1. SWIFT Network Architecture Topology
The SWIFT Secure IP Network (SIPN) is a private, highly redundant
global backbone that interconnects financial institutions. Each bank
connects via encrypted VPN tunnels or dedicated MPLS links. The
architecture enforces strict perimeter segmentation, separating
internal enterprise systems from the core SWIFT processing nodes.
graph TD
BankERP[Bank Internal Core / ERP] -->|Private LAN| SAG[Alliance Gateway]
SAG -->|Encrypted VPN / MPLS| SNL[SWIFTNet Link]
SNL -->|Perimeter Boundary| SIPN[SWIFT Secure IP Network]
SIPN -->|Primary Command| DC1[Operational Center Alpha]
SIPN -->|Failover Mirror| DC2[Operational Center Beta]
style BankERP fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style SAG fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style SNL fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style SIPN fill:rgba(26,54,93,0.4),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style DC1 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style DC2 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
Implementation Notes
Every edge node must enforce Layer‑7 firewalls, IP allowlists, and
deep packet inspection. No unencrypted financial payload is permitted
beyond the application boundary.
2. Alliance Lite2 Integration
Alliance Lite2 is SWIFT's cloud‑based connectivity solution. It uses
a lightweight AutoClient and USB hardware tokens to establish TLS 1.3
tunnels over the public internet, with client certificate
authentication and strong cryptographic challenge‑response.
sequenceDiagram
autonumber
participant Client as Local AutoClient
participant Token as USB Hardware Token
participant Cloud as Lite2 Cloud Gateway
participant Core as SWIFT Core Processing
Client->>Token: Request cryptographic challenge
Token-->>Client: Return signed token payload
Client->>Cloud: Establish TLS 1.3 + certificate
Cloud->>Cloud: Authenticate & apply ACL
Cloud->>Core: Relay normalized financial payload
3. Alliance Gateway (SAG) Topology
The Alliance Gateway acts as the protocol translator between
back‑office applications and SWIFTNet primitives. It manages logical
host identities, handles system administration, and decouples local
processing from transmission complexities.
graph LR
AppA[Payment Engine] -->|MQ / RA| SAG[Alliance Gateway Host]
AppB[Treasury System] -->|File Drop| SAG
SAG -->|IPC Interface| SNL[SWIFTNet Link]
SNL -->|Crypto Tunnel| SIPN[SWIFT Network]
style AppA fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style AppB fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style SAG fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style SNL fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style SIPN fill:rgba(26,54,93,0.4),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
4. SWIFTNet Link (SNL) Operation
SNL is the lowest software layer executing raw API communications. It
packages XML schemas, manages keep‑alive sockets, and interfaces
directly with HSMs to encrypt and sign every outbound payload.
sequenceDiagram
participant SAG as Alliance Gateway
participant SNL as SWIFTNet Link Engine
participant HSM as Hardware Security Module
participant Remote as SWIFT Network Node
SAG->>SNL: Deliver raw XML business payload
SNL->>HSM: Request digital signature
HSM-->>SNL: Return signature block
SNL->>SNL: Build InterAct / FileAct envelope
SNL->>Remote: Dispatch over encrypted TCP
5. PKI & Hardware Security Module (HSM)
SWIFT relies on asymmetric cryptography for non‑repudiation. HSMs
generate and store private keys in tamper‑proof hardware. The SWIFT
PKI framework governs certificate issuance, revocation checks, and
periodic key rotation under dual‑custody policies.
graph TD
CA[SWIFT Central Certificate Authority] -->|Issues certificates| HSM[Bank Local HSM]
HSM -->|Signs message blocks| Verifier[SWIFT Ingress Router]
Verifier -->|Validates against| CRL[Certificate Revocation List]
style CA fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style HSM fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Verifier fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style CRL fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
6. Relationship Management Application (RMA)
RMA is a business filter that authorises which BICs may exchange
messages. It acts as a regulatory firewall, preventing unsolicited
traffic before any payload parsing occurs.
sequenceDiagram
participant Sender as Sender Bank A
participant Registry as SWIFT RMA Registry
participant Receiver as Receiver Bank B
Sender->>Registry: Request RMA authorisation
Registry->>Receiver: Forward verification challenge
Receiver-->>Registry: Accept bilateral relationship
Registry-->>Sender: RMA status = ACTIVE
Sender->>Receiver: Transmit approved FIN / MX block
7. FIN Message (MT) Structure
FIN messages use a strict block format delimited by curly braces
{ }. Blocks 1–5 carry basic headers, application data,
user fields (e.g. field 20, 50a, 59), and authentication trailers.
