V-DIG Domain Audit — Lloyds Banking Group plc

Audit Phase: V-DIG (Digital Forensics / Technology Supply Chain) Target: Lloyds Banking Group plc Audit Date: 2026-05-01 Evidence Base: Publicly available corporate disclosures, regulatory filings, trade press, and NGO/civil society reporting as documented in the research memo. All web search queries returned null results during research; findings rely exclusively on training-data knowledge of identified public documents. No new research has been conducted in the preparation of this audit.

Enterprise Technology Stack & Vendor Relationships

Disclosed Strategic Technology Partners

Lloyds Banking Group’s Annual Reports for 2022, 2023, and 2024 and its June 2022 Investor Day technology presentation collectively set out the bank’s core enterprise technology supply chain ¹²³⁴. The publicly named strategic vendors are:

• Microsoft Azure — designated strategic cloud partner from 2021 onwards, covering core workload migration and productivity infrastructure ⁵
• Amazon Web Services (AWS) — expanded cloud partnership formalised in 2022, providing additional cloud capacity and data services ⁶
• Google Cloud — partnership announced 2022, focused on data analytics and AI/ML workloads ⁷
• IBM — primary IT infrastructure outsourcing partner under a £1.6bn multi-year contract signed in 2017 and covering managed infrastructure, mainframe, and application services ⁸
• Tata Consultancy Services (TCS) — renewed strategic partnership covering application management, digital engineering, and technology operations ⁹
• Pegasystems (Pega) — selected in 2022 for enterprise CRM transformation across retail and commercial banking lines ¹⁰
• SAS Institute — analytics platform deployed for fraud detection, credit risk modelling, and regulatory reporting ¹¹
• Workday — HR and workforce management platform deployed across the Group ¹²

The bank’s 2024 Strategic Report reaffirms commitment to a multi-cloud architecture and references continued investment in digital transformation across its Halifax, Lloyds Bank, Bank of Scotland, and Scottish Widows brands ³¹³.

Israeli-Origin or Israeli-Founded Technology Vendors

A systematic review of all identified public sources finds no named or confirmed contractual relationship between Lloyds Banking Group and any Israeli-origin or Israeli-founded technology vendor. Specific vendors examined are addressed individually below.

Palo Alto Networks — Co-founded in 2005 by Israeli entrepreneur Nir Zuk; the company maintains material R&D operations in Tel Aviv and is widely deployed in UK financial services cybersecurity architectures ¹⁴. Palo Alto Networks is a US-incorporated, Nasdaq-listed entity. No publicly documented licensing, deployment, or partnership contract between Lloyds Banking Group and Palo Alto Networks has been identified in any corporate filing, press release, procurement disclosure, or trade publication reviewed for this audit ¹²³⁴¹⁵. No public evidence identified.

Check Point Software Technologies — Headquartered in Tel Aviv; a leading network and endpoint security vendor with significant penetration across UK banking. No named Lloyds–Check Point contract has been identified in any reviewed corporate filing, press release, or trade publication. No public evidence identified.

Verint Systems — Israeli-founded (now US-listed) vendor specialising in workforce engagement management, contact-centre analytics, and intelligence platforms. Verint publicly markets its platform to UK financial services broadly and its financial services sector pages reference major UK banking institutions in general terms ¹⁶. The Who Profits Research Centre has documented Verint’s supply of intelligence and surveillance technologies to Israeli military and security bodies ¹⁷. However, no Lloyds-specific named contract, deployment, or reference has been identified in any reviewed corporate disclosure, procurement record, or trade press source. Relationship status: unconfirmed.

NICE Ltd — Israeli-headquartered vendor of customer engagement, workforce engagement management (WEM), and CX analytics platforms. NICE markets its platform extensively to UK financial services clients ¹⁸; the Who Profits Research Centre documents NICE’s provision of technologies to Israeli state bodies ¹⁹. As with Verint, no Lloyds-specific named contract or deployment has been identified in any reviewed public source. Relationship status: unconfirmed.

Wiz — Israeli-founded cloud security posture management (CSPM) vendor. No public evidence identified of any Lloyds–Wiz relationship in reviewed sources.

SentinelOne — Israeli co-founded endpoint detection and response vendor. No public evidence identified of a named Lloyds–SentinelOne contract.

CyberArk Software — Israeli-headquartered privileged access management (PAM) vendor. No public evidence identified of a named Lloyds–CyberArk contract in reviewed sources.

Claroty — Israeli-founded OT/IoT security vendor. No public evidence identified of a Lloyds–Claroty relationship.

