'If you give your ID and password to somebody else, how can anybody blame the technology for that problem?'
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a network that enables financial institutions to send and receive information about financial transactions in a secure environment.
Banks send over $327 billion daily via the network's Global Payments Initiative.
It is now foraying into low-value payments, and has settled the integration issues with banks's core banking that the Punjab National Bank fraud in 2017 threw up.
"Given that cybersecurity is such an evolving world, prescriptive guidelines don't remain constant," Kiran Shetty, CEO and regional head of SWIFT (India) and South Asia, tells Raghu Mohan.
What is your pilot project on low-value payments about?
We have been a technology provider to banks over four decades.
We call ourselves the first fin-tech company of the world, because we digitised the entire correspondent banking.
The IT rails in this business were real time, but there were delays and frictions.
The Global Payments Initiative is a tracker on top of this rail.
It offers full visibility to where a payment was at any point in time and on the charges being deducted by each counterparty bank in this journey.
We have over 4,000 institutions that are GPI-enabled.
Over 92 per cent of the payments happen in less than 24 hours, and 40 per cent of them within 30 minutes.
Every day, banks send over $327 billion via GPI.
In 2019 that amounted to $77 trillion, and in 2018, it was $40 trillion.
You offer a platform to banks and the pricing of the transaction on it is decided by them, which becomes transparent to everybody on SWIFT. Is this how it works?
That's correct. The pricing is decided by banks. We want to become a transaction management platform.
We will take away the cost of know-your-customer compliance (KYC).
We'll make the data far richer.
It will be a very interesting journey for banks to gain market share.
And I think banks rightfully own these transactions, because they emanate from their clients.
They are able to provide the same quality of service that somebody else may have provided.
Who is the 'somebody else' you are referring to?
Could be anybody, could be fintechs.
Basically, anybody other than banks that are into the cross-border transactional business.
Like foreign exchange houses and remittance providers.
How different is SWIFT from a Western Union when making a remittance of, say, $5,000?
Western Union owns the transaction and the technology.
SWIFT doesn't own the transaction; it is a technology provided to the banks.
I have a very small cent charge on the transaction.
In the case of Western Union, they decide the pricing.
Their agenda is driven by the profit motive while ours is defined by cooperative motives.
So, that's where the fundamental differentiation is.
You will be surprised to know that Western Union uses SWIFT for their settlement flows.
For example, if they are paying for a transaction in India, and at the end of the day, there are some 10 million transactions that have happened which need to be settled for their agents, this happens through SWIFT through their main bankers.
You can't hold SWIFT on a charge comparison because it's not a service that we price.
We are a tech company; we price the technology to the bank, and they price on top of it.
SWIFT came into the limelight after the Nirav Modi-Mehul Choksi affair at Punjab National Bank. What has materially changed from January 2017?
We saw a number of banks being penalised last year for not incorporating SWIFT into their core-banking solutions as desired.
We were in the news during the PNB issue, but as I mentioned, we are a tech company; we are a rail which powers a transaction.
So, let me say that today you have a net-banking solution that is provided to you by your bank.
Now, if you give your ID and password to somebody else, how can anybody blame the technology for that problem?
And in a situation like this, there is no 'checker-ID' concept.
But assuming you gave your ID and the checker-ID to the bank through somebody else, and he did the transaction with all of those rightful controls, there's no way technology can stop a mess as a result of this.
Have integration and hygiene issues been settled?
We have supplied the rails and it's now your responsibility to take care of it, and all of that.
Now, being a community organisation, we said, while we have nothing to say in terms of what happens in terms of either sharing IDs and passwords or not integrating, but that's a role that we could play.
This is because we need to get more and more progressive.
And so, let us mandate the conditions to connect SWIFT into your network.
We came up with both mandatory and prescriptive guidelines.
And given that cybersecurity is such an evolving world, we say that those prescriptive guidelines don't remain constant.
Every year, we are changing those guidelines. So, as I speak with you, we have 21 mandatory guidelines to connect with SWIFT, and another 10 or 11 that are prescriptive in nature.