ResourcesPractical guidance and standards for financial crime compliance practitioners

Swift RMA Guidance

Introduction

The Wolfsberg Group (the Group) has prepared this guidance document on the Swift Relationship Management Application (RMA) to supplement the Wolfsberg Financial Crime Principles for Correspondent Banking issued in 2022. This document is intended to provide broader guidance to financial institutions (FIs) for managing non-customer RMAs. This document is an update to the 2016 Wolfsberg Group SWIFT RMA Due Diligence Guidance, which has been retired.

Relationship Management is a service on SwiftNet1 that allows Swift users to control the messages they want to accept from counterparties. The overall objective of Relationship Management is to stop unwanted messages before they leave the sender's messaging interface. Swift users benefit from this by not receiving unwanted traffic which saves them time and effort in reviewing this traffic and eliminates the exposure from processing such unwanted traffic. The Swift user can control the following types of information:

  • which other Swift users can send them traffic;
  • which messages the Swift user can send; and
  • the validity period of the RMA relationships.

A traditional customer relationship which involves cross-border transactional or liability accounts requires an RMA. RMAs are also established with third parties (i.e. non-customers) to facilitate transactions for existing customers; these RMAs may be referred to as non-customer RMAs.

The possible use of an RMA arrangement for purposes not intended, or agreed to, at the time of establishment is predominantly an operational risk, not a financial crime risk. RMA arrangements, if poorly controlled, may, however, allow Swift counterparties with inadequate systems and controls access to international banking systems. For example, through the exchange of an RMA authorisation with a non-customer, an FI may receive, and act upon, payment instructions from a non-customer. This guidance outlines minimum due diligence standards required for non-customer RMAs to help mitigate the impact of possible misuse of an RMA. It is also noted that Swift requires and validates membership documentation on all prospective members.

In preparation for migration to new MX2 messages as part of the ISO20022 changes, RMA will be required for all FINplus messages. The migration became available in 2023 and must be implemented by November 2025.3 Swift has defined Business Profiles to assign RMA in a logical grouping of message types. FIs can assign RMA authorisation at different levels within the business profiles.

1. Principles

FIs should incorporate RMA due diligence standards into their risk management programmes where the following concepts or principles should be considered (more detail on the different types of relationships is set out in the sections below):

  • Due to the potential risks that may be associated with the establishment of an RMA, approval of such requests needs to be controlled appropriately;
  • RMA requests may be segregated between customer relationships and non-customer relationships, with distinct due diligence criteria for each;
  • Within the set of non-customer relationships maintained by an FI, those relationships that are limited to a purely reporting-related exchange of messages, with no transactional activity involved, should be considered lower risk. FIs may therefore determine that there is no, or a reduced, requirement for due diligence on those relationships;
  • Where an RMA holder has a customer relationship subject to due diligence, the requirements under that due diligence programme will apply;
  • Due diligence on the RMA holder should consider the message types used by the RMA holder and the risk associated with the activity conducted;
  • FIs should consider designating an accountable person for related procedures. The aim is to ensure accountability of a responsible person to mitigate the potential risk outlined above.

2. Definition of a Non-Customer RMA Relationship

A non-customer RMA is generally created when there is a request that the FI sends or receives Swift messages to/from a third party (i.e. the non-customer) in support of a customer’s business and where the FI has no other relationship with that third party.4 This can include both transactional and non-transactional messages. Within the scope of non-customer RMA relationships, reporting-only relationships are those non-customer RMA relationships in which exchanged messages do not lead to the initiation of any transactions; transactional relationships are all other non-customer RMA relationships.

FIs should assess the types of messages they send and receive and perform their own assessment of the appropriate classification of each as either transactional or reporting. Some examples include, but are not limited to:

Transactional Reporting
  • Cash management: relaying payment instructions from a corporate customer to a third-party FI.
  • Custody: provision of information from a sub custodian to the global custodian at the request of the customer.
  • Trade Finance (e.g. letters of credit): exchange of messages with FIs that do not otherwise have direct payment relationships.
  • Exchange of messages with payments and securities markets infrastructure entities, e.g. exchanges, depositories.
  • Cash management: receipt of balance and transaction information on a corporate customer’s account at another FI, so that the corporate customer can view its consolidated transactional activity through the reporting tool of one of its FIs.
  • FIs may evaluate additional reporting messages such as notification messages and statement messages for consideration.

