Premium Services Forum Americas 2015

transcript

Premium Services

Forum Americas

Achieving operational excellence and building for

the future.

New York City, March 2nd 2015

Welcome Back

Agenda

Morning

09:00am – 09:20am Opening Plenary

Chris Church, Chief Executive Officer– Americas

Danny Smedley, Managing Director Customer Support Americas

09:20am – 09:40am Customer Support is looking ahead

Danny Smedley, Managing Director Customer Support Americas

09:40am – 10:25am Operational Excellence and Risk mitigation

Marcel Bronmans, Chief Operations Officer

10:25am – 10:45am Coffee Break

10:45am – 12:00pm Updates

SWIFTRef

Anne-Sophie Walravens, Reference Data

Let’s talk about swift.com

Raymond Sekely, Customer Support Engineer

James Furlong, Customer Support Engineer

Product Updates on Messaging and Security

Suk Rawat, Product Manager

Chetan Uka, Product Manager

Capacity Planning

Emma Pacheco, Service Manager

12:45am – 2:30pm The world of Compliance - Interactive Workshop

Stacy Rosenthal, Head of Supplementary Products

2:30pm - 3:00pm Business Continuity, prepare and communicate

Ryan Hirschey, VP Federal Reserve Bank of New York

Cindy Wonsang, Service Manager

3:00pm – 3:15pm Coffee Break

3:15pm – 4:15pm Optimizing your infrastructure - Interactive Workshop

Aravind Baliga, Technical Services

Bikash Mishra, Service Manager

4:15pm – 5:00pm Alliance Interfaces Portfolio Timeline

Emma Pacheco , Service Manager

Max Ratchkauskas, Head of Integration Services

5:00pm – 5:30pm Achieving operational excellence, a recipe for success

Richard Sandoval, Chef , Restaurateur, Television personality, Author

Becky Almodovar, Head of Key Client Support and Service Management

5:30pm – 5:45pm Wrap Up

Danny Smedley, Managing Director of Customer Support — Americas

Agenda

Afternoon

Chris Church – Chief Executive Officer – Americas

Danny Smedley – Managing Director of Customer Support Americas

Opening Plenary

Customer Support

Evolution

Looking ahead to the future

Danny Smedley – Managing Director of Customer

Support Americas

cesses

Our People

Our Customers

cesses

Our People

Our Customers

cesses

Our People

Our Customers

cesses

Our People

Our Customers

cesses

Our People

Our Customers

cesses

Our People

Our Customers

cesses

Our People

Our Customers

What have we done

What do you value the most?

What additional things do you want to see

What other channels do you need

Operational Excellence

and Risk Mitigation

Marcel Bronmans, Chief Operations Officer

5+billion

10,800+

25.87 million

Mission is to deliver

Operational Excellence

Resilient & Secure Architecture and Infrastructure

Operational Excellence is accomplished by people

Make sure we learn from problems to continuously improve

Think to prevent problems in the first place

When a problem happens, let’s manage it to mitigate the impact

No matter what, problems will occur so let’s be prepared

Manage Plan

Prevent

Qualified?Regression

Tested?

Change Control

Form Submitted?

Change Owner

Prepared?

Support

Agreement?Change Control

Board approved?Implementation

Review

Implement Change

Change

Business

Continuity

Testing

Regular resiliency

testing at the

system/network

levels

Service Continuity

exercises

Business Continuity

exercises

Simulation Support

exercises

300+ per year

More complex system

and network recovery

6 weekends per year

Training-like events

to assess Business

Continuity Plans and

Crisis Mgmt process

50+ per year

1Multiple connections,

protected sites, built-in

backup within

Operating Centers

2Transfer operations to

alternate site within 20

minutes in the unlikely

event layer 1 fails.

3Disaster Recovery

Infrastructure for the

extreme case where

layer 2 is not enough.

• Understanding

potential cyber attacks

• Understanding own

exposure

• Make cyber part of

business decisions

• Preventing cyber

attacks from

succeeding

• Containing and

recovering from

detected cyber attacks

• Detecting ongoing

cyber attacks that

defeat the prevention

Manage Plan

Prevent

Information security and cyber threats

Networks

Systems

People

Buildings

Application

Internal

Threats

Hackers

Organised

Service

providers

Customers

Terrorism

States

Partners

Security built in

Waterfall and Agile development methods

Agile/Scrum

Requirements Design Development Qualification Maintenance

Security

Classification

Security

Requirements

Network

Blueprints

Design

Security

Secure

Coding

Reviews

Intrusion

ReviewsChange

MgtSecurity

Baselines

Intrusion

Preparation Sprints 1 - nAfter

release

Waterfall

Hardening

Change

Security built-in, in traditional or Agile projects

Policies,

procedures

security

baselines

People

culture

Intrusion

testing and

exercises

management

privileged

accounts

Segregation

of duties

Application

VPN VPN VPN VPN

SNLSNL

Application

Central

Services

Customer 1 Customer 2SWIFT OPC

Three-layer messaging architecture

The effect of uncertainty

on objectives

One way to identify risk

Risk is a mind-set at SWIFT

Availability,

confidentiality

& integrity

Governance

Continuous

Dynamic

Management

in all we do

Enterprise

Management

Franchise

Committee

G10 and 12

Governance

& Oversight

External

Internal

Technology

Management

Information

Security Risk

Management

Coffee Break

Product Updates

SWIFTRef

Let’s talk about SWIFT.com

Product Updates on Messaging and Security

Capacity Planning

The latest and greatest

on SWIFTRef

Anne-Sophie WalravensPremium Support Forum - NY

Bankers World Online – New release

Now including also:• a wealth of financial and entity

information for in-depth counterparty analysisData sourced from Reuters, Dun & Bradstreet and Moody’s

