Oman DCM issuance likely to slow to reduce debt; Majority is sukuk
Fitch Ratings-Toronto/Jakarta/Dubai: Debt capital market (DCM) issuances by Omani entities are likely to continue but at a slow pace in 2025-2026, in line with the sovereign's aim to reduce its debt to about 30% of GDP, Fitch Ratings says.
The DCM fell 2.1% yoy to USD45 billion outstanding as of end-1Q25 (all currencies), mostly US dollar-denominated (68%). Oman is not shielded from global macroeconomic and financial market uncertainty, and primary market dollar issuance since 2 April has been quiet. However, we still expect some issuance in the pipeline, with domestic, regional and Islamic investor liquidity still intact.
In 2024, sukuk dominated the funding mix at 63.4% of the DCM issuance, with the rest in conventional bonds (excluding treasury bills), while in 1Q25 no sukuk were issued and only one conventional bond was issued. US tariff-related volatility and faster-than-anticipated OPEC+ production cuts have put pressure on oil prices (2025F and 2026F: USD65/barrel (bbl)). However, Oman has some resilience to oil price shocks with a fiscal break-even price of USD67/bbl.
We project government debt/GDP at 36.1% at end-2026 (2024: 35.1%; 2020: 67.9%). In 2024, the sovereign continued to deleverage and pre-pay portions of its debt (USD2.8 billion; 2.5% of GDP) using budget surpluses. Oman's corporates, mainly government-related entities (GREs), are likely to continue to issue debt to diversify their funding. Omani banks are mainly deposit funded, while wholesale debt at Fitch-rated Omani banks is limited and mainly represented by interbank borrowings.
Total DCM issuance rose by 61.4% to USD10.3 billion in 2024, while 1Q25 issuance was USD1.5 billion (all currencies; including treasury bills). Sukuk issuance in 2024 expanded by 124.9% yoy to USD2.9 billion, outpacing conventional bonds, which were up 45.4% yoy to USD7.4 billion (all currencies). In 2024, Oman's GREs issued only sukuk. Sukuk demand is intact, mainly from Oman's Islamic banks and windows, which have about 19.2% banking system market share as of end-February 2025, along with Islamic bank demand from other GCC countries.
Fitch rated about USD7.2 billion of outstanding Omani sukuk – all at 'BB+' in 1Q25, issued by corporates (55.2%) and the sovereign (44.8%). All rated-sukuk issuers have a Positive Outlook, following the revision of the sovereign Outlook in December 2024. No Omani sukuk or conventional bonds defaulted in 2024-1Q25.
The government has USD6.3 billion in financing needs for 2025, of which 53.2% will be funded by external borrowing, 30.5% by local borrowing and 16.3% by withdrawal from reserves, according to the Ministry of Finance. In 2025, Oman's government plans to raise USD1.9 billion from the local market, with 73.3% from government development bonds and 26.7% from sovereign local sukuk.
The Omani DCM is still-developing and is the second smallest among GCC countries. It faces issues such as limited private sector issuance, investor base concentrated with banks, shallow Omani rial market and low secondary market liquidity. The lack of a link with international central securities depositories such as Euroclear or Clearstream partly hinders foreign-investor participation in the rial DCM.
The authorities plan to gradually increase the proportion of domestic debt by enhancing the local market and refinancing some of the upcoming external debt maturities in local currency. This strategy includes regular issuance in the local market, revising the regulatory framework and increasing participation in international clearing mechanisms to attract global investors to the local market. The central bank is developing new Islamic liquidity management tools, including Islamic treasury bills, which are currently not available in sharia-compliant format.
Over the medium-to-long term, we expect the DCM to deepen on the back of issuers' funding diversification efforts and the government's regulatory initiatives.
-Ends-
Matt Pearson
Associate Director, Corporate Communications
Fitch Group, 30 North Colonnade, London, E14 5GN
E: matthew.pearson@thefitchgroup.com
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
an hour ago
- Khaleej Times
Dh55 million for a car number plate? Why are some plates so expensive in the UAE?