Procurement, Integrator, and Sub-Vendor Chains

Lloyds’ 2022 Investor Day presentation references a layered enterprise security architecture involving multiple unnamed cybersecurity vendors, but does not disclose specific product vendor identities ⁴. CISO-level trade press coverage similarly references a defence-in-depth approach without naming constituent security vendors ¹⁵.

IBM, as primary IT infrastructure outsourcer since 2017 ⁸, maintains its own global vendor supply chain that may include third-party cybersecurity sub-vendors. IBM itself operates R&D centres in Israel. The specific sub-vendors deployed by IBM as part of its Lloyds managed services engagement are not publicly disclosed; it is therefore not possible to confirm or exclude the presence of Israeli-origin sub-vendor products within IBM’s delivery chain for Lloyds from available public evidence.

TCS, as strategic technology partner ⁹, similarly operates a multi-vendor delivery model. TCS’s technology sub-contractors for the Lloyds engagement are not publicly disclosed.

Lloyds’ supplier diversity and procurement policy, published on its corporate website, sets out ethical sourcing and due diligence obligations for direct suppliers ²⁰; the policy does not address sub-vendor technology provenance at the level of national origin.

Surveillance, Biometrics & Retail Technology

Facial Recognition and Biometric Authentication

Lloyds Banking Group uses biometric authentication within its retail mobile banking applications — specifically fingerprint recognition and face identification. These implementations rely on device-native OS-level biometric APIs provided by Apple (Face ID / Touch ID) and Android (BiometricPrompt), not on third-party biometric platform vendors. No proprietary biometric verification stack from a third-party vendor has been publicly disclosed.

Big Brother Watch’s 2022 report examining the use of facial recognition and biometric technologies across UK banking institutions does not name Lloyds Banking Group as a user of facial recognition technology from any vendor, including Israeli-origin platforms ²¹. No public evidence identified of Lloyds deploying facial recognition, gait analysis, emotion recognition, or any live surveillance biometric system in branch environments, retail operations, or back-office settings from any vendor, including Israeli-origin vendors such as AnyVision/Oosto, BriefCam, Trigo, or Corsight AI.

Predictive Analytics, Fraud Detection, and Workforce Monitoring

Lloyds’ deployed analytics platform for fraud detection and credit risk is SAS Institute, a US-headquartered vendor ¹¹. The bank’s Responsible Business Report 2023 references data-driven customer outcomes and risk management without identifying additional analytics vendors ²².

No public evidence identified of Israeli-origin predictive analytics platforms, social media monitoring tools, or workforce surveillance systems in Lloyds’ disclosed technology estate. Sources checked include corporate filings ¹²³, responsible business disclosures ²², the Big Brother Watch biometrics report ²¹, and trade press ¹⁵.

Contact-Centre Analytics

As noted in the vendor analysis above, both Verint and NICE are active in the UK financial services contact-centre analytics market and both market their platforms to major UK banks ¹⁶¹⁸. Neither company is named as a Lloyds vendor in any reviewed public disclosure. The absence of public confirmation does not constitute verified absence, and this area is identified as a material evidence gap (see Evidence Gaps).

Third-Party and Indirect Deployment

No public evidence identified that Israeli-origin surveillance or biometric technologies reach Lloyds indirectly through managed security service providers, bundled enterprise software suites, or platform intermediaries.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Estate and UK Residency

Lloyds Banking Group has undertaken a multi-year programme of data centre consolidation, reducing its physical data centre estate from more than sixty sites to a smaller number of strategic UK facilities ²³. The bank’s corporate locations disclosure confirms that its operational and technology infrastructure is situated within the United Kingdom ²⁴.

UK data residency for material operations is a regulatory requirement for systemically important UK banks under the FCA’s operational resilience framework, codified in Policy Statement PS21/3, which took effect in March 2022 ²⁵. Lloyds’ compliance with these requirements reinforces the UK-centric nature of its data processing footprint. No public evidence identified that Lloyds operates, leases, co-locates, or processes material customer data at facilities within Israel.

Multi-Cloud Architecture

The bank’s three strategic cloud partnerships — Microsoft Azure ⁵, AWS ⁶, and Google Cloud ⁷ — are all operated through UK and European cloud regions for Lloyds’ workloads, consistent with the bank’s data residency obligations. The 2022 cloud strategy reporting confirms this UK-anchored approach ²³.

Project Nimbus and Israeli State Cloud Contracts

Project Nimbus is the Israeli government’s cloud infrastructure contract, awarded jointly to Google Cloud and AWS. Lloyds Banking Group is a paying customer of both AWS ⁶ and Google Cloud ⁷, consuming commercially available hyperscaler services. Lloyds is a consumer of these platforms, not a participant in or beneficiary of Project Nimbus. There is no documented linkage between Lloyds’ cloud consumption agreements and the Nimbus contract or any Israeli government cloud programme. No public evidence identified that Lloyds participates in any Israeli state-backed cloud infrastructure programme or that its cloud workloads are routed through Israeli state-connected infrastructure.

