SWIFT seeking legal certainty while pursuing safe harbor status, increased contract transparency and global architecture alternatives
At its meeting of 15 March 2007, the SWIFT Board took actions related to SWIFT’s compliance with US Treasury subpoenas for ongoing terrorism investigations. The Board’s actions stressed the need for legal certainty for SWIFT and its member banks while pursuing three key initiatives: achieving Safe Harbor status for SWIFT’s US operations, improving customer contract transparency, and developing systems alternatives for SWIFT’s global messaging infrastructure.
SWIFT’s Board emphasised the urgent need for a solution to compliance with US Treasury subpoenas that provides legal certainty for the financial industry as well as for SWIFT. Last year, top EU officials called for talks between the EU and the US to agree to such a solution. These talks are now underway. Although SWIFT is not party to the talks, we have cooperated fully with requests that we have received from officials from EU Member States, the European Council and the European Commission.
The Board also mandated the SWIFT Executive to take the following actions:
Achieving Safe Harbor status
SWIFT will continue its activities to adhere to the Safe Harbor framework of the European data privacy regulations. Safe Harbor is a framework negotiated by the EU and US in 2000 to provide a way for companies in Europe, with operations in the US, to conform to EU data privacy regulations. By adhering to this framework, SWIFT confirms that customers' data located in the US are protected under similar data privacy principles as in Europe. SWIFT has already been informed by the US authorities that it meets the eligibility criteria for Safe Harbor. Significant technical and legal work still needs to be done to finalize this activity which is expected by Q3 2007.
Increasing contract transparency
SWIFT has set up a data privacy working group (DPWG) composed of eleven data privacy and compliance experts from European and non-European banks. The group will propose contractual solutions to further enhance compliance and transparency, where appropriate, for the processing of financial messaging data, including for the banks’ customers. The group will also review the implementation of the Safe Harbor principles by SWIFT, in so far as this may impact the community. The group has an intense work plan leading to a report to the Board in mid June 2007.
Developing global architecture alternatives
SWIFT will move ahead to develop business cases for improvements to SWIFT’s current global messaging architecture that will:
a) address the concerns raised by data privacy regulations,
b) strengthen SWIFT's resilience, and
c) provide enhanced opportunities for commercial activities.
It has asked the SWIFT Executive to assess the impact of these criteria and develop possible options to achieve them. This includes the impact of these options on SWIFT’s and its customers’ cost and service structure. SWIFT has already completed preliminary studies, and expects to propose alternatives for a formal decision by the Board. An initial report with details on the various options will be given to the Board in June 2007, with a final decision expected at the September 2007 Board meeting.
SWIFT continues to work with our members and with National Member Groups to address data privacy concerns. SWIFT values the trust that our members have placed in us for more than 30 years and we will continue to work vigorously to protect and maintain that confidence.