SWIFTNet PKI

Service Description

This service description describes the features and functions of the SWIFTNet PKI service, and the roles and
responsibilities of SWIFT and the customer regarding SWIFTNet PKI. This document is for any customers who use or
intend to use SWIFTNet PKI.

18 March 2021

Link to this document: [Link]

SWIFTNet PKI Table of Contents
Service Description

Table of Contents

Preface............................................................................................................................................................... 4

Significant Changes..........................................................................................................................................5

1 Overview...................................................................................................................................................6
1.1 Scope.......................................................................................................................................................6
1.2 Eligibility...................................................................................................................................................6

2 SWIFTNet PKI Components....................................................................................................................7

2.1 Components that SWIFT Manages......................................................................................................... 7
2.2 Components that Customers Manage..................................................................................................... 9
2.3 Definitions..............................................................................................................................................10

3 Set-Up of the Service.............................................................................................................................11

3.1 Customer Registration........................................................................................................................... 11
3.2 Security Officer Registration.................................................................................................................. 11
3.3 Online Security Administration...............................................................................................................13
3.4 Offline Security Administration...............................................................................................................14
3.5 Termination............................................................................................................................................ 15

4 Features and Functions........................................................................................................................ 16

4.1 Digital Identities..................................................................................................................................... 16
4.2 Management of Digital Identities........................................................................................................... 30
4.3 Usage of Digital Identities......................................................................................................................42

5 Roles and Responsibilities...................................................................................................................46

5.1 Customer Roles.....................................................................................................................................46
5.2 Customer Responsibilities..................................................................................................................... 50
5.3 SWIFT Roles......................................................................................................................................... 55
5.4 SWIFT Responsibilities..........................................................................................................................56

6 Ordering and Support........................................................................................................................... 58

6.1 Ordering.................................................................................................................................................58
6.2 Export and Import Restrictions.............................................................................................................. 58
6.3 Support.................................................................................................................................................. 58

7 SWIFT Training...................................................................................................................................... 60

18 March 2021 2
SWIFTNet PKI Table of Contents
Service Description

8 Contractual Framework........................................................................................................................ 61

Legal Notices................................................................................................................................................... 62

18 March 2021 3
SWIFTNet PKI Preface
Service Description

Preface
Purpose of this document
This service description describes the features and functions of SWIFTNet PKI, and the roles and
responsibilities of SWIFT and the customer.
Note This service description, together with other applicable SWIFT contractual
documentation (typically, the SWIFT General Terms and Conditions), is an integral
part of the contractual arrangements between SWIFT and its customers for the
provision and the use of SWIFTNet PKI.

Audience
SWIFT intends this document for any customers who use or plan to use SWIFTNet PKI.

SWIFT-defined terms
In the context of SWIFT documentation, certain terms have a specific meaning. These terms are
called SWIFT-defined terms (for example, customer, user, or SWIFT services and products).
The definitions of SWIFT-defined terms appear in the SWIFT Glossary.

Related documentation
• FIN Service Description
• Price List for SWIFT Messaging and Solutions
• Pricing and Invoicing - Ordering, Invoicing, and Payment
• SWIFT Certificate Centre - Getting Started with your Personal Token
• SWIFT By-laws
• SWIFT Corporate Rules
• SWIFT Data Retrieval Policy
• SWIFT General Terms and Conditions
• SWIFT Glossary
• SWIFT Personal Data Protection Policy
• SWIFTNet Online Operations Manager User Guide
• SWIFTNet PKI Certificate Administration Guide
• SWIFTNet Service Description
Note Customers can find the latest version of most of these documents at Knowledge
Centre (User Handbook). For more information, customers can contact a SWIFT
commercial manager.

18 March 2021 4
SWIFTNet PKI Significant Changes
Service Description

Significant Changes
The following tables list the significant changes to this guide since the release of December 2018.
These tables do not include editorial changes that SWIFT may have made to improve the usability
and comprehension of the document.

Updated information Location

Clarifications on the use of personal HSM

Personal HSM Certificates on page 18
certificates

Customer responsibilities in respect of the Root Responsibility for Activation Secrets, Certificates, and
Key Renewal (RKR) initiative. Private Keys on page 51

Terminology updates and inclusion of

information related to Alliance Gateway Instant Throughout the document
certificates

18 March 2021 5
SWIFTNet PKI Overview
Service Description

1 Overview

1.1 Scope
SWIFTNet PKI is designed to enable customers to securely exchange information in the following
way:
• The customer signs data that is sent using SWIFT messaging services.
• The receiver authenticates the signer and verifies the integrity of the received data.
SWIFTNet PKI offers certification services which enable a customer to request the issuance of
certificates in respect of specific entities such as individuals or applications under its responsibility
and thereby enabling these entities to securely exchange information (using SWIFT messaging
services).
SWIFTNet PKI also provides directory services that can store certificates and revocation
information, used to verify the SWIFTNet PKI signature and certificate validity.
Unless otherwise expressly permitted in the applicable contractual documentation, SWIFTNet PKI
must be used in conjunction with SWIFT messaging services only. For details on how SWIFTNet
PKI secures the use of SWIFT messaging services, see the relevant service description such as
the FIN Service Description and the SWIFTNet Service Description.
In some cases, SWIFTNet PKI can also be used to sign business data contained in the message
payload that is transported using a SWIFT messaging service. This service description contains
details on how SWIFTNet PKI can be used in this context.

1.2 Eligibility
Unless otherwise expressly permitted in the applicable contractual documentation, SWIFTNet PKI
is available to customers to secure the use of SWIFT messaging services only.

18 March 2021 6
SWIFTNet PKI SWIFTNet PKI Components
Service Description

2 SWIFTNet PKI Components

SWIFTNet PKI contains several components, explained in the subsequent diagram and sections.

Components for issuing and administering SWIFTNet PKI certificates

Security officer
SWIFT
Offline administration Secure SWIFT Customer Support Centre
(backup channel) Channel
HSM
SWIFTNet Registration Authority
Administers entities and Online administration SWIFTNet Registers customers per 8-character
their certificates and roles (main channel) Online BIC
Operations Registers the first two security
Manager officers
Token end user
Processes security officer
requests to register and manage
customer entities

SWIFT SWIFTNet Certification Authority

Manages its token Certificate
Centre Issues certificates

Maintains the Certificate Revocation

InterAct, FileAct or List (CRL)
Browser end user

SWIFTNet Directory
SNL

The local footprint (such as SNL or

AGI) supports communication with the
SWIFTNet Certification Authority
SWIFT
(for certification) and the
SWIFTNet Directory

D0710013
(during signature verification)

2.1 Components that SWIFT Manages

SWIFTNet Registration Authority
The SWIFTNet Registration Authority (RA) is a SWIFT system that performs the following tasks for
the customer (8-character BIC):
• registers the first two security officers of the customer
• creates the customer's PKI subdomain within the SWIFTNet Directory
• puts the subdomain under security officer control of the customer
• handles security officer requests for customer entity registration, certification, revocation,
recovery, disablement and deletion

SWIFTNet Certification Authority

The SWIFTNet Certification Authority (CA) is a SWIFT system that performs the following tasks for
the customer (8-character BIC):
• processes customer requests to issue certificates for entities under the customer's responsibility
• uploads the certificates in the customer's PKI subdomain into the SWIFTNet Directory
• updates the Certificate Revocation Lists in the SWIFTNet Directory when certificates are
revoked
• periodically refreshes the Certificate Revocation Lists in the SWIFTNet Directory

18 March 2021 7
SWIFTNet PKI SWIFTNet PKI Components
Service Description

SWIFTNet Directory
The SWIFTNet Directory is a centralised X.500 directory of entities that stores the certificates and
Certificate Revocation Lists that the SWIFTNet Certification Authority issues. The SWIFTNet
Directory identifies an entity by its Distinguished Name (DN).
The entities are available to security officers who use the Local Registration Application through the
SWIFTNet Online Operations Manager to manage them. The certificates and Certificate
Revocation Lists are available to the customer's SWIFTNet interface (for example, Alliance
Gateway).

Local Registration Application

Security officers use the Local Registration Application to perform online management of the
entities of the customer and the associated certificates. The SWIFTNet Online Operations Manager
includes the Local Registration Application functionality. Other interfaces may provide Local
Registration Application functions.
Security officers use the Local Registration Application to send, to the SWIFTNet Registration
Authority, the following requests with regard to the customer's entities:
• request the registration of an entity and set it up for first-time certification
• revoke an entity's certificates, for example, if keys and passwords are compromised
• disable an entity
• delete an entity that has been disabled and whose certificates have been revoked
• set up an entity for recovery, for example, in case of lost or compromised keys or passwords

Role-Based Access Control application

Security officers use the Role-Based Access Control (RBAC) application to perform online
management of the roles associated to a customer's entity. The SWIFTNet Online Operations
Manager includes the RBAC application functionality. Other interfaces may provide RBAC
functions. Security officers use the RBAC application to assign roles to, or to remove roles from, an
entity.

SWIFTNet Online Operations Manager

The SWIFTNet Online Operations Manager is an application that is designed to enable online
security officers to manage the customer entities and associated certificates and to delegate RBAC
roles through a SWIFT-managed SWIFT WebAccess service.
For more information, see the SWIFTNet Online Operations Manager User Guide.

Secure Channel
Secure Channel is SWIFT's central application that is designed to enable offline security officers to
submit offline interventions for managing SWIFTNet PKI certificates, when the SWIFTNet Online
Operations Manager cannot be used. Offline security officers are registered in Secure Channel and
receive a secure code card to authenticate requests.
For more information, see the Secure Channel User Guide.

SWIFT Certificate Centre

The SWIFT Certificate Centre is a portal that is designed to permit end users of personal tokens to
manage their token and the PKI credentials stored on it. For example, the portal enables end users
to activate tokens, change their passwords, or renew their certificates.

18 March 2021 8
SWIFTNet PKI SWIFTNet PKI Components
Service Description

2.2 Components that Customers Manage

Customer responsibility
Customers are responsible for ensuring that they have access (as required) to the SWIFT
components listed in Components that SWIFT Manages on page 7.

PKI subdomain
The customer's subscription to SWIFTNet PKI is automatic once the customer (per 8-character
BIC) subscribes to a SWIFT messaging service for the first time. At the time of subscription, SWIFT
creates a PKI subdomain in the SWIFTNet Directory under the 8-character BIC of the customer.
The SWIFTNet PKI subdomain is an area in the SWIFTNet Directory reserved for the customer. It
is identified by a directory tree root based on the institution DN (which always includes the 8-
character BIC of the customer) and contains all of the registered DNs of the entities under the
customer's responsibility.
The security officers of the customer can request the registration of entities and request the
issuance of certificates in respect of specific customer entities. They can also administer
certificates and keys in the PKI subdomain of the customer. The SWIFTNet Certification Authority
stores the certificates in the SWIFTNet Directory.
Security officers
A customer appoints security officers to manage its customer entities and certificates per 8-
character BIC. SWIFT registers the first two security officers of the customer per 8-character BIC
as part of the registration process. These security officers can request the registration and
issuance of certificates for additional security officers of the customer if necessary.

Mandatory software footprint

SWIFTNet Link (SNL) and Alliance Gateway Instant (AGI) are the mandatory software products for
access to messaging services over the secure IP network. SNL and AGI certificates are used to
secure the messaging layer.
SNL and AGI include the Key Management Application that performs the following tasks:
• generates the signing key pair
• requests certification from the SWIFTNet Certification Authority
• manages passwords
• reports on certificates and certificate expiry
• reports on the security profile parameters
SNL and AGI automatically download certificates from the SWIFTNet Directory to verify the
signatures on incoming messages. SNL and AGI also download the Certificate Revocation List to
validate the downloaded certificates before use.

Hardware Security Modules

Hardware Security Modules (HSMs) are tamper-resistant devices that customers use to safestore
their SWIFTNet PKI private keys. The keys are generated inside the HSM and stored encrypted on
this device. The HSM performs sensitive cryptographic operations such as signing the data that is
sent over SWIFTNet. Access and use of the HSM is through SWIFTNet Link (SNL) or Alliance
Gateway Instant (AGI).

