EBAM for Corporates. SWIFT Certified Application. Label Criteria 2017

Similar documents
Trade Finance. SWIFT Certified Application. Label Criteria 2017

gpi SWIFT Certified Application Label Criteria 2018

SWIFT for CORPORATES Multi-bank services for Corporates

Benefiting from Global Standards

Optimizing SWIFT ebam for Your Corporation

Translating D ata Data to to Information Information SWIFTly SWIFTly

SWIFT for high-value payment market infrastructures. Messaging solutions for high-value payment clearing and settlement systems worldwide

SWIFT for Corporates Unique solutions for global corporates. Mauritius, 20 th May 2016

Technology Tools for Treasury

UniWeb. Our electronic banking services system available directly on the Internet

Service description Corporate Access Payables

SWIFT for Corporates Get ready for a truly global treasury

ING Service for SWIFTNet

Michael Diet Director, Intensum Luxembourg

UniWeb. Our electronic banking services system available directly on the Internet

Leveraging SWIFT Alliance Lite2 to create a single pipe for global banking partner integration. Tele-discussion September 10, 2014

SWIFT for Market Infrastructures. Supporting your business, connecting your community

Understanding SWIFT Corporate Access

IBank Remittances. IBank REMITTANCES. Overview

Association of Serbian Banks Reduces Gyro Clearing of Cheques to Less Than One Hour

Payments: Local, Global, Flexible

INFORMATION CONSOLIDATED

For Publishers implementing and using the National Product Catalogue in Australia & New Zealand. Load & Maintain your National Product Catalogue

Corporate Access The first-class solution to upgrade our customer s payment processes

SWIFT: Myths and Reality. Kemal Batu

Tieto Payment Suite. Why Tieto? Making payments pay off

Deltek Touch Time & Expense for Vision. User Guide

EBAM: Electronic Bank Account Management Made Easy!

New Payments Platform. A Technical Overview

X Infotech Banking. Software solutions for smart card issuance

BUSINESS PROCESS MANAGEMENT SUITE FUNCTIONAL DESCRIPTION

Asset Tracking Solutions. Partial Controls and Features

Mondelez Mexico is moving to e-invoicing

See What's Coming in Oracle Talent Management Cloud

MEETING OF INTELLECTUAL PROPERTY OFFICES (IPOs) ON ICT STRATEGIES AND ARTIFICIAL INTELLIGENCE (AI) FOR IP ADMINISTRATION

Implement SWIFT Simply: Top 10 Things You Need to Know

T2S - testing & migration phase. How is SWIFT supporting you?

IBM Financial Transaction Manager for SEPA Services IBM Redbooks Solution Guide

IBM Maximo Mobile Asset Manager Version 7 Release 5. User Guide

E-INVOICING Action Required: OB10 Registration

MEDICAID TRANSFORMATION GRANT APPLICATION SECURE VERIFICATION OF CITIZENSHIP THROUGH AUTOMATION OF VITAL RECORDS

Transitioning to a paperless environment includes these two significant changes in our Accounts

GENERAL NOTES on the ideal Rules & Regulations

Procure-to-Pay Automation for Microsoft Dynamics AX

SafeNet Authentication Service (SAS) Service Provider Role and Scope Guide

Uptime Maintenance and Support Services - Appendix. Dimension Data Australia Pty Limited. Uptime Support Services Agreement

Thank you for your commitment to providing Henkel with quality materials and services.

GUIDELINE OF THE EUROPEAN CENTRAL BANK

Electronic I-9 Documentation Guardian Electronic I-9 and E-Verify Compliance with 8 CFR 274a.2

INTERNAL AUDIT DIVISION

Info Paper. ISO Harmonisation Best Practices

Business Manager. Enhancements Version January

1.3. We will post any changes we may make to our Notice on this Website or communicate them to you by .

Building an ISO implementation roadmap How can SWIFT help?

