speed of their decisions and the robustness of their controls. Those that do not, may meet the letter of the law but miss the larger opportunity.
In a country positioning itself as a global hub for trade and AI-driven digital commerce, e-invoicing is part of the plumbing. As every good engineer knows, the quality of the plumbing determines how much pressure the system can take.
AMAAL APPOINTS CITIC MIDDLE EAST CONTRACTING AS MAIN CONTRACTOR FOR AED 1.8 BILLION MANSORY RESIDENCES IN DUBAI
HOW GLOBAL SECURITY AND VALUABLES LOGISTICS PROVIDERS ARE ADAPTING OPERATIONS AMID RISING GEOPOLITICAL TENSIONS
DUBAI CORPORATION FOR CONSUMER PROTECTION AND FAIR TRADE SIGNS STRATEGIC COLLABORATION AGREEMENT WITH ENOC’S AUTOPRO TO ENHANCE VEHICLE MAINTENANCE STANDARDS IN DUBAI
-
News10 years ago
SENDQUICK (TALARIAX) INTRODUCES SQOOPE – THE BREAKTHROUGH IN MOBILE MESSAGING
-
Tech News2 years agoDenodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
VAR12 months agoMicrosoft Launches New Surface Copilot+ PCs for Business
-
Trending6 months agoOPPO A6 Pro 5G Review: Reliable Daily Driver
-
Tech Interviews2 years agoNavigating the Cybersecurity Landscape in Hybrid Work Environments
-
Tech News9 months agoNothing Launches flagship Nothing Phone (3) and Headphone (1) in theme with the Iconic Museum of the Future in Dubai
-
Automotive2 years agoAGMC Launches the RIDDARA RD6 High Performance Fully Electric 4×4 Pickup
-
VAR2 years agoSamsung Galaxy Z Fold6 vs Google Pixel 9 Pro Fold: Clash Of The Folding Phenoms