INDEX / DIRECTORY / NATWEST / V-DIG

Natwest V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-19
V-DIG Score 0.48 /10 E Natwest — BDS-1000 46
V-DIG 0.48

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-DIG Audit — NatWest Group plc

Audit Phase: V-DIG (Digital Forensics — Cyber-Intelligence & Technology Supply Chain) Target: NatWest Group plc Report Date: 2026-05-01 Scope Note: All findings are drawn from open-source corporate disclosures, regulatory filings, NGO reports, and verified trade press as catalogued in the research memo. No new independent research has been conducted for this document. Where no confirmable public evidence exists, this is stated explicitly. Sources marked [pre-2020] pre-date the five-year evidence horizon and are treated as contextual background only.

Enterprise Technology Stack & Vendor Relationships

Confirmed Core Vendor Relationships

NatWest Group’s enterprise technology estate is anchored by three US-domiciled hyperscale cloud providers and a small number of major systems integrators, all documented in corporate disclosures and trade press.

NatWest’s dependency on Microsoft Azure, AWS, and Google Cloud means its critical digital infrastructure is fully concentrated in US-domiciled technology providers, consistent with its published Pillar 3 operational risk disclosures which identify third-party and outsourcing concentration risk. 10

Israeli-Origin Software Vendors — Status Assessment

The following Israeli-origin or Israeli-co-founded technology vendors were assessed against all available open-source evidence. No confirmed procurement relationship with NatWest was identified for any vendor in this category.

NICE Ltd (Israeli-founded, Raanana): NICE’s Workforce Management, call recording, and Customer Engagement Analytics platforms are among the most widely deployed products in UK financial services contact centres. Pre-2020 NICE press release archives reference generic UK financial services deployments, but no named NatWest contract, case study, or licensing announcement appears in any public source. [^27] Relationship status: unconfirmed. [pre-2020 reference only]

Verint Systems (Israeli-origin, now US-listed): Verint’s workforce intelligence and customer engagement platforms have documented UK banking sector deployments. Pre-2020 Verint press materials reference UK banking deployments generically, without naming NatWest. No specific public procurement record, press announcement, or named case study has been identified. Relationship status: unconfirmed. [pre-2020 reference only]

Check Point Software Technologies (Israeli-origin, headquartered Tel Aviv): No public procurement record, case study, or press announcement confirming any Check Point–NatWest licensing or security integration relationship has been identified. No public evidence identified.

CyberArk Software (Israeli-origin, Petah Tikva): CyberArk’s Privileged Access Management products are among the most widely deployed PAM solutions in UK financial services. While NatWest’s published Supplier Code of Conduct confirms a structured third-party risk management framework consistent with PAM platform deployment, 11 no specific public record confirms a NatWest–CyberArk contract. No public evidence identified of a confirmed relationship.

SentinelOne (Israeli co-founded, US-headquartered): No public procurement record or announcement has been identified. No public evidence identified.

Wiz (Israeli-founded cloud security, US-headquartered): No public procurement record confirmed. No confirmable public source identifies a NatWest–Wiz relationship. No public evidence identified.

Palo Alto Networks (co-founded by Israeli national Nir Zuk, US-headquartered): Palo Alto Networks publishes generic UK financial services customer references, but no case study, press release, or corporate filing names NatWest as a customer. [^27] No public evidence identified of a confirmed relationship.

Claroty (Israeli co-founded, OT/IoT security): NatWest does not operate industrial control or OT environments to which Claroty’s primary product focus applies. No public evidence identified.

Procurement Governance & Third-Party Risk

NatWest’s published Supplier Code of Conduct 11 and Modern Slavery Act Transparency Statement 12 establish formal governance frameworks for third-party relationships, including requirements for ethical conduct, data protection compliance, and human rights due diligence. Neither document discloses named technology vendors or sub-processor lists at a level of granularity that would confirm or exclude specific Israeli-origin platforms.

NatWest’s responsible business reporting 13 and SEC Form 20-F 14 both reference third-party and outsourcing risk as material operational risks, consistent with the FCA’s PS21/3 operational resilience framework, 15 but again without naming specific technology vendors beyond the hyperscaler relationships.

Surveillance, Biometrics & Retail Technology

Business Model Scope

NatWest is a retail and commercial banking group, not a physical retailer. It does not operate a shop-floor network where facial recognition or loss-prevention surveillance technologies — typically associated with Israeli-origin vendors such as Trigo, AnyVision/Oosto, or BriefCam — would be applicable. This structural fact limits the relevance of retail surveillance technology vendors to NatWest’s operating model.

