SWIFT’s oversight objectives centre on the security, operational reliability, business continuity, risk identification, and resilience of the SWIFT infrastructure.
Central banks have the explicit objective of fostering financial stability and promoting the soundness of payment and settlement systems.
While SWIFT is neither a payment nor a settlement system, and is therefore not regulated as such by central banks or bank supervisors, it is subject to central bank oversight as a critical service provider. A large and growing number of systemically important payment systems have become dependent on SWIFT, which has thereby acquired a systemic character.
As a result, the central banks of the G-10 countries agreed that SWIFT should be subject to cooperative oversight by central banks. SWIFT has been subject to oversight since 1998.
The arrangement was last reviewed in 2012 when the SWIFT Oversight Forum was set up. Information sharing on SWIFT oversight activities was thereby expanded to a larger group of central banks.
An open and constructive dialogue
SWIFT is committed to an open and constructive dialogue with its oversight authorities. The National Bank of Belgium (NBB) acts as the lead overseer, and is supported by the G-10 central banks. The oversight primarily focuses on ensuring that SWIFT has effective controls and processes to avoid posing a risk to the financial stability and the soundness of financial infrastructures.
The NBB is lead overseer, as SWIFT is incorporated in Belgium. Other central banks also have a legitimate interest in, or responsibility for, the oversight of SWIFT, given SWIFT’s role in their domestic systems. As is generally the case for payment systems oversight, the main instrument for oversight of SWIFT is moral suasion.
Overseers place great importance on the constructive and open dialogue that is conducted on the basis of mutual trust with the SWIFT Board and senior management. Through this dialogue, overseers formulate their recommendations to SWIFT.
A protocol signed between the NBB and SWIFT lays down the common understanding of overseers and SWIFT. The protocol covers the oversight objectives and the activities that are undertaken to achieve those objectives. The protocol is revised periodically to reflect evolving oversight arrangements.
Objectives, areas of interest
The oversight objectives centre on: risk identification and management, information security, reliability and resilience, technology planning, and communication with users.
In their review, overseers seek assurances that SWIFT has put in place appropriate governance arrangements, structures, processes, risk management procedures and controls that enable it to effectively manage potential risks to financial stability and to the soundness of financial infrastructures, to the extent that they are under SWIFT’s control. In 2007 the overseers developed specific oversight expectations applicable to SWIFT, known as the ‘High level expectations for the oversight of SWIFT’ (HLEs). The High Level Expectations document the five categories of expectations that overseers have vis-à-vis the services SWIFT provides to the global financial infrastructure. The five Expectations relate to: risk identification and management, information security, reliability and resilience, technology planning, and communication with users.
Overseers review SWIFT’s identification and mitigation of operational risks, including cyber security, and may also review legal risks, transparency of arrangements and customer access policies. The overseers may also discuss SWIFT’s strategic direction with the SWIFT Board and senior management.
This list of oversight fields is indicative, not exhaustive. Overseers will undertake those activities that provide them comfort that SWIFT is paying proper attention to the objectives described above. Nevertheless, SWIFT continues to bear the responsibility for the security and reliability of its systems, products and services. The oversight of SWIFT does not grant SWIFT any certification, approval or authorisation.
International cooperative oversight
As lead overseer, the NBB conducts the oversight of SWIFT together with the G-10 central banks: Bank of Canada, Deutsche Bundesbank, European Central Bank, Banque de France, Banca d’Italia, Bank of Japan, De Nederlandsche Bank, Sveriges Riksbank, Swiss National Bank, Bank of England and the Federal Reserve System (USA), represented by the Federal Reserve Bank of New York and the Board of Governors of the Federal Reserve System.
In the SWIFT Oversight Forum, these central banks are joined by other central banks from major economies: Reserve Bank of Australia, People’s Bank of China, Hong Kong Monetary Authority, Reserve Bank of India, Bank of Korea, Bank of Russia, Saudi Arabian Monetary Agency, Monetary Authority of Singapore, South African Reserve Bank and the Central Bank of the Republic of Turkey. The SWIFT Oversight Forum provides a forum for the G-10 central banks to share information on SWIFT oversight activities with a wider group of central banks.
Oversight structure — oversight meetings
The NBB monitors SWIFT on an ongoing basis. It identifies issues relevant to SWIFT oversight through the analysis of 6documents provided by SWIFT and through discussions with SWIFT management. The NBB maintains a close relationship with SWIFT, with regular ad-hoc meetings, and serves as the central banks’ entry point for the cooperative oversight of SWIFT. In this capacity, the NBB chairs the senior policy and technical groups that facilitate the cooperative oversight, provides the secretariat and monitors the follow-up of any decisions taken.
Access to information
In order to achieve their oversight objectives, the overseers need timely access to all information that they consider relevant. Typical sources of information are SWIFT Board papers, security audit reports, incident reports and incident review reports. Presentations by SWIFT staff and management represent another important source of information for the overseers.
Finally, SWIFT assists the overseers in identifying internal SWIFT documents that might be relevant to address specific oversight questions. Provisions on the confidential treatment of non-public information are included both in the protocol between the NBB and SWIFT, and in the bilateral Memoranda of Understanding between the NBB and each of the other cooperating central banks. The official description of the NBB’s oversight role can be found in the Financial Market Infrastructures and Payment Services Report published by the National Bank of Belgium and is available on its website www.nbb.be.