Sei sulla pagina 1di 23

SWIFT:

The global financial


messaging provider
Contents About SWIFT

1 About SWIFT SWIFT is a global member-owned Our messaging platform, products and
services connect more than 11,000
2 Evolution of the SWIFT Cooperative
4 The Global SWIFT Community cooperative and the world’s leading banking and securities organisations,
market infrastructures and corporate
6 Mission, Vision and Values provider of secure financial customers in more than 200 countries
8 SWIFT Message Pricing and territories. Whilst SWIFT does not

10 Technology and Operations


messaging services. hold funds or manage accounts on behalf
of customers, we enable our global
12 Information Security community of users to communicate
16 Financial Messaging Services We provide our community with a  securely, exchanging standardised
18 FIN Messaging Traffic Evolution financial messages in a reliable way,

20 Standards platform for messaging and standards thereby facilitating global and local
financial flows, and supporting trade
22 SWIFT and Payment Messaging for communicating, and we offer and commerce all around the world.
23 SWIFT and Securities Messaging
24 Products and Services
products and services to facilitate As their trusted provider, we relentlessly

26 SWIFT2020 access and integration, identification, pursue operational excellence and


continually seek ways to lower costs,
28 Financial Market Infrastructures analysis and regulatory compliance. reduce risks and eliminate operational
30 Financial Crime Compliance inefficiencies. Our products and services
32 Data Privacy support our community’s access and
integration, business intelligence,
34 SWIFT Governance reference data and financial crime
36 SWIFT Oversight compliance needs.
38 Working at SWIFT
39 Corporate Social Responsibility SWIFT also brings the financial community
together – at global, regional and local
40 SWIFT in the Community levels – to shape market practice, define
standards and debate issues of mutual
interest or concern.

Headquartered in Belgium, SWIFT’s


international governance and oversight
reinforces the neutral, global character of
its cooperative structure. SWIFT’s global
office network ensures an active presence
in all the major financial centres.

1
Evolution of the SWIFT Cooperative
Serving our community for over 40 years

SWIFT was founded in the 1970s based


on the ambitious and innovative vision
of creating a global financial messaging
1990s
service and a common language for
2000s
Driving technological change
In 1991 SWIFT received the
international financial messaging. Computerworld Smithsonian Information
Technology Award in recognition

2010s
for its role in standardised financial Leading on innovation

40 years
telecommunication. The SWIFT community continued growing
to connect more than 9,000 users from
In 1992 SWIFT’s Interbank File Transfer more than 200 countries and territories.
went live, and by 1996 SWIFT was By 2009 SWIFT carried 3.76 billion More relevant than ever before
carrying over 3 million messages in a

1970s
Serving our community for messages per year and had truly The SWIFT community is stronger than ever
single day. By the end of the decade, established itself as the global backbone
over 40 years before. Our global and neutral character
SWIFT had reached new record FIN of the financial industry. SWIFT continued
In 1973, 239 banks from 15 countries got is reflected in our increasingly international
availability rates at 99.98% and gained launching innovative products, increased
together to solve a common problem: governance and oversight, including the
recognition for its outstanding reliability. security and further reduced prices.

1980s
how to communicate about cross-border SWIFT Oversight Forum.
Founding SWIFT With the dawn of the Internet and the Through economies of scale SWIFT was
payments. The banks formed a cooperative
SWIFT was set up in 1973 by and subsequent rapid technological change, able to offer our users much more for
utility, the Society for Worldwide New offices continue to expand our global
for its users to support international SWIFT further strengthened its focus on a lot less.
Interbank Financial Telecommunication, presence, bringing us closer to our users and
finance and commerce. By the time security to ensure maximum certainty and
headquartered in Belgium. SWIFT went underpinning our ambitious growth strategy.
SWIFT went live in 1977, 518 institutions Establishing the SWIFT community reliability for our users. SWIFT introduced SWIFTNet, developed
live with its messaging services in 1977, SWIFT continues to lead in innovation,
from 22 countries were connected to The 80s were characterised by the rapid new online services and connectivity
replacing the Telex technology that was entering the real-time payments market
SWIFT’s messaging services. expansion of users, traffic and countries on With the launch of our UNIX interface solutions, launched Innotribe, and, in
then in widespread use, and rapidly with Australia’s New Payments Platform
SWIFT. In 1980 Hong Kong and Singapore systems and straight-through processing our role as a standards authority, led the
became the reliable, trusted global and pursuing new digital opportunities. We
The success of SWIFT exceeded all started live operations, and by 1983 more capabilities in 1993, SWIFT continued to financial industry’s migration to ISO 15022
partner for financial institutions all around launched our first ever joint venture SWIFT
expectations. Less than 12 months than 1,000 users from 52 countries were improve efficiencies in our community’s and the deployment of ISO 20022.
the world. The main components of the India; and we continue to reduce the cost
after operations began, SWIFT using our services; SWIFT processed back office operations. By the end of the
original services included a messaging of business for our users – for instance by
had processed a total of 10 million 46.9 million messages that year. 90s SWIFT had reduced prices for its SWIFT entered into regional integration
platform, a computer system to validate reducing FIN messaging prices by more
messages. users, improved automation levels in the projects such as SEPA and TARGET2
and route messages, and a set of message than 50% between 2010 and 2015.
The connection of the first central banks financial industry and was well prepared in Europe, and opened offices in Brazil,
standards. The standards were developed
From the very start, SWIFT has engaged in 1983 reinforced SWIFT’s position as for the introduction of the euro and Y2K. Mumbai, Dubai and Johannesburg.
to allow for a common understanding Meanwhile, we continue to invest in our
closely with our users and listened to the common link between all parties in the
of data across linguistic and system infrastructure and consistently exceed
their needs, and our user community financial industry. In 1987 we extended Cyber security started playing an ever
boundaries and to permit the seamless, 99.99% availability for our FIN and
remains at the heart of SWIFT’s strategy our messaging services and user base, increasing role for SWIFT as we launched
automated transmission, receipt and SWIFTNet services.
and activities. Since inception, we have when we entered the securities market. our Distributed Architecture programme,
processing of communications exchanged
prioritised confidentiality, security and In parallel SWIFT launched a range of and introduced the secure Public Key
between users. We continue to listen to our users and
reliability, and our operating centres complementary services to supplement Infrastructure for SWIFTNet. address challenges affecting our community,
have ensured the highest systems our core messaging offer, and in 1988
Having disrupted the manual processes for example by supporting them with the
availability, redundancy and back-up SWIFT set up a dedicated customer
that were the norm of the past, SWIFT is growing compliance challenge.
capabilities. support team to better assist our users.
now a global financial infrastructure that
spans every continent, more than 200 Our SWIFT2020 strategy underscores our
countries and territories, and services more During the 80s SWIFT strengthened its longstanding commitment to maintaining
than 11,000 institutions around the world. coordinating role by organising various a strong focus on our core, building our
Our services are as relevant today as they forums to address standards, business and financial crime compliance portfolio, and
were ground-breaking back at the time of operational issues. Together with our Sibos expanding our Market Infrastructures
their inception, but we do not stand still: conference, these forums became the offerings. Our strategy ensures that we
we are about continuity and change. foundation of our community engagement. continue to innovate and never stand still.
22 3
The Global SWIFT Community

SWIFT is a neutral global


cooperative defined by its
community of users from all
around the world. At SWIFT we
believe we can achieve more
together. Our Shareholders,
National Member, User and
Advisory Groups play key roles in
the SWIFT community; by drawing
from the resources of our global
community, we are able to harness
the potential of our franchise for
the benefit of our users all around
the world.

Close cooperation with our users


helps us understand their needs
and challenges, and allows us
to adapt and innovate according
to their needs. We cooperate
closely with our community in
setting standards, shaping market
practice and developing new
services, and we collaborate to
define our strategy, solve problems
and stimulate dialogue to
address business challenges. Our
community engagement enables
us to think and act long-term, and
to look beyond quick fixes to craft
affordable, sustainable solutions.
National
National Advisory
Shareholders Member
User Groups Groups
Groups

4 5
Mission, Vision and Values
SWIFT is driven and defined by its vision, mission and three core values:
Excellence, Community and Innovation.