• Extensive IBAN/SEPA data, including BBAN–to-IBAN constructor and IBAN Exclusion List

• Complete new look & feel offering enhanced usability

• A direct response channel to report on any possible data errors or omissions

Institution details

Sample view for one institution

Payments data overview

Legal entity and regulatory info

Sample view of IBAN Validator

More data RankingsBank hierarchy

(Legal, SSI)

HistoryMultiple

languagesMultiple

credit ratings

Knowledge base

Bankers World Online – in the pipeline

Newsfeeds

SWIFTRef APIs - New delivery channel

Offering:

• Real-time identification and validation of specific reference data, available in the SWIFTRef utility

• Standard web-call services between your user applications /interfaces and the SWIFTRef utility

• Restful APIs

API Webservices

SWIFTRefweb server

Swiftrefdata.com

Internet

SWIFTRef APIs – full list

• Get the LEI for a BIC

• Get the BIC for an LEI

• Check the Validity of a National ID

• Get National IDs for a BIC

• Get BICs for a National ID

• Get SSIs for a BIC

API Webservices

• Get Details of a BIC

• Check the Validity of a BIC

• Get Details for an IBAN

• Check Validity for an IBAN

• Get the BIC for an IBAN

• How to Reach a BIC in SEPA

Entity Plus Directory

National Bank ID

Coming up…

Sample data from Entity Plus

ENTITY ID ID TYPE CC XID* NAME

KGCEPHLVVKVRZYO1T647 LEI BE 000000440 BNP Paribas Fortis s.a./n.v.

1G159I.00269.ME.056 GIIN BE 000000440 BNP Paribas Fortis SA-NV

GEBABEBBXXX BIC BE 000000440BNP PARIBAS FORTIS (FORTIS BANK SA/NV)

BNPP.PA RIC BE 000000440 BNP Paribas Fortis S.A./N.V.

001 BANK ID BE 000000440 BNP Paribas Fortis

BE0403.199.702 VAT BE 000000440 BNP Paribas Fortis SA/NV

XID000000440*

(*) The cross-reference ID (XID) links the various identifiers of one and the same entity.

One Entity, many IDs

Offering: A consolidated file of all LEIs, including• Data from all endorsed LOUs, that adopted new common data file format• Formatted in new common data-file format• All duplicates removed• Monthly updates + Daily updates in Q2 2015.

The consolidated LEI file a sneak preview of Entity Plus !

(LEI data are also available in Bank Directory Plus and Bankers World Online)

Free usageuntil the official launch of Entity Plus!

Check out www.swift.com/SWIFTRef for more news

SWIFTRef Data Manager - Data analyser

Offering:• a software

- for data analysis across data-files (SWIFTRef files, in-house data files)

- for bespoke reporting• Files are exportable in TXT and XML• Running on Windows

Including:• Filtering of data

• Comparison of data across two files

• Merge of two different files for bespoke analysis and reporting

Data Manager

Filter

Compare

SOFTWARE FUNCTIONS

Non-SWIFTRef files

SWIFTRef files

IMPORT EXPORT

in txt, xlm, cvs

Customized file

SAMPLE

Filter

Compare

View added, deleted, modified

The SWIFTRef BIC Directory

…after ISO9362 implementation

Availability of a new version of the SWIFTRef BIC

directory

Nov2015

Oct2015

Availability of Technical

specifications and Sample file

on www.swift.com/

SWIFTRef

April-May2015

Customer validations & consultations

March2015

Availability of DRAFT technical

specifications on demand

If you wish to contribute to content and structure of the

new SWIFTRef BIC Directory, join as a pilot!

If you wish to test our IDEAS for the new

SWIFTRef BIC Directory, get the draft specs!

Questions

Answers&

Let's talk about

swift.com

The changes, updates and what’s in it for you

Ray Sekely and James Furlong

Agenda User management for SWIFTRef products

Single sign-on for SWIFTRef remote services

Alliance Bank File format change

“How to” Videos available on swift.com

User management for SWIFTRef products

User management for SWIFTRef productsSingle Sign On using swift.com user account credentials

After clicking, users are automatically

redirected to swift.com website login page.

If you are already logged-in on swift.com and access a URL on

swiftrefdata.com, then no new login is needed.

SWIFTRef users click on the "Login Here"

button on the home page of the SWIFTRef

access point:

After clicking the "Login“ button, users are

automatically redirected back to the

SWIFTRef access point.

Admin functions for SWIFTRef user administrator

SWIFTRef user administrator is defined in the E-Order form for a SWIFTRef product.

