- SWIFT completes transparency improvements and obtains registration for Safe Harbor
SWIFT completes transparency improvements and obtains registration for Safe Harbor
New policies available on this web site
SWIFT has improved the transparency of its contractual documentation relating to the processing of financial messaging data in the context of data protection requirements.
SWIFT has also obtained registration for the Safe Harbor programme of the US Department of Commerce.
This means that SWIFT has now completed two of the three initiatives announced by its Board of Directors to achieve legal certainty for SWIFT and its member banks in the context of SWIFT’s compliance with US Treasury subpoenas for ongoing terrorism financing investigations.
The third initiative, a system re-architecture, is due for Board approval at the end of September. The new architecture will allow for intra-European messages to be stored in Europe only.
The new policies published today improve the transparency of SWIFT’s contractual documentation. They are relevant both for SWIFT’s customer institutions and for the banks’ customers. SWIFT has developed the policies in consultation with the Data Protection Working Group (DPWG) it established earlier this year. The DPWG is composed of data privacy and compliance experts from European and non-European banks. The new policies are:
- SWIFT Data Retrieval Policy: sets out SWIFT’s policy on the retrieval, use, and disclosure of message and traffic data. This policy existed previously and now provides additional transparency.
- SWIFT Personal Data Protection Policy: sets out the roles and responsibilities of SWIFT and its customers with regard to the processing of personal data. The roles and responsibilities were previously governed by the SWIFT General Terms and Conditions and other contractual documentation. They are now consolidated into a single and separate policy.
- SWIFT Safe Harbor Policy: provides an adequate level of protection for SWIFT's mirroring of data in its US Operating Centre. This policy specifically covers personal data that are contained in message data which relate to individuals residing in the European Economic Area (EEA) member states, or that are sent by SWIFT customers based in one of the EEA member states. SWIFT's presence on the Safe Harbor list can be verified on the US Department of Commerce web site.
Also available is a ' Frequently Asked Questions' document reflecting questions received from SWIFT customers about data protection matters.
Joining Safe Harbor
SWIFT has finalised its Safe Harbor policy, also in consultation with the Data Protection Working Group. It has obtained registration for the Safe Harbor programme of the US Department of Commerce.
Safe Harbor is a framework that consists of data protection principles based on EU data protection principles. By adhering to this framework, SWIFT confirms that customer data located in SWIFT's US Operating Centre are protected under similar data protection principles as in Europe.
As previously advised, the European Union announced on June 28 that it has received guarantees from the United States Treasury that the data it obtains from SWIFT is processed in a way which takes account of EU data protection principles. These guarantees and the related correspondence have been published today in the Official Journal of the European Union.
These combined actions reinforce legal certainty for SWIFT and the international financial community, and ensure further compliance with their respective obligations under European data protection law.