Page 1 Agenda 1. Who is SWIFT Key Security features of SWIFT financial messaging and what it means for auditing an institution’ institution’s SWIFT operations 2. Connecting to SWIFT: access models, interfaces and resiliency Daniel De Weyer SWIFT Senior Relationship Manager ISACA Hong Kong 13 November 2007 5. Summary elements in the scope of a SWIFT operations audit 3. Security environment 4. The FIN service: message security and monitoring ISACA 2007 Slide 1 Slide 2 SWIFTNet - Single window access to the financial world Who is SWIFT? Market infrastructures A co-operative organisation serving the financial services industry Single window access to MIs A provider of highly secure financial messaging services ‘Serving you to serve your customer’ The financial standardisation body ISACA 2007 Slide 3 Enabling the community SWIFTSolutions BANKCCLL Extended client reach ISACA 2007 www.swift.com SWIFTNet FIN Harnessing business process modelling Standards, platform, community Slide 4 © S.W.I.F.T. SCRL 2002 Page 2 Multi Vendor architecture overview Agenda 1. Who is SWIFT Customer premises 2. Connecting to SWIFT: access models, interfaces and resiliency Local loops Access networks Network Partner 1 VPN box 3. Security environment Customer A 4. The FIN service: message security and monitoring Backbone VPN box Network Partner 2 M-CPE SIPN Backbone Network OPCs VPN box 5. Summary elements in the scope of a SWIFT operations audit Modem (TA) POP Dial-up Network Partner 3 Backbone Access Points Customer B ISACA 2007 ISACA 2007 Slide 5 Direct Connectivity COST MVMV-SIPN the coco-existence of network partners Slide 6 Dual-P Multi-Line (Single-P’s) Dual-I Orange Business Services (ex Equant) Dual-I DSL Dual-I ISP (Dial-up) F UN C T I O N A L I T Y ISACA 2007 ISACA 2007 Slide 7 www.swift.com Slide 8 © S.W.I.F.T. SCRL 2002 Page 3 SWIFTAlliance Gateway Ex:Highly Ex:Highly resilient config. config. SWIFT Platform Overview Messaging Layer Application & Desktop Layer MT- MX Communication Layer Network Layer & SWIFTNet Services Site 1 Site 2 FIN Interface SAM Browser SWIFTAlliance Gateway MT-MX MT-MX MT-MX-FpML MT MQ VPN box MT-MX MT-MX FpML FpML Automation SA-Workstation CLS gateway SAB FIN Interface CLS gateway SAB SWIFTAlliance Access / Entry App WebServer Financial Application Legend: Primary route(s) Secondary route Cold-Backup route RA RA RA MQ RA RA RA SWIFTNet RMA SAG 1 SAG 2 Browse, FileAct, InterAct & SAG admin. SA-Webstation SAG Financial application Service specific interface E-mail client ISACA 2007 DMZ SWIFTNet Mail E-mail server Dual-P ISACA 2007 DMZ Dual-P Slide 9 Slide 10 SWIFTAlliance Access / Workstation Integration into SWIFTAlliance Gateway SNL SNL API SWIFTAlliance Gateway RAHA WSHA RAHA MQHA SNL API SAG API IBM MQ API FTA FTI InterAct & FileAct TDA SOAP over HTTPs FTI command line User Application Application Application Application Application Application New 6.0 IBM MQ API InterAct & FileAct FileAct managed by SAG Application ISACA 2007 SWIFTNet unaware www.swift.com ISACA 2007 Slide 11 Slide 12 © S.W.I.F.T. SCRL 2002 Page 4 SWIFTAlliance WebStation Integration into SWIFTAlliance Access Browser-based SWIFTNet Interface – includes SNL running in browser SWIFTAlliance Access – includes SWIFTNet administrative GUIs ADK APIs CAS AFT ADK APIs Focus on person-to-application communications Only client role (cannot be called by a Requestor) MQSA User Application CASmf Self-made CAS text CASmf APIs User Application User Application IBM MQ APIs User Application request User Application InterAct FileAct client ISACA 2007 reply server ISACA 2007 Slide 13 SWIFTAlliance WebStation Slide 14 SWIFTAlliance WebStation Two ways to install SWIFTAlliance WebStation : – (1) Directly connected to the network – (2) Connected to the network via SWIFTAlliance Gateway. Supports two types of solutions – Browsing solution – Service specific workstation : additional software must be installed locally for GUI functionality (1) SIPN SAG SNL https