Admin functions for SWIFTRef user administrator

Self-registration and trial access

Single Sign On for SWIFTRef Remote Services

Single Sign On for Remote Services

The username in automated download/web services scripts must be modified with the SWIFT customer number as follows:

swiftdownload@acme.com_10991211

The customer number can be found in “Manage your profile” on swift.com under the “Profiles” tab

Alliance Bank file changes

Alliance Bank File format change

Removal of “old” Alliance Bank File formats

Only format available now is the encrypted .ABE

ABE file is only readable by Alliance Access/Entry

How-to Videos

Disaster Recovery Datacenter

Standalone HSM box

Power Failure

Scenario

3 Hours later

Product Management

UpdateMessaging and Security Portfolio

Chetan Uka & Suk Rawat - Product Management

AGENDA

Messaging

FileAct Evolution

ASP over FileAct

SNL Roadmap

Security

HSM Refresh

HSM usability enhancements

SWIFT WebAccess

FileAct Evolution

FileAct in numbers Strong adoption and traffic growth

Year over

Growth

> 3TBper year

Trends

continue

+36%volume growth

in 2014

FileAct Evolution

Backwards compatible

Benchmark Testing

Support for larger file size

Increased Efficiency

Operational Enhancements

ASP over FileAct

Application Service Profile ( ASP )New Solution – Live & Pilot

Application Service Profile is used by messaging interfaces and applications to correctly send

and receive traffic for that service

New solution will be delivered: ASP file over FileAct

– Subscription required; No registration fee for Live or Pilot service

– Customer subscribes to SWIFTNet service on swift.com, Based on Store-and-Forward

– The tentative plan is to deliver the solution by end of Q2 2015

– SAA ASP Integration automation - Tentatively planned Q4 2015

Swift.com

Swift will place ASP file in SnF queue

Customer acquires queue, ASP file is delivered

ASP file will remain available on

swift.com

Application Service Profile ( ASP )New Solution - ITB

ITB SWIFTNet Service swift.info!x created for Vendor community

No Registration fee for ITB Service

This optional service will allow Vendors to fully automate the ASP file integration into

the Interface

The tentative plan is to deliver the solution by end of Q1 2015

Swift will place ASP file in SnF queue

Vendor acquires queue, ASP file is delivered

PowerPoint Toolkit – 23 October 2008 –

Confidentiality: restricted

SNL Roadmap

SNL Roadmap2015/2016 overview

Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

SNL 7.0.40 – Optional patchKey points

• Includes MI Channel Functionality and GLI

functionality in a GA patch to avoid separate patch

upgrades for CLS and GLI systems

• Adds support for personal certificates on HSM for

Web Access services (e.g. CLS, Euroclear

easyWay)

• Extends OS support to Windows Server 2012 R2

Tentative End of Q4

SNL 7.0.X – Optional patchFileAct Evolution Enhancements

• Efficient Transfers

• Increased throughput

• Support transfers of files up to 2GB

• Operation enhancements

• Benchmark testing

• Planning currently ongoing for additional

enhancements and features

AGENDA

Messaging

FileAct Evolution

ASP over FileAct

SNL Roadmap

Security

HSM Refresh

HSM usability enhancements

SWIFT WebAccess

Security Portfolio – key projectsDraft timeline

2014 2015 2016

HSMIS6 HSM box rollout

Usability Enhancements Delivery

3Skey on Mobile

New personal certificate

on HSM

Access

Product Enhancements

Usability Enhancements

Specifications/Implementation

Higher latency HSM

clusters

HSM Refresh

HSM Service Life: 5-7 Years

2007 2008 2009 2010 2011 2012 2013 2014 2015 2016

Sept 2015 –

end of support

Current HSM boxes are aging and must be refreshed

to address end-of-life, and contractual issues and to

ensure safe and continuous operations

Why Refresh – recap

84% 94% 67%

IS6 HSM boxes

shipped overall

IS6 HSM boxes

shipped to P & P+

IS6 HSM boxes

installed by P & P+

** Data as of 19 Feb 2015

Rollout is on track 0.0%

10.0%20.0%30.0%40.0%50.0%60.0%70.0%80.0%90.0%

Planned shipment

Actual shipment

Installed

201520142013

SWIFT readiness

Customer communication

Customer scheduling

Early Adopters

Ship refresh boxes to all

cust, except ARG

candidates

Leftover shipments

Complete refresh

End of Support

Sept 30th

End of support

of current boxes

New order shipment

starts

open new box ordering &

stop old

May-June

generic comms

shipping schedule

Refresh shipment

starts

4300 IS6 shipped.

Total planned ~5155

IS5 HSM End of Support is getting closer

Improve HSM usability…

… without compromising security

Simplify day-to-day management of HSM boxes by making it easier to

install, configure and administer boxes and to manage HSM certificates

Reduce operational cost & risk associated with complex processes

Usability enhancements will be provided through SNL/SAG patches

installable on IS6 HSM clusters only

HSM usability enhancements – recap

Certificate Management

• No PED operation needed for a delete HSM certificate function

• Fully integrate partition & certificate management in SAG admin GUI

• Automate recovery of a group of certificatesOperationalsimplicity

Box Installation/Configuration

• No local PED needed to initialize remote PED access on a HSM box in default

• Option to use a unique PED token instead of 4 different tokens

• Minimize number of manual steps during installation processIncrease efficiency

Box Administration/Monitoring

• Accounts & passwords synchronized across boxes of a cluster

• No SNL re-registration needed after an HSM change

• Password expiry monitoring and customizable expiry period

Reduce

Key enhancementsDelivery phased from Q2 2015 to Q3 2016

PowerPoint Toolkit – 23 October 2008 –

Confidentiality: restricted

SWIFT WebAccess

Product overview

End-user Service Provider

Enables service providers to offer highly secure access to their online, web based

services over SWIFT to their end-users

Service providers leverage SWIFT security

End-users use their SWIFTNet infrastructure and SWIFT credentials

Authenticate via HSM or token

Access over SIPN or Internet

Single Sign-On across services

Reuse SN infra (PKI)

