1.1 Does SWIFT encrypt data on its network?

Yes, SWIFT applies state-of-the-art encryption to all data transmitted over its
network.
Some of SWIFT's services offer value-added processing features based on message
data (for example message validation in the SWIFTNet FIN service). Message data is
decrypted in SWIFT's central systems, thus allowing the value-added processing to
be performed. Message data is then re-encrypted before further transmission to the
beneficiary SWIFT customer.
As set forth in the SWIFT Data Retrieval Policy, 'message data' refers to the internal
content of the message or file transfer.
Please refer to the relevant Service Documentation for more information on
encryption and value-added processing.

1.2 Where are the SWIFT Operating Centres located?

Currently, SWIFT has operating centres (OPCs) in Europe and the US. Message data
is processed simultaneously at both locations to prevent data loss should an OPC be
incapacitated. The precise locations are kept confidential for security reasons.

1.3 Why does SWIFT mirror data in different OPCs?

Because its messaging infrastructure is critical to the smooth operation of the

financial markets worldwide, SWIFT is required to protect its network from disruption
and against the loss of data.
SWIFT, therefore, operates OPCs on different continents and, for those services that
offer archival, archives message data simultaneously in those OPCs.
SWIFT's ability to continue its operations despite the loss of an OPC is called
'resilience'. Resilience lies at the heart of SWIFT and is the cornerstone of its
customers' trust in its services.

1.4 Why is SWIFT changing its network architecture?

In June 2007, the SWIFT Board of Directors approved, in principle, enhancements to

its global messaging architecture. The new architecture will lead to a more
distributed data processing and storage model in the SWIFT network.
The planned changes will expand SWIFT's messaging capacity and reinforce network
resilience bringing considerable benefits to the SWIFT community as a whole. They
improve SWIFT's commercial positioning. They are in line with our overall goal of
reducing operational costs and prices. They will also allay data protection concerns
raised by various data protection authorities.
Final details of the investment plans were approved by the Board at its meeting in
September 2007.The re-architecture will allow for intra-European traffic to be
processed and stored only in Europe.

Countries in the European Economic Area (EEA), Switzerland and other territories
and dependencies considered to be part of the European Union or associated with EU
countries will be assigned to the European zone and must remain in the EU zone.
The United States and its territories will be assigned to the Trans-Atlantic zone and
must remain in the TA zone. All other countries will be allocated to either the TA or
the EU zone in line with operational and technical criteria such as load balancing.
Apart from the countries that have been assigned to a zone by default, such as the
US to the TA zone, or European Economic Area countries to the EU zone, all other
countries may request to change zones. The initial zone allocations were
communicated to the National Member Group and User Group chair people, who
could request to change zones by the end of April 2008. A zone change process for
future changes is being developed.
The final country to zone allocation list, as well as more detailed information on the
distributed architecture project, are available here.
2 Data protection related matters

2.1 How does SWIFT document its compliance with data protection laws?

SWIFT's compliance with data protection laws is documented in its customer

documentation. SWIFT has recently enhanced transparency of both its data
processing operations and its compliance with data protection laws in the following
documents:

• the SWIFT General Terms and Conditions set out SWIFT's confidentiality
obligations.
• the SWIFT Data Retrieval Policy sets out SWIFT's policy on the retrieval, use,
and disclosure of message and traffic data.
• the SWIFT Personal Data Protection Policy sets out the roles and
responsibilities of SWIFT and its customers with regard to the processing of
personal data.
• the SWIFT Safe Harbor Policy provides an adequate level of protection for
SWIFT's mirroring of data in its US OPC.
• other relevant Service Documentation provides more information on how the
different SWIFT messaging services work and on the security measures used
by SWIFT to protect data.

2.2 How long does SWIFT keep data?

SWIFT offers different financial messaging services, which include SWIFTNet

InterAct, SWIFTNet FileAct and SWIFTNet FIN.
Some services offer archival of messages, others do not. The archival periods, if any,
for the different services are set forth in the Service Documentation. For example, in
the SWIFTNet FIN service, customers can retrieve messages up to 124 days.
Conversely, SWIFT does not archive the files sent via its SWIFTNet FileAct service.

2.3 Does SWIFT have security policies?

Yes, SWIFT is known for having robust security policies, especially with regard to the
protection of message data.
The SWIFT Personal Data Protection Policy explains which security measures protect
message data, and how customers can verify SWIFT's compliance with these
measures.
For the SWIFTNet and SWIFTNet FIN messaging services, key security commitments
are summarised in the SWIFT Security Control Policy.
2.4 Does SWIFT audit these security measures?

Yes, an independent, external audit of the SWIFTNet and SWIFTNet FIN messaging
services is conducted annually. This audit is conducted in accordance with the
guidelines stated in the SAS 70 statement of auditing standards. The SAS 70 report
is made available to each customer upon written request and under appropriate
confidentiality arrangements.