Less is more — that's definitely true when it comes to car number plates in the UAE. The fewer the digits, the more expensive they are. This could help explain why Dubai's 'P7' car number plate set the record for the most expensive number plate in the world when it was auctioned for Dh55 million in 2023. This surpassed the previous record of Dh52.5 million set by the 1 number plate sold in Abu Dhabi. Owning a personalised number plate could turn more heads than the car you drive. And thankfully, you don't need to spend millions to acquire one. While single-digit number plates are the most expensive, there are many double and triple-digit combinations that are priced lower. Or, you could go the other way and pick numbers that represent a significant date — such as the date you got married, or the birth date of your children. The Roads and Transport Authority (RTA) in Dubai has just finished its latest auction of distinctive number plates consisting of three-, four-, and five-digit combinations for private vehicles, classic vehicles, and motorcycles. This was the RTA's 79th online auction and included 350 exclusive plates up for grabs. Many of its auctions are organised to raise money for good causes, such as the 1 Billion Meals Endowment and the Fathers' Endowment Campaign. The One Billion Meals Endowment campaign was launched under the global initiatives umbrella spearheaded by Sheikh Mohammed bin Rashid Al Maktoum, Vice-President, Prime Minister of the UAE and Ruler of Dubai, with the aim of fighting global hunger. One of the most memorable auctions saw Muhammad BinGhatti, chairman of Binghatti Holding, pay Dh35 million for the DD5 number plate, which started with a bidding price of Dh15 million. While single-digit plates are the most exclusive, repeating numbers (like 111, 7777) or patterns (like 1234) are also highly prized. Personalised number plates are bought primarily as a status symbol, much like an expensive watch. But there are also those motorists who buy them as investments, hoping their value will increase over time. Manan Mistry, who owns the company Create Me, has bought four personalised number plates during his 19 years in the UAE. The 45-year-old paid around Dh4,000 per plate, which were put on various cars, including a Hummer, Chevy Camaro and Mustang. Important numbers 'I just thought it would be cool to have what you wanted, so I went ahead and bought personalised plates,' he said. One of the number plates is similar to his phone number while another one is the date of his wedding anniversary. Mistry plans to sell two of them as a pair, but not the marriage date one as it is 'priceless'. 'I also have L plates, which people think is a limo company. But at the time, it was the letter,' he joked. Jamie McGinlay, 49, bought the number plates O 3275 and P 3275 about five years ago and paid Dh9,000 for the pair. 'Originally, one was on my wife's Porsche Cayenne, but it's now on my Lotus Emira. The other has always been on my Aston Martin. I thought it would be a good way of making a little money on something a little fancy as I have always liked cars,' explained McGinlay, who is the CEO of a defence contracting company and has lived in the UAE for 16 years. 'I haven't ever sold them, but I am aware that their value has increased massively.' Back in 2017, the RTA launched a campaign called 'Your Memorable Moments on Your Vehicle's Plate' for U-coded plates. It allowed buyers to choose five-digit plates bearing a code personalised to resemble important dates. If I were to buy them for my two sons' birthdays, the plates would look very similar – 10107 and 10710. If you want a personalised number plate (officially called Special Plate Numbers) in Dubai, you can buy one directly from the RTA, participate in one of its online or physical auctions, or from a second-hand marketplace. The RTA offers customisation services, allowing you to choose letters and numbers that hold personal significance, as long as they haven't already been taken. Regular number plates have single letters at the front, with lower letters like A, B, and C normally meaning they are older. Once you start seeing double letters (like CC) then you will know these are part of a special series or auction. If you are taking part in an auction, make sure you determine your budget before you start bidding. Personalised plates can range in price from thousands to millions of dirhams, so don't get carried away. Having a hard ceiling on the price you are willing to pay will stop your emotions from taking over. Auctions can be competitive, especially for highly sought-after plates, so think carefully before you enter a bidding war.