Usual processes/tools

Simple to integrate (SAML)

Prevent unauthorized users

Delegated Authentication

Facilitate service adoption

Browse is now called SWIFT WebAccess

Key enhancements

> New personal certificate on HSM

Enable customers to use HSM certificates for personal

authentication, as an equivalent to personal token certificates

> Enforce password prompt for HSM users

Enable service provider to enforce password prompt for

secure transactions when using HSM certificates

> Support higher latency HSM clusters

Allow HSM clusters to be spread across data centres

for use on SWIFT WebAccess only

Delivery

in 2015

Capacity PlanningPlanning for growth

Emma Pacheco – Service Manager

AgendaIntroduction

Case study 1: Logical Terminal saturation (reactive scenario)

Case study 2: FIN Traffic growth (proactive scenario)

• Window Size (WS) limits emission and reception

• Set to max # msgs/hour

• If # of msg beyond max, emission/reception will be delayed msgs overflow to next hour

• Report in GMT and sent out only if saturation

LT Saturation

Introduction

• SNL Throughput: TPS per SNL

• SNL Payload: Line bandwidth (KB/s) all SNLs using same line

• Emission limit: SNL throughput

• Reception limit: Line bandwidth

• Report in GMT

SNL Saturation

Introduction

Case study 1: LT saturation

• WS Limits:

* depends on network latencyHigh network latency worst case

Low network latency best case

Window

Worst Case *

(msg/hour)

Best Case *

(msg/hour)

Worst Case *

(msg/sec)

Best Case *

(msg/sec)

12 3,200 5,400 0.9 1.5

30 8,000 13,500 2.2 3.8

50 13,333 22,500 3.7 6.3

98 26,133 44,100 7.3 12.3

• Traffic statistics

LTWindow

Average Input

(msg/s)

Peak Input

(msg/s)

Average Output

(msg/s)

Peak Output

(msg/s)

SWHQUSUSA 30 0.62 3.63 0.38 3.36

SWHQUSUSB 30 0.10 0.89 0.08 2.01

SWHQUSUSC 30 0.10 0.84 0.25 2.18

WS msg/sec

30 [ 2.2 – 3.8 ]

50 [ 3.7 – 6.3 ]

• Potential Saturations

WS msg/sec

30 [ 2.2 – 3.8 ]

50 [ 3.7 – 6.3 ]

LT Saturation start Length(mins) Average(msg/s) Peak(msg/s)

SWHQUSUSA 26 Jan 2015 04:00 220 3.4 3.63

SWHQUSUSA 27 Jan 2015 04:05 200 2.7 2.9

Output

LT Saturation start Length(mins) Average(msg/s) Peak(msg/s)

SWHQUSUSA 26 Jan 2015 13:00 115 3.1 3.36

SWHQUSUSA 27 Jan 2015 13:25 90 2.9 3.2

• Saturation Pattern

WS msg/sec

30 [ 2.2 – 3.8 ]

50 [ 3.7 – 6.3 ]

• Hourly Statistics [msg/hour]

Case study 1: LT saturationWS msg/hour

30 [8Kmsg - 13.5Kmsg]

50 [13.3Kmsg - 22.5Kmsg]

HourLT A input LT A output LT B input LT B output LT C input LT C output

0 AM 210 . 279 . 249 .

4 AM 11,958 15 30 99 78 522

5 AM 12,423 207 102 339 63 654

6 AM 12,159 180 198 504 147 1,662

7 AM 8,535 402 183 1,467 183 5,451

2: Increase WS

3: Leave as is, notify SWIFT

(business not impacted by

delays)

1: Load Balance

Case study 2: FIN traffic growth

Specifications:

• Traffic: +50% input traffic 2KB msgs

• Timeframe: 5 – 7:00 GMT

• Destination: SWHQUSUS, LTs A/B/C and WS 50

• SNL: snl12345

• Leased line: T1, solely used by snl12345d1

Can my current LTs and SNL absorb this traffic, or will it be delayed ?