Utilising our strengths to enhance yours. Payment solutions for the Travel Sector

Mastercard Engage Directory for Digital Wallets

SANTANDER TREASURY LINK TRANSITION GUIDE

Evolution M Core Training Purchase and Subcontract Processing Issue 2

This application process is for the New Modernized Drive Clean Program that uses the new OBD II and/or TSI, and Heavy Duty test equipment.

Manual OPplus 365 Pmt. Export

CyberFT. Universal system for financial data exchange and electronic documents workflow

BRIDGE SPECIALTY SUITE

ANZ SWIFT SERVICES CONNECTING YOUR BANKING NETWORK

Customer Due Diligence, Using New Technology for in the CDD Customer Due Diligence PurposesProcess

SII Immediate Supply of Information

Tracking Payments and Securities with IBM Financial Transaction Manager V2 IBM Redbooks Solution Guide

Moving Towards a SEPA-compliant Infrastructure

Request for Proposals. For Electronic Invoice and Travel Management System

National Payment System Department. Position Paper on the Interbank Settlement Application Interfaces

payment platforms that can service payment requirements globally, across the enterprise in a cost effective and flexible manner.

COUNCIL OF THE EUROPEAN UNION. Brussels, 26 November 2013 (OR. en) 16162/13 Interinstitutional File: 2013/0213 (COD)

Newspaper Association of America

WebSphere Business Integration Collaborations Reference guide. Integrate business processes across your company and beyond.

GS1 EDI strategy As approved by the GS1 General Assembly, May 2018

Case Study: Dell Computers - Expediting Your Business Case for SWIFT

POS Portal Software Solutions

User Manual. I-9 Management

Empowering a Digital Treasury. Bank account management report: Complex, manual processes leading to increased payment fraud risks and high costs

IBM Clinical Trial Management System for Sites

SWIFT Compliance Roadmap 16th Finance Tech Forum

ISO Adoption Considerations & Survey for U.S. Wire Transfer Systems. Federal Reserve Bank Webinar July 15, 2015 July 23, 2015

TERMS OF USE FOR UNIFI MOBILE #BEBAS BILLING FOR GOOGLE PLAY

Deltek Touch Time & Expense for GovCon 1.2. User Guide

IBM Sterling Data Synchronization Manager

Mondelēz Accounts Payable Update Electronic Invoicing. Overview. Next Steps

APAC RMPG ASX implementation of ISO for notification of corporate actions

Procure-to-Pay Automation for Microsoft Dynamics NAV

The LBi HR HelpDesk. The Features of a Solution Engineered to Empower Employees and Maximize HR in Companies of Any Size. LBiSoftware.

Maintenance Policy. Error means any verifiable and reproducible failure of the Software to materially conform to the Documentation.


FRCS VMS PKI - PKI Disclosure Statements Version 1.0 FRCS VMS PKI. PKI Disclosure Statements. Effective Date: 27 Dec Version: 1.0.

SWIFT for Corporates Update globally focus on CEE

Employer User Manual. Version 2.0

Issue Date: 02/10/2013 TAXATION AND CUSTOMS UNION DG CUST-DEV2 - FC TAXUD/2010/CC/100 - SC 11 SUBJECT: DDNTA for NCTS P4. Appendix Z: Data Items

(Legislative acts) DIRECTIVE 2014/55/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on electronic invoicing in public procurement

IBM Emptoris Services Procurement on Cloud

Sample Management (QM-IM- SM)

EMV 3-D Secure Press Kit Q&A

BRIDGE INSURANCE SOFTWARE SUITE. Modern Approach For An Increasingly Complex Market

Transcription:

Label Criteria 2017 This document explains the business criteria required to obtain the SWIFT Certified Application for Corporates - EBAM 2017 label, which is aimed at corporate applications. 10 February 2017