It is noted that the definition of a customer may vary according to applicable local laws and regulations, which may also have an impact on the designation of non-customer RMAs. For example, in certain jurisdictions, the establishment of an RMA is considered a form of customer relationship and therefore subject to risk-based due diligence. It is important for FIs to assess and understand any local requirements that apply in the jurisdictions in which they operate and be guided accordingly.

3. Minimum Due-Diligence Procedures for Non-Customer RMAs

For non-customer RMA relationships that are reporting-only, there are no minimum recommended identification and due diligence requirements from a financial crime perspective, however sanctions obligations should always be considered in relation to information available to the FI.

For non-customer RMA relationships that are transactional, the minimum recommended identification and due diligence financial crime requirements are as follows:

  • Collect name and address information;
  • Evaluate risks of the potential RMA based on the above information to identify whether the RMA-holder FI may require further review based on the FI’s risk appetite; and
  • Conduct a review against watchlists, which could include screening against:
    • Sanctions lists and other relevant lists maintained by competent authorities; and
    • Internal lists that the FI may maintain to manage or monitor transactions/relationships.

4. Suggested Procedures for Ongoing Management of RMAs

The potential risks associated with the establishment of a non-customer RMA need to be managed throughout the lifecycle of that RMA. Below are suggested procedures for managing the potential risks associated with non-customer RMAs, as well as the transactions the FI undertakes with such entities:

  • Consider a review of relationships to identify those that warrant cancellation due to non-usage; and
  • Conduct watchlist screening periodically in accordance with internal screening standards.

For relationships not previously subject to the FI’s non-customer RMA due diligence programme, but now in scope, appropriate RMA due diligence should be conducted within a reasonable period.

5. Conclusion

Important changes to industry messaging standards mean that FIs should revisit their approach to Swift RMA due diligence. FIs should review and, as appropriate, update their policies and procedures relating to risk assessment and due diligence for such relationships.