These values guide our activities Achieve more together SWIFT also stands for excellence in
service. We do our utmost to ensure
Innovation

and ensure we adhere to the highest This reflects both the support of our
community to raise our ambitions as well
that our community of users values
their SWIFT experience. We challenge
SWIFT is about continuity and change.
SWIFT continues to advance by
standards; understand and deliver as the economics of our time. ‘More’
means growth through our strategic
ourselves to exceed all their expectations embracing the exciting potential of new
technologies. Over the past forty years,
in us. We continuously work to improve
on our users’ needs; and drive thrusts. ‘Together’ means strength, the customer experience and develop we have successfully pioneered secure
drawing on the resources of the global technology, services and standards.
efficiencies across the industry. SWIFT community.
new solutions to address the financial
community’s challenges. We strive to SWIFT was at the forefront of developing
become more relevant to our customers digital solutions such as electronic
At SWIFT we believe we can achieve every day. data interchange and file-transfers. We
more together. To ‘achieve more together’ disrupted previously manual processes
we will harness what has been called ‘one Community to unlock huge efficiencies in the financial
of the dominant franchises of our network system, dramatically increasing reliability
age’ and tap the enormous potential As a neutral global cooperative, SWIFT is and reducing operational risk.
of that franchise for the benefit of our defined by its community of users around
worldwide community of members. the world. SWIFT is a technology leader in its sector,
and continues innovating to shape the
Excellence Close cooperation with our users future of the financial world. At SWIFT
helps us understand their needs and innovation focuses on and around
Operational excellence is central to challenges, and allows us to adapt and the core, ensuring that our platform
everything we do at SWIFT. Thousands innovate according to their needs. We and processes evolve to meet the
of financial institutions trust us to deliver cooperate closely with our community expectations of our customers in a rapidly
millions of financial messages every in setting standards, shaping market changing world.
day. We operate at the heart of the practice and developing new services.
world’s financial industry and take this
Through Innotribe, the SWIFT Institute, the
responsibility very seriously. We mobilise our community, collaborate SWIFT Lab and our product development
Through our unremitting focus on security, to define our strategy, to solve problems, teams, we support innovation throughout
resilience, reliability and integrity, we and to stimulate dialogue to address the fintech sector; at the same time,
ensure that our systems and services the business challenges of today and we collaborate and seek to inspire our
live up to our high expectations and tomorrow. We think and act long-term. community to embrace change and
deliver on our promise to be the secure As a member-owned cooperative, understand the potential of innovation
global messaging provider for the we look beyond quick fixes and craft in our sector.
financial industry. affordable, sustainable solutions.

At SWIFT failure is not an option.

Inspired by excellence
Driven by our community
Leading through innovation
6 7
SWIFT Message Pricing
Harnessing the potential of our franchise for the benefit of our global community

SWIFT’s pricing principles are designed to encourage


usage, to recognise the contribution of large users
and to reduce barriers to entry for smaller users. Our
pricing is designed to be economically sustainable and
to maintain the community spirit upon which SWIFT
was founded.

Over each of the last three strategic cycles, SWIFT has


decreased the average messaging unit cost by more
than 50%, returning the benefits of economies of scale
back to the community.

Pricing: Decreasing message unit costs Average message price reduction of


Average message price evolution (EUR cents per kilocharacters) more than 90% over a 15-year period.
35

30

25
EUR cents per Kchar

20

15

10

2000 2005 2010 2015

8 9
Technology and Operations
SWIFT’s hallmark is a relentless focus on the core,
coupled with the rigorous pursuit of operational excellence.

SWIFT is at the forefront of the A relentless focus on the core Broadly speaking, we structure
operational risk areas and controls around
Our technologies have disrupted
previously manual processes and
A comparable ‘follow the sun’ approach
is used by SWIFT’s Customer Service
innovative application of technology SWIFT’s messaging services support
more than 11,000 financial institutions
five main principles: unlocked efficiencies in the financial
system, dramatically reducing frictions,
divisions to provide our customers with
assistance on any issues or questions
within the financial sector. We around the world and have systemic
importance for the global economy;
1. Effective governance sets the costs and operational risk, and we concerning the use of SWIFT’s products
direction at all layers of the company continue to advance by embracing the and services at any time of day or night.
retain and hire the best minds and our users trust us to deliver. As a and ensures that security and risk exciting potential of new technologies.
critical technology and infrastructure
embrace the exciting potential of provider, our objective is to ensure
management is prioritised across the
whole organisation. We continue to refresh and evolve our
Architecture

Maintaining world-class core systems and


new technologies; we are committed that our systems work securely and
reliably every day, while remaining alert
2. Confidentiality of information is critical
to the financial services industry,
platform, to ensure it remains as modern,
powerful, reliable and feature-rich as our
facilities is part of SWIFT’s commitment

to maintaining a market-leading to new threats and opportunities. The


expertise and dedication of our staff, our
and SWIFT plays a key role in customers now expect. In addition, we
to delivering operational excellence. To
support this commitment, we continually
providing secure messaging services. constantly renew our product portfolio in
platform and to delivering innovative long-term technology investment and Confidentiality controls protect our response to the needs of our customer
reinvest in our core infrastructure to
further strengthen our security, resilience
renewal programmes, and our constant
technological solutions. vigilance towards new threats, are key
customers’ message data from
unauthorised disclosure.
community and we foster a culture of
innovation in order to bring new offerings
and reliability.
components in ensuring we meet this 3. Extensive integrity controls are built to market while preserving a no-risk
challenging commitment, day after day, Our messaging services are secure,
into our applications in order to protect approach to the maintenance and
year after year. reliable and resilient, and are based
against unauthorised changes to evolution of our mission-critical core.
on a distributed architecture with full,
messages, and to detect corruption
Our reputation for quality is the foundation built-in redundancy to ensure maximum
of messages. In order to deliver products of the highest
for our users’ trust in SWIFT; we take availability. Our core messaging platform
4. The availability and resilience of the quality, we apply a rigorous methodology
great pride in our proven track record. operates with a layered security
messaging service infrastructure is throughout the product development
We continually invest in our technology, model backed by a secure application
of prime importance to SWIFT users. cycle, from initial idea to deployment
security, people and processes development process and ‘state-of-
Stringent availability controls and in the production environment. Major
to deliver on this commitment to the-art’ hardware-based Public Key
procedures are in place to ensure that investments are subject to internal
operational excellence. Infrastructure (PKI) technology to ensure
service availability commitments are reviews, gating procedures, senior
that our hosted services deliver industry-
met or exceeded. management and executive oversight,
SWIFT’s approach to providing best- leading security functionality to the
5. Finally, rigorous change management and, where appropriate, approval by the
in-class service is founded on our financial industry.
processes help ensure that, in a SWIFT Board.
technically skilled workforce, a structured, continually changing environment, our
methodical approach to solving We invest heavily in our core messaging
security principles are not undermined. Customer Support
problems, demonstrated crisis response, solutions ensuring they are not only
and industry acknowledged quality All services provided by SWIFT are reliable and resilient, but as modern and
Innovation
and availability. monitored and supported on a 24/7 powerful, rich in features, cost-effective
As a leading technology company basis by teams of technical specialists and scalable as we can make them.
SWIFT’s operational excellence is operating in the financial sector, SWIFT located within geographically diverse This approach is exemplified by the
underscored by our zero-risk approach has pioneered the application of secure control centres. Using customised service ongoing renewal of our core messaging
to failure and reflected in our approach technology, services and standards in management platforms, our support application platform in the 6-year FIN
to building highly-available solutions for the correspondent banking business professionals are able to react instantly to Renewal programme.
the financial community. By combining and was at the forefront of driving the any availability or security issues, and to
a resilient topology with robust software sector’s adoption of digital solutions, take the necessary actions to protect the
design and a disciplined approach to the such as electronic data interchange and services on which our customers rely.
introduction of changes, SWIFT is able file transfer.
to deliver services which continue to run
even in the event of unforeseen issues.

