Financial Institutions in Israel Face Complex Regulatory Landscape

Navigating the Complexity of Regulations in Cloud Computing

Financial institutions operating in Israel are subject to a multitude of regulatory requirements that can be challenging to navigate. As cloud computing continues to grow in popularity, it is essential for financial institutions to understand the regulations that apply to their use of cloud services.

Regulatory Bodies in Israel

• The Bank of Israel (BoI) regulates banking activity and payment systems
• The Capital Market, Insurance and Savings Authority (CMISA) oversees insurance companies, pension funds, and provident funds
• The Israel Securities Authority (ISA) regulates public companies listed on the Israeli Stock Exchange and mutual funds
• The Privacy Protection Authority regulates data protection and security
• The Israel National Cyber Directorate (INCD) is responsible for all aspects of civilian cyber defense

Compliance Requirements for Cloud Services

Financial institutions using cloud services must comply with various regulations, including those related to outsourcing arrangements. To ensure compliance, firms should:

• Develop an operational risk management framework that is fully integrated into its overall management processes
• Perform a risk assessment before engaging a provider
• Periodically review the arrangement
• Review relevant directives, such as Proper Conduct of Banking Business Directives No. 357-363 (for BoI-regulated firms)

Data Transfer Regulations

Data Transfer Regulations prohibit the onward transfer of personal data by the original foreign recipient. Customers in Israel can transfer data into and out of AWS Regions throughout the European Economic Area (EEA) and Israel. The EEA includes the European Union (EU), and customers processing or planning to process the personal data of subjects in the EEA should visit AWS’ General Data Protection Regulation (GDPR) Center.

Steps for Compliance

To better understand their compliance needs, financial institutions can take the following steps:

• Develop an operational risk management framework
• Perform a risk assessment
• Review the AWS Shared Responsibility Model
• Map AWS responsibilities and customer responsibilities according to each service used
• Use AWS Artifact to access audit reports and conduct their assessment of control responsibilities

New Options for Data Storage in 2023

The launch of the Israel (Tel Aviv) Region in the first half of 2023 will provide financial institutions with more options for storing data that must meet low latency or residency requirements. Additional resources, such as:

• AWS Operational Resilience in Financial Services Guide
• AWS Policy Perspective: Data Residency

are available to help customers navigate their compliance needs.

Contact Information

For more information on how AWS services can enable financial institutions to meet their security and compliance needs, please contact your account representative or [AWS Contact Information].