18 March 2021 9
SWIFTNet PKI SWIFTNet PKI Components
Service Description

2.3 Definitions
Entity: An entity is an end node in the SWIFTNet Directory that is identified with a Distinguished
Name (DN), and either has a certificate or is set up for certification.
Agent: An individual responsible for managing the certificates and the private keys of an entity
where such entity is not itself a named individual, for example :
• an application or system
• an organisational unit or department
• a function, represented by an anonymous individual such as an end user or a security officer
• a service
Agents are appointed (and have their appointment terminated) by the customer directly through its
security officers.
In a SWIFT WebAccess service, a customer entity can represent:
• a web browser
• a web server

18 March 2021 10
SWIFTNet PKI Set-Up of the Service
Service Description

3 Set-Up of the Service

3.1 Customer Registration

Overview
The SWIFTNet naming scheme integrates the ISO 9362 business identifier code (BIC). This
scheme identifies customers and the entities under their responsibility on a broader and more
flexible technical standard (that is, the X.500-compliant Distinguished Name [DN]).

SWIFTNet naming scheme

SWIFT uses the SWIFTNet naming scheme to create the following:
• correspondent names to identify senders and receivers in message addresses and instructions
for routing the messages
• certificate names to identify customer entities for which SWIFT has issued certificates within the
SWIFTNet Public Key Infrastructure (PKI)
A typical SWIFTNet message carries both the correspondent name and the certificate name
identifier. SWIFT assigns the institution DN to the customer (per 8-character BIC), if that customer
subscribes to one of the SWIFT messaging services. The institution DN includes the BIC of the
customer, and serves as the root for the SWIFTNet PKI subdomain of the customer. This
subdomain contains all of the registered names (called Distinguished Names [DNs]) of the
customer and customer entities.
The registered DNs of entities defined in the customer's subdomain consist of two parts:
• the institution DN: o=bankabcd,o=swift or o=bankabcd,c=ww
• the entity-specific part of the DN, which is placed hierarchically under one of the institution DNs
(for example, cn=john-doe,o=bankabcd,o=swift)

3.2 Security Officer Registration

Customers must appoint at least two security officers as their authorised representatives to do the
following (without limitation):
• register other entities of the customer
• administer keys and certificates for the customer's registered entities
• communicate with SWIFT about SWIFTNet PKI matters

3.2.1 Own Security Officers

Security officer categories
There are two categories of security officers:
• Security officers who can administer the customer entities, certificates and roles online (through
the SWIFTNet Online Operations Manager).
• Security officers who can request some SWIFTNet PKI changes through a second, offline
channel (that is, Secure Channel) when the SWIFTNet Online Operations Manager cannot be
used.

18 March 2021 11
SWIFTNet PKI Set-Up of the Service
Service Description

SWIFT registers the first two security officers with both online and offline capabilities. The security
officers can subsequently register additional security officers of each category.
Note Note that shared security officers belong to the category of security officer that can
contact SWIFT offline and online.
For more information about online and offline capabilities, see Online and offline capabilities on
page 47. For information about online and offline administration, see Online Security
Administration on page 13 and Offline Security Administration on page 14.

Security officer registration

The first two security officers of the customer that SWIFT registers (see Designation of the first two
security officers on page 12) receive both online and offline certificate administration capabilities.
Afterwards, security officers of the customer can register additional security officers online (through
the SWIFTNet Online Operations Manager) or additional security officers offline with SWIFT
(through the Secure Channel).
Security officers who have been registered online can administer certificates online (through the
SWIFTNet Online Operations Manager). Security officers who have been registered offline with
SWIFT require access to the Secure Channel to perform certificate administration. To be registered
as an offline security officer, the security officer must first obtain an account on [Link] and
then any existing offline security officer can grant him the security officer role.
For information about how to register security officers, see the SWIFTNet PKI Certificate
Administration Guide. For information about how to register for and use the Secure Channel, see
the Secure Channel User Guide.
Note When online security officers cease to act in that role, the remaining security officers
must disable the corresponding entities online (through the SWIFTNet Online
Operations Manager). When offline security officers cease to act in that role, the
remaining offline security officers must update their role through the SWIFT Secure
Channel on [Link] > Support > Secure Channel.

Designation of the first two security officers

The customer must provide the identification details of its first two security officers using typically
the online ordering form at Join SWIFT. The first two security officers must then sign a paper
version of the form, together with a duly authorised customer representative.
To update the identification details of the first two security officers, customers must use the Secure
Channel.

3.2.2 Shared Security Officers

Description
Instead of appointing its own security officers, a customer (the administered institution) may decide
to appoint the security officers of another customer (the administering institution) to act as its duly
authorised security officers. The so appointed security officers are referred to as shared security
officers responsible for managing, on behalf of the administered institution, the customer entities
and certificates of the administered institution (per 8-character BIC).
Shared security officers can contact SWIFT for security matters in offline mode. They can
administer security online through the SWIFTNet Online Operations Manager for all the
subdomains of the customers who have appointed these shared security officers.

18 March 2021 12
SWIFTNet PKI Set-Up of the Service
Service Description

Shared security officer registration

For information about how to register shared security officers, see the SWIFTNet PKI Certificate
Administration Guide.

Authentication of shared security officers' identities

This procedure is identical to that in Own Security Officers on page 11.

3.3 Online Security Administration

Setting up for online security administration
Once the customer has registered the first two security officers, the prerequisites for SWIFT to
provide online administration depend on where the credentials are stored:
• HSM box or SNL-connected token
- The customer must have access to a SWIFTNet connection.
- The customer must have access to a SWIFTNet Link.
- For the SWIFTNet Online Operations Manager, the customer must have access to Alliance
Web Platform.
• Personal token
For customers connecting with a personal token that has been activated and initialised by the
security officer, there are no prerequisites to access the SWIFTNet Online Operations Manager.
They can access the SWIFTNet Online Operations Manager through the secure IP network
(SIPN) or through the Internet.

Using the online administration

Once the security officers have generated their keys and have certified themselves with the
SWIFTNet Certification Authority, they can start to use the online administration (the SWIFTNet
Online Operations Manager) to administer the entities, the certificates, and the roles in the
customer subdomain(s) for which they have been appointed.
SWIFT logs, authenticates, and validates all security officer requests.
SWIFT validates the following:
• that the security officer has a role that relates to CertificateAdministration or Delegator
• that the security officer has a valid business certificate
• that the entity belongs to the customer subdomain
• that the security officer has authority over the customer entity concerned
• that the entity's certificate is in a life cycle state that corresponds to the requested action

Requirements for agents

Agents do not have to be certified to certify and recover customer entities. They obtain (from the
security officer) and use the activation secrets that correspond to the entity that they need to certify
or recover.
It is the proprietary protocols over SWIFTNet, rather than SWIFTNet messaging, that support
agents' certification and recovery actions.
When agents perform these certification and recovery actions, SWIFT archives the records that
relate to entity status changes.

18 March 2021 13
SWIFTNet PKI Set-Up of the Service
Service Description

3.4 Offline Security Administration

When online security administration cannot be used
To minimise the security risks due to the unavailability of the online administration, SWIFT provides
a back-up offline facility to manage certificates.
Security officers perform offline administration by submitting an offline intervention request to
SWIFT through the SWIFT Secure Channel.
The following are examples of situations in which a security officer must submit an offline
intervention:
• the SWIFTNet Online Operations Manager is not operational and a customer entity must be
managed urgently
• no online security officers are available (for example, if security officers have simultaneously lost
their passwords or certificates, or their certificates have expired)
• the activation secrets of the first two security officers have expired
• no security officers have signed on for a period that exceeds the certificate and key renewal
period (see Certificate and Key Renewal on page 33)
Note If the situation is urgent, then an offline security officer must submit an offline
intervention request to SWIFT to restore normal operations. A charge may apply (for
details, see the Price List for SWIFT Messaging and Solutions).
Security officers can request offline interventions to perform the following tasks:
• revoke certificates
• recover entities
• disable entities
• reissue activation secrets
• manage communication footprint (Alliance Gateway Instant/SWIFTNet Link) instance
certificates
For more information about offline administration, see the SWIFTNet PKI Certificate Administration
Guide

SWIFT Secure Channel

The SWIFT Secure Channel is an application that is designed to permit security officers to submit
and manage offline interventions, and to manage security profiles (change, terminate, or add
SWIFTNet security officers for the offline role). Requests are made to SWIFT Customer Security
Management through [Link] > Ordering & Support. Security officers must be granted
access to the Secure Channel application by customer's [Link] administrator and must receive
from SWIFT a secure code card to authenticate requests. For more information, see the Secure
Channel User Guide.

Security officer authentication for offline requests

If a security officer submits an offline intervention request through the SWIFT Secure Channel, then
SWIFT authenticates the security officer through the use of a login and password on
[Link], in combination with a one-time password from a personal secure code card.
A security officer who cannot use the Secure Channel for any reason must contact the SWIFT
Customer Support Centre.

18 March 2021 14
SWIFTNet PKI Set-Up of the Service
Service Description

3.5 Termination
Customer termination
To help prevent the misuse of obsolete certificates and private keys, the SWIFTNet Registration
Authority revokes the certificates and disables the entities of customers who cease to use
messaging services.

Confirmation of termination
When a customer has been deactivated, the SWIFTNet Registration Authority confirms by e-mail,
to two contact persons of the deactivated customer, that it has revoked all current certificates and
disabled the corresponding entities.

18 March 2021 15
SWIFTNet PKI Features and Functions
Service Description

4 Features and Functions

4.1 Digital Identities

4.1.1 Certificates

[Link] Format
The SWIFTNet PKI certificates conform to the X.509 format, and contain the following information:
• the identification of the customer and its entities in the form of the Distinguished Name (DN)
• the certificate version
• the serial number identifying uniquely the certificate issued by the SWIFTNet Certification
Authority
• the identification of the SWIFTNet Certification Authority
• the public key and cryptographic algorithm identifier
• the certificate validity period (issuance and expiry date)
• the certificate purpose, for example, digital signing or encryption
• the SWIFTNet Certification Authority signature
• a Policy ID

[Link] Types and Uses

[Link].1 Test and Production Certificates

The integration testbed (ITB) environment and the SWIFTNet production environment are separate
network environments, each of which has its own SWIFTNet Certification Authority.
While the integration testbed environment is for testing only, the production environment can host
services in both test and live modes.
To enforce the separation of the production and the integration testbed environments, SWIFT
issues integration testbed certificates that are not valid in the production environment, and
production certificates that are not valid in the integration testbed environment.

[Link].2 Business Certificates

Description
Business certificates provide SWIFTNet customers with a strong level of authentication and non-
repudiation.
Customers also use this class of digital certificate to communicate with SWIFT about updates to
customer profiles. SWIFT also issues security officers with business certificates.
The customer must ensure that business certificates are used only by the identified entities, and
that the related private keys and passwords remain private at all times.
SWIFTNet Link and Alliance Gateway Instant (AGI) retrieve the certificates from the SWIFTNet
Directory when necessary, and when these certificates are not available in the local cache memory.

18 March 2021 16
SWIFTNet PKI Features and Functions
Service Description

Policy IDs
The Policy ID uniquely identifies a business certificate, as follows:
• The Policy ID that SWIFT has allocated to business certificates that must be stored on
Hardware Security Modules (HSMs) is [Link].2
A customer must use certificates stored on a Hardware Security Module (HSM) and carrying
Policy ID [Link].2 to sign live traffic.
• The Policy ID that SWIFT has allocated to business on disk certificates, that is, certificates
stored on disk, is [Link].1 (for integration testbed environment only).

[Link].3 Lite Certificates

Description
Lite certificates have a Policy ID with the following value: [Link].[Link]
Lite certificates can only be used to sign traffic sent on pilot (Test and Training) services. These
certificates have a lower level of requirements for key protection and offer a lower level of trust than
business certificates.

Equal cryptographic strength

Although the policy that protects the private keys and passwords for business certificates is
stronger than the policy that protects lite certificates, the cryptographic strength of business and lite
certificates is equal.

[Link].4 Channel Certificates

A channel certificate is an encrypted, disk-based profile file that provides a means for SWIFT to
authenticate the identity of an application, or to secure the connection between a client application
and the SWIFT servers.
Note The Policy ID for channel certificates is [Link].[Link]
Related information
Alliance Lite2 Administration Guide
Alliance Remote Gateway Implementation Guide

[Link].5 Encryption Certificates

SWIFT issues managed certificates (that is, certificates that can be revoked, recovered, renewed,
and disabled) to assist customers to manage the security risk related to encryption keys.
SWIFTNet Link (SNL) and Alliance Gateway Instant (AGI) cryptographic modules use these
managed certificates. A business or lite entity always receives two certificates: one for encryption
and one for signature verification.
Encryption certificates have a Policy ID with the following value: [Link].[Link]

[Link].6 Personal Token Certificates

The personal token certificate identifies the end user entity in addition to the 8-character BIC of the
(associated) customer. The Distinguished Name (DN) must include the name of the end user in the
format cn=firstname-lastname, thereby referencing the identity of the end user based on the
customer's SWIFTNet PKI security officer registration.

