U.S.-EU SWIFT Accord

Overview
Controversy over Europe’s role in the U.S. Terrorist Finance Tracking Program surfaced originally in 2006, following press reports that U.S. authorities had been granted secret access to SWIFT financial data since 2001. In an attempt to assure Europeans that their personal data was being protected, U.S. officials asserted that SWIFT data was used only for counterterrorism purposes, was obtained by the U.S. Treasury Department by administrative subpoena, and that no data mining occurred as part of the TFTP. In June 2007, the United States and the EU reached a deal to allow continued U.S. access to SWIFT data for counterterrorism purposes, but it remained worrisome for some European politicians and privacy groups.8

In 2009, changes to SWIFT’s systems architecture—including a reduction in the amount of data stored on U.S. servers and the transfer of a large portion of data critical to the TFTP to a storage location in Europe—necessitated a new U.S.-EU agreement to permit the continued sharing of SWIFT data with the U.S. Treasury Department. In November 2009, the European Commission (the EU’s executive) reached a new accord with the United States on SWIFT. However, under the EU’s new Lisbon Treaty, the 736-member European Parliament (EP) gained the right to approve or reject international agreements such as the SWIFT accord by majority vote. In February 2010, the EP rejected this new version of the U.S.-EU SWIFT agreement by a vote of 378 to 196 (with 31 abstentions); those MEPs who opposed the accord claimed that it did not contain sufficient protections to safeguard the personal data and privacy rights of EU citizens. Given the EP’s long- standing concerns about SWIFT and the TFTP, many observers were not surprised that some MEPs took the opportunity to both assert the Parliament’s new powers and to halt U.S. access to much of the SWIFT data until their views regarding the protection of data privacy and civil liberties were taken on board more fully.

In May 2010, the European Commission and U.S. authorities began negotiating a revised U.S.- EU SWIFT agreement that could garner the necessary EP support for approval. Two key EP concerns related to guaranteeing judicial remedy for European citizens in the United States in the event of possible data abuse, and the use of “bulk data” transfers. Many MEPs wanted more targeted transfers and less data included in any transfer, but U.S. and EU officials contended that such “bulk” transfers were essentially how the SWIFT system worked and had to be maintained for technical reasons. Some MEPs also called for greater supervision by an “appropriate EU- appointed authority” over U.S. access to SWIFT data.9

In mid-June 2010, U.S. and EU officials concluded a new draft SWIFT agreement. Among other provisions, the draft provided for the possibility of administrative and legal redress for EU citizens in the United States and gave Europol the authority to approve or reject U.S. Treasury Department requests for SWIFT data. Press reports indicated, however, that some MEPs were still unhappy with several of the draft’s provisions. In order to avoid another “no” vote by the EP, EU and U.S. officials reportedly agreed to two additional changes to the draft: effectively guaranteeing that an independent observer appointed by the European Commission would be based in Washington, DC, to oversee, along with SWIFT personnel, the extraction of SWIFT data; and requiring the European Commission to present plans for an EU equivalent to the U.S. TFTP within a year. Such a “European TFTP” would be aimed at enabling the EU to extract SWIFT data on European soil and send the targeted results onward to U.S. authorities, thereby avoiding “bulk data” transfers to the United States in the longer term.10

The EP approved the latest iteration of the U.S.-EU SWIFT accord on July 8, 2010, by 484 votes to 109 (with 12 abstentions). The agreement entered into force on August 1, 2010, for a period of five years. Some MEPs, however, continue to be concerned about the EU’s role in the U.S. TFTP and whether the SWIFT accord is being properly implemented. Several MEPs, for example, have recently criticized Europol for too readily approving vague U.S. requests for SWIFT data. As part of a review of the U.S.-EU SWIFT agreement released in March 2011, the European Commission has recommended certain measures to help make the TFTP more transparent, including by providing more information to Europol in writing; the United States is reportedly considering the Commission’s recommendations.11 As part of the new SWIFT accord, the United States pledged its support and assistance in the event of an EU decision to develop its own terrorist finance tracking program and promised further consultations with the EU to determine whether the existing U.S.-EU SWIFT agreement might need to be adjusted as a result. In mid-July 2011, the European Commission issued a preliminary study with several options for establishing what it has termed a European Terrorist Finance Tracking System (TFTS). According to a Commission press release, a European TFTS would have two main objectives: to limit the amount of personal data transferred to the United States; and to contribute significantly to stemming terrorist financing.12 U.S. officials will likely be keen to ensure that any eventual European TFTS does not compromise the operational effectiveness of the U.S.-EU SWIFT agreement.

EU development of a European TFTS, however, may face significant challenges. A concrete legislative proposal from the Commission on the TFTS is not expected until 2012 at the earliest, and any such proposal must ultimately be approved by both the member states and the EP. Some observers point out that member state and EP agreement on a European TFTS may be difficult given the technical complexities involved and differing views between and among the member states and the EP on its purpose and scope. Some member states and MEPs have also expressed concerns about the potential costs of such a system; in its preliminary study, the Commission estimated that creating a European TFTS would cost €33-47 million (about $47-67 million) and that annual operating costs would run €7-11 million (roughly $10-16 million), depending upon the option chosen. Others are skeptical about the implementation of an eventual European TFTS, noting that it would likely entail more intelligence-sharing among EU member states, which some members and national intelligence services have long resisted.13

Source

 * U.S.-EU Cooperation Against Terrorism, at 7-8.