Biometric Authentication

NatWest deploys biometric authentication for mobile and online banking — specifically fingerprint and facial recognition via device-native Apple iOS and Android biometric frameworks. 8 These implementations are mediated through the operating system APIs of Apple and Google respectively, not through standalone Israeli-origin biometric identity platforms. No public evidence identified of NatWest procuring or deploying any Israeli-origin biometric platform (including AnyVision/Oosto, Trigo, or any comparable vendor) for customer identity or access management purposes.

Workforce & Contact Centre Monitoring

NatWest operates large customer-facing contact centre estates in the UK. Workforce management, call recording, and speech analytics platforms are standard operational requirements in this context. As noted in the Enterprise Technology Stack section, NICE Ltd and Verint Systems are the dominant vendors in this category for UK banking — but no public procurement record, named case study, or licensing announcement confirms either vendor’s presence in NatWest’s contact centre technology estate. This represents the most plausible area of undocumented Israeli-origin technology exposure in NatWest’s stack, but the absence of public evidence precludes a confirmed finding.

Predictive Analytics & Population Monitoring

No public evidence has been identified of NatWest deploying Israeli-origin predictive analytics, social media monitoring, or mass surveillance tools either internally (for workforce monitoring) or externally (for customer surveillance beyond standard fraud analytics). No public evidence identified.

Third-Party Bundled Surveillance Exposure

No public evidence has been identified of Israeli-origin surveillance technology reaching NatWest indirectly via managed service providers or enterprise software suites bundled through Microsoft, IBM, or Accenture engagements. This indirect exposure pathway is not resolvable from public sources alone, as it would require granular sub-processor disclosure not publicly available.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

NatWest Data Centre Footprint

NatWest Group’s published location disclosures identify active operations in the United Kingdom, Republic of Ireland, and a small number of international financial centres (including presences consistent with private banking and wealth management activities). No Israeli data centre, co-location facility, or network point of presence has been identified in any NatWest corporate disclosure, annual report, or regulator-published location record. 16817 NatWest discloses no banking, commercial, or technology infrastructure within Israel.

Hyperscaler Cloud Regions

NatWest’s confirmed primary cloud providers — Microsoft Azure, AWS, and Google Cloud 12345 — each operate data centre regions in Israel. However, NatWest’s use of these providers’ Israeli regions is not confirmed in any public source. Cloud customers are not required to use all available regions of a provider; workload placement decisions are governed by data residency requirements, regulatory obligations (including UK GDPR and PRA operational resilience rules), and contractual data localisation provisions. UK-regulated banks’ customer and operational data is expected to be processed within UK and EEA-compliant regions by default under PRA supervisory expectations. 18 No evidence suggests NatWest routes regulated data through Israeli cloud regions.

Project Nimbus & Israeli Government Cloud

Project Nimbus is a contract between the Israeli government, the Israel Defence Forces, and Google Cloud/AWS — not a contract involving NatWest in any capacity. NatWest is a private commercial banking group with no publicly identified role in Israeli sovereign cloud procurement, defence cloud infrastructure, or government technology provision anywhere globally. No public evidence identified.

Sovereign Cloud Services to Third-Party Governments

NatWest’s cloud relationships are exclusively as a customer of hyperscalers, not as a provider of cloud or managed technology services to any government, including Israeli institutions. This is consistent with its disclosed business model as a retail and commercial bank. 814 No public evidence identified of any NatWest technology service provision to Israeli state institutions.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

NatWest Group is a retail and commercial banking group. It does not publicly disclose, and is not known from any public source to hold, technology service contracts with any military or intelligence agency — including those of the State of Israel, the IDF, Mossad, Shin Bet, or Unit 8200 — or any equivalent body of any other state. No such contract has been identified in corporate filings, procurement databases, investigative reporting, or NGO analysis. 814 No public evidence identified.

Financing of Defence & Arms Trade

NatWest has been identified by Campaign Against Arms Trade in published analyses 1920 as a lender and underwriter to UK and international defence contractors that themselves hold contracts with the Israeli government (including BAE Systems and Leonardo). These findings relate to NatWest’s role as a financial services provider — providing loans, bond underwriting, and capital markets services — and are explicitly outside the scope of this technology supply chain audit. They are noted here for completeness as they represent the primary documented nexus between NatWest and the Israeli defence sector, mediated entirely through financial rather than technological relationships. The CAAT findings do not identify NatWest as a technology provider to, or technology partner of, any Israeli defence or intelligence entity. 1920

Dual-Use Technology Provision

No instances have been identified in public reporting, NGO investigations, official corporate disclosures, or parliamentary records of NatWest’s commercial technology being adopted for military, intelligence, or law enforcement surveillance purposes within Israel or the Occupied Palestinian Territories. No public evidence identified.

Offensive Cyber & Digital Weapons

NatWest does not develop, sell, or license offensive cyber capabilities, exploit frameworks, or digital weapons systems. This falls entirely outside its disclosed business activities as described in its Annual Report 8 and SEC 20-F filing. 14 No public evidence identified.

