Summary

  • ONE ZERO is a licensed Israeli bank, not a software vendor wearing a banking brand. Its AI operating model must reconcile four different ledgers: the core customer and banking ledger, the internal-use software asset register, the model control inventory, and the regulatory capital account.
  • The 2024 audit makes software economics visible. Development spending became a key audit matter, eligible internal-use software was capitalised and amortised over five years, and nearly NIS 50 million of software investment coexisted with an annual loss of NIS 267.9 million.
  • The bank owns a significant application and decision layer, but it does not own the entire stack. TCS supplies the primary service centre, AWS supports independent systems, and the AI provider composition has changed: the 2024 report named AI21 and OpenAI, while the 2025 report indicates that the AI21 agreement ended in 2025.
  • Automation claims are promising but lack operational proof. A company presentation states that 89% of interactions were handled without a human banker in Q4 2025, but public disclosures do not provide the denominator, repeat-contact rate, error rate, escalation quality, or financial-harm rate needed to audit that percentage.
  • The investment and procurement question is therefore the control margin, not chatbot novelty: how much verified customer value, revenue, and service capacity remain after full acquisition and support costs, model and vendor controls, software amortisation, credit losses, and the capital required to keep a bank safe.

Four Ledgers Move When Ella Responds

A customer sees a single message. The bank must see at least four ledgers.

The first is literal. A balance, a card transaction, a deposit, a securities position, or a credit exposure must come from a controlled system of record. The second is the software ledger: the code that collects data, detects an unusual debit, prepares an explanation, and routes the customer's next action has a cost, a release date, a lifespan, and sometimes an impairment indicator. The third is the model ledger: which model produced a recommendation, which version and data were used, what checks were applied, and when a human took over. The fourth is the capital ledger.

If a wrong answer becomes an unauthorised transaction, a conduct complaint, a privacy breach, a credit loss, or simply an expensive service interaction, the consequence ultimately belongs to a regulated enterprise with limited resources to absorb losses.

This is why the useful unit of analysis is the exact legal bank, One Zero Digital Bank Ltd., rather than "Ella", another technology company of the founder, or a generic digital bank category. TheBank of Israel announcement lifting the last establishment restrictionsin January 2022 stated that the institution had completed the technological and operational preparations needed to operate independently. It also made the legal point clear: ONE ZERO has the status of other Israeli banks and is supervised for stability, depositor protection, and fairness. This status gives credibility to the application, but it also makes every seemingly weightless software interaction part of a bank's control environment.

The four-ledger test yields a less theatrical definition of an AI-native bank. It is not a bank that mentions AI most often, nor a bank that replaces every conversation with a bot. It is a bank that can join transaction truth, software changes, model behaviour, and regulatory accountability without losing the evidence between them. ONE ZERO's public file is unusually useful because its audited statements reveal both the promise and the cost of that attempt.

The Entity Is a Bank, Not an AI Shell

ONE ZERO was incorporated in 2019 and is controlled by Fin-Digit Ltd. through Professor Amnon Shashua, according to the bank's2024 audited annual report. It began a limited pilot in March 2021, operational restrictions were lifted in January 2022, and it completed its second full year of retail banking activity in 2024. This history matters because several adjacent identities are easy to blur. Shashua is also associated with AI21 Labs; TCS provides the core technology; Amazon Web Services provides cloud infrastructure; and Ella is the customer assistant. None of these is the regulated deposit-taking entity.

The boundary changes how numbers must be read. Customer deposits are the bank's funding, not recurring annual revenue. Regulatory capital is not a software valuation. Credit losses are not support defects. Money placed at the Bank of Israel is an interest-bearing financial asset, not "money on the platform". Conversely, a capitalised software balance is not automatically regulatory capital and says nothing in itself about code quality, customer adoption, or future cash generation.

The2025 audited annual report, a convenience English translation of the accounts approved in March 2026, still describes a single Israeli retail banking segment. It reports approximately 180,000 customers per the current reporting period update, but it does not transform ONE ZERO into a multinational software platform. Management discussed exporting the technology and Ella as a service, and the 2024 report indicated that expansion work in Europe was frozen due to geopolitical uncertainty. These are options and intentions. The demonstrated operation remains a supervised Israeli bank serving customers through an application, supported by people and third parties.

This distinction also prevents a common analytical shortcut. A bank can have excellent software and weak economics; it can have mediocre software and a resilient balance sheet. ONE ZERO must pass both tests at once. Its proprietary layer must reduce cost or improve the quality of banking, while the regulated enterprise must fund ongoing losses, preserve capital, manage liquidity, and absorb operational errors.

A Customer Journey Crosses Owned and Leased Systems

ONE ZERO'spublic service descriptionstarts with a simple proposition: no branches, one app, automated account analysis, and access to human financial managers. Operationally, the journey is less simple.

Onboarding starts with remote identity proofing, suitability and regulatory checks. The bank's privacy disclosures describe collection of identity documents, photographs, and verification information; the annual reports describe manual review when remote identification raises doubts. Once open, the account and its transactions must be maintained in the core banking environment. Cards, payments, currency exchange, securities, deposits, and credit introduce additional processors, market infrastructure, and control points. Open banking permissions may add data from accounts and cards held elsewhere.

