Proper Conduct of Banking Business Directive No. 461: A Banking Corporation’s Activities as a Broker-Dealer

Banking Supervision Department Policy and Regulation Division July 19, 2023 Circular Number C-06-2751 To: The Banking Corporations and Credit Card Companies Re: A Banking Corporation’s Activities as a Broker-Dealer (Proper Conduct of Banking Business Directive No. 461) Introduction

1. This Directive serves as a comprehensive regulatory framework for one of the intermediation functions of the banking corporations—receiving and transferring orders to execute securities transactions for clients, either as brokers or trading for their own account (broker-dealer activity).
2. The purpose of the Directive is to protect the clients who invest, maintain market efficiency and fairness, and reduce the banking corporations’ risks. In its broker￾dealer activity, a banking corporation is required to implement appropriate standards of corporate governance, risk management, control, and internal audits, also when the activities are performed in the dealing room, in order to identify, control, and reduce the risks of these activities according to its strategy and risk tolerance. The Directive is based on accepted international standards, including the requirements set forth in MiFID II, which came into effect in 2018, and the principles of the FX Global Code.
3. In order to promote the application of uniform principles on all the entities engaged in broker-dealer activities in Israel, the Directive was, to the extent possible, aligned with the legal memorandum of the Securities Law (Regulation of Broker Dealer Operations) 5781-2020. After the legislation is completed, we will re-examine the need for additional adjustments to the Directive.
4. The Directive imposes various duties on the banking corporations, including the obligation to define a policy on executing orders, adjusting activities for clients, the qualifications and suitability of employees engaged in these operations, a code of conduct, documentation requirements, information provided to and received from the client, and due disclosure about conflicts of interests where a risk remains after steps to mitigate it have been taken, and controls over the operations.
5. According to a decision of the Governor of the Bank of Israel, the regulation was not accompanied by the publication of a report according to the Principles of Regulation Law, 5782-2021, as significant actions were taken before the law came into effect.
6. After consulting with the Advisory Committee on Matters Related to Banking Business, and with the Governor’s approval, I determined a new Proper Conduct of Banking Business Directive No. 461 on “A Banking Corporation’s Operations as a Broker-Dealer,” as set forth below. Chapter A – General Application (Section 8 of the Directive)
7. The Directive will apply to banking corporations, auxiliary corporations, and corporations controlled by a banking corporation, as stated in Section 11(a)(3a) of the Banking (Licensing) Law, 5741-1981.

The Directive will not apply to the following activities: underwriting commitments or distribution activities, within the meaning of these terms in the Securities Law, and foreign currency spot transactions. Foreign banks will be exempt from implementing the Directive after receiving approval from the management of the parent bank that the bank is in compliance with the regulatory requirements of MiFID or the Dodd-Frank Act, and is subject to supervision in this matter by the regulator of the home country, also with respect to the foreign bank’s branch in Israel. Definition of terms (Section 9) 8. The definitions in the Directive are, in part, taken from the definitions that exist in various laws or other Proper Conduct of Banking Business Directives, for example, the definitions of “eligible client” and “professional client” are generally consistent with the client classifications in MiFID, with the exception of certain adjustments. Regarding the definitions “dealing room” and “mid-office” and “back office”, because there is no uniformity in the activities that are performed in these rooms, the definitions are based on the practices of the actions performed in these rooms in banks in Israel and the US. Main Points of the Directive Chapter B – Corporate Governance The board of directors (Section 10) 9. The board of directors is required to approve the banking corporation’s policy on its broker-dealer operations, placing emphasis on the activities in the dealing rooms and the means of control that will apply to these activities. The policy, which may be in a separate document or may be incorporated in other relevant policy documents, will include, among other things, guidelines on matters of organizational structure, risk tolerance, identification and prevention of conflicts of interest, procedures for executing trades including short sale transactions and securities lending, offsets, aggregation of buy or sell orders, appropriate resource allocation, and employee remuneration that encourages compliance and fairness. Furthermore, the policy will include the banking corporation’s decisions regarding the types of securities, the countries, and the regulated markets in which it operates. This information will be conveyed to clients when they sign agreements, and will serve as the basis for the discretion concerning best execution for the client with respect to a specific security. Senior management (Section 11) 10. The senior management is responsible for developing a policy and procedures that are approved by the board of directors, and for verifying that they are embedded in the banking corporations by determining an organizational structure, work processes, supervision, and controls, among other means, in order to verify that the operations are managed according to the determined policy. The policy and procedures that the senior management develops shall include, among other things, defining an appropriate risk management framework for the banking corporation’s broker-dealer operations, placing emphasis on controlling compliance and conduct risks; determining a hierarchy of authority to approve transactions, and