AI, Algorithmic & Autonomous Systems

Deployed AI Products

NatWest’s disclosed AI programme is centred on customer-facing banking applications and internal operational efficiency tools. The flagship AI product is Cora, a conversational AI assistant built on Google Cloud infrastructure, 56 deployed to serve NatWest retail banking customers in the UK. Cora is documented as a consumer-facing chatbot providing account information, query handling, and financial guidance — not a dual-use analytical system.

NatWest additionally deploys AI and machine learning for fraud detection and financial crime monitoring, as referenced in its Annual Report and Responsible Business disclosures. 813 These systems process NatWest’s own customer transaction data to detect anomalous patterns within NatWest’s own network.

Provision to Israeli State or Military Bodies

No NatWest AI or machine learning system has been identified in any public source as being provided, licensed, or made accessible to any Israeli government ministry, military body, intelligence agency, or law enforcement organisation. No public evidence identified. NatWest AI capabilities are internally deployed products serving NatWest’s retail and commercial banking customers in the UK and Ireland; they are not offered as stand-alone technology products to third-party governments.

Training Data Provenance

No public reporting identifies NatWest AI models as having been trained on civilian population data, intercepted communications, surveillance-derived datasets, or any data originating from Israel or the Occupied Palestinian Territories. No public evidence identified.

Autonomous & Lethal Systems

NatWest does not develop, supply, integrate, or fund autonomous targeting, fire-control, weapons guidance, or kill-chain systems of any description. No public evidence identified.

Algorithmic Discrimination & Bias

No regulatory finding, enforcement action, or confirmed academic study specifically identifying discriminatory outcomes from NatWest’s AI or algorithmic systems in relation to Palestinian or Arab customers has been identified. NatWest’s responsible business disclosures 13 and Pillar 3 operational risk disclosures 10 reference model risk management as an ongoing governance concern in a generic context.

Technology Ecosystem & R&D Footprint

R&D & Engineering Locations

NatWest’s disclosed technology and innovation facilities are located in the United Kingdom (Edinburgh, London, Manchester) and the Republic of Ireland, with documented nearshore technology capability in Poland. [^30]8 No Israeli R&D centre, engineering hub, co-working arrangement, or technology accelerator partnership has been identified in any NatWest corporate disclosure, press release, or regulatory filing. No public evidence identified of any NatWest technology R&D footprint in Israel.

Technology Strategy

NatWest’s published technology strategy references a focus on cloud migration, AI capability development, and digital banking product investment, all scoped to UK and Irish markets. 8 No mention of Israeli technology ecosystems, Israeli academic partnerships, or Israeli government innovation programmes appears in NatWest’s published technology strategy materials.

Acquisitions & Corporate Investments

NatWest’s documented technology-adjacent acquisitions include Mettle (UK SME digital banking) and FreeAgent (UK accounting software, acquired 2018 [pre-2020]). NatWest Ventures focuses on UK SME financing. 8 No acquisition of an Israeli-origin technology company — whether headquartered in Israel, Israeli-co-founded, or with primary R&D operations in Israel — has been identified in any public source. No public evidence identified.

NatWest has no publicly disclosed strategic investment in Israeli technology start-ups, Israeli venture capital funds, or Israel-focused technology accelerator programmes. No public evidence identified.

Patent & Intellectual Property Relationships

No significant patent portfolios, technology licensing agreements, or co-development arrangements between NatWest and Israeli-domiciled entities or Israeli research institutions (including the Technion, Hebrew University of Jerusalem, or Weizmann Institute of Science) have been identified in publicly accessible patent databases, corporate disclosures, or academic partnership announcements. No public evidence identified.

Supplier Diversity & ESG Reporting

NatWest’s supplier diversity disclosures 11 and ESG appendix 21 describe governance principles for third-party relationships but do not disclose named vendors at a level of granularity that would confirm or exclude Israeli-origin technology companies from the supply chain. The Responsible Business Report 13 addresses climate, social value, and ethical supply chain themes without referencing technology vendor geography at the level required for this audit.

Civil Society Scrutiny & Regulatory History

NGO & Civil Society Reports

Campaign Against Arms Trade (CAAT): CAAT’s 2023–2024 published analyses of UK banks 1920 identify NatWest as a provider of financial services — lending, bond underwriting, and capital markets mandates — to defence contractors holding Israeli government contracts (including BAE Systems and Leonardo UK). These analyses are financial relationship analyses, not technology supply chain investigations. No CAAT report specifically addresses NatWest’s technology procurement from Israeli-origin vendors or its digital supply chain in the context of the Israeli technology sector.

