Masav is subject to the Proper Conduct of Banking Business Directives (PCBB) and specifically to directives 357, 355, 361, 362, and 363, in all matters related to business continuity and information security. This is due to its classification as a “Joint Services Company,” which falls under the definition of a “Banking Corporation” according to the Banking (Licensing) Law.
Additionally, Masav is subject to the oversight of the Payment Systems Supervision Department, as it operates the “Payments System for Debits, Credits, and Transfers,” which has been designated as a Controlled Payment System under the Payment Systems Law, 2008.
Masav has established policies for managing information security, cyber protection, and business continuity. These policies include formal procedures and work plans, covering preparedness for cyber incidents and severe disruptions to critical sites.
Furthermore, Directive 355 includes specific guidelines regarding the preparedness of Masav in relation to its critical sites, and Masav is aligned accordingly.
It is important to note that this preparedness does not exempt other entities involved in the payment and debit execution chain from their own responsibilities to prepare for various failure scenarios, in accordance with the Bank of Israel’s guidelines.