treatment of conflicts of interest from the stage in which a conflict is identified to the stage in which arrangements to reduce it are defined; determining targets for employees engaged in the banking corporation’s operations as a dealer in line with the corporation’s risk appetite and in a manner that ensures that the employees do not engage in excessive risk taking. Risk management (Section 12) 11. The second line of defense, including the risk management and compliance functions, will monitor and control the banking corporation’s broker-dealer operations, and especially the operations in the dealing rooms, placing emphasis on incidents in which authority or credit facilities are exceeded, operations involving non-approved products, and the effectiveness of the controls and control factors in the first line of defense. Furthermore, banking corporations must adopt tools for identifying risks that stem from fraud and embezzlement and unethical conduct as an integral part of the risk management framework. Internal audits (Section 13) 12. As part of the internal audit’s examination of the banking corporation’s broker-dealer operations (third line of defense), special emphasis will be placed on a review of the operations in the dealing rooms in terms of the efficiency and reliability of the reporting system, unusual operational events, complaints from parties in and outside the banking corporation regarding improper conduct in trading activities, and the existence of a requirement to define a minimum uninterrupted absence for dealers, including a prohibition on the dealer’s access to the trading systems during their absence and the appointment of another employee to perform their duties in their absence. An audit of the banking corporation’s broker-dealer operations will be performed at least once every four years. Chapter C: Professional qualifications and conflicts of interest Qualifications and suitability of directors and employees (Section 14) 13. A banking corporation must verify that each employee who performs broker-dealer operations (including dealers in the dealing room and employees of the control and support functions) meets the qualifications and suitability requirements for their position, and their qualifications and suitability must be maintained through ongoing training for the relevant employees that covers aspects of organizational culture, professional conduct, and prevention of fraud and embezzlement, among other topics. The board and the senior management must have suitable professional understanding that is appropriate for their position in order to be able to challenge the trading and settlement operations effectively. Prohibition on delegating authority 14. The banking corporation’s responsibility to its clients will not be adversely affected with respect to any operations or transaction if the banking corporation uses broker￾dealer services rendered by anyone who is not an employee of the banking corporation for its clients. Conflicts of interest (Section 16) 15. Procedures on preventing conflicts of interest will include identification of the circumstances in which a conflict of interest arises in the course of the operations between the banking corporation and its clients or between one client and another (for example, preference or discrimination), including situations that may be caused as a

result of incentives granted by a party related to the operations or may be caused by the remuneration policy of the banking corporation itself. The banking corporation will take steps to reduce conflicts of interest and in cases in which this is not reasonably possible, will inform the clients. Code of conduct (Section 17) 16. A banking corporation that operates as a broker-dealer shall act honestly, fairly, and professionally in the interests of its clients. Within this, the banking corporation will develop and implement a specific code of conduct for broker-dealer operations that will also address the unique aspects of trading activities, including in dealing rooms. All information that is conveyed to clients within these operations will be fair, clear, and not misleading. It was also determined that no benefits will be accepted, either directly or indirectly, in connection with a service granted to a client by a party related to the operations or by a third party, unless expressly permitted by law. Chapter D: Operations appropriate for the client Aligning operations with client profile (Section 18) 17. The client's knowledge and experience in securities trading is a critical component of the operations. Therefore, before initiating the client's activities, the banking corporation is required to assess this information and to warn the client if they request to execute an order in securities that the banking corporation believes does not match the client's knowledge and experience. The extent of the examination and assessment will be determined according to the nature and complexity of the securities in which the client wishes to trade. For a banking corporation that operates as broker for a client, it is sufficient to assess the suitability of a transaction only with respect to complex financial instruments, as this term is defined in the Directive. In order to facilitate implementation of the Directive by the banking corporation, it was determined that a banking corporation may define a standard warning for all clients who trade in complex financial instruments as well as in securities that require expertise, according to a determination by the banking corporation. The banking corporation may subsequently consider removing the warning from eligible clients or professional clients, as relevant. The banking corporation will document the details of the process of determine whether operations appropriate for the client, if such adjustment was performed, and the warnings and notices that were conveyed to the client on this matter. Conveying information and agreements with the client (Sections 19–20) 18. Before signing an agreement to execute securities transactions in and outside a regulated market, a banking corporation is required to give its clients comprehensive information in writing on the issues listed in the Directive, so that the clients are able to understand the nature and the risks inherent in such operations, the parties’ obligations including restrictions on the operations, and the banking corporation must also note if it did not perform an adjustment of the operations with the client. The information will be in a standard formulation and format, and will be given to every client who wishes to carry out securities trades. Furthermore, the banking corporation will inform an eligible client that is not a financial entity that it may benefit from the protection that the Directive offers. An eligible client that exercises this option will be classified as a professional client.

