The Society for Worldwide Interbank Financial Telecommunication (SWIFT), a member-owned cooperative which has been in existence for more than 30 years, does not regard itself as a provider of services facilitating and standardizing the secure and highly reliable exchange of financial information between registered partners via secure telecommunication networks (the SWIFT network), but as a catalyst bringing together the financial world on one platform, SwiftNet, with sensible ideas and solutions. SWIFT connects not only banks, but also non-bank financial institutions with banks, and has done so for quite some time. Interaction between members is subdivided into areas such as establishing business relationships, exchanging standardized financial information (FIN messages) – e.g. confirmations and payments – and also the interactive exchange of data based on xml (FileAct) or browser services (secure HTTP).
If a company decides to use this platform, technical access is an issue: Does a complete SWIFT infrastructure in the traditional sense have to be established for introduction of SWIFT at the company, or are there sensible alternatives? What are the advantages and disadvantages and what type of connection would be most suitable for the company's business model?
Why use SWIFT at all?
More than 10,000 banks and enterprises are connected to SWIFT in over 200 countries. The vast majority are located in Europe, the Middle East and Africa (around 66% of customers as of August 2015), with a share of about 13% in Asia and 21% in America. As many as 500 million messages are exchanged on average every month. Despite the large number of customers and volume of messages, which are exchanged via the SWIFT network, SWIFT is highly available and stable.
SWIFT solves the problem – relating to FIN standards and access channels to banks – encountered by many companies, of differing formats being used for payment transactions and therefore offers an opportunity to harmonize processes and formats and thus also reduce costs in this area.
In addition to implemented industry standards such as IP connectivity (secure IP), VPN (virtual private network)/IP protection and PKI (public key infrastructure), SWIFT also offers strict segregation of duties by means of certificates, user profiles and roles (role-based access control – RBAC) and registering security officers. Various queues allow dual control and segregation of duties, for example after creation, verification, authorization and dispatch. Three-level encryption (at application, messaging and network level) provides a very secure basis for the exchange of messages.
What is the best access to SWIFT?
In-house SWIFT landscape
If the conventional route of in-house infrastructure is taken, including hardware components and internally operated network access, applications provided by SWIFT have to be used for these systems. These mainly include SwiftAllianceAccess/Entry (SAA/SAE), SwiftAllianceGateway (SAG) and SwiftAccord1, the Online Operations Manager (O2M) (administration of security certificates) and the web platform, all of which now offer web-based administration and access.
SAA/SAE is the center piece of installation. It is used to set up business partners (message partners) and own entities (via logical terminals) and manage their relationships (relationship management application – RMA) and is also used for routing and reporting (message management). SAG is the connection to SwiftNet (concentrator of traffic) and also controls security by means of special hardware and software and suitable encryption procedures. Accord serves as a platform for real-time matching of confirmations, while the web platform is used to administer and structure the above applications.
Depending on the planned data volume, registered services, support category (silver, gold, etc.) and number of legal entities of the company to be connected, a range of additive license and service fees are charged. With this in mind, the introduction of SWIFT – assuming that an in-house infrastructure is to be set up – can become very expensive very quickly. A frequent criticism by companies which have chosen this route is that all the requirements for operation of the technical gateway are set by SWIFT and that they are rather inflexible. Examples include mandatory updates with short lead-up times, new standards that have to be integrated into the system annually, or pre-specified network operators for technical connection to the SWIFT network.
At least for international corporations with numerous subsidiaries worldwide, the administration of business partners and group entities becomes complicated and cumbersome very quickly. Incoming and outgoing SWIFT messages, such as payment orders and bank statements, have to assigned to various logical units via different queues. The related error messages are often cryptic and hard to find. In response to rejected messages (e.g. incorrect payment order), an NAK (Not AcKnowledged) code is provided, which can be investigated based on the related description, however in practice frequently does not describe the actual error very precisely or cannot even be found.
From an administrator's point of view, providing support is therefore very elaborate and time-consuming, because of the numerous individual applications, high degree of monitoring as well as administration effort and complex routing. This requires staff who are well trained, a process which could take a considerable length of time.
Alternative connections to SWIFT
Companies that shy away from the complex administration of an in-house SWIFT infrastructure as described above however can still have access to SWIFT. Because, luckily, there are alternatives and many corporates have started using the services of a SWIFT service bureau (SSB) or the SWIFT Alliance Lite2 option in the recent past.
Choosing an SSB has the advantage that companies can use a low-cost overall package offered by a third-party provider for their entire technical connection to SWIFT, the operation of access components, and selected services such as format conversion. This not only allows considerably faster and more efficient first-time access to SWIFT, but also saves cost. In-house infrastructure and the need for internal expertise are reduced to a minimum, as the service bureau takes care of the operation and administration of the environment. Moreover, an SSB ensures that security and technology standards are up-to-date and remain so in future. One disadvantage from the point of view of the company is exposure to risk due to outsourcing of sensitive data to a third party and also lack of end-to-end encryption depending on process design. Besides security aspects, it is important that the SSB is always available and also has redundant servers, emergency plans, etc. in place.
The services offered by SSBs vary depending on provider. A whole range of services and possibilities are on offer based on individual pricing models, ranging from the mere provision of transfer services and fully administered outsourcing solutions to converting in-house formats automatically into SWIFT formats. It is therefore imperative to undergo a structured selection process for the most appropriate service provided based on individual requirements before introducing the actual project.
Alliance Lite2, on the other hand, is a slim, internet-based solution developed by the SWIFT organization, which allows direct communication with SWIFT without third-party provider and without having to set up a complex in-house infrastructure. Companies still have to make fail-safe in-house components (server, network) available and operate access software made available by SWIFT on them. However, the environment and requirements of SWIFT in this regard are far less complex than for the 'conventional' SWIFT infrastructure. For example, access can be provided via the internet with a secure VPN connection, therefore not requiring a leased line from a dedicated telecommunications provider. This saves costs, time and administrative effort, and is therefore an alternative for companies which are confident that they can provide the relatively limited amount of technical administration required and do not need the additional services of a SWIFT service bureau.
In the specific context of a multinational company looking for security, standardization and reliability in banking communication, there is, at times, no alternative to SWIFT. However, when introducing SWIFT, future users need to assess whether a SWIFT infrastructure of their own is still useful or it would be better to use the services of a service bureau or the Alliance Lite2 option.
When establishing an in-house SWIFT gateway, one needs to be aware of the cost and effort as well as exclusive training of staff required (which can only be obtained from SWIFT directly). In-house staff need to be trained for a relatively long period of time and gain a thorough understanding of the SWIFT world and terminology. This applies equally to the Alliance Lite2 solution of SWIFT, even though the cost, equipment and effort are considerably lower.
A decision is therefore not easy or unequivocal at all, because a variety of parameters have to be weighed and considered. This has to be based on a thorough analysis also, and particularly, of the various SSBs and the services they offer and also of other SWIFT alternatives.
Source: KPMG Corporate Treasury News, Edition 49, November 2015
Author: Tobias Riehle, Manager, firstname.lastname@example.org
1 It should be mentioned that the SwiftAccord service will end on October 31, 2017. While SWIFT offers assistance and support with the selection and implementation of a new solution, registered customers of Accord should think about the consequences of replacing Accord at their company in due time.
© 2017 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.