Bank Leumi CEO Hanan Friedman walked onto the Mind the Tech London stage on September 16, 2025 and announced a dedicated generative AI hub for a bank that closed 2025 with net income of NIS 10.3 billion, about $3.2 billion. In theory, capability announced from a conference stage in September should be live in customer-facing workflows the next quarter. In practice, the workflows that handle credit, fraud, and AML transactions are still running through a model-risk validation cycle that Bank of Israel updated on August 21, 2024 under Proper Conduct of Banking Business Directive 369.

The 12-month gap between announcement and production release is the rational outcome of regulated banking, not a failure of execution. It is the directive doing what the directive was written to do.

A Tax Code for Models

Directive 369, in the form Bank of Israel issued last year, explicitly covers qualitative AI outputs alongside the quantitative models that have always sat inside the regulator’s perimeter. That is the substantial change. Generative AI used to draft a customer letter, to score an alert, or to summarize a credit file is now subject to the same lifecycle controls as a credit-risk model: identification, development, validation, governance, monitoring, and retirement.

By comparison, the Federal Reserve’s SR 11-7, issued jointly with the Office of the Comptroller of the Currency on April 4, 2011, set the global template for model risk management a full decade before LLMs entered the conversation. It is principles-based and durable, but it predates the technology. Canada’s OSFI Guideline E-23, revised to take effect across all federally regulated financial institutions on May 1, 2027, expands the scope explicitly to AI and machine-learning models, including the explainability and bias-management duties that black-box approaches surface.

Israel’s directive is more current than either. The gap between Friedman’s announcement and a production release is not regulatory drag. It is the tier-1 model-risk validation cycle running, end to end, on a horizon a working banker can predict: six to nine months for any model that touches credit, fraud, AML, or supervisory disclosure, before it is safe to ship.

Every model decision that touches a regulated workflow has to be replayable; it is not summarized; it is not........

© The Times of Israel (Blogs)