request client InterAct FileAct (2) reply server ISACA 2007 ISACA 2007 Slide 15 www.swift.com Slide 16 © S.W.I.F.T. SCRL 2002 Page 5 SWIFTAlliance Messenger Functional Overview SWIFTAlliance WebStation GUI Browser based message entry facility for both “MX” and “MT” messages Verification [MT], and authorisation of messages in line with the SAA 4-eyes principle configuration Querying recent and archived messages Validates the input messages before submitting them, and assists the user in correcting errors On line help facility Message printing facility Offers functionality to create and share re-usable templates Can be customized to corporate look and feel PKI Management Managing SAG File Transfer Browser ISACA 2007 ISACA 2007 Slide 17 SWIFTAlliance Messenger Welcome screen Slide 18 Agenda 1. Who is SWIFT 2. Connecting to SWIFT: access models, interfaces and resiliency 3. Security environment 4. The FIN service: message security and monitoring 5. Summary elements in the scope of a SWIFT operations audit ISACA 2007 ISACA 2007 Slide 19 www.swift.com Slide 20 © S.W.I.F.T. SCRL 2002 Page 6 SWIFTNet messaging services SWIFTNet FIN BKE process flow – Messages with MT standards and rules – Store-and-forward – Feature-rich SCR Dialogues with SWIFT Interface Initiator MT964 BKE error message Process BK Generate request SWIFTNet InterAct Responder MT960 BKE initiation SCR Dialogues with SWIFT Interface Checks NOK Checks OK MT961 BKE initiation Resp. – Messages and query-and-response – MX standards (XML-based) and rules – Store-and-forward and real-time Checks NOK MT962 Key Service Message MT962 Process BK Generate Response SWIFTNet FileAct SWIFTNet Browse – File transfer for data intensive applications – Standards and rules – Store-and-forward and real-time Initiator verifies MAC, if OK: update BK file Process BK Receipt-Response MT963 BKE Key Ack MT963 MT965 BKE Key error message Checks at Initiator’s SCR: - validates responder’s CV, - determines the value of its public key - creates a new Bilateral key (by using responder’s public key - Signs the result using initiator’s Secret key – Secure browsing – Complements InterAct, FileAct, and FIN ISACA 2007 Process BK Receipt-Request Checks at responder’s SCR: - determine value of new key, - verify signature of initiator’s enciphered key (via public key of initiator) -Decipher enciphered key (via public key of initiator) - new (enciphered) bilateral key is returned to interface and stored on disk ISACA 2007 Slide 21 BKE compared to RMA Slide 22 New relationship management in 2008 BKE RMA Bilateral Unilateral Renewal Permanent Manual key possible No manual key possible FIN InterAct store-and-forward BIC4/6/8 BIC8 only No granularity Granularity BKE for T&T RMA optional for T&T Previous/Current/Future Current only Pre-agreements No pre-agreements Weekly distribution Daily/Real-time distribution CUST A CUST B CBT CBT HSM HSM FIN access control security PKI FIN user-to-user security PKI Relationship management BKE ISACA 2007 Slide 23 www.swift.com RMA ISACA 2007 Slide 24 © S.W.I.F.T. SCRL 2002 Page 7 Relationship Management Application (RMA) Agenda 1. Who is SWIFT Managing correspondents in a many-to-many world – RMA as mechanism to control WHO can send you traffic 2. Connecting to SWIFT: access models, interfaces and resiliency Managing the correspondent’s business – RMA as mechanism to control WHAT a correspondent can send to you 3. Security environment 4. The FIN service: message security and monitoring 5. Summary elements in the scope of a SWIFT operations audit Objective: preventing unwanted traffic ISACA 2007 ISACA 2007 Slide 25 Categories of messages Types of messages • User to user messages • System messages • Service messages ISACA 2007 0 System messages 1 Customer transfers & cheques 2 Financial institutions transfers 3 Foreign exchange, money markets & derivatives 4 Collections & cash letters 5 Securities markets 6 Precious metals & syndications 7 Documentary credits & guarantees 