10 11
Information Security
An uncompromising approach to information security

Confidentiality, Integrity, Availability working together with leaders in the field, assessing and reporting on SWIFT’s risk • Plan – never underestimate the enemy, Availability receivers to verify the message integrity
review all designs and security practices and control functions on an ongoing and seek to detect attacks that could and authenticate the senders. Thus, the
At SWIFT, we have an to provide guidance, support, testing basis. The Internal Audit team itself is overcome our prevention; SWIFT’s messaging services are designed data in messages can be issued and
uncompromising approach to and assurance that our offerings are periodically subject to external review, to be available 24 hours a day, 365 controlled exclusively by the sending
information security which we • Manage – assume breach. Prepare for days a year, with some limited planned
appropriately designed, implemented and providing assurance to the Board and and receiving institutions and message
recognise is a key value driver for our the worst, be ready to respond, contain downtime. We maintain multiple operating
operated before being delivered to the SWIFT Management that the team originators are able to provide message
customers and a major differentiator and recover from attacks. centres (OPCs) providing full site
customer community. operates in line with international auditing recipients with the means of verifying
of our services. standards and practices. redundancy. Within each OPC, the central that the message has not been modified
SWIFT Messaging Services systems are designed to eliminate single
Risk Framework during transmission.
Failure is not an option Cyber Roadmap SWIFT messaging services are provided points of failure by means of multiple local
Risk management is deeply embedded computer floors. In 2014, SWIFT’s state-
The essential components of SWIFT’s within the SWIFT Environment, which Resiliency
in operational practices at SWIFT, and is SWIFT takes cyber security very seriously. of-the-art Operating Centre in Switzerland
business, information and cyber security includes all the premises, infrastructure,
underpinned by a very strong risk culture We actively learn about external cyber became fully operational. This new IT SWIFT’s messaging services are critical
are actively managed throughout the software, products and services owned
that is captured in the motto: “Failure incidents, malicious modus operandi and facility has the capability to support to the seamless operation of financial
organisation – from Board level, through and directly operated (and controlled) by
is Not an Option” (FNAO). Three solid cyber threats from a variety of public, global messaging flow. SWIFT has a markets across the world and we
the CEO and senior management, SWIFT and its personnel. The SWIFT
lines of defence underpin and oversee specialised or confidential sources, further capability to restore messaging therefore place particular focus on the
to operations. Environment applies strict security,
SWIFT’s risk management approach: helping us to drive our continuous in the unlikely and extreme case all resiliency of our messaging services.
confidentiality and integrity protections
first, management, which is responsible investment in prevention, detection and/ other resiliency measures and backups Our infrastructure is designed, built and
SWIFT’s information security measures to customers’ messages. We have
for developing and implementing strong or recovery. Whenever our comprehensive prove inadequate. tested to remain available in the event
are comprehensive. They are designed controls and procedures in place to
reliability and security frameworks; investigations lead us to believe such of stresses, disturbances, malfunctions
to cater for extreme situations and aim to protect message data from unauthorised
second, the risk and compliance threats or vulnerabilities may constitute Confidentiality or malicious acts and to meet specified
prevent any unauthorised physical and disclosure, to guarantee message origin,
functions responsible for the overall risk a risk to the security of our operations, recovery time objectives.
logical access which could lead to a loss to protect against unauthorised changes We protect customer data from
frameworks; and third, the audit functions. we take appropriate actions in a timely
of confidentiality, integrity or availability. to messages, and to detect corruption of unauthorised disclosure. All customer
All of this is supported by a robust 3rd fashion to mitigate such risks and protect A sustained failure of our messaging
Our measures include physical controls messages; furthermore content validation messages are encrypted when stored on
party assurance framework and through our services. services is unlikely because of the highly
that safeguard our premises as well features can be used to ensure that only SWIFT systems. Our security measures
reporting by an external security audit resilient nature of our infrastructure. Since
as logical controls that protect against validated messages are processed and provide robust controls around physical
firm, in accordance with the requirements In line with widely recognised standards its inception SWIFT has been a pioneer
unauthorised access to data and systems delivered in the relevant sequence to the and logical access, including physical
in the applicable International Standards such as ISO or the NIST cyber framework, in the area of highly-available IT services,
and encompass our detection, response intended recipient. measures that protect premises as well as
on Assurance Engagements. we have a history of substantial and this commitment to resilience
and recovery capabilities. investment in our cyber strategy and logical controls that restrict access based continues today. SWIFT has used its
We commit to the availability of our on business needs. Additionally, customer
SWIFT’s overall Enterprise Risk infrastructure, but we acknowledge that experience in designing and implementing
The physical security of our IT assets messaging services, and we ensure the messages are processed and stored in
Management framework provides a there is no room for complacency; we highly resilient architectures in accordance
and data is ensured by: incorporating the confidentiality and integrity of messages OPCs located in geographical zones best
consolidated view of risk management have to live up to our role and reputation with documented resilience principles.
highest levels of protection in the design and related customer data and privacy matching customer expectations on data
information across SWIFT, building on as a critical element of the global financial
and construction of our purpose-built data rights within the SWIFT Environment. privacy regulations.
and governing other risk management industry’s infrastructure. SWIFT will We maintain multiple operating centres
centres; enforcing rigorous controls on practices within SWIFT, such as continue to invest in and focus on security (OPCs) to provide full site redundancy and
access to these sites on a strict business- Message data sent by our customers
[1]
Integrity
Information Security Risk Management. in order to stay ahead of the constantly our OPCs are situated in geographically
need basis; and by applying strict controls is authenticated using advanced
The Information Security Risk changing threat landscape. In light of SWIFT-specific public keys, digital diverse locations, which were selected
over the handling of computer hardware security and identification technology.
Management Framework documents increasing cyber threats, SWIFT maintains certificates and digital signatures are after careful consideration of potential
and media during the entire lifecycle. State of the art encryption is added
the way security risks are identified, a cyber-security roadmap which defines variously used to authenticate senders man-made and natural hazards. Within
before the messages leave the
mitigated, tracked and reported up to the our security focus areas for a rolling three- and to validate the integrity of the each OPC, the system architecture is
We take a similar approach in the customer[2] environment and enter the
SWIFT Board. This framework is designed year period. Our cyber investments are messages sent. SWIFT verifies signatures designed to eliminate single points of
architecture, design, development, SWIFT Environment. They remain in
to cater for the ongoing evolution of our structured in four main dimensions: to confirm message integrity and validates failure. The systems and networks at
maintenance and operation of our the protected SWIFT Environment,
risk practices which are adapted in line certificates to authenticate the senders. each OPC are designed and configured
services and applications. Using a • Learn – know the enemy and subject to all SWIFT’s confidentiality
with emerging threats and the cyber SWIFT ensures that messages are to meet the processing and storage
structured development methodology, understand our exposure; and integrity commitments, throughout
arms race. delivered to the intended recipient in the requirements of the SWIFT user
we ensure that the highest levels of logical the transmission process and until they
• Prevent – make enemies’ lives appropriate sequence and offers end-to- community in the concerned zone(s).
security are embedded into the SWIFT are safely delivered to the receiver. All
SWIFT’s internal audit and external inherently more complicated, prevent end security, allowing senders to apply
services, applications and technologies customer messages are encrypted when Continued on p.16
security audit complete the information cyber-attacks; signatures for their receivers and enabling
that support our customers’ business. stored on SWIFT systems.
security risk management system by
Dedicated teams of security specialists, independently and objectively reviewing,
[1]
As well as messages, files can be sent, using FileAct. The described controls also apply to such files.
12 [2]
Or customers’ partners’ environments. 13
Information Security

Continued from p.15 disaster recovery infrastructure can be exercises, which can variously involve Independent assurance provided up to 2015 were prepared under the Risk Management, Security Management,
The OPCs are highly secure, and access activated to keep our messaging services staff at all levels, local authorities, and through External Audit ISAE 3402 standard and contained the Technology Management, Resilience and
to them is strictly controlled. Each running. Service continuity testing plans, customers, and cover different scenarios Independent Security Auditor’s opinion User Communication. Both ISAE 3402
operating centre has local redundancy for based on defined scenarios and expected including cyber-related events. Specific SWIFT’s external security auditor that they have obtained reasonable and ISAE 3000 are international standards
items of critical importance, from servers outcomes, are executed in accordance cyber business continuity plans have performs an annual independent external assurance that SWIFT has adequate which enable service providers such as
to cooling devices and power supplies. with a published and audited plan. SWIFT been developed. Our post-test reviews audit of our messaging services. This and effective controls in place to meet SWIFT to provide independent assurance
Message data is always stored in two tests its disaster site takeovers within ensure that relevant improvement actions audit is conducted in accordance with the stated control objectives in the areas on their processes and controls to their
geographically independent operating expected timeframes at least once a year. are taken. the requirements in the applicable of Governance, Confidentiality, Integrity, customers and their auditors.
centres before delivery. International Standards on Assurance Availability, and Change Management.
SWIFT is well prepared for the rare The resilience of SWIFT’s services is Engagements. The resulting reports As of 2016, reports are produced under Every year the report is made available
To cater for the extreme scenario in which event that its messaging services are subjected to regular internal and external provide independent assurance on the the ISAE 3000 standard. Aligned with to customers upon request, as well
multiple operating centres should fail affected by an incident: every year we audits and included in the scope of the security and reliability of SWIFT’s services CPMI-IOSCO’s Expectations for Critical as to potential customers, subject to
simultaneously, a completely separate carry out hundreds of business continuity external audit report. in scope. Reports covering calendar years Service Providers, they cover the areas of appropriate confidentiality arrangements.

