S.W.I.F.T. SC | |
Type: | Cooperative society[1] |
Location: | La Hulpe, Belgium |
Num Employees: | >3,000 |
Industry: | Telecommunications |
Products: | Financial telecommunication |
The Society for Worldwide Interbank Financial Telecommunication (Swift), legally S.W.I.F.T. SC, is a cooperative established in 1973 in Belgium (French: Société Coopérative) and owned by the banks and other member firms that use its service. SWIFT provides the main messaging network through which international payments are initiated.[2] It also sells software and services to financial institutions, mostly for use on its proprietary "SWIFTNet", and assigns ISO 9362 Business Identifier Codes (BICs), popularly known as "Swift codes".
As of 2018, around half of all high-value cross-border payments worldwide used the Swift network,[3] and in 2015, Swift linked more than 11,000 financial institutions in over 200 countries and territories, who were exchanging an average of over 32 million messages per day (compared to an average of 2.4 million daily messages in 1995).[4]
Swift is headquartered in La Hulpe near Brussels. It hosts an annual conference, called Sibos, specifically aimed at the financial services industry.
Before SWIFT's establishment, international financial transactions were communicated over Telex, a public system involving manual writing and reading of messages.[5] SWIFT was set up out of fear of what might happen if a single private and fully American entity controlled global financial flows – which before was First National City Bank (FNCB) of New York – later Citibank. In response to FNCB's protocol, FNCB's competitors in the US and Europe pushed an alternative "messaging system that could replace the public providers and speed up the payment process".[6]
SWIFT was founded in Brussels on 3 May 1973. Individuals who played a key role in its creation included bankers Jan Kraa (at AMRO Bank) and François Dentz (at the Banque de l'Union Parisienne) as well as Carl Reuterskiöld and Bessel Kok, who became respectively its first two chairmen and chief executives. It was initially supported by 239 banks in 15 countries. It soon started to establish common standards for financial transactions and a shared data processing system and worldwide communications network designed by Logica and developed by the Burroughs Corporation.[7] Fundamental operating procedures and rules for liability were established in 1975, and the first message was ceremonially sent by Prince Albert of Belgium on .
SWIFT's first non-European operations centre was inaugurated by Governor John N. Dalton of Virginia in 1979.[8] In 1989 SWIFT completed a monumental new head office building in La Hulpe, designed by Ricardo Bofill Taller de Arquitectura.[9]
SWIFT's shareholding structure is adjusted every three years in proportion to volumes of activity incurred by the members, ensuring that the most active members get the most voice irrespective of geography; additional rules are aimed at ensuring some geographical diversity within the board of directors. The 25 directors are elected by the shareholders, on three-year terms with renewal of one-third of the board every year; all directors are member representatives.
As of May 2024, the members directly represented on the board of directors were JPMorgan Chase (chair), Lloyds Bank (deputy chair), Bank of China, BNP Paribas, BPCE, Citi, Clearstream, Commerzbank, Commonwealth Bank of Australia, Deutsche Bank, Euroclear, FirstRand, HSBC, ING, Intesa Sanpaolo, KBC, MUFG, NatWest, Nordea, Royal Bank of Canada, Santander, SEB, UBS (2 representatives following the acquisition of Credit Suisse), as well as the Association of Banks in Singapore.[10]
Swift acts as a carrier of the "messages containing the payment instructions between financial institutions involved in a transaction".[11] However, the organisation does not manage accounts on behalf of individuals or financial institutions, and it does not hold funds from third parties. It also does not perform clearing or settlement functions. After a payment has been initiated, it must be settled through a payment system, such as TARGET2 in Europe. In the context of cross-border transactions, this step often takes place through correspondent banking accounts that financial institutions have with each other.
SWIFT means several things in the financial world:
Under 3 above, SWIFT provides turn-key solutions for members, consisting of linkage clients to facilitate connectivity to the SWIFT network and CBTs or "computer based terminals" which members use to manage the delivery and receipt of their messages. Some of the more well-known interfaces and CBTs provided to their members are:
There are four key areas that SWIFT services fall under in the financial marketplace: securities, treasury & derivatives, trade services, and payments & cash management.
