SWIFT's CEO thinks the unthinkable.
When it comes to resilience, financial services has its act together compared with other industries. That's what Leonard H. Schrank, CEO, SWIFT (Belgium) found when chairing a panel on "Managing Catastrophic Risk" at the World Economic Forum. "I was quite impressed by our industry, when you compare what other industries are doing versus ours," he says. Schrank spoke at SWIFT's recent SIBOS conference in Singapore.
Banks' "natural advantage" stems from the hierarchical organization throughout the industry and the presence of central banks, he says. Indeed, manufacturers and farmers hardly share information throughout the industry to the extent that banks must.
Accordingly, the importance and complexity of the financial system makes secure practices even more important. "We do much more serious background checking than we've ever done before," says Schrank. "Once you have people working for you, [there are] processes that you want to follow to prevent someone, accidentally or on purpose, causing damage to your system."
But even the best screening can't read someone's mind. Thus, activity around operational and IT systems calls for the "six-eyeball" approach. "One person writes the code, another person checks the code, a third person installs it," says Schrank. "That type of approach-you can even borrow from how nuclear launch installations do things, if you want to take it to that end."
SWIFT's resilience advisory council consists of about a dozen "global players" from key market infrastructures and central banks. Not the chiefs, but "the ones that run the systems," says Schrank.
An early exercise was imagining "the unthinkable"-that the SWIFT network was down. So the group broke up into three areas-emergency procedures, service continuity and crisis management-to think through the implications and lower the risks.
The first group, emergency procedures, debated the question of what fallback technologies would be suitable: e.g., fax, e-mail, telex. The answer: None of the above. "They decided we're not going to have a global standardized fallback," says Schrank. "They don't want to invest in a weaker system and all the control issues that go with that-they'd rather we spend our time getting SWIFT back up."
That puts extra emphasis on service continuity, but even that has to be done realistically, through parameters and metrics for determining appropriate investment levels. "We could have spent hundreds of millions of extra dollars, and built all sorts of extra data centers," says Schrank. "That's not practical."
Finally, the crisis management team still has some work to do in terms of emergency communications. "There is a need for crisis coordination and communication between national infrastructures, between central banks," says Schrank. That would include capturing and distilling incoming information, and then broadcasting guidelines to the community.
The payoff from thinking through resiliency is the ability to offer a communications and standards on a stable platform that may be hard to replicate elsewhere. "Our community, before 9/11, they took our security and reliability for granted-now I think nobody does," says Scrank. "We know there's a price for that, and I think our community is going to support the systems that we have here."
To keep the network affordable, SWIFT slashed prices for messages, as well as for initial sign-up and installation. For the largest financial institutions, having a secure, failsafe network has long been an inelastic good. But since SWIFT intends to sign on a greater number of smaller financial institutions, asset managers and even the corporate clients of banks, it has to take into account the higher elasticity of demand in those market segments.
With lower prices and reduced barriers to entry, it's as if the peripheral users of the financial infrastructure will be able to get the fortified ride of a Hummer for the price of a Ford Focus. And without the parking hassles, either.