Arabian Business
2 hours ago
- Arabian Business
UAE businesses confident of international trade growth despite tariff woes
Businesses in the UAE remain highly confident in their international trade prospects, with 94 per cent saying they expect to grow cross-border trade in the near future, according to HSBC's 2025 Global Trade Pulse Survey. Despite ongoing uncertainty and cost headwinds from tariffs, UAE firms are leaning into enhanced planning and digital solutions to stay ahead. The HSBC survey offers insight into the business plans and sentiment of more than 5,700 international firms across 13 markets regarding tariffs and trade. UAE business optimism It reveals that two thirds of corporations globally have already experienced cost increases due to tariff and trade uncertainty – and the worst may be yet to come. In contrast, companies in the UAE are incredibly optimistic about their future international trade prospects, as they have not suffered particularly pronounced impacts on cost yet, though they do expect to in the short-and-long-term. Deyana Cherneva, Head of Global Trade Solutions, Middle East North Africa and Türkiye, HSBC Bank Middle East said: 'Corporates in the UAE have their counter strategies ready in response to the rapidly evolving trade landscape. Using data, investing in supply chains, and increasing reliance on the Middle East, China, and Europe corridors, are part of their plans. 'Geopolitical and geoeconomic shifts have been a mainstay across decades and resilient businesses know how to adapt and respond. What is encouraging to see is that 75 per cent of corporates in the UAE plan to use the trade uncertainty as an opportunity to evolve and explore new opportunities.' Key findings include: The United Arab Emirates' proactive approach is also reflected in increased regional trade ties. 62 per cent of surveyed UAE firms say they are ramping up reliance on the Middle East, followed by China (47 per cent) and Europe (43 per cent).
Khaleej Times
6 hours ago
- Khaleej Times
Artificial Intelligence in cybersecurity: savior or saboteur?
Artificial intelligence has rapidly emerged as both a cornerstone of innovation and a ticking time bomb in the realm of cybersecurity. Once viewed predominantly as a force for good, enabling smarter threat detection, automating incident responses, and predicting attacks before they happen — AI has now taken on a double-edged role. The very capabilities that make it invaluable to cybersecurity professionals are now being exploited by cybercriminals to launch faster, more convincing, and more damaging attacks. From phishing emails indistinguishable from real business correspondence to deepfake videos that impersonate CEOs and public figures with chilling accuracy, AI is arming attackers with tools that were previously the stuff of science fiction. And as large language models (LLMs), generative AI, and deep learning evolve, the tactics used by bad actors are becoming more scalable, precise, and difficult to detect. 'The threat landscape is fundamentally shifting,' says Sergey Lozhkin, Head of the Global Research & Analysis Team for the Middle East, Türkiye, and Africa at Kaspersky. 'From the outset, cybercriminals began using large language models to craft highly convincing phishing emails. Poor grammar and awkward phrasing — once dead giveaways are disappearing. Today's scams can perfectly mimic tone, structure, and professional language.' But the misuse doesn't stop at email. Attackers are now using AI to create fake websites, generate deceptive images, and even produce deepfake audio and video to impersonate trusted figures. In some cases, these tactics have tricked victims into transferring large sums of money or divulging sensitive data. According to Roland Daccache, Senior Manager – Sales Engineering at CrowdStrike MEA, AI is now being used across the entire attack chain. 'Generative models are fueling more convincing phishing lures, deepfake-based social engineering, and faster malware creation. For example, DPRK-nexus adversary Famous Chollima used genAI to create fake LinkedIn profiles and résumé content to infiltrate organisations as IT workers. In another case, attackers used AI-generated voice and video deepfakes to impersonate executives for high-value business email compromise (BEC) schemes.' The cybercrime community is also openly discussing how to weaponize LLMs for writing exploits, shell commands, and malware scripts on dark web forums, further lowering the barrier of entry for would-be hackers. This democratisation of hacking tools means that even novice cybercriminals can now orchestrate sophisticated attacks with minimal effort. Ronghui Gu, Co-Founder of CertiK, a leading blockchain cybersecurity firm, highlights how AI is empowering attackers to scale and personalize their strategies. 'AI-generated phishing that mirrors human tone, deepfake technology for social engineering, and adaptive tools that bypass detection are allowing even low-skill threat actors to act with precision. For advanced groups, AI brings greater automation and effectiveness.' On the technical front, Janne Hirvimies, Chief Technology Officer of QuantumGate, notes a growing use of AI in reconnaissance and brute-force tactics. 