18 March 2021 17
SWIFTNet PKI Features and Functions
Service Description

The security officer registers the DN and sets it up for certification through the SWIFTNet Online
Operations Manager, and then retrieves the activation code.
To obtain the certificate, the end user, using a personal token, must access the SWIFT Certificate
Centre (a web-based certificate administration portal) with the activation code provided by the
security officer. The personal token is then ready for use.
Policy ID [Link].[Link] identifies the signature verification certificate stored on the personal
token.
For more information about personal tokens, see the SWIFT Certificate Centre - Getting Started
with your Personal Token guide.

[Link].7 Personal HSM Certificates

Description
The personal HSM certificate identifies an individual owning a certificate that is stored in an HSM
box for use on SWIFT WebAccess services. Personal HSM certificates cannot be stored on a
token.
Like for personal token certificates, the Distinguished Name (DN) must include the name of the end
user in the format cn=firstname-lastname, thereby referencing the identity of the end user based
on the customer's SWIFTNet PKI security officer registration.
The security officer must ensure that the DN includes the certificate holder's verified personal
identity (cn=firstname-lastname).
This type of certificate cannot have an anonymous DN, it cannot be shared, transferred, or re-
assigned between different end users. It can be associated with one virtual SWIFTNet user but
cannot be used in a relaxed mode.
The security officer registers the DN and sets it up for certification through the SWIFTNet Online
Operations Manager, and then retrieves the initial secrets. To obtain the certificate, the Alliance
Gateway operator or administrator certifies the DN in the Alliance Gateway using the activation
code provided by the security officer.
For more information about the registration and management of personal HSM certificates, see the
SWIFTNet Online Operations Manager User Guide and the Alliance Gateway Administration and
Operations Guide.

Alliance Gateway draft mode

To ensure that end users keep exclusive control over the set-up and the management of their
certificates, and to mitigate the risk of SWIFTNet identity impersonation during these processes,
only end users should know their certificate password at any point in time. SWIFT recommends
that security officers distribute the initial secrets in such a way that the certificate is set up and
managed in Alliance Gateway using the draft mode. Within this draft mode, the certificate is pre-
certified or pre-recovered by an Alliance Gateway operator or administrator but only the end user
can complete the certification or recovery process and set the certificate password.
For more information about the Alliance Gateway draft mode, see the Alliance Gateway
Administration and Operations Guide.

Policy ID
Personal HSM certificates have a Policy ID with the following value: [Link].[Link]

18 March 2021 18
SWIFTNet PKI Features and Functions
Service Description

[Link].8 Communication Footprint (AGI/SNL) Instance and TLS Certificates

Each communication footprint uses multiple certificate types for different connections and traffic
channels. These certificates include communication footprint (AGI/SNL) instance certificates and
AGI/SNL TLS (connection to SWIFT) certificates.

Communication footprint (AGI/SNL) instance certificates

Each communication footprint (AGI/SNL) has its own instance certificate. It permits SWIFT to
authenticate the customer's communication footprint.
The SNL instance certificate is created during SNL installation. The AGI instance certificate is
created during the AGI configuration.
Note The Policy ID for communication footprint (AGI/SNL) instance certificates is
[Link].[Link]

SNL TLS (connection to SWIFT) certificates

SWIFTNet Link uses a TLS (connection to SWIFT) certificate to establish the authenticity of an
HTTPS connection to SWIFTNet. This connection provides a secure tunnel for HTTP traffic, such
as MI Channel and FileAct.
SWIFTNet Link creates and stores a TLS (connection to SWIFT) certificate automatically during a
startup operation.
The SNL TLS (connection to SWIFT) certificate has a renewal period that begins 90 days before
the expiration date. The certificate renews automatically during a SWIFTNet Link startup operation,
so long as the certificate is in the renewal period.
Note The Policy ID for SNL TLS (connection to SWIFT) certificates is
[Link].[Link]

AGI TLS (connection to SWIFT) certificates

Alliance Gateway Instant (AGI) uses a TLS (connection to SWIFT) certificate to establish the
authenticity of an HTTPS connection to SWIFTNet. This connection provides a secure tunnel for
HTTP traffic.
The AGI TLS (connection to SWIFT) certificate is created during the AGI configuration.
The AGI TLS (connection to SWIFT) certificate has a renewal period that begins 90 days before
the expiration date. The certificate renews automatically during normal operations, so long as the
certificate is in the renewal period. After certificate renewal, the AGI must be refreshed or restarted
to start using the new certificate.
Note The Policy ID for AGI TLS (connection to SWIFT) certificates is
[Link].[Link]

SWIFTNet Online Operations Manager

The SWIFTNet Online Operations Manager enables security officers to set up their communication
footprint (AGI/SNL) instance certificates for online recovery without the intervention of SWIFT.
Alternatively, customers can request SWIFT to manage their communication footprint (AGI/SNL)
instance certificates through offline intervention.

Related information
SWIFTNet Online Operations Manager User Guide
Configuration and Operations Guide for MI Channel Using Alliance Gateway and SWIFTNet Link

18 March 2021 19
SWIFTNet PKI Features and Functions
Service Description

[Link].9 Web Certificates

Separate SWIFTNet Directory trees

For technical reasons, SWIFT defines entities that use business, lite, or personal token certificates
in one SWIFTNet Directory tree, and entities that use web certificates in a different logical
SWIFTNet Directory tree. Each of these trees has its own root (o=swift for one and c=ww for the
other).

Web certificates
Web certificates are intended for establishing a secure session between each browser and a web
server. They are not intended for signing SWIFT messaging traffic.
SWIFT only supports limited management functions for the web certificates. For example, web
certificates cannot be renewed but must be recovered upon expiry. The revocation status of web
certificates is not checked when the certificate is used to establish a secure session with the web
server. Unlike the business and lite certificates, it is the standard web browsers that use the web
certificates.
In addition to local storage in the web server, SWIFT stores the web certificates centrally in the
SWIFTNet Directory.
If a web certificate expires, then the security officer must obtain a new certificate. Web certificates
expire after 2 years.
There are different types of web certificates:
• Web server: identified by Policy ID [Link].[Link]
• Web client: identified by Policy ID [Link].[Link]

[Link].10 The SWIFTNet Certification Authority Certificate

Storage and use

The SWIFTNet Certification Authority certificate is delivered securely to the key storage device
during the certification of a customer entity (with the exclusion of unmanaged or web category
certificates). This certificate is used every time a correspondent's certificate has to be validated,
see Usage of Digital Identities on page 42.

Revocation
In very exceptional circumstances, SWIFT can decide to revoke the SWIFTNet Certification
Authority certificate. In such cases, SWIFT informs the customer and reissues certificates to all
affected entities.

[Link].11 Certificate Usage Summary

SWIFTNet PKI certificates may not be used for purposes other than to access and to secure the
use of SWIFT messaging services, and as further specified in the following table.

18 March 2021 20
SWIFTNet PKI Features and Functions
Service Description

Permitted certificate usage

Usage Certificate type Policy ID Managed Storage

Authentication business [Link].2 yes HSM

and signature of
live traffic or data
Signature of live
traffic

Authentication lite [Link].[Link] yes HSM or on disk

and signature of
pilot/test traffic or business on disk [Link].1(1) yes on disk
data
Signature of test business [Link].2 yes HSM
traffic

TLS session web server [Link].[Link] no on disk

establishment
web client [Link].[Link] no on disk

TLS (connection [Link].[Link] no on disk

to SWIFT)

End user personal token [Link].[Link] no on token

authentication and
signature personal HSM [Link].[Link] no HSM

Application channel certificate [Link].[Link] no on disk

authentication and
signature

Alliance Gateway communication [Link].[Link] yes on disk

Instant or footprint (AGI/
SWIFTNet Link SNL) instance
authentication

Traffic encryption encryption [Link].[Link] yes HSM or on disk

(1) This certificate is for integration testbed (ITB) environment only and cannot be used to sign live traffic.

[Link] Certificate Expiry

Certificates expire 24 months after issuance. SWIFT does not notify customers of the expiry of the
certificates. Security officers can request reports on expiring certificates through the SWIFTNet
Online Operations Manager. It is the customer's responsibility to set up these reports and to ensure
its certificates are renewed before they expire.
Validity of certificates

Certificate Expires

Business and lite certificate 24 months after issuance

18 March 2021 21
SWIFTNet PKI Features and Functions
Service Description

Certificate Expires

Encryption certificate 24 months after issuance

Personal HSM certificate 24 months after issuance

Personal token certificate 24 months after issuance

Web certificate 24 months after issuance

[Link] Certificate Revocation List

The Certificate Revocation List is a signed list of the serial numbers of all unexpired certificates
revoked by the security officers of the customer who owns the certificates or, as the case may be,
by SWIFT. The SWIFTNet Certification Authority publishes the Certificate Revocation List in the
SWIFTNet Directory and it is available to all SWIFTNet PKI customers. The Certificate Revocation
Lists are updated after each certificate revocation process.
For more information about certificate revocation, see Certificate Revocation on page 34.
For business certificates, SWIFT retains in the SWIFTNet Directory all the verification certificates,
and the revocation information related to those certificates, which is contained in Certificate
Revocation Lists, for at least 6 months after the expiry of each certificate's private key validity
period.

4.1.2 Keys

[Link] Business and Lite Keys

Simultaneous key issue for signing and encryption
With the business and lite certificates, two key pairs are generated simultaneously, before
certification. One key is for signing and the other is for encryption. These keys are generated
regardless of whether the customer applies signing and encryption. Both key pairs have related
certificates.

Features of a public key

The following features apply to public keys:
• SWIFT includes the public key in the certificate
• SWIFT publishes the certificate in the SWIFTNet Directory
• the customer's correspondents use the public key

Signing key pair

The signing key pair consists of the private signing key and the public verification key.

Encryption key pair

The encryption key pair consists of the private decryption key and the public encryption key. When
stored on Hardware Security Modules (HSMs), a history of three decryption keys is kept.

18 March 2021 22
SWIFTNet PKI Features and Functions
Service Description

Storage
Customers must store business keys on HSMs. If customers generate these keys on Alliance
Gateway, or on interfaces that vendors other than SWIFT provide, then customers must store the
keys on one or more HSMs. For pilot or test traffic, customers can store them on HSMs or on hard
disk. SWIFT includes the public keys in the certificates, and stores them centrally in the SWIFTNet
Directory.

Key length
All keys used to sign live traffic exchanged between customers are 2048 bits long.

Validity periods
The following table specifies the validity periods for private keys and certificates.

Key Expires

Business and lite private signing key 18 months after key generation

Business and lite public signature verification key 24 months after key generation

Private decryption key does not expire

Public encryption key 24 months after key generation

Rules that apply to a private key

Customers must keep confidential at all times the private keys and passwords that correspond to a
business certificate, and must ensure that entities and agents do not share these keys and
passwords.
Note A customer can share within its own subdomain the passwords and private keys that
correspond to lite certificates.

[Link] Web Keys

Definition
SWIFT issues one web certificate for each certification. The web certificate has one related key
pair. The key pair consists of the private authentication key and the public authentication key. The
private authentication key is stored on hard disk. SWIFT includes the public authentication key in
the certificate.

Use
Customers use private authentication keys and associated certificates at the beginning of a secure
browse session (SSL) to authenticate the client (the web client) and the (web) server. SSL secures
the browse traffic for integrity and encryption. The web certificate and private authentication key do
not provide non-repudiation, because the customer does not sign the HTTPS traffic with the unique
private authentication key. It is important to add the valid SWIFTNet CA certificate(s) to the list of
trusted CA certificates at both the client (web client) and the (web) server.

Protection
Although a standard browser does not enforce the usage of passwords for the protection of the
web keys, SWIFT strongly recommends that customers use passwords.

18 March 2021 23
SWIFTNet PKI Features and Functions
Service Description

Validity period
Private authentication keys are valid for 18 months. Public authentication keys and web certificates
are valid for 24 months.
Key length
The key length determines the cryptographic strength. All web keys are 2048 bits long.

[Link] Personal Keys

Definition
Personal keys (that is, personal token key or personal HSM key) enable the authentication of the
end users of a customer after they have used the key to log in to an application or to sign secure
transactions under the responsibility of that customer.

Use
End users of customers use personal keys on applications where the end user's interaction is
required, such as on SWIFT WebAccess. Personal keys are not supported for FIN, InterAct, or
FileAct.
Personal token keys are created and managed through the SWIFTNet Online Operations Manager
and the SWIFT Certificate Centre. Personal HSM keys are created and managed through the
SWIFTNet Online Operations Manager and Alliance Gateway.

