LogoRegulatory Alerts
 | 92175

Regulation on the SWIFT Service Bureau of the National Bank of the Kyrgyz Republic

The National Bank of the Kyrgyz Republic issued this Regulation to establish operational, safety, and connectivity requirements for its SWIFT Service Bureau. It mandates that commercial banks connect via Access or Gateway methods, ensuring continuous 24/7 infrastructure access, strict data confidentiality, and clear risk allocation between participants and the Bureau operator. The document further defines personnel certification standards, mandatory SWIFT Shared Infrastructure Program certification, and contractual obligations governing service availability, cost calculation, and incident response procedures.

National Bank of the Kyrgyz Republic logo

Kyrgyzstan

National Bank of the Kyrgyz Republic

Click to view thumbnail

Back

Print Version

Date of creation: 2019-05-20

Appendix to the Resolution of the Board of the National Bank of the Kyrgyz Republic dated December 19, 2018

No. 2018-P-36/55-10-(NPA)

REGULATION on the SWIFT Service Bureau of the National Bank of the Kyrgyz Republic

  1. General Provisions

  2. This Regulation defines the basic concepts and principles of operation of the SWIFT Service Bureau (hereinafter - Service Bureau) of the National Bank of the Kyrgyz Republic (hereinafter - National Bank), as well as the basic requirements for connecting and accessing commercial banks (hereinafter - Participants) to SWIFTNet through the Service Bureau and support for Participants.

  3. The Service Bureau represents a collective access infrastructure to SWIFTNet with corresponding personnel (hereinafter - Service Bureau personnel), supporting this infrastructure and ensuring interaction between Participants and SWIFTNet.

  4. SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a community of global interbank financial telecommunications. The SWIFTNet telecommunication network ensures reliable and secure data and message transmission for cross-border and domestic payments between SWIFT system users.

  5. The operator of the Service Bureau, providing support and functioning of the collective access infrastructure to the SWIFT system, is the National Bank. The functions of the Service Bureau operator may be transferred to another organization, provided that the requirements established by this Regulation are met, as well as in accordance with SWIFT rules and requirements.

  6. Service Bureau personnel are employees of the structural division of the National Bank. Service Bureau staff, in accordance with SWIFT requirements, undergo relevant certification.

  7. Participants of the Service Bureau are banks that are members of the SWIFT community, using the technical infrastructure of the Service Bureau to access SWIFTNet.

  8. The relationship between Participants of the Service Bureau in the process of operating the Service Bureau and exploiting the collective access infrastructure to SWIFTNet, risk allocation, liability, rights and obligations are established in a multilateral agreement and bilateral contracts concluded between Participants and the Service Bureau operator (hereinafter - Contracts).

  9. Basic Principles of Operation of the Service Bureau

  10. Support and functioning of the collective access infrastructure to SWIFTNet is provided by the Service Bureau together with communication providers - network partners of SWIFT. In this regard:

  1. the Service Bureau ensures support and functioning of software (hereinafter - SW), interface/server/network equipment (hereinafter - Service Bureau infrastructure) located within the responsibility zone of the Service Bureau in accordance with contracts;

  2. communication providers ensure support and functioning of the Service Bureau's communication channels in accordance with conditions established in a contract between the Service Bureau operator and the communication provider.

  1. The technical infrastructure of the Service Bureau includes:
  1. server equipment (main and backup);
  2. network equipment;
  3. communication channels (main and backup) from the Service Bureau to the SWIFT communication provider.

  1. Maintenance and support of the technical infrastructure of the Service Bureau is carried out by Service Bureau personnel.

  2. The operation of the Service Bureau is ensured by:

  1. collective access technical infrastructure to SWIFTNet;
  2. Service Bureau personnel;
  3. rules and recommendations governing work in SWIFTNet developed by SWIFT (hereinafter - SWIFT documents);
  4. regulatory legal acts of the National Bank;
  5. contracts.

  1. The Service Bureau provides services to Participants within the powers delegated by SWIFT and the National Bank.

  2. There are two methods for Participants to connect to the Service Bureau:

  1. using the Service Bureau infrastructure for working in the SWIFTNet network - Access connection;
  2. using own servers and Service Bureau infrastructure - Gateway connection.

  1. In case of using the Service Bureau infrastructure (Access connection) for working in the SWIFT system, Participant access to the interface is carried out through workstations (hereinafter - SWIFT terminals) using a browser. Support and functioning of the corresponding SWIFT terminal on the Participant's side is ensured by support specialists for each Participant independently.