'Threat actors use AI to automate phishing, conduct rapid data scraping, and craft malware that adapts in real time. Techniques like reinforcement learning are being explored for lateral movement and exploit optimisation, making attacks faster and more adaptive.' Fortifying Cyber Defenses To outsmart AI-enabled attackers, enterprises must embed AI not just as a support mechanism, but as a central system in their cybersecurity strategy. 'AI has been a core part of our operations for over two decades,' says Lozhkin. 'Without it, security operations center (SOC) analysts can be overwhelmed by alert fatigue and miss critical threats.' Kaspersky's approach focuses on AI-powered alert triage and prioritisation through advanced machine learning, which filters noise and surfaces the most pressing threats. 'It's not just about automation — it's about augmentation,' Lozhkin explains. 'Our AI Technology Research Centre ensures we pair this power with human oversight. That combination of cutting-edge analytics and skilled professionals enables us to detect over 450,000 malicious objects every day.' But the AI evolution doesn't stop at smarter alerts. According to Daccache, the next frontier is agentic AI — a system that can autonomously detect, analyze, and respond to threats in real time. 'Traditional automation tools can only go so far,' Daccache says. 'What's needed is AI that thinks and acts — what we call agentic capabilities. This transforms AI from a passive observer into a frontline responder.' CrowdStrike's Charlotte AI, integrated within its Falcon platform, embodies this vision. It understands security telemetry in context, prioritises critical incidents, and initiates immediate countermeasures, reducing analyst workload and eliminating delays during high-stakes incidents. 'That's what gives defenders the speed and consistency needed to combat fast-moving, AI-enabled threats,' Daccache adds. Gu believes AI's strength lies in its ability to analyze massive volumes of data and identify nuanced threat patterns that traditional tools overlook. 'AI-powered threat detection doesn't replace human decision-making — it amplifies it,' Gu explains. 'With intelligent triage and dynamic anomaly detection, AI reduces response time and makes threat detection more proactive.' He also stresses the importance of training AI models on real-world, diverse datasets to ensure adaptability. 'The threat landscape is not static. Your AI defenses shouldn't be either,' Gu adds. At the core of any robust AI integration strategy lies data — lots of it. Hirvimies advocates for deploying machine learning models across SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms. 'These systems can correlate real-time threat intelligence, behavioral anomalies, and system events to deliver faster, more precise responses,' he says. 'Especially when it comes to detecting novel or stealthy attack patterns, machine learning makes the difference between catching a threat and becoming a headline.' Balancing Innovation with Integrity While AI can supercharge threat detection, response times, and threat simulations, it also brings with it the potential for misuse, collateral damage, and the erosion of privacy. 'Ethical AI use demands transparency, clear boundaries, and responsible data handling,' says Lozhkin.'Organisations must also ensure that employees are properly trained in the safe use of AI tools to avoid misuse or unintended exposure to threats.' He highlights Kaspersky's Automated Security Awareness Platform, which now includes dedicated sections on AI-assisted threats and responsible usage, reflecting the company's commitment to proactive education. When AI is deployed in red teaming or simulated cyberattacks, the risk matrix expands. Gu warns that AI systems, if left unchecked, can make decisions devoid of human context, potentially leading to unintended and widespread consequences. 'Ethical AI governance, robust testing environments, and clearly defined boundaries are essential,' he says, underlining the delicate balance required to simulate threats without crossing into unethical territory. Daccache emphasises the importance of a privacy-first, security-first approach. 'AI must be developed and operated with Privacy-by-Design and Secure-by-Design principles,' he explains. 'This extends to protecting the AI systems themselves — including their training data, operational logic, and outputs—from adversarial manipulation.' Daccache also points to the need for securing both AI-generated queries and outputs, especially in sensitive operations like red teaming. Without such safeguards, there's a real danger of data leakage or misuse. 'Transparency, accountability, and documentation of AI's capabilities and limitations are vital, not just to build trust, but to meet regulatory and ethical standards,' he adds. Despite AI's growing autonomy, human oversight remains non-negotiable. 