Posted by The Society for Worldwide Interbank Financial Telecommunication (SWIFT) – a global provider of secure financial messaging platform in recent times had come under scrutiny due to some major incidents of cyber heists.
Post these incidents, industry experts had raised questions on SWIFT’s integrity in terms of its technology capabilities and cybersecurity preparedness.
Since then, SWIFT has implemented new technology tools and enhanced mechanism to strengthen itself on the cybersecurity front and regain the trust from the industry.
In this interview, Kiran Shetty, CEO and Regional Head – India & South Asia, SWIFT talks to Pankaj Maru of TechHerald.in about SWIFT’s security programme and compliance portfolio and its technology led future-proof industry initiatives, opportunities in India and much more.
Edited excerpts…
Q1. SWIFT is a reputed body in the finance and banking industry. However, post the Bangladesh bank cyber heist in 2016, there were questions raised on SWIFT’s credibility mainly from technology and cybersecurity perspective. So how SWIFT has evolved to regain and reassure trust of the world banking community and its preparedness to deal with new age frauds and cybercrimes?
Kiran Shetty: Security is always at the core at SWIFT and is part of our DNA. In recent years, persistent and sophisticated malicious actors have targeted the financial industry and its institutions. Although the SWIFT network and its core applications have never been compromised, SWIFT designed the Customer Security Programme (CSP) in 2016 in response to the evolving cyber threat facing the banking community. The programme is designed to raise awareness around cyber security and empower our customers in their response. The programme primarily comprises of three pillars
- Secure and protect: Tools to protect your (bank’s) operating environment
- Prevent and detect: Services to secure transactions with their counterparts &
- Share and prepare: Sharing timely cyber intelligence to the community.
In the three years the CSP has been in effect, SWIFT has published multiple bulletins, providing valuable insights into how cyber prevention and detection measures should evolve.
Q2. There’s been a constant rise in the use of latest technologies and new techniques in committing cybercrimes and new age frauds. So how SWIFT is addressing this growing menace and driving transformation? What sort of steps have been taken to enhance the security of payment protocols in the banking industry?
Kiran Shetty: As part of our financial crime compliance portfolio, we have introduced a zero-footprint, in-network payment screening utility. The Payments Control Service (PCS) enables customers to screen payment instructions safely, before transmission to counterparties, to detect any illicit or unusual message flows. Using this tool, users can define their own monitoring policy, controlling their parameters to enable timely detection and prevention of out-of-policy or uncharacteristic, and therefore potentially high-risk, transfer requests.
PCS offers an extra layer of security to institutions as it lies on SWIFT network and not on the banks’ local infrastructures. Banks can customise parameters like threshold limits, holiday calendar, working hours, whitelist/blacklist currencies and countries, suspicious account activity, etc. so that if any transaction outside of their set parameters is initiated, an alert is triggered.
Q3. With technology becoming the core backbone in the finance and banking sector today, how SWIFT is keeping itself abreast with latest innovation and new technology led tools and solutions?
Kiran Shetty: SWIFT is building a next-generation, world-leading digitally pervasive network that will future-proof the industry by easing the adoption and integration of new technologies as they emerge. We innovate and use technology for a real purpose: to improve solutions and resolve industry problems.
Take, for example, our global payments innovation (gpi). SWIFT gpi has transformed cross-border transactions by making payments faster, more transparent and fully traceable. SWIFT gpi has seen steady adoption by banks across Asia-Pacific, including China, Australia, Singapore and Thailand. Adoption of gpi by India’s top trade partners such as the US and UK is also strong. Today, we are working on extending the benefits of gpi to a wider range of corporates and markets.
We recently launched the full go-live of SWIFT gpi for corporates, a capability designed and built in conjunction with banks and corporates which enables multi-banked corporates to initiate and track payments across multiple banks directly from their treasury and payment systems. More than 50 of the world’s largest companies – including LVMH, Microsoft and Petronas – have already signed up to the service.
