Kop Surat

1. SWIFT Network Architecture Topology

The SWIFT Secure IP Network (SIPN) is a private, highly redundant global backbone that interconnects financial institutions. Each bank connects via encrypted VPN tunnels or dedicated MPLS links. The architecture enforces strict perimeter segmentation, separating internal enterprise systems from the core SWIFT processing nodes.

graph TD BankERP[Bank Internal Core / ERP] -->|Private LAN| SAG[Alliance Gateway] SAG -->|Encrypted VPN / MPLS| SNL[SWIFTNet Link] SNL -->|Perimeter Boundary| SIPN[SWIFT Secure IP Network] SIPN -->|Primary Command| DC1[Operational Center Alpha] SIPN -->|Failover Mirror| DC2[Operational Center Beta] style BankERP fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style SAG fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style SNL fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style SIPN fill:rgba(26,54,93,0.4),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style DC1 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style DC2 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff

Implementation Notes

Every edge node must enforce Layer‑7 firewalls, IP allowlists, and deep packet inspection. No unencrypted financial payload is permitted beyond the application boundary.

2. Alliance Lite2 Integration

Alliance Lite2 is SWIFT's cloud‑based connectivity solution. It uses a lightweight AutoClient and USB hardware tokens to establish TLS 1.3 tunnels over the public internet, with client certificate authentication and strong cryptographic challenge‑response.

sequenceDiagram autonumber participant Client as Local AutoClient participant Token as USB Hardware Token participant Cloud as Lite2 Cloud Gateway participant Core as SWIFT Core Processing Client->>Token: Request cryptographic challenge Token-->>Client: Return signed token payload Client->>Cloud: Establish TLS 1.3 + certificate Cloud->>Cloud: Authenticate & apply ACL Cloud->>Core: Relay normalized financial payload

3. Alliance Gateway (SAG) Topology

The Alliance Gateway acts as the protocol translator between back‑office applications and SWIFTNet primitives. It manages logical host identities, handles system administration, and decouples local processing from transmission complexities.

graph LR AppA[Payment Engine] -->|MQ / RA| SAG[Alliance Gateway Host] AppB[Treasury System] -->|File Drop| SAG SAG -->|IPC Interface| SNL[SWIFTNet Link] SNL -->|Crypto Tunnel| SIPN[SWIFT Network] style AppA fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style AppB fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style SAG fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style SNL fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style SIPN fill:rgba(26,54,93,0.4),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff

4. SWIFTNet Link (SNL) Operation

SNL is the lowest software layer executing raw API communications. It packages XML schemas, manages keep‑alive sockets, and interfaces directly with HSMs to encrypt and sign every outbound payload.

sequenceDiagram participant SAG as Alliance Gateway participant SNL as SWIFTNet Link Engine participant HSM as Hardware Security Module participant Remote as SWIFT Network Node SAG->>SNL: Deliver raw XML business payload SNL->>HSM: Request digital signature HSM-->>SNL: Return signature block SNL->>SNL: Build InterAct / FileAct envelope SNL->>Remote: Dispatch over encrypted TCP

5. PKI & Hardware Security Module (HSM)

SWIFT relies on asymmetric cryptography for non‑repudiation. HSMs generate and store private keys in tamper‑proof hardware. The SWIFT PKI framework governs certificate issuance, revocation checks, and periodic key rotation under dual‑custody policies.

graph TD CA[SWIFT Central Certificate Authority] -->|Issues certificates| HSM[Bank Local HSM] HSM -->|Signs message blocks| Verifier[SWIFT Ingress Router] Verifier -->|Validates against| CRL[Certificate Revocation List] style CA fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style HSM fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Verifier fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style CRL fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff

6. Relationship Management Application (RMA)

RMA is a business filter that authorises which BICs may exchange messages. It acts as a regulatory firewall, preventing unsolicited traffic before any payload parsing occurs.

sequenceDiagram participant Sender as Sender Bank A participant Registry as SWIFT RMA Registry participant Receiver as Receiver Bank B Sender->>Registry: Request RMA authorisation Registry->>Receiver: Forward verification challenge Receiver-->>Registry: Accept bilateral relationship Registry-->>Sender: RMA status = ACTIVE Sender->>Receiver: Transmit approved FIN / MX block

7. FIN Message (MT) Structure

FIN messages use a strict block format delimited by curly braces { }. Blocks 1–5 carry basic headers, application data, user fields (e.g. field 20, 50a, 59), and authentication trailers.

