In the case of fund transfers abroad and individually mandated urgent transfers, the data contained in the transfer is forwarded to the credit institution of the beneficiary via Society for Worldwide Interbank Financial Telecommunication (SWIFT), a company headquartered in Belgium. For reasons of system security, SWIFT temporarily transfers the transaction data to its computer centers in the Netherlands and the USA.
As no other company currently offers these services on a global basis, German credit institutions generally have no alternative but to use SWIFT’s services to process international payments. German credit institutions cannot currently offer their customers services in global payment processing if they do not collaborate with SWIFT. The SWIFT network used by the German credit institutions satisfies the most stringent security requirements both technically and organizationally.
SWIFT operates a computer center (operating center) where the transaction data is temporarily stored in both Europe and in the USA. The data that is stored on the servers of respective operating centers is always identical due to a constant process of data mirroring. This mirroring is performed for security reasons i.e. in order to be able to continue to process international payment transactions from an operating center in the event of a breakdown at the other operating center. The existence of a geographically separate replacement infrastructure to guarantee continuing operations satisfies international standards and supervisory requirements.
Following the events of September 11, 2001, the US Finance Ministry requested transaction data from SWIFT’s US operating center under an official subpoena and evaluated this on counter-terrorism grounds. According to information provided by SWIFT and the US Finance Ministry, an agreement has been made to limit the amount of data recorded under subpoena as far as possible and to guarantee that this data will only be used for counter-terrorism purposes. It can be assumed that the seizure of the payment processing data in the USA is allowed under US legislation. State offices in Europe can also subpoena data on a corresponding legal basis.
In November 2006, German and European data protection supervisory authorities raised objections to the mirroring of payment processing data in a SWIFT operating center in the USA and the right of the US authorities to access such data. The German banking industry is currently endeavoring to find an international solution for the related statutory data processing issues. To this end, constructive exchanges are continuing between all participating parties, and in particular between the data protection supervisory authorities and SWIFT.
