SWIFT and SWIFT assessments in 2025

SWIFT at a glance: Network service provider for the financial world

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) serves as a proprietary communication platform for the financial industry, especially for banks. SWIFT offers the world’s largest and most trusted third-party system for the international exchange of financial data. The SWIFT network comprises over 10,000 financial institutions in 212 countries. The organization is structured as a cooperative, with shares distributed in proportion to the use of its basic services.

While national payment transactions are often processed via the well-developed infrastructure of the respective central banks, there is no such structure for international payments. Cross-border transactions are therefore traditionally organized via bilateral banking relationships. Here, SWIFT provides the technical basis for secure and standardized transactions between the financial institutions involved.

It should be emphasized that SWIFT is neither an original payment service provider or payment system nor a financial institution or clearing house. SWIFT does not permanently store any financial information and does not directly process payments. Rather, SWIFT is to be understood as a network service provider that enables the secure exchange of messages on financial transactions between financial institutions. It therefore remains necessary to involve a clearing or settlement agent when exchanging information. Figure 1 shows this exchange schematically.

Innovations for 2025 in the SWIFT network

MT format

In order to ensure secure, error-resistant and machine-readable communication in international payment transactions, the SWIFT system has so far relied on the MT format. Each MT message is assigned to a specific category. For example, an MT-100 message stands for a customer transfer.

The MT format follows a standardized structure for structuring messages. Each SWIFT MT message basically consists of logically separated blocks. Each block is preceded by a so-called identifier tag, which signals to the receiving system what type of information is contained in the respective section.

Figure 2 shows the translation of a transfer form into MT format.

MX format

XML (eXtensible Markup Language) has long been a universally applicable description language that has proven itself in a wide range of applications in and outside the financial sector. In order to also use this language for data transmission in the SWIFT network, the MT coding was extended by the XML-based MX format.

Although both standards coexisted for a long time and were supported by the SWIFT network, the transition period for the adaptation of ISO 20022 ends and therefore the implementation of the MX format is mandatory by November 2025. From this date, obsolete MT standards (e.g. MT-102) will no longer be supported and will be completely removed from the network.

Figure 3 shows a comparison of the MT format and the MX format.

Cybersecurity in the SWIFT network through SWIFT assessments

The Customer Security Program (CSP) was introduced by SWIFT in 2016 in response to increasing cyberattacks on SWIFT users. It aims to establish uniform cyber security standards, minimize risks and prevent financial losses due to fraud.

The central element is the Customer Security Controls Framework (CSCF), which comprises mandatory and recommended security controls based on international standards such as NIST, ISO 27XXX and PCI-DSS. These controls are based on three main objectives:

• Securing the system environment,
• Access control,
• Identifying and responding to threats.

To strengthen the network and the mutual trust of network participants, SWIFT assessments play a fundamental role in cyber security. They serve as a structured review of cybersecurity measures and ensure a uniform minimum standard for all participants. These SWIFT assessments can still be carried out internally, but an external assessment provides an independent view of the company’s own cyber security in order to identify weaknesses at an early stage, reduce risks and ensure compliance with the CSP requirements.

SWIFT assessments in the context of the migration to ISO 20022

If institutions have external SWIFT assessments carried out, the introduction of ISO 20022 and in particular the readiness for migration will also be comprehensively reviewed as part of this process. The aim of the SWIFT assessments for 2025 is to evaluate the technical, procedural and regulatory preparation for the changeover from the previous MT format to the new MX format. The analysis focuses on the following key areas:

• System landscape: Review of the IT infrastructure used, in particular core banking systems, interfaces and middleware components, for their compatibility with the ISO 20022 standard.
• Message processing: Assessment of the ability for end-to-end, automated processing (straight-through processing, STP) and data validation along the entire transaction chain.
• Data quality and structure: Assessment of whether the existing data meets the structured requirements of the ISO 20022 format and can be analyzed automatically. Test and migration plans: Assessment of existing strategies and timelines for the transition from MT to MX messages, including test procedures and risk management.

Such SWIFT assessments provide a sound as-is analysis and also serve as a basis for targeted measures to close identified gaps, especially with regard to the migration deadline in November 2025.