Review

• LT saturation report current Fin traffic (peak day)

• SNL saturation report SNL (throughput and payload)

• FIN batching report

Traffic projection

• New FIN traffic impact

• New SNL throughput/payload and LL BW impact

• Add 50 % to existing traffic

LT A input

current

LT A input

LT B input

Current

LT B input

+ 50%…

4 AM 4,998 4,998 30 30 …

5 AM 6,879 10,319 102 153 …

6 AM 8,199 12,299 198 297 …

7 AM 5,175 7,763 183 275 …

8 AM 420 420 486 486 …

WS msg/hour

50 [13.3Kmsg - 22.5Kmsg]

98 [26.1Kmsg - 44.1Kmsg]

• FIN current traffic vs projection

WS msg/hour

50 [13.3Kmsg - 22.5Kmsg]

98 [26.1Kmsg - 44.1Kmsg]

• FIN batching (actual)

WS 50 # FIN 1IA

Min value 1

Max value 8

• SNL TPS (actual) projection (extra)

Case study 2: FIN traffic growthTime

FIN/hour

5 AM 3,440

6 AM 4,100

7 AM 2,588

Time FIN/sec 1FIN=1IA 30 FIN=1IA

5 AM 1.0 1.0 TPS 0.03 TPS

6 AM 1.1 1.1 TPS 0.04 TPS

7 AM 0.7 0.7 TPS 0.02 TPS

) TimeMax Actual

Max Extra

5 AM 2.5 +1.0 TPS

6 AM 2.75 +1.1 TPS

7 AM 2.35 +0.7 TPS

• SNL Payload (actual) projection (extra)

Time FIN/sec 2KB FIN

5 AM 1.0 2.0 KB/s

6 AM 1.1 2.2 KB/s

7 AM 0.7 1.4 KB/s

) TimeMax Actual

Max Extra

5 AM 2.5 +2.0 KB/s

6 AM 3.8 +2.2 KB/s

7 AM 3.5 +1.4 KB/s

TimeExtra

FIN/hour

5 AM 3,440

6 AM 4,100

7 AM 2,588

Lunch Break

Compliance - Back to

the FutureGoing back to the basics to address the needs of

the future

James Wills, Senior Business Manager

• This session will last for 1hour and 45 minutes

• It consist of a presentation, an activity and a debriefing

• Slides will be available for download after the event

• Please do not modify the setup of the tables, they are

ready for the activity.

• Questions can be raised during the activity and

debriefing

Logistics

• Raising awareness of Compliance matters within

financial institutions (the objectives, the actors, the

threats, the responses, etc) in an interactive way with

peers.

Objective

• KYC

• Anti-Money Laundering

• Counter Terrorism Financing

• Sanctions Compliance

• Bribery and Corruption

• Fraud

• Identity theft

• And much, more…

Financial Crime

3) Integration Bring the “cleaned” assets back in the

legitimate economy.

Selling Shares, Buying Property...

1) Placement Place the criminal assets into the financial sector.

Often Cash…

2) Layering

Create Complex layers of financial tractions:

Shell Companies, Trusts, etc.

What is Money Laundering?

The Three Basic Steps.

What are Sanctions?

Sanctions impose controls on transactions and freeze assets and

are used by governments to influence or constrain the behaviour

of governments and individuals.In

ational

United Nations

European Union

Germany UK FranceUnited

States

Who is

responsible for

financial

sanctions?

• Countries

• Companies

• Individuals

• Vessels

• Aircrafts

What are Sanctions?

Who are on these lists?

USA – OFAC UK – HM Treasury United Nations

Country related

Balkans

Belarus

Ivory Coast

Democratic Republic of the Congo

Lebanon-Related

North Korea

Somalia

Zimbabwe

Other targeted/List based

Counter Narcotics Trafficking

Counter Terrorism

Diamond Trading

Former Liberian Regime of Charles Taylor

Non-Proliferation

Transnational Criminal Organizations

Country related

Afghanistan

Belarus

Burma/Myanmar (Suspended to Apr 2013)

Democratic Republic of the Congo

Eritrea

Federal Republic of Yugoslavia & Serbia

Iran (human rights/nuclear proliferation)

Ivory Coast

Lebanon and Syria

Liberia

North Korea (Democratic People’s Republic of

Korea)

Republic of Guinea

Somalia

Tunisia

Zimbabwe

Al-Qaida

Terrorism and terrorist financing

Country related

Côte d'Ivoire (Ivory Coast )

Democratic Republic of Congo

Democratic People's Republic of Korea (North

Korea)

Eritrea

Lebanon

Liberia

Somalia

Al-Qaida, Taliban, Bin Laden

Terrorism

Examples

What are PEPs?

PEPs are individuals who, by virtue of their office, might become

exposed to corruption

PEP Lists include, but are not limited to;

senior politicians, senior civil servants, and military officers in every

country, as well as their close families, colleagues, and advisors.

PEPs Lists contain

roughly 1.5 Million

Entities.

How a financial institution deals with

compliance?

Customer identification &

verification

Initial due diligence

Customer screening

Ongoing due diligence

Customer & transaction monitoring

Transaction screening

start transacting

On-boarding process Ongoing reviews

Compliance is a pervasive function within

the financial institution function

Banking Group

BusinessRetail | Corporates | FI | Business Compliance | …

Operations and ITMonitoring | Investigation | Operations Compliance | …

Compliance & Risk ManagementMLRO | Sanctions | AML | Capital Markets | Anti-Corruption…

Common Titles

Head of GTB Compliance

Head of KYC Team

Head of FI Group

Network Management

Operations & Regulation

Operations Risk & Controls

Head of Sanctions Screening

AML Advisory & Compliance IT

Head of Group Compliance

Head of AML & CTF

Sanctions & Embargo

Key Elements of an AML Program

1) A system of internal policies, procedures and controls• KYC / CDD• AML Transactions Screening• PEP Screening• Business Rules, Procedures, and Controls

2) A designated compliance officer with day-to-day oversight over the AML program;

3) An independent audit function to test the AML Program; and

4) An ongoing employee training program.