Table of Contents Table of Contents Preface... 3 1 Electronic Bank Account Management... 4 2 SWIFT Certified Application for Corporates - Corporate EBAM Label... 7 3 SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017...8 3.1 Certification Requirements... 8 3.2 Installed Customer Base... 8 3.3 Messaging... 8 3.4 Direct Connectivity...9 3.5 Standards... 10 3.6 Message Validation...12 3.7 Additional Certification Requirements... 13 3.8 Reference Data Integration...13 3.9 3SKey Support (Optional)...16 4 Marketing and Sales...17 Legal Notices...18 10 February 2017 2

Preface Preface Purpose of the document Audience This document explains the criteria required to obtain the SWIFT Certified Application - EBAM label 2017 for corporate back-office applications. EBAM stands for Electronic Bank Account Management. This document is for the following audience in vendor companies: Product Managers Development Managers Developers Related documentation SWIFT Certified Application Programme Overview The document provides an overview of the SWIFT Certified Application programme. It describes the benefits of the programme for SWIFT registered providers that have a software application they want to certify for compatibility with SWIFT standards, messaging services, and connectivity. This document also describes the application and validation processes that SWIFT uses to check such SWIFT compatibility. SWIFT's certification of an application is not an endorsement, warranty, or guarantee of any application, nor does it guarantee or assure any particular service level or outcome with regard to any certified application. SWIFT Certified Application Technical Validation Guides The documents explain in a detailed manner how SWIFT validates the application so that this application becomes SWIFT Certified. SWIFT for Corporates > EBAM > EBAM resource centre - Naming convention for EBAM attachments This document describes the rules that users must follow to name files related to EBAM messages, exchanged using FileAct. - Signature Specifications This guide provides an overview about how to use a digital signature in the EBAM solution to sign the XML messages and the potential attachments. The construction of the file containing the XML message and attachments is included. - EBAM - Offering Overview This document provides an overview of SWIFT's EBAM offering. It includes a definition of the scope of the offering as well as a high-level description of its building blocks. The document also contains references to detailed documentation which help any interested parties implement EBAM. 10 February 2017 3

Electronic Bank Account Management 1 Electronic Bank Account Management Background The current process of Corporate-to-Bank Account Management (BAM) (that is, opening, maintaining, and closing accounts) is very manual and paper-based, leading to high costs and inefficiencies for both the corporates and the banks. TODAY TOMORROW Paper Corporate Bank Corporate XML mesages Supporting documents Personal Digital Signature Bank Fax Slow - Low integration Expensive - Low satisfaction Automated/STP - Dematerialised Standardised - Faster/cheaper D1570008 EBAM solution SWIFT EBAM helps to automate this process for existing customers that have an established relationship with a bank or for a new legal entity of these customers. Benefits for banks and corporates Scope reduced total elapse time increased corporate customer satisfaction reduced cost improved straight-through processing and traceability compliance with audit requirements improved process follow-up and control of accounts The EBAM offering covers the full end-to-end process: 15 ISO 20022 XML messages address 18 business scenario's. Each scenario is represented by an agreed workflow and a number of 10 February 2017 4

Electronic Bank Account Management standardised messages, and ends with a confirmation report that both parties agree on the account feature(s). Account opening Physical supporting documents (such as passport copies) are numerous and are still required in some scenarios. EBAM enables electronic copy attachments that, in some jurisdictions, replace the physical exchange. An example of a bank account opening scenario is pictured below. Account maintenance EBAM facilitates the automation of frequently changing account mandates and signatories, for example to cover a temporary absence of a Chief Financial Officer in the organisation, or the replacement of a mandate holder. Account closure Closing an account requires decisions on outstanding balances, delayed transfers, and existing bank account structures (for example, pooling). EBAM enables corporate to include these new instructions with the account closure request. Account report The account report ensures consistency between the corporate and the bank on the account and mandates structure at any given point in time. 1. Account Opening Request 2. Account Request Acknowledgement 3. Account Opening Additional Information Request Corporate 4. Account Opening Amendment Request 5. Account Report Bank D1570009 Key components EBAM packages the following components in a single product: XML standards A set of 15 ISO 20022 XML messages to capture key information that today is exchanged on paper between banks and corporates. Attachments A standard technique to attach electronic documents required for legal or bank policy reasons. Transport over FileAct A messaging service over FileAct that harmonises the use of the FileAct header and the transportation of XML messages and attachments. Security 10 February 2017 5

