• The Banking Supervision Department has recently completed a systemic on-site examination of the internal control of fraud risk, with the goal of strengthening and improving the ability of the banks to prevent the realization of this risk or at least to minimize damage.
  • International data show that every organization is subject to the risk of fraud committed by its workers, managers or related third parties, and the banking and financial bodies are exposed to an even greater extent. Even though there has not been any instance of significant fraud in Israel for close to two decades, financial bodies in other countries have experienced major fraud events in recent years, and the risk of a major fraud event always exists.
  • The on-site examination process carried out by the Banking Supervision Department was aimed at assessing the banks’ preparedness to deal with this type of risk. It was accomplished by examining corporate governance in risk management; the arrangements and processes that exist in the bank and that include various functions and entities; entity level controls; and the control environment.
  • The evaluation showed that the banking system in Israel is endeavoring to assimilate an organizational culture of zero tolerance for fraud and is investing a large amount of resources in the prevention and early detection of fraud and in the response to the outcomes of fraud that may in any case occur. Nonetheless, the examination process identified areas in which the banks need to further reinforce risk management and internal control.
  • Risk management in the banks is essentially managed according to three lines of defense. The evaluation showed that overall, internal control is proactive and produces significant added value in risk management. However, there were also areas in which governance needs to be strengthened in order to make it more comprehensive and active. Thus, for example, it was found that information presented to management and the board of directors on this subject is not always complete and is not sufficiently assimilated and analyzed, thus making it difficult to identify focal points of risk or possible failures in internal control. Furthermore, entity level controls, such as mechanisms for detecting irregularities, are not operating effectively enough in some of the banks. There is non-uniformity in the approach to dealing with worker irregularities, and the proportion of complaints that are discovered through a tip received from a worker or anonymously is low relative to other countries. The principle of rotation and uninterrupted absences is adhered to; however, insufficient emphasis is placed on the controls that are part of these processes, which are meant to increase the likelihood of detecting fraud.
  • As a result of the process that was carried out, the Banking Supervision Department clarified to the banks that they must implement a proactive program, with the goal of conveying organizational messages, providing guidance to managers and employees and training employees involved in risk management and control. In addition, they need to adopt effective standards that have been widely adopted abroad. The Banking Supervision Department has emphasized that it intends to require the implementation of the latest COSO framework which constitutes the international standard in this context, in those banks that have not yet done so on a voluntary basis.​