Security is a key value driver Board and Sub-Committees


G-10 Central
for our users and therefore (TPC, AFC) Bank Overseers
for SWIFT. Security at SWIFT CEO and Executive Committee External Audit
is closely managed and
Internal Audit
overseen under a strict
Security Council Information Security
governance framework. Risk Management
(CEO, CIO, CFO, CRO, CSO, GC)
Security Awareness
Security & Reliability Committee and Compliance
(CIO, CRO, CSO, COO)

Policies, Processes, Procedures


and Standards

Line Management and


Project Management

Day to Day Operations

14 15
Financial Messaging Services
Secure, seamless financial communications

SWIFT’s messaging services are trusted Connecting global finance SWIFTNet In addition, InterAct offers increased
flexibility, including store-and-forward
operating centres (OPCs) where they are
processed – until they are safely delivered
and used by more than 11,000 financial Our messaging services went live in 1977
to replace the Telex technology then
Our messaging platform, known as
SWIFTNet, produces huge efficiencies for
messaging, real-time messaging, and
real-time query-and-response options.
to the receiver.

institutions in more than 200 countries widely used by banks to communicate


instructions related to cross-border
our users by enabling them to seamlessly
and securely communicate through a
The InterAct service enables the In addition to the different connectivity
exchange of MX message types, which options and our range of gateway
and territories around the world. transfers. The service remains as single shared utility. are expressed in the flexible XML syntax products, SWIFT also provides a range
relevant today as it was ground-breaking
Providing reliable, secure and efficient back then, representing the primary Financial services organisations
and developed in accordance with the
ISO 20022 standard methodology, many
of interfaces, providing seamless
links between users’ internal systems
messaging services to our community communications channel for financial
institutions engaged in correspondent
have increasingly complex and
diverse messaging requirements –
of which have already been published as
ISO 20022 standard definitions.
and the SWIFT Environment. All
our interface products manage the
of users, SWIFT is the backbone of banking all around the world, and
offering the most secure, cost-effective
whether communicating with market
infrastructures, with correspondents
SWIFT protocols needed to access
FileAct the SWIFT Environment; our range of
global financial communication. and reliable way of transmitting financial or with commercial clients. Today we
FileAct enables the transfer of files. It is
interfaces supports different services
messages relating to payments, therefore offer four complementary and functionalities, addressing distinct
securities, treasury and trade. messaging services, all of which allow for typically used to transfer large batches of
customer needs.
seamless straight-through-processing: messages, such as bulk payment files,
Since its inception, SWIFT has played a FIN, InterAct, FileAct and WebAccess. very large reports, or operational data.
All SWIFT messaging services can be
leading role, together with its community, Each service delivers different advantages combined with a range of standard and
in the standardisation that underpins that cater for the distinct messaging WebAccess
optional features. Users can increase
global financial messaging and its needs of our different users. With WebAccess, SWIFTNet users can efficiencies and tailor their SWIFTNet
automation. The use of standardised browse securely on financial web sites package to their messaging needs by
messages and reference data ensures FIN available on SWIFTNet using standard making use of these additional tools.
that data exchanged between institutions Internet technologies and protocols.
FIN is the longest established of all
is unambiguous and machine friendly, Traffic and pricing
our messaging services. It enables the
facilitating automation, reducing costs and Connectivity
exchange of messages formatted with The SWIFT community keeps growing
mitigating risks. Through SWIFT, banks,
the traditional SWIFT MT standards. In order to use SWIFT’s messaging and we record new peak messaging
custodians, investment institutions,
These standards cover a wide range of services, customers need to connect days several times a year. The growth in
central banks, market infrastructures and
business areas and are widely used and to the SWIFT Environment. There are message volumes and users generates
corporate clients, can connect with one
accepted by the financial community. several ways of connecting to the SWIFT economies of scale which we return
another exchanging structured electronic
FIN enables the exchange of messages Environment: directly via permanent to our community through message
messages to perform common business
on a message-per-message basis, and leased lines, the internet, or SWIFT’s price reductions.
processes, such as making payments or
supports the exchange of proprietary cloud service (Lite2); or indirectly via their
settling trades.
formats between market infrastructures appointed partners. The more users join SWIFT and the more
and their customers. It also works in messaging traffic there is, the greater the
SWIFT is committed to the confidentiality,
store-and-forward mode and offers Messages[1] sent by our customers are benefits are to the community, as our
integrity and availability of its messaging
extensive functionalities, such as message authenticated using our specialised traffic growth contributes to significant
services. We have controls and
copy, broadcasts to groups of other security and identification technology. price reductions for our users. We offer
procedures in place to: protect message
users, and online retrieval of previously- Encryption is added as the messages several different pricing options to suit
data from unauthorised disclosure; to help
exchanged messages. leave the customer[2] environment every user profile, including a fixed rate
ensure the accuracy, completeness and
validity of messages and their delivery; and enter the SWIFT Environment. for large users.
InterAct Messages remain in the protected SWIFT
and to ensure our service availability
requirements are met. Like FIN, InterAct enables the exchange Environment, subject to all SWIFT’s
of messages on a message-per-message confidentiality and integrity commitments,
basis, and supports the exchange of throughout the transmission process
proprietary formats between market – whilst they are transmitted to our
infrastructures and their customers.

[1]
Files can also be sent via our FileAct messaging service. The connection descriptions apply to files as well as messages.
16 [2]
Or customers’ partners’ environments. 17
FIN Messaging Traffic Evolution

SWIFT’s traffic growth is proof of our


central role in the financial system,
and testament to the financial industry’s
trust in our secure financial messaging
services. Since SWIFT’s messaging
services went live, our messaging
volumes have increased year in, year
out; and in the fifteen years to 2015
our FIN messaging volumes grew
nearly fivefold.

380% increase in FIN messaging volumes


since 2000
7,000

6,000
+51%

5,000
(millions of messages)

4,000
+60%

3,000

2,000
+98%

1,000

2000 2005 2010 2015

18 19
Standards
Enabling efficient communication for the financial world

SWIFT was founded in 1973, based on the A shared understanding SWIFT Standards acts as Registration
Authority (RA) for several standards
The SWIFT Standards group maintains
several important message standards.
ambitious and innovative vision of creating Standards are vital to allow for a
common understanding of data across
that define universal codes for common
data items, or reference data. RAs
The SWIFT MT standard, for instance,
is used for international payments, cash
shared worldwide financial messaging linguistic and systems boundaries and
to permit the seamless, automated
are appointed by the International management, trade finance and treasury
Organization for Standardization (ISO) business. Working with the SWIFT
services, and a common language for transmission, receipt and processing of to ensure the integrity of the reference community, SWIFT Standards operates
communications exchanged between
international financial messaging. To achieve users. Use of standardised messages
data defined by ISO standards, and to
publish the data in an accessible form
the annual maintenance process for MT,
which ensures that the standard evolves
this vision, SWIFT has long played an and reference data ensures that
data exchanged between institutions
for the benefit of the user community.
Examples of such standards include the
to meet changing market needs.

important role in standardisation, notably is unambiguous and machine


friendly; in turn this enables efficient
ISO 9362 Business Identifier Code (BIC SWIFT Standards, under contract to
– commonly referred to as the “SWIFT” ISO, also maintains two open messaging
by creating and maintaining global financial automation, thereby reducing costs code), which is used to identify parties, standards: ISO 15022, which is used for
and mitigating risks.
messaging and reference data standards. and the ISO 10383 Market Identifier
Code (MIC), which is used to identify
securities settlement and asset servicing,
and ISO 20022, which is scoped to all
Today financial players routinely send exchanges, trading platforms, regulated financial industry processes.
structured electronic messages to one or non-regulated markets and trade
another to perform common business reporting facilities. The role of ISO 20022 is twofold: it is
processes, such as making payments a methodology for creating financial
or confirming trades. In its ongoing role SWIFT Standards also contributes to messaging standards, and it is a
as a financial messaging standardiser, the formalisation and implementation of related body of content, which includes
the SWIFT Standards group works other reference data standards, notably definitions of common industry terms,
with the financial community to define the ISO 17442 Legal Entity Identifier and message definitions addressing
standards for these messages. These (LEI), which is increasingly required for an expanding range of business areas,
standards specify the data elements regulatory reporting purposes. Financial including payments, cash management,
that can be included in the messages, messaging standards specify these treasury, cards and securities.
document the meaning and format of codes wherever possible to minimise the
those data elements, and specify which ambiguity of data.
of the data elements are mandatory,
which are optional, and which are only Standards in the community
required in specific business scenarios.
The message standards also describe SWIFT Standards works with the user
the actions expected of the message community to specify and publish Market
receivers, and, because some business Practice – rules and best-practice advice
processes require several messages on how standards should be deployed
to be exchanged, they also specify the to meet particular business needs or to
order in which messages should be sent comply with regulation.
and received.