The bank says it started using this shared external data in 2024 to produce insights.

Only then does the AI proposition become possible. Transaction events and customer context can be classified; rules or models can look for duplicate debits, imminent overdraft, unusual spending, or idle cash; an explanation can be prepared; and the output can be sent to Ella, a human financial manager, or both. A customer may ask a follow-up question, dismiss an alert, or request an action. Any action must go back to an authorised banking workflow, with authentication, limits, record-keeping, and reconciliation. A conversational response is therefore neither the start nor the end of the process.

It is a layer in a chain whose authoritative state remains elsewhere.

This separation is critical when evaluating the bank's claim that AI "handles" money. Public documents establish that Ella can answer general and personalised questions and that automated analysis generates insights. They do not establish that a generative AI system independently approves credit, changes a deposit, selects a security, or executes a transfer without deterministic controls and authorised customer or human action. In the absence of a published permissions matrix, the prudent interpretation is narrower: the assistant interprets, explains, recommends, and routes, while controlled banking systems execute.

A due diligence team should ask for this matrix. For each intent, it should show the source system, whether a model can read or write, the customer authentication level, monetary limits, required human approval, audit trail, recourse rights, and fallback channel. "AI banker" is a useful product metaphor. It is not a control specification.

Capitalised Code Starts a Five-Year Clock

The most revealing part of ONE ZERO's 2024 disclosure is not the AI language. It is the accounting policy behind it.

The bank capitalises qualifying expenditures on software developed for internal use after the preliminary research phase is completed, management has committed the resources needed to complete the project, and completion is expected. Purchased software, direct external services, and directly attributable labour may enter the asset. Other development expenditures remain an expense. Once significant testing is complete and the software is ready for use, the bank amortises it on a straight-line basis over five years. Indicators that expected benefits have deteriorated may require impairment.

This policy turns product management into an audited boundary. A developer may work on a customer feature, an internal control, maintenance, research, or a defect. The accounting answer is not the same for every hour. The date a release becomes ready for use starts the amortisation clock. A longer capitalisation period can improve current-period expense presentation, but it also builds an asset that must deliver service over its assumed life. A shorter life or an abandoned project accelerates recognition of economic failure.

ONE ZERO's auditors treated internal-use software capitalisation as a key audit matter in 2024. They highlighted management's judgment on qualifying costs, the date the software became available for use, the capitalisation rate, and the existence of impairment indicators. Their procedures included sample testing against supporting documents and evaluating estimates. A key audit matter is not an accusation of misstatement. It is a signal that this was one of the areas that required the most audit attention.

At the end of 2024, total software cost before accumulated amortisation was approximately NIS 222.2 million and the carrying amount was NIS 146.3 million. Subsequent comparative disclosure identifies proprietary internal-use software with a gross cost of approximately NIS 200.4 million and a carrying amount of NIS 131.5 million. Cash flow reports show approximately NIS 49.9 million invested in software in 2024, after NIS 61.5 million in 2023. These are significant sums for a bank whose 2024 operating expenses were NIS 322.8 million.

The clock did not stop. In 2025, reported software cost rose to approximately NIS 273.8 million and its carrying amount to NIS 151.0 million. The proprietary internal-use component reached a gross cost of approximately NIS 248.8 million and a carrying amount of NIS 136.7 million; cash investment in software was approximately NIS 50.8 million. Amortisation and impairment continued to consume earlier investments. The slight increase in net carrying amount relative to the much larger increase in gross cost illustrates the treadmill: new capitalised work must exceed amortisation of previous releases simply to maintain the asset balance growth.

None of these figures measures model accuracy or customer value. Capitalisation records eligible costs, not intellectual property quality. It may include software developed by third parties specifically for the bank. It does not prove that a feature is proprietary in the sense a venture capitalist might use the word, and it does not say whether the code can be separated from TCS, AWS, or other services. The useful questions are at the release level: what was placed into service, what benefit justified the five-year life, how quickly will the relevant model or interface become obsolete, and what evidence would trigger impairment?

The Proprietary Layer Sits Above an Outsourced Core

ONE ZERO's architecture is deliberately mixed. Its annual reports state that the bank develops technology where it considers capability essential to its advantage and uses third parties where a specialist can provide faster time to market or established service. This is a normal modern bank. It also makes the word "proprietary" too broad unless the layers are separated.

The core account platform comes from Tata Consultancy Services. TCS describes itsBanking Service Bureauas a centrally operated, Israel-ready service built on TCS BaNCS, supporting banking functions and integration via APIs. ItsONE ZERO case studycalls the bank the first customer on a shared platform. The relationship was publicly announced inApril 2020, before unrestricted commercial operation.

The audited disclosures describe TCS as the provider of a core banking service bureau, with joint governance, control exercises, reporting, and assurance documents. They also state that commercial terms were renegotiated in 2024 to better match the service received. ONE ZERO's 2025 presentation attributes a one-time NIS 13 million reduction in IT expenses to this renegotiation. This saving demonstrates negotiation activity, but it does not eliminate dependency. Core data structures, release schedules, interfaces, operational procedures, and migration complexity create switching costs even when the contract contains exit rights.