{1:F01BANKDEJJXXXX0000000000}{2:I103BANKSGSGXXXXN}{3:{108:TR20260713001}}{4:
:20:REF20260713
:32A:260713USD500000,00
:50K:/12345678
JOHN DOE CORP
:59:/87654321
JANE SMITH LTD
-}{5:{MAC:12345678}{CHK:87654321}}
graph LR
B1[Block 1: Basic Header] --> B2[Block 2: Application Header]
B2 --> B3[Block 3: User Header]
B3 --> B4[Block 4: Text Payload]
B4 --> B5[Block 5: Trailer / MAC]
style B1 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style B2 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style B3 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style B4 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style B5 fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
8. ISO 20022 MX Message Pipeline
ISO 20022 (MX) uses rich XML schemas with a Business Application
Header (<bah>) and a Document body
(pacs.008.001.10). This format enables deeper data
granularity and multi‑language support.
graph LR
Core[Payment Application] -->|JSON / DB| Xform[MX Transformation Engine]
Xform -->|Validate XSD| XSD[XML Schema Validator]
XSD -->|Add BAH| Env[Add Business Application Header]
Env -->|Output| Out[pacs.008 XML Document]
style Core fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Xform fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style XSD fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Env fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Out fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
9. FileAct Bulk Delivery Architecture
FileAct is designed for large file transfers such as batch
clearings, regulatory reports, and image archives. It supports
real‑time validation and store‑and‑forward batch orchestration.
sequenceDiagram
participant Client as Node Client Agent
participant FA as SWIFTNet FileAct Service
participant Target as Remote Target Node
Client->>FA: Initiate file upload session
FA->>Target: Notify incoming transfer
Target-->>FA: Confirm readiness
Client->>FA: Upload fragmented chunks
FA->>Target: Deliver reconstructed file
Target-->>FA: Send delivery signature
FA-->>Client: Finalise session (SUCCESS)
10. InterAct Query‑Response Architecture
InterAct provides real‑time, synchronous request‑reply messaging for
transaction authorisation and balance lookups. It maintains persistent
connections for low‑latency responses.
graph LR
Client[Client Node] -->|Synchronous request| Router[SWIFTNet InterAct Router]
Router -->|Deliver query| Target[Target Clearing Entity]
Target -->|Synchronous response| Router
Router -->|Return results| Client
style Client fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Router fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Target fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
11. Browse Security Architecture
Browse offers a secure web interface for administrative dashboards.
Access is protected by TLS client certificates and hardware‑token
multi‑factor authentication.
graph TD
Admin[System Operator] -->|Secure Browser| Portal[Browse Interface Gateway]
Portal -->|MFA Token challenge| Auth[Auth Engine]
Auth -->|Session token| Backend[Core Configuration Console]
style Admin fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Portal fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Auth fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Backend fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
12. Message Queue & Store‑and‑Forward Engine
The Store‑and‑Forward (SnF) engine buffers messages when the
destination node is offline. Once connectivity is restored, queued
transactions are delivered in FIFO order with priority overrides.
sequenceDiagram
participant BankA as Bank A
participant SnF as Central SnF Queue Cluster
participant BankB as Bank B (offline)
BankA->>SnF: Transmit transaction
SnF->>SnF: Persist to disk array
SnF->>BankB: Connectivity poll (timeout)
Note over BankB: Node recovers
BankB->>SnF: Wakeup & pull request
SnF->>BankB: Flush queued messages (FIFO)
13. Validation & Syntax Engine Pipeline
Every incoming message must pass a syntax and business‑rule
validation pipeline. Faulty payloads are rejected with a NACK, while
valid messages receive an ACK and are forwarded to the network.