20 21
SWIFT and Payment Messaging SWIFT and Securities Messaging
Standardising, simplifying and securing payment messaging all around the world A pivotal role in a complex system

The transfer of value – or payment a multitude of banks, retail payment “respondents”, providing payment, short Securities operations are simple on the counterparty’s delivery instruction. The industry’s choice
– is one of the oldest and most systems, high value payment systems, term credit and other services to them. the face of it, but for each securities Once it has successfully matched the
widely used customs in the world. central banks and more. All this oils the wheels of the global sale or purchase to be completed, information sets, the CSD will settle SWIFT launched our securities messaging
We routinely make value transfers payments business. a series of instructions need to be the transaction and confirm this to the services in 1987 and since then securities
in the normal conduct our daily lives A global solution exchanged between both the buyer’s custodians, who will then inform the seller traffic has grown continuously, to
– whether in cash, or through our SWIFT plays a pivotal role in this system, and the seller’s custodians and/or and the buyer (and, potentially, both their account for approximately 50% of our
When value is “transferred” across traffic today. More than 4,500 securities
bank accounts. So much so, that we providing a safe, secure and confidential their agents and, ultimately, both of agents) that the transactions have been
borders – when we make cross-border market participants rely on SWIFT for
take payments for granted and rarely platform for the exchange of these vital their securities depositories. settled and that the assets have moved
payments – the complexity rises; more their related messaging needs, including
stop to think how value is really and instructions and pieces of information to their respective accounts.
information, instructions and checks banks and market infrastructures, broker
ultimately transferred. between participants. When investors operate across borders,
invariably have to be conveyed and dealers, custodians, fund distributors and
additional communications are often A shared infrastructure
exchanged between a greater number investment managers.
In a cash-based transaction the value A common language required between agents and global
of participants and systems. In addition, All this activity takes place repeatedly
transfer clearly occurs at the moment the custodians, as well between the
different jurisdictions will typically follow Established to create a common throughout the trading day involving Together with our community, SWIFT
notes and coins are handed over; the aforementioned parties.
different rules and have different market language and a secure system to solve a multitude of buyers and sellers, also plays an important role in developing
simple action of the handover of the cash
practices, operating hours – and for these cross-border communication custodians, CSDs and agents across message standards for all the different
results in the transfer of value. However, A trusted partner
different currencies. needs, SWIFT continues to play a leading multiple markets, jurisdictions, process steps in the post-trade securities
bank payments which we all routinely use
role across the whole payments area Once a buyer has “purchased” a security, geographies and languages. In addition, chain. Our standardised messaging
to move income, assets and receivables
We take it for granted that we can “send” today, not only internationally, but also they will need to send a settlement a wealth of further information and formats allow for full automation and
around, are not binary processes.
money around the world between banks domestically. instruction to the custodian at which they instructions need to be exchanged to straight-through-processing of securities-
Most interbank transfers are non-cash
large and small with the simple provision hold their cash and securities account to support the simple maintenance of related instructions, radically improving
payments which are realised through the
of the payment details, and the clear Our messaging platform and standards receive those securities (typically) against securities holdings – related to dividend the efficiency of post-trade securities
exchange of instructions, confirmations,
identification of the beneficiary and their allow for the seamless transfer of payment. After the custodian has verified or interest payments, to share splits, to settlement – again allowing for the
and the subsequent registration of debits
bank. More often than not, however, messages across geographies and and confirmed the instructions it has voting, to reporting, to reconciliation, seamless transfer of the related messages
and credits.
the sending bank will not have a direct between thousands of banks and received, it will send a further instruction and more. across geographies and between
relationship with the beneficiary’s receiving payment systems, enabling banks to to the relevant central securities thousands of different participants.
Modern economies depend heavily on
bank – and yet the payment still goes automatically process the related payment depository (CSD), which will match the SWIFT provides the platform on which
the smooth transfer of value within the
through. This process is supported by instructions – irrespective of language instruction with the selling counterparty’s all these communications are exchanged,
banking system; hundreds of banks
correspondent banking, an essential barriers and differences between instruction. In this step, information in effect, acting as a secure shared
might participate in any given domestic
component of the global payment system, IT systems. such as the date, price and the amount communication infrastructure for
market, and transfers will seamlessly
not only, but especially for cross-border of securities set out in the settlement securities market participants all around
be effected between them. The payer
transactions. Building on our proven role as a trusted receipt instruction will be matched with the world.
and payee respectively experience the
messaging provider, we relentlessly invest
debits and credits materialising in their
Essentially, correspondent banking is an in our systems, maintain messaging
accounts, but behind these movements
informal network of banks around the standards and pursue innovative
lies a complex exchange of instructions,
world, connected together by a series of processes and technologies to ensure
confirmations, checks and reports, netting
formal contractual arrangements. Under the payments business can perform its
and settlement processes; all these
correspondent banking arrangements, key role: oiling the wheels of economies
between a web of participants – including
one bank, the “correspondent”, will across the world.
hold deposits for other banks, their

Securing Simplifying Standardising


SWIFT delivers the world’s Institutions all across the world SWIFT messaging services
financial messages securely rely on SWIFT for payments, offer standardisation and
and reliably. securities, treasury and trade automation – the keys to
messaging purposes. operational efficiency.

22 23
Products and Services
A portfolio of innovative products and services

SWIFT’s products and services continually A community approach Software We also compile detailed business and
macro-economic intelligence based
evolve to support our community’s growing Our products and services are as
varied as the financial industry itself.
SWIFT offers a range of integration and
messaging management solutions that
on our messaging traffic data. By
measuring traffic volumes, SWIFT is able
array of access, integration, business SWIFT offers a range of access options,
produces messaging management
support everything from the complex high
volume messaging needs of the world’s
to assess economic performance as it
happens, undertake studies on the use
intelligence, reference data and financial software packages, carries out macro- largest institutions, to the lower-volume, of currencies in international transactions,
economic analyses, and enables back- cost-sensitive needs of smaller banks
crime compliance needs, and they help office automation. We also support and corporates.
and enable our users to analyse their
own traffic.
users access, generate, manage, process financial crime compliance needs
and standards implementation, offer The solutions are designed to address As well as serving market infrastructures
and understand their messaging traffic. professional training, and help our users
enhance their security and resilience.
users’ full financial messaging needs, and
offer storage, formatting, translation and
all across the world, SWIFT offers tailor-
made resilience and back-up services
Our products and services help our users conversion, orchestration, archiving and to financial market infrastructures, which
Our solutions seek to address challenges repair functionalities, amongst others.
get the most out of SWIFT messaging. faced by the SWIFT community, to
thereby benefit from an additional layer
of resiliency.
reduce risk, eliminate costs and to realise Shared Services
efficiencies in the processes supporting Building on our central role as an
Our services portfolio addresses some of
correspondent banking. ISO standards registration authority,
the biggest operational challenges faced
by financial institutions. These solutions SWIFT helps our users implement and
Our community approach allows us to update individual financial standard sets.
focus on automating otherwise manual
best address our users’ needs and to Special standard applications show our
and time-consuming procedures, and
develop shared solutions and harmonised users when standards changes standards
simplifying regulatory and technological
industry-wide approaches. have been effected, and whether their
complexities associated with financial
communication and back-office systems are up to date. Through SWIFT’s
Connectivity and Access reference data utility we also provide the
processing more generally.
In order to use SWIFT’s messaging financial industry with a common source
services, customers need to connect Our financial crime compliance services, of up-to-date correspondent information.
to the SWIFT Environment. Catering for example, help our community guard
to distinct user needs, SWIFT offers against financial crime by addressing SWIFT’s community spirit is evidenced
several different means of connecting complexity and cost related to complying through our many different consulting,
to the SWIFT Environment: directly via with sanctions and Know Your Customer professional training and support services
permanent leased lines, the internet, or (KYC) requirements. Small to mid-sized which ensure that our users are not left
SWIFT’s cloud service (Lite2); or indirectly institutions use our managed service to alone, and always have access to our
via their appointed partners. screen financial transactions, while larger SWIFT experts, no matter where they are
institutions gain third-party assurance in the world. Our trained experts ensure
In addition to the different connectivity that their sanctions environments are that our users get the most out of their
options and gateway products, SWIFT performing properly. The KYC Registry SWIFT messaging experience and help
also provides a range of interfaces, enables banks to exchange a standard us respond to their needs.
providing seamless links between set of due diligence information, mitigating
users’ internal systems and the SWIFT the cost of data collection and enabling
Environment. All our interface products compliance teams to focus on decision-
manage the SWIFT protocols needed to making. Our expanding data analytics
access the SWIFT Environment; our range services help banks pinpoint, investigate
of interfaces supports different services and mitigate possible compliance risks
and functionalities, addressing distinct related to financial transactions and
customer needs. correspondent relationships.

24 25
SWIFT2020
Grow the core, build the future

SWIFT2020 defines our priorities for the The SWIFT2020 strategy focuses on As in previous strategic cycles our In addition, we have ambitious plans
five years to 2020. We have shaped three main dimensions: principal area of focus is on our core: to support the industry in addressing
SWIFT2020 to respond to external delivering operational excellence, financial crime compliance, and
challenges and drivers as well as to build •G
 row and strengthen core messaging increasing ‘many-to-many’ message to develop our offering for market
on the success of previous strategies. services for payments and securities volume growth, and returning the infrastructures and their communities.
•E
 xpand and deepen offerings for benefits of economies of scale back
market infrastructures to customers through targeted
•B
 uild our financial crime price reductions.
compliance portfolio

Messaging

Many-to-Many Market Infrastructures

CORE MIs
Grow and strengthen core ‘many- Expand and deepen
to-many’ financial messaging, offerings for Market
connectivity and closely a
 djacent Infrastructures
products and services

Integration & Interfaces

COMPLIANCE
Build our Financial Crime
Compliance p  ortfolio to meet the
full spectrum of related challenges

Shared Services

26 27
Financial Market Infrastructures

SWIFT is a trusted partner for Financial lower costs. With its strong track record, SWIFT’s role in standardisation extends to
Market Infrastructures (FMIs) all across SWIFT delivers continued assurance via supporting FMIs and their communities.
the world. We support both payment high levels of service availability and a As well as managing and updating
and securities FMIs, including high- and relentless focus on security and reliability, standards, we help distribute Legal Entity ISO 20022
low-value as well as real-time payment as well as offering innovative tailor-made Identifiers and support migration to new
systems, Central Counterparties (CCPs), resilience and back-up services. For standards, such as ISO 20022. SWIFT is
Central Securities Depositories (CSDs), example, SWIFT’s Value-Added Network also playing an important coordinating role
Securities Settlement Systems (SSS), (VAN) Solution for T2S provides secure in FMI’s adoption of ISO 20022 through
Trade Repositories, and Exchanges. exchange of information in ISO 20022 the ISO 20022 Harmonisation Charter. As
SWIFT also provides a specially tailored formats between T2S participants ISO 20022 implementations proliferate,
communications and service solution and the T2S platform. In addition, our variability in the ways in which ISO Financial Market
for Continuous Linked Settlement optional products and services allow for 20022 is deployed, in terms of message
(CLS) which provides FX settlement a complete T2S connectivity solution, versions, market practice rules and Infrastructure strategy:
Innovative Projects
services around the world; and is actively including the integration layer with the release cycles, threatens to undermine its Expand and deepen
supporting FMIs and their communities in back-office. value as a means to reduce industry cost
the shift towards real-time payments. and risk and to enable interoperability. offerings for market
SWIFT has a long-standing history of By its nature, the challenge posed by infrastructures
Today, SWIFT supports more than supporting FMIs and their communities this fragmentation cannot be addressed
200 market infrastructures around undertaking major structural and regional piecemeal; only coordinated action at
the world, including: projects. As well as supporting FMIs with an industry level can provide a solution.
mission-critical infrastructure initiatives in Through the Charter, SWIFT brings
• More than 100 payment systems,
the Americas, APAC, and EMEA, SWIFT FMIs from around the world together
covering more than 50% of all
is driving innovation in the payments in dialogue, providing a roadmap and
high value payment systems
where we are facilitating a cost-effective technology to facilitate harmonisation. In
High Value Payments
and nearly 20% of all low value
instant domestic retail payments system. addition, SWIFT’s MyStandards platform
payment systems.
can be used to capture and share related
• More than 100 securities Driven by increased market demand standards information.
systems, covering nearly 50% for real-time retail payment services,
of all CSDs and over 30% of all SWIFT has created a new model suitable SWIFT’s portfolio of FMI services also
Central Counterparties. for both domestic and regional market includes a range of tailored services to
infrastructures which require low latency, address key operational challenges,
FMIs are impacted by fast evolving continuous availability and single- including: standards migration and
and potentially disruptive technologies, currency processing. This unique and interoperability, resiliency and connectivity. Central Securities
by direct and indirect regulation, the innovative model allows for ubiquitous Depositories
need to control costs, and the ongoing real-time payment services, ensures SWIFT continues to evolve its FMI offering
evolution in standards. SWIFT’s cost-effectiveness through the re-use of to meet market needs.
expertise in innovative technologies, customers’ existing SWIFT infrastructure
messaging and standards enables us and operates with the highest levels
to partner effectively with FMIs to help of security, availability, bandwidth and
address these challenges and find cost resilience. Operable on a 24/7/365 basis
effective and reliable ways to adapt to it allows for ‘clearing’ to be distributed
change, to reduce costs and to capture between debtor and creditor banks.
new opportunities. ‘Switch’ components orchestrate the Real Time Payments
complete message flow and enable
SWIFT engages in partnerships with FMIs access to additional applications, such as
to provide a platform for their financial proxy addressing databases which allow
messaging and integration needs. Using payments to be made using personal
SWIFT enables FMIs to successfully identifiers such as mobile phone numbers
process financial transactions, mitigate and email addresses.
risk, increase operational efficiency and

28 29
Financial Crime Compliance

As a shared utility SWIFT has a For example, SWIFT’s Sanctions challenge for banks. SWIFT’s Compliance
natural role to play in financial Screening service provides simple, cost- Analytics service helps banks monitor and
crime compliance. Financial crime effective, real-time transaction screening address financial crime risk by leveraging
compliance is critical to every SWIFT against sanctions lists. Sanctions Testing standardised SWIFT message traffic data. Utility
user, independently of location provides financial institutions with It enables users to identify anomalies in
and size. It is an area in which no transparency into their own sanctions behaviour, unusual patterns or trends,
competitive advantage can be gained environment, third-party assurance that hidden relationships, and consistently high
by individual institutions and in which their controls are working properly, and levels of activity with high-risk countries
SWIFT’s economies of scale can enables them to optimise effectiveness and entities. Institutions can either use
benefit all users. and efficiency. the advanced analytics tool themselves to
analyse their data, or SWIFT can perform Financial Crime
SWIFT’s financial crime compliance Regulators have made it clear that they analytics for them and provide the results
services complement our core messaging expect banks to know their customers as a reporting service. Compliance priorities:
KYC
services, and help the financial industry – and their customers’ customers. The Go faster and deeper
address one of its most pressing process of performing and demonstrating SWIFT is committed to supporting the
challenges. Not only are banks expected Know Your Customer (KYC) compliance industry face financial crime compliance with new compliance
to prevent criminal activity, but regulators involves the exchange of massive challenges. Together with our community, products and drive
require increasing transparency into how amounts of data and documentation with we are making the continuing expansion
such compliance activities are being each banking partner. If this work were of our financial crime compliance portfolio economies of scale
conducted. With the cost of compliance carried out by each institution individually, a top strategic priority.
continuing to grow, industry leaders agree the effort would be costly and duplicative.
that collaborative solutions are needed SWIFT’s KYC Registry addresses this
to successfully reduce costs, operational challenge by offering a single, secure
pressures and risk. global source of standardised, high-
Sanctions
quality KYC information. The Registry
Failure to comply with international was developed together with leading
sanctions has been at the base of many correspondent banks, and now also
of the well-publicised enforcement includes fund distributors and custodians.
actions in recent years. The complexity The centralised cooperative setup of
of sanctions requirements and the the Registry shows the true value of
operational challenges of addressing SWIFT’s utility-approach to financial
these pose a significant burden in terms crime compliance.
of cost and risk.
AML
Sifting through large amounts of non-
Acting on community feedback, SWIFT standardised data in order to detect
has launched a series of financial crime and prevent money laundering, terrorist
compliance services which are being financing and other illicit activities,
broadly adopted by our members. represents another major compliance

Securities

30 31
Data Privacy
Committed to privacy and data protection

Privacy is a fundamental commitment at A fundamental commitment Policies, principles and practices Data

SWIFT, an essential component of our At SWIFT we take our commitment to


privacy extremely seriously and seek to
At SWIFT, use and protection of data
is strictly controlled according to formal
Some of our messaging services require
SWIFT to store message data for 124
core services and integral to the SWIFT deliver a very strong degree of privacy
by ensuring that all data is protected by
policies and audited processes. Our
annual ISAE report on our SWIFTNet
days. This is to ensure that customers
have the ability to retrieve their own data
Environment. We protect the data and design in the SWIFT Environment, as and FIN messaging services, includes in the case of disasters, catastrophe,
well as by ensuring our full compliance data protection controls and our Data queries or disputes.
privacy of our customers around the with all applicable privacy and data Protection Officer regularly reviews

world. We operate our services to strict protection laws. these controls and makes appropriate
modifications within the related policies
Message data is stored at our operating
centres (OPCs). SWIFT maintains three
privacy and data protection standards, Privacy protections are embedded
into the design and architecture of our
as required. OPCs in two different continental zones
(EU and Trans-Atlantic) to ensure full site
and in compliance with EU data protection systems and business practices at SWIFT. SWIFT operates according to its stated redundancy. Data is held in two OPCs so
We operate according to two important promises and objectives, as set out in its that there is always a back-up in the case
regulation – considered as the most principles: privacy by design, and data policies. These policies are governed of disruption to an OPC.

stringent privacy legislation in the world. data minimisation. by the following key principles:
Our OPCs are highly secure, and
SWIFT’s approach to protecting data is • Appropriateness: We regularly review access to them is strictly controlled.
proactive and preventative: we aim to our data policies and contractual Our security measures are designed to
anticipate and prevent events before they documentation to ensure we explain prevent unauthorised physical and logical
happen; we do not wait for privacy risks clearly how we handle data, whether access, and include physical measures
to materialise; and we trust, but verify. personal or not. that protect premises as well as logical
measures that prevent unauthorised
• Transparency: Our customer related
Privacy protections at SWIFT are also access to data.
data policies are made publicly available
extended securely throughout the entire
on our website and form an integral
lifecycle of the data involved, from start to We do not share customers’ data
part of the contractual documentation
finish. This ensures that data is securely (personal or not) with any third party
for SWIFT’s messaging services.
stored and then securely destroyed at unless we are authorised by our
the end of the process in a timely fashion. • Privacy by design: Respect for privacy customers to do so or compelled to
Thus, we ensure cradle-to-grave, secure is paramount at every stage of the do so by law. We carefully review each
lifecycle management of data. design, development and delivery of demand we receive and, in the rare
our products and services. cases in which we are legally compelled
Over the years SWIFT has repeatedly to provide customers’ data (which may
• Data minimisation: We collect the
improved transparency by enhancing its include personal data), we respect
minimum amount of data needed to
contractual documentation with respect any relevant agreements, protect our
fulfil our messaging service obligations.
to the processing of customers’ data customers’ personal data to the largest
(including personal data). In doing so, • Awareness: We provide awareness extent possible, and inform our customers
SWIFT has been assisted by a working training to all employees to ensure of our compliance with such enforceable
group of data protection and compliance they have a clear understanding of the requests, unless this is prohibited by law.
experts from SWIFT users around the importance of data privacy and how to
world. SWIFT has a Data Protection ensure data is protected.
Officer who ensures that SWIFT complies
with all applicable data protection
legislation and that SWIFT’s own privacy
and data protection policies are up to
date and fit for purpose.

32 33
SWIFT Governance
Ensuring global relevance; upholding strict neutrality; supporting international reach.

SWIFT is a cooperative society Neutral Global Governance Board Committees auditor’s report can be found in SWIFT’s
annual Consolidated Financial Statements
under Belgian law and is owned and SWIFT’s Board composition is designed
to reflect usage of SWIFT messaging
The Board has six committees which
provide strategic guidance to the Board
which customers can download from
SWIFT.com, and the independent security
controlled by its shareholders. SWIFT services, ensure SWIFT’s global relevance,
support its international reach and uphold
and the Executive Committee and
review progress on projects in their
auditor’s report is made available to each
customer upon requests, subject to
shareholders elect a Board composed of its strict neutrality. Each nation’s usage of respective areas. appropriate confidentiality arrangements.
SWIFT’s messaging services determines
25 independent Directors which meets both SWIFT shareholding allocations and The Audit and Finance Committee (AFC) User Representation
at least four times a year, governs the the number of Board Directors that each
nation is entitled to. SWIFT shareholdings
is the oversight body for the audit process
of SWIFT’s operations and related internal As a neutral global cooperative, SWIFT is

Company and oversees management. are determined by a set formula, and the
nomination process and the composition
controls. It commits to applying best
practice for Audit Committees to ensure
defined by its community of users around
the world. At SWIFT we believe we can
of the Board follow rules set out in best governance and oversight. The achieve more together. By drawing from
SWIFT’s by-laws. The more SWIFT users Human Resources Committee oversees the resources of our global community,
make use of SWIFT messaging services, executive compensation, monitors we are able to harness the potential of our
the larger their shareholding in SWIFT company performance, approves franchise for the benefit of our users all
becomes at the next share re-allocation. appointments to the Executive Committee across the world. Close cooperation with
This ensures that the composition of and assists in the development of the our users helps us understand their needs
the Board reflects SWIFT’s shareholders organisation, including succession and challenges, and allows us to adapt
around the world. Depending on a planning. The Franchise Risk Committee and innovate according to their needs.
nation’s shareholder ranking, it may meets twice a year and focusses on
propose one or two Directors to the risks not otherwise covered by the other SWIFT’s National Member Groups and
Board or join other nations to collectively committees. The Banking and Payments, National User Groups play key roles in
propose a Director. The total number of and the Securities Committees focus the SWIFT community, helping to provide
Directors cannot exceed 25. on segment specific developments, a coherent global focus by ensuring
whilst the Technology and Production a timely and accurate two-way flow
Once the proposed Director nominees Committee covers developments in of information. The National Member
have been vetted, they are elected as that area. Groups propose candidates for election
Board Directors by SWIFT shareholders to the SWIFT Board of Directors and act
at the Annual General Meeting for a Audit in a consultative capacity to the Board
renewable three-year term. Every year, the and management, whilst National User
The AFC is the oversight body for the Groups act as fora for planning and
Board elects a Chairman and a Deputy
audit process of SWIFT’s internal controls. coordinating operational activities.
Chairman from among its members.
SWIFT has an internal audit function and
two independent external audit mandates.
Members of the Board do not receive any
remuneration from the Company. They are
The internal audit function is led by the
reimbursed for the travel costs incurred
Chief Auditor who has a dual reporting
in the performance of their mandate.
line: a direct functional reporting line
SWIFT reimburses the employer of the
to the Chair of the AFC and a direct
Chairman of the Board for the share of
administrative reporting line to the CEO.
the Chairman’s payroll and related costs
The external audit mandates include
that represent the portion of the time
the statutory audit and an independent
dedicated to SWIFT.
security audit mandate. The statutory