The convenience English translation of the 2025 report appears to describe the TCS extension horizon differently in separate passages. This may reflect drafting, translation, or distinctions between option periods; it should not be turned into a confident claim about the legal term. It is, however, exactly the kind of ambiguity that a buyer, investor, or supervisor should reconcile with the executed agreement. Duration, termination assistance, data extraction, software escrow, transition pricing, and the right to test a replacement matter more than the marketing label attached to the core.

AWS supports a different layer. The bank says it has an enterprise agreement since November 2021 for infrastructure and software services used by independent systems, with support and availability intended to meet banking requirements. The public disclosure does not provide a full service schedule, regional architecture, subcontractor inventory, or recovery objective by system. Nor does it establish that the TCS core itself runs on ONE ZERO's AWS tenancy; TCS markets its Israeli bureau as a private cloud service. "Cloud bank" is therefore not a single deployment fact. It is a portfolio of hosted and managed dependencies.

The likely proprietary value lies in the orchestration: the mobile experience, data and decision services, insight generation, conversation, workflow routing, and internal tools connecting customers and human bankers to the core. This can be valuable without owning the ledger engine or the foundation models. But its defensibility depends on interface portability, accumulated workflow knowledge, controlled customer data, and measured outcomes—not a blanket claim that the entire bank was built in-house.

Ella Is an Interface, a Workflow, and a Control Problem

Ella is presented as a generative AI financial manager. The bank says it can answer general and personalised questions in real time, interpret the customer's finances, and highlight opportunities or anomalies. Its currentproduct marketing pageattaches striking operational claims to the assistant, including high shares of automatically handled interactions and reductions in service effort. ONE ZERO's2025 results presentationgives another headline: 89% of total customer interactions in Q4 were handled without a human banker, while 72% of reactive interactions required no banker.

These percentages may describe real operational progress. They are not yet an audited quality metric.

The first missing piece is the denominator. Does an interaction mean a message, a conversation, a resolved intent, or a customer episode? If a customer sends six messages, receives a generic reply, and calls later, did the system handle six interactions or did it fail one journey? The second is scope. Password reset, opening hours, and transaction lookup are not equivalent to overdraft recommendation, suspected fraud, or disputed securities order. The third is outcome: containment may rise because replies improve, because customers abandon the channel, or because escalation becomes harder. The fourth is harm.

Public reports do not indicate hallucination rates, incorrect personalisation rates, unauthorised action rates, or financial remediation caused by Ella.

The bank's own annual reports acknowledge relevant failure modes. They refer to information security and privacy risk, inaccurate or fabricated model output, algorithmic deviation, and the need for validation and controls. They also describe AI as complementary to people: automated systems analyse and prepare information, while human bankers handle complex cases and can serve more customers with the technology. This is a more credible operational thesis than full replacement, but it needs a measurement system that tracks the full episode.

A useful dashboard would split intents by materiality, report first-contact resolution and repeat contact over a defined period, measure correct escalation as well as containment, test factual grounding against the record, record customer correction, and disclose the rate and value of remediation. It would distinguish a response that only contains a conversation from a response that leads to an appropriate, correctly executed, and understood financial action. It would also measure latency and availability when the model provider, data service, or core connection is degraded.

Until this exists publicly, the 89% figure must be classified as a company operational claim, not evidence that 89% of banking work is autonomous or correct. Absence of a human at the chat level does not mean absence of a human in fraud operations, model validation, compliance, engineering, reconciliation, or complaints management.

Model Providers Can Change Faster Than Banking Contracts

The provider history makes Ella a particularly useful case study in AI dependency. The 2024 audited report stated that ONE ZERO used models from AI21 Labs and OpenAI complementarily for chat. The relationship with AI21 was a related-party matter because Shashua held an indirect interest; the bank stated that its audit committee reviewed and ratified the agreement on arm's-length terms. The 2025 audited report then disclosed that the agreement with AI21 ended in 2025.

This sequence should not be read as evidence of failure or dispute; the public report does not say why the agreement ended. It does show that "the model" is not a permanent component. A provider can change within the five-year life attributed to the surrounding capitalised software. The application, retrieval layer, policies, evaluation sets, and escalation workflow may persist while a model is replaced. Alternatively, a provider change may alter response style, tool use, language performance, safety behaviour, latency, cost, and data processing arrangements.

The current public file does not provide a complete model bill of materials. It does not clearly identify which current provider handles each Ella intent, whether models are hosted or accessed via API, where requests and responses are processed, how long provider logs are retained, whether customer data trains external models, or how versions are pinned and rolled back. The end of the AI21 agreement makes these questions more—not less—important. A historical provider list should not be presented as the live architecture.

The related-party approval addressed one governance dimension: whether the contract was properly reviewed and priced. It did not by itself validate output quality, resilience, or portability. A robust transition file would include a before-and-after assessment on representative financial conversations in Hebrew and English, regression tests for amounts and dates, red-team cases, a privacy review, an incident rehearsal, a cost-per-resolved-intent comparison, and approval from an independent control function. It would preserve enough evidence to reconstruct which provider and version produced a consequential response.

