AWS Complies with Israel’s Complex Financial Regulations to Support Cloud Adoption by Local Institutions

AWS continues its dedication to assisting financial institutions in Israel in complying with complex regulatory requirements while leveraging advanced cloud technologies and robust security measures. This article sheds light on the intricacies of Israeli financial regulations and how AWS supports its customers’ compliance efforts.

Israeli Financial Regulators: A Complex Web

Financial services in Israel are overseen by several regulatory bodies, each governing distinct aspects of the industry:

• The Bank of Israel (BoI): Regulates banking activities and payment and clearing systems.
• The Capital Market, Insurance and Savings Authority (CMISA): Oversees the insurance, pension and provident funds markets, focusing on stability and competitiveness.
• The Israel Securities Authority (ISA): Supervises public companies listed on the Israeli Stock Exchange and regulates mutual funds to safeguard investments.
• The Privacy Protection Authority: Manages data protection, and the Israel National Cyber Directorate (INCD): Handles civilian cyber defense.

Regulations for Financial Institutions Using AWS

Bank of Israel (BoI) Regulations

BoI’s guidelines specifically for banking corporations include Directives No. 357, 359A, 361, 362, 363, and 355. These directives relate to IT management, outsourcing, cyber defense, cloud computing, supply chain cyber risk management, and business continuity management. Institutions must assess cloud providers’ risk management frameworks, including AWS, before engaging and periodically afterward.

Capital Market, Insurance and Savings Authority (CMISA) Regulations

For pension fund managers and insurance companies regulated by CMISA, compliance with cybersecurity regulations is crucial. The following resources should be considered:

• CMISA Circular on Cyber Risk Management and outsource management
• INCD’s Cyber Defense Methodology for Organizations paper

Cloud Adoption Permissible with Regulatory Compliance

Financial institutions in Israel are permitted to use cloud services if they comply with relevant legal and regulatory requirements. The ISA has issued guidance on required cyber risk disclosures, and regulations are rapidly evolving, with AWS working to help customers remain responsive.

Key Considerations for Israeli Financial Institutions using AWS

1. Evaluate AWS services and responsibilities in accordance with regulations. Assess AWS services’ alignment with directives and regulations to ensure full compliance.
2. Ensure a proper operational risk management framework based on BoI guidelines. Implement a robust risk management strategy that adheres to BoI’s IT management, outsourcing, cyber defense, cloud computing, and business continuity management requirements.
3. Review the Privacy Protection Law, Privacy Protection Regulations, and Guidelines No. 2/2011. This applies when processing personal data.
4. Consider storing data in the new Israel (Tel Aviv) Region. This can help reduce latency and data processing requirements.

AWS Resources for Israeli Financial Institutions

AWS provides several resources for financial institutions looking to make informed decisions about regulatory compliance and AWS services:

1. AWS Operational Resilience in Financial Services Guide
2. AWS Policy Perspective: Data Residency
3. AWS Logical Separation Handbook
4. Financial Services Lens - AWS Well Architected Framework

By following these guidelines and utilizing AWS resources, financial institutions in Israel can take the necessary steps to confidently navigate the regulatory landscape and enjoy the benefits of AWS’s advanced cloud solutions.

For inquiries about regulatory compliance or AWS services, please contact your account representatives or AWS support.