graph TD
Raw[Inbound message] --> V1{Syntax valid?}
V1 -->|No| Rej[Reject → NACK]
V1 -->|Yes| V2{Business rules OK?}
V2 -->|No| Rej
V2 -->|Yes| Fwd[ACK & forward]
style Raw fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style V1 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style V2 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Rej fill:rgba(116,42,42,0.5),stroke:rgba(252,129,129,0.4),stroke-width:2px,color:#ffffff
style Fwd fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff
14. AML & Sanction Screening Pipeline
Compliance engines scan payer / payee fields against global watchlists
(OFAC, UN, EU). Matches are quarantined for manual compliance review
before any settlement occurs.
graph LR
In[Ingress transaction] --> Extract[Text extraction]
Extract --> Screen[Sanctions matching engine]
Screen -->|No hit| Release[Release to network]
Screen -->|Hit flag| Hold[Compliance hold queue]
style In fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Extract fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Screen fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Release fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff
style Hold fill:rgba(116,42,42,0.5),stroke:rgba(252,129,129,0.4),stroke-width:2px,color:#ffffff
15. Settlement Clearing Lifecycle
Settlement moves funds between correspondent accounts. The lifecycle
covers debit authorisation, liquidity checks, ledger booking, and
final credit confirmation to the beneficiary.
sequenceDiagram
participant Debtor as Debtor Account
participant Inter as Nostro / Vostro Ledger
participant Creditor as Creditor Account
Debtor->>Inter: Debit authorisation instruction
Inter->>Inter: Check liquidity threshold
Inter->>Inter: Book accounting entries
Inter->>Creditor: Final settlement credit
16. ACK / NACK Exception Protocols
Every submitted message receives an acknowledgment. ACK
confirms safe delivery to the receiver's queue. NACK
indicates a syntax or verification error, triggering incident
workflows.
graph TD
Send[Message transmission] --> Decision{Processing result}
Decision -->|Success| ACK[Generate ACK → finalise]
Decision -->|Error| NACK[Generate NACK → remediation]
style Send fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Decision fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style ACK fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff
style NACK fill:rgba(116,42,42,0.5),stroke:rgba(252,129,129,0.4),stroke-width:2px,color:#ffffff
17. Disaster Recovery Active‑Active Resiliency
SWIFT data centres are synchronously mirrored across geographical
regions. If the primary site fails, traffic is automatically
re‑routed to the secondary site with zero data loss.
graph LR
Edge[Edge Router] -->|Primary| DC1[Primary Data Center]
Edge -->|Backup| DC2[Secondary Data Center]
DC1 <-->|Synchronous mirror| DC2
style Edge fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style DC1 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style DC2 fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
18. Non‑Repudiation Audit Logging
Every outbound and inbound transaction is signed by the local HSM and
archived in tamper‑proof WORM storage, ensuring a verifiable,
immutable audit trail for regulatory reviews.
graph TD
Tx[Transaction node] --> Sign[Append HSM signature]
Sign --> Pipeline[Process payload]
Sign --> Vault[WORM audit storage]
style Tx fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Sign fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Pipeline fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Vault fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff
19. Reference Architecture Model
The end‑to‑end reference model shows how financial messages flow from
internal core banking systems through integration layers, security
gateways, and the SWIFT backbone to global settlement endpoints.
graph TD
Core[Core Banking Engine] --> Mid[Middleware / MQ]
Mid --> Sec[Alliance Security Gateway]
Sec --> Edge[Boundary Router Tunnel]
Edge --> Backbone[SWIFT Global Processing Backbone]
style Core fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Mid fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Sec fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Edge fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Backbone fill:rgba(26,54,93,0.4),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
20. Global BIC Directory Routing Engine
The routing engine queries the global BIC directory, validates
destination network status, and assigns the optimal delivery path
based on real‑time routing rules.
graph LR
BIC[Destination BIC code] --> Lookup[Query BIC directory cache]
Lookup --> Rules[Evaluate routing rules]
Rules --> Path[Select optimal session path]
style BIC fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Lookup fill:rgba(26,54,93,0.4),stroke:rgba(255,158,36,0.4),stroke-width:2px,color:#ffffff
style Rules fill:rgba(45,55,72,0.5),stroke:rgba(99,179,237,0.4),stroke-width:2px,color:#ffffff
style Path fill:rgba(34,84,61,0.5),stroke:rgba(104,211,145,0.4),stroke-width:2px,color:#ffffff