AML Program

Independent

Compliance – AML Program

Training “Ensure the Rule Book is

being used

Compliance

Officers

Business

“Write the Rule Book”

“Implement the Rule Book”

Questions

The World of

ComplianceInteractive Workshop

Objective

• Raising awareness of Compliance matters within financial institutions

(the objectives, the actors, the threats, the responses, etc) in an interactive

way with peers.

The World of

Compliance Rules

The Authorities

The facilitators are the highest level of decision regarding the course of the activity

and the interpretation of the rules.

The Participants Profiles cards

Each participant has a profile card with:

• The participants mission

• His/her area of responsibility in the 6 steps process

• Some hints for decision making

• Reminder for a few acronyms

• A post it to log some of the encountered challenges

KYC Responsible

Customer

identification

& verification

Initial due diligence

Customer screening

Ongoing due diligence

Customer & transaction monitoring

Transaction screening

start transacting

On-boarding process Ongoing reviews

YOUR MISSION:

Ensure your institution investigates, establishes and monitors solid and trustable business

relationships in respect of KYC related principles and regulation.

USEFULL ACRONYMS:

AML: Anti Money Laundering

CDD: continuous due diligence

KYC: Know Your Customers

PEPs: Politically Exposed people

UN: United Nations

HINTS:

- New/updated PEP?

- Usable Info about Customer business

- Usable info for CDD

- When is it applicable?

CHALLENGES:

The playing field – Turns & Domains

1 – Take & read a card

Information cards vs Decision cards

Card C1.1

Turn-1,

card-1

Card C1.3

Turn-1,

Card-3

IF NOT A DECISION CARD:

Place the card on one slot of the current turn (column), in the most appropriate area of responsibility (line)

based on the card text

IF THE CARD IS A DECISION CARD:

– If the Team accepts the proposed action, the card is placed on the DECISION line at the slot

corresponding to the current turn.

– If the Team rejects the proposed action, the card is placed under another card on the board being the

reason of the rejection. (e.g. an actor of the decision card is under sanctions => place the decision card

under the card mentioning the sanction)

Hint: Some card fit in several slots. Choose the most appropriate one.

Hint: Different Decision cards could be rejected for the same reason.

Hint: In this phase, the auditor should take notes on the reasoning in preparation of phase 5 – internal audit

2 – Agree where to place the card

3 – Place & take accountability

Accepted

Rejected3 – Place & take accountability - Decision

4 – repeat until all cards are played

Pay attention to the sequence of the cards, ensure they go C1.1, C1.2, C1.3, C2.1, C2.2, etc

Hints:

• Info from the press: press info not useable in compliance process.

• Info to/from Regulators/Authorities: e.g. updated legal obligations

• Sanctions list Mgt: e.g. new/updated sanction list

• AML: Info to refine transaction monitoring/filtering in AML system

• KYC: info to add/update PEPs records or info qualifying existing/prospect customers

5 – Audit

5.1 Internal Audit –Call the facilitator

• Based on his notes, the Auditor challenges one of the cards position. The team can then change this card (and only this one) from position respecting the card positioning rules (see step 2 and 3).

5.2 External audit –On facilitator

announcement

• The auditors shift of table clockwise. The scenario solution is revealed. The auditor counts and reports the compliance score and the business score

…. And now,

Time to start Interacting

& have fun!

Business Continuity,

prepare and

communicate

Ryan Hirschey, Federal Reserve Bank of New York

What have we discussed during PSF ?

The Federal Reserve of New York approach

Wrap up

Agenda

2012 - Resiliency at SWIFT

2013 - Be Ready for the Unexpected

2014 Cyber attacks

Federal Reserve Approach

3 Areas

Technology Processes People

Evolution of Continuity Planning: Pre 9/11

Technology

• Primary data center in headquarters

• DR site in NYC metro area

Processes

• Annual bank-wide Business Resumption Test to DR site

• Single application DR activation during deployment weekends (functional upgrades)

• Market Infrastructure tests

• SWIFT

• Fedwire

People

• DR site: Limited user space for essential staff

• No regular business line staffing in DR site

Evolution of Continuity Planning: Post 9/11

Technology

• Primary data center relocated

• DR site moved elsewhere in US

Processes

• Semiannual bank-wide Business Resumption Test to DR site

• Single application DR activation during deployment weekends (functional upgrades)

• Market Infrastructure tests

• SWIFT

• Fedwire

People

• DR site: Ongoing split operations

• Shift over time for business lines away from co-location with data centers (geographic dispersion)