Electronic Bank Account Management A standard technique to digitally sign XML messages or attachments (or both) at individual level versus corporate level, and to exchange the electronic certificates of the mandated parties. 10 February 2017 6

SWIFT Certified Application for Corporates - Corporate EBAM Label 2 SWIFT Certified Application for Corporates - Corporate EBAM Label Overview The SWIFT Certified Application for Corporates - EBAM label focuses on the certification of core applications that enable the initiation, generation, and processing of the EBAM messages. 10 February 2017 7

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 3 SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 3.1 Certification Requirements New label Vendors applying for the SWIFT Certified Application for Corporates - Corporate EBAM label must comply with all criteria defined in this document. Existing label (renewal from previous year) Not applicable. 3.2 Installed Customer Base Live customer reference The 2017 label does not require the corporate to have a live customer reference. By customer, SWIFT means a corporate that uses the product to send and receive messages over SWIFTNet. If the vendor provides a customer reference, then SWIFT reserves the right to contact the relevant customer to validate the functionality of the application submitted for a SWIFT Certified Application label. A questionnaire is used as the basis for the customer validation. The questionnaire can be in the form of a telephone interview, an e-mail, or a discussion at the customer site. The information provided by the customer is treated as confidential and is not disclosed, unless explicitly agreed with the customer. 3.3 Messaging Overview The application must support the Interact and FileAct protocols. The messaging services and related tools form the core offering of SWIFT and include information directories and business intelligence. Mandatory InterAct Designed to complement FileAct and FIN, InterAct can support tailored solutions for market infrastructures, closed user groups, and financial institutions. FileAct 10 February 2017 8

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 FileAct enables secure and reliable transfer of files and is typically used to exchange batches of structured financial messages and large reports. FileAct supports tailored solutions for market infrastructure communities, closed user groups, and financial institutions. FileAct is particularly suitable for bulk payments, securities value-added information, and reporting. It is also suitable for other purposes, such as central bank reporting and intra-institution reporting. 3.4 Direct Connectivity Requirements For direct connectivity, the vendor application must integrate with Alliance Access. A business application that does not connect directly to Alliance cannot be considered for a SWIFT Certified Application label. The direct connection from the business application to Alliance Access can be achieved using one or more of the Alliance Access adapters: MQ Host Adapter (MQHA) Automated File Transfer (AFT) SOAP Host Adapter The vendor must develop and test SWIFT application integration using Alliance Access 7.0 or 7.2. Proper support of either Alliance Access Release 7.0 or 7.2 is mandatory for the 2017 label. The SWIFT Certified Application for Corporates - Corporate EBAM label requires support for either Automated File Transfer (AFT) or an interactive link with MQ Host Adapter (MQHA) or SOAP. Mandatory adapters Messaging service Standards Interface Mandatory adapter FileAct in real-time mode Any Alliance Access 7.0 or 7.2 AFT or MQHA or SOAP FileAct in store-andforward mode Any Alliance Access 7.0 or 7.2 AFT or MQHA or SOAP Note If the application supports several of the previously mentioned adapters, then the vendor may provide the appropriate evidence for some or all of them during the technical validation. SWIFT only publishes information for which evidence has been provided. SWIFTNet Release 7.2 A mandatory upgrade to the underlying technology behind SWIFT's interface products is planned for 2017. The aim of the release is to continue to provide a highly secure and efficient SWIFT service for our customers in the years ahead. 10 February 2017 9

