The European Parliament today voted to reject the interim EU-US agreement on the processing and transfer of financial messaging data from the European Union to the United States for the purposes of the Terrorist Finance Tracking Programme.
Shortly after the September 11, 2001 attacks, the US Treasury Department (UST) initiated the Terrorist Finance Tracking Program (TFTP). Under the TFTP, the US Treasury Department can issue administrative subpoenas for terrorist-related data. SWIFT data subpoenaed by the US Treasury for anti-terrorism purposes is limited and protected; searches are targeted, independently audited and monitored.
In 2008, the Belgian data protection commission (Commission Belge de la Protection de la Vie Privée), who has jurisdiction over SWIFT, concluded that SWIFT respected all applicable Belgian data protection legislation, when complying with TFTP-related subpoenas. The measures that SWIFT has taken to protect its customers' data have been recognised as groundbreaking and are now cited as best practice.
In January 2010, SWIFT implemented a new dual-zone messaging architecture (as announced in 2007) to increase resilience, system capacity, commercial appeal, and enhance the protection of customer data. Since then, messages that are transmitted within SWIFT's European zone (including intra-EU messages) are processed and stored in our European and Swiss data centers only.
In the exceptional case of a legal request for any financial messaging data stored in either of these two locations, judicial mechanisms in place in EU Member States and Switzerland will apply.
SWIFT has always, and will continue, to comply with the laws of the countries in which it operates, and protecting customer data will remain at the core of SWIFT's business. The European Parliament's rejection of the interim agreement will have no impact on this situation.