'While AI can accelerate simulations and threat detection, it must be guided by skilled professionals who can interpret its actions with context and responsibility,' says Daccache. This human-AI collaboration ensures that the tools remain aligned with organisational values and ethical norms. Hirvimies rounds out the conversation with additional cautionary notes: 'Privacy violations, data misuse, bias in training datasets, and the misuse of offensive tools are pressing concerns. Transparent governance and strict ethical guidelines aren't optional, they're essential.' Balancing the Equation While AI promises speed, scale, and smarter defense mechanisms, experts caution that an over-reliance on these systems, especially when deployed without proper calibration and oversight — could expose organisations to new forms of risk. 'Absolutely, over-reliance on AI can backfire if systems are not properly calibrated or monitored,' says Lozhkin. 'Adversarial attacks where threat actors feed manipulated data to mislead AI are a growing concern. Additionally, AI can generate false positives, which can overwhelm security teams and lead to alert fatigue. To avoid this, companies should use a layered defence strategy, retrain models frequently, and maintain human oversight to validate AI-driven alerts and decisions.' This warning resonates across the cybersecurity landscape. Daccache echoes the concern, emphasising the need for transparency and control. 'Over-relying on AI, especially when treated as a black box, carries real risks. Adversaries are already targeting AI systems — from poisoning training data to crafting inputs that exploit model blind spots,' he explains. 'Without the right guardrails, AI can produce false positives or inconsistent decisions that erode trust and delay response.' Daccache stresses that AI must remain a tool that complements — not replaces—human decision-making. 'AI should be an extension of human judgement. That requires transparency, control, and context at every layer of deployment. High-quality data is essential, but so is ensuring outcomes are explainable, repeatable and operationally sound,' he says. 'Organisations should adopt AI systems that accelerate outcomes and are verifiable, auditable and secure by design.' Gu adds that blind spots in AI models can lead to serious lapses. 'AI systems are not infallible,' he says. 'Over-reliance can lead to susceptibility to adversarial inputs or overwhelming volumes of false positives that strain human analysts. To mitigate this, organizations should adopt a human-in-the-loop approach, combine AI insights with contextual human judgment, and routinely stress-test models against adversarial tactics.' Gu also warns about the evolving tactics of bad actors. 'An AI provider might block certain prompts to prevent misuse, but attackers are constantly finding clever ways to circumvent these restrictions. This makes human intervention all the more important in companies' mitigation strategies.' Governing the Double-Edged Sword As AI continues to embed itself deeper into global digital infrastructure, the question of governance looms large: will we soon see regulations or international frameworks guiding how AI is used in both cyber defense and offense? Lozhkin underscores the urgency of proactive regulation. 'Yes, there should definitely be an international framework. AI technologies offer incredible efficiency and progress, but like any innovation, they carry their fair share of risks,' he says. 'At Kaspersky, we believe new technologies should be embraced, not feared. The key is to fully understand their threats and build strong, proactive security solutions that address those risks while enabling safe and responsible innovation.' For Daccache, the focus is not just on speculative regulation, but on instilling foundational principles in AI systems from the start. 'As AI becomes more embedded in cybersecurity and digital infrastructure, questions around governance, risk, and accountability are drawing increased attention,' he explains. 'Frameworks like the GDPR already mandate technology-neutral protections, meaning what matters most is how organizations manage risk not whether AI is used.' Daccache emphasises that embedding Privacy-by-Design and Secure-by-Design into AI development is paramount. 'To support this approach, CrowdStrike offers AI Red Teaming Services, helping organisations proactively test and secure their AI systems against misuse and adversarial threats. It's one example of how we're enabling customers to adopt AI with confidence and a security-first mindset.' On the other hand, Gu highlights how AI is not only transforming defensive mechanisms but is also fuelling new forms of offensive capabilities. 'As AI becomes integral to both defence and offense in cyberspace, regulatory frameworks will be necessary to establish norms, ensure transparency, and prevent misuse. We expect to see both national guidelines and international cooperation similar to existing cybercrime treaties emerge to govern AI applications, particularly in areas involving privacy, surveillance, and offensive capabilities.' Echoing this sentiment, Hirvimies concludes by saying that developments are already underway. 'Yes. Regulations like the EU AI Act and global cyber norms are evolving to address dual-use AI,' he says. 'We can expect more international frameworks focused on responsible AI use in cyber defence, limits on offensive AI capabilities, and cross-border incident response cooperation. At QuantumGate, we've designed our products to support this shift and facilitate compliance with the country's cryptography regulations.'