Sovereign Cloud and State Infrastructure Services

No public evidence identified that Lloyds Banking Group provides data sovereignty services, infrastructure resilience services, or managed cloud capabilities to any Israeli state institution, government ministry, or military body. The Group is a retail and commercial bank; it is not a cloud service provider or managed infrastructure operator for third-party state entities.

Defence, Intelligence & Security Sector Technology Relationships

Military and Intelligence Contracts

No public evidence identified of any contract, partnership, memorandum of understanding, or service agreement between Lloyds Banking Group and the Israeli Ministry of Defence, Israel Defence Forces (IDF), Shin Bet, Mossad, Unit 8200, or any other Israeli state security or intelligence body. Lloyds’ disclosed client base consists of personal customers, SMEs, and corporate banking clients in the United Kingdom. Annual report disclosures, responsible business reports, and modern slavery statements contain no reference to any defence or intelligence sector client relationships in Israel or any other jurisdiction ^1232226.

Dual-Use Technology Provision

No public evidence identified of Lloyds’ commercially available financial technology, data analytics infrastructure, or software platforms being reported, confirmed, or documented as deployed in military, intelligence, or law enforcement surveillance applications within Israel or the Occupied Palestinian Territories. The Who Profits corporate database ²⁷ does not return a dedicated profile for Lloyds Banking Group, indicating the organisation has not published findings in this domain naming Lloyds.

Offensive Cyber and Weapons Technology

This sub-category is not applicable. Lloyds Banking Group is a financial services group; it does not develop, sell, license, or maintain cybersecurity offensive tools, digital weapons systems, surveillance platforms, or capabilities of military application. No public evidence identified.

AI, Algorithmic & Autonomous Systems

AI/ML Deployment — Scope and Application

Lloyds’ disclosed AI and machine learning applications are confined to internally operated, UK-regulated financial services functions. Publicly documented uses include credit decisioning, behavioural fraud detection, customer service automation (chatbot and intelligent routing), and operational efficiency analytics ¹³⁴. The bank’s Google Cloud partnership references AI/ML workloads as a primary use case ⁷.

The 2024 Strategic Report and February 2025 Investor Update reference continued investment in AI-driven productivity tools and advanced analytics as part of the Group’s strategic technology programme ³¹³.

Provision of AI to Israeli State Bodies

No public evidence identified of Lloyds providing AI systems, machine learning models, computer vision platforms, or autonomous decision-support technologies to any Israeli state body, military institution, or security service. The bank’s AI capabilities are developed for, and deployed in, Lloyds’ own UK retail and commercial banking operations.

Training Data and Population Data

No public evidence identified that Lloyds’ AI or ML models are trained on, or given access to, civilian population datasets, intercepted communications, surveillance-derived data, or any datasets sourced from or relating to Israel or the Occupied Palestinian Territories.

Autonomous Systems and Lethal Applications

Not applicable. Lloyds Banking Group does not develop or operate autonomous weapons, lethal autonomous systems, or military decision-support systems of any kind. No public evidence identified.

Technology Ecosystem & R&D Footprint

UK Innovation and Technology Offices

Lloyds Banking Group’s disclosed technology and innovation footprint is concentrated in the United Kingdom. The Group’s principal technology and operations centres are located in London, Edinburgh, Halifax, and Bristol ²⁴. The bank does not publicly disclose any offshore R&D facilities beyond these UK hubs.

Lloyds Banking Group Ventures

Lloyds Banking Group Ventures is the Group’s strategic investment and venture arm. Its publicly disclosed portfolio and programme pages list UK and international fintech partnerships focused on financial services innovation ²⁸. As of the research date, the Ventures portfolio page does not list any Israeli-based portfolio companies, innovation programmes, or accelerator partnerships. No public evidence identified of LBG Ventures having made disclosed investments into Israeli technology startups or Israeli venture funds.

Acquisitions

No public evidence identified of Lloyds Banking Group acquiring any Israeli-origin or Israeli-domiciled technology company. Corporate filing histories ¹²³ and trade press records contain no such transaction.

Academic and Research Partnerships

No public evidence identified of formal R&D collaboration agreements, joint patent filings, or funded research programmes between Lloyds Banking Group and Israeli universities, research institutions (including Technion–Israel Institute of Technology, Hebrew University, or Weizmann Institute of Science), or Israeli government research bodies.

