Florencia Lorenzo and Markus Meinzer ■ SWIFT: The next frontier in countering dirty money


Illicit money flows are notoriously hard to track. According to a 2011 report from the UN Office on Drugs and Crime, less than 1 per cent of proceeds from criminal activity that are laundered via the financial system are detected. In efforts to overcome this, authorities have tried to improve customer due diligence requirements, increased transparency around legal vehicles, and engaged in automatic exchange of bank account information to prevent money laundering.  

However, existing mechanisms still have several loopholes and are not sufficient to effectively map and counter illicit financial flows. For instance, financial account information that is exchanged based on the US Foreign Account Tax Compliance Act or the OECD’s Common Reporting Standard can only be used for tax purposes and might not be useful in detecting other financial crimes. Additionally, the automatic exchange of information only covers data on annual income and account balances, which can easily be manipulated and does not enable investigations of individual transactions.  

The fight against money laundering requires law enforcement agencies to “follow the money”, and, as we have argued, financial transaction data could be a game changer for this. A new study, published by researchers from the Tax Justice Network (as part of the TRACE consortium), investigates the potential, shortcomings, reform options, and prevalence of the use of the SWIFT financial messaging data in countering illicit financial flows among European law enforcement agencies. 

The central role of SWIFT for countering financial crimes 

The Society of Worldwide Interbank Financial Telecommunications (usually simply referred to as SWIFT) is an association which, among other things, is responsible for providing a global messaging system of financial information. In 2021, over 11,000 institutions participated in the SWIFT network, and more than 10 billion messages relating to financial transactions were sent through this system1.  

The interest in accessing SWIFT data for detecting and combatting risks of illicit financial flows is not new. The Financial Action Task Force has sought access to SWIFT data since the 1990s, but SWIFT resisted. Despite this, authorities around the world have gained some access to SWIFT data. The US used SWIFT data in its Terrorist Finance Tracking Program to map out terrorist networks, and the US, EU, and UK expelled some Russian banks from the SWIFT network in 2022 to enforce economic sanctions against Russia. Researchers have also used SWIFT data to estimate capital fleeing Ecuador, and to study the impact of anti-money laundering regulation on payment flows. 

SWIFT data can be useful in financial investigations and supervision in two ways. First, law enforcement agencies could access batches of SWIFT transactions for specific cases they are investigating, to trace specific transactions. Second, broad access to SWIFT data could enable advanced analytics to identify suspicious transaction patterns, develop risk algorithms, and guide policy analyses. This could be done through financial intelligence units or anti-money laundering supervisory bodies in the financial sector. 

Our new report suggests, however, that SWIFT data is currently not, or very seldom, directly used by law enforcement agencies and financial intelligence units in the European Union, due to obstacles such as low-quality data, data compatibility, the need for technical expertise to analyse data, and the incompleteness of data. Despite this, the report concludes that authorities would find access to SWIFT data useful for both preventive analytics and investigations. 

Concerns related to the incompleteness and quality of the data, especially relating to the capacity to match financial transactions to specific individuals, call to attention a need to strengthen the messaging standards and the institutional frameworks that govern money transfers, both at the regional and international level. 

Governing financial messaging: International standards, legal frameworks and their loopholes 

In 2012 the Financial Action Task Force introduced the travel rule, which requires some information on the originators and beneficiaries of payments to be carried through the entire payment chain. The rule’s objective is to make basic information available to law enforcement, financial intelligence units and financial institutions, to facilitate criminal investigations and the analysis, identification, and reporting of suspicious transactions. At its heart, the travel rule aims to create an audit trail, allowing for information about where a payment came from to “travel” through the payment chain along with the payment. These rules do not directly apply to the SWIFT organisation providing the messaging system, but to the financial institutions handling the wire transfers and payments, and who in turn own and operate the SWIFT organisation and system.  

The European Union incorporated the travel rule into law by means of the Regulation on Transfer of Funds in 2015. Since July 2021, the EU has been discussing a revision of the regulation as part of its 6th anti-money laundering package. That revision’s main aim was to bring crypto transfers into the scope of the regulation. 

Our report shows that both the Financial Action Task Force recommendation 16 and the European Union version of the travel rule have severe shortcomings from the perspective of an ideal and consistent transparency framework for financial transactions. For example, the inclusion of beneficial ownership information on payers or payees is required under neither the Financial Action Task Force recommendations nor under European transfer of funds regulations. In this regard, the data on the originators and beneficiaries of payments can refer only to a legal entity, and not to the individual who is benefiting from it. Furthermore, consistent, structured and unique identifier information about relevant legal or natural persons would not always be required under either of the rules, evidencing important weaknesses of both the travel rule and the European regulation. 