Foundation model substitution can reduce one type of lock-in while increasing another. If ONE ZERO has a strong, model-neutral orchestration layer and a portable evaluation set, competition among model providers can improve economics. If the model prompts, tools, retrieval formats, and safety behaviours are tightly adapted to one provider, every change becomes a risky software release. The public disclosures support the existence of multi-provider experience. They do not yet prove frictionless portability.

The Regulator's Rule on Models Goes Beyond the Chatbot

The Israeli supervisory framework makes this an operational requirement rather than an abstract debate about AI ethics. The Bank of Israel'sDirective 369 on Model Risk Managementwas published in August 2024 with an effective date of August 2025. It uses a broad concept of model and applies a risk-based framework involving governance, inventory, documentation, independent validation, monitoring, and three lines of defence. Third-party models do not transfer responsibility away from the bank.

Ella is only one possible model surface. Fraud detection, credit decisions, customer classification, anomaly detection, anti-money laundering checks, marketing propensity, and operational forecasts may also create model risk. A customer assistant may combine deterministic rules, retrieval, conventional predictive models, and generative output into a single experience. The inventory must preserve these distinctions. A fluent generative model is not the source of truth for a balance; a fraud score is not a customer service reply; and a rule that blocks a transfer should not disappear inside a generic "AI" label.

The central bank'scross-sectoral AI report, published in December 2025, recommends risk-based supervision, meaningful disclosure, and ongoing accountability of the financial institution, while identifying concerns about discrimination, privacy, competition, and stability. It is a policy report, not a finding that ONE ZERO violated a rule. Its relevance is forward-looking: the bank's differentiation depends on expanding AI into sensitive workflows as supervisory expectations become more specific.

Human oversight must therefore be designed, not simply promised. For a low-risk informational question, post-publication monitoring and an easy escalation path may be proportionate. A personalised investment, credit, or fraud decision requires tighter grounding, authority limits, and review. A human who receives an AI-generated case summary needs access to the underlying transactions and uncertainty, not just the model's conclusion. If staffing targets make escalation queues too slow, "human in the loop" can become ceremonial. If staff routinely override the model but feedback never reaches validation, the loop does not learn.

The bank states a model risk framework and acknowledges AI-specific risks. What is missing publicly is operational evidence: the number of models by materiality, validation cadence, exceptions, performance drift, consequential incidents, and remediation. These details may remain partly confidential. A serious institutional assessment can still request aggregate metrics and sample governance artefacts without requiring model weights or customer data.

Automation Improved the Shape of the Loss, Not Erased It

The income statement offers stronger evidence than the assistant interface. In 2024, net interest income rose to NIS 39.7 million from NIS 27.4 million, commission income to NIS 34.2 million from NIS 15.4 million, and the annual net loss narrowed to NIS 267.9 million from NIS 357.5 million. Operating expenses fell to NIS 322.8 million from NIS 380.9 million. Marketing and advertising spending dropped to NIS 26.4 million from NIS 52.8 million; payroll fell to NIS 131.7 million from NIS 150.5 million; and IT spending fell to NIS 49.2 million from NIS 59.1 million.

This was significant progress, but not evidence of a steady-state automated bank. Part of the improvement came from expense reductions and the TCS renegotiation. Average employee headcount fell from 413 to 385, while year-end headcount, including the reported outsourced component, also declined. Software investment continued. The bank was increasing capacity while reducing some current expenses, a combination that makes the capitalisation boundary particularly relevant.

The 2025 accounts show a different transition. Net interest income rose again to NIS 60.6 million and commission income to NIS 56.6 million. The credit loss charge fell to NIS 8.2 million from NIS 18.8 million. The net loss narrowed to NIS 213.9 million. Yet operating expenses were essentially flat at NIS 323.0 million, average headcount was 382, and year-end headcount edged up to 393 while outsourced staff declined. Automation had not transformed the bank into a near-zero labour software service. It may instead have allowed a similar cost base to serve a larger customer population and a broader product set.

This is a plausible and potentially valuable outcome. It requires the right denominator. Customer numbers in the audited and presentation documents vary by date and definition; account openings, registered users, funded accounts, and active primary banking relationships are not interchangeable. Revenues also come from different engines. In 2024, approximately NIS 85.8 million of gross interest revenue came from deposits with banks, primarily the Bank of Israel, while approximately NIS 18.0 million came from credit to the public. The spread earned on excess deposits was larger than loan income.

This matters for the AI thesis. An assistant can attract and retain deposits, encourage customers to make ONE ZERO their primary bank, and increase product usage. But the interest rate environment and the bank's asset allocation can create more revenue than a subscription or a service interaction. If rates fall, deposit pricing changes, or customers move their balances, that engine changes. The bank should not be valued as if all revenue is recurring software revenue simply because the interface is software.

Independent reports provide a useful check on earlier expectations. In March 2024,CTech reportedthe bank's NIS 357 million loss in 2023 and management's then-current ambition to reach profitability by end of 2025. The audited 2025 loss shows that target was not met. Missing a forecast does not invalidate the model, especially in a time of war and rapid product development. It does make future profitability claims testable commitments rather than narrative milestones.

