Swift cooperative oversight group operational risks high-level expectations (HLE)

Swift is a financial messaging services provider that is subject to central bank oversight because of its crucial global role in facilitating correspondent banking and financial market infrastructure operations. The article describes the set-up and focus areas of the international cooperative oversight arrangement for this central bank oversight and announces a planned update to this arrangement.

The Society for Worldwide Interbank Financial Telecommunication (Swift) is a limited-liability cooperative company that provides messaging services to financial institutions and market infrastructures across the globe. Swift serves different types of customers, which vary in terms of their size and activity, including banks, brokers, investment managers, fund administrators, custodians, corporates and Treasury counterparties. Swift is registered in Belgium, with its headquarters in La Hulpe.

Through its financial messaging services, Swift plays a crucial role in facilitating correspondent banking and financial market infrastructure operations. This fundamental role in the global financial sector creates significant systemic dependency on Swift. Hence, the G10 established a cooperative oversight framework to monitor Swift’s activities with the aim of safeguarding financial stability.

International cooperative arrangement

In 1997, the G10 central banks1 formalised the Swift oversight arrangement for the purpose of monitoring the adequate and safe functioning of this critical service provider. In addition to the participating G10 countries, the Bank for International Settlements and the European Central Bank are represented in the international working groups. As Swift is headquartered in Belgium, the NBB acts as lead overseer and chairs the international oversight meetings.

The G10 central banks are represented in four working groups: the Technical Group (TG), which conducts technical fieldwork; the Cooperative Oversight Group (OG), the decision-making body which sets oversight strategy; the Executive Group (EG), which serves as the interface for overseers to communicate conclusions and recommendations to Swift’s board and executive management; and the Oversight Forum (SOF), which brings together a wider group of central banks to discuss oversight activities and relevant changes at Swift.

Given the systemic nature of Swift, a larger group of G20 countries are directly involved in oversight. These G20 central banks are represented in the SOF. Membership corresponds to their share of total Swift traffic volume and the CPMI membership composition. The SOF deals with Swift oversight conclusions, planning and priorities, the Customer Security Programme, and other specific topics.

In its capacity as Swift’s lead overseer, the Bank has a dedicated team which conducts daily monitoring and follow-up of Swift’s activities and projects. As formulated in the Swift Oversight Protocol, the NBB serves as the entry point for channelling information to the other overseers and, as chair, coordinates the various working groups, reports to other overseers and prepares discussion items.

The figure below provides an overview of the working groups involved in the oversight of Swift.

05 BFWD 2024 8 Fig 1 Boeckx

Changes to the Swift Oversight arrangement

The Oversight Group (OG) is currently revising the oversight framework set out above. The current framework is based on a memorandum of understanding (MoU) concluded between Swift and the National Bank of Belgium (NBB), as well as additional MoUs concluded by the NBB with each G10 central bank directly involved in the oversight of Swift, including the European Central Bank. As mentioned above, the NBB has been designated the lead overseer of Swift.

The current oversight framework focuses primarily on various operational risks. Overseers have translated these operational risks into five High-Level Expectations (HLEs). Two s HLEs focus on risk management (HLE 1, Risk Identification and Management, and HLE 5, Communication with Users) while three HLEs deal with the specific types of risks to be managed (HLE 2, Information Security; HLE 3, Reliability and Resilience; HLE 4 Technology Planning).

The use of HLEs provides Swift and its overseers with a common language and a framework within which discussions can be held and overseers can organise their activities. However, oversight discussions are not necessarily limited to topics included in the HLEs, as the oversight framework is broader and can encompass other specific topics for review and discussion with Swift’s management and internal audit service.

The last major review of the oversight arrangement dates from 2005. Since then, the regulatory expectations of banking and financial market infrastructure overseers have evolved. For example, new capital requirements for the banking sector were introduced, while the CPMI-IOSCO Guidance on cyber resilience, the Eurosystem’s Cyber resilience oversight expectations for financial market infrastructures and Regulation (EU) 2022/2554 on digital operational resilience (DORA) have resulted in changes to expectations with regard to operational risks.

Although these regulations and guidance are not directly applicable to Swift as it is neither a bank nor a financial market infrastructure, Swift’s overseers are of the view that several of these expectations should be codified so as to function as a legal backstop and ensure a level playing field for oversight and supervision of the financial sector. The proposed review of the oversight framework focuses on the importance of Swift as a critical provider of messaging services to the financial sector and recommends aligning the expectations of overseers with customary expectations in the broader financial sector, such as the CPMI-IOSCO Principles for financial market infrastructures (PFMI), whilst taking into account the specific nature of Swift.

The intention of overseers is not to change the content or objectives of the current oversight framework fundamentally, but rather to codify particular aspects of this framework so that it can serve as a legal backstop.

The current organisation of and approach to Swift oversight will be maintained, including the two-tier structure with a technical (TG) and senior-level (OG) oversight body. The revised approach will also seek to maintain collaborative, consensus-building interaction amongst overseers at both the technical and senior levels.

As Swift is a cooperative company under Belgian law, a legislative proposal to be brought before the federal Parliament will be developed, after a consensus is reached on its content within the Oversight Group.

1 The G10 central banks involved in Swift oversight are the Bank of Canada, the Deutsche Bundesbank, the European Central Bank, the Banque de France, the Banca d’Italia, the Bank of Japan, De Nederlandsche Bank, Sveriges Riksbank, the Swiss National Bank, the Bank of England and the Federal Reserve System, represented by the Federal Reserve Bank of New York and the Board of Governors of the Federal Reserve System.

Authors

05 BFWD 2024 8 Foto Nikolai Boeckx

Nikolaï Boeckx

Head of Swift Oversight National Bank of Belgium