Next week, from 10-13 October, the international ‘Sibos’ conference takes place in Amsterdam.
This conference is organised and facilitated by SWIFT  (“Society for Worldwide Interbank Financial Telecommunication”), the US controlled international financial messaging service which facilitates international money transfers [1].

Data breach by SWIFT
Following the terrorist attacks of 11 September 2001 SWIFT facilitated the transfer of personal data of European residents to the US, against European data protection legislation. After press reports revealed this transfer of personal data, involving also banking data of European citizens, European data protection authorities found several breaches to the fundamental data protection principles. According to the European Data Protection Supervisor (EDPS) many improvements were put in place in order to ensure full compliance by SWIFT with data protection legislation: SWIFT adhered to the Safe Harbor; the US Treasury provided clarifications and assurances concerning access and processing of SWIFT data; SWIFT announced important changes in the architecture of its payment services, ensuring that intra-European messages remain in Europe and are no longer mirrored in the United States. [2] The European Union Agency for Fundamental Rights (FRA) has described the case in its Handbook on data protection. [3]

So there is every reason to follow SWIFT’s activities with attention.

The conference
The conference will be attended by the world’s financial leaders, including Dutch officials like Klaas Knot (De Nederlandsche Bank).
H.M. Queen Máxima of the Netherlands will be the opening keynote speaker in her capacity as the United Nations Secretary-General’s Special Advocate for Inclusive Finance for Development (UNSGSA). [4]
All major companies relevant to the financial sector are present, as the list of exhibitors [5] shows.

Crime-fighting tasks of the financial sector / open finance
Looking through the conference programme it is clear that the attendees are preparing for a future surveillance society, on the one hand because of the crime-fighting tasks of the financial sector (anti money-laundering, ‘AML’ and countering terrorist financing, ‘CFT’) and on the other because of the concept of ‘open finance’, the large-scale analysis of financial personal data in order to offer new personalised financial products (that to my opinion pose serious risks that fundamental rights are violated [6]).

AML/CFT subjects of sessions during the conference are:

• Sharing is Caring: How data collaboration and artificial intelligence could defeat fraud
• Data rich but information poor: Why it is critical for banks to deploy AI-enabled technologies
• Balancing Act: Overcoming KYC Challenges to Promote Financial Inclusion
• Discover how ISO 20022’s richer data will transform compliance
• Deliver a Better Corporate Client Onboarding Experience and Reduce Time to Value: The Use Cases
• Protect your business from fraud with Payment Controls: Hear from your peers
• Lessons in private-private financial information sharing to detect and disrupt crime
• Digitalising countermeasures against Trade-Based Money Laundering: [Case Study] How SMBC tackles TBML with cutting-edge technologies
• Reducing the cost of Compliance
• The power of data: Delivering a step change in financial crime compliance
• Managing sanctions risks with global technology providers
• Discover how ISO 20022’s richer data will transform compliance
• AI is the answer: securely reduce your transaction screening false positives!
• Go far, go together: Collaboration and the fight against financial crime
• Spotlight on Risk: Securing the weakest links – Building trust in the vendor supply chain through AI and Zero-Trust leverage
• The hidden value of getting compliance right
• Three learnings from banks adopting new technology to tackle complex AML monitoring in trade, markets, and correspondent banking
• Sanctions screening: Best practices for getting it right
• Mitigate risk with the SWIFT KYC Registry and traffic data: Hear from your peers
• Global Fund Watch, The Compliance Revolution 2.0

On digitalisation and open finance there are amongst others the following sessions:

• Digital and technology | Artificial Intelligence
• Powering payments: The dawning of a data-rich era
• Spotlight on Artificial Intelligence: Transforming the future of Finance
• Powering the AI value chain
• Unveiling SWIFT’s new artificial intelligence platform
• Can our cybersecurity defences shield us from new super technologies?
• Complex made easy: a case for Automated Reasoning Systems
• Build Personalised Customer Experience at Speed and Scale.
• The next layer of cyber defence: Independent assessment and beyond
• Enterprise AI: Measuring new value and driving tangible results
• Meet the Experts: Open Banking, Open Finance and Beyond, by Axway

Be alert!
Advocates for citizens and SMEs would do well to keep an eye on developments around the topics discussed at the conference. Because while data protection topics will also receive attention, the question is whether data protection and fundamental rights will be well covered.

It is to be expected that the world’s financial leaders will prepare our financial future during Sibos.

Notes

[1] On this page described as:

Sibos is organised and facilitated by SWIFT, the global provider of secure financial messaging services. As the financial industry’s cooperative, SWIFT’s role is two-fold:
1 SWIFT enables more than 11,000 financial institutions and corporations in more than 200 countries and territories to connect and exchange financial information securely and reliably.
2 SWIFT also brings the financial community together to work collaboratively to shape market practice, define standards and debate issues of mutual interest. Sibos is SWIFT’s flagship event.

[2] EDPS’ glossary:

SWIFT (“Society for Worldwide Interbank Financial Telecommunication”) is a worldwide financial messaging service which facilitates international money transfers.
Following the terrorist attacks of 11 September 2001, the United States Department of the Treasury served administrative subpoenas requiring SWIFT to transfer personal data held on its United States server in order to identify, track and pursue those who provide financial support for terrorist activity.
After press reports revealed this transfer of personal data, involving also banking data of European citizens, European data protection authorities found several breaches to the fundamental data protection principles, in particular relating to transfers of personal data to third countries (see Article 29 WP opinion 10/2006). Also, the EDPS adopted an opinion focusing on the role of the European Central Bank (see EDPS opinion).

Following these findings, many improvements were put in place in order to ensure full compliance with data protection legislation: SWIFT adhered to the Safe Harbor; the US Treasury provided clarifications and assurances concerning access and processing of SWIFT data; SWIFT announced important changes in the architecture of its payment services, ensuring that intra-European messages remain in Europe and are no longer mirrored in the United States.
See also: Safe Harbor and TFTP

More information on SWIFT on the EDPS website, amongst others:

• • • Enforcing EU data protection law essential for rebuilding trust between EU-US (2014), Data protection in the age of SWIFT, PNR, Prüm and e-justice (2010).
    • EDPS opinion on new EU-US agreement on financial data transfers: newsletter, opinion (2010).
    • Negotiations EU-US concerning “SWIFT” data (2009).

In 2006 the Article 29 Data Protection Working Party (WP29) published an opinion on the processing of personal data by SWIFT.

[3] FRA, Handbook on European data protection law, 2014, pages 140-142.
[4] Article: Sibos announces UN Special Advocate H.M. Queen Máxima of the Netherlands as opening keynote speaker.
[5] List of exhibitors at Sibos 2022.
[6] Read my article on open finance en PSD2 in the EU.