Continual Evolution

De-emphasis of treating one site as Primary and another as DR

• Sibling sites with exact same configuration/capabilities

• Importance of latency testing/profiling

• Reducing “chattiness” of app communications across sites

• Use of Latency Profiling tool before new site was operational

Regular app rotations across sites

• Incorporated into Business Resumption Tests

Other Thoughts

Communication

• Establishment of Business Continuity office within Operational Risk Function

• Frequent tests of contingency notification tools

• Recurring tabletop exercises

• Technical Scenarios

• Business Scenarios

Enhancements to Split Operations model

• Use of telecommuting

Importance of Counterpart, Infrastructure Testing

• SWIFT

• OPC Recovery

• Cold Start

Other Thoughts, Continued

Business Continuity must be “baked” into design considerations

• Technology

• Processes

• People

Application and Infrastructure Design

• Establish consistent framework for application architecture and recovery scenarios

• This does not mean one size fits all

• Make technology location transparent to end users

• Test early, test often

• Execute latency, performance, and business recovery testing as part of change management discipline

Other Thoughts, Continued

Intraday Business Activity Matrix (day in life)

• Time of Day

• Business Activity

• Criticality of Activity to Business

• Applications Involved (Internal, External)

Troubleshooting Workflow (detailed)

• Standardized because application architectures are standardized

• Including infrastructure mgt, notification systems

Communications Workflow

• Include business, technical notifications, escalation

• Include decision point for failover

• Include post mortem / lesson learned activities

Process

Resiliency

Recovery

Contingency

Wrap Up

What will you do when back in the office?

What would like us to covernext year ?

Coffee Break

Optimizing your

infrastructure Interactive Workshop

Aravind Baliga, Technical Sales

Bikash Mishra, Service Manager

Goal of this session

Optimize your infrastructure based on specific drivers

Share effective ways to operate and manage your infrastructure

Share how this new setup meets your needs

Agenda

Introduction

(20’)

Optimize and Operate your infrastructure

(30’)

Debrief:

Share your ideas

(20’)

Drivers

Optimization

Business and

Regulations

Resilience

Integration

• Governmental regulations

• Industry regulations

• Sanctions

• Traffic evolution

• Mergers

• STP maximization

• Agility

Business and Regulations

• Capital expenditure

• Leverage operational costs

• Reduce messaging costs

• Optimize billing costs

• Reduce TCO

• Leverage scalability

• Ensure robustness

• Reduce risk

• Implement Best practices

Resilience

•With back office systems

•With AML filtering

•Acquiring and change business

•Change in standards

Integration

Increase your resiliency

Maintenance

Regulations

CostsCapacity planning

Zero down-time

Internal policies

Internal policies Benchmarking

Optimizing your infrastructure

Example: Recovery objectiveR

Recovery Time Objective

(Time to restore service)

Single Site

Active / Standby Setup

Dual Active Setup

Alliance Lifeline

Alliance Access

Database Recovery

InternetOptional: Alliance

Connect

Alliance

Lifeline

Interface MV-SIPN

Connect to SWIFT via

Alliance

LifelineBrowsers

AutoClient

Primary / backup / DR infrastructure

at customer site

Alliance Lifeline

light ‘footprint’

at customer site

Application

When your main SWIFT

connection becomes

unavailable

Example: Recovery objective

Alliance Lifeline

Alliance Access

Embedded Oracle Database

Datafiles Redo Logs

- Native feature

- Based on Industry proven technology

- Recover on another host

- Single command to recover

Database Recovery

Mirror Disk Backup disk

A single command

saa_dbrecovery

DB BackupsAlliance Access

FailureTraffic

In case of DB corruption

Using DB recoveryUp to the last

committed state(*)

Example: Recovery objective

Alliance Access Database Recovery

Health Check

SWIFTNet Online

Operations Manager

Compliance Analytics

Leased Line Usage

ReportOutsourced resources

Availability Reports

Online Operational

Monitoring

Watch Analytics Configuration Browser

Operating and Managing your infrastructure

Example: Reports

Data availability (time)

Availability ReportsLeased LineO2M Watch

When can I expect

peaks ?

Is my traffic well

balanced across

SNLs ?

Is there a

bottleneck ?

Have volumes /

throughputs increased ?

Can I handle more

traffic in my current

setup ?

Example: Reports

Watch reports

Improves operational

efficiency and

quality of your SWIFT

messaging

activity to reduce costs

Online monitoring tool

• Type of traffic (e.g.Fileact)

• Which service

• Which SNL

• The exact pattern

• The concurrent traffic

Example: Reports

Leased line

Resiliency

Integration

Regulations

Your time starts now …

• What was your driver?

• What have you learned?

• Successes

• Challenges

• What is missing?

Debrief

Resiliency

Integration

Regulations

Debrief

Review

OptimizeAssess

A continuous process…

Alliance Interfaces

Portfolio Timeline

Max Ratchkauskas, Head of Integration Services

Agenda Alliance Interfaces release timeline 2015

- Alliance Access

- Alliance Gateway

- Alliance Web Platform

- Alliance Messaging Hub

SWIFT Alliance user community

Release Timeline 2015

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan …. Jul

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

AIX 6.1 TL04 not supported anymore

Alliance Access 7.0.83 - optional

Specific fixes:

