Important information from the SBA regarding the disclosure of client details in payment transactions, securities transactions and other transaction types in connection with SWIFT.
Banks primarily use the services of SWIFT for payment transactions and the processing of securities transactions. At present, there is no other company that offers such services worldwide. Below we answer the questions that are posed to us most frequently with regard to SWIFT and the risks connected with disclosing data abroad.What is SWIFT?
S.W.I.F.T. stands for "Society for Worldwide Interbank Financial Telecommunication". It is a cooperative headquartered in Belgium and its members are made up of banks from numerous countries. SWIFT standardizes the exchange of messages between financial institutions, in connection with payments, securities and other financial transactions. The main participants in the message transmission system are banks, brokers, asset managers and national and international central securities depositaries. SWIFT has very high standards with regard to data security and uses a secure encrypted network for the transmission of information. You may find more information about SWIFT on its homepage at www.swift.com
.How does SWIFT work?
In order to demonstrate how SWIFT works, we will use the following example: If you authorize your bank to send EUR 5’000 to a friend in Italy, the bank enters the order in an electronic form known as a SWIFT message. The bank debits EUR 5’000 from your account and sends the payment message via SWIFT to your friend's bank in Italy. The encrypted SWIFT message informs your friend's bank that there is a transfer order for him and that the equivalent of EUR 5’000 should be credited to your friend. Please note: SWIFT only exchanges encrypted messages. No funds are exchanged via SWIFT.What does SWIFT do with personal data?
In addition to its message transfer network, SWIFT currently also operates two computer centers for data processing, in the US and the Netherlands, with a further centre in the pipeline for Switzerland. At these computer centers, the messages within the SWIFT network are encrypted, checked to ensure they have the correct structure, uniquely referenced, stored in a cache and inspected for alterations. The data is processed in one computer centre and saved at a second for security reasons (backup). The storage period at SWIFT is a maximum of 124 days. During this time, the messages are saved at both computer centers. Following this period, the messages are deleted from all databases at all locations. The information is stored for reasons of operational security, in case a financial institution requests that SWIFT reproduce messages. The computer centre in the Netherlands will be used for storing messages until the end of 2012, with the Swiss computer centre being used following this date. The computer centre in the US will continue to be used for backups until the end of 2009, after which the centre in the Netherlands will take up this function.Disclosure of dataWhat does this mean for your payment transactions?
For the processing of domestic and cross-border payments, information about the ordering customer is disclosed to the banks and system operators involved in Switzerland and abroad. This information is required primarily under the applicable provisions for the combating of money laundering and financing of terrorism. The main information provided includes the name, address and account or identification number of the ordering customer although date of birth and place of birth may be provided in place of the address. In the case of domestic payment transactions, this information may be omitted, with the exception of the account or identification number, although it must be forwarded to the beneficiary's bank within three working days if it is requested. The banks and system operators in question are primarily correspondent banks of the bank issuing the payment, payment system providers (e.g. SIX Interbank Clearing AG in Switzerland) or SWIFT. It is also possible that the parties involved in the transaction may pass on the data, for processing or data backup to mandated third parties in other countries for instance. Furthermore, details about the ordering customer are provided to the beneficiary in Switzerland or abroad.
For domestic payments in foreign currencies, information on the person issuing the order is also disclosed to the banks and system operators abroad which are involved in the transaction. In the case of domestic payments in Swiss francs, it can also not be ruled out that information on the person issuing the payment will be sent abroad. This can occur, for example, if a bank is connected indirectly to the Swiss interbank payment system ("SIC") via remoteGate rather than having a direct connection or if SWIFT is used to make clarifications regarding a transaction.What does it mean if a bank is connected to SIC via remoteGate?
Domestic payments in Swiss francs are processed via SIC. This payment system is operated by SIX Interbank Clearing AG by mandate of the Swiss National Bank. Most financial institutions in Switzerland have direct access to SIC. However, there are some banks in Switzerland that execute only a few domestic transactions in Swiss francs, meaning that a connection to SIC would be relatively expensive. In 2000, banks such as these and institutions abroad were given the option of accessing SIC via SWIFT when SIX Interbank Clearing AG, commissioned and supported by the Swiss National Bank, developed remoteGate. When accessing SIC via SWIFT, data on the principal and the beneficiary are sent abroad and saved in SWIFT's computer centers. This is the case with banks that use remoteGate. However, it is not only the clients of banks that use remoteGate who are affected by the transfer of information abroad. Clients of banks which execute transactions with the users of remoteGate are also affected. If a bank that uses SIC sends a payment order to a bank that is connected to SIC via remoteGate, the payment order is transferred from SIC to the SWIFT system, meaning that data on the principal and the beneficiary is sent abroad.What does this mean for securities transactions?
For the processing of domestic and cross-border securities transactions and inquires in connection with such transactions, there are two main areas which involve the disclosure of data to the banks and central depositaries involved in Switzerland and abroad.
For deliveries and withdrawals of securities to and from custody accounts and custody account transfers, the custody account number, the name and the address of the end beneficiary in Switzerland may be sent abroad when this data is transmitted via SWIFT by the involved banks and central depositaries to ensure orderly processing.
Furthermore, for securities held abroad on behalf of bank clients, the name of the securities holder or the name of the registered shareholder, and in some cases address details, are included in SWIFT messages. These SWIFT messages affect, for example, special transactions of the foreign depositaries of Swiss banks, such as the opening of special custody accounts (in the name of the client), subscriptions and redemptions of foreign funds made in the name of the client, physical transfers of a client's special holdings held abroad, the entry and re-registration of shareholders in foreign registers and other special cases involving foreign capital transactions and the exercise of voting rights.What does this mean for other financial transactions?
For other transactions such as documentary credits, guarantees, collections and foreign exchange transactions, all details on the transaction in question (e.g. names, addresses and account numbers of the parties involved in the transaction) are communicated to the banks and system operators involved via SWIFT and are therefore communicated abroad. As is the case with payment transactions and securities transactions, inquiries regarding transactions may also be made via SWIFT.Why is data disclosed?
The information discussed above is disclosed in order to fulfill statutory and regulatory requirements in Switzerland and abroad. For example, in the case of cross-border payments, data on the ordering customer must be provided. The provision of this information also enables the orderly, efficient processing of transactions.Are your details abroad protected?
Data sent abroad is no longer protected by Swiss law and is subject to the respective foreign legal system. Foreign laws and regulations may require that this data be passed on to authorities or other third parties, for instance. This was the case in 2001 when the US Treasury required the release of data from the SWIFT computer centre in the US following the terrorist attacks on the World Trade Center in New York. The US Treasury assured the EU authorities that it would adhere to European data protection standards and agreed to the relevant controls.[Source: “Information der SBVg über die Bekanntgabe von Kundendaten im Zahlungsverkehr, bei ertschriftenund anderen Transaktionen im Zusammenhang mit SWIFT“, Schweizerische Bankiervereinigung (SBVg), June 2009]