Palestine Solidarity Campaign (PSC): PSC’s BDS materials targeting UK banks 22 focus on NatWest’s financial activities — banking relationships with Israeli state bonds and defence company underwriting — rather than its technology vendor relationships. No PSC report addresses NatWest’s technology supply chain or digital services in relation to Israeli technology companies. No public evidence identified of PSC or equivalent NGO scrutiny of NatWest’s technology procurement.

UN, Academic & Independent Reports: No UN Special Rapporteur report, academic study, or independent investigative journalism piece specifically addressing NatWest’s technology relationships with Israeli state or private-sector entities has been identified. No public evidence identified.

Boycott, Divestment & Sanctions (BDS) Campaigns

NatWest has been referenced in BDS-adjacent advocacy in the context of its financial services activities. 2220 No organised BDS campaign specifically targeting NatWest’s technology vendor relationships with Israeli-origin companies has been identified. The absence of civil society technology-specific scrutiny is consistent with the absence of any publicly confirmed Israeli-origin technology relationship in NatWest’s estate. No public evidence identified of a technology-specific boycott campaign against NatWest.

Parliamentary Scrutiny

UK parliamentary materials identified in this research — specifically a 2024 Hansard debate referencing UK banks and Israel 23 — address NatWest’s financial relationships (lending and underwriting to Israeli-connected entities) rather than its technology supply chain. No parliamentary question, select committee inquiry, or written ministerial statement specifically addressing NatWest’s technology procurement from Israeli-origin vendors has been identified.

Regulatory & Legal Actions

No regulatory inquiry, enforcement action, export control investigation, sanctions-related proceeding, or legal challenge involving NatWest’s provision of technology services to, or procurement of technology from, Israeli state or commercial entities has been identified across FCA, PRA, OFSI, US SEC, or equivalent regulatory databases. 241814 No public evidence identified.

NatWest is a regulated entity on the FCA Financial Services Register 24 and subject to PRA supervisory disclosure requirements. 18 Its 2023 Pillar 3 disclosures 10 and Annual Report 8 identify standard operational, technology, and third-party risk categories, none of which reference Israeli-origin technology relationships as a specific risk factor.

Responsible Business & Ethical Sourcing

NatWest’s Modern Slavery Act statement 12 and Supplier Code of Conduct 11 establish human rights due diligence obligations across its supply chain. Neither document references the Israeli technology sector specifically. The Responsible Business Report 1913 does not address technology vendor geography in relation to conflict-affected territories.

End Notes

Footnotes

  1. https://www.natwestgroup.com/news/2022/09/microsoft-partnership.html 2

  2. https://www.finextra.com/newsarticle/40100/natwest-signs-major-cloud-deal-with-microsoft-azure 2

  3. https://www.natwestgroup.com/news/2021/09/aws-partnership.html 2

  4. https://www.finextra.com/newsarticle/38500/natwest-selects-aws-as-strategic-cloud-provider 2

  5. https://www.natwestgroup.com/news/2023/11/google-cloud-ai-partnership.html 2 3

  6. https://www.computerweekly.com/news/366556000/NatWest-Cora-AI-Google-Cloud 2

  7. https://www.computerweekly.com/news/252480000/NatWest-picks-IBM-for-managed-IT-services

  8. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/investors/2024/2023-annual-report-and-accounts.pdf 2 3 4 5 6 7 8 9 10 11

  9. https://www.finextra.com/newsarticle/38100/natwest-expands-accenture-relationship-for-cloud-transformation

  10. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/investors/2024/2023-pillar-3-disclosure.pdf 2 3

  11. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/suppliers/supplier-code-of-conduct-2023.pdf 2 3 4

  12. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/suppliers/modern-slavery-act-statement-2023.pdf 2

  13. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/investors/2024/2023-responsible-business-report.pdf 2 3 4 5

  14. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=natwest&type=20-F&dateb=&owner=include&count=40 2 3 4 5

  15. https://www.fca.org.uk/publication/policy/ps21-3.pdf

  16. https://www.natwestgroup.com/who-we-are/our-locations.html

  17. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/investors/2023/2022-annual-report-and-accounts.pdf

  18. https://www.bankofengland.co.uk/prudential-regulation/supervisory-disclosures/natwest 2 3

  19. https://www.caat.org.uk/resources/banks-arms-trade-2023 2 3 4

  20. https://www.caat.org.uk/resources/companies/natwest 2 3 4

  21. https://www.natwestgroup.com/content/dam/natwestgroup/natwestgroup/documents/investors/2024/2023-esg-appendix.pdf

  22. https://www.palestinecampaign.org/take-action/bds/banks/ 2

  23. https://hansard.parliament.uk/commons/2024-03-12/debates/banks-israel

  24. https://register.fca.org.uk/s/firm?id=001b000000MfnEPAAZ 2