• Permission issues with Approval > Dispose Message

• Memory Leak for IPLA

• High CPU usage with RMA & non-ASCII chars

• Throughput reduction due to pop-up alarms

13 Jan 2015

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

Alliance Access 7.1 - optional

• Support for MyStandards

• FileAct payload preview and archive option

Supportability

• SNMP community name

Security

• LDAP/OTP server groups

• TLS support

13 Mar 2015

New versions for ADK modules needed

Operational

• Central deployment package installation

• Less activities in Housekeeping mode

Functionality

• All patches after 7.0.80

Installation

• Can be from scratch

13 Mar 2015

New OS Support

• Windows Server 2012 R2

• Windows 8.1 and IE 11 for AWP GUIs

Integration

• XML without binary structure

13 Mar 2015

• My Standards:

– Proprietary deployment package for messages/templates

13 Mar 2015

• My Standards:

– Show specific fields based on business usage guidelines

13 Mar 2015

MT 103

• My Standards:

– Display less options as per business usage guidelines

13 Mar 2015

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

Alliance Web Platform 7.0.60 - optional

• Admin GUI - Firefox

Supportability enhancements

• Installation

• Command line tools

New OS Support

13 Mar 2015

Only supports Gateway 7.0.25 or higher

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

Alliance Access/Entry 7.1.10 - mandatory

Message Standards

All patches since 7.0.80 (mandatory)

Jul 2015

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

Alliance Gateway 7.0.40 - optional

Admin GUI:

• HSM clean-up w/o PED operations

• HSM certificates enhancements

• Personal certificates on HSM for Web Access services

Security:

• LDAP/OTP server groups

• TLS support

July 2015

Alliance Gateway 7.0.40 - optional

Supportability

Functionality

• Includes CLS (7.0.29)

Installation

• Can be from scratch

New OS Support

• Windows 8.1 and IE 11 for AWP GUIs

July 2015

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

Alliance Access 7.1.15 - optional

• Multi-window

• Monitoring

• Usability

• Custom GUI, etc.

ISO9362:2014 – revised BIC standard support

Improved ISO20022 usability

End Dec 2015

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60SAA/E 7.1.10

SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

Tentative

SAG 7.0.40

Alliance Web Platform 7.0.65 - optional

• Changes to support multi-window (Access GUI packages)

• Any additional changes to support Alliance Access 7.1.15

End Dec 2015

Q1’15 Q2’15 Q3’15 Q4’15 Q1’16

SAA 7.0.83SAA 7.1

AWP 7.0.60

SAG 7.0.40

SAA/E 7.1.10SAA 7.1.15

AWP 7.0.65SAA/E 7.1.20

Released

TentativeAIX 6.1 TL04 not supported anymore

Alliance Access/Entry 7.1.20 - mandatoryJul 2016

Message Standards

All patches since 7.1.10 (mandatory)

SWIFT Alliance FamilyOverview

Key Features

Why Alliance Messaging Hub?

The drivers for choosing AMH?Your FileAct InterAct

solution does not keep up

with your growth

Multi network

integration

Zero downtime

Active/Active

requirements

TCO reduction &

scalable deployment

Performance,

scalability and

throughput

Flexible workflow

management increases

time to market

Aging middleware

replacement

New RTGS

mandates ISO20022

Customer Implementations

• US institution : up-to 600K FIN messages per day

• SWISS Institution : up-to 3 Mil FIN messages per day

• Belgian institution : more than 130,000 files per day

• German institution : files size over 2GB/file

US customer has removed

23 Solaris HW and replaced them all by a global

virtualized environment running AMH

active/active.

Cost saving factor: 8

Rich features bring measurable benefits

managementPowerSearch

Resiliency &

Active/Active

solution

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

AMH Roadmap 2014-2015

Q1’14 Q2’14 Q3’14 Q4’14 Q1’15 Q2’15 Q3’15 Q4’15

Delivered Proposal

AMH 3.3 Rich console for operational management

Enhanced upgrade process

Health reporting

Additional technology refresh (App Server/DB)

SIC4 readiness

AMH 3.1.0.6 FIPSGateway monitoring

Template security

Printing monitoring enhancements

Partitioning health check

AMH 3.2 Power Search

Templates management

Technology refresh (AppServer/DB/Etc.)Standards Release

Standards ReleaseSecom

AMH 3.4 API Network Gateway

Data mining and dashboard

User experience enhancement

Standards ReleaseSIC/Secom

SWIFT FIN & MX

AMH 3.2 Highlights – PowerSearch

Replicate data to non rational DB

Advantage:

• Free text search in payload and history

• Search performance

Currently:

Both DB’s are in sync.

Future use:

Ability to save data for longer periods

observe all your AMH instances

give real-time data

offer alerting on events related to

the system

visualize your AMH configuration in

different views

help guide a user to an issue

AMH 3.3 Highlights – Operational

Dashboard

AMH 3.3 Highlights – Operational Dashboard

Logical Node

Physical Node

Service Status

Connected

Not Connected

Disabled

AMH Instance (DB)

Achieving operational

excellence,

a recipe for success

Richard Sandoval, Chef , Restaurateur, Television personality, Author

Becky Almodovar, Head of Key Client Support and Service Management

Modern Mexican I Pan Latin I Latin Asian I Mexican Fast Casual I Cantina I QSR

Closing Remarks

Wrap Up

Danny Smedley – Managing Director of Customer

Support Americas

Let’s Dine!

Premium Services Forum Americas 2015

Economy & Finance