(taken from Prof. Jayanth R Varma’s Financial Markets Blog)
SWIFT (Society for Worldwide Interbank Financial Telecommunication) is nearly half a century old and was originally built to replace the antiquated telex machine. Telecommunication technology has changed drastically since then and it is unlikely that banks would want to build a bespoke telecommunication network if they were designing the system from scratch today. Cryptographic tools like SSL/TLS/HTTPS allow secure communications over ordinary telecommunication links. Of course, SWIFT is not just a telecommunication company: it also pioneered the standardisation of financial messaging formats like the famous MT 105. However, over time, this role too has gradually been taken over by the global standard setting bodies (for example, ISO 20022).
All this means that if SWIFT did not already exist, nobody would bother to create it today. But SWIFT does in fact exist, and until recently, there was no serious reason not to just let it be. If SWIFT were delivering security and piece of mind, why would anyone disturb it? The problem is that in recent months, the Bangladesh Bank SWIFT hacking and other breaches of SWIFT security in Ecuador, Vietnam and India have shattered the illusion that SWIFT provides unquestionable security. Suddenly, SWIFT is being viewed as a source of risk – a single point of failure. For example, last month, the Bank of England put out a Consultation Paper about the design of the next generation of the large value payment system — the UK RTGS. Two of the proposals are:
“[I]ntroduce additional functionality to mitigate the impact of an outage in the core SWIFT infrastructure, should it ever occur … to remove the current single point of failure.”
Use ISO 20022 messaging standards in the new RTGS infrastructure instead of the current SWIFT MT messaging standards. This is designed to increase interoperability, eliminate single points of failure, and enable richer payment data.
Then there is the blockchain, which has helped popularize the hitherto esoteric notion that critical systems must be designed for Byzantine fault tolerance. In other words, the system must function correctly even if a few participants are completely evil (and not just selfish). In a world where even the largest banks could get hacked by rogue nation states or terrorist organizations, it is reasonable to assume that at any point of time, some participants in the global financial network are evil. Even if the blockchain turns out to be a passing fad, the need for Byzantine fault tolerance is not going away anytime soon.
Where does all this leave SWIFT? It is by no means self evident that its half-centenary coming up in a few years’ time will be an occasion for much celebration.
