Slide 1

Risk and Business Continuity

Risk and Business Continuity at SWIFT

Harry NewmanBudapest 14 November 2007

Slide 2 Risk and Business Continuity

Risk and Business Continuity

Community ownership, governance, and involvement in business continuity planning

Technical and operational excellence Assurance and transparency

Slide 3 Risk and Business Continuity

Governance and Oversight

Oversight

Governance

National Bank of Belgium (lead overseer)and G-10 central banks

Board

Board committees

National groups

User groups

SWIFTcommunity

Slide 4 Risk and Business Continuity

Risk and Business Continuity

Community ownership, governance, and involvement in business continuity planning

Technical and operational excellence Assurance and transparency

Slide 5 Risk and Business Continuity

Building the resilient financial infrastructureA co-ordinated approach

SWIFT actions Stronger cyber security and

hardened physical security Staff security procedures

and enhanced vetting Service continuity

improvements Crisis management

Se

curi

ty

Pe

ople

Se

rvic

e co

ntin

uity

Cri

sis

mg

mt

Slide 6 Risk and Business Continuity

Security evolution of SWIFT services

Message Authentication

1977 1991 1995 20031996 2007

RelationshipManagement

BK Paper BK Disc RMA

BK Paper BK Disc PKI HSM

Encryption STEN Cylink VPN Box

Access Control ICC Cards / Card Reader PKI HSM

Increased Security

PKI Keys Disc

Members/Messages

239/15 million

430/365 million

5,272/604 million

5,511/688 million

7,527/2048 million

Slide 7 Risk and Business Continuity

Resilience

Customer OPCs Networks

Customer

SWIFT’sbackbonenetwork

Access networks

Resilience across all dimensions

SWIFT OPCs

Slide 8 Risk and Business Continuity

SWIFT’sbackbonenetwork

SWIFT’sbackbonenetwork

Customer resilience

Mandate highest customer resilience

Service managers perform system and process health-checks

Command centre handles crisis and enforces post-incident improvement actions

Single site

Dual sitesSingle leased lines

Dual sitesand components

Dual sites, componentsand Network Partners

SWIFTSupport Enhanced for 108 Critical Customerssending 75% of global traffic on SWIFTNet

Customer OPCs Networks

SWIFT’sbackbonenetwork

Access networks

SWIFT OPCs

Increased customer resilience

Slide 9 Risk and Business Continuity

Resilient IP Access Network

Multi-vendor IP network managed by SWIFT Risk spread across multiple networks

(AT&T, COLT, Equant, BT Infonet) 6 Backbone Access Points globally for Network

Partners to connect to Swift Customers multiply connected to Swift Secure VPN overlay network Managed service 24x7 monitoring

critical customers are encouraged to use

multiple network partners

Slide 10 Risk and Business Continuity

Swift Backbone Network

Global backbone network Interconnect Swift’s OPCs and Backbone Access

Points Designed for Dual Point of Failure (DPOF) resilience

– Resilience is built into both the backbone and the networks carried over it

– Full capacity for main message flow under dual failure conditions

Multiple carrier trunks using separate cables– Routing of circuits dealt with to the road level to

avoid common points of failure for different carriers

Slide 11 Risk and Business Continuity

Layer 1Day to day resiliency. Multiple connections,

protected sites, built in backup within Operating Centres

Layer 1Day to day resiliency. Multiple connections,

protected sites, built in backup within Operating Centres

Layer 2Intercontinental backup in 30 minutes in the

unlikely event layer 1 fails

Layer 2Intercontinental backup in 30 minutes in the

unlikely event layer 1 fails

Layer 3Disaster Recovery Infrastructure

for the extreme case where layer 2 is not enough

Layer 3Disaster Recovery Infrastructure

for the extreme case where layer 2 is not enough

SWIFT OPC resilienceCustomer OPCs Networks

SWIFT’sbackbonenetwork

Access networks

SWIFT OPCs

Slide 12 Risk and Business Continuity

Crisis management to the next level

SWIFT OPSSWIFT OPS

COMMAND CENTRE

COMMAND CENTRE

SC3SECRETARIAT

SC3SECRETARIAT

SC3SC3

EUROEURO

US DOLLARUS DOLLAR

JAPANESE YEN

JAPANESE YEN

UK POUNDUK POUND

SWISS FRANCSWISS FRANC

Updates

SC3 - SWIFT Crisis Co-ordination and Communication

SWIFT Crisis Management

+OPC(s) resilience

and recovery

Slide 13 Risk and Business Continuity

EMEAAsia Pacific

Americas

Customer support – 24 x 7 x 365

Slide 14 Risk and Business Continuity

FNAO culture at SWIFT

Prevent

Plan

Manage

LearnIncidents

Failure Is Not An Option

Slide 14

Slide 15 Risk and Business Continuity

Recent history of availability results

2007 YTD 2007 YTD Results *Results *

2006 2006 ResultResult

2005 2005 ResultResult

2004 2004 ResultResult

FIN Core ServiceFIN Core Service 99.976% 99.996% 99.999% 99.994%

SWIFTNet Core ServiceSWIFTNet Core Service 99.992% 100% 99.999% 99.994%

Note: During this period, SWIFT resilience prevented availability impact from any natural disasters, including the Taiwan earthquake in December 2006 that caused significant problems for other service providers in Asia.

* Reflects YTD results through May 2007

Slide 16 Risk and Business Continuity

Risk and Business Continuity

Community ownership, governance, and involvement in business continuity planning

Technical and operational excellence Assurance and transparency

Slide 17 Risk and Business Continuity

Assurance and transparencyProviding greater assurance – SAS 70

Slide 18 Risk and Business Continuity

Our vision is to be global financial community's foremost messaging infrastructure that is lowest risk and highest resilience

SWIFT’s on going commitment