2.5 How does SWIFT ensure adequate data protection in its US OPC?

In many countries (such as in the EEA countries), data protection laws prohibit the
transfer of personal data to countries that do not offer an "adequate level of data
protection", except under certain conditions. SWIFT has joined the Safe Harbor
framework to ensure an adequate level of data protection for data transfers to its US
OPC. SWIFT's Safe Harbor membership confirms that the personal data processed in
its US OPC are protected under similar data protection principles as in the EEA.
SWIFT's adherence to Safe Harbor can be verified on the US Department of
Commerce website.

2.6 What is Safe Harbor?

Safe Harbor is a framework that consists of seven data protection principles based on
the EU's data protection principles. It allows US organisations to conform to these
principles when importing personal data from the EU.
The framework was negotiated between the EU and US, and the European
Commission has confirmed that it provides for an undisputed adequate level of data
protection (by Decision of 26 July 2000). Safe Harbor membership is obtained by
registering with the US Department of Commerce.

2.7 What is relevant for SWIFT customers in the SWIFT Safe Harbor Policy?

SWIFT customers are hereby informed of the need, where required by their
applicable data protection laws, to take the following steps:

• NOTICE

SWIFT customers may be required to provide notice to their client individuals,

including as to (1) the purposes for which personal data are collected by
SWIFT customers when used as part of their use of the SWIFT messaging
services; (2) how to contact the SWIFT customer with any inquiries or
complaints; (3) the types of third parties to whom personal data are
disclosed; and (4) the choices and means that individuals are offered for
limiting use and disclosure of personal data.

• CHOICE

SWIFT customers may be required to allow their client individuals to choose

whether their personal data are to be disclosed to a third party (other than a
third party acting under the instructions of the customers), or to be used for a
purpose that is incompatible with that for which it was originally collected or
subsequently authorized.
• DATA INTEGRITY

SWIFT customers may be required to put in place procedures to ensure that

message data (which may contain personal data) are reliable for their
intended use, accurate, complete, and current.

• ACCESS

SWIFT customers may be required to provide individuals with access to their

personal data contained in message data under the following procedure:

o A query should first be directed to the SWIFT customer (typically the

individual's bank) that originally collected the individual's data. When
required by customers, SWIFT will provide them with the necessary
assistance in handling this query.
o When the individual is unable to contact the customer, or does not
obtain a response from the customer, SWIFT will provide the
necessary assistance in forwarding the individual's access request to
the customer.

SWIFT customers may also be required to allow client individuals to correct,

amend, and delete their personal data when they are inaccurate.

• DISPUTE RESOLUTION AND ENFORCEMENT

SWIFT customers are hereby informed of the SWIFT Safe Harbor dispute
resolution procedure, which operates as follows:

o the individual should first contact the SWIFT customer (typically the
individual's bank) that originally collected the data, and use the
customer's relevant dispute resolution mechanism (if available).
SWIFT will participate in this mechanism at the request of the
customer or the individual;
o If the individual is still dissatisfied, then the matter may be submitted
to the Judicial Arbitration and Mediation Services Inc. (JAMS), a
mediation provider, for mediation under the JAMS International
Mediation Rules (the 'Rules'), which are accessible on the JAMS web
site. Mediation may be commenced as provided for in the rules.
Mediation shall be conducted using electronic communications
mechanisms such as telephone, e-mail, and Internet. The mediator
may propose any appropriate remedy, such as publicity for findings of
non-compliance, the payment of compensation for losses incurred as a
result of non-compliance, or the cessation of processing of the
personal data of the individual who has brought the complaint. SWIFT
will assume the costs of administrative fees (as referred to in
paragraph 14 of the Rules) if the mediator makes a written
recommendation that finds SWIFT to be in breach of its duties under
Safe Harbor. However, SWIFT need not take any action which would
conflict with national security, public interest, or law enforcement
requirements applicable to SWIFT.
 o The mediator or the individual may also refer the matter to the US
Federal Trade Commission (FTC), which has legal jurisdiction over
SWIFT. The FTC may be contacted here.

What is SWIFTNet?

SWIFTNet is the latest version of SWIFT, which operates using Internet Protocols,
but still as a private network. It does not use the World Wide Web. It uses the same
high level of security based on Public Key Infrastructure that was used on the older
network, but now provides banks with a number of newer services, some of which
are browser-based. SWIFTNet started its rollout in the third-quarter of 2003 and all
banks using SWIFT converted across to the new system by the end of 2004.

SWIFTNet provides the banks with four services:

the exchange of real-time messages using XML standards (Inter ACT)

the exchange of bulk messages (e.g. non-urgent and low value payments) (File ACT)

a secure browser for accessing account information (Browse)

online payment initiation, payment tracking and status reporting (e-Payments plus)