Deposits, Credit, and Capital Set the Hard Boundary

ONE ZERO's balance sheet grew faster than its credit portfolio. Public deposits rose from approximately NIS 1.835 billion at end-2023 to NIS 2.578 billion at end-2024 and NIS 3.568 billion at end-2025. Credit to the public rose from approximately NIS 366.6 million in 2024 to NIS 444.2 million in 2025. The bank stated that most deposit funds were placed at the Bank of Israel—84% at end-2024 and 86% at end-2025—which explains very high liquidity ratios.

This profile reduces some liquidity and credit transformation risks compared to aggressive deposit-to-loan conversion. It also means that economics depend heavily on the margin between what ONE ZERO pays depositors and what it earns on central bank placements. A financial management assistant can support deposit acquisition and engagement; it does not abolish spread economics.

Credit risk remains a banking exposure, not an AI product metric. In 2024, the bank recorded NIS 18.8 million in credit loss charge and reported a growing number of borrowers; in 2025, the charge fell to NIS 8.2 million. A lower annual provision may reflect portfolio performance, mix, model assumptions, and macroeconomic expectations. It should not be attributed to AI without evidence linking underwriting or recovery models to controlled outcomes.

Capital is the tightest constraint. Reported Tier 1 capital fell from approximately NIS 127.4 million at end-2024 to NIS 58.3 million at end-2025, while total capital fell from NIS 133.4 million to NIS 65.2 million. The bank describes a minimum capital condition of NIS 50 million and a start-phase exemption from certain risk-based requirements until risk-weighted assets reach a specified threshold. The resulting cushion warrants attention even in the presence of ample liquidity. Liquidity meets obligations as they fall due; capital absorbs losses. Deposits are liabilities.

Capitalised software cannot be assumed to absorb a banking loss at its carrying value.

The bank has raised funds repeatedly, including SAFE instruments, largely supported by its controlling shareholder. The 2025 accounts report additional SAFE financing and a subsequent commitment in 2026. Media coverage in late 2025 indicated that the bank wasseeking another significant funding round; this report is evidence of a fund-raising process, not proof that a round closed on the terms described. Analysts should reconcile cash raised, accounting classification, conversion terms, dilution, and regulatory capital eligibility instead of treating each financing instrument as equity-equivalent capital.

The boundary is unforgiving. An AI workflow can improve service capacity over multiple years, while a loss consumes capital now. Software can be amortised over five years, while depositor confidence and regulatory ratios are monitored continuously. This imbalance is the central funding risk of the operating model.

Pricing Plans Obscure as Much as They Simplify

ONE ZERO's currentEnglish plans pageshows three approaches. Zero is promoted as pay-per-use with no usual current account and card fees. One is displayed at NIS 49 per month for an individual account and NIS 59 for a joint account after an introductory period. One+ is displayed at NIS 119 and NIS 139 respectively, adding broader benefits. The page presents fixed monthly pricing as an alternative to a long menu of banking fees and subjects benefits to plan conditions, fair-use clauses, and the tariff.

For a customer, the comparison is not simply the monthly price. It is the value of interest on deposits and overdrafts, foreign exchange margin, securities costs, card economics, service availability, and the usefulness of advice. A customer who does not pay a subscription may still be economically valuable through balances and product usage. A subscriber may be unprofitable if acquisition, human support, model inference, card benefits, and infrastructure exceed the fee and associated margin.

The bank's presentation defines customer acquisition cost as marketing spend divided by number of customers recruited, excluding payroll. It also presents a measure of service cost that includes certain selected direct operations, the core, service, and amortisation but excludes cybersecurity and security, sales and marketing, rent, and general administration. These measures can show direction within a consistent series. They are not complete unit economics. Reducing paid media spend can mechanically improve the reported acquisition measure while sales headcount, promotions, or referral incentives sit elsewhere.

Automation can improve direct service cost while model governance and cyber spend remain outside the denominator.

An audited cohort view would start with funded active accounts, not downloads or approvals. It would include acquisition payroll and promotions; plan and transaction fees; net interest contribution after deposit pricing and liquidity allocation; card and securities economics; expected credit loss; direct and allocated human service; model and cloud consumption; fraud and complaint remediation; capitalised development amortisation; and attrition rate. It would then separate customers who use ONE ZERO as a primary bank from those who hold a rate-sensitive deposit or a secondary card.

The decline in marketing spend in 2024 alongside customer count growth is encouraging. It may indicate brand momentum, referrals, or more efficient acquisition. Public data does not identify the mix, cohort payback period, or survival rate. The right conclusion is not that customer economics are weak, but that a subscription label and a selectively defined CAC cannot establish them.

An App-Only Bank Needs More Continuity, Not Less

Branches are expensive and inconvenient to scale. They are also a physical recourse. ONE ZERO's branchless model concentrates the customer relationship in mobile applications, telecommunications, identity services, the TCS core, cloud-hosted systems, and remote human service tools. A failure at one critical junction can make the entire bank unavailable even if balances remain intact.

