Ori Rodriguez

For financial service providers in Israel, including of non-bank credit and financial asset services, 2022 was the year of regulatory creation. Regulatory authorities published a number of circulars and directives that companies engaging in the field must implement.

In contrast, the payment services sector remains unregulated and awaits the new year. This is despite the significant regulatory developments this market was expecting.

This article summarizes the substantive regulation in these sectors and discusses additional challenges the Israeli regulatory authorities still have to address.

Control of Financial Services (Regulated Financial Services)

There were several developments in this regard in 2022:

Licensing exemption regulations

Licensing exemption regulations came into effect in September. Since the new regulations contain several changes, we recommend that companies already operating by virtue of the exemptions included in the temporary order verify that no changes have been made that could affect their ability to rely on the exemption. [Read the full update here.]

Supervisor of Financial Services’ directives

2022 was characterized by intensive regulations imposed by the Capital Market, Insurance and Savings Authority (CMISA). The CMISA published a series of circulars emphasizing aspects of corporate governance in financial service providers. These circulars require the directors of such companies to consider various aspects of the company’s activities, to formulate policies, and to allocate budgets for their implementation. The circulars also obligate companies to appoint appropriate officers to be responsible for various topics. In addition, they stipulate a series of specific requirements that constitute a minimum threshold financial service providers must meet. Most importantly, the circulars obligate companies to prepare in advance. Therefore, it is imperative that financial service providers examine their mode of implementation of these directives.

The main circulars published in 2022:

• Cyber risk management in financial service providers. This circular specifies the manner by which financial service providers must manage cyber risks in the company. [Read the full update here.]
  
  
• Risk management. This circular defines obligatory risk management processes in financial service providers. The circular addresses a variety of business and operational risks, including outsourcing risks, risks of embezzlement and fraud, changes in the regulatory environment, compliance risks, and more. [Read the full update here.]

The CMISA also addressed consumer aspects of financial service providers’ activities. It published two circulars on the subject in November. They focus on the handling of public complaints received by financial service providers and on procedures for investigating complaints received by the authority.

In addition to the general circulars, the CMISA also published a circular specifically for licensed credit providers, defining reporting requirements for their credit portfolios. These directives require credit providers to prepare operationally to file these reports.

Finally, the CMISA published two draft circulars addressing the obligations it wishes to impose on financial service providers whose activities include protecting their clients’ financial assets. The first draft circular is on financial asset protection. The second is on additional equity required from licensed financial asset service providers. The extensive obligations in these circulars will require financial service providers to assume responsibility for all links in the transaction execution chain and will limit the possibility of limiting or evading liability for failures in the various links in the transaction chain. [Read the full update here.]

ISA Supervisory Regime for Public Companies Operating in Non-Bank Credit Sector

Irregularities discovered in several public companies operating in the non-bank credit sector during 2022 intensified the need to inform the investing public about the risks posed by companies engaging in non-bank credit. In July, the Israel Securities Authority (ISA) published a staff position regarding the disclosures required from reporting companies engaging in the non-bank credit sector on the subject of risks and risk management methodologies. The position paper specifies the risks and the disclosures required, including compliance risks, compliance with statutory provisions, and risks of embezzlement and fraud. The position paper also stipulates the disclosures required from reporting companies about their risk management policies.

Open Banking –Financial Information Service Law

The Financial Information Service Law came into effect in June 2022. This law defines the ISA as the supervisory body responsible for implementing the provisions of the law and as the authority that regulates obligatory licensing of entities seeking to provide financial information. This law also regulates the obligations to be imposed on information sources regarding their activities as information sources, their obligation to transfer financial information to financial information service providers subject to customers’ consent, and the obligations imposed on financial information service providers when collecting and using financial information.

Considering all of the regulatory authorities involved, the law also prescribes a provision regarding cooperation and uniformity among regulatory authorities.
The law defines a number of types of financial information that information sources must enable service providers to access:

1. Payment accounts (current account balances and transactions for both NIS and foreign currencies).
2. Payment cards.
3. Credit (credit balances, interest rates and fees).
4. Savings.
5. Securities.

Payment Services

Payment services have still not been regulated under the Control of Financial Services Law. Moreover, directives regarding the licensing of entities engaging in payment services have not yet been issued. In 2022, two memoranda of law were published to regulate this sector. The first is a memorandum of law on engagement in payment services. It aims to regulate the supervisory regime over payment service providers, including licensing requirements. The second is the Payment Services Law memorandum, which subjects two additional payment services to the provisions of the Payment Services Law.

This is the main financial sector that will require the government’s attention. The enactment of this legislation will complete the regulatory process that began with the enactment of the Control of Financial Services (Regulated Financial Services) Law in 2016. The regulation of payment services will complete the regulation of all financial services currently offered in the Israeli market and will give existing and future players regulatory certainty.

In light of this delay and for the interim, the exemption regulations have opened the door to international payment services providers licenses in the EU, UK or US to offer their services in Israel, while being exempt from Israeli license requirements.

What to Expect in 2023

In addition to the regulatory provisions expected to come into effect, additional processes will affect financial service providers’ activities. For example, the new government and Knesset are expected to promote a series of laws focusing on regulating payment services.

The new Finance Minister will need to appoint a new CMISA commissioner, (currently headed by an acting commissioner). He is also expected to appoint a new head to the ISA. These are two key regulators of financial services, and these appointments can be expected to affect regulatory priorities.

In addition, in 2023, the regulatory authority established by the Fundamentals of Regulation Law will begin operating. The regulatory authority is intended to be a professional and independent authority in the Prime Minister’s Office, which has been delegated many powers over regulations in Israel.

Recommendations for Operative Measures in Preparation for 2023

We recommend that all companies in the Israeli financial services market engage seriously with compliance issues. They should devote time to studying the regulatory directives and how their implementation will affect their operations.

By building compliance infrastructure, companies will equip themselves with a tool to help them assess not only the directives already the regulator has already issued but also the new directives to come. Furthermore, compliance infrastructure is an essential tool for contending with audits by regulatory authorities or with more complex legal issues.

Please note that, in addition to the supervisory activities carried out by the ISA in relation to public companies that are credit service providers, we expect the CMISA to also begin more robust supervisory activities in 2023. This includes verifying that companies are implementing the various circulars already in effect.

***

Adv. Anat Even-Chen is a partner in Barnea Jaffa Lande, and leads the firm's Regulation practice.