The regulation on the transfer of funds has an additional weakness in both its original and revised formats with regard to intra-EU transfers. While the Financial Action Task Force travel rule mandates the inclusion of a name for both the payer and payee, the European Union does not require this information for transfers within the European Union. Additionally, the EU falls short of always requiring the inclusion of additional personal identification information, such as address or birthdate, for the payer. Intra-EU transfers only require account numbers for the respective parties, with the remaining information being provided on request within three working days. 

Furthermore, the 2021 proposed recast of the European regulation on the transfer of funds may remove the mandatory inclusion of all the identification criteria of the payers of bank transfers. The listing of criteria now omits the word “and” in article 4.1, which previously clarified that all three identifying attributes (1. name, 2. account number, and 3. address including name of country; official personal document number; and customer identification number, or alternatively, date and place of birth) needed to be included in a transfer message. The removal of the word “and” in articles 4.1 and 4.2 may lead to some ambiguity about whether to include all identifying criteria – or if only one is sufficient. We believe that this potential ambiguity is likely to be addressed and removed through a further revision of the proposed rewording of the transfer of funds regulation which is set to be voted on in April 2023. 

Compared to already weak Financial Action Task Force and European regulations, the SWIFT messaging format is even weaker, with no consistent, uniform or mandatory data structure, and dispensing with hard-wired, coded, and mandatory information to be included about both the paying and beneficiary customers. This is a key shortcoming of the SWIFT messaging format, since the lack of consistency makes data matching and mining extremely challenging, hindering efforts by law enforcement agencies to detect, address and prevent illicit financial flows. As a consequence, enforcement agencies may need to rely on financial institutions to provide the requested transactions in manually collated excel files that have been extracted from the original SWIFT transaction records, creating a series of risks, including everything from simple errors in copying and transposition, to the potential manipulation of evidence. 

Anticipated developments 

Effective standards governing financial messaging systems are a crucial though sometimes overlooked element in combating illicit financial flows. However, there is growing recognition of the importance of this issue. The G20 Finance Ministers and Central Bank Governors Meeting of February 2023 in Bengaluru, India, included a reference to the “travel rule” in their final communique:  

“We recognise the urgent need to establish effective anti-money laundering and counter-terrorism financing regulations and oversight of virtual assets, especially to prevent their use in money laundering and terrorism financing, in line with FATF Standards. We support the FATF’s efforts to speed up the implementation internationally of its standards for this sector and recommit to timely implementation of these rules, including the ‘travel rule’.” 

While the travel rule is mentioned here in the context of money laundering risks relating to virtual or crypto assets, its mention in such a high-level policy document underlines its global and systemic relevance for countering illicit financial flows.  

Another key future development is that, by 2025, SWIFT will have been phased out and replaced by a new financial messaging standard called ISO 20022, which opens a golden opportunity for reforming the global financial payment infrastructure to be better equipped to counter illicit financial flows. While the format appears to be much more structured, only global political standard setters like the United Nations, the G20, the Financial Action Task Force and/or the EU, will be able to decisively influence the suite of mandatory information to accompany transfers of funds in the decades to come. India’s chairing of the G20 could prove decisive in strengthening the minimal transparency requirements for legitimate cross-border financial transactions.  


The main recommendations from the report include: 

  • Requiring the mandatory inclusion of beneficial ownership data in transaction records for both the ordering and beneficiary customers. 
  • Preventing the execution of any wire transfers if the identification and verification of the bank’s customers and their beneficial owners have not been fully completed.  
  • Removing any exceptions and ambiguity about the necessity of including multiple identifiers on payers and payees, especially in the current recast of the EU transfer of funds regulation. 
  • Treating all cross-border transfers equally irrespective of regional economic integration. 
  • To enhance data quality and consistency, SWIFT should hard-code basic data requirements for customers in their message standards and ensure that only structured data is allowed in message fields.  
  • Additionally, SWIFT should develop and monitor a data validation standard for all banks using the network.  
  • Lastly, jurisdictions should centralise data on all transactions through a domestic institution. 

In conclusion, the report highlights that the SWIFT message data is currently not being effectively utilised by law enforcement agencies and suggests a need for significant reform in the SWIFT message format and regulatory framework. This would enable far more successful investigations of financial crimes by revealing networks and connections that would otherwise remain invisible.  

Read the entire report here

Related articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.