8 Travellers cheques 9 Cash management & customer status ISACA 2007 Slide 27 www.swift.com Slide 26 Slide 28 © S.W.I.F.T. SCRL 2002 Page 8 Flow & acknowledgements Common group message types n90 Advice of charges, Interest and other adjustments n91 Request for payment of charges, Interest or other expenses Input Output n92 Request for cancellation n95 Queries ACK/NAK n96 Answers n98 Proprietary message UAK/UNK Receive r Sende r n99 Free format ISACA 2007 ISACA 2007 Slide 29 Structure Order Form Please pay .... to ... from ... on ..... at ... for ... ... ISACA 2007 --------------------Instance Type and Transmission-----------------Notification (Transmission) of Original sent to SWIFT (ACK) Network Delivery Status :Network Ack Priority/Delivery :Normal Message Input Reference : 1705 021115KWHKHKHHAXXX0135007653 ------------------------------Message Header-----------------------Swift Input : FIN 103 Single Customer Credit Transfer Sender : KWHKHKHHXXX Citic Ka Wah Bank Hong Kong Receiver : BNPAFRPPXXX BNP-PARIBAS SA (FORMELY BANQUE NATIONALE DE PARIS S.A.) Paris, France MUR : MC12 ------------------------------Message Text-------------------------20:Sender's Reference PAY/09 23B:Bank Operation Code CRED 32A:Value Date, Currency and Interbank Settled Amount Date :18 November 2002 Currency : EUR (EURO) Amount : #65000,# 50K:Ordering Customer /123001043212 MR LEE 10 QUEENSWAY HK-HONG KONG 57A:Account with Institution - BIC BNPAFRPPCAN BNP-PARIBAS SA (FORMELY BANQUE NATIONALE DE PARIS S.A.) CANNES FR 59:Beneficiary Customer /12345543210100001M02211 MR DUPONT 6 RUE LAFAYETTE FR-CANNES 70:Remittance Information /INV/52 71A:Details of Charges SHA ------------------------------Message Trailer---------------------{MAC:098446CF} {CHK:45946964876B} Slide 31 www.swift.com Slide 30 Structure What does a SWIFT message look like ? Screen SWIFT Network Printout ISACA 2007 Slide 32 © S.W.I.F.T. SCRL 2002 Page 9 An example of the header of a payment message : An example of the header of a payment message : MT 103 MT 103 ISACA 2007 ISACA 2007 Slide 33 Slide 34 An example of the header of a payment message : An example of the header of a payment message : MT 103 MT 103 ISACA 2007 ISACA 2007 Slide 35 www.swift.com Slide 36 © S.W.I.F.T. SCRL 2002 Page 10 An example of the header of a payment message : An example of the header of a payment message : MT 103 MT 103 ISACA 2007 ISACA 2007 Slide 37 An example of the header of a payment message : MT 103 Delivery monitoring options MT 103/ MT 541 U3 MT 103 U3 ACK MT010 Slide 38 UAK MT011 KWHKHKHH 10 AM 10.15 ISACA 2007 15.00 BNPAFRPP 3 AM 03.15 08.00 ISACA 2007 Slide 39 www.swift.com Slide 40 © S.W.I.F.T. SCRL 2002 Page 11 An example of the header of a payment message : An example of the header of a payment message : MT 103 MT 103 ISACA 2007 ISACA 2007 Slide 41 An example of the text of a payment message : MT 103 Slide 42 Format MT 103 Single Customer Credit Transfer M/O Tag Field Name Content/ Options M - - -> O --M - - -> O --O M 20 Sender’s Reference 16x 13C Time Indication /8c/4!n1!x4!n O O M ISACA 2007 Bank Operation Code 4!c Instruction Code 4!c[/30x] 26T 32A Transaction Type Code Value Date/Currency/Interbank Settled Amount Currency/Instructed Amount Exchange Rate Ordering Customer 3!a 6!n3!a15d 33B 36 50a 3!a15d 12d A or K ISACA 2007 Slide 43 www.swift.com 23B 23E Slide 44 © S.W.I.F.T. SCRL 2002 Page 12 Input message - SWIFT network block structure Input payments message - SWIFT network block structure 1. Basic Header Block Headers 2. Application Header Block 3. User Header Block Text 4. Text Block Trailers 5. Trailer Block ISACA 2007 ISACA 2007 Slide 45 ------------------------------Message Text-------------------------20:Sender's Reference PAY/09 23B:Bank Operation Code CRED 32A:Value Date,Currency and Interbank Settlement Amount Date : 18 November 2002 Currency : EUR (EURO) Amount : #65000,# 50K:Ordering Customer ------------------------------Message Header-----------------------/123001043212 