Swift's chief executive, Gottfried Leibbrandt, talks to Brian Caplen about the success of its global payments initiative and how application programming interfaces are a crucial part of web 3.0.
Gottfried Leibbrandt
Q: Swift’s global payments innovation [gpi] has really taken off. Can you give an update on the situation?
A: It is the most fundamental redesign of correspondent banking in years – really a service that takes the old model, makes the payments trackable, transparent and faster, etc. Progress to date has been beyond our expectations. Not even two years after launch, more than 200 banks have signed up. We have one-third of all the payments globally that are on gpi. Half of those [transactions] are done within half-an-hour, end to end, from customer to customer. On some routes, US-China being one, we have more than half the traffic.
Q: Is the plan is to extend gpi to all 10,000 banks on the Swift messaging platform?
A: Clearly, we want to make gpi the new standard and make all payments gpi at the end of the day and that involves a couple of steps.
First, in November we will have the standards release and as part of this, the UETR, the identifier that travels with payments, will be mandatory for everybody. This means that all the payments will carry [these identifiers] and all these payments can be followed through the tracker.
Then, towards the end of 2020, we’ll make it mandatory for all the banks to be fully on gpi, which means they can also confirm that the final customer has been credited for the amount and can provide the full information set. That’s a high hurdle.
We have come a long way but to make it universal will involve a significant effort from the community. This will be an ongoing process because it will require banks themselves to change things and [review] their systems to generate the information.
Q: What are the benefits of gpi beyond tracking and speed?
A: There are a bunch of benefits. First, we are already seeing the benefits of [being able to] track a payment end to end, and banks can see where the bottlenecks are. It is now visible where it is held up – often by things that people [wouldn't have] realised. By targeting specific bottlenecks, this in itself is already [leading to] back-office savings and time savings.
Then we’re looking at a number of services to further decrease the back-office costs of failed payments, investigations, etc. Clearly, as it goes faster and as you know where it is, that improves. Then we are looking at value-added services on top of that – rich information, remittance information.
Banks are now incorporating the tracker into their services for corporates. We have launched a product whereby corporates can directly access the tracker sponsored by the banks. So we are making progress. I think the idea would also be that third parties can provide services that plug into gpi. [Ebury, a fintech for cross-border payments, recently joined gpi.]
Q: Swift helped develop Australia’s New Payments Platform for faster payments. What is the significance of that?
A: We are extremely proud of that. The service is now up and running, which means that any Australian [entity or person] can make a real-time payment to any other Australian. We are also excited about the architecture between the banks that allows other providers to provide overlay services on top. One of them is the reference database that links phone numbers to bank accounts, so you can address somebody using their phone number and get the payment.
For us, the wider context is that we don’t just have Australia. In November we’ll also be live with the European real-time payment system too; TIPS [the Eurosystem’s Target Instant Payment Settlement], and RT1, run by EBA Clearing, which will get us to the heart of the euro area. So with that we are a real player in real time and we are making the technology work.
Q: Is the idea to take this to other countries?
A: Our idea is more to provide the linkages, so one of the things is we have gpi cross-border. We would like to find a way that you can have payments that travel on gpi and be delivered through a local real-time system. We have that now where we have payments that go on Chips, for example [the US private Clearing House Interbank Payments System]. Chips is not on Swift and, in the end, [payments] go back on correspondent banking. Historically, we’ve been in the business of linking these systems with banks in the middle and our idea would be to do the same with gpi.
Then we have a pilot project in Asia-Pacific between Thailand, China, Australia and Singapore, working with these real-time systems and the banks in those countries to see if the banks can give that end-to-end, real-time experience to their customers cross-border, including the currency exchange and everything that goes with it.
Q: There is a huge array of new technology for banks to be thinking about at the moment. Which do you think is the most critical?
A: For me it is application programming interfaces [APIs] because, first of all it is technology that’s here and now, and I can see around us the impact that it’s having. We could not have done gpi without API technology. We tried to do something similar when I looked at it 10 years ago, but because of technology in those days it couldn’t be done. API is the breakthrough. There are lots of [exciting] things – open banking and PSD2 [the EU’s Payment Services Directive 2] – but APIs are at the heart of that. A lot of what you are now seeing in the whole web 3.0 is based on APIs in the consumer sphere.
Q: And how will APIs improve things in the wholesale space?
A: I think [this will offer] much easier access to existing services. We envision enabling most of our existing services through API calls rather than the current often bespoke [methods] of access.
One area we’re looking at is RTGS [real-time gross settlement systems]; in the UK that is Chaps. Currently you would use a browser service in order to access your liquidity position with the Bank of England. In the future, under developments we are considering, you could replace that with an API call instead. This would bring about greater, more efficient access using a cloud-based service.
You send a query, you get the information back, which is essentially what an API call does. In securities, a lot of messaging is just getting a statement of position. So I think over time you could see many of those applications move to APIs, and on top of that you can think of lots of new services where you can get the information immediately.
Q: Cyber security is an increasing issue for banks. Are we winning the battle against the hackers?
A: At least we’re not losing. You can never win the battle on cyber [security]. I think you can just make sure that you don’t lose it. We launched a fairly comprehensive customer security programme two years ago with multiple pillars. A big one was information sharing.
Through greater information sharing, Swift is helping banks better protect and defend themselves. We collect and analyse details from banks that have been attacked, then share that information in an anonymised form to keep our customers up to date on the very latest indicators of compromise and modus operandi. This information – which is readily available to our customers, in a secure fashion – has been invaluable to banks, who can then be much better prepared and equipped to tackle the evolving threat.
Q: Is this a big step forward because banks are reluctant to share information?
A: It is always difficult because of reputation [but they are prepared] to do it because it’s on an anonymous basis and in a trusted environment. But traditionally, if you talk to cyber [security experts] you find that cross-border information sharing has always been very, very difficult to achieve. And I think we can be proud that at least we made that work for the Swift environment.
The other area where information sharing really works is [when] banks get hacked, and they share the information immediately with others down the chain. So the recovery of funds has been one of the areas of noteworthy success. In many cases you see newspaper stories of [the attempted theft of sums of money] that were much bigger than the actual losses, which is thanks to quick recovery through quick information sharing and making sure the money is not paid out.
Through our customer security programme we have introduced a number of tools to help banks defend against hacks, including a security controls framework. Banks are required to implement these security controls into their back-office environment and Swift-related infrastructure. By the end of 2017, customers were required to attest their level of compliance with the controls. As of the end of 2018, all users will be required to comply with the 16 mandatory controls and attest to be doing so. These measures are starting to bring about tangible results, but there is always more we can and will do to keep ahead of the threat.