Expiry
Personal keys expire after 24 months. Personal token keys are not renewed automatically, they
must be renewed through the SWIFT Certificate Centre. Personal HSM keys are not renewed
automatically, they must be recovered through the SWIFTNet Online Operations Manager and
Alliance Gateway.

4.1.3 Passwords
Requirements for using passwords
SWIFT provides a mechanism for customers to protect the access to the private key issued in
respect of their customer entities using passwords.
To use their private key, customers, acting in particular through their entities or their agents, are
required to provide a password.

[Link] Human and Application Passwords

SWIFTNet defines password rules that depend on whether a certificate is owned by an individual
(for example, a security officer) or by an application (for example, a FIN Computer-Based
Terminal).
Security officers are able to specify which password type to use when they perform a set-up for
certification or recovery.

Human password policy

Select the human password policy if an individual will regularly enter in the profile's password on
the request of an application. The human password policy allows a shorter password and requires
a more frequent password renewal.

18 March 2021 24
SWIFTNet PKI Features and Functions
Service Description

Typically, this is the password policy for a profile that corresponds to a human operator.

Application password policy

Select the application password policy if an application will store and retrieve the profile's password
on the request of an application. The application password policy requires a longer password and
allows for a less frequent password renewal.
Typically, this is the policy for a profile that corresponds to a FIN interface.

[Link] Password Policy Rules

SWIFT links each type of password to a specific password policy that determines a set of password
rules.

Human password Application password

Minimum password length 8 characters 17 characters

Maximum password length 20 characters

Password complexity cannot have any character repeating for more than half the length of the
password

must contain at least one lower not applicable

case character

must contain at least on upper not applicable

case character

must contain at least one digit not applicable

when a substring of the profile name is present in the password then

the substring length should be less than the number of remaining
characters in the password

Expiration time 90 days 2 years

History list length 8 last passwords

Generation end user random (recommended)

Failed login attempts allowed when 5

stored on an HSM

[Link] Enhanced Password Rules

The certificate password policy has been enhanced to meet industry best practices. The following
rules have been added or changed:
• Successive passwords must not follow a sequence. In addition, successive passwords must
have a Levenshtein distance of >=6 (<minimum length of credential>/2).
• A password must not include a repeated character for more than half the length of the password
(more than L/2 when the password length is even, and more than (L+1)/2 when the password
length is odd).

18 March 2021 25
SWIFTNet PKI Features and Functions
Service Description

The password is checked against the policy during certification, recovery, or password change.
Migrated end users who have passwords that do not meet these requirements will be asked to
select a new password at the first password change following the installation of Release 7.2.

[Link] Deny List

Every new password is checked against a deny list of substrings to increase the probability that the
password survives a brute-force attack.
A user receives a notification with information that details which substring in the new password
request is not a valid substring. The user only receives this information if the new password request
includes a substring contained in the deny list.
The default substring deny list is packaged with SWIFTNet Link and Alliance Gateway, as of
Release 7.2 or later. This list is configurable and may vary from customer to customer because
SWIFT does not control the contents of this list in every circumstance.
Related information
SWIFTNet Link Operations Guide
Alliance Gateway Security Guide

[Link] Sharing of Passwords

Customers must ensure that any password corresponding to a business certificate is kept
confidential and is not shared beyond the identified entity or its agents.
A password corresponding to a lite certificate can be shared between end users, or between
entities' agents, within one customer's subdomain. In all cases, customers are reminded that
passwords are personal to the customer. In particular, the customer must not permit access to its
passwords to persons other than those for which it is responsible.

[Link] Renewing of Passwords

Password renewal frequency is 90 days for human passwords and 2 years for application
passwords.
SWIFTNet Link (SNL) and Alliance Gateway Instant (AGI) allow the use of an expired application
password to perform SWIFTNet PKI operations. SNL and AGI generate expired password
warnings, but do not prevent an application with an expired password from performing operations.
Customers can use a configuration parameter to prevent users from performing SWIFTNet PKI
operations with expired human passwords. For more information about human password expiry
enforcement, see the SWIFTNet Link Operations Guide.
Note Some interfaces, such as Alliance Web Platform, may not allow an end user to log in
to the interface if the password has expired.
Related information
SWIFTNet Link Operations Guide

[Link] Password Management Facilities

Through SWIFTNet Link (SNL) or Alliance Gateway Instant (AGI), a customer entity (directly or
through its agent) can use the Key Management Application to perform the following tasks:

18 March 2021 26
SWIFTNet PKI Features and Functions
Service Description

• enable the creation of passwords

• enable the changing of passwords
• validate passwords against the password rules when passwords are created or changed
The SWIFT Certificate Centre provides password management for personal token certificates.

[Link] Personal Token Passwords

Security officers are able to select a password policy for personal tokens when they perform a set-
up for certification or recovery. The activation secrets communicate the selected password policy to
the token.

Token password policies

Parameter Description Level 6 Level 8 Level 12

Length Minimum number of 6 8 12

characters

Expiration Validity period (in 90 180 365

days) before a
password must be
changed

Character set Minimum character Number(0-9) Includes all of the

set that must be following:
used
• Letter (a-z)
• Number(0-9)
• Capital Letter
(A-Z)
• Symbol

Complexity Rules on the Maximum 2 repeating characters • Maximum 2

composition of a repeating
password characters
• At least 1
character from
the 4 character
types

History Number of previous 5

passwords that
cannot be re-used

Lockout Number of failed 5

attempts before an
account is locked

Password rules
Provide a strong password. Use the following guidelines when creating a password:
• the minimum length varies according to the password policy
• the maximum possible password length is twenty characters

18 March 2021 27
SWIFTNet PKI Features and Functions
Service Description

• You can use the following characters:

- 0-9 A-Z a-z and space
- ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
• you cannot use accented characters (for example, é or ö)

4.1.4 Security Devices

Hardware Security Modules (HSMs)
HSMs are tamper-resistant security devices that customers use to protect their SWIFTNet PKI
private keys. HSMs are designed to offer physical and logical protection against unauthorised
access.
Customers select the type of HSM based on the hardware platform on which the HSM is to be
used, the traffic volume they need to handle, the number of certificates they need to store, and the
resilience level that they require. There are two types of HSMs that customers can use with
SWIFTNet Link:
• HSM token, for managing low traffic volumes
• HSM box, for managing low-to-high traffic volumes
For information about HSM tokens, see HSM Token on page 28. For information about installing,
configuring, and operating your HSM, see the HSM Box Operations Guide.

Personal tokens
The security device for use on a person's desktop, typically for screen-based applications, is the
personal token. For information about personal tokens, see Personal Tokens on page 29.

[Link] HSM Token

HSM tokens
HSM tokens are small, lightweight devices that fit on a key-ring, and which the end user connects
to the PC through a USB port.
The HSM is required to sign live traffic. To avoid impacting the message flow, customers must
ensure that enough spares are in their possession to replace lost or stolen HSMs.

Benefits of HSM tokens

HSM tokens provide the following benefits:
• Security
Private information never leaves the HSM token. Two-factor security, that is, something that is
owned (the HSM) and something that is known (the certificate password) protects the
information. HSM tokens follow FIPS 140-2 level-2 or level-3 security standard.
• Portability
The token containing the private keys can go wherever the end user goes.

18 March 2021 28
SWIFTNet PKI Features and Functions
Service Description

Features of HSM tokens

Some of the primary features include the following:
• Built-in cryptographic and security application that includes certificate storage and handling
• Each HSM token holds one certificate
• On-token key generation, which means that critical private key never leaves the token, and no-
one can steal it over the network or from an end user's PC
• Hardware and software protection against external attacks

[Link] HSM Box

Overview
An HSM box is a hardware box that can store multiple certificates that can be accessed over the
LAN.
HSM boxes can be rack-mounted and are supplied with all the necessary connector and power
supply cables. HSM boxes come with a PIN Entry Device (PED), used to authenticate certain
sensitive operations on the HSM box with a PED key and a PIN code. The PED is a handheld
device comprising a numerical keypad, and is connected to the HSM box by means of a cable. A
remote PED can also connect to the HSM box over the customer's network.
The HSM box is critical as it is used when a message is sent that must be signed. Unavailability of
the HSM prevents main message flow. To ensure the continued availability of their HSMs, SWIFT
mandates that customers have at least two HSM boxes in operation for use in the live environment.

Benefits of HSM boxes

HSM boxes combine tamper detection and response mechanisms to prevent key compromise,
along with data encryption and two-way authentication between itself and the SWIFTNet Link or
Alliance Gateway Instant (AGI). HSM boxes follow the FIPS 140-2 level 3 security standard.
HSM boxes are appropriate for highly resilient configurations, in which a customer can set up HSM
boxes in a cluster.

Features of HSM boxes

By default, HSM boxes can store up to 250 certificates per HSM box. Customers can order an
optional large certificate capacity licence for their high throughput class HSM boxes to store up to
2500 certificates per box.
Different HSMs can be shared by different SNLs or AGIs, as these systems are connected to the
customer's LAN. A total of maximum five hosts (SNLs or AGIs combined) can use the same HSM.
Depending on the customer's volume, and in line with the connectivity packs, the HSM box is
available with three throughput classes (low, medium, and high).
For information about connectivity packs, see the Connectivity Packs - Configurations for Multi-
Vendor Secure IP Network Connectivity.

[Link] Personal Tokens

Overview
SWIFT provides tokens that allow strong authentication for individual entities when accessing and
using certain SWIFT messaging services. The token includes PKI credentials which the customer
entity has generated. The PKI credentials are used to create digital signatures that allow the entity

18 March 2021 29
SWIFTNet PKI Features and Functions
Service Description

using the token to be identified. The token is personal and must not be shared with another entity. It
is protected by a password that the entity must keep private.
Customers can order two types of personal tokens: one for the production environment (live and
pilot/test services) and another for the integration testbed environment (ITB).

Benefits of personal tokens

Personal tokens provide the following benefits:
• Security
Private information never leaves the token. Two-factor security, that is, something that is owned
(the token) and something that is known (the password) protects the information. Personal
tokens now follow the FIPS 140-2 level-3 security standard (previously FIPS 140-2 level-2).
• Portability
The token containing the private key can go wherever the end user goes.

Features of personal tokens

Some of the primary features of the tokens include the following:
• Built-in cryptographic and security application that includes certificate storage and handling.
• Each token holds one certificate.
• On-token key generation, which means that the critical private key never leaves the token, and
no one can steal it over the network or from an end user's PC.
• Hardware and software protection against external attacks.

4.2 Management of Digital Identities

4.2.1 Identity Administration

[Link] Registration of an Entity

Entity registration
In support of the chain of trust, the SWIFTNet Registration Authority verifies that the request to
register a customer's entity to SWIFTNet Public Key Infrastructure (PKI) comes from an authorised
security officer.
For information about authentication and identification, see the SWIFTNet PKI Certificate
Administration Guide.

Web server entity registration

Web server entities are not registered online because their registration and configuration (for
example in the Domain Name System [DNS]) are more complex than the registration of other
entities. Customers must request registration of a web server entity by sending the completed form
to Customer Operations.

18 March 2021 30
SWIFTNet PKI Features and Functions
Service Description

[Link] Application for Certificates

Customer responsibilities
In some cases, it is required to use SWIFTNet certificates to identify end users. If a certificate
carries the individual's name, then the customer is responsible for the correct identification of the
individual using the certificate and must verify and authenticate the individual's identity against a
trusted source.
The security officer must ensure the following:
• If the individual is an employee of the customer, then the security officer must check the
employee's identity against corporate documentation.
• If the individual is not an employee (for example, a contractor), then the individual's identity is
checked by way of a personal identity card. In addition, the individual's direct manager must
provide a formal request for certification.
• That the security officer assigns the representation of the customer entity through the
Distinguished Name (DN) or optionally through the user name.

Initiated by the security officer

For information about the set-up for certification process, see the SWIFTNet PKI Certificate
Administration Guide.
At the end of this procedure a new node is created for the customer entity in the SWIFTNet
Directory with the status ready for certification and the individual or agent is in possession of the
activation secrets.
In support of confidentiality, when setting up an entity for certification, the SWIFTNet Registration
Authority sends the activation secrets that it issues for a customer to the customer's security
officers through an encrypted channel.
The security officer then gives the activation secrets to the entity or agent to perform a certification.
SWIFT provides the activation secrets to the first two security officers who must download them by
means of the Secure Channel.