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 Note Release 7.2 support will become a mandatory requirement in 2018. SWIFT recommends that you test, plan, and prepare for this change accordingly during the course of 2017. Customers will expect statements about your readiness soon after general availability. More details on the SWIFTNet Release 7.2 can be found on www.swift.com: Release 7.2 User Handbook Local Authentication (LAU) Local Authentication provides integrity and authentication of files exchanged between Alliance Access and any application that connects through the application interface. Local Authentication requires that the sending entity and Alliance Access use the same key to compute a Local Authentication file signature. With the increased number of cyber-attacks on the financial industry, customers will expect message signing with LAU from their application providers. Note 3.5 Standards Although Local Authentication support is not mandatory to receive the 2017 SWIFT Certified Application label, SWIFT strongly encourages SWIFT Certified providers to plan for LAU support. ISO 20022 In terms of standards, the application must support the 15 XML messages that were developed in the scope of EBAM. These messages make it possible to refer to any attachments when needed. Schemas are available on the ISO 20022 web site. Corporate-to-bank MX messages AccountOpeningRequestV02 AccountOpeningAmendmentRequestV02 AccountReportRequestV02 AccountExcludedMandateMaintenanceRequestV02 AccountExcludedMandateMaintenanceAmendmentRequestV02 AccountMandateMaintenanceRequestV02 AccountMandateMaintenanceAmendmentRequestV02 AccountClosingRequestV02 AccountClosingAmendmentRequestV02 Message identifier acmt.007.001.02 acmt.008.001.02 acmt.013.001.02 acmt.015.001.02 acmt.016.001.02 acmt.017.001.02 acmt.018.001.02 acmt.019.001.02 acmt.020.001.02 10 February 2017 10

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 Bank-to-corporate MX messages AccountOpeningAdditionalInformationRequestV02 AccountRequestAcknowledgementV02 AccountRequestRejectionV02 AccountAdditionalInformationRequestV02 AccountReportV02 AccountClosingAdditionalInformationRequestV02 Message identifier acmt.009.001.02 acmt.010.001.02 acmt.011.001.02 acmt.012.001.02 acmt.014.001.02 acmt.021.001.02 FileAct Note Version 1 support of the acmt message is mandatory. Version 2 support is optional at this stage. EBAM message specifications and schemas are available as follows: ISO web site SWIFT User Handbook (Standards MX November 2013 - Bank Account Management Message Definition Reports and Schemas) When exchanging Bank Account Management (BAM) information, it is necessary to support the instructions with additional documentation such as scans of passports, the bank's terms and conditions, or the corporate's by-laws. In order to easily and automatically process this additional information, it is important to clearly and uniformly identify the attachments. Therefore, the application must support the naming convention required in the scope of SCORE (Standardised Corporate Environment). Code Meaning Explanation ADRS Address ARTS By-laws, Memorandum and Articles of Association, statuts Corporate document to confirm a company's name, incorporation, governance, powers, and scope CCOM Commercial register CERT Certificate of Incorporation, Certificate of Registration Corporate document issued by the national body responsible for registration of the corporate CORP Corporate Resolutions Corporate document to confirm a company's name, incorporation, governance, powers, and scope COUN Country declarations, country-specific documents CUST Client letter 10 February 2017 11

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 Code Meaning Explanation DVLC Driving licence Personal identification document GENR General bank forms IDEN Identity card Personal identification document INFO Information documents MODF Modification forms MSTR Master agreement Bank document with the master agreement that rules the account relationship PASS Passport Personal identification document PROX Proxy, Power of Attorney Personal identification document: mandate given by the legal representative of the organisation REGU Regulatory document RESI Certificate of residence, non-resident declaration certificate SERV Service agreement Bank document with the service agreement around the respective account(s) SIGN (Wet) Signature card Bank document with an electronic picture copy of the hand-written signature(s) SOSE Social security card Personal identification document SPEC Special agreement Any specific agreement entered into by the bank and its customer TAXC Tax certificate For many countries, there is a requirement to confirm the position regarding local Tax TERM Terms and Conditions Bank document with the terms and conditions that describe the usage of the respective account(s) OTHR None of the above More information is available in the Naming convention for EBAM attachments document. 3.6 Message Validation Requirements The application must comply with message validation rules described in the EBAM - Offering Overview and the FileAct Implementation Guide for SCORE. 10 February 2017 12