Patent Portfolio

No significant patent or intellectual property co-development arrangements between Lloyds Banking Group and Israeli-domiciled entities are identified in available corporate disclosures or publicly searchable patent databases based on training-data knowledge.

Civil Society Scrutiny & Regulatory History

Who Profits Research Centre

The Who Profits Research Centre maintains a detailed corporate complicity database profiling technology and defence companies with verified relationships to Israeli military operations, settlement infrastructure, or occupation-related projects ²⁷. Its specific published profiles for technology vendors relevant to UK banking include entries for Verint Systems ¹⁷ and NICE Systems ¹⁹, documenting those companies’ supply of technologies to Israeli state bodies. A review of the Who Profits database does not return a dedicated profile for Lloyds Banking Group itself, indicating that the organisation has not published documented findings specifically naming Lloyds in this context as of the research date. As noted in the evidence gaps, Who Profits focuses primarily on technology and defence sector companies; UK retail banks are less systematically profiled, and the absence of a dedicated entry should not be construed as verified confirmation of absence of all relevant relationships.

BDS Movement and Palestine Solidarity Campaign

The BDS Movement’s published financial sector target list ²⁹ and the Palestine Solidarity Campaign’s corporate complicity database ³⁰ do not include Lloyds Banking Group as a named target based on technology sector relationships or Israeli technology supply chain grounds. Lloyds has been subject to separate shareholder activism related to fossil fuel exposure and general ESG performance, but no organised boycott, divestment, or sanctions campaign specifically targeting the bank on grounds of Israeli technology provision or operations in occupied territories has been publicly identified in reviewed sources.

Big Brother Watch

Big Brother Watch’s 2022 report on biometric surveillance in UK banking ²¹ does not name Lloyds Banking Group in connection with Israeli-origin biometric or surveillance technology, and does not identify Lloyds as a user of facial recognition or third-party biometric platforms from any vendor.

FCA Regulatory History

The FCA’s operational resilience framework (PS21/3) applies to Lloyds as a systemically important UK bank and governs data residency, third-party technology risk, and business continuity requirements ²⁵. Lloyds’ disclosures indicate ongoing compliance with these requirements ¹³. No public evidence identified of regulatory inquiries, enforcement actions, export control investigations, or sanctions-related legal proceedings involving Lloyds Banking Group in connection with the provision of technology services or financial services to Israeli state entities. UK export control and FCA enforcement records (based on training-data knowledge) contain no such actions against Lloyds in the domains examined by this audit.

Modern Slavery and Supply Chain Disclosures

Lloyds’ Modern Slavery and Human Trafficking Statement 2023 addresses supply chain due diligence, labour rights, and procurement ethics ²⁶. It does not address technology vendor national-origin considerations or geopolitical supply chain risk as specifically applied to Israeli-origin vendors. Lloyds’ supplier diversity and procurement policy similarly does not address this dimension ²⁰.

Evidence Gaps

The following material evidence gaps could not be resolved from available public sources and would require non-public procurement records, freedom of information requests, or direct company engagement to resolve:

1. Full cybersecurity vendor stack — Lloyds does not publicly disclose its complete cybersecurity vendor list. The bank’s layered defence architecture references unnamed security vendors ⁴¹⁵; it is therefore not possible to confirm or rule out licensing relationships with Check Point, CyberArk, SentinelOne, Wiz, or Claroty from public sources alone.
2. Contact-centre analytics platforms — Whether Lloyds deploys Verint or NICE platforms for workforce engagement management or call-centre analytics cannot be confirmed or denied from public disclosures. Both companies market broadly to major UK banks ¹⁶¹⁸ and both have documented Israeli state relationships ¹⁷¹⁹.
3. IBM sub-vendor chain — IBM (primary IT outsourcer ⁸) may deploy Israeli-origin cybersecurity or analytics sub-vendors as part of managed services delivery to Lloyds. IBM’s sub-vendor list for this engagement is not publicly disclosed.
4. TCS sub-vendor chain — TCS’s technology sub-contractors for the Lloyds engagement ⁹ are not publicly disclosed.
5. LBG Ventures full investment history — The disclosed Ventures portfolio page ²⁸ may not capture all seed, minority, or undisclosed investments; historical investment records are not comprehensively published.
6. 2024 Annual Report full technology disclosures — The 2024 Annual Report ³ and associated February 2025 Investor Update ¹³ may contain additional vendor-specific technology disclosures not fully captured in training-data knowledge; a direct document review is recommended.
7. Who Profits database coverage — The absence of a dedicated Lloyds entry in the Who Profits database ²⁷ reflects the organisation’s primary focus on technology and defence companies rather than UK retail banks, and does not constitute verified confirmation of the absence of all relevant relationships.

End Notes