  2. In case of using own servers (Gateway connection) for working in the SWIFT system, Participant access to the SWIFTNet network is carried out through SWIFT terminals connected to own SWIFT servers. Support and functioning of the corresponding servers and SWIFT terminals is ensured by support personnel for each Participant independently.

  3. On all matters concerning the SWIFT system, Participants must contact Service Bureau personnel. In case a matter falls outside the competence of Service Bureau personnel, it shall be forwarded to the SWIFT Support Department on behalf of the Participant.

  4. The Service Bureau does not have access to Participants' SWIFT terminals/servers and is not responsible for the formation and sending of SWIFT messages by Participants.

  5. Service Bureau personnel, in their activities, are guided by SWIFT documents, regulatory legal acts of the National Bank, internal procedures and contracts.

  6. Each Participant must have main and backup staff in the SWIFT system performing functions for forming and sending messages in the SWIFTNet network, in accordance with SWIFT requirements and recommendations. The staff composition and distribution of their functions (roles) for sending messages in the SWIFT system are approved by internal documents of the Participant.

  7. The Participant is responsible for all risks associated with the operational activities of its staff when forming and sending SWIFT messages (staff errors, unauthorized access, fraud, etc.).

  8. Regulations, work procedures and interaction of Service Bureau personnel and Participants, connection conditions, service availability requirements, cost calculation and payment procedures, distribution of responsibilities are established in contracts between the Service Bureau operator and Participants taking into account this Regulation.

  9. The activities of the Service Bureau are subject to mandatory certification under the Shared Infrastructure Program developed and approved by SWIFT for organizations providing connection services for other participants to SWIFTNet through a common collective access infrastructure.

  10. Basic Requirements for Ensuring Safety and Reliability of Service Bureau Infrastructure Operation

  11. Safety and reliability of the Service Bureau operation must be ensured in accordance with the following principles:

  1. protection against operational risks and operating environment risks;
  2. confidentiality and integrity of Participant data connected to SWIFTNet through the Service Bureau infrastructure under the Access connection scheme;
  3. continuous access of Participants to SWIFTNet;
  4. annual audit/self-assessment for compliance with SWIFT requirements.
  1. Protection against operational risks and operating environment risks must be ensured by the presence of:
  1. main and backup personnel with sufficient qualifications to ensure support and functioning of the Service Bureau infrastructure;
  2. a separate segment of the local network for Participants' SWIFT terminals/servers;
  3. main and backup server and network equipment located at a distance from each other;
  4. main and backup communication channels to the SWIFT communication provider;
  5. a special server room with restricted access, video surveillance and equipped with security/fire alarm systems;
  6. appropriate equipment for uninterrupted electrical power supply;
  7. means to protect against unauthorized access by Participants and Service Bureau personnel to the interface/server SWIFT.
  1. Confidentiality and integrity of Participant data (information on incoming/outgoing messages, encryption and identification keys, etc.) must be ensured by the presence of:
  1. access restriction for each SWIFT user Participant to the SWIFT terminal/server in accordance with SWIFT documents;
  2. distribution of responsibilities of Service Bureau personnel to ensure confidentiality and integrity of Participant data in accordance with internal procedures of the Service Bureau;
  3. daily monitoring by the Service Bureau over the operation of the Service Bureau infrastructure (confidentiality, data storage, unauthorized access to them) and prompt response to identified errors and failures;
  4. regular testing for vulnerability identification (no less than once a quarter) in the Service Bureau infrastructure, and, if necessary, attracting an independent organization to conduct testing and vulnerability identification (no less than once a year).

  1. Uninterrupted access of Participants to the SWIFTNet service must be ensured by round-the-clock operation of the Service Bureau infrastructure, except for scheduled maintenance time and recovery period (maximum system downtime - 4 (four) hours).

  2. In case of an abnormal situation in the operation of the Service Bureau infrastructure, Service Bureau personnel notify Participants in accordance with contract conditions.

  3. If necessary for receiving/sending urgent payments, until the cause of the abnormal situation is eliminated, Participants must use alternative data transmission channels in accordance with contract conditions.

  4. Service Bureau personnel provide technical support to Participants in an 8/5 mode (eight hours a day, five working days a week).

  5. Basic Requirements for Connecting Participants to SWIFTNet through the Service Bureau

  6. Connecting Participants to the SWIFTNet service through the Service Bureau is carried out by Service Bureau personnel.

