RMA for SWIFT when used by Corporates – timeline and migration scenarios
The Standardized Corporate Environment (SCORE) allows corporates to use SWIFT’s messaging platform to access services provided by their financial institutions, for example, cash management services. SCORE is based on a Closed User Group that exclusively handles financial messaging between corporations and banks, and does not allow corporate-to-corporate or financial institution-to-financial institution messaging. SCORE, which is available in most countries throughout the world, is used by major corporations including Microsoft, General Electric, Caterpillar, T-Mobile, and Novartis to secure and streamline financial transactions with their banks.
A Relationship Management Application (RMA) is a security component used within SWIFT communications to allow granular control of messages sent to and received from any correspondent. RMA was first introduced for FIN messages replacing the former BKE mechanisms. With the advent of SWIFTNet 7 RMA also became available for the FileAct services offered by SWIFT.
A corporate is eligible for SCORE if
- The corporate is listed on a regulated stock exchange of a country that is a member of the Financial Action Task Force (FATF) or
- The corporate is a majority-owned subsidiary of a listed company as defined above and fulfills additional criteria or
- The corporate is recommended by a financial institution that is located in a FATF member country and participates in SCORE.
Until May 2011 corporates who are recommended by a Bank (non-listed) to join SCORE could only use RMA-enabled services, and were therefore restricted to using FIN. With release 7.0 of SWIFTNet the use of RMA for FileAct became available on an optional basis on June 1st 2011 with the result that recommended corporates are allowed to join the SCORE FileAct (real-time and store-and-forward) services as of that date.
With SWIFTNet 7 it is now possible to create an RMA bootstrap authorization for each corporate. If the corporate has no authorization in the RMA data base of the bank, its file will be rejected on receipt. However, the exchange of RMA authorizations within SCORE will only be available with the SWIFT standard release 2012. At that time RMA will also become mandatory for InterAct and FileAct and non-authorized messages will become blocked at the sending side, transparent to the receiver.
During the migration period, the following scenarios are possible:
- Bank 7.0 / Corporate 7.0 Exchange of RMA messages will only be possible when RMA becomes mandatory. In the meantime, if both the bank and the corporate are on release 7.0 they can use bootstrap authorizations to ensure filtering of the traffic. The result will be the same as if RMA was fully implemented.
- Bank 7.0 / Corporate 6.x The bank creates a bootstrap authorization for each corporate it wants to do business with. If the corporate has no authorization in the RMA data base of the bank, its file will be rejected on receipt (when RMA is fully implemented, the file will already have been stopped on the sending side).
- Bank 6.x / Corporate 6.x or 7.0 Files sent and received by the financial institution are not filtered. If the bank has a whitelist/blacklist functionality on their FileAct interface, it can use it to block files.
(See : SWIFT: ” RMA for FileAct in SCORE“).
With BOX for SWIFTNet financial institutions and corporates are well prepared for any of these scenarios as well as the mandatory use of RMA in autumn 2012. The Interact and FileAct messaging services of BOX for SWIFTNet are already fully qualified for SWIFTNet 7 together with the RMA interface including SCORE in 2011.