Annual reports describe business continuity planning, backups for critical technologies, monitoring of important vendors, exercises, and staff ability to operate without relying on a single physical site. They report no significant cyber incidents affecting accounts in 2024 and, in 2025, describe attack attempts, including distributed denial-of-service and social engineering, with no reported business impact. These are narrow management disclosures. "No impact on accounts" does not mean no outages, compromise attempts, degraded service, or customer inconvenience.

The broader sector shows why vendor concentration matters. The Bank of Israel's2024 banking system annual surveystates that reports of significant technology failures increased and notes that the CrowdStrike incident affected several banks. It does not say that ONE ZERO was among them. Its relevance is systemic: a common software or infrastructure dependency can hit institutions whose own code did not change.

The Bank of Israel'scloud computing amendmentpermits broader cloud use, including significant workloads, but leaves responsibility with the bank's board and management. It calls for governance, privacy and cyber controls, vendor diligence, contractual rights, continuity, and an exit plan. Cloud adoption shifts operational work; it does not outsource responsibility.

For ONE ZERO, meaningful continuity evidence would be service-specific. What are the recovery time objectives and recovery point objectives for login, balance display, card control, transfer, securities, customer service, and model-assisted insights? Can the app present authoritative balances and allow essential actions when Ella or an external model is unavailable? Can human bankers retrieve a case when the conversational layer fails? How often are failures of TCS, AWS, telecoms, and the identity provider tested together? Do customers have a status page and an alternative emergency channel?

Vendor exit matters as much as disaster recovery. The bank should be able to extract complete and intelligible core records from TCS, rebuild interfaces, preserve audit history, and run parallel reconciliation. It should be able to restore independent systems outside a failed AWS region or service under tested plans. It should be able to replace a model provider without losing orchestration rules, evaluation evidence, or customer consent constraints. A policy PDF and a successful tabletop exercise are different forms of evidence; both count, but neither replaces timed technical recovery.

Privacy Is Part of the Financial Management Product

Personalisation requires a large data surface. TheHebrew app privacy policyupdated in February 2026 describes categories that may include identity and verification documents, financial activity, communications, app and device data, fraud and anomaly signals, and information from external accounts when the customer grants open banking access. Conversations with the digital banker may reveal goals, preferences, and economic circumstances used to personalise service. The policy also addresses service providers and audience targeting for marketing. Because the reference document is in Hebrew, any English summary must be checked against the original before reaching a legal conclusion.

This is more than a compliance annex. The assistant's advantage depends on joining intimate data over time and across institutions. A model may infer that a customer may enter overdraft before the customer asks; the same context can reveal salary, health-related spending, travel, relationships, or financial stress. Useful information and privacy risk come from the same integration.

TheEnglish website privacy policy, last updated in 2021, covers the public website and general contact data. It should not be confused with a complete description of the banking app or current AI processing. A buyer or a customer under review should use the current app policy, account terms, and open banking consent, then ask for current processor details and international transfers relevant to the service.

AI governance should map each model input to a purpose, legal basis, retention period, and recipient. It should distinguish data used to retrieve a response from data retained for monitoring, and both from data used to improve an external provider's model. It should define whether a customer can obtain a human explanation, correct source information, revoke an open banking connection, and delete optional conversation history without destroying records the bank is legally required to keep. It should also test whether a model reveals information from the wrong account, a joint account holder, or a previous conversation.

ONE ZERO's public file acknowledges privacy and security as AI risks, but does not publish the current model provider data flow diagram. This gap does not prove unsafe processing. It does mean the customer promise is more specific than the public evidence about where conversational data travels. The end of the AI21 agreement makes an updated disclosure particularly valuable.

Security Evidence Is Narrower Than a Trust Badge

The bank runs avulnerability disclosure programmevia HackerOne, offering a safe harbour process and target response times for valid submissions. This is a constructive signal: it gives researchers an authorised path and turns external findings into a managed workflow. It is not a certification, a penetration test result, or a full incident history.

Audited reports describe a security operations capability, cyber governance under the technology organisation, oversight by risk functions, training, and attack monitoring. They also frame cybersecurity, fraud, vendor failure, and privacy as material operational risks. Public evidence does not disclose control effectiveness in enough detail to compare detection time, patch latency, phishing resilience, or privileged access discipline with peers. It should not; publishing actionable details would be irresponsible. Aggregated assurance can still be stronger than "no material impact".

The right evidence stack has multiple layers. Independent assurance on the TCS service bureau helps with controls at the main vendor, but the bank must assess complementary controls on its side. Cloud certifications help define AWS's control environment, but do not validate ONE ZERO's identity configuration or application code. A vulnerability programme can find flaws, but excludes disruptive testing and relies on scope. Model red-teaming can expose prompt injection or data leakage failures, but does not test card processing or telecom failure recovery.

An AI assistant adds unusual attack vectors. A malicious instruction in retrieved text may attempt to redirect the model. A customer may attempt to extract confidential system prompts or another user's information. An attacker may impersonate support, exploiting the familiarity of a conversational banker. A model may confidently repeat a fraudulent beneficiary instruction. Controls must therefore separate untrusted content, restrict tools by intent, require fresh authentication for consequential actions, display authoritative transaction details outside generated prose, and preserve a clear distinction between advice and execution.