                {1:F01BANKDEJJXXXX0000000000}{2:I103BANKSGSGXXXXN}{3:{108:TR20260713001}}{4:
                :20:REF20260713
                :32A:260713USD500000,00
                :50K:/12345678
                JOHN DOE CORP
                :59:/87654321
                JANE SMITH LTD
                -}{5:{MAC:12345678}{CHK:87654321}}
            
graph LR B1[Block 1: Basic Header] --> B2[Block 2: Application Header] B2 --> B3[Block 3: User Header] B3 --> B4[Block 4: Text Payload] B4 --> B5[Block 5: Trailer / MAC] style B1 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style B2 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style B3 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style B4 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style B5 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff

8. ISO 20022 MX Message Pipeline

ISO 20022 (MX) uses rich XML schemas with a Business Application Header (<bah>) and a Document body (pacs.008.001.10). This format enables deeper data granularity and multi‑language support.

graph LR Core[Payment Application] -->|JSON / DB| Xform[MX Transformation Engine] Xform -->|Validate XSD| XSD[XML Schema Validator] XSD -->|Add BAH| Env[Add Business Application Header] Env -->|Output| Out[pacs.008 XML Document] style Core fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Xform fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style XSD fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Env fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Out fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff

9. FileAct Bulk Delivery Architecture

FileAct is designed for large file transfers such as batch clearings, regulatory reports, and image archives. It supports real‑time validation and store‑and‑forward batch orchestration.

sequenceDiagram participant Client as Node Client Agent participant FA as SWIFTNet FileAct Service participant Target as Remote Target Node Client->>FA: Initiate file upload session FA->>Target: Notify incoming transfer Target-->>FA: Confirm readiness Client->>FA: Upload fragmented chunks FA->>Target: Deliver reconstructed file Target-->>FA: Send delivery signature FA-->>Client: Finalise session (SUCCESS)

10. InterAct Query‑Response Architecture

InterAct provides real‑time, synchronous request‑reply messaging for transaction authorisation and balance lookups. It maintains persistent connections for low‑latency responses.

graph LR Client[Client Node] -->|Synchronous request| Router[SWIFTNet InterAct Router] Router -->|Deliver query| Target[Target Clearing Entity] Target -->|Synchronous response| Router Router -->|Return results| Client style Client fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Router fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Target fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff

11. Browse Security Architecture

Browse offers a secure web interface for administrative dashboards. Access is protected by TLS client certificates and hardware‑token multi‑factor authentication.

graph TD Admin[System Operator] -->|Secure Browser| Portal[Browse Interface Gateway] Portal -->|MFA Token challenge| Auth[Auth Engine] Auth -->|Session token| Backend[Core Configuration Console] style Admin fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Portal fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Auth fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Backend fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff

12. Message Queue & Store‑and‑Forward Engine

The Store‑and‑Forward (SnF) engine buffers messages when the destination node is offline. Once connectivity is restored, queued transactions are delivered in FIFO order with priority overrides.

sequenceDiagram participant BankA as Bank A participant SnF as Central SnF Queue Cluster participant BankB as Bank B (offline) BankA->>SnF: Transmit transaction SnF->>SnF: Persist to disk array SnF->>BankB: Connectivity poll (timeout) Note over BankB: Node recovers BankB->>SnF: Wakeup & pull request SnF->>BankB: Flush queued messages (FIFO)

13. Validation & Syntax Engine Pipeline

Every incoming message must pass a syntax and business‑rule validation pipeline. Faulty payloads are rejected with a NACK, while valid messages receive an ACK and are forwarded to the network.