34 35
SWIFT Oversight

SWIFT’s oversight objectives centre on: Global Oversight The oversight primarily focuses on
ensuring that SWIFT has effective controls
The NBB monitors SWIFT on an ongoing
basis. It identifies issues relevant to
risk identification and management, Central banks have the explicit objective
of fostering financial stability and
and processes to avoid posing a risk to
the financial stability and the soundness
SWIFT oversight through the analysis
of documents provided by SWIFT
information security, reliability and promoting the soundness of payment
and settlement systems. While SWIFT
of financial infrastructures. As is generally and through discussions with SWIFT
the case for payment systems oversight, management. The NBB maintains a
resilience, technology planning, is neither a payment nor a settlement the main instrument for oversight of close relationship with SWIFT with
system and, as such, is not regulated
and communication with users. by central banks or bank supervisors, a
SWIFT is moral suasion. Overseers place
great importance on the constructive
regular ad-hoc meetings, and serves
as the central banks’ entry point for
large and growing number of systemically and open dialogue that is conducted on the cooperative oversight of SWIFT. In
important payment systems have become the basis of mutual trust with the SWIFT this capacity, the NBB chairs the senior
dependent on SWIFT, which has thereby Board and senior management. Through policy and technical groups that facilitate
acquired a systemic character. this dialogue, overseers formulate their the cooperative oversight, provides the
recommendations to SWIFT. secretariat and monitors the follow-up of
As a result, the central banks of the G-10 any decisions taken.
countries agreed that SWIFT should A protocol signed between the NBB
be subject to cooperative oversight by and SWIFT lays down the common A global utility with global oversight
central banks. The oversight of SWIFT understanding of overseers and SWIFT.
in its current form dates from 1998. The As lead overseer, the NBB conducts the
The protocol covers the oversight
arrangement was last reviewed in 2012 oversight of SWIFT together with the
objectives and the activities that are
when the SWIFT Oversight Forum was G-10 central banks: Bank of Canada,
undertaken to achieve those objectives.
set up. Information sharing on SWIFT Deutsche Bundesbank, European Central
The protocol is revised periodically to
oversight activities was thereby expanded Bank, Banque de France, Banca d’Italia,
reflect evolving oversight arrangements.
to a larger group of central banks. Bank of Japan, De Nederlandsche Bank,
Sveriges Riksbank, Swiss National Bank,
The oversight objectives centre on:
An open and constructive dialogue Bank of England and the Federal Reserve
risk identification and management,
System (USA), represented by the
SWIFT is committed to an open and information security, reliability and
Federal Reserve Bank of New York and
constructive dialogue with its oversight resilience, technology planning, and
the Board of Governors of the Federal
authorities. The National Bank of Belgium communication with users.
Reserve System.
(NBB) acts as SWIFT’s lead overseer, as
SWIFT is incorporated in Belgium. Other In their review, overseers seek assurances
In the SWIFT Oversight Forum, these
central banks also have a legitimate that SWIFT has put in place appropriate
central banks are joined by other central
interest in, or responsibility for, the governance arrangements, structures,
banks from major economies: Reserve
oversight of SWIFT, given SWIFT’s role in processes, risk management procedures
Bank of Australia, People’s Bank of
their domestic systems and the NBB is and controls that enable it to effectively
China, Hong Kong Monetary Authority,
therefore supported by the G-10 central manage potential risks to financial
Reserve Bank of India, Bank of Korea,
banks in this role. stability and to the soundness of
Bank of Russia, Saudi Arabian Monetary
financial infrastructures.
Agency, Monetary Authority of Singapore,
South African Reserve Bank and the
Central Bank of the Republic of Turkey.
The SWIFT Oversight Forum provides a
forum for the G-10 central banks to share
information on SWIFT oversight activities
with a wider group of central banks.

36 37
Working at SWIFT Corporate Social Responsibility
Performing at your best SWIFT cares

1
With a worldwide presence and beyond the ordinary. We seek energy, Inter-personal trust, clear expectations SWIFT’s Corporate Social
offices in all major financial centres, initiative, curiosity and a drive for and defined responsibilities ensure that Responsibility programme aims to
as well as in developing markets, continuous improvement. our teams are both effective and efficient. embed CSR in SWIFT’s corporate
SWIFT offers a truly global working mind-set and to leverage SWIFT’s
environment at the intersection of In the race for a challenging career, there Our compensation and benefits policy role as a CSR facilitator within the
finance and technology. are two winners – our staff and SWIFT. looks beyond salary and bonus packages. financial industry. Operating responsibly
Careers at SWIFT carefully balance Through world-class development and sustainably by:
SWIFT is a mid-sized company with our company’s business needs with opportunities and job rotation We consider the global nature of SWIFT’s – Greening SWIFT, with the objective
global reach, in which employees know the personal aspirations of our staff. programmes, SWIFT has attractive career business – working with and for financial of becoming CO2 neutral by 2020,
each other well, and internal collaboration Moreover, we support career growth opportunities for ambitious professionals communities across the world – to be – Fostering responsible and
and mobility are not only encouraged – by providing opportunities for people who value internal mobility. SWIFT also both a privilege and a responsibility. ethical behaviours of our staff
but required. SWIFT’s unique position management, exposure to different fields actively strives to continuously improve We aim to fulfil this duty with maximum and stakeholders,
gives our staff exceptional exposure of expertise, technical training and lateral the wellbeing of its workforce. efficiency and sustainability, and by taking – Embedding CSR in our supply chain,
to all aspects of the global financial moves between business areas. There are every opportunity to positively touch the – Promoting diversity and inclusion.
system and allows our staff to make a many career paths within SWIFT, and no We are continuously on the look-out for communities we serve.
meaningful contribution to the industry’s two paths are alike. financial market experts and technology

2
development. professionals who are eager to contribute At SWIFT we incorporate social,
SWIFT employees have diverse to the excellence of SWIFT. environmental, ethical, and human rights
The challenging business, operating and perspectives, work experiences, life styles considerations in our operational strategy.
security environments in which SWIFT and cultures. We strongly believe that If you are a collaboration-oriented Education, diversity, sustainability,
and its users operate require international respecting and valuing these differences global citizen with a drive for excellence; community outreach—our belief in
teamwork and industry collaboration. strengthens our company’s ability to someone who appreciates the challenges the importance of these issues is
SWIFT staff have the opportunity to co- grow. We believe it helps us to be better and opportunities of a critical high-tech embedded in our mindset. Our role as an
create the future of the financial industry prepared for the future. Our inclusive environment in which your curiosity and intermediary in the financial industry also Caring for our communities:
from within, and our expected growth will approach ensures a diverse workforce, improvement is rewarded with interesting places us in a great position to facilitate – Engaging in local initiatives that
continue to create local and international in which both applicants and employees international career opportunities, then dialogue on these topics. focus on children and education,
career opportunities for our workforce in are offered equal opportunities. SWIFT may be just the place for you! – Encouraging our staff around
the years to come. SWIFT has adhered to the United Nations the world to get involved in
SWIFT adopts a modern employment Global Compact since October 2012. community service.
Our highly skilled staff are required approach with a healthy vision on work- This initiative aims to create a sustainable
to meet the highest standards of life balance that offers remote and flexible and inclusive global economy by calling
personal and professional integrity working regimes wherever possible. on companies to align strategies and
and to demonstrate the capacity to go To do so, SWIFT empowers employees operations with Ten Principles in the areas

3
with cutting edge online tools and a of human rights, labour, environment and
collaborative working infrastructure. anti-corruption. SWIFT’s annual progress
report on these principles is available both
on the UN Global Compact website and
on SWIFT.com.

Facilitating dialogue and


SWIFT is committed to making a
reinforcing business
difference in supporting our three CSR
priority areas: sustainability by:
– Promoting CSR topics at Sibos
• Operating responsibly and sustainably
and through the SWIFT Institute,
Diversity Mobility Opportunity • Caring for our communities – Contributing to local initiatives in
• Facilitating dialogue and reinforcing emerging countries in line with our
business sustainability business priorities.

38 39
SWIFT in the Community

SWIFT Institute SWIFT Lab Innotribe Sibos and events

The SWIFT Institute is The SWIFTLab is a Through Innotribe SWIFT Sibos is an annual conference,
committed to fostering collaborative innovation brings together leading exhibition and networking
research and disseminating space dedicated to fostering financial institutions, industry event organised by SWIFT for
knowledge and information new ideas, to testing professionals and startups at the global financial industry.
about the financial services new technologies and to a series of global events to In addition SWIFT gathers
industry. It works to bridge the showcasing all that SWIFT identify, develop and implement members of its community
gap between academia and the can offer. transformational innovations together throughout the year at
global financial industry. in and around strategic a series of regular events and
focus areas. local business forums.

40
SWIFT: The global financial messaging provider
SWIFT supports the
financial industry in
more than 200 countries
and territories, and has
a global presence with
27 offices worldwide.

Accra
Beijing
Brussels
Dubai
Frankfurt
Hong Kong
Johannesburg
Kuala Lumpur
London
Madrid
Mexico City
Miami
Milan
Moscow
Mumbai
Nairobi
New York
Paris
São Paulo © SWIFT 2016
57188 – May 2016

Seoul This brochure is printed on Munken Polar

Shanghai – an FSC® Mix grade manufactured at


a mill certified to ISO 14001 and EMAS

Singapore environmental management standards.


The pulp used in this product is bleached

Stockholm using both Elemental Chlorine Free (ECF)


and Totally Chlorine Free (TCF) processes.

Sydney Printed by Pureprint. Pureprint are

Tokyo ISO14001 certified, CarbonNeutral


and FSC and PEFC Chain of Custody

Vienna certified. The inks used are vegetable


oil-based.

Zurich For more information about SWIFT


swift.com

and our contact details, please visit


SWIFT.com.