The Bank of Israel's2025 supervisory remarkslink AI opportunity to the need for trained staff, risk systems, and enhanced management of cyber threats and external vendors. These are sectoral guidance, not a criticism of ONE ZERO. They nonetheless capture the bank's challenge: a lean digital organisation cannot economise on the control functions its automation depends on.

Complaints Test Outcomes That Interaction Counts Miss

ONE ZERO's own2025 public complaints reportprovides a rare, outcome-oriented counterweight to marketing metrics. It records 663 complaints received and 579 handled during the reporting period. Of the handled cases, 143 were classified as justified, 266 as not justified, 165 as no fault established, and five out of scope. Current accounts and payment instruments were the largest disclosed subject groups, followed by service quality.

These figures should not be attributed to Ella. The report does not provide a chatbot-specific cause field, a rate per active customer, or a denominator comparable across peers. Growth can increase the absolute number of complaints even as service improves, and a justified complaint can arise in a card, transfer, disclosure, or human process. The report also cannot capture customers who abandon a task without complaining.

It shows why "handled without a banker" is incomplete. A conversation may be contained today and become a complaint later. A correct answer may still be delivered too late. An automated prompt may be clear but lead to an inappropriate outcome. Joining interaction, transaction, repeat-contact, complaint, and remediation data would allow ONE ZERO to demonstrate something more valuable than containment: reliable resolution.

The Bank of Israel's2025 household surveyfound that direct channels dominate banking interactions and reported high system-wide satisfaction with digital services, while smaller banks performed well on several measures. ONE ZERO's presentation reproduces a favourable brand result from that survey. The independent study supports the demand for digital service; the company presentation provides the company-specific framing. Neither establishes that Ella caused the result.

Customer Exit Is Easier Than Core Exit, but Not Effortless

The Israeli online banking mobility reform reduces one traditional barrier. The Bank of Israel'sswitching rulescreated a fee-free process designed to transfer a current account within seven business days and route subsequent activity. A2026 Bank of Israel research paper using account-level dataestimates that the switching probability rose from approximately 0.6% to approximately 1.4% after the reform. Switching became more likely, but remained uncommon.

The remaining friction is broader than the account number. A customer may have deposits with maturity dates, securities positions, credit, cards, direct debits, beneficiary lists, tax records, open banking permissions, and a history of conversations and categorisation. Some items can be moved automatically, some require action, and some stay where they were. The central bank'sone-year mobility updatenotes legal and technical conditions that can prevent or delay a switch.

ONE ZERO's AI layer may create a softer switching cost. If customers rely on its categorisation, accumulated context, and proactive alerts, a new bank may not replicate the history or preferences. This may represent earned product value rather than abusive lock-in. Portability determines which. Customers should be able to export transaction history and required records in understandable formats, understand what information and conversation data will be retained, revoke permissions from external accounts, and preserve access to statements after closure.

The bank itself faces a much harder exit from vendors. A consumer can invoke a regulated mobility process; ONE ZERO cannot move years of core operations from TCS or rebuild model workflows on another provider in seven days. Contractual termination assistance, tested data portability, and parallel running are therefore material assets even if they never appear as features in the app.

Substitutes Compete on Different Layers

ONE ZERO does not only compete with other "AI banks". Major Israeli banking groups offer mature apps, broad product sets, branch and call centre recourse, large balance sheets, and established trust. Smaller banks can compete on service and price. Credit card companies, brokers, and deposit platforms can capture individual products. Open banking tools can aggregate accounts without taking deposits. A customer may also combine an incumbent account with spreadsheets, alerts, and a human adviser.

The Bank of Israel'scurrent competition analysiscontinues to describe concentration among the five largest banking groups and policy measures intended to improve deposit competition. This creates an opening for a small licensed entrant. It does not guarantee profitable scale.

ONE ZERO's strongest differentiation is the combination of a banking licence, a modern direct service layer, and a human-plus-AI operating model. A standalone financial assistant cannot itself back deposits or execute the full regulated workflow. An incumbent can, however, add similar models to a larger existing customer base. Foundation models are buyable; mobile interfaces can be copied; deposit rates can be matched. The lasting advantage must come from faster controlled iteration, better data-to-action workflows, credible service outcomes, and a cost structure that remains lower after all control functions are included.

The threat is not simply that a competitor builds a better chatbot. It is that an incumbent achieves adequate automation without funding years of start-up losses, or that customers prefer a high deposit rate and a familiar institution to proactive advice. ONE ZERO must make the integrated experience valuable enough to become the primary relationship, because secondary accounts produce weaker data, lower engagement, and more rate-sensitive funding.

A Ten-Part Due Diligence Test

ONE ZERO can be evaluated without requiring disclosure of customer data or proprietary code. A buyer, funding provider, corporate partner, or sophisticated customer should ask for ten linked forms of evidence.

