by Emmanuelle Fischer, Head of Cash Management Marketing & Product, Societe Generale
Corporate-to-bank connectivity has experienced substantial change in recent years, not least with the introduction of SWIFT Corporate Access, the development of highly sophisticated web-based banking solutions, and changes in countries such as France with the retirement of ETEBAC 5. In many respects, these changes have either resulted in, or been a catalyst for more convenient, secure and standardised connectivity solutions that can be integrated with corporates’ internal systems more easily than legacy communication tools. Until 2010, however, one vital element that was absent from these innovations was a single personal digital signatory tool that would enable corporate users to ‘sign’ transactions with multiple banks.
Demand for personal digital signatures
Corporations in France had been accustomed to adding personal digital signatures to payment files as it was a feature of ETEBAC 5. Corporate users digitally signed payment files before transmission, and the identity of the signatory was then validated by the bank on receipt of the file. Since ETEBAC 5 has been retired, it has been replaced by EBICS TS or, particularly amongst larger and/or multi-banked corporates, by SWIFT for Corporates. Inevitably, neither corporates nor their banks have been willing to compromise their security procedures by omitting digital signatures from their payment processes. Consequently, it was essential that a solution was found to replace the functionality previously provided by ETEBAC 5. Furthermore, as corporates in other countries enhanced their bank communication, digital signatures became a more compelling requirement globally.
The ownership dilemma
Despite the strong business case for a digital signature solution, all market participants recognised that proprietary developments undertaken by individual banks would be contrary to the widely held objective to promote standardisation in corporate-to-bank communications. The solution to this dilemma emerged in 2010 with the launch of 3SKey by SWIFT. 3SKey is a personal digital identity solution developed by SWIFT in co-operation with key players across the banking and corporate community. Although developed by SWIFT, 3SKey signatory devices can be used to digitally sign transactions both through the SWIFT network and through proprietary networks or web-based solutions, for which it offers a valuable, robust authentication mechanism. Corporate users can therefore access their banking platforms and sign financial files sent to different banks with a single device, as opposed to requiring separate security tokens and diverse signature processes.
Pioneering 3SKey
Societe Generale has been a pioneer of 3SKey adoption, not only in France where the initial demand for personal digital signatures on financial transactions originated, but globally. We recognised that our corporate customers needed to implement secure, auditable and consistent signatory processes for transactions wherever in the world they were located, and irrespective of whether they banked with one bank or multiple banks. Furthermore, whilst most adopters of 3SKey so far have used the devices for transactions exchanged via SWIFT, users of our host-to-host and web-based channels are also able to use 3SKey.
As awareness of 3SKey grows globally, we anticipate that adoption will continue to increase strongly. 3SKey is already accepted in 65 countries, with relevance to all corporate users, irrespective of their choice of bank communication channel. For multi-banked corporates, and those transmitting payment instructions from more than one location globally, 3SKey offers particular benefit in that payment processes and security mechanisms can be harmonised. Furthermore, it is highly cost-effective compared with equivalent solutions. The logistics for obtaining 3SKey devices will become more straightforward when SWIFT launches its web store, which is anticipated for end 2013. This will enable users to obtain 3SKey devices directly from SWIFT, as opposed to this process being managed by the banks.
Promoting global adoption
One outstanding challenge is that although banks such as Societe Generale have embraced 3SKey enthusiastically, and enabled users of all of our channels to make use of it, not all banks have yet prioritised its adoption. This can sometimes be a hindrance to those treasurers and finance managers who are seeking to implement harmonised processes and controls. Corporates can influence this by putting pressure on their banks to support 3SKey in all the countries in which they require consistent payment processes. Companies of all sizes and levels of complexity are seeking to reduce operational risk and streamline processes, and introducing 3SKey can be a valuable means of doing so.[[[PAGE]]]
At Societe Generale, therefore, we are proactive in proposing 3SKey to our customers, across all connectivity channels and throughout our entire geographic footprint. Therefore, customers can use their 3SKey device to access our web-based solution Sogecash Web, and digitally sign transactions sent through our host-to-host Sogecash solutions such as SWIFT, FTP, SFTP, EBICS TS etc. This focus on supporting customers in enhancing their payment process efficiency and control has led to Societe Generale becoming one of the top three banks for 3SKey globally.
The potential for 3SKey
Looking ahead, we anticipate that 3SKey will become the standard for global digital signatures, not only for payments, but there is also significant potential to expand its scope to access Societe Generale portals other than cash management. While some banks continue to promote proprietary digital signatory solutions, these are often inconsistent with corporates’ and many banks’ objectives to achieve harmonised, consistent payment processes and security standards.