Let me contribute some open source intelligence on the SWIFT case. One of the leading SWIFT related software solutions providers is the German company Tonbeller AG. As we can see the company is specialised on business intelligence, risk analysis and financial profiling solutions. SWIFT itself seems to be their client or certification agency, here is the Partner profile from SWIFT.
They also describe their product for SWIFT services:
Meets statutory requirements for combating terrorism financing
Automatic import of customer master data for personal checks
All customers and accounts are analysed when accounts are opened and/or in random intervals
All SWIFT transactions are analysed by the system
All non-suspicious SWIFT transactions are returned to the payment system for further processing immediately after checking
All suspicious SWIFT transactions are collected. Any irregularities concerning terrorism financing as well as the next steps are logged
Relevant employees are notified by e-mail that money transfers have been stopped
Irregularities can be evaluated directly in a comparison of the transaction with the corresponding entry in the sanction list
Case management supports the resolution of irregularities depending on the current priority
Low staff requirements due to automatic integration with cross-border payments processing (SWIFT data stream)
Insightful also the Product SironPEP for monitoring policially exposed persons, a means to track money transfers of potentially corrupt politicians using a monitoring list with – to get you a number – 500 000 people on it. Here is the EU Directive from DG Market.
Legal base seems of the other financial monitoring to be the somewhat open:
I am curious how this directive and the obligations on financial institutions are handled in the context of the SWIFT data transfer. From the recitals:
(10) The institutions and persons covered by this Directive should, in conformity with this Directive, identify and verify the identity of the beneficial owner. To fulfil this requirement, it should be left to those institutions and persons whether they make use of public records of beneficial owners, ask their clients for relevant data or obtain the information otherwise, taking into account the fact that the extent of such customer due diligence measures relates to the risk of money laundering and terrorist financing, which depends on the type of customer, business relationship, product or transaction.
More on these overlooked aspects of the SWIFT puzzle from the EU-Commission. The European counter-part of US Patriot Act etc. provisions on banking. If MEPs understood how these monitoring tools against crimes actually work it would be much easier to win their political endorsement for transatlantic cooperation.