First, confirm the entity boundary. Contracts, deposits, AI services, and support promises should name One Zero Digital Bank Ltd. where that company is responsible. Services provided by TCS, AWS, model providers, card processors, or affiliates should be identified as dependencies rather than silently absorbed into "our technology".

Second, map every consequential customer intent. The map should identify read and write permissions, authoritative data source, model role, authentication, transaction limits, human approval, logging, and recourse. A demonstration of Ella answering a question is not evidence that the downstream action is controlled.

Third, inspect the model inventory and current vendor bill of materials. This should include conventional and generative models, materiality level, owner, provider and version, processing location, training data restriction, evaluation set, validation date, monitoring threshold, and fallback. The terminated AI21 agreement makes a dated, current-state inventory essential.

Fourth, test outcomes by risk. Low-stakes information, account-specific explanations, anomaly alerts, investment context, credit, and suspected fraud require different acceptance thresholds. Report factual accuracy, false reassurance, missed escalation, repeat contact, abandonment, remediation, and financial impact—not just the contained proportion.

Fifth, reconcile software delivery with accounting. For a sample of major releases, show the capitalise-or-expense decision, directly attributable labour, evidence of readiness, justification for the five-year life, maintenance separation, and impairment review. Link releases to measurable customer or control benefits. The audit opinion provides assurance on financial statements, not a product-level return on investment for each project.

Sixth, calculate full cohort economics. Start with funded active customers and include acquisition payroll, incentives, deposit margin, fees, direct service, core and cloud, model inference, cyber, compliance, fraud, expected credit loss, allocated overhead, and software amortisation. Reconcile this measure to statutory accounts and preserve the company's narrower CAC and service cost series as operational sub-metrics.

Seventh, test continuity across junctions. Run scenarios where the app is available but the core is not, the core is available but the model is not, identity verification fails, a telecom provider is disrupted, AWS services degrade, or TCS must recover. Record achieved recovery times, data loss, customer communication, and manual service capability.

Eighth, inspect privacy and security evidence. Trace conversational and open banking data to each processor, document retention and training restrictions, test joint-account boundaries, review independent assurance and penetration tests, and sample vulnerability remediation. Ensure generated prose cannot directly authorise a sensitive transaction.

Ninth, test vendor and customer exit. Rehearse model replacement against a fixed evaluation set; obtain core data in a usable; price termination assistance; and verify customer export, account mobility, statement access, and consent revocation. A contractual right that has never been exercised is weaker evidence than a timed rehearsal.

Tenth, reconcile growth with capital. Stress lower rates, deposit repricing, slower acquisition, higher credit losses, an operational remediation event, and another year of software investment. Show the effect on liquidity and regulatory capital separately. Include committed financing only according to its legal, accounting, and regulatory status.

These tests are deliberately linked. A cheap interaction that produces repeat contact is not cheap. A performing model without vendor exit is not resilient. A valuable software asset that cannot help absorb ongoing banking losses is not capital. A liquid balance sheet with an unreliable app is not a functioning branchless service.

The Monitoring Point Is the Control Margin

ONE ZERO's public evidence supports a serious technology experiment, not a final verdict. Customer and deposit growth are real balance sheet developments. Revenue rose, the annual loss narrowed for two consecutive years, and some selected costs were reduced. The bank has built a substantial internal-use software asset and reports that automation handles a large share of interactions. It also remains loss-making, dependent on ongoing funding, close enough to its reported minimum capital condition to warrant attention, and reliant on core, cloud, and model providers.

Future disclosures should be read as a connected dashboard. Monitor the current model provider map after AI21, not the 2024 provider list. Monitor Ella's resolution and remediation by intent, not just containment. Monitor capitalised additions, amortisation, abandoned releases, and impairment together. Monitor full acquisition payback and contribution per funded cohort, not a CAC that excludes payroll. Monitor deposit margin, rate sensitivity, and primary account usage alongside subscription revenue. Monitor credit losses and regulatory capital separately from liquidity.

Monitor complaint causes, major service degradations, and achieved recovery times. Reconcile TCS contract duration and test exit rather than inferring flexibility from a renegotiated price.

The economic objective is a growing control margin: the difference between the verified value produced by automation and the total cost of making that automation safe, available, explainable, and reversible inside a bank. A larger customer base can widen it. Better routing that lets human bankers focus on complex cases can too. A model error, a vendor outage, an expensive acquisition cohort, an obsolete software asset, or a capital shortfall can narrow it quickly.

This lens avoids two symmetric errors. The first is to dismiss ONE ZERO because people, outsourced infrastructure, and regulatory controls remain in the loop. Those components are what make an AI service usable for real money. The second is to treat a high automation percentage as evidence that the bank has become a software economics business. The audited accounts show the opposite: deposits have a price, credit has a loss distribution, code depreciates, vendors have leverage, and capital bears the residual.

The bank's most important technology may therefore be neither Ella nor any particular foundation model. It may be the chain of evidence that allows ONE ZERO to modify those components while preserving transaction truth, customer recourse, and supervisory accountability. If the four ledgers continue to reconcile as scale increases, the AI-native bank can become an operational advantage. If they diverge, the interface's fluidity will only make the underlying imbalance harder to see.