Draft Directive for Payment Companies Regarding the Implementation of an Open Banking Standard – Published for Public Comments

We wish to bring to your attention that on January 27, 2026, the Israel Securities Authority (the “Authority”) published for public comments a Draft Directive for Payment Companies Regarding the Implementation of an Open Banking Standard (the “Draft Directive”).

The purpose of the Draft Directive is to regulate the activities of  payment companies in connection with their obligation to provide access to their customers’ financial information in accordance with the requirements of  the Financial Information Service Law, 2021 (the “FIS Law”), and their obligation to provide payment initiators with access to customers’ payment accounts, in accordance with the requirements of the Regulation of Payment Services and Payment Initiation Law, 2023 (the “RPSL”) (collectively: the “Open Banking Obligations”).

The Draft Directive seeks to establish a uniform framework for payment companies in connection with the provision of the aforementioned access, in a manner that will ensure the proper, secure and transparent operation through an access interface, while maintaining an adequate level of service and protecting customers.

It should be noted that the Open Banking Obligations are scheduled to enter into force with respect to payment companies on June 6, 2026.[1] However, at this stage, legislative initiatives are under consideration which aim, inter alia, to grant payment companies an exemption from the Open Banking Obligations for the first three years commencing from the receipt of a payment services provider license pursuant to the RPSL.[2] This is being advanced both in the framework of a governmental bill for the Promotion of Competition in the Banking Market (Legislative Amendments)[3] and pursuant to draft regulations formulated by the Authority (which are intended to serve as an alternative arrangement in the event that the aforementioned legislative process is not completed in time).

The Draft Directive seeks to regulate the following topics:

• Chapter A – The conditions for the applicability of the Directive to payment companies, as well as the types of payment accounts to which it will apply, with respect to the obligation to provide access to financial information and the obligation to provide access to payment initiators.
• Chapter B – Provisions regarding the implementation of an open banking standard in Israel, in accordance with the Berlin Group Standard as adopted and adapted to the Israeli market by the Bank of Israel.[4] These provisions include the obligation and manner of providing access to financial information service providers and payment initiators (the “Third-Party Providers”); The obligation to publish a “developer portal” containing relevant information required for Third-Party Providers to obtain access; and the obligation to establish a “sandbox” testing environment to allow Third-Party Providers to test access.
• Chapter C – Provisions regarding corporate governance in connection with the Open Banking Obligations, including the roles of the board of directors and the obligation to formulate and implement an open banking management policy.
• Chapter D – Provisions regarding customer authorization[5] for access by a financial information service provider, including the manner of customer identification and authentication at the time the authorization is granted; the selection of accounts in respect of which financial information will be transferred; provisions regarding authorization in a joint account; management of access authorizations in the customer’s account; and the manner of delivering notices from the payment company to the financial information service provider or to the customer.
• Chapter E – Provisions regarding the issuance of a payment order within the framework of payment initiation services,[6] including the manner of transmitting and presenting notices to the customer regarding requests by payment initiators to execute or cancel a payment order; the manner of customer identification and authentication for the purpose of obtaining consent to issue a payment order; and the manner of obtaining approval in a payment account with multiple interested parties.[7]
• Chapter F – Rules regarding service level, including service level and availability for Third-Party Providers and the provision of support services and incident handling; record-keeping obligations; ensuring the currency of financial information and authorization status; the obligation to establish a service-level policy for Third-Party Providers that is applied on an equal basis to all providers; and the types of services that the payment company is required to make available to Third-Party Providers even without a contractual engagement between the parties, as opposed to additional services that are subject to such contractual engagement.
• Chapter G – Provisions regarding system architecture, information Security and cyber protection in the framework of a payment company’s open banking activity.
• Chapter H – The conditions under which a payment company may receive information regarding a customer from a financial information service provider, for the purpose of making an offer to engage with the customer,[8] including obligations regarding data retention, data security, and the maintenance of computerized records (logs) regarding the receipt of such information.
• Chapter I – Reporting obligations of payment companies to the Authority, including reports regarding cases of denial of access, and reports regarding the payment company’s open banking activity.[9]

Comments on the Draft Directive may be submitted until February 27, 2026.

To view the Draft Directive (in Hebrew) >> Click here

Our firm has extensive expertise and many years of experience in the financial services sector in all its aspects. We monitor and follow all regulatory developments in this field, assist, and advise leading financial entities in Israel and worldwide.

We would be happy to assist you with any issues in these areas, including in connection with the above publication and providing comments on it, as well as any questions or clarifications.

Sincerely,

Financial and Institutional Regulation Team, Banking & Finance Department 

Herzog Fox & Neeman

[1] And with respect to access to advanced payment initiation services – on December 6, 2026.

[2] Provided that no obligations to grant access to information or to payment accounts applied to the payment company prior to the receipt of the license.

[3] Which was promoted under the “Arrangements Law” for 2026.

[4] The standard is set out in Appendix A to the Draft Directive, which refers to the appendix to the Bank of Israel Proper Conduct of Banking Business Directive (PCBBD) No. 368, titled “Open Banking in Israel”.

[5] In the explanatory note to the Draft Directive, it was clarified that, as a general rule, where the Directive refers to a customer that is a corporation, such reference is to the corporation itself or to an authorized signatory acting on behalf of the corporation, depending on the context. Accordingly, with respect to a customer that is a corporation, the corporation shall grant the access authorization through an authorized signatory duly authorized by it, and subject to the identification of such authorized signatory.

[6] The Draft Directive refers only to a “basic initiator” and to “basic initiation services” (as defined in the RPSL). It was clarified that the provisions of this chapter shall also apply to a request for the creation of a debit authorization, or for its cancellation, submitted by a payment initiator.

[7] An account holder, an authorized representative (power of attorney holder) in the account, or an authorized signatory in the account.

[8] Pursuant to Section 29 of the FIS Law.

[9] The structure and reporting timelines shall be specified in the Authority’s Directive for Payment Companies and Holders of a Basic Initiation License or Approval Regarding Reporting to the Israel Securities Authority.