4.2.2 Certificate Administration

[Link] Overview
Online administration through the SWIFTNet Online Operations Manager
The SWIFTNet Online Operations Manager enables security officers to manage certificates for all
entities within their scope of authority. Other interfaces may also provide such functionality.
The SWIFTNet Online Operations Manager is designed to enable the security officer to do the
following:
• create nodes in the SWIFTNet Directory, for the customer's entities
• initiate the issue of certificates
• revoke certificates
• initiate the recovery of entities
• disable entities
• delete entities that have been disabled and whose certificates have been revoked

18 March 2021 31
SWIFTNet PKI Features and Functions
Service Description

For more information about certificate administration, see the SWIFTNet PKI Certificate
Administration Guide and the SWIFTNet Online Operations Manager User Guide.

Processing of administration requests

The Local Registration Application server processes online certificate administration requests. The
Local Registration Application server is connected to the SWIFTNet Certification Authority and the
SWIFTNet Directory.

Activity log
Customers can use the SWIFTNet Online Operations Manager to generate a report of the
certificate management activities of their security officers. For more information, see the SWIFTNet
Online Operations Manager User Guide.

[Link] Certificate Issuance and Publication

Initiated by the individual or the agent
For information about the certification process, see the SWIFTNet PKI Certificate Administration
Guide.
At the end of this process the signing key pair and the encryption key pair have been generated,
the certificate associated with each key pair is published in the SWIFTNet Directory, and the
customer entity has the status certified. The successful completion of this process constitutes the
acceptance by the agent.
If a customer cannot use the activation secrets, then it must contact the SWIFT Customer Support
Centre.
The customer must ensure that the individual or agent has exclusive control over the generation of
the entity's keys. This is critical for achieving entity-level non-repudiation.
Note Password generation for web certificates can be optional, depending on the browser.
SWIFT strongly recommends that the individual or agent generate and use passwords
to protect the private keys.

Certification
In support of the chain of trust, the SWIFTNet Certification Authority validates that a certification
request comes from a customer's entity by validating that the activation secrets issued to a security
officer of that customer entity (when the entity was set up for certification) are still active and are
being appropriately used.

Certification of the verification key

In support of the chain of trust, the SWIFTNet Certification Authority certifies each public
verification key.
When receiving signed traffic, the customer must therefore use the sender's public verification key
to verify the authenticity of its digital signature.

Certification of the encryption key

In support of the chain of trust, the SWIFTNet Certification Authority certifies each public encryption
key.
The sender of a SWIFTNet message must therefore use the receiver's public encryption key to
encrypt that message for the receiver.

18 March 2021 32
SWIFTNet PKI Features and Functions
Service Description

[Link] Certificate and Key Renewal

The renewal process
If the customer's operational environment is set up correctly, then renewal of the business and lite
private keys and the associated certificates is automatic.
Note For increased security, a certificate renewal operation is always performed in
conjunction with a key pair renewal. This ensures that a renewed certificate always
has a newly generated public key. This combined process is also known as a re-key
operation.
For more information about the renewal process in SWIFTNet Link, see the SWIFTNet PKI
Certificate Administration Guide. For Alliance Gateway Instant (AGI), see the Alliance Gateway
Instant User Guide.
For more information about renewal frequency, see Business and Lite Keys on page 22.

Renewal notification
SWIFT does not notify individuals or agents about the renewal of certificates.
For time-critical applications that use SWIFTNet PKI certificates, the agent must anticipate and
monitor the automated renewal.
The SWIFTNet Online Operations Manager is designed to enable security officers to monitor
certificate expiry dates online or through automated reports. Customers can also retrieve the
certificate expiry date through SNL or AGI.

Certificate expiry control

Customers are responsible for checking the expiry status of all certificates, and for renewing the
certificates before their expiry as required. Customers can use the SWIFTNet Online Operations
Manager to generate a report of the certificate expiry dates. For information about certificate
reports, see the SWIFTNet Online Operations Manager User Guide.

[Link] Entity Recovery

Online or offline recovery
Customers can set up entities for recovery either online or offline. SWIFT strongly recommends
that the customer restricts the offline set-up for recovery to emergency cases only. SWIFT charges
a fee for the offline set-up for recovery.

Online recovery
To minimise the customer's system unavailability due to corrupted or lost private keys, SWIFT
provides an online recovery capability.
Customers can lose or damage business and lite private keys. Also, the certificates and keys can
expire if automatic renewal does not succeed. In these cases, customers can request new
certificates and keys immediately by recovering the entities to which these certificates and keys are
associated.
To protect the entity profile during recovery, the customer must define a password that differs from
the previously used password.
The most common situations that require entity recovery are described in the table in
Circumstances for business and lite entities on page 37.

18 March 2021 33
SWIFTNet PKI Features and Functions
Service Description

The recovery process

SWIFT generates new keys and certificates as a result of the recovery process. For more
information about the recovery process, see the SWIFTNet PKI Certificate Administration Guide.

[Link] Certificate Revocation

Certificate revocation
To minimise the period in which misuse of a customer's compromised private key can occur,
SWIFT provides an online certificate revocation capability.
The individual or agent through a security officer, the security officer, or SWIFT can request
revocation.
When the security officer must revoke
The security officer must revoke entities associated with business and lite certificates if it suspects
that either the key or password is compromised, and in situations in which the security officer must
prevent the future use of particular keys.
The most common situations that require certificate revocation are described in the table in
Circumstances for business and lite entities on page 37.
SWIFT's right to revoke certificates
SWIFT reserves the right to revoke a customer's certificates, on its own initiative, in the following
circumstances:
• If SWIFT strongly suspects misuse of the customer's certificates. In this case SWIFT contacts
the security officer in advance.
• If SWIFT renews the root key of the SWIFTNet Certification Authority and the customer fails to
renew the old certificate, then SWIFT notifies the security officer of the revocation in advance.
• Upon deactivation of a customer.
If SWIFT decides to revoke a customer's certificate on its own initiative, then SWIFT makes
reasonable efforts to notify the customer in advance.

Revocation process
As a result of the revocation process, SWIFT updates the appropriate Certificate Revocation List
with the serial numbers of the revoked certificates and uploads it into the SWIFTNet Directory. The
updated Certificate Revocation List is then available for retrieval by the SWIFTNet Link or Alliance
Gateway Instant (AGI) of the customer.
Note If a disaster strikes a SWIFT operating centre, then SWIFT may not have fully
processed the online revocation requests that customers have sent in the 15 minutes
before the disaster. In such cases, on request, SWIFT assists the customer to trace
the affected requests.
Note For SWIFT Secure Channel end users, an offline revocation request is valid when it
meets all of the following conditions:
• The security officer successfully submits the revocation request through the SWIFT
Secure Channel.
• The second security officer approves the revocation request (if required).
• The security officer receives the confirmation e-mail of the revocation request.
For more information about the revocation process, see the SWIFTNet PKI Certificate
Administration Guide.

18 March 2021 34
SWIFTNet PKI Features and Functions
Service Description

[Link] Entity Disablement

When a security officer must disable an entity
Security officers can permanently disable a customer entity associated with a business or lite
certificate (an entity associated with a web certificate cannot be disabled). Furthermore, the
customer's security officers must disable entities that the customer no longer requires. SWIFT
stops charging for certificate maintenance when the customer has disabled the entity.
For more information about circumstances for entity disablement, see Circumstances for Revoking,
Recovering, and Disabling Entities on page 37.

When SWIFT can disable entities

In exceptional cases, SWIFT can also disable entities (for example, when a customer ceases to be
a SWIFT user).
If SWIFT decides to disable a customer's entities, then it makes reasonable efforts to inform the
customer in advance.

The disablement process

The customer's security officer must revoke a certificate before the disablement of an entity.
The entity reaches the end of its life cycle once it is disabled. After that, if the certificate has not
been revoked, the certificate stays valid until it expires. However, the certificate can no longer be
renewed and the entity can no longer be recovered (as a result of the disablement). Disablement is
permanent and irreversible.
For more information about the disablement process, see the SWIFTNet PKI Certificate
Administration Guide.

[Link] Certificate Administration Responsibilities

Entity and certificate life cycles
For information about entity and certificate life cycles, see the SWIFTNet PKI Certificate
Administration Guide.
Business and lite certificates
The following table shows the actions for changing the state of business and lite certificates, and
the person that is responsible for the action.

Responsible party Action

individual or agent certification

individual or agent recovery

not applicable (automatic) expiry

not applicable (automatic) renewal

security officer (including shared security officer) revocation

security officer (including shared security officer) disabling

18 March 2021 35
SWIFTNet PKI Features and Functions
Service Description

Responsible party Action

security officer (including shared security officer) set-up for certification

security officer (including shared security officer) set-up for recovery

Web certificates
The following table shows the actions for changing the state of web certificates and the person that
is responsible for the action.

Responsible party Action

individual or agent certification

not applicable (automatic) expiry

individual or agent recovery

security officer (including shared security officer) set-up for certification

security officer (including shared security officer) set-up for recovery

Personal token certificates

The following table shows the actions for changing the state of personal token certificates and the
person that is responsible for the action.

Responsible party Action

end user certification

end user recovery

not applicable (automatic) expiry

end user renewal

security officer (including shared security officer) revocation

security officer (including shared security officer) disabling

security officer (including shared security officer) set-up for certification

security officer (including shared security officer) set-up for recovery

Personal HSM certificates

The following table shows the actions for changing the state of personal HSM certificates and the
person that is responsible for the action.

18 March 2021 36
SWIFTNet PKI Features and Functions
Service Description

Responsible party Action

individual or agent certification

individual or agent recovery

not applicable (automatic) expiry

security officer (including shared security officer) revocation

security officer (including shared security officer) disabling

security officer (including shared security officer) set-up for certification

security officer (including shared security officer) set-up for recovery

[Link] Circumstances for Revoking, Recovering, and Disabling Entities

Circumstances for business and lite entities
The following table describes situations that require a security officer to change a password, or to
recover, revoke, or disable business or lite entities and certificates. For more specific information
about how the revocation, recovery and disabling of entities and certificates is processed in the
SWIFT interface, see the relevant SWIFTNet interface guide.

Change
Situation Revoke Recover Disable
Password

Security profile lost. This may be

because the HSM, or SWIFTNet
Link or Alliance Gateway Instant
(AGI) host is lost or stolen. It can x x
also be because a back-up
containing the profile on disk is
lost or stolen.

Password disclosed, stolen, or

near expiry.
In this case the security profile has x
not been copied. If the security
profile has been copied, then the
action is revoke and recover.

Password forgotten. x

The entity is no longer needed.(1) x x

End user with a personal

x x
certificate has left the company.(1)

End user using an anonymous

(impersonal) certificate has left the x
company.

18 March 2021 37
SWIFTNet PKI Features and Functions
Service Description

Change
Situation Revoke Recover Disable
Password

End user knowing the password of

a shared certificate has left the x
company.

The end-user certificate has

expired after automatic certificate x
and key renewal failed.

The activation secrets are

x x
compromised.

The activation secrets do not

x x
work.

The certificate must be moved

from disk to HSM, from HSM to
x(2)
disk, or from HSM to another
HSM.

Change of certificate class (for

example, lite to business), policy x
ID, or password policy.

(1) Entities that have been revoked and disabled can be deleted.
(2) If both the Policy ID and the password policy do not change, then it is also recommended to initialise the HSM partition
(holding the previous profile) or alternatively, to perform a revocation in order to make the previous profile unusable.

Circumstances for personal certificates

The following table describes situations that require a security officer to change a password, or to
recover, revoke, or disable personal certificates (that is, personal token certificates and personal
HSM certificates). For more specific information about how the revocation, recovery and disabling
of entities is processed in the SWIFT interface, see the relevant SWIFTNet interface guide.

Situation Change Password Revoke Recover Disable

Security profile lost.

This may be
because the
x x
personal token or
HSM is lost or
stolen.

Password disclosed
or stolen.
The security profile
cannot be copied in x
case of personal
tokens or personal
HSMs.

Password forgotten. x

18 March 2021 38
SWIFTNet PKI Features and Functions
Service Description

Situation Change Password Revoke Recover Disable

The entity is no
x x
longer needed.(1)

The end user has

x x
left the company.(1)

The end-user
certificate has x
expired.

The activation
secrets are x x
compromised.

The activation
x x
secrets do not work.

(1) Entities that have been revoked and disabled can be deleted.

Circumstances for web certificates

Web certificates cannot be managed effectively, and so there is only a limited set of circumstances
for which intervention is required.

Situation Recover

Password forgotten x

Web certificate has expired x

Circumstances for communication footprint (AGI/SNL) instance and TLS (connection to SWIFT)
certificates
Except for recovery, communication footprint (AGI/SNL) instance certificates cannot be managed
online, and so there is only a limited set of situations in which intervention is required.

