printPrint Page

SWIFT Personal Data

Notice to Customers re: Disclosure of Payment Data/Financial Messages to US Authorities

    In the aftermath of September 11th 2001, the US Treasury, acting on the strength of official subpoenas, requested transaction data from SWIFT's operating centre in the US and evaluated it for anti-terrorism purposes. In November 2006, European and Irish data protection supervisors voiced concerns about the mirroring of payment transaction data at the SWIFT operating centre in the US and access by US authorities to this data. Both SWIFT and the US Treasury maintain that a memorandum of agreement was reached to reduce the amount of data covered by the subpoenas as much as possible and to ensure its evaluation for anti-terrorism purposes only. The Irish banking industry is currently seeking to find an international solution to the data protection law issues involved. To this end, it is continuing constructive dialogue with all the parties concerned, particularly with data protection supervisors and SWIFT.

    Bank of Ireland considers the SWIFT network to be secure from both a technical and organisational standard. SWIFT has operating centres in both Europe and the US where the transaction data is stored temporarily. Due to continuous data mirroring, the data stored on the operating centre servers is always identical. This mirroring is carried out for security reasons so that if one operating centre malfunctions, international payments can continue to be processed by the other operating centre. Maintaining a geographically separated back-up infrastructure, to ensure continued operation, is in line with international standards and supervisory requirements.

    When effecting a domestic or international credit transfer payment on a customer's behalf, the data contained in such credit transfer payments and other financial messages between financial institutions (e.g. Trade Finance) may be forwarded to the beneficiary's bank via the Belgium-based Society for Worldwide Interbank Financial Telecommunication (SWIFT). Bank of Ireland has no alternative but to use SWIFT's services to execute international payments as there is no other organisation, at present, providing such services worldwide. If Bank of Ireland did not avail of SWIFT's services, we would not be able to offer customers global payment services. Thus, any customer instructing us to execute a payment order or other services requiring SWIFT messaging is giving implicit consent for those data elements necessary for the correct processing of the transaction to be sent outside of Ireland.

    May 2007