Reducing Risks in Financial Transactions with SWIFT Sanctions Screening

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) offers a messaging service which allows financial institutions around the world to send and receive information and instructions about financial transactions securely.

Over the years, financial institutions have faced threats to security. In 2016, for instance, the Central Bank of Bangladesh was robbed of $81 million after cybercriminals gained access to its SWIFT terminal.

To counter possible further security breach, SWIFT has developed several programs or services that aim to ensure the security and compliance of the global banking system. Among these is the SWIFT Sanctions Screening service.

How SWIFT Sanctions Screening works

SWIFT Sanctions Screening is a service that screens both incoming and outgoing transaction messages. It alerts the financial institution real-time if any of the messages match with the latest sanctions list.

This service ensures that all high-risk or suspicious customers, accounts, and transactions are flagged so that the financial institution can act on it immediately.

SWIFT maintains a list of around 30 sanctions from all major regulatory bodies to ensure that the screening process is compliant with the latest requirements. The financial institution can either select which lists they want to screen their messages against or add custom lists to the service.

Recently, SWIFT also expanded the message types that can be screened through their service. They added the categories 3, 5, 6, and 9, which cover:

• Treasury Markets - Foreign Exchange
• Money Markets and Deriv­atives
• Securities Markets
• Treasury Markets - Metals
• Cash Management and Customer Status.

How to manage Sanctions Screening

When financial institutions subscribe to the Sanctions Screening services, SWIFT recommends they take these three steps to manage and implement the service effectively:

• The financial institution should plan and identify the format, business flows, and public sanction lists that they want to screen against, as well as the individuals who will oversee the process.

• Upon planning and identifying the said items, the institution must configure the end-users, assign them their roles, and give them the necessary access privileges. The incident workflow to follow and the message types that should be screened should also be defined at this point.

• Also, the financial institution must select sanctions lists from over 30 lists supported by SWIFT. The sanctions lists may also include private listswhich must be relevant and carefully checked by the institution beforehand.
• Lastly, users should review alerts and archive the reports after taking the previous steps. The financial institution should also notify SWIFT regarding the “go live” and enable the actual screening of messages.

When receiving an alert that a message matches with the sanctions list, the sanctions list isable to review the messagedetails and identify whether it should be blocked or reported

SWIFT’s Sanctions Screening is being used by over 700 banks around the world to reduce risk. However, this service is still best used in conjunction with other solutions, tools, and with strict compliance to regulations.