Banking organisation Swift, has agreed to a four-year overhaul of its global architecture to meet EU data privacy requirements.
Swift, an industry-owned co-operative, provides secure standardised financial messaging services to more than 8,000 finance institutions worldwide.
But last November, an EU panel warned Swift that it was violating data protection laws and could face sanctions. The data protection concerns centred on US requests for Swift data to support anti-terrorist measures.
Swift handed over messaging information under subpoena, but the EU’s Article 29 Working Group warned that anti-terrorism measures ”should not and must not reduce standards of protection and fundamental rights which characterise democratic societies”. The European parliament later called on the European Central Bank to step in to ensure compliance with data protection laws.
Swift said its new messaging architecture would “allay data privacy concerns” raised in the context of the organisation’s compliance with US Treasury subpoenas for subsets of its messages.
The new architecture will ringfence the storage of European messaging data. At present Swift has operating centres in both Europe and the US. Messages are processed simultaneously at both locations to prevent data loss. But the new architecture will allow intra-European data to be stored only in Europe.
Swift said the new structure would also expand its messaging capacity and reinforce network resilience.
Lázaro Campos, Swift’s chief executive, said: "The proposed new architecture lays the foundations for this growth through an expanded and enhanced service offering to clients. At the same time, it is an important sign of how seriously we take data privacy concerns; we continue to make the protection of customer data our absolute priority."
The Swift board is expected to approve final details of the investment plans at its meeting in September this year.
The architecture overhaul is part of a series of initiatives aimed at addressing the EU data privacy concerns. Later this year, Swift is set to be included in the EU-US Safe Harbour Agreement – a framework negotiated by the EU and US to provide a way for companies in Europe with operations in the US, to conform to EU data privacy regulations.
Swift has also set up a data privacy working group of data privacy and compliance experts from European and non-European banks.