Why a spreadsheet calendar is not sufficient — and what "automatic tracking" actually means
Most compliance teams maintain a regulatory calendar in a spreadsheet — a list of obligations with due dates, responsibility assignments, and a status column. This spreadsheet has three structural weaknesses. First, it does not update itself when regulatory deadlines change — an CBUAE / SAMA circular that modifies a filing frequency or moves a submission window requires someone to manually update the calendar, and this update may be delayed or missed. Second, it does not confirm completion — an obligation marked "done" in a spreadsheet has not verified that the submission was actually received by the regulatory authority. Third, it does not escalate — if a responsible officer is on leave or has missed the obligation, the spreadsheet does not notify anyone. It simply records the miss retroactively.
The Compliance Calendar Agent AI addresses all three: it monitors regulatory publications for deadline changes and updates the calendar automatically; it tracks submission confirmation where available (portal acknowledgements, email receipts); and it escalates unconfirmed obligations 5 days before deadline and again 48 hours before, routing to the backup responsible officer if the primary has not confirmed action. The compliance team's job is to complete the submissions, not to track whether they have been completed.
The November 2025 compliance calendar: 10 monthly obligations
Each of the 10 obligations — what they require and what happens when they are missed
Central Registry of Securitisation Asset Reconstruction and Security Interest of the GCC — monthly fee for security interest registrations
finance companies must meet CBUAE / SAMA periodic return filing deadlines made in the prior month. Failure triggers suspension of regulatory filing portal access — the institution cannot file or search security interests, which blocks all new loan disbursements against property until the fee is cleared. Practical consequence of a miss: disbursement freeze.
Notification to enforcement court and CBUAE / SAMA of mortgage / security enforcement law proceedings initiated in the prior month
Any mortgage / security enforcement law notice issued in the prior month must be logged and the enforcement court notified within prescribed timelines. Failure to notify can invalidate the mortgage / security enforcement law proceeding — the institution's enforcement action against the security is legally compromised if the notification is untimely. The Compliance Calendar AI cross-checks with the Collections team's mortgage / security enforcement law log before the 7th.
Monthly VAT outward and input credit filing for the institution's taxable financial services revenue
finance companies pay VAT on processing fees, penal interest, and non-exempt financial services. Late GSTR-1 triggers a late fee of AED50 per day of delay. Late GSTR-3B carries interest at 18% per annum on the tax liability plus AED50 per day. Input tax credit for the month cannot be claimed until the return is filed, creating a cash flow impact for institutions with significant input VAT.
Monthly credit information submission to TransUnion Al Etihad Credit Bureau (AECB) for all active loan accounts — required under CBUAE / SAMA credit information reporting guidelines
All credit institutions must report monthly account-level data (account status, outstanding, DPD, limit, instalment) to credit bureaus. Late or incorrect submission attracts penalties under the Credit Information Companies (Regulation) Act and can result in the institution being unable to access credit bureau data — a significant operational problem for credit assessment. The Compliance Calendar AI alerts the data team 5 days in advance with a pre-populated data validation checklist.
Tax Deducted at Source on interest payments above AED5,000 per annum remitted to the Income Tax Department
finance companies deduct withholding tax at 10% on interest income paid to fixed deposit holders and lenders above the threshold. Late remittance attracts interest at 1.5% per month and disallows the institution from claiming the deduction — the tax liability becomes the institution's own. Late quarterly withholding tax return (Form 26Q) additionally attracts AED200 per day in default fees.
Monthly statistical and prudential data submission to CBUAE / SAMA's Department of Non-Banking Supervision — capital adequacy, asset classification, exposure data
The DNBS-01 and DNBS-02 returns cover capital adequacy ratios, asset quality, off-balance-sheet exposures, and liquidity data. Late filing attracts compounding penalties under Section 58-B of the CBUAE / SAMA Act, and habitual late filers are flagged in examination reports. The Compliance Calendar AI begins data aggregation 7 days before the deadline, requesting inputs from Finance and Credit teams with specific field-by-field checklists.
Publicly visible interest rate schedule on the institution's website, updated to reflect any rate changes in the prior month — required under CBUAE / SAMA Fair Practices Code
The Fair Practices Code requires that lending institutions maintain a current, publicly accessible statement of their interest rate ranges by product. If rates changed in the prior month, the published schedule must be updated before the 21st. The Compliance Calendar AI checks whether any rate changes were logged in the CBS in the prior month and, if yes, flags the Marketing team to update the website schedule.
Monthly sign-off by MD certifying Fair Practices Code adherence — required for finance company-ND-SI and finance company-ND-NSI with assets above AED500 million
The MD's monthly FPC certification is an internal governance requirement for medium and large finance companies under the CBUAE / SAMA's enhanced oversight framework. The certification covers KFS compliance, collections conduct, interest rate transparency, and complaint resolution. The Compliance Calendar AI aggregates the FPC adherence data from the grievance system, collections monitoring, and KFS audit logs into a pre-populated certification report for the MD's review and sign-off.
Month-end NPL classification, central bank loan classification norms provisioning calculation, and provisioning entries in the institution's books — required under CBUAE / SAMA's Income Recognition and Asset Classification norms
The institution must classify all loan accounts into standard, special mention (SMA-0, SMA-1, SMA-2), sub-standard, doubtful, or loss categories as of the last day of each month and make the required provision entries. Late or incorrect provisioning is a material finding in CBUAE / SAMA examinations. The Compliance Calendar AI triggers the classification run 3 days before month-end and alerts the Provisioning Agent AI to prepare the central bank loan classification norms output for Finance.
Monthly update of the staff training register — completion rates by training module, branch, and department — required for regulatory examination and for internal governance
CBUAE / SAMA examination teams review whether staff training on FPC, KYC / CDD/AML, digital lending guidelines, and collections conduct is current and adequately completed across the organisation. Late or incomplete training logs are a supervisory observation. The Compliance Calendar AI integrates with the HR training system to pull completion data automatically, identifies staff or branches below the 90% completion threshold, and flags for remediation before the 30th.
10 monthly deadlines, 4 quarterly deadlines, and 4 annual deadlines produce 18 compliance events per month on average — and every one of them is someone's responsibility until the Compliance Calendar AI makes it everyone's awareness
An average finance company compliance team of 3 to 5 people manages 18 compliance events per month, simultaneously with circular monitoring, examination preparation, policy maintenance, and staff query resolution. In that environment, a deadline missed is not a sign of incompetence — it is a sign that the team is managing too many deadlines manually for any manual system to catch all of them without failure. The Compliance Calendar Agent AI does not make the compliance team more careful. It makes missing a deadline structurally more difficult than meeting it, by ensuring that no deadline approaches without multiple alerts, pre-populated data, and a confirmed escalation path if the primary responsible officer is unavailable. The institution that never misses a regulatory deadline is not necessarily the one with the best compliance team — it is the one with the best compliance infrastructure.