Securities
Treasury and derivatives
Cash management
Trade services
Swift Ref, the global payment reference data utility, is SWIFT's unique reference data service. Swift Ref sources data direct from data originators, including central banks, code issuers and banks making it easy for issuers and originators to maintain data regularly and thoroughly. SWIFTRef constantly validates and cross-checks data across the different data sets.[13]
The SWIFT secure messaging network is run from three data centres, located in the United States, the Netherlands, and Switzerland. These centres share information in near real-time. In case of a failure in one of the data centres, another is able to handle the traffic of the complete network. SWIFT uses submarine communications cables to transmit its data.[14]
Shortly after opening its third data centre in Switzerland in 2009,[15] SWIFT introduced new distributed architecture with two messaging zones, European and Trans-Atlantic, so data from European SWIFT members no longer mirrored the U.S. data centre.[16] European zone messages are stored in the Netherlands and in part of the Swiss operating centre; Trans-Atlantic zone messages are stored in the United States and in another part of the Swiss operating centre that is segregated from the European zone messages. Countries outside of Europe were by default allocated to the Trans-Atlantic zone, but could choose to have their messages stored in the European zone.
1 | Zoeterwoude, Netherlands | OPC (Operating Centre) | |
2 | Culpeper, Virginia, United States | OPC (Operating Centre) | |
3 | Diessenhofen, Switzerland[17] | OPC (Operating Centre) | |
4 | Hong Kong | Command and control |
SWIFT moved to its current IP network infrastructure, known as SWIFTNet, from 2001 to 2005,[18] providing a total replacement of the previous X.25 infrastructure. The process involved the development of new protocols that facilitate efficient messaging, using existing and new message standards. The adopted technology chosen to develop the protocols was XML, where it now provides a wrapper around all messages legacy or contemporary. The communication protocols can be broken down into:
InterAct
FileAct
Browse
SWIFT provides a centralized store-and-forward mechanism, with some transaction management. For bank A to send a message to bank B with a copy or authorization involving institution C, it formats the message according to standards and securely sends it to SWIFT. SWIFT guarantees its secure and reliable delivery to B after the appropriate action by C. SWIFT guarantees are based primarily on high redundancy of hardware, software, and people.
During 2007 and 2008, the entire SWIFT network migrated its infrastructure to a new protocol called SWIFTNet Phase 2. The main difference between Phase 2 and the former arrangement is that Phase 2 requires banks connecting to the network to use a Relationship Management Application (RMA) instead of the former bilateral key exchange (BKE) system. According to SWIFT's public information database on the subject, RMA software should eventually prove more secure and easier to keep up-to-date; however, converting to the RMA system meant that thousands of banks around the world had to update their international payments systems to comply with the new standards. RMA completely replaced BKE on 1 January 2009.
SWIFT has become the industry standard for syntax in financial messages. Messages formatted to SWIFT standards can be read and processed by many well-known financial processing systems, whether or not the message travelled over the SWIFT network. SWIFT cooperates with international organizations for defining standards for message format and content. SWIFT is also a registration authority (RA) for the following ISO standards:[19]
In RFC 3615 urn:swift: was defined as Uniform Resource Names (URNs) for SWIFT FIN.[20]
SWIFT is not a payment system and thus neither regulated nor supervised as such, but is nevertheless deemed to be systemically important and thus under the "oversight" of public authorities. In 1998, the so-called Group of Ten central banks (those of Belgium, Canada, France, Germany, Italy, Japan, the Netherlands, Sweden, Switzerland, the United Kingdom, the Federal Reserve Board and the Federal Reserve Bank of New York for the U.S. and the European Central Bank) started acting as joint overseers, with the National Bank of Belgium (NBB) in a lead role. The oversight focueses primarily on systemic risk, confidentiality, infrastructure security, and business continuity. It is formalized in bilateral documents between the NBB and SWIFT on the one hand, and between the NBB and each of the other G10 central banks on the other hand. In 2018, the International Monetary Fund has recommended that "[t]he National Bank of Belgium should consider enhancing oversight with additional regulatory and supervisory powers."