19. A banking corporation whose execution policy permits the execution of client orders outside a regulated market will notify the client of this and obtain the client's express consent before executing orders outside a regulated market for the client. The requirement that was incorporated in this Chapter complements the requirement in Section 28(b) of the Directive on best execution, and replaces the requirement that was stricken from Section 29 of the Directive regarding client operations against the banking corporation’s own account. Chapter E: Executing transactions General (Sections 21–26)
20. A banking corporation will define procedures on various matters including the business hours, the authority to execute orders outside the physical premises of the banking corporation, transactions that the dealer may initiate, and cases in which transactions may be executed by manual processes. The trading activities will be backed by the appropriate agreements. Receiving orders from a client (Section 27)
21. A banking corporation will determine procedures for the fair and rapid execution of clients' orders, including procedures with respect to orders of other clients or transactions for the banking corporation itself, for each type of securities, regulated market, and trading method used. These procedures will address, among other issues, documentation of information relevant to execution orders, the order in which they were received, and the order in which they were transferred to the trading system. The requirements of Section 27 will apply to OTC trades if they are relevant or can be implemented with respect to such trades. Best execution of client trades (Section 28)
22. A banking corporation is required to use all reasonable means to obtain the most favorable transaction for a client, considering the features of the transaction including size, price, costs, speed of execution, likelihood of execution and settlement in the potential regulated markets or outside the regulated markets in which the banking corporation operates, as the banking corporation disclosed to the client according to Section 19(b) of the Directive, unless the client gave a specific order regarding the execution of the order stated in Section 19(b). Best execution is also required in the banking corporation’s operations for its clients involving foreign securities, which are executed through external brokers, unless these brokers follow a policy that makes this provision non-executable. In such cases, the client must be informed. In this context, it should be noted that the banking corporation has discretion in determining a clear policy on the geographic distribution of the regulated markets in which it operates. To implement this guideline, when planning its execution policy, the banking corporation is required to define execution processes that continuously ensure that reasonable steps are being taken to obtain the most favorable transaction for its clients. The banking corporation may be unable to obtain the most favorable transaction for each and every client order, but it is required to carry out ongoing controls to verify that the execution procedure is oriented to best execution, and if necessary, the banking corporation must revise its execution policy and inform the client of the same. Best execution with respect to OTC products implies that the banking corporations must check the fairness of the price and the transaction offered to the client.