  7. The main requirements for connecting a Participant to the Service Bureau are:

  1. joining the SWIFT community members;
  2. concluding a contract with the Service Bureau operator for connection to the Service Bureau;
  3. installation and connection of SWIFT terminal (Access connection)/SWIFT server (Gateway connection), including the following activities:
  • preparation of SWIFT terminal (Access connection)/SWIFT server (Gateway connection) for connection to the SWIFTNet service in accordance with SWIFT documents and connection contract conditions;
  • organization for working of SWIFT terminal (Access connection)/SWIFT server (Gateway connection) with the interface/server SWIFT located in the Service Bureau in a separate subnet, independent of the Participant's general local network;
  • ensuring a safe operating environment for SWIFT terminal (Access connection)/SWIFT server (Gateway connection) (special room with restricted access and equipped with security/fire alarm system, etc.);
  • availability of an alternative data transmission channel as a backup to ensure sending/receiving messages in case of abnormal situations in the operation of the Service Bureau infrastructure or mandatory installation of such means if absent;
  • availability of main and backup communication channels with encryption from SWIFT terminal (Access connection)/SWIFT server (Gateway connection) to main and backup sites of the Service Bureau, ensuring data transmission;
  • training of employees working directly in the SWIFT system;
  • upon readiness of infrastructure and Participant personnel, automated SWIFT system is introduced into pilot operation based on an acceptance act;
  • conducting test-training mode of SWIFT terminal (Access connection)/SWIFT server (Gateway connection) operation;
  • commissioning of the automated SWIFT system of the Participant into industrial operation.

  1. In case of non-compliance by the Participant with the main requirements for connection to the Service Bureau infrastructure, the Service Bureau operator, having previously notified the Participant, may suspend connection actions to the Service Bureau and is not responsible for possible consequences.

  2. Basic Requirements for Providing Participants Access to SWIFT Terminal (Access connection)/Server (Gateway connection)

  3. To obtain access to the SWIFT system, a Participant must comply with the following requirements:

  1. appoint the composition of Participant staff who must directly participate in SWIFT system operation;
  2. distribute access rights to the SWIFT system and responsibility of each specialist strictly in accordance with SWIFT documents;
  3. ensure the appropriate level of information protection of SWIFT terminal (Access connection)/SWIFT server (Gateway connection) against unauthorized access;
  4. ensure support and functioning of SWIFT terminal (Access connection)/SWIFT server (Gateway connection) and bear responsibility for all risks associated with equipment, software, communication channels failures, operational activities of specialists (staff errors, unauthorized access, fraud);
  5. develop internal procedures for forming and sending messages, observing confidentiality, data storage and preventing unauthorized access to them in accordance with SWIFT documents, regulatory legal acts of the National Bank, legislation of the Kyrgyz Republic and contracts, as well as personnel work procedures in case of abnormal situations during operation of SWIFT terminal (Access connection)/SWIFT server (Gateway connection);
  6. in case of an abnormal situation (incident, cyber incident) on the Participant's side, Participant personnel notify the Service Bureau in accordance with contract timeframes and conditions;
  7. maintain alternative data transmission channels in working condition to ensure sending/receiving messages in case of abnormal situations in the operation of the Service Bureau infrastructure.
  1. To ensure the appropriate level of information protection, it is necessary to:
  1. distribute responsibilities of personnel having access to SWIFT terminal (Access connection)/SWIFT server (Gateway connection) in accordance with security principles: access to information only by business necessity, minimum privileges and separation of duties, in accordance with SWIFT requirements and recommendations;
  2. systematic control by the Service Bureau and Participant over compliance with access provision requirements for personnel to the SWIFT system in accordance with internal procedures of the Participant;
  3. encryption of traffic from SWIFT terminal (Access connection)/SWIFT server (Gateway connection) to the Service Bureau.
  1. In case of violation of these requirements, the Service Bureau operator, having previously notified the Participant, may suspend the Participant's access to the SWIFTNet network through the Service Bureau and is not responsible for possible consequences.

Contacts

Public Reception +996 (312) 61-04-86, +996 (312) 66-90-15 ext. 1257, 1256

Consumer Rights Protection Department +996 (312) 66-90-15 ext. 1671, 1666

Report Corruption +996 (312) 66-90-15 ext. 2120, +996 (312) 61-04-00

Auto-informer of Official Exchange Rates +996 (312) 61-07-11

Numismatic Museum +996 (312) 66-90-15 ext. 1232, +996 (312) 61-24-14

E-mail mail@nbkr.kg

Media Relations press@nbkr.kg

720010, Kyrgyz Republic, Bishkek city, Kievskaya st., 189

Share