Alliance Lite2

Service Description

This document describes the features and functions of Alliance Lite2, the system requirements, and the available
operational services. In addition, the document describes the roles and responsibilities of SWIFT and the user in relation
to Alliance Lite2.

20 March 2020

Link to this document: https://www2.swift.com/go/book/book126470

Alliance Lite2 Table of Contents
Service Description

Table of Contents

Preface............................................................................................................................................................... 4

1 Overview of Alliance Lite2...................................................................................................................... 6

2 Features and Functions........................................................................................................................ 10

2.1 Alliance Lite2 Subscription and Delivery................................................................................................10
2.2 Live and Test Environment.................................................................................................................... 13
2.3 Browser-based Screens........................................................................................................................ 13
2.4 AutoClient.............................................................................................................................................. 15
2.5 Integration Options................................................................................................................................ 17
2.6 Types of End Users............................................................................................................................... 21
2.7 Security Features...................................................................................................................................21
2.8 Accessing the Alliance Lite2 Software...................................................................................................24
2.9 Accessing SWIFT Messaging Services................................................................................................. 25
2.10 Protection of Customer Information....................................................................................................... 26
2.11 Service Availability.................................................................................................................................27

3 System Requirements...........................................................................................................................30

4 Third-Party Software............................................................................................................................. 32

5 Ordering................................................................................................................................................. 33

6 Support and Care Services...................................................................................................................34

6.1 Support.................................................................................................................................................. 34
6.2 Care Alliance Lite2.................................................................................................................................34

7 SWIFT Training...................................................................................................................................... 35

8 Roles and Responsibilities...................................................................................................................36

8.1 SWIFT Integration Layer and Alliance Lite2 Direct Link Licences......................................................... 36
8.2 Users' Responsibilities...........................................................................................................................37

9 Contractual Framework........................................................................................................................ 43

Appendix A List of Available Configuration Changes................................................................................ 45

A.1 Standard Configuration Changes.....................................................................................................................45
A.2 Specific Configuration Changes.......................................................................................................................46

20 March 2020 2
Alliance Lite2 Table of Contents
Service Description

Appendix B Alliance Lite2 Service Levels................................................................................................... 49

Legal Notices................................................................................................................................................... 51

20 March 2020 3
Alliance Lite2 Preface
Service Description

Preface
Purpose of the document
This service description describes the features and functions of Alliance Lite2, the system
requirements, and the available operational services. In addition, the document describes the roles
and responsibilities of SWIFT and the user in relation to Alliance Lite2.
Note This service description together with the SWIFT General Terms and Conditions and
other relevant SWIFT contractual documentation is an integral part of the contractual
arrangements between SWIFT and its customers for the provision and use of Alliance
Lite2.

Audience
This document is for the following audience:
• those who intend to subscribe to or use Alliance Lite2
• Alliance Lite2 users
• Alliance Lifeline users

Significant changes
The following table lists all significant changes to this service description since the release of
January 2019. This table does not include editorial changes that SWIFT makes to improve the
usability and comprehension of the document.

Updated information Location

Inclusion of information related to the unique Accessing SWIFT Messaging Services on page 25
end-to-end transaction reference (UETR)

Update to the USB token activation process Security Features on page 21

Inclusion of additional configuration change Standard Configuration Changes on page 45

(InterAct message output format)

SWIFT-defined terms
In the context of SWIFT documentation, certain terms have a specific meaning. These terms are
called SWIFT-defined terms (for example, user, customer, or SWIFT services and products). The
definitions of the SWIFT-defined terms appear in the SWIFT Glossary.

Related documentation
• Alliance Connect Service Descriptions
• Alliance Lite2 Administration Guide
• Alliance Lite2 Administration Guide - RMA
• Alliance Lite2 AutoClient Release Letter (see the Alliance Lite2 A-Z page)
• Alliance Lite2 AutoClient User Guide
• Alliance Lite2 Direct Link User Guide
• Alliance Lite2 Security Guidance
• Alliance Lite2 support page
• Alliance Lite2 User Guide

20 March 2020 4
Alliance Lite2 Preface
Service Description

• FIN Service Description

• Find Your Way in Alliance Lite2
• HSM Tokens and Cards Terms and Conditions
• Price List for SWIFT Messaging and Solutions
• Pricing and Invoicing - Ordering, Invoicing, and Payment
• SWIFT Advanced Support and Care Services Service Description
• SWIFT By-laws
• SWIFT Certificate Centre Personal Token Software Installation Guide
• SWIFT Certificate Centre Portal User Guide
• SWIFT Community Support Service Description
• SWIFT Services Terms and Conditions
• SWIFT Corporate Rules
• Customer Security Programme SWIFT Customer Security Controls Framework Detailed
Description
• SWIFT Data Retrieval Policy
• SWIFT General Terms and Conditions
• SWIFT Personal Data Protection Policy
• SWIFTNet Messaging Operations Guide
• SWIFTNet Online Operations Manager User Guide
• SWIFTNet Service Description
• SWIFTRef Products Terms and Conditions

20 March 2020 5
Alliance Lite2 Overview of Alliance Lite2
Service Description

1 Overview of Alliance Lite2

Introduction

AutoClient
or Direct Link
USB token Alliance Lite