Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.
How would you describe the regulatory policy for fintech products and services in your jurisdiction?
There is a strong indication that regulators are willing to embrace new technologies and innovations. However, privacy concerns remain and regulations may delay such efforts.
Have any fintech-specific laws or regulations been enacted in your jurisdiction? Are any envisaged?
There are no fintech-specific laws or regulations in Israel. However, each fintech product may be regulated in accordance with the general laws in Israel on a case-by-case basis. For example, cryptocurrencies are soon to be regulated under the new Supervision of Financial Services (Regulated Financial Services) Law 2016 and may be regulated in accordance with the Israeli Securities Laws. Robo-advice services that provide investment advice will be regulated under the Investment Advice Law.
Which government authorities regulate the provision of fintech products and services?
There is no specific government authority that regulates the provisions of fintech products and services. Each type of fintech product may be regulated under a different authority, as applicable.
The main government authorities that can regulate fintech products include:
- the Israeli Securities Authority;
- the Commissioner of the Capital Markets, Insurance and Savings (CMIS);
- the Bank Supervision Department at the Bank of Israel; and
- the Israeli Money Laundering and Terror Financing Prohibition Authority.
Financial regulatory framework
Which laws and regulations governing the provision of financial services apply to fintech businesses?
There is no specific law that refers to fintech businesses. The fintech industry is regulated under general Israeli law, including:
- the Securities Law, for fintech that relates to securities;
- the Companies Law, for fintech entities that are companies incorporated in Israel;
- the Investment Advice Law, for fintech businesses that provide investment advisory services; and
- the Regulated Financial Services Law, for certain financial activities.
Under what conditions are fintech businesses subject to licensing requirements? Are there any exemptions?
There are no specific licensing requirements for fintech businesses. These requirements depend on the nature of the provisions of the services. For example, a fintech business that provides investment advice must have a licence in accordance with the Investment Advice Law. Fintech services offering securities (or cryptocurrencies which may be treated by the Israeli Securities Authority as securities) to the public in Israel (ie, offering of securities to more than 35 retail investors during a 12-month period) require a prospectus in accordance with the Securities Law.
Are any fintech products or services prohibited in your jurisdiction?
The Israeli Securities Law prohibits trading platforms operating in Israel offering trades in binary options to clients who are in or outside Israel.
Data protection and cybersecurity
What rules and regulations govern the processing and transfer (domestic and cross-border) of data relating to fintech products and services?
The main Israeli legislation relating to processing and transfer of data (in general) is the Israeli Protection of Privacy Law 5741-1981. This law defines, among other things, obligations regarding the registration and maintenance of databases containing personal information. Specific regulations promulgated under this law deal with transfer of personal data outside of Israel (the Protection of Privacy (Transfer of Data Abroad) 5761-2001). There is also an instruction issued by the Privacy Protection Authority regarding outsourcing services for personal data processing.
There are specific Proper Conduct of Banking Business Directives, issued by the Israeli Supervisor of Banks, which deal with processing and transfer of data by banks. For example, Directive 357 provides guidance on the management of information technology and specifically relates to outsourcing that may include processing of data by third parties. Directive 362 deals with cloud computing and limitations on storing data in a cloud environment. These directives apply to banks and other regulated entities, but may be significant for fintech operations offered to banking institutions.
Instructions have also been issued by the CMIS relating to the management of cyber-risks in institutional entities. The instructions relate to cybersecurity and data protection, specifically in regulated entities in the insurance and pension sector, and may be significant for fintech operations offered to companies in this sector.
What cybersecurity regulations or standards apply to fintech businesses?
Other than the aforementioned, there are currently no specific Israeli regulations or standards related to fintech businesses.
What anti-fraud, anti-money laundering or other financial crime regulations govern the provision of fintech products and services?
With respect to anti-money laundering, there is no specific anti-money laundering law or order that refers to fintech companies. Fintech companies are subject to the general prohibition on money laundering activity and terror financing, along with any entity in Israel. However, Israeli anti-money laundering legislation also imposes substantial identification, registration and reporting duties under anti-money laundering orders on certain business sectors (a closed list), including financial entities engaging in certain financial activities (including banking corporations, credit providers, money service business (including money or value transfer services), insurance companies and portfolio managers). Accordingly, if the fintech company’s activity falls within the closed list of the regulated activities under anti-money laundering law, it will be subject to the applicable anti-money laundering order.
In addition, two new drafts of anti-money laundering orders which are applicable to the fintech industry were published in early 2018. These draft orders are pursuant to the new Regulated Financial Services Law:
- an anti-money laundering order that applies to financial assets services providers (including virtual currencies and other financial assets); and
- an anti-money laundering order that applies to credit intermediation systems (including peer-to-peer).
These draft orders also include identification, registration and reporting requirements paying heed to the anti-money laundering complexity and challenges that these industries impose. The market anticipates the ratification of these orders as, among other things, their absence poses regulatory challenges for the financially-supervised entities complying with the anti-money laundering regime.
In addition, Israel plays a significant role in the fintech industry, and many companies in Israel are engaged in this field (eg, the Israeli Money Laundering and Terror Financing Prohibition Authority holds roundtables from time to time with fintech companies and virtual companies). Further, last year the Israeli Ministry of Finance issued a manifesto regarding its intention to consider establishing a regulatory sandbox with respect to fintech companies.
What precautions should fintech businesses take to ensure compliance with these provisions?
There is no strict rule for fintech businesses to adopt in order to ensure compliance with Israeli laws. Fintech businesses should seek legal advice before providing any services. The provision of fintech products may give rise to various issues (eg, securities and anti-money laundering issues), as well as licensing requirements (eg, investment advisory licence).
What consumer protection laws and regulations apply to the provision of fintech products and services?
The Consumer Protection Law 5741-1981 regulates the protection of consumers. ‘Consumer’ is defined as any person who purchases a product or service from a dealer within the framework of the dealer’s business, mainly for a personal, home or family use. The law does not apply to commercial activities as between two businesses. It sets out various principles and requirements which may be applicable to the offering of fintech products and services, including, among other things:
- the prohibition of misleading consumers with respect to the material aspects of a transaction;
- rules regarding ongoing transactions;
- transactions entered into remotely;
- indication of prices for services; and
- disclosure of payment requirements.
Does the provision of fintech products or services in your jurisdiction raise any particular competition regulatory concerns?
No, the Israeli Antitrust Authority is considering competition law aspects of digital platforms in general and has commenced a public hearing for that purpose. Nonetheless, there is currently no specific competition law regulation concerning fintech.
Are there any particular regulatory issues concerning the cross-border provision of fintech products and services (eg, operating jurisdiction rules and currency controls)?
There are no currency control limitations in Israel; however, in certain cases there may be reporting requirements.
Click here to view the full article.