SWIFT CEO reveals Customer Security Programme at Industry Conference


Brussels – SWIFT CEO Gottfried Leibbrandt delivered the keynote address at the 14th annual European Financial Services Conference in Brussels today. During the speech, Leibbrandt announced SWIFT’s five-part Customer Security Programme to reinforce the security of our shared, global financial system.

The five part-plan, includes initiatives to:

  • Improve information sharing among the global financial community;
  • Harden security requirements for customer-managed software to better protect their local environments, enhance our guidelines and develop security audit frameworks for customers;
  • Support banks’ increased use of payment pattern controls to identify suspicious behavior; and
  • Introduce certification requirements for third party providers.

Please see as follows for Gottfried Leibbrandt’s full speech (as prepared for delivery).

Hello and thank you for having me here today.

Cyber security is serious. It’s a critical issue for the financial system – and it’s a critical issue for SWIFT. Cyber concerns are not new to us at SWIFT. Indeed, ever since I took on this job, cyber risk has been the main thing to keep me awake at night. We work very hard at improving the cyber security of our network; every day we wake up and go to sleep thinking about, and protecting against that threat. It is hard work and never done. And rightly so for SWIFT. After all, we are trusted by our clients to carry billions of high value payment messages a year. This requires a network that meets the highest standards in terms of: Confidentiality, Integrity and Availability.

Our network was designed to meet these challenges. Cyber security is part of our DNA – it is not an afterthought. Not just hardware and software, but people, processes, procedures, checks, in fact a whole organisation for whom “failure is not an option”.

So, as we’ve said a few times before these past few months, let me repeat: SWIFT, our network, software and our core messaging services have not been compromised. Ensuring that remains the case is, and always will be, SWIFT’s top priority.

But the financial industry, as a community, has to be clear that cyber risk is big; there will be more cyber attacks. And inevitably some will be successful. Acknowledging this doesn’t mean we are resigned to it. Rather, it means that we must work even harder at our collective defensive efforts.

Recent Cyber fraud events are a watershed event for the industry

Let me turn to the recent fraud at Bangladesh that has caught multiple headlines. I think it will prove to be a watershed event for the banking industry; there will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident: we are aware of at least two, but possibly more, other cases where fraudsters used the same modus operandi, albeit without the spectacular amounts. The banks were compromised, credentials to payment generation systems were obtained to send fraudulent payments and the statements/confirmations from their counterparties were obfuscated.

So this is a big deal. And it gets to the heart of banking.

Keeping money secure is core business for banks. So these events are a problem on at least two fronts.

First it’s a problem because banks that are compromised like this can be put out of business. It’s not like retailers losing credit card details or telcos losing customer details. Telcos and retailers will take reputational hits, and may face some financial liabilities, but things will move on. When banks lose control of access to their payment channels, it’s different. In the recent cases, thieves were able to move just some of those banks’ overseas assets. As a result, for the banks concerned, the events haven’t been existential. The point is that they could have been.

Second, it’s a problem because the financial system is hugely interconnected and it operates on trust.

What about SWIFT?

At this point two questions pop up for SWIFT, at least they have in the press: 1. Isn’t SWIFT in the middle of all of this? 2. What are you going to do about it? Let me answer both in turn, since the answer to the first forms the basis of the second.

As I said above, SWIFT, our network, software and our core messaging services have not been compromised. In Bangladesh and the other cases, the thieves compromised the IT environment and worked their way to the bank systems where the SWIFT instructions are generated and the confirmations received. And while we (and other providers) give tools and software to our customers, our customers run these in their own environment and need to keep them secure. We cannot secure our customers’ environments and cannot assume responsibility for that.

At the same time, we play a crucial role in the global payments system, and the events form a direct threat for that system. We therefore very much want to be part of the solution. We think we can be and we have to be.

The need to share information

Over the past weeks and months, we have already stepped up our efforts, notably on sharing information.

The gravity of this threat is the very reason that all of us in the global financial community have to be willing to share that information. Through trusted channels, of course; but we have to share.

Banks can learn from one another about the modus operandi and put better preventative measures in place; entities like SWIFT can serve as the information sharing channel, and we can develop indicators of compromise to help those banks improve their detective capabilities. We are doing so.

But information sharing needs to get better, much better. It is critical that the global financial community works together to bolster our mutual security.

We are calling for a collective effort in our global financial community to reinforce the security of our entire, shared system.

Our security is our collective mission and can only be strengthened through a collaborative approach which includes SWIFT, third party suppliers, policymakers, regulators and our users, big and small.

And particularly the large clearing banks – many of whom I see here today – have a really important role to play; your networks of relationships means that you can have a truly global, viral effect.

And we are going to do much more. We are the global bank-owned cooperative at the heart of the global payment system, a system that is facing a persistent threat. We are stepping up to the plate as our owners and overseers expect us to.

Customer Security Programme

Indeed, we are working with our community on a five-part customer security program that we will announce later this week; five big initiatives that mutually reinforce each other. We are reaching out to customers to discuss with them in more detail and answer any questions.

First, as I just mentioned, we aim to drastically improve information sharing among the global financial community. We will demand more information of our customers, and share that back with the community. The ambition is to do on an international scale what banks in several countries are already doing domestically. We will do it in a confidential way that uses the data while protecting the identity of the institution and customers.

Second, we will harden security requirements for customer-managed software to better protect their local environments.

Third, we will enhance our guidelines and develop security audit frameworks for customers.

Fourth, we will look to see what we can do to support banks’ increased use of payment pattern controls to identify suspicious behavior.

And finally, we will introduce certification requirements for third party providers.

This requires Cooperation

This will only work if the industry works together. Banks, regulators, third-party providers and SWIFT. SWIFT is not all-powerful, we are not a regulator, and we are not a policeman; success here depends on all the stakeholders in and around the industry. The security of our network remains our key priority; the security of their own environments has to remain (and, for some, become) banks’ priority.


Let me close by returning to innovation.

The opportunities that innovation has brought banks and their customers are tremendous – technology and connectivity have introduced the sector to cyber risk. Back before mainframes, ATMs, mobile banking and PCs, it was all about men and guns. Now it is about men and hoodies hunkering over keyboards. And as we continue to connect everything to everything, things will get ever more challenging.

We are seeing some really exciting advances in innovation – and that’s great. The banking experience is immeasurably better today than it was a few years ago – inside banks as well as outside. Let’s have more of that. But these amazing technological advances open the door for increasingly complex cyber threats, the problem must become the solution – technology is essential to our cybersecurity.

Now more than ever, we need to see innovation in security – we’re seeing some, after all, the famous AES algorithm was designed less than 30 km away from here, but let’s have more.

You all know what I’m talking about – bring on the next generation of pattern recognition, monitoring, anomaly detection, authentication, biometrics—and a host of innovations we have yet to develop that will improve and preserve the security of our industry.

We need more of these incredible innovations, and just as importantly, our industry needs to use more of what’s already available to us.

The cyber challenge is huge, and demands action, and change, by all stakeholders. And change is hard. Sometimes it takes a crisis. As the saying goes: “a crisis is a terrible thing to waste”; so let’s use this crisis as an industry to come out stronger, better and even more secure.

Most recent episodes

What’s on the Horizon for Short-term Investments?

The treasury community has risen to the ongoing challenge of rising interest rates and inflation, with corporate cash serving as the sought-after safety net. Here, Daniel Farrell (Northern Trust Asset Management) and Karl Adams (ICD) consider how the latest MMF reform proposals affect short-term...

Transitioning a Corporate from LIBOR to CME Term SOFR

The loans market has predominantly moved to forward looking term rates, and both corporate borrowers and global lenders are increasingly turning to CME Term SOFR as the forward looking risk-free benchmarks to support their activities. Listen to this podcast, featuring Gavin Lee, Marco Bianchi (CME...


HSBC’s Sibos Spotlight – View from Sibos

TMI's Eleanor Hill invites Neil Atkinson, Nadine Lagarmitte, and Vinay Mendonca (HSBC) to discuss the critical treasury topics and conversations highlighted at this year's Sibos conference in Amsterdam. Amongst a wealth of market insights, our guests consider the most critical developments emerging from...


ECB’s Targeted TLTRO Tweaks Set to Drain Excess Market Liquidity

Welcome to the latest edition of Liquidity Link Live, your exclusive market analysis provided by Northern Trust Asset Management, one of the world’s largest cash managers. Tune in each month to discover the very latest insights on the UK, Eurozone and US markets. This edition was recorded on the 7th...


Asian Treasury Trends: Learnings and Opportunities

Former corporate treasury professional, Valerie Heng (Deloitte) joins Eleanor Hill to discuss the hot topic of treasury transformation, alongside other key shifts treasurers should be aware of. In this podcast, Valerie uses her knowledge of the Asian Treasury market to explain how the role of the...


Collaborative Trade Finance: How to Unlock Liquidity at Speed

Imagine if trade finance applications were fully collaborative and corporates could communicate with every trade participant via an open digital hub.  In this podcast, Vincent Almering (Interfood Holding B.V.) and Enno-Burghard Weitzel (Surecomp) explain to TMI's Ben Poole how collaborative trade...


Critical Trends in Trade and Supply Chain Management

Three trade finance experts from Societe Generale join Ben Poole (TMI) in the virtual TreasuryCast studio to discuss critical developments in the trade space that are particularly impactful to corporate treasurers. In this podcast, Isabel Santos, Ariel Emirian and Pierre-Antoine Barreault (Societe...


Citizen Development: The New Productivity Engine for Corporate Treasurers

‘Citizen development’ is about encouraging non-IT professionals to learn software development skills. Here, Dor Haim (Kryon) questions whether, with the roll-out of low-code platforms, treasure...


Managing the Impact of Rising Interest Rates and Inflation

With interest rates rising as central banks try to contain inflation, a difficult balancing act is in progress. The responses of the various monetary policy committees are being watched with a keen eye by treasurers the world over as they consider their next actions. Tarek El-Yafi and Karen Hom (Standard...


Community Impact: Cash and Fixed Income Investing for Good

CNote is a tech-enabled impact investment platform – and a means for finance to be used as a “tool for economic justice”. Its focus on diversity, equity, and inclusion helps corporate and institutional investors use their capital to strengthen underserved communities.  Catherine Berman (CNote)...