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 3.7 Additional Certification Requirements Message entry The application must enable a user to manually input or modify ISO 20022 messages through normalised input fields that are independent of the underlying syntax and business meaning. Message repair The application must validate the user data input at field level and must flag any invalid entry, prompting the user to correct the input. This includes but is not limited to flagging empty mandatory fields. User profile management The application must provide a user with a profile management functionality to ensure that only authorised users can perform specific tasks. The provider must demonstrate how the application handles user profile creation, update, and deletion. The provider must also demonstrate that access is denied or an operation is refused if a user is not entitled to perform this operation. Lastly, the provider must demonstrate that the application supports the four-eyes principle by showing that a specific operation (for example, a payment initiation) requires a second person to validate it before its execution. 3.8 Reference Data Integration The application must support the directories that are documented in this section. Optional directories are clearly identified as such. 3.8.1 BIC Directory Overview The application must provide access to the BIC Directory (or the eventual replacements of the BIC Directory: BIC Plus or BIC Directory 2018) both for message validation and as a look-up function in the message creation and message repair stations. It is the responsibility of directory subscribers at all times to make sure that they use the latest version of the BIC Directory. As such, SWIFT expects the application to support the BIC Directory monthly update in an efficient manner without disrupting customer operations. Retrieval functionality during message composition The BICs contained in the BIC Directory, BIC Plus, and BIC Directory 2018 can be used in various fields of the SWIFT messages. The absence of BICs in these fields is one of the major obstacles to straight-through processing (STP) and causes manual intervention on the recipient side. SWIFT expects vendors to provide an integrated interface within their application to make it possible for users to retrieve and input correctly formatted BICs into the proper fields. Search functionality The user must be able to enter a number of search criteria, such as bank name or address, to perform a search, and to get a list of results. From this result window, the user must be able to 10 February 2017 13

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 select the required BICs and copy these into the different bank identifier fields of the message (that is, the transaction). If the search criteria return no results, then the user must be alerted that no BIC is available. If the user manually enters an invalid BIC, then the application must send an alert notifying the user that this BIC is not valid. Available format and delivery Delivery Flat file in XML or TXT format. The BIC Directory, BIC Plus, and BIC Directory 2018 are downloadable in a manual or automated manner from the SWIFTRef Access Point in full and delta versions. Upon request, they can also be delivered through FileAct. The BIC Directory, BIC Plus, and BIC Directory 2018 must either be copied into the application repository system or stored in the back office for access by the vendor application through a defined interface. 3.8.2 Bank Directory Plus (Optional) Content Bank Directory Plus contains the following information: All BIC11s from the ISO registry (more than 200 countries), from connected and non-connected financial institutions and corporates active on FIN, FileAct, and/or InterAct. All LEI (Legal Entity Identifier) from the endorsed LOUs (Local Operating Units). Name and address details for each BIC FIN service codes National clearing codes (160+ countries), including CHIPS, TARGET, and EBA data. For a limited number of countries (10+), national codes are also provided with name and address in local language (for example, China, Japan, Russia). Bank hierarchy information Country, currency, and holiday information Timezone information Available formats Delivery Flat file in XML or TXT format The Bank Directory Plus is downloadable in a manual or automated manner from the SWIFTRef Access Point in full and delta versions. Upon request it can also be delivered through FileAct. 10 February 2017 14