Appendix A: List of Swift MT messages which do not require an RMA authorisation

MT 300 Foreign exchange confirmation: Confirms information agreed to in the buying/selling of two currencies
MT 305 Foreign currency option confirmation: Confirms information agreed to in the buying and selling of vanilla options on currencies
MT 306 Foreign currency option confirmation: Confirms information agreed to in the buying and selling of exotic options on currencies
MT 320 Fixed loan/deposit confirmation: Confirms the terms of a contract relative to a fixed loan/deposit transaction
MT 330 Call/notice loan/deposit confirmation: Confirms the terms of a contract relative to a call/notice loan/deposit transaction
MT 340 Forward rate agreement confirmation: Confirms the details of a forward rate agreement
MT 341 Forward rate agreement settlement confirmation: Confirms the settlement details of a forward rate agreement
MT 350 Advice of loan/deposit interest payment: Advises of a loan/deposit interest payment
MT 360 Single currency interest rate derivative confirmation: Confirms the details of a single currency interest rate derivative swap, cap, collar or floor
MT 361 Cross currency interest rate swap confirmation: Confirms the details of a cross currency interest rate swap transaction
MT 362 Interest rate reset/advice of payment: Confirms or advises the reset rates of the floating interest rate(s) in a single or cross-currency interest rate derivative transaction and/or the payment of interest at the end of an interest period
MT 364 Single currency interest rate derivative termination/re-couponing confirmation: Confirms the details of the partial or full termination or re-couponing of a cross currency interest rate swap
MT 365 Cross Currency Interest Rate Swap Termination/Recouponing Confirmation: Confirms the details of the partial or full termination or recouponing of a cross currency interest rate swap.
MT 370 Netting position advice: Advises the netting position of a currency
MT 390 Advice of charges, interest and other adjustments: Advises an account owner of charges interest or other adjustments
MT 391 Request for payment of charges, interest and other expenses: Requests payment of charges, interest or other expenses
MT 392 Request for cancellation: Requests the receiver to consider cancellation of the message identified in the request
MT 395 Queries: Requests information relating to a previous message or amendment to a previous message
MT 396 Answers: Responds to an MT 395 Queries or an MT 392 Request for cancellation or other message where no specific message type has been provided for a response
MT 398 Proprietary message: Contains formats defined and agreed to between users and for those messages not yet live
MT 399 Free format message: Contains information for which no other message type has been defined
MT 600 Commodity trade confirmation: Confirms the details of a commodity trade and its settlement
MT 601 Commodity option confirmation: Confirms the details of a commodity option contract
MT 605 Commodity notice to receiver: Notifies the receiver of an impending book-entry transfer or physical delivery of a specified type and quantity of commodity
MT 606 Commodity debit advice: Advises the receiver of a debit entry to a specified commodity account
MT 607 Commodity credit advice: Advises the receiver of a credit entry to a specified commodity account
MT 608 Statement of a commodity account: Provides the details of all bookings to a commodity account
MT 620 Commodity fixed loan/deposit confirmation: Confirms a commodity fixed term loan/deposit contract
MT 670 Standing settlement instruction update notification request: Requests SWIFT to create the MT 671 from the MT 670 and send it financial institutions
MT 671 Standing settlement instruction update notification: Specifies standing settlement instructions for one or more currencies
MT 900 Confirmation of debit: Advises an account owner of a debit to its account
MT 910 Confirmation of credit: Advises an account owner of a credit to its account
MT 920 Request message: Requests the account servicing institution to send an MT 940, 941, 942 or 950
MT 935 Rate change advice: Advises the receiver of general rate change(s) and or rate change(s) which applies to a specific account other than a call/notice loan/deposit account
MT 940 Customer statement message: Provides balance and transaction details of an account to a financial institution on behalf of the account owner
MT 941 Balance report: Provides balance information of an account to a financial institution on behalf of the account owner
MT 942 Interim Transaction Report: Provides balance and transaction details of an account, for a specified period of time, to a financial institution on behalf of the account owner.
MT 950 Statement message: Provides balance and transaction details of an account to the account owner
MT 970 Netting statement: Provides balance and transaction details of a netting position as recorded by a netting system
MT 971 Netting balance report: Provides balance information for specified netting position(s)
MT 972 Netting interim statement: Advises interim balance and transaction details of a netting position as recorded by a netting system
MT 973 Netting request message: Requests an MT 971 or 972 containing the latest available information
MT 985 Status enquiry: Requests an MT 986
MT 986 Status report: Provides business-related information about a customer or institution
MT 990 Advice of charges, interest and other adjustments: Advises an account owner of charges, interest or other adjustments to its account
MT 991 Request for payment of charges, interest and other expenses: Requests payment of charges, interest or other expenses
MT 992 Request for cancellation: Requests the receiver to consider cancellation of the message identified in the request
MT 995 Queries: Requests information relating to a previous message or amendment to a previous message
MT 996 Answers: Responds to an MT 995 Queries or an MT 992 Request for cancellation or other message where no specific message type has been provided for a response
MT 998 Proprietary message: Contains formats defined and agreed to between users and for those messages not yet live
MT 999 Free format message: Contains information for which no other message type has been defined

Appendix B: Further reading

The following articles and documents are available to Swift members with swift.com access and related service access. Consult with your FI’s administrator for access:

CBPR+ landing page https://www2.swift.com/mystandards
RMA Evolution Update https://www2.swift.com/knowledgecentre/kb_articles/5023348
RMA Portal Getting Started Guide https://www2.swift.com/go/book/book201334
RMA Business Profiles Handbook https://www2.swift.com/knowledgecentre/kb_articles/5024789
RMA Landing/Support Page https://www2.swift.com/knowledgecentre/subjects/rma/index.html

Footnotes

  1. SwiftNet is Swift’s secure, global messaging platform.

  2. “MX” messages refer to the message schema introduced by Swift as part of the migration to ISO 20022. These Swift messages require the use of FINplus and all FINplus messages are signed, which means they require an RMA. By contrast, the legacy “MT” message schema includes a small number of FIN messages that are not required to be signed, hence not all exchanges of MT messages necessitate an RMA relationship.

  3. As of the date of this publication, 2025 is the scheduled date.

  4. Examples of “other relationship” could include vendor relationships that FIs may subject to additional financial crime-related controls. These relationships are outside the scope of this paper.

Back to Correspondent Banking and Payments