Bank of Israel Circular C-06-2741: Amendments to Proper Conduct of Banking Business Directive No. 310 on Risk Management

Banking Supervision Department Jerusalem, February 26, 2023 Circular No. C-06-2741 Attn: The Banking Corporations and Acquirers Re: Risk Management (Proper Conduct of Banking Business Directive No. 310) Introduction

1. The involvement of banking corporations and acquirers in activities related to cryptographic assets (hereinafter, “crypto”), directly or indirectly, incorporates risks that are liable to impact on the ability to ensure a stable and reliable financial environment, prudential risks, AML/CFT risks, cyber risks, as well as risks from the aspect of customer protection, among other things, after the activities related to crypto are still not fully understood or recognized, and the relatively little experience in the area due to their rapid development.
2. The lack of consistency in definitions and the lack of sufficient experience, related to the various crypto assets and the activities related to them, makes it difficult to identify this category of assets and activities. In addition, the various types of assets, the early stage of the market, the changing activity structure and its growing volume as a result of the dynamic nature of the area, weigh on the carrying out of a proper risk assessment, and the examination of the impact on financial stability and consumer protection. Accordingly, the banking corporations and acquirers are to act with the utmost caution when considering activity in the crypto area.
3. Regulation was not accompanied by the publication of a report, as per the Regulation Principles Law, 5782-2021, in view of the significant activities carried out before the Law went into effect, in accordance with the Governor’s decision.
4. After consulting with the Advisory Committee on Banking Business Affairs, and with the approval of the Governor, I have amended this Proper Conduct of Banking Business Directive. The changes to the Directive
5. Section 16(b) of the Directive was amended, and a requirement was added in the new-product approval process—to examine the new product’s compliance with the requirements of the relevant laws and regulations. In addition, it was determined that the risk assessment to be carried out as part of the new product approval process shall include reference to protecting the customers’ interests. Explanatory remarks The requirements that apply to the new product process were expanded such that the process will also include an examination that the product complies with the

requirements of the laws and regulations, and the risk assessment is to include reference to the bank’s obligations to its customers. 6. In Section 16(f) of the Directive, a definition for the term “cryptographic asset” was added. In addition, a requirement was established to report in writing to the Supervisor of Banks before beginning activity related to cryptographic assets. Explanatory remarks In view of the potential risk incorporated in the activity related to cryptographic assets, a requirement was established to notify the Supervisor of Banks in writing in advance about activity related to cryptographic assets. It should be clarified that the provisions of this Section do not apply payment services for virtual currency activity, as defined in Section 87a of Proper Conduct of Banking Business Directive no. 411. 7. Section 16(g) was added to the Directive, establishing that the contact in writing to the Supervisor of Banks related to new products detailed in Sections (f)(1)– (f)(3) of the Directive shall include a detailed description of the new product, including an analysis of the risks inherent in it. In addition, it was determined that the Supervisor of Banks is permitted to announce his intention to examine the enquiry, and timeframes were established for the Supervisor of Banks notifying of his intention to carry out an examination and to formulate the Supervisor’s stance related to it. Explanatory remarks Section 16(g) was added to the Directive while establishing a mechanism for the enquiry to the Supervisor of Banks and the possibility of the Supervision’s examination of the enquiry while defining maximum timetables for carrying out the examination. Commencement 8. The starting date of the amendments to Directive 310 are the day the Circular is published on the Bank of Israel’s website. 9. Following are the updates to the Proper Conduct of Banking Business file: Remove pages Insert pages 310-1-17 [2] (9/21) 310-1-17 [3] (02/23) Respectfully, Yair Avidan Supervisor of Banks