Situation Recover

Security profile is corrupted or is not the latest x

Communication footprint (AGI/SNL) instance

x
certificate has expired

Circumstances for channel certificates

Situation Revoke Recover

Security profile is corrupted or is x

not the latest

Channel certificate has expired x

18 March 2021 39
SWIFTNet PKI Features and Functions
Service Description

Situation Revoke Recover

Key is compromised x x

[Link] Records Archival

To maintain evidence, SWIFT time stamps and archives records that relate to the certificate life
cycle.
The records consist of the following:
• Records archived for 12 years
- all online administration requests that security officers have issued and that SWIFT has
accepted
- all offline administration requests that security officers have issued to SWIFT and all SWIFT
responses
• Records archived for 24 years
- all changes to the status of entities and their certificates
- all certificates (valid or expired)
- the Certificate Revocation Lists

4.2.3 Role Administration

[Link] Overview
Online administration through the SWIFTNet Online Operations Manager
The SWIFTNet Online Operations Manager is designed to enable security officers to manage Role-
Based Access Control (RBAC) roles for the customer entities within their scope of authority. Other
interfaces may also provide such a functionality.
The SWIFTNet Online Operations Manager enables the security officer to do the following:
• create nodes in the SWIFTNet Directory for the customer entities
• assign roles to, or remove roles from, customer entities
For more information about role administration, see the SWIFTNet PKI Certificate Administration
Guide and the SWIFTNet Online Operations Manager User Guide.
Processing of administration requests
The Role-Based Access Control (RBAC) server processes online role administration requests.

Activity log
Customers can use the SWIFTNet Online Operations Manager to generate a report of the role
management activities of their security officers. For more information, see the SWIFTNet Online
Operations Manager User Guide.

18 March 2021 40
SWIFTNet PKI Features and Functions
Service Description

[Link] Role-Based Access Control

Definition
Role-Based Access Control (RBAC) is designed to enable customers to control access to specified
services and functions by assigning predefined roles to entities in the subdomain of the customer.
Service administrators can additionally use the roles for restricting access to certain functions or
resources in their application. In this case, service administrators are responsible for defining the
various roles for their service. Unless the service administrator has defined other roles for the
service, SWIFT creates a generic role per service. For more information, see the specific service
documentation.
Security officers are responsible for granting these roles to entities in their subdomain. SWIFT
stores centrally all the roles that are assigned to the entities. When the end user accesses such a
service, SWIFT retrieves the entities' roles and centrally checks that only entities that have an
RBAC role for a service can access the application or send SWIFTNet messages within this
service (and otherwise rejects it). This allows customers to separate the use of entities within its
subdomain per service.
If the service administrator uses the roles for granular access control within the application, SWIFT
adds the end user's roles to the message and forwards it to the service administrator. The
receiver's application can then validate whether the end user's roles are appropriate to send such a
message or to use such a function on the application.
Note If SWIFT creates a new service that uses RBAC and a customer subscribes to this
service in respect of one or more specific BICs, then the institution's security officer
can see, and consequently grant, the roles of that service to end users within the
subdomain.

RBAC for security officers

When SWIFT registers the first two security officers of a customer (per 8-character BIC), SWIFT
automatically assigns the appropriate RBAC security roles to the security officers for certificate
administration and role delegation.
The two security officers can use RBAC directly (with no intervention from SWIFT) to grant to any
additional security officers the roles that are specific to certificate administration and role
delegation. Security officers manage a subtree of the customer subdomain at the nearest o or ou
node of the security officer's Distinguished Name (DN).
Security officers may also have business application responsibilities in addition to their security
roles. In this case, they use RBAC to assign business roles to entities, in accordance with the
service administrator's guidelines.

Related information
For more information about RBAC administration, see the
SWIFTNet PKI Certificate Administration Guide
.

18 March 2021 41
SWIFTNet PKI Features and Functions
Service Description

4.2.4 Key and Password Management

Key Management Application and API for business and lite certificates
SWIFTNet Link (SNL) and Alliance Gateway Instant (AGI) provide agents with the Key
Management Application (KMA) or API, which agents use to perform the following tasks:
• to generate private and public keys
• to control access to the keys through a password
• to change passwords
• to list certificates on the HSM or on the hard disk of a SWIFTNet Link

Management of web certificates

In the context of a browse service, the standard browser provides password and key management
for web certificates. Even though the browser does not require passwords, SWIFT strongly
recommends that customers use passwords to protect web certificates and keys.

Web servers
For the browse services, each web server has its own tool to generate a private key - public key
pair, and a Certificate Signing Request (CSR). Using the standard browser and connecting to the
Entrust Authority Enrolment Server for Web, the customer submits the CSR and obtains a
certificate. This certificate is then installed in the web server.

Personal token certificates

For personal token certificates, the keys are managed by the end user of the customer through the
SWIFT Certificate Centre.

Personal HSM certificates

For personal HSM certificates, the keys are managed by the end user of the customer through
Alliance Gateway.

4.3 Usage of Digital Identities

Scope
This section covers the use of SWIFTNet PKI certificates for the signing of business data contained
in the message payload that is transported using a SWIFT messaging service. For the use of
SWIFTNet PKI certificates to sign messaging traffic, see the relevant SWIFT messaging service
(typically the SWIFTNet Service Description and the FIN Service Description) as applicable.
SWIFTNet Link (SNL) and Alliance Gateway Instant (AGI) cryptographic functions
All SWIFTNet interfaces, whether they originate from SWIFT or from other parties, interoperate
with SNL or AGI.
SNL and AGI provide the following cryptographic functions for business and lite certificates:
• Signing: Through SNL or AGI and, if applicable, the HSM, the sender can use a private signing
key to sign a message or data sent over SWIFTNet. This provides authentication, integrity, and
non-repudiation of origin.
• Signature verification: Through SNL or AGI, the receiver can use the sender's public
verification key to verify the integrity and authenticity of a message or data received over
SWIFTNet.

18 March 2021 42
SWIFTNet PKI Features and Functions
Service Description

• Decryption: Through SNL or AGI, the receiver can use a private decryption key to decrypt a
message.

Authentication control
After verifying the signature and the validity of the certificate that was used to generate the
signature, the receiver can authenticate, through SWIFTNet Link (SNL) or Alliance Gateway Instant
(AGI), the counterparty responsible for the signed message or data received over SWIFTNet.

Integrity control
After verifying the signature, the receiver can validate, through SWIFTNet Link (SNL) or Alliance
Gateway Instant (AGI), that the signed message or data received over SWIFTNet has not changed
since it was signed.

Non-repudiation
There are 3 types of non-repudiation:
• Non-repudiation of origin
The signature on the message or data received over SWIFTNet can be used to obtain certainty
that the message or data was signed by the holder of a valid SWIFTNet PKI certificate owned
by the customer represented by, and responsible for, the 8-character BIC in the level 2 of the
certificate DN.
The non-repudiation of origin can be established by the customer using their SWIFTNet Link
(SNL) or Alliance Gateway Instant (AGI) at the time of receiving the message or data, or later on
by asking SWIFT to reverify the signature on a message or data up to 24 years after it was
signed. For the latter case, SWIFT retrieves the certificate data from its systems, checks the
certificate validity at the time specified by the customer, and reverifies the signature on the
message or data provided by the customer.
• Non-repudiation of emission
Non-repudiation of emission is an optional feature offered as part of SWIFT messaging
services. For more information about how to obtain certainty regarding the origin of a received
message, the fact that the message was sent at a specific time, and the destination to which the
sender intended to send that message, see the SWIFTNet Service Description and the FIN
Service Description.
Non-repudiation of emission cannot be provided for signed business data.
• Non-repudiation of reception
Non-repudiation of reception is an optional feature offered as part of SWIFT messaging
services. For more information about how to obtain certainty regarding the reception of a
message and the fact that the message was received at a specific time, see the SWIFTNet
Service Description and the FIN Service Description.
Non-repudiation of reception cannot be provided for signed business data.

Certificate verification
To rely on a correspondent's business or lite certificate, the customer must verify that the certificate
is valid. Customers can use SWIFTNet Link (SNL) or Alliance Gateway Instant (AGI) to check the
following information that the certificates retrieved from the SWIFTNet Directory and possibly
stored in the local cache memory:
• The certificate expiration date.
• The purpose of the certificate. For example, signing or encryption.
• The technical environment. For example, business and lite, or web certificate.

18 March 2021 43
SWIFTNet PKI Features and Functions
Service Description

• The certificate's revocation status. Customers can check against the Certificate Revocation List.
• The certificate's authenticity. Customers can verify the SWIFTNet Certification Authority
signature.
Certificate revocation status check
The certificate revocation status check differs when PKI certificates are used for signing SWIFT
messaging and for signing business data contained in the message payload that is transported
using a SWIFT messaging service:
• Signing SWIFT messages
For each message exchanged, the central SWIFTNet systems check, upon receipt of the
message, that the PKI certificate that has been used to sign the message is not revoked.
SWIFT ensures that this check takes the following certificate revocations into account:
- all online revocations that happened at least 5 minutes before the message was sent
- all offline revocations for which SWIFT has received a valid revocation request (and has
successfully authenticated the requesting security officers) at least 2 hours before the
message was sent
If the certificate is revoked, then SWIFT rejects the message.
• Signing business data
SWIFT does not check the revocation status of the PKI certificate used to sign business data
contained in the message payload that is transported using a SWIFT messaging service. The
revocation status must be checked by the receiver using its SWIFTNet Link (SNL) or Alliance
Gateway Instant (AGI). If the certificate is revoked, then the receiver must not rely on the
signature and must contact the customer responsible for the certificate that was used to sign the
data.
In normal operational circumstances, the receiver's SNL or AGI retrieves the updated Certificate
Revocation List (containing the newly revoked certificate):
- within a maximum of 1 hour after SWIFT has received a valid online certificate revocation
request from the sender of the business data
- within a maximum of 3 hours after SWIFT has received a valid and authenticated offline
certificate revocation request from the sender of the business data
Signed traffic rejection
Traffic is not rejected immediately after a certificate revocation request. This is due to the delay
between the successful revocation of a certificate and the time that it takes:
• to propagate the revocation information to all central SWIFTNet systems
• for all customer SWIFTNet Links (SNLs) or Alliance Gateway Instants (AGIs) to retrieve the
updated Certificate Revocation List
Within the period of delay, the certificate for which a revocation request has been received can still
be interpreted as valid.
The customer is liable for any reliance on the customer's certificate as a valid certificate during this
period of delay.
For the time frames between certificate revocation and traffic rejection, see Certificate revocation
status check on page 44.

18 March 2021 44
SWIFTNet PKI Features and Functions
Service Description

Personal token verification

When applicable, SWIFT checks the following certificate information:
• The certificate expiration date.
• The certificate's revocation status by checking against the Certificate Revocation List.
• The certificate's authenticity by verifying the SWIFTNet Certification Authority signature.

18 March 2021 45
SWIFTNet PKI Roles and Responsibilities
Service Description

5 Roles and Responsibilities

5.1 Customer Roles

5.1.1 Entity
Description
An entity is identified in the SWIFTNet Directory with a Distinguished Name (DN), and either has a
certificate or is set up for certification.

Identification
An entity is identified by its DN, which always includes the 8-character BIC of the customer
responsible for the entity. If the entity has a certificate, then the DN is included in the entity's
certificate.
The service administrator of a business service using SWIFT messaging can mandate participants
in their service to use specific DNs.
If the service administrator mandates specific DNs, then it must notify service participants of this in
dedicated guidelines.
For more information about the identification of entities, see the SWIFTNet Naming and Addressing
Guide.

Occurrences
In SWIFTNet messaging, entities can occur in the form of a signer DN, encrypter DN, and
authoriser DN.

Authorised activities
An entity or, as applicable, its agent does the following:
• provides the password for the private keys
• signs and encrypts messages (applicable for entities only)
• verifies signatures and decrypts messages (applicable for entities only)

5.1.2 Agent
Definition
An agent is an individual responsible for managing the certificate(s) and the private keys of an
entity where such entity is not itself a named individual, for example:
• an application or system
• an organisational unit or department
• a function, represented by an anonymous individual such as an end user or a security officer
• a service
Agents are appointed (and have their appointment terminated) by the customer directly through its
security officers. The agent's role is crucial in the chain of trust.

18 March 2021 46
SWIFTNet PKI Roles and Responsibilities
Service Description

Authorised activities
An agent does the following:
• generates the private keys and obtains the certificate of the entity
• protects the password for the entity's private key against disclosure and changes the password
of the entity's private key
• protects the private keys of the entity
• notifies the security officer in case of (suspected) compromise or loss of either the entity's
private key or the associated password

How to become an agent

A person automatically becomes an agent as a result of one of the following events:
• A person who receives activation secrets that relate to an entity's Distinguished Name (DN)
becomes an agent for the entity (regardless of whether this individual later uses the activation
secrets to certify the entity).
• A person to whom an agent gives either a password or a private key that relates to an entity's
certificate becomes that entity's agent jointly with any other agents that a security officer
designates for that entity (that is, a shared certificate).