In 2012, this framework was complemented by a "SWIFT Oversight Forum" including additional central banks. As of 2024, in addition to the G10 central banks, the SWIFT Oversight Forum included the national central banks of Argentina, Australia, Brazil, China, Hong Kong, India, Indonesia, Korea, Mexico, Russia, Saudi Arabia, Singapore, South Africa, Spain, and Turkey. According to SWIFT, the Oversight Forum "provides a forum for the G-10 central banks to share information on Swift oversight activities with a wider group of central banks."[21]
Purported alternatives to the SWIFT system include:
Swift has been criticised for inefficiency. In 2018, the London-based Financial Times noted that transfers frequently "pass through multiple banks before reaching their final destination, making them time-consuming, costly and lacking transparency on how much money will arrive at the other end". Swift has since introduced an improved service called "Global Payments Innovation" (GPI), claiming it was adopted by 165 banks and was completing half its payments within 30 minutes. The new standard which included Swift Go was supposed to be utilised in receiving and transferring low-value international payments. One of the significant changes was the transaction amount, which would not differ from start to the end. However,, uptake was mixed. For instance, Alisherov Eraj, Alif Bank Treasury Department Swift Transfers & Banking Relationship Expert in the Republic of Tajikistan, describes that the leading cause for the late Swift Go adoption in Tajikistan was the Core Banking System itself. To connect to Swift Go, he adds, banking system interfaces needed to be upgraded and integrate with their software to be fully compatible; this hindered many banks from adopting the technology earlier.
A series of articles published on 23 June 2006 in The New York Times, The Wall Street Journal, and the Los Angeles Times revealed a program, named the Terrorist Finance Tracking Program, which the US Treasury Department, Central Intelligence Agency (CIA), and other United States governmental agencies initiated after the 11 September attacks to gain access to the SWIFT transaction database.[30]
After the publication of these articles, SWIFT quickly came under pressure for compromising the data privacy of its customers by allowing governments to gain access to sensitive personal information. In September 2006, the Belgian government declared that these SWIFT dealings with American governmental authorities were a breach of Belgian and European privacy laws.
In response, and to satisfy members' concerns about privacy, SWIFT began a process of improving its architecture by implementing a distributed architecture with a two-zone model for storing messages .
Concurrently, the European Union negotiated an agreement with the United States government to permit the transfer of intra-EU SWIFT transaction information to the United States under certain circumstances. Because of concerns about its potential contents, the European Parliament adopted a position statement in September 2009, demanding to see the full text of the agreement and asking that it be fully compliant with EU privacy legislation, with oversight mechanisms emplaced to ensure that all data requests were handled appropriately.[31] An interim agreement was signed without European Parliamentary approval by the European Council on 30 November 2009,[32] the day before the Lisbon Treaty—which would have prohibited such an agreement from being signed under the terms of the codecision procedure—formally came into effect. While the interim agreement was scheduled to come into effect on 1 January 2010, the text of the agreement was classified as "EU Restricted" until translations could be provided in all EU languages and published on 25 January 2010.
On 11 February 2010, the European Parliament decided to reject the interim agreement between the EU and the US by 378 to 196 votes.[33] [34] One week earlier, the parliament's civil liberties committee had already rejected the deal, citing legal reservations.[35]
In March 2011, it was reported that two mechanisms of data protection had failed: EUROPOL released a report complaining that requests for information from the US had been too vague (making it impossible to make judgments on validity)[36] and that the guaranteed right for European citizens to know whether their information had been accessed by US authorities had not been put into practice.
Der Spiegel reported in September 2013 that the National Security Agency (NSA) widely monitors banking transactions via SWIFT, as well as credit card transactions.[37] The NSA intercepted and retained data from the SWIFT network used by thousands of banks to securely send transaction information. SWIFT was named as a "target", according to documents leaked by Edward Snowden. The documents revealed that the NSA spied on SWIFT using a variety of methods, including reading "SWIFT printer traffic from numerous banks".[37] In April 2017, a group known as the Shadow Brokers released files allegedly from the NSA which indicate that the agency monitored financial transactions made through SWIFT.[38] [39]
In January 2012, the advocacy group United Against Nuclear Iran (UANI) implemented a campaign calling on SWIFT to end all relations with Iran's banking system, including the Central Bank of Iran. UANI asserted that Iran's membership in SWIFT violated US and EU financial sanctions against Iran as well as SWIFT's own corporate rules.[40]
Consequently, in February 2012, the U.S. Senate Banking Committee unanimously approved sanctions against SWIFT aimed at pressuring it to terminate its ties with blacklisted Iranian banks. Expelling Iranian banks from SWIFT would potentially deny Iran access to billions of dollars in revenue using SWIFT but not from using IVTS. Mark Wallace, president of UANI, praised the Senate Banking Committee.[41]
Initially SWIFT denied that it was acting illegally, but later said that "it is working with U.S. and European governments to address their concerns that its financial services are being used by Iran to avoid sanctions and conduct illicit business".[42] Targeted banks would be—amongst others—Saderat Bank of Iran, Bank Mellat, Post Bank of Iran and Sepah Bank.[43] On 17 March 2012, following agreement two days earlier between all 27 member states of the Council of the European Union and the Council's subsequent ruling, SWIFT disconnected all Iranian banks that had been identified as institutions in breach of current EU sanctions from its international network and warned that even more Iranian financial institutions could be disconnected from the network.
