The world is a noisy place, with fat tail events seemingly lurking around every corner. Every day the media bombards investors with the next theory of the financial apocalypse or speculative windfall. Scanning the press and online, little mention is made of the Achilles heel of the global financial system. Taper tantrum to Brexit, from European solvency ratios to presidential elections. Nothing has been written of the elephant in the room, still roaming free.
The elephant in the room I am talking about is SWIFT.
So what is SWIFT?
SWIFT was founded in the 1970s, based on the ambitious and innovative vision of creating a global financial messaging service, and a common language for international financial messaging.SWIFT stands for the Society for Worldwide Interbank Financial Telecommunications. It is a messaging network that financial institutions use to securely transmit information and instructions through a standardised system of codes.
As powerful as SWIFT is, be mindful that it is only a messaging system—SWIFT does not hold any funds or securities, nor does it manage client accounts.
Who Uses SWIFT? (courtesy of Investopedia)
The robustness of the message format design allowed huge scalability through which SWIFT gradually expanded to provide services to the following:
• Brokerage Institutes and Trading Houses
• Securities Dealers
• Asset Management Companies
• Clearing Houses
• Corporate Business Houses
• Treasury Market Participants and Service Providers
• Foreign Exchange and Money Brokers
As can be seen from above, SWIFT is integral to the global financial system. It is the channel for the majority of global financial transactions and vital for the smooth, efficient running of international investments, trading and payments. Are global institutions to reliant on one system? What would happen if the system was hacked?
Firstly the system has already been hacked. From 2016 Bangladesh Bank heist to the Ukranian bank heist of the same year. SWIFT statement in June 2016 indicates the threat is real, adapting and here to stay:
“Customers’ environments have been compromised, and subsequent attempts (were) made to send fraudulent payment instructions,” according to a copy of the letter reviewed by Reuters. “The threat is persistent, adaptive and sophisticated – and it is here to stay.”
SWIFT June 2016
SWIFT indicates that “All the victims shared one thing in common: Weaknesses in local security that attackers exploited to compromise local networks and send fraudulent messages requesting money transfers, according to the letter.”
The increased sophistication of malware and hackers has shone a light on a potential Achilles heel of the whole global financial system. While individuals may not have the resources able to bring the system to its knees. Governments and different terrorist organisations, on the other hand, have the expertise and resources.
With the right tools, the system could at worst be completely shut down. At best they could sow the seeds of doubt and distrust to grind global transactions and economy to a halt gradually. It is important to note that SWIFT is the heart of the global financial system with its financial messaging system. This global dependence has also lead to it being utilised as a vital weapon in economic warfare on the world stage. Several countries have used SWIFT as a weapon in their armoury. The USA used SWIFT against Iran, first for tracking transactions and then later as an essential tool for imposing sanctions when the US removed Iran banks’ access to the SWIFT system.This method has also been used to track and disrupt terrorist organisations and sponsors financing.
Recent similar threats to disable SWIFT access to Russian banks have been made by the UK and US. Considering the current situation in Syria, this could be a real red flag to raise security standards and protocols. There is now an overwhelming motivation, by many different groups/nations to identify vulnerabilities in the SWIFT system. This could be either be in the network, online portals or further down the food chain at the system access point. There is still no requirement for financial institutions to notify SWIFT or other organisations when a security compromise has occurred. This perhaps means that what has been reported in the media may only be the tip of the iceberg.
Given the interlinked nature of the SWIFT system to the global financial system and its potential role in economic warfare, or tool for terrorists. It is vital for SWIFT, banks, governments and regulators to collaborate, innovate and ensure that the system and access points are secure and adapt to these ever-changing threats and hacking innovations.