Management of Anti-Money Laundering and Countering Financing of Terrorism Risks

Banking Supervision Department Jerusalem, June 11, 2023 Circular No. C-06-2748 Attn: The Banking Corporations and Acquirers Re: Management of Anti-Money Laundering and Countering Financing of Terrorism Risks (Proper Conduct of Banking Business Directive No. 411) Introduction

1. This update incorporates new guidelines intended to rectify several gaps found in the report of the examination carried out by the Financial Action Task Force (FATF) and that have not yet been amended as part of Proper Conduct of Banking Business Directive no. 411 (“the Directive”). This is pursuant to the update on the issue published in October 2021.
2. In October 2021, the Banking Supervision Department published an update to the Directive (Appendix B.2), which included, among other things, an arrangement established by the Supervisor of Banks in accordance with Section 7a of the Order, in regard to the providing of payment services by a banking corporation for a service recipient (“the Arrangement”). Due to enquiries received, and after assessing the AML risks inherent in providing payment services, it was decided to amend the Arrangement, so that it will be possible to allow the use of means of payment issued by financial institutions holding a license by power of the Control of Regulated Financial Services (Regulated Financial Services) Law, 5776-2016, to which an AML Order applies, within the framework of the Arrangement.
3. The war between Russia and Ukraine has led to a broad wave of immigration of new immigrants requesting to switch the center of their lives to Israel. The banking system in Israel has a significant function in new immigrants’ absorption process in all that is related to providing access to financial services. Among other things this is as part of the shifting of the center of their lives to Israel. Due to enquiries we received, which indicate that the 30-day period needs to be extended due to the length of time required to issue an ID card, a leniency was established that enables customers to open a bank account using an Immigrant Certificate up to 90 days from the date it is issued. This is a temporary provision that will expire on December 31, 2023.
4. The Arrangement was not accompanied by the publication of a report under the Principles of Regulation Law, 5782-2021, in view of the notable activities that

were carried out before the Law went into effect, in accordance with the Governor’s decision. In terms of adding Appendix B.5, the regulation was not accompanied by the publication of a report under the Principles of Regulation Law, 5782-2021, in view of the exemption in Section 34(c)(2). 5. In light of the above, and after consulting with the Advisory Committee on Banking Business Affairs, and with the approval of the Governor, I have amended this Directive. The main updates 6. Section 46 (Customer Identification) Section b: After the words banking corporation that receives an electronic transfer that originates from abroad, shall come “at an amount exceeding NIS 5,000”. In addition, the words “except in cases in which the amount transferred does not exceed NIS 5,000 and no concern of ML/FT was raised by it” shall be deleted. Explanatory notes: The FATF’s international standard establishes that a financial institution receiving an international transfer originating outside of Israel is only required to authenticate the identifying details of the person carrying out the activity, including one who is not listed as an account holder or authorized signatory at the financial institution, in cases where the transfer amount exceed €1,000. Therefore, the Banking Supervision Department’s Directives were adjusted to the international standards, and the requirement to authenticate identifying details when receiving an international transfer was reduced to only cases in which the transfer amount exceeds NIS 5,000. 7. Section 46 (Identifying Customers) after Section (b) shall come: “(c) A banking corporation that receives an instruction to carry out an electronic transfer to abroad, shall authenticate the identifying details of the service recipient to the extent that these were not authenticated by it in the past except in cases where the amount of the transfer does not exceed NIS 5,000 and does not raise suspicion of money laundering or terrorism financing.” Explanatory notes: The FATF’s international standard establishes that a financial institution executing an international transfer at an amount exceeding €1,000 is required to authenticate the identifying details of the person carrying out the activity including one who is not listed as an account holder or authorized signatory at the financial institution, as well as in cases in which the transfer amount does not exceed €1,000 but suspicion arose regarding money laundering or terrorism financing. Therefore, an instruction was added according to which a banking corporation must authenticate the identifying details of the service recipient when executing electronic transfers to abroad at an amount exceeding NIS 5,000. The recipient of the service, as defined in the Order, also includes one who is carrying out at the banking corporation an activity that is not listed in the account or one who carries out at the banking corporation an activity that is not listed in the account, where the person carrying out the activity is listed as an account owner