5.1.3 Security Officer

Definition
The security officer is responsible for administering the entities of the customer, their certificates
and their roles. The first two security officers appointed by a customer must have all the necessary
capacity and authority to represent the customer towards SWIFT to perform its role of security
officer as described in this service description and, more generally, to manage all security matters
of the customer.
Customers can add or remove offline security officers through the Secure Channel. Customers can
remove online security officers by using the SWIFTNet Online Operations Manager.
If a registered security officer ceases to act in that role, then the customer must inform SWIFT at
the earliest opportunity and terminate, or replace, the appointed security officer.
In support of the chain of trust, SWIFT validates security officers' certificate status, scope of
authority, and role profile, to ensure that only duly authorised security officers issue certificate and
role management requests to SWIFT.

Maintenance of certificates
Security officers are responsible for regularly reviewing the list of certificates within their scope of
authority (see Scope of authority on page 48). Security officers must verify that all certificates in
the list are still required and appropriate, and if not the case, then the security officers must revoke
or disable those certificates that are no longer valid.

Online and offline capabilities

A security officer with online capabilities manages certificates and roles by using the SWIFTNet
Online Operations Manager. To do this, a security officer must have a valid certificate and the
CertificateAdministration and Delegator RBAC roles.
If the online administration functionality cannot be used, then a security officer with offline
capabilities can manage certificates by submitting offline intervention requests to SWIFT through
the SWIFT Secure Channel on [Link] > Support > Secure Channel. To do this, the security

18 March 2021 47
SWIFTNet PKI Roles and Responsibilities
Service Description

officer must have a [Link] account with access to the Secure Channel and use a personal
secure code card for authentication.

4-eyes authorisation
To increase customers' protection against unauthorised actions or wrongdoing by security officers,
SWIFT provides optional 4-eyes role profiles for certificate management and role management.
If customers activate this mechanism, then two security officers must issue requests. SWIFT
recommends that if the customer applies the 4-eyes principle, then the customer must also define
additional security officers to ensure consistent levels of operational availability.
Online security officers require the CertificateAdministration4eyes or the Delegator4eyes RBAC
role, or both. SWIFT recommends that security officers who previously had both
CertificateAdministration and Delegator roles grant themselves the CertificateAdministration4eyes
and Delegator4eyes roles in combination. For more information about implementing the 4-eyes
principle, see the SWIFTNet PKI Certificate Administration Guide.

Scope of authority
The area within the SWIFTNet Directory that the security officer is allowed to manage is called the
scope of authority. The scope of authority of the first two security officers that SWIFT defines is
equal to the customer's subdomain. The customer can define additional security officers at
subordinate levels, with a more limited scope of authority than the first two security officers. The
scope of authority of a security officer is defined as the sub-tree in the customer subdomain
including the node above the security officer's node.
For Alliance Cloud customers, the scope of authority is extended to include SWIFT. Indeed, the
sub-tree for Alliance Cloud customers contains a dedicated sub-tree under ou=swift-managed,
which is managed by SWIFT only and cannot be administered by an administering entity. For more
information about Alliance Cloud administration, see the Alliance Cloud Getting Started.

Authorised activities
The security officer uses the SWIFTNet Online Operations Manager to do the following:
• identify and authenticate the certificate applicants
• obtain the activation secrets that applicants for certification require
• revoke compromised certificates
• disable entities that no longer need certificates
• assign or remove roles
For more information about how to create a security officer, the roles and tasks of the security
officer, and for recommendations regarding the correct set-up and management of the SWIFTNet
PKI for the customer, see the SWIFTNet PKI Certificate Administration Guide. For information
about the registration of security officers, see Own Security Officers on page 11.

5.1.4 Shared Security Officer

Definition
A shared security officer has been appointed by multiple customers to administer their certificates.
Those customers appoint another customer (also referred to as the administering institution) to
manage their certificates on their behalf. The administering institution manages the certificates of
the administered institutions through those of its security officers who have been granted the
specific role of shared security officer.

18 March 2021 48
SWIFTNet PKI Roles and Responsibilities
Service Description

The shared security officer requires the Scope role in addition to the CertificateAdministration and
Delegator role. SWIFT grants the Scope role to the administering institution. SWIFT defines this
additional role in the Role-Based Access Control (RBAC) service. For more information about the
shared security officer roles, see the SWIFTNet PKI Certificate Administration Guide. SWIFT
verifies the presence of this Scope role each time it receives an online request from the shared
security officer.
A service bureau cannot act as an administering institution.

Maintenance of certificates
Shared security officers are responsible for regularly validating the list of certificates within their
scope of authority (see Scope of authority on page 49). Shared security officers must verify that
all certificates in the list are still required and appropriate, and if not the case, then the shared
security officers must revoke or disable those certificates that are no longer valid.

Creation
For more information about how to create a shared security officer, see the SWIFTNet PKI
Certificate Administration Guide. For information about the registration of shared security officers,
see Shared Security Officers on page 12.

Scope of authority
The area within the SWIFTNet Directory that the shared security officer is allowed to manage is
called the scope of authority. The scope of authority of shared security officers is defined as the
subdomains of the customer(s) for whom they act as a shared security officer. Additionally, such
security officers have a scope of authority within the subdomains of the customer for whom they act
as their own security officer.

Authorised activities
Shared security officers use the certificate and role administration functionality (for each customer
for which the shared security officer administers the certificates) to do the following:
• identify and authenticate applicants to receive certificates
• obtain the activation secrets needed for certification
• revoke compromised certificates
• disable entities that no longer require certificates
For more information about the roles and the tasks of the shared security officer, see the
SWIFTNet PKI Certificate Administration Guide.

5.1.5 Entity and Agent Relationships

The following table summarises the relationships between an entity and an agent:
Relationships between entity and agent

Entity represents Example Agent appointed for the entity

named individual john-smith No

anonymous individual testuser, so3 Yes

web browser %02

18 March 2021 49
SWIFTNet PKI Roles and Responsibilities
Service Description

Entity represents Example Agent appointed for the entity

application clsgateway2

5.2 Customer Responsibilities

5.2.1 Subscription
The customer must provide accurate and complete information in connection with its subscription
to SWIFTNet Public Key Infrastructure (PKI), including its full legal name and the identity of its first
two security officers.

5.2.2 Security Officers

Appointment and number
The customer must, initially, appoint two security officers to apply for and manage certificates for
the entities within the customer's subdomain, through the online ordering form on Join SWIFTor
any other applicable document.
If entities within the customer's subdomain are in different time zones, then SWIFT recommends
that the customer appoint at least one security officer per time zone.

Identification
The customer must ensure that it provides accurate and complete identification details of the first
two security officers and that its security officers always present a true and authentic identification
of themselves in all communication with SWIFT. This applies to (without limitation) the initial
registration process, certificate issuance, and maintenance and revocation requests, either online
or offline.
The customer must ensure that security officers always authenticate the customer's agents in all
communications with those agents.
The customer must also inform SWIFT of registration changes by means of the Secure Channel.
For example, an offline security officer role granted to a new person, the revocation of an offline
security officer role for an obsolete security officer, the update of address details for the secure
code card shipping.

Obligations
The customer must ensure that its security officers follow the obligations and scope of authority
defined for the role of security officer in this service description and the applicable operational
guides. To avoid any doubt, the customer always remains responsible for all acts, omissions, and
defaults of its security officers and its agents.
The customer is responsible for performing a periodic verification of the security officer information
and performing an update as required.

The Certificate Administration Guide

The customer acknowledges that the SWIFTNet PKI Certificate Administration Guide is a
statement of good practice for security officers.

18 March 2021 50
SWIFTNet PKI Roles and Responsibilities
Service Description

5.2.3 Agents
Appointment of agents
The customer must appoint at least one agent for each entity that is not a named individual. The
agent is responsible for the secure handling (for, and on behalf of, the customer) of the activation
secrets, certificates, private keys and passwords that relate to the entity. The agent can arrange to
automate the performance of certain obligations if this is consistent with other SWIFTNet service
offerings.

Agents use of the service

The customer must ensure that its agents conform to the obligations as set out in the SWIFTNet
PKI contractual documentation such as this service description.

Customer's responsibility for agents

For the avoidance of any doubt, the customer is responsible for all acts, omissions, and defaults of
its agents.

5.2.4 Entities
Role of an entity
The entity is responsible for the secure handling (for, and on behalf of, the customer) of its
activation secrets, private keys and associated passwords, and certificates.

Use of the service

The customer must ensure that its entities conform to the obligations as set out in the SWIFTNet
PKI contractual documentation such as this service description.

Customer's responsibility
For the avoidance of any doubt, the customer is responsible for all acts, omissions, and defaults of
its entities.

5.2.5 Responsibility for Activation Secrets, Certificates, and

Private Keys
Activation secrets
Activation secrets are confidential and sensitive information that enable SWIFT to authenticate the
customer. SWIFT provides the activation secrets to the first two security officers who must
download them by means of the Secure Channel. The customer must protect the activation
secrets, and ensure that it discloses these secrets only to persons that it has authorised to
represent the customer, and then only for the purpose for which SWIFT has supplied these
activation secrets.

Acceptance of certificates
Customers agree that the successful completion of the certificate issuance and publication process
described in Certificate Issuance and Publication on page 32 of this service description, constitutes
acceptance of the resulting public key certificates.

18 March 2021 51
SWIFTNet PKI Roles and Responsibilities
Service Description

Responsibility for the private key

The customer acknowledges that if it has accepted a certificate within its subdomain, and as long
as the certificate has not been revoked, then the customer must accept full responsibility and
liability for any act, omission, or default that relates to the use of the corresponding private key. In
particular, but without limitation, the use of such a private key to append a digital signature to a
message or file will be deemed to be the personal authentication of the customer as sender of that
message or file.

Responsibility related to the root CA certificate

A root CA certificate is a self-signed certificate that identifies the Certification Authority (CA). All
certificates issued by the root CA inherit the trustworthiness of the root CA. As part of the SWIFT
Root Key Renewal (RKR) initiative, that is, the update of the root CA certificate, the customer must
adopt, verify, and trust the new SWIFTNet CA certificate thus ensuring trust in certificates issued by
the new SWIFTNet CA.

5.2.6 Use of Private Keys

Protect private keys and request for revocation of certificates
The customer must ensure that its security officers and agents take all steps according to sections
Customer Roles on page 46 and Certificates on page 16 of this service description, and according
to best industry practice.
The customer must ensure that its security officers and agents take the steps immediately as set
out in Circumstances for Revoking, Recovering, and Disabling Entities on page 37 of this service
description.

Privacy of keys and passwords

The customer must ensure that its security officers and agents keep private and not share any
password, private key, or activation secrets that relate to a certificate, except (for encryption
certificates and lite signature verification certificates only) to the extent permitted in Keys on page
22 of this service description.
The agent must inform its security officer immediately when it requires an action of the security
officer such as to recover an entity or to revoke a certificate.
Use of private keys and certificates only for the purpose intended
The customer must ensure that it allows the use of an entity's private keys only in the following
circumstances:
• use by that entity
• for the business purpose of the customer concerned
• after the customer has successfully verified that the related certificate is a valid certificate and is
appropriate for the intended use (for example, business certificate stored on HSM to sign live
data)
• for use only as part of the SWIFT messaging services (unless otherwise expressly permitted)
• use of both the private key and the certificate in the appropriate environment (live or pilot/test,
integration testbed)
The customer must ensure that it does not allow or facilitate reliance on digital signatures or
certificates, outside the use of SWIFT messaging services (unless otherwise expressly permitted).