Restrictions on transactions with clients against the bank’s own account (Section 29) 23. A banking corporation will not execute transaction in tradeable securities between its own (nostro) account and the client's account outside a stock exchange or outside a regulated market, except in the cases listed in the Directive. The definition of the securities that may be involved in such transactions was expanded in view of accumulated experience and in order to align the provisions of this Section with the provisions of the Fourth Schedule–A of the Securities Law. Execution of a transactions through a third party (Section 30) 24. The corporation will define procedures that govern the selection of external brokers and the clients' operations vis-à-vis external brokers in or outside Israel, or outside a regulated market of marketable securities, including the required agreements between the corporation and the client and between the corporation and the broker. The corporation will receive reports of the results of the activities of the external brokers that operate on its behalf, and will define control arrangements to review the executed transactions, including in terms of their fairness. Transactions for eligible clients (Section 31) 25. A banking corporation is exempt from the requirement to implement several sections of the Directive with respect to eligible clients, because it is presumed that these clients are considered to have extensive knowledge and expertise in the field and have no need for the protections in the Directive, compared to retail clients who are not knowledgeable in all areas of securities investments. Automatic trading systems (algo-trading) (Sections 32–33) 26. A banking corporation that gives its clients direct electronic access to a regulated market will verify that its clients operate in the regulated market within pre-defined restrictions, and that effective controls are implemented on these operations. Similarly, if a banking corporation functions as a general clearing member for other parties, it is required to define conditions, requirements, and effective controls to mitigate its risks or risks that might be caused to trading as a result of such operations. Chapter F: Information systems (Section 34–40) 27. A banking corporation will embed appropriate trading-related information systems and ensure a high degree of protection (e.g., protection of confidential information) in the activities related to dealing rooms, and ensure that access permissions to the systems and modifications to the permissions are issued to and made exclusively by authorized parties. Increased controls will be implemented to trading systems that the banking corporation defined as critical. Chapter G: Reporting and documentation of transactions (Section 41) Reporting to clients after executing a transaction (Section 41) 28. A banking corporation is required to give a client relevant information regarding the execution of transactions, as described in the Directive. To a banking corporation connected to its information systems through digital means, the bank will give information regarding the execution of a transaction shortly after the banking corporation receives the transaction execution details; and to a client who is not connected to the banking corporation’s systems by digital means — a written notice that

includes the transaction execution details will be sent to the client within ten days of the transaction execution date. At least once a year, a banking corporation will send the client a periodic report of all the transactions executed for them. If other Directives contain such reporting requirements (e.g., in the Banking ID Directive), this Directive does not require an additional report to be made. Internal reporting (Sections 42–45) 29. A banking corporation will verify that its internal reports to the board of directors, senior management, and the control and risk management functions are of a high standard, are consistent, are independent of the party who executes the transaction, and are suitable for their needs and uses. As part of its overall risk management, the internal reports will include information on any discrepancies discovered between profitability data in various reports, appropriate warnings and alerts when suspicious actions are discovered or when material events occur, and any unusual transactions, errors, cancellations, corrections, late trades, and off-market rates. Documentation and document retention (Section 46) 30. A banking corporation is required to record in a document each transaction-related action in its broker-dealer operations for its client, from each medium communication approved for use by the corporation, shortly after its occurrence, to enable its complete and precise reconstruction. Documentation of each transaction-related document will be retained for a period of at least seven years from the date the banking corporation received the document, or from the transaction execution date, the later of the two dates. The corporation will define rules to protect the documents, including protection against human and natural damage, and rules concerning access to the documents and extraction of their contents if necessary. Document retention must be in such manner that also allows the documents to be read and used in the future, including when documents are digital files. Chapter H: Controls Controls on operations and unusual activities (Sections 47–56) 31. A banking corporation is required to develop automated monitoring and control tools to identify suspicious activity, fraud, and embezzlement, including trading deviations, deviations from credit facilities, matched trades, etc. Furthermore, the banking corporation is required to examine and analyze potential sources of fraud and embezzlement and unethical conduct, and determine steps to prevent them, also taking into consideration the potential for trading manipulations, for example by using scenarios, defining deviations in clients' operations, client accounts, and dealers’ activities, tracking new accounts and their activities, and examining events that occurred in corresponding entities in and outside Israel. Chapter I: Application and transition provision Application and transition provision (Section 57) 32. Banking corporations will make preparations to classify their clients and adjust the securities with their operations, and within this will inform all the existing eligible clients that are not financial entities that they have the option of receiving one or more of the protections that this Directive offers, until the commencement date of the

Directive, whose commencement was determined to be 18 months from its publication date. Revocation of Directives (Sections 58–59) 33. When this Directive comes into effect, Proper Conduct of Banking Business Directive No. 461 “A Banking Corporation’s Dealings in Securities on Its Customers’ Account” and Proper Conduct of Banking Business Directive No. 419 “Document Retention” will be revoked. Revisions to the file 34. Attached are the revision sheets to the Proper Conduct of Banking Business Directive file. Following are the revision orders: Remove page Insert page --- ]1[ 461-1-18 (07/23) Respectfully, Daniel Hahiashvili Supervisor of Banks