Regulatory Alerts2021-11-24
Reporting of Technological Failures and Cyber Incidents
The Bank of Israel has amended Proper Conduct of Banking Business Directive no. 366 to mandate that banking corporations and merchant acquirers report technological failures and cyber incidents occurring in controlled non-banking entities. The update requires immediate notification to the Banking Supervision Department whenever such incidents in subsidiaries materially impact the controlling bank, its group, or the broader Israeli banking system from technological, financial, or reputational perspectives. Additionally, the directive now requires that internal investigation procedures encompass these subsidiary incidents, with the amendments taking effect one month after publication.
Share