18 March 2021 52
SWIFTNet PKI Roles and Responsibilities
Service Description

5.2.7 Reliance on Correspondents' Certificates

Preconditions for reliance upon business and lite certificates
As a precondition to reliance on a digital signature that relates to a business or lite certificate, the
customer must verify that the certificate has been used in the context of SWIFT messaging
services (or otherwise expressly permitted), and that all other conditions have been successfully
verified:
• The certificate was issued under a valid SWIFTNet Certification Authority signature verification
certificate.
• The certificate is valid, that is, it has not expired and has not been added to the Certificate
Revocation List following a certificate revocation request. For certificates used to sign SWIFT
messaging traffic, SWIFT performs the certificate revocation checks centrally as part of the input
validation. For certificates used to sign business data contained in the message payload that is
transported using a SWIFT messaging service, it is the customer's responsibility to verify the
status of the certificate used for the signature upon receiving this traffic.
• The certificate is of the correct format set out in Certificates on page 16 of this service
description.
• The certificate is appropriate for the customer's use and respects any other bilateral or
multilateral arrangements. For example, the certificate has the correct Policy ID for what it is
used for (see Permitted certificate usage on page 21).
When certificates are used to sign SWIFT messaging traffic, SWIFT centrally checks that the
correct Policy ID was used to sign live traffic (that is Policy ID [Link].2 used for business
certificates stored on HSM). When certificates are used to sign business data, it is the
customer's responsibility to check this.
• In case of message or file signature, the Distinguished Name (DN) in the signature matches that
in the signed message or file, and that the digital signature on the message or file corresponds
to the public verification key and is a valid signature (if the certificate is being validated in
connection with a signed message or file).
• In case of business data signature, the signature has been applied as per the relevant message
standards or service description as applicable.
Preconditions for reliance upon encryption certificates
As a precondition to reliance on confidentiality related to an encryption certificate, the customer
encrypting the data must ensure that all conditions have been successfully verified:
• The certificate was issued under a valid SWIFTNet Certification Authority signature verification
certificate.
• The certificate is valid, that is, it has not expired or has not been added to the Certificate
Revocation List following a certificate revocation request.
• The certificate is of the correct format set out in Certificates on page 16 of this service
description.
• The certificate is appropriate for the customer's intended use.

18 March 2021 53
SWIFTNet PKI Roles and Responsibilities
Service Description

Preconditions for reliance upon web certificates for browse services

As a precondition to reliance on a secure session related to a web certificate, the customer
initiating the browse session must ensure that all the following conditions have been successfully
verified:
• The certificate was issued under a valid SWIFTNet Certification Authority signature verification
certificate.
• The certificate is valid.
• The certificate is of the correct format set out in Certificates on page 16 of this service
description.
• The certificate is appropriate for the customer's intended use.

Reliance on correspondent's business, lite, and personal token and personal HSM certificates for
signature verification
If the correspondent's certificate has met the preconditions for reliance, then customers can rely on
digital signatures related to these certificates.
The customer's reliance on the correspondent's certificate covers the following:
• The use of the private key that corresponds to the certificate can be attributed to the customer
identified (by the 8-character BIC) in the Distinguished Name (DN). This is non-repudiation of
origin at customer level.
• The signed file digest or message that relates to the digital signature has not been altered since
transmission. This is message or file integrity.

Reliance on correspondent's encryption certificates

If the correspondent's certificate meets the preconditions for reliance, then customers can choose
to use encryption. Such use or reliance must be for an assurance that data encrypted by means of
an encryption certificate is confidential.
Any use of, or reliance on, an encryption certificate, other than as described in this section, is
entirely at the customer's risk.

Reliance on correspondent's web certificates for browse services

If the preconditions for reliance on the correspondent's certificate have been met, then the
customer can rely on secure sessions that it has used web certificates to establish.
Such reliance covers the following:
• to identify the customer that has entities that participate in the secure session
• to assess the integrity of the exchange of data during the course of the secure session
• for an assurance that the secure session is confidential

5.2.8 Service Bureau

Customer's responsibility for a service bureau
As appropriate, customers can decide, at its discretion and at its own risk, to appoint a service
bureau (or specific persons for which the service bureau is responsible) to exercise specific rights
or obligations under the SWIFT contractual documentation (for example, the use of correct
interface settings and other operational responsibilities necessary to send and receive messages
or files using SWIFTNet messaging services).

18 March 2021 54
SWIFTNet PKI Roles and Responsibilities
Service Description

For the avoidance of any doubt, this does not alter or diminish the customer's obligations under the
SWIFT contractual documentation, and SWIFT deems any act, omission, or default of a service
bureau (or those specific persons for which it is responsible) to be that of the customer concerned.
For more information about the conditions governing the use of a service bureau, see the Shared
Infrastructure Programme Policy.

5.2.9 HSM
Customer's responsibility for HSM
The selection, ordering, installation, and use of the HSM devices is the sole responsibility of the
customer. The customer must comply with any guidelines or instructions in force given by SWIFT
regarding the use of the equipment.

5.2.10 Customer Testing

Customer testing
Customers must not conduct any performance or vulnerability tests on or through SWIFT services
and products unless expressly permitted in the SWIFT Customer Testing Policy. If customers
believe they have identified a potential performance or vulnerability threat, they must immediately
inform SWIFT thereof and treat all related information, data or materials as SWIFT confidential
information.

5.3 SWIFT Roles

5.3.1 SWIFTNet Certification Authority

Definition
SWIFT operates the SWIFTNet Certification Authority system, which is a central system that
produces and publishes digital certificates.

Authorised activities
The SWIFTNet Certification Authority is designed to perform the following activities:
• issue certificates to customers
• publish the certificates in the SWIFTNet Directory
• revoke customer certificates
• publish the Certificate Revocation List in the SWIFTNet Directory

5.3.2 SWIFTNet Registration Authority

Definition
SWIFT operates the SWIFTNet Registration Authority. The SWIFTNet Registration Authority
identifies and authenticates the customer's security officers, including the shared security officer.
After certification, security officers become the local registration authorities that identify and
authenticate customers' entities.

18 March 2021 55
SWIFTNet PKI Roles and Responsibilities
Service Description

Authorised activities
The SWIFTNet Registration Authority is designed to perform the following activities:
• identify and authenticate customers
• identify and authenticate security officers
• identify and authenticate shared security officers
• revoke security officers
• revoke shared security officers
• recover security officers and shared security officers
• validate Local Registration Application requests
For more information about identification and authentication procedures, and the credentials that
customers must provide, see Certificates on page 16.

5.3.3 SWIFTNet Directory

The SWIFTNet Directory is the online repository of operational information that publishes the
identities of registered entities, the digital certificates, and the Certificate Revocation Lists. SWIFT
creates the SWIFTNet Directory entries during the registration process and digital certificates are
added as the result of the certification process.

5.3.4 Policy Management Authority

The Policy Management Authority (PMA), which SWIFT operates, defines and maintains the PKI
policies and, if possible, resolves disputes (for example, conducts investigations in response to
customer queries relating to the use of SWIFT PKI certificates).

5.4 SWIFT Responsibilities

SWIFTNet PKI-specific activities
As provided in this service description, SWIFT does the following:
• establishes and operates the SWIFTNet Certification Authority, the SWIFTNet Registration
Authority, the Policy Management Authority, and the SWIFTNet Directory
• maintains and propagates the Certificate Revocation List
• maintains and archives the activity logs
SWIFT performs these actions to provide SWIFTNet Public Key Infrastructure (PKI) to customers
that have entered into the relevant contractual arrangements with SWIFT.

Legal entities
To support investigations that relate to digital signatures, upon a request from a customer, SWIFT
provides details of the legal entity that corresponds to any Distinguished Name (DN) in a certificate
issued on SWIFTNet.

Risk management
SWIFT periodically evaluates the security risks associated with the provision of SWIFTNet PKI that
are under SWIFT's control, and takes steps to manage such risks.

18 March 2021 56
SWIFTNet PKI Roles and Responsibilities
Service Description

Operational standards
SWIFT operates SWIFTNet PKI within a plan of organisation that provides separation of duties,
and individual or group accountability for the performance of those duties. SWIFT takes steps to
investigate and train SWIFT personnel that are directly involved in the operation of SWIFTNet PKI.

Accurate data processing

SWIFT ensures that the operational data that relates to certificates, and any other information
associated with the delivery of SWIFTNet PKI, is managed and processed accurately according to
this service description.

Use of data for security monitoring and investigation purposes

In accordance with the SWIFT Data Retrieval Policy and the Distributed Architecture principles,
SWIFT may process and store traffic and message data in order to support SWIFT’s protection
measures and forensic capabilities against cybersecurity threats. SWIFT processes and stores
such data on dedicated security systems and in strict accordance with its security policies and
procedures and may analyse such data in the context of a specific security investigation as part of
its security monitoring and investigation processes.

18 March 2021 57
SWIFTNet PKI Ordering and Support
Service Description

6 Ordering and Support

6.1 Ordering
Order SWIFT services and products
To use SWIFT services and products, a customer must subscribe to, or order, the relevant services
and products.
The first subscription to SWIFTNet messaging services includes an automatic subscription to
SWIFTNet PKI.

Related information
For information about SWIFT's online ordering facility and how to order, see [Link] >
Ordering & Support > Ordering.

6.2 Export and Import Restrictions

Export restrictions
HSM boxes, tokens, cards, and readers may not be sent to (a) customers located in Cuba, North
Korea, Iran, Sudan, or Syria nor (b) other customers who are owned or controlled by the
governments of these countries regardless of location nor (c) other customers prohibited from
receiving such technology by US export control law.
When relocating these items and related software and technology, customers must ensure that
they will comply with applicable export and re-export restrictions and other sanctions programmes.
Note Export and re-export restrictions and other sanctions programmes may change from
time to time. If you have any questions about the export classification of these items,
then please contact your local Customer Support Centre.

Import restrictions
Due to certain import regulations, SWIFT may not be able to supply or make the HSM boxes,
tokens, cards, and readers available to customers directly (for example, in Russia or Ukraine).
Customers in those countries are then fully responsible for acquiring the HSM boxes, tokens,
cards, and readers through the third-party agent or distributor designated by SWIFT.

6.3 Support
Support for SWIFT customers
By default, SWIFT Support is the single point of contact to report all problems and queries that
relate to SWIFT services and products. SWIFT Community Support is available to all SWIFT
customers.
Individuals within a customer organisation must register on [Link] to use the Support service.
On top of the SWIFT Community Support, customers can purchase the Advanced Support and
Care Services.
Subscription to SWIFTNet PKI includes the SWIFT Community Support package.

18 March 2021 58
SWIFTNet PKI Ordering and Support
Service Description

For more information about the different services that SWIFT offers as part of the SWIFT Advanced
Support and Care Services and the procedure to order support, see Support and Care Services on
[Link].
SWIFT provides support for SWIFT services and products only. For example, SWIFT does not offer
support for the underlying hardware and software systems (operating system, third-party
messaging middleware) which are used in conjunction with the SWIFT product. In case of
problems or queries that relate to those third-party hardware or software systems, customers must
contact the responsible vendor.

Related information
For more information about Support services, see the Service Description related to the applicable
support package: Support documentation.

18 March 2021 59
SWIFTNet PKI SWIFT Training
Service Description

7 SWIFT Training
SWIFT provides training about standards, products, and services to suit different needs. From
tailored training to self-paced e-learning modules on SWIFTSmart, a range of training options are
available for all SWIFT end users.

SWIFTSmart
SWIFTSmart is an interactive, cloud-based training service that offers a large variety of courses for
different levels of knowledge. The courses contain exercises and quizzes and are available in
multiple languages. The SWIFTSmart catalogue provides a list of courses that are organised into
these learning tracks:
• General knowledge
• Work with messages
• Deploy and manage SWIFT software solutions
• Security and audit
• Compliance and shared services
SWIFTSmart is accessible from the desktop or a mobile device. No installation is required.
SWIFTSmart is available to all connected SWIFT end users and registered SWIFT partners with a
[Link] account. For more information, see How to become a [Link] user.

Tailored training
A full range of tailored programmes is available to meet specific training needs. For more
information, visit the Training web page.

18 March 2021 60
SWIFTNet PKI Contractual Framework
Service Description

8 Contractual Framework
The SWIFT General Terms and Conditions govern the provision and the use of the SWIFTNet PKI
service. For the latest available version of the SWIFT General Terms and Conditions, see
Knowledge Centre (User Handbook).
In no event shall one or more customers be able to recover more than once for the same loss.

18 March 2021 61
SWIFTNet PKI Legal Notices
Service Description

Legal Notices
Copyright
SWIFT © 2021. All rights reserved.

Restricted Distribution
Do not distribute this publication outside your organisation unless your subscription or order
expressly grants you that right, in which case ensure you comply with any other applicable
conditions.

Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.

Translations
The English version of SWIFT documentation is the only official and binding version.

Trademarks
SWIFT is the trade name of S.W.I.F.T. SC. The following are registered trademarks of SWIFT:
3SKey, Innotribe, MyStandards, Sibos, SWIFT, SWIFTNet, SWIFT Institute, the Standards Forum
logo, the SWIFT logo, SWIFT gpi with logo, the SWIFT gpi logo, and UETR. Other product, service,
or company names in this publication are trade names, trademarks, or registered trademarks of
their respective owners.

18 March 2021 62