SWIFT Overview Association of International Bank Auditors Amanda De Castro, Sales Services James Wills, Banking Initiatives, Standards
Agenda Alliance Access R 7.0 Relationship Management Application (RMA) Sanctions Screening 2
SWIFT 7.0 Advanced resiliency functionality
Alliance Portfolio Overview: Release 7.0 features Financial! Applications Access Administration & Control Web!Platform! Direct FileAct FileAct Integrator Middleware SOAP/MQHA FileAct over MQ Access Automation & Control Oracle Embedded Gateway Improved resiliency LDAP! Server LDAP Integration 4
Database Resiliency Access 7.0 Disaster Site Recovery Support Asynchronous Disk Replication (SAN) Resume operations With a single command Without losing any operational data Protection against a local data loss Cluster complement Backup system recovery! Recover command will work 5
Legend: Primary route(s) Connectivity Resilience with RA Backup route Failover with SAA and SAG on same server Production Contingency (DR) Back office application Messaging and communications interfaces SAA SAG RA SAA SAG HSM box HSM box Alliance Connect Alliance Connect 6
Multiple Gateway Connections RA Adapter Gateway!1 Release 7.0 allows Access to connect to up to 4 Gateways, and it will switch automatically from the primary Gateway to any of the three backups! HSM Boxes can also create a cluster of 4, increasing the resilient environment! Access Gateway!2 Gateway!3 Gateway!4 7
SWIFT Audits SWIFT Consulting Services Infrastructure OS Security Alliance Security Hardware Networking Messaging Capacity Resiliency User Accounts Processes File System Data Encryption Data Backup Access Controls Functional Controls Access Controls Operators Permissions 8
RMA Know your business partners
RMA service is about AUTHORISATIONS and HOW TO 1. Establish them 2. Apply them Business layer: Define who can send traffic to whom Operations layer: Use the business rules to filter unwanted traffic 10
RMA for SWIFT services AAAANL2A I authorise you to send me traffic! BANKBRRJ I accept RMA RMA can receive from can send to AUTHORISATION can receive from can send to BANKBRRJ AAAANL2A InterAct ENABLED ENABLED FileAct 11
RMA for SWIFT Services AAAANL2A RMA can receive from can send to I accept as well AUTHORISATION BANKBRRJ And here is my authorisation can receive from RMA can send to BANKBRRJ BANKBRRJ AAAANL2A AAAANL2A InterAct ENABLED FileAct ENABLED 12
Need more info? Visit Swift.com RMA pages RMA Service Description and Operations Guide User handbook RMA Frequently Asked Questions RMA over FileAct: Alliance Interfaces positioning paper RMA for FileAct in SCORE Knowledge base tip: Application Service Profile on swift.com ASP/RMA qualified messaging interfaces 13
SWIFT Sanctions Screening and Payment Messages AIBA James Wills, Banking Initiatives March 13, 2012
FIN message categories Category 1 Customer Payments & Cheques (18 messages) Category 2 Financial Institution Transfers (17 messages) Category 3 Treasury Markets Foreign Exchange, Money Markets & Derivatives (27 messages) Category 4 Collections & Cash Letters (18 messages) Category 5 Securities (67 messages) Category 6 Treasury Markets Metals & Syndications (20 messages) Category 7 Documentary Credits & Guarantees (29 messages) Category 8 Travellers Cheques (18 messages) Category 9 Cash Management & Customer Status (29 messages) Category 0 System Messages (44 messages) 15
Common Payments Messages MT 103 Scope This message type is sent by or on behalf of the financial institution of the ordering customer, directly or through (a) correspondent(s), to the financial institution of the beneficiary customer. It is used to convey a funds transfer instruction in which the ordering customer or the beneficiary customer, or both, are nonfinancial institutions from the perspective of the Sender. MT 202 Scope This message is sent by or on behalf of the ordering institution directly, or through correspondent(s), to the financial institution of the beneficiary institution. It is used to order the movement of funds to the beneficiary institution. 16
High level message flow the impact of SWIFT Settlement path can change based on information exchanged using SWIFT messages Originator Originator s Bank IBK # 1 IBK # 2 Beneficiary s Bank Beneficiary Payment Initiation SETTLEMENT Fed SWIFT MESSAGING 17
Sanctions screening
Sanctions screening Scope On-boarding process Ongoing reviews Customer identification & verification Initial due diligence Customer screening start transacting Ongoing due diligence Customer & transaction monitoring Transaction screening Sanctions Screening over SWIFT is a Transaction screening service: FIN MT messages (CAT 1, 2, 4 and 7 at launch) Real time 19
Sanctions screening service overview Your institution A combination of best of breed: Filter application Sanctions List update service Centrally hosted and operated by SWIFT Real-time filtering service of FIN messages No local software installation & integration project Your correspondents 20
Service overview - as sender 21
Service overview - as receiver 22
How does it work? Configuration Use 23
Message type selection Configuration Use Incoming & outgoing flows selected by default, no possibility to change All MT within a business area selected by default, possibility to unselect MTs 24
User & workflow management Configuration Use Users authenticated via Secure Tokens Roles available: Administrator Compliance Level 1 user Level 2 user Choice of workflow Standard 4 eyes 25
List management Configuration Use Lists are centrally managed by SWIFT Quality assurance process Report on all changes for each update to lists Suggestions for good-guys 26
Public lists supported at launch AU - Australia Department of Foreign Affairs and Trade AU - DFAT Iran Specified Entities Lists AU - Reserve Bank of Australia CA - Canada Office of the Superintendent of Financial Institutions CA - Department of Foreign Affairs and Trade EU - European Commission Official Journal EU - Europe Countries Embargoes FR - France Journal Officiel Français HK - Hong Kong Monetary Authority HK - HKMA Countries Embargoes JP - Japan Ministry of Finance NZ - New Zealand Police SG - Singapore Monetary Authority of Singapore CH - Switzerland Secrétariat d'etat à l'economie CH - SECO Countries Embargoes GB - United Kingdom Her Majesty Treasury GB - HMT Investment Ban list GB - HMT Countries Embargoes UN - United Nations United Nations UN - UN Countries Embargoes US - Office of Foreign Assets Control US - Denied Person List US - FinCEN US - Palestinian Legislative council US - US Countries Embargoes 27
How does it work? Configuration Use 28
How does it work? Your institution notification Your correspondents Messages resulting in alerts are temporarily held in the filter and notified to the bank for investigation 29
In case of true hit on an alert Your institution abort notif. Alerts When the user confirms a true hit on an outgoing message: The original message is aborted An abort notification (MT019) is sent to the user Your correspondents 30
In case of true hit on an alert Your institution special queue! Alerts Your correspondents When the user confirms a true hit on an incoming message: The original message is flagged then delivered to the recipient that routes it to a special queue for appropriate processing 31
Reporting & Auditing Service provides: Monthly reporting of screening activity Audit trail of all message ID, decisions Audit trail of screening parameters SWIFT performs: Periodical independent reviews to ensure effectiveness of the filter 32
Sanctions Screening Benefits A service provided by Cost efficiency Ready to use Easy to use Real time State of the art Security Resilience Operational excellence 33
Thank you 34