graph TD Raw[Inbound message] --> V1{Syntax valid?} V1 -->|No| Rej[Reject → NACK] V1 -->|Yes| V2{Business rules OK?} V2 -->|No| Rej V2 -->|Yes| Fwd[ACK & forward] style Raw fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style V1 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style V2 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Rej fill:rgba(116,42,42,0.5),stroke:rgba(252,129,129,0.4),stroke-width:2px,color:#ffffff style Fwd fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff

14. AML & Sanction Screening Pipeline

Compliance engines scan payer / payee fields against global watchlists (OFAC, UN, EU). Matches are quarantined for manual compliance review before any settlement occurs.

graph LR In[Ingress transaction] --> Extract[Text extraction] Extract --> Screen[Sanctions matching engine] Screen -->|No hit| Release[Release to network] Screen -->|Hit flag| Hold[Compliance hold queue] style In fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Extract fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Screen fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Release fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff style Hold fill:rgba(116,42,42,0.5),stroke:rgba(252,129,129,0.4),stroke-width:2px,color:#ffffff

15. Settlement Clearing Lifecycle

Settlement moves funds between correspondent accounts. The lifecycle covers debit authorisation, liquidity checks, ledger booking, and final credit confirmation to the beneficiary.

sequenceDiagram participant Debtor as Debtor Account participant Inter as Nostro / Vostro Ledger participant Creditor as Creditor Account Debtor->>Inter: Debit authorisation instruction Inter->>Inter: Check liquidity threshold Inter->>Inter: Book accounting entries Inter->>Creditor: Final settlement credit

16. ACK / NACK Exception Protocols

Every submitted message receives an acknowledgment. ACK confirms safe delivery to the receiver's queue. NACK indicates a syntax or verification error, triggering incident workflows.

graph TD Send[Message transmission] --> Decision{Processing result} Decision -->|Success| ACK[Generate ACK → finalise] Decision -->|Error| NACK[Generate NACK → remediation] style Send fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Decision fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style ACK fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff style NACK fill:rgba(116,42,42,0.5),stroke:rgba(252,129,129,0.4),stroke-width:2px,color:#ffffff

17. Disaster Recovery Active‑Active Resiliency

SWIFT data centres are synchronously mirrored across geographical regions. If the primary site fails, traffic is automatically re‑routed to the secondary site with zero data loss.

graph LR Edge[Edge Router] -->|Primary| DC1[Primary Data Center] Edge -->|Backup| DC2[Secondary Data Center] DC1 <-->|Synchronous mirror| DC2 style Edge fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style DC1 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style DC2 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff

18. Non‑Repudiation Audit Logging

Every outbound and inbound transaction is signed by the local HSM and archived in tamper‑proof WORM storage, ensuring a verifiable, immutable audit trail for regulatory reviews.

graph TD Tx[Transaction node] --> Sign[Append HSM signature] Sign --> Pipeline[Process payload] Sign --> Vault[WORM audit storage] style Tx fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Sign fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Pipeline fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Vault fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff

19. Reference Architecture Model

The end‑to‑end reference model shows how financial messages flow from internal core banking systems through integration layers, security gateways, and the SWIFT backbone to global settlement endpoints.

graph TD Core[Core Banking Engine] --> Mid[Middleware / MQ] Mid --> Sec[Alliance Security Gateway] Sec --> Edge[Boundary Router Tunnel] Edge --> Backbone[SWIFT Global Processing Backbone] style Core fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Mid fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Sec fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Edge fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Backbone fill:rgba(26,54,93,0.4),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff

20. Global BIC Directory Routing Engine

The routing engine queries the global BIC directory, validates destination network status, and assigns the optimal delivery path based on real‑time routing rules.

graph LR BIC[Destination BIC code] --> Lookup[Query BIC directory cache] Lookup --> Rules[Evaluate routing rules] Rules --> Path[Select optimal session path] style BIC fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Lookup fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff style Rules fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff style Path fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff