Swift to review strategy in wake of cyber attacks

Swift to review strategy in wake of cyber attacks

Swift chief executive Gottfried Leibbrandt says that member banks with weak cyber security could face the ultimate sanction - exclusion from the global interbank messaging network.

Speaking to the Financial Times, Leibbrandt says that the emergence of sophisticated cyber hackers has "changed the game completely".

"We could say that if the immediate security around Swift is not in order we could cut you off, you shouldn't be on the network," he told the paper. "There are pros and cons to that. The pros are that it provides clarity that if you are on the Swift network you need minimum standards. I think the con is if you do it too heavy handed you could drive people to unsafe channels."

His comments come just days after the interbank co-operative detailed new security measures in the wake of a string of high-profile attacks at multiple bank sites.

The list of remedies - including tougher security and operational baselines, and related audit standards and certification processes for the secure management of Swift messages at customer sites - stopped short of the threat of suspension for banks that fail to measure up; the expectation being that the benchmarks would be policed by counterparty banks and international regulators.

Liebbrandt's remarks to the FT signal that Swift is preparing to take a hard line with recalcitrant member banks, as the realisation dawns that only the toughest sanctions will restore faith in the integrity of the payment instructions passed over the network.

Speaking to Reuters as part of a PR-led offensive to stop the story spinning further out of control, Liebbrandt said that the cost of its new security initiatives may force the company to review its strategy, scaling back on plans to expand into new markets as it regroups

“We need to take a look at what we are doing. We cannot carry on with everything we did before and do this on top, that wouldn’t be credible,” the CEO told the wire.

He said Swift would pull back from “a few areas” but declined to name any candidates.

“There are no holds barred in solving this problem, so as far as I am concerned, nothing is off the table.”.

Comments: (4)

A Finextra member
A Finextra member 03 June, 2016, 11:58Be the first to give this comment the thumbs up 0 likes

Right. So we are few weeks away from the grand finale. Let's see...

A Finextra member
A Finextra member 03 June, 2016, 14:36Be the first to give this comment the thumbs up 0 likes

Strange that the card networks have been validating interfaces for years and mandating security - SWIFT has not - and yet suddenly it's an issue now they're finally forced to admit hacks and fraud are happening. Years of work ahead sorting this out and in the meantime challengers will come...

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 03 June, 2016, 16:54Be the first to give this comment the thumbs up 0 likes

Card networks and few of the security platforms stretch them to supply its own certified network access equipments and software. SWIFT may lead towards such act or can explore ( CISCO, Bluecoat and Juniper may be listening :))

Peter Horrell
Peter Horrell - Payment Consulting LLC - Reno, Nevada 06 June, 2016, 15:11Be the first to give this comment the thumbs up 0 likes

My suggestion to SWIFT would be to implement a system using the card network PCI model. Institutions with low Dollar transfers could self certify, while high Dollar institutions would be externally audited.  This would pass the cost of an breach on to the Financial Institution that breaches minimum standards, which might put that FI out of business. A certified institution, might be able to mitigate the risk by having the SWIFT community accept some of the liability of a breach.