or authorized signatory. This requirement shall not apply in cases in which the banking corporation authenticated the identification details of the service recipient in the past. 8. Section 46 (Identifying customers) after Section (c) shall come: “(d) An intermediating banking corporation (correspondent) that receives an electronic transfer originating from abroad, where the destination is another banking corporation on behalf of its customer, shall keep the transfer document for a period of at least 7 years, if it was unable, for technical reasons, to transfer the transfer documentation to the other banking corporation.” Explanatory notes: The FATF’s international standard establishes that when there are technical limitations preventing the transfer of information on the transfer initiator or the beneficiary, that was received within the framework of an international transfer, from a local intermediating bank (correspondent) to another local bank, the correspondent bank is to keep the said information. Therefore, an instruction was added, according to which in cases of technical limitations that originate, among other things, in technological systems, where the correspondent banking corporation that receives the international transfer that originates from outside of Israel, cannot send the transfer documentation to the other banking corporation to whom the transfer is designated, the correspondent bank is to keep the transfer documents for a period of at least 7 years from the date the transfer is executed. 9. Appendix B.2 (the Arrangement): a. Section 2: Instead of the words “it is” in the parentheses shall come “the means of payment is”. b. Section 4(b): Between the words “and vis-à-vis the banking corporation that issued the means of payment” shall be added “or vis-à-vis a financial institution”; in addition, the words “as relevant” shall be erased. c. Section 6.1: After the words “issued by a banking corporation in Israel” shall come “or by a financial institution”. d. A definition of “financial institution” was added: “An entity that holds a license to provide financial services, according to the Control of Financial Services (Regulated Financial Services) Law, 5776-2016, and that as a license holder, its activity is subject to a valid Order, under the Prohibition on Money Laundering Law, 5760-2000 and in accordance with the Combatting Terror Law, 5776-2016. Explanatory notes: The identification arrangement that the Supervisor of Banks established in accordance with Section 7a of the Order was expanded so that it would allow the use of means of payment issued by a financial institution that is not a banking corporation, and therefore, the definition of financial institution was added. It was clarified that the in accordance with the Arrangement, a banking corporation is obligated to record in any case the details of the payment account and that the obligation for recording means of payment issued by a banking corporation or by a financial

institution, in any case shall in only apply in a case in which use was made of the means of payment when providing the payment service. 10. Appendix B.5 (Temporary provision—the Arrangement established by the Supervisor of Banks in accordance with Section 7a of the Order) shall be added: “By power of my authority according to Section 7a of the Order, I establish that regarding Section 3(a)(1) of the Order, an Immigrant Certificate up to 90 days from its issuance shall be considered as an ID card. This is until December 31, 2023.” Explanatory notes: Currently, Section 3(a)(1) of the Prohibition on Money Laundering (The Banking Corporations’ Requirements regarding Identification, Reporting, and Record-Keeping for the Prevention of Money Laundering and the Financing of Terrorism) Order, 5761– 2001, allows the authentication of identifying details of the service recipient via an Immigrant Certificate, up to 30 days from the day it is issued, in lieu of authentication via an ID card. Enquiries were received at the Banking Supervision Department that indicate that in view of the current wave of immigration, the 30-day period needs to be extended due to the length of time required to issue an ID card. After examining the enquiries and with the goal of making things easier for the new immigrants when opening an account with a banking corporation for an individual resident of Israel, it was decided to establish that regarding authentication of the identifying details, an Immigrant Certificate for up to 90 days from the date it was issued can be viewed as an ID card. This is until December 31, 2023. Appendix B.5 of the Directive shall be added, establishing a leniency that customers will able to open an account at a banking corporation using an Immigrant Certificate for up to 90 days from the date it is issued, as a temporary directive that will expire on December 31, 2023. Effective date 11. The amendments to this Directive shall go into effect as follows: a. Regarding 46(b), 46(c), 46(d), and Appendix B.2, within 2 months of the publication date of this Directive; b. Regarding Appendix B.5, on the date this Circular is published. File update 12. Following are the updates to the Proper Conduct of Banking Business file: Remove pages Insert pages (12/22) [23] 411-1-38 (06/23) [24] 411-1-41 Respectfully, Yair Avidan Supervisor of Banks