Bank Leumi CEO Hanan Friedman walked onto the Mind the Tech London stage on September 16, 2025 and announced a dedicated generative AI hub for a bank that closed 2025 with net income of NIS 10.3 billion, about $3.2 billion. In theory, capability announced from a conference stage in September should be live in customer-facing workflows the next quarter. In practice, the workflows that handle credit, fraud, and AML transactions are still running through a model-risk validation cycle that Bank of Israel updated on August 21, 2024 under Proper Conduct of Banking Business Directive 369.

The 12-month gap between announcement and production release is the rational outcome of regulated banking, not a failure of execution. It is the directive doing what the directive was written to do.

A Tax Code for Models

Directive 369, in the form Bank of Israel issued last year, explicitly covers qualitative AI outputs alongside the quantitative models that have always sat inside the regulator’s perimeter. That is the substantial change. Generative AI used to draft a customer letter, to score an alert, or to summarize a credit file is now subject to the same lifecycle controls as a credit-risk model: identification, development, validation, governance, monitoring, and retirement.

By comparison, the Federal Reserve’s SR 11-7, issued jointly with the Office of the Comptroller of the Currency on April 4, 2011, set the global template for model risk management a full decade before LLMs entered the conversation. It is principles-based and durable, but it predates the technology. Canada’s OSFI Guideline E-23, revised to take effect across all federally regulated financial institutions on May 1, 2027, expands the scope explicitly to AI and machine-learning models, including the explainability and bias-management duties that black-box approaches surface.

Israel’s directive is more current than either. The gap between Friedman’s announcement and a production release is not regulatory drag. It is the tier-1 model-risk validation cycle running, end to end, on a horizon a working banker can predict: six to nine months for any model that touches credit, fraud, AML, or supervisory disclosure, before it is safe to ship.

Every model decision that touches a regulated workflow has to be replayable; it is not summarized; it is not paraphrased. It is replayable, in the sense that a supervisor or an internal auditor must be able to reconstruct the exact inputs, the exact model version, the exact weights, and the exact output that produced a given decision on a given customer at a given time.

That is the audit-trail buildout. It is invisible from the outside and it is the gating constraint on shipping. In a typical model-validation cycle inside a tier-1 retail bank, the engineering work that has to land before any AI-augmented decision can run in production includes deterministic input capture, version-pinned model artifacts, full lineage records, and a replay harness that can rerun any historical decision on demand and produce a byte-equivalent output.

When a bank quotes a customer-facing efficiency figure, an automation rate or a turnaround-time reduction, that figure is the visible portion of the work. The portion that does not show up in the press release is the months of audit-trail engineering that had to land first. The number that gets quoted in the press release is not the number a model-risk team tracks. The number that the team tracks is the date the replay harness passed validation. After that date, and not before, the efficiency figure becomes safe to ship.

Millions to Tens of Thousands

Anti-money-laundering monitoring is where the gap between announcement and production release becomes most visible, because the volumes are unforgiving. A tier-1 retail bank generates raw transaction streams in the millions per day. Traditional rule-based exception monitoring flags a fraction of those as suspicious, then human investigators work through the queue. AI-augmented monitoring takes the same raw stream and triages it down to a working set in the tens of thousands per year per institution, each of which has to be explainable transaction by transaction.

Israel sits inside a regulatory frame that takes that explainability requirement seriously. The Israel Money Laundering and Terror Financing Prohibition Authority supervises a system that the Financial Action Task Force assessed in its 2018 mutual evaluation, the report that admitted Israel as a full FATF member that December. The post-October 2023 geopolitical environment has raised the bar further; the work of distinguishing legitimate transactions from sanctioned, fraudulent, or terror-financing flows is no longer a back-office function.

The deployments reflect the bar. ThetaRay’s Cognitive AI transaction-monitoring solution went live at IDB Bank, the New York subsidiary of Israel Discount Bank, on January 29, 2025. Bank Hapoalim has been a strategic investor in ThetaRay since Poalim Capital Markets first wrote a check in 2014 and has stayed close to the company through subsequent rounds. Outside the bank perimeter, the same engineering pattern is producing standalone vendors; IVIX, an Israeli-founded startup that builds AI software for government fraud detection, raised $60 million in 2025 on the strength of similar core capabilities. In every case, the production release sits downstream of a directive-369-shaped validation cycle that the audit committee has to sign off on before a single live transaction is scored.

The reduction from millions to tens of thousands is not a marketing figure. It is an operational constraint. Every alert that the model dismisses has to be defensible if a regulator pulls it for review. That defensibility requirement is what governs the deployment timeline, not the press release.

Build vs. Buy in Tel Aviv

The economics of vendor AI compliance platforms versus in-house builds usually default to buy, because the engineering bench required to build is hard to assemble. In Israel that constraint is weaker. The bench exists. That changes the calculus and produces a market in which both directions get pursued seriously inside the same year. The Israeli fintech community has been readying for dramatic changes inside the banking sector, and the build-versus-buy choice sits in the middle of that shift.

Israel Discount Bank is the canonical buy case. Personetics has powered Discount’s Didi digital assistant since February 2018, then extended the partnership with Smart Save, an automated savings feature built on the same cognitive-banking platform. The decision to buy turned on integration speed and on the readiness of model lineage that an enterprise vendor can produce on demand, not on whether Discount could have written the underlying code.

Bank Leumi’s GenAI hub and Bank Hapoalim’s Poalim 2026 strategic plan, which targets a return on equity of 14 to 15 percent across 2025 through 2028 and rests on what the bank describes as advanced digital solutions, are the build cases. Both are viable in Tel Aviv in a way they are not in most other tier-1 banking markets. The labor pool that the GenAI hub recruits from is the same pool that ThetaRay, Personetics, and Earnix recruit from. The build path and the buy path draw on the same talent base.

The regulatory dimension pushes the calculus further. Bank of Israel Directive 362 on cloud computing imposes data-residency and operational-resilience rules that constrain which vendor platforms can host regulated workloads. Directive 369’s explainability requirements push toward whichever option, build or buy, produces the cleanest model lineage. Cost rarely decides the question. Auditability does.

The most recent regulatory artifact sitting on top of all of this is the Interministerial Final Report on AI use in the financial sector, the continuation of the late-2024 interim report and prepared by representatives of the Ministry of Justice, the Ministry of Finance, the Competition Authority, the Israel Securities Authority, the Capital Market, Insurance and Savings Authority, and the Bank of Israel. The report sets out a risk-based framework anchored in four pillars: sector-specific supervisory expectations, regulatory sandboxes, targeted rules for high-risk applications such as fully automated credit refusal, and supervisory automation tools that detect model drift across the system. It also opens a new legal basis for AI training use beyond consent under the Privacy Protection Law. That last item changes the build-versus-buy calculation at the margins, because it materially affects what training data a bank can lawfully assemble in-house, and on what terms.

Marathon training does not reward the runner who sprints out of the start chute. It rewards the runner who built mileage methodically through the previous nine months, when nobody was watching. Banking AI is the same shape of work. The bank that ships AI safely in 2027 will be the one that did the directive-369 validation work and the audit-trail engineering through 2024 and 2025, not the one that issued the loudest 2024 press release.

The figure to watch is not the announcement count and not the customer-facing efficiency claim. It is the validation cycle time: six to nine months, end to end, for any model that touches a regulated workflow at a tier-1 institution.

© The Times of Israel (Blogs)