The Times They Are-a-Changin’
Back in February 2016, thieves attempted an audacious robbery of almost $1 billion from Bangladesh Bank’s account at the New York Federal Reserve. Hackers were able to get away with $81 million, much of which ended up in the Philippines. What most remember from the news reports at the time is the repeated mention of the use of SWIFT to transfer the funds. This posed a significant PR issue for SWIFT as they were forced to push back against the notion that there were vulnerabilities within the SWIFT network itself that were exploited by the robbers.
Investigations concluded that the root cause of the heist was malware installed on Bangladesh Bank’s network, likely further enabled by either insider actions or lax computer security practices. The SWIFT network was secure. SWIFT’s ultimate response was to launch their Customer Security Programme (CSP), which allows SWIFT members to attest to their level of compliance with cyber security measures. It provides a set of mandatory and advisory security controls to ensure their financial ecosystem around SWIFT is secure. Running alongside the SWIFT KYC process, members must attest each year to compliance with the mandatory standards. Failure to perform the attestation can end in reports to local financial regulators and suspension from the SWIFT network. This has proved a challenge for Banks, Corporates, SWIFT Bureaus and TMS vendors alike.
No Leaf Clover
Around the same time, ION Group’s Openlink product team were plotting their own big SWIFT Transition. For almost 20 years, clients have experienced issues integrating Findur with the SWIFT network. Cloverleaf, an integration middleware product from Trace Financial, translates each Findur document into the appropriate SWIFT format. Gold level certifications flowed for Cloverleaf during the 2000s, but with no major releases in the last ten years, Openlink customers started to experience integration issues. Cloverleaf itself is installed as a separate system to Findur. Licenses were required for the additional machines hosting Cloverleaf, transformation rules were held in complex Excel files, key configurations in a simple text file, and it was difficult to predict the next time it would fall over except to say it would likely be soon. That was more than enough to push change.
Meanwhile, Trace Financial were promoting another product of theirs, Transformer. Transformer is a market leading message transformation service complete with a library of SWIFT message mappings. As Cloverleaf became old and stale, Transformer allowed for easier development of mapping through a GUI, rules-based approach. Now the need for a complex spreadsheet with the message specifications was gone. It was only before time that ION recognized the need to move away from Cloverleaf and onto Transformer.
Moving away from Cloverleaf and onto Transformer is a relatively painless process and can be easily incorporated into any upgrade project. Furthermore, it requires surprisingly little pure technical experience in the system. After ensuring the relevant Findur users have the new Message Transformation Service (MTS) security privileges, a process must be run to migrate all your old bank statement records from the legacy Treasury Cash Management (TCM) tables to the new SWIFT message specific MTS tables. A Configuration Migration Manager (CMM) manifest is provided in the build and that creates a new Task to run.
Be cautious with this process as it can only be run once. If the process experiences issues and the mts_upgrade_record table gets updated, then the process cannot be unwound and re-run without some hacking. It is worth considering cleaning up the TCM tables and purging very old data in your current environment. Please also bear in mind these are high-level recommendations, reach out if you have questions.
My Generation (Plugins)
Also contained within the new build for your upgrade are updated SWIFT plugins. The Findur process for generating data for Transformer is unchanged from the Cloverleaf model, so while there are changes to the gen plugins, for better or worse, they retain the same overall structure and functionality. Import and overwrite all plugins within the swift folder and remember to reinstate any user defined parameter changes previously made. Clients with more extensive customizations to the generation scripts might require a different approach.
All inbound SWIFT processing plugins are now redundant with the SWIFT Gateway and various scheduled tasks being replaced by JBroker and configurations within the Connex Integration Manager. There are a series of steps to follow to import package configurations and update Method Interfaces. JBroker requires an additional Engine Cluster, which is something worth considering when reviewing your upgrade plans. It also requires an additional standard login user, which is another point of discussion with the vendor, especially for hosted clients. Be sure that you do not lose a Licensed User allocation from your license key if a new user is set up to cater for this system requirement.
Findur has a lot of third-party (open source) dependencies, some of which are more than seven years old. Transformer has additional dependencies and we have seen problems created by the Jar packaging, commonly known as “Jar Hell”. It is helpful to identify and resolve these problems early in your upgrade project.
A(nother) Change is Gonna Come
The move from Cloverleaf to Transformer allows Findur clients to get away from a legacy, error-prone system and onto a more modern SWIFT message transformation tool. Findur customers should plan their upgrades to take advantage of the numerous benefits of Transformer and MTS. Yet there is more change to come.
The move to MX/ISO 20022 format payments and reporting messages is coming from November 2022. MT series 1, 2 and 9 for cross-border payments will be decommissioned by November 2025. Trace Financial already have their ISO 20022 library available in Transformer so the wait begins for ION to make the new standard available in Findur.