In February 2016, most Iranian banks reconnected to the network following the lift of sanctions due to the Joint Comprehensive Plan of Action.[44]
In 2014, SWIFT rejected calls from pro-Palestinian activists to revoke Israeli banks' access to its network owing to the Israeli occupation of Palestinian territory.[45]
See also: SWIFT ban against Russian banks. Similarly, in August 2014 the UK planned to press the EU to block Russian use of SWIFT as a sanction due to Russian military intervention in Ukraine.[46] However, SWIFT refused to do so.[47] SPFS, a Russian alternative to SWIFT, was developed by the Central Bank of Russia as a backup measure.[48]
During the prelude to the 2022 Russian invasion of Ukraine, the United States developed preliminary possible sanctions against Russia, but excluded banning Russia from SWIFT.[49] Following the 2022 Russian invasion of Ukraine, the foreign ministers of the Baltic states Lithuania, Latvia, and Estonia called for Russia to be cut off from SWIFT. However, other EU member states were reluctant, both because European lenders held most of the nearly $30 billion in foreign banks' exposure to Russia and because Russia had developed the SPFS alternative.[50] The European Union, United Kingdom, Canada, and the United States finally agreed to remove few Russian banks from the SWIFT messaging system in response to the 2022 Russian invasion of Ukraine; the governments of France, Germany, Italy and Japan individually released statements alongside the EU.[51]
On 20 March 2023, the Russian Federation banned the use of SWIFT.[52] [53]
The European Union issued the first set of sanctions against Belarus - the first was introduced on 27 February 2022, which banned certain categories of Belarusian items in the EU, including timber, steel, mineral fuels and tobacco.[54] After the Lithuanian prime minister proposed disconnecting Belarus from SWIFT,[55] the European Union, which does not recognise Lukashenko as the legitimate President of Belarus, started to plan an extension of the sanctions already issued against Russian entities and top officials to its ally.[56]
See also: Bangladesh Bank robbery.
In 2016 an $81 million theft from the Bangladesh central bank via its account at the New York Federal Reserve Bank was traced to hacker penetration of SWIFT's Alliance Access software, according to a New York Times report. It was not the first such attempt, the society acknowledged, and the security of the transfer system was undergoing new examination accordingly.[57] Soon after the reports of the theft from the Bangladesh central bank, a second, apparently related, attack was reported to have occurred on a commercial bank in Vietnam.[58] [59]
Both attacks involved malware written to both issue unauthorized SWIFT messages and to conceal that the messages had been sent. After the malware sent the SWIFT messages that stole the funds, it deleted the database record of the transfers then took further steps to prevent confirmation messages from revealing the theft. In the Bangladeshi case, the confirmation messages would have appeared on a paper report; the malware altered the paper reports when they were sent to the printer. In the second case, the bank used a PDF report; the malware altered the PDF viewer to hide the transfers.
In May 2016, Banco del Austro (BDA) in Ecuador sued Wells Fargo after Wells Fargo honoured $12 million in fund transfer requests that had been placed by thieves. In this case, the thieves sent SWIFT messages that resembled recently cancelled transfer requests from BDA, with slightly altered amounts; the reports do not detail how the thieves gained access to send the SWIFT messages. BDA asserts that Wells Fargo should have detected the suspicious SWIFT messages, which were placed outside of normal BDA working hours and were of an unusual size. Wells Fargo claims that BDA is responsible for the loss, as the thieves gained access to the legitimate SWIFT credentials of a BDA employee and sent fully authenticated SWIFT messages.
In the first half of 2016, an anonymous Ukrainian bank and others—even "dozens" that are not being made public—were variously reported to have been "compromised" through the SWIFT network and to have lost money.[60]
In March 2022, Swiss newspaper Neue Zürcher Zeitung reported about the increased security precautions by the State Police of Thurgau at the SWIFT data centre in Diessenhofen. After most of the Russian banks have been excluded from the private payment system, the risk of sabotage was considered higher. Inhabitants of the town described the large complex as a "fortress" or "prison" where frequent security checks of the fenced property are conducted.[61]