We are aghast at the suffering and destruction caused by Putin’s invasion of Ukraine. A wide-ranging debate is occurring about how the world should respond, short of direct military conflict. There is a danger that in our moral revulsion at Russian actions that we can damage a number of rule-based international institutions by making them arbitrary and unpredictable tools of geopolitical rivalry.

The US Government, in coordination with several other governments, announced severe sanctions on some Russian financial organizations, including removing some banks viewed as instrumental to supporting the Russian government’s invasion of Ukraine from SWIFT. The Society for Worldwide Interbank Financial Telecommunication (SWIFT), a Belgian cooperative, operates a financial messaging network (not settlement, like CHIPS) used by 11,000 organizations worldwide with over a thousand located in Russia. SWIFT is also the ISO designated Registration Authority (RA) for Business Identifier Codes (BIC) (IBANs too), which uniquely identify member organizations within the system. So, it manages two important pieces, the BIC identifier registry and transaction information, via contractual agreement.  

Of particular interest is how the SWIFT network might be used to enforce states’ political will. Two approaches, mentioned in the White House background briefing, were considered, which we’ll explore here. Our point here is to understand how states use private networks to accomplish their objectives and point out possible issues lest one ever finds themselves on the other side. We’ll start with the technical infrastructure and move toward the governance implications.

Figure 1. FIN Amendments

One approach of censoring a bank would be to remove the Business Identifier Code from the registry. BIC additions, deletions, changes actually happen all the time. This month there were over 500 edits to the registry. Deleting a couple Russian banks’ BICs would make it impossible for them to send/receive any SWIFT message. This would be analogous to deleting an email account on a mail server, a blunt tool with immediate impact. But the affected banks could still shift to smaller, alternative networks within Russia (e.g., SPFS) or transnationally (e.g. China’s Cross-Border Interbank Payment System which is actually dependent on SWIFT). 

Another approach being explored is blocking most messages while white listing certain other messages, e.g. gas/oil transactions which could be critical to some European states. This would be analogous to the content moderation we see in other types of messaging networks, potentially more precise and less damaging if information can be reliably categorized. It’s unclear how automated or how reliant on humans such an approach could be, it depends on the number of messages and (dis)information involved. Unless it already exists, It would take time for SWIFT to develop the capacity.          

While sanctions against Russian banks supporting the Russian state’s aggression seem legitimate, key governance issues remain: 1) under what authority can states request SWIFT to do their bidding, and, 2) what accountability mechanisms exist for censored banks to pursue? These are issues we’ve flagged before in exploration of content moderation and DNS root zone governance.

According to BIC Registration Procedures, a BIC can “expire” if the RA becomes aware or has reasonable concerns that “the BIC would be used for illegal, illicit or fraudulent purposes or in a manner that might create confusion or misrepresent the organization identified by the BIC.” Are the banks in question supporting illegal activity, where and what was the judgment? Is there evidence that the bank is a purported tool of the Russian state, thus misrepresenting itself? Looking at SWIFT’s Terms of Service, it may suspend services to a member “to comply with any law, decree, regulation, order or any other act or intervention of a regulatory, governmental, legislative or judicial authority, including a court or arbitral tribunal.” This seems to be the route taken, as the White House indicated it is waiting for “the list of banks that will be de-SWIFTed to be finalized by the EU, since SWIFT is under Belgian jurisdiction.”  We will see what type of justification the EU comes up. [UPDATE: Here is the EC’s new regulation] Meanwhile, SWIFT says it is preparing “to comply upon receipt of legal instruction,” a measured, reassuring response in the face of multiple politicians and governments pressuring various networks to censor. Finally, how could sanctioned banks be reinstated if their messages were not actually supporting the Russian government’s invasion activity, or if the conflict came to peaceful resolution? Will it take a similar coordinated action by government(s), will it come with conditions?

In sum, if states are going to rely on using the global networks like SWIFT to enforce their political will, then civil society would be well served finding answers to questions raised here, lest there be potential unintended consequences.