Swift Input : FIN 103 Single Customer Credit Transfer Sender MR LEE: KWHKHKHHXXX 10 QUEENSWAY --------------------Instance Type and Transmission-----------------Citic Ka Wah Bank ------------------------------Message Trailer---------------------HK-HONG (Transmission) KONG Notification of Original sent to SWIFT (ACK) Hong Kong {MAC:098446CF} 57A:Account with Institution BIC Network Delivery Status :Network- Ack Receiver : BNPAFRPPXXX {CHK:45946964876B} BNPAFRPPCAN : Urgent/Non-Deliv Warning & Deliv Notif Priority/Delivery BNP-PARIBAS SA BNP-PARIBAS SA (FORMELY BANQUE NATIONALE PARIS S.A.) Message Input (FORMELY Reference: 1705NATIONALE 021115KWHKHKHHAXXX0135007653 BANQUE DE PARISDES.A.) CANNES FR Paris, France 59:Beneficiary Customer MUR: MC12 /12345543210100001M02211 MR DUPONT 6 RUE LAFAYETTE FR-CANNES 70:Remittance Information /INV/52 71A:Details of Charges SHA Example of printout ISACA 2007 Slide 46 ------------------------------Message Text-------------------------20:Sender's Reference PAY/09 23B:Bank Operation Code CRED 32A:Value Date,Currency and Interbank Settlement Amount Date : 18 November 2002 Currency : EUR (EURO) Amount : #65000,# 50K:Ordering Customer ------------------------------Message Header-----------------------/123001043212 Swift Input : FIN 103 Single Customer Credit Transfer Sender MR LEE: KWHKHKHHXXX 10 QUEENSWAY --------------------Instance Type and Transmission-----------------Citic Ka Wah Bank ------------------------------Message Trailer---------------------HK-HONG KONG Original received Hong from Kong SWIFT {MAC:098446CF} 57A:Account with Institution - BIC Priority :Urgent Receiver : BNPAFRPPXXX {CHK:45946964876B} BNPAFRPPCAN Message OutputBNP-PARIBAS Reference SA :0806 021115BNPAFRPPAXXX0987012098 BNP-PARIBAS SA Reference (FORMELY BANQUE NATIONALE PARIS S.A.) Correspondent Input :1705 (FORMELY BANQUE NATIONALE DE021115KWHKHKHHAXXX0135007653 PARISDES.A.) CANNES FR Paris, France 59:Beneficiary Customer MUR: MC12 /12345543210100001M02211 MR DUPONT 6 RUE LAFAYETTE FR-CANNES 70:Remittance Information /INV/52 71A:Details of Charges SHA Example of printout ISACA 2007 Slide 47 www.swift.com {1:F01KWHKHKHHAXXX0135007653} {2:I103BNPAFRPPXXXXU3003} {3:{108:MC12}} {4: :20:PAY09 :23B:CRED :32A:021118EUR65000, :50K:/123001043212 MR LEE 10 QUEENSWAY HK-HONG KONG :57A:BNPAFRPPCAN :59:/12345543210100001M02211 MR DUPONT 6 RUE LAFAYETTE FR-CANNES :70:/INV/52 :71A:SHA -} {5:{MAC:DB347698} {CHK:76543BA90123}} Slide 48 © S.W.I.F.T. SCRL 2002 Page 13 Message referencing • Sender’s Reference Message referencing Sender’s Reference (field 20) (16x) • MUR MUR : Message User Reference (16x) • MIR • MOR ISACA 2007 ISACA 2007 Slide 49 Message referencing Slide 50 Message referencing MIR : Message Input Reference MOR : Message Output Reference 041115 KWHKHKHHAXXX 0135 007653 041115 BNPAFRPPAXXX 0987 012098 Input date Sender’s address Session number ISN ISACA 2007 Receiver’s address Session number OSN ISACA 2007 Slide 51 www.swift.com Output date Slide 52 © S.W.I.F.T. SCRL 2002 Page 14 Summary elements of a SWIFT audit Agenda 1. Who is SWIFT Check SWIFT system configuration for links, back-up, contingency 2. Connecting to SWIFT: access models, interfaces and resiliency Reports on contingency and BCP tests Physical access procedures to SWIFT room 3. Security environment Release management 4. The FIN service: message security and monitoring Check operator permission lists with SWIFT Security Officers Match HR lists to operators in SWIFT interface BKE refresh procedures Check procedures for delivery monitoring 5. Summary elements in the scope of a SWIFT operations audit Archiving procedures MIS statistics of average number of messages IN/OUT, average value ISACA 2007 ISACA 2007 Slide Slide 54 Slide 53 SWIFT Education programmes SWIFT Audit Guidelines: a 2 day training programme for Auditors For training schedule see: www.swift.com Thank you ISACA 2007 ISACA2007 www.swift.com Slide 55 Slide 56 © S.W.I.F.T. SCRL 2002