More significantly, in July 2019, SWIFT teamed up with 17 banks across APAC, Europe and North America to trial the integration of SWIFT gpi, into Singapore’s domestic instant payment service, FAST. The results saw cross-border payments between these continents settle within 25 seconds; with the fastest from Australia to Singapore in just 13 seconds. The trial’s success confirms the scalability of SWIFT gpi instant towards a pan-ASEAN cross-border instant payments service essential for integration across the region. The trial is a nod to SWIFT’s vision of ensuring that cross-border payments become as seamless and convenient as domestic ones, and speaks to the global scalability of gpi for ubiquitous cross-border instant payments.
We are also collaborating with R3’s blockchain platform on a new gateway to interlink trade and e-commerce platforms with gpi. This gateway, gpi Link, will seamlessly connect multiple trade platforms to gpi members, enabling gpi payment initiation, end-to-end payment tracking, payer authentication and credit confirmation. It will also allow the continuous monitoring and control of payment flows as well as the subsequent movement of goods by those trade platforms.
Q4. As SWIFT’s India and Sub-continent region head, in your view, how is the region evolving in terms of banking, finance and payment ecosystem, particularly in India, where there’s a growing number of startups and fintech companies? Does SWIFT has any region specific initiatives or focus areas?
Kiran Shetty: India has evolved and is leading the globe in the retail payment innovation. NPCI does 5.6 billion retail financial transactions in a year. IMPS is the second largest real time payments solution in the world while UPI had a volume of 2.3 billion in FY 2019.
However, a lot still needs to be done on the wholesale side to bring it up to speed with the world. Even today, most trade processes are paper-based and vulnerable to process inefficiencies and fraud. According to World Bank Data, India stands at 26.5x and 5x against 9.6x and 2.7x of OECD (High Income) in terms of Time (Hours) and Cost (USD).
Today, India is ranked 77th in the world for ease of doing business and the government wants to come in the top 50.
At SWIFT India, the first and only joint venture of SWIFT in the world, along with 11 top banks in India, we support the government’s vision to improve India’s position on the ease of doing business index. We have launched various initiatives to eliminate paper from trade. With digitisation of trade processes, efficiencies will be enhanced and fraud will be mitigated.
Additionally, SWIFT is also moving towards offering our network as a platform for transacting, but also innovating, experimenting and co-creating where SWIFT, as well as third parties providers, will be able to offer products and services to the community. In Australia, SWIFT and NPP Australia have launched an API sandbox for fintechs to test and innovate on Australia’s real-time payments systems before launching their overlay services.
Similarly, we opened SWIFT gpi to fintechs for collaborative innovation through the SWIFT gpi industry challenge. The challenge was an opportunity for fintechs to work together with SWIFT and gpi banks to define how they could build innovative overlay services on top of the SWIFT gpi platform. We see similar opportunities in India where our network can provide a multi-sided function serving existing customers and a wider set of market participants.
Q5. Lastly, there’s lot of talk around blockchain technology with some pilots and use cases in banks and insurance firms. However there hasn’t been a major blockchain technology led initiative that has been adopted by the banking industry. So what are your thoughts or comments on this.
Kiran Shetty: According to the NASSCOM Avasant India Blockchain report 2019, while global VC investments on DLT startups has reached $ 5.6 billion to date, India has been able to attract only a small fraction (0.2%) of those investments. India accounts for only about 2% of all DLT startups worldwide.
Of all the DLT projects, 70% are in the Proof-of-Concept (PoC) stage, 24% are in the pilot stage while 6% are in the production stage.
SWIFT is technology agnostic and our view is that technology should be an enabler and not the driver of our future or roadmap. APIs typically afford easy connectivity and interchange so we are incorporating them. DLT is a technology that is promising but requires further testing before adoption at an industrial scale becomes a possibility. We are actively looking at what the technology has to offer and how it could solve industry problems. That includes our current PoC with R3 on gpi Link for trade, our landmark PoC on nostro reconciliation to improve liquidity in cross-border payments, or the current PoC we are running in Singapore with SGX and major banks to improve proxy e-voting.