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 3.8.3 IBAN Plus (Optional) Content The IBAN Plus directory contains the following information: IBAN country formats - IBAN country prefix - IBAN length - Bank code length, composition, and position within the IBAN Institution name and country Institution bank and branch codes in the formats as embedded in IBANs Institution BICs as issued together with the IBANs to the account holders Data for the SEPA countries and the non-sepa countries that adopted the IBAN Updates to the file when new IBAN country formats are registered with SWIFT in its capacity as the ISO IBAN registry The directory is ideal for accurate derivation of BIC from IBAN, covering 68 IBAN countries (including all SEPA countries). Available formats Delivery Flat file in XML or TXT format The IBAN Plus is downloadable in a manual or automated manner from the SWIFTRef Access Point in full and delta versions. Upon request it can also be delivered through FileAct. 3.8.4 SWIFTRef Business Applications (Optional) Introduction Purpose SWIFTRef offers a portfolio of reference data products and services. Data is maintained in a flexible relational database and accessible in a choice of formats and delivery channels matched to business needs. Application vendors are able to access BICs, National bank/sort codes, IBAN data, payment routing data (including SEPA and other payment systems), Standard Settlement Instructions (SSIs), LEIs, MICs (Market Identification Codes), BRNs (Business Registration Numbers), GIINs (Global Intermediary Identification Numbers), and more. Through SWIFTRef, vendors can ensure that their applications support the most accurate and up-to-date reference and entity data for smooth payments initiation and processing. Related information Additional information about SWIFTRef for application vendors is available on swiftref.swift.com/ swiftref-business-applications. 10 February 2017 15

SWIFT Certified Application for Corporates - Corporate EBAM Criteria 2017 3.9 3SKey Support (Optional) Background When a bank interacts with its corporate customers through electronic banking channels, it may need to authenticate received data to ensure that the individual customer employee is authorised to issue the instruction. In practice, banks and their corporate clients must often manage and use several different types of personal signing mechanisms (for example, multiple tokens with different passwords). Using and maintaining different authentication methods in parallel adds to the complexity, and leads to higher operational risk and cost. 3SKey solution To address this issue, SWIFT offers the 3SKey solution. SWIFT supplies tokens that include PKIbased credentials for 3SKey users (typically, corporates). 3SKey users set up their tokens with a personal certificate issued by the SWIFT PKI. 3SKey users use these credentials to sign messages and files exchanged with one or more 3SKey subscribers over any mutually agreed channel. The signature provides authentication of the 3SKey user and non-repudiation of the signed transactions. Application vendor requirements The application vendor must provide workflow management for transaction and file signing with 3SKey. The application must fulfil the following requirements: Transport the personal signatures together with the files, messages, and documents sent to the bank Support single and multiple signatures on files, messages, and documents Application vendor obligations The application vendor must fulfil the following conditions: 1. Order the 3SKey developer kit and integrate 3SKey in the vendor application in accordance with the service and technical requirements, as documented in the 3SKey Service Description and the 3SKey Developer Guide. 2. Send a transaction signed with 3SKey for verification purposes (PKCS#7). Application vendors can find more information on www.swift.com. 10 February 2017 16

Marketing and Sales 4 Marketing and Sales Requirements In order to maximise the business value of the SWIFT Certified Application - Corporate EBAM label, collaboration between SWIFT and the vendor is expected. More specifically, the vendor must provide SWIFT, under a non-disclosure agreement, with the following information: A list of customers actively using the application in a SWIFT context The list must contain the institution name, location, and an overview of the integration scope (domain, features, and sites) for the current and previous year. A list of all customers active in the financial sector A product roadmap for 2017 and 2018 containing the plans for further developments, SWIFT support, and new releases A complete set of documentation, including feature overview, SWIFT adapters, workflow engine capability, and user manuals In addition, the vendor must dedicate a page of their web site to describe the SWIFT Certified Application used in a SWIFT context. 10 February 2017 17

Legal Notices Legal Notices Copyright SWIFT 2017. All rights reserved. Disclaimer The information in this publication may change from time to time. You must always refer to the latest available version. Translations The English version of SWIFT documentation is the only official and binding version. Trademarks SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: the SWIFT logo, SWIFT, SWIFTNet, Accord, Sibos, 3SKey, Innotribe, the Standards Forum logo, MyStandards, and SWIFT Institute. Other product, service, or company names in this publication are trade names, trademarks, or registered trademarks of their respective owners. 10 February 2017 18

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback