On November 13, 2013, the Dutch and Belgium Data Protection Authorities announced their cooperation on an investigation into the security of the payment methods at the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”), whose messaging infrastructure facilitates transactions among more than 10,000 financial institutions in 214 countries and territories. SWIFT’s headquarters are in Belgian, and it also has a location in the Netherlands.
The Dutch and Belgian investigation was triggered by news reports, including in Spiegel On Line and the Brazilian news outlet O Globo, that the NSA had gained direct access to SWIFT’s financial messaging system. If true, direct access by the NSA would contravene the procedures in the Terrorist Finance Tracking II Agreement (“TFTP Agreement”) for requesting and gaining access to data on bank transactions. In the wake of the news reports, Privacy International had submitted letters in October 2013 to the Data Protection Authorities of all 28 EU Member Statesrequesting an investigation.
On May 8, 2014, the Dutch and Belgian DPA’s announced that they had found no violations of legal security requirements in regard to the computer networks of SWIFT, including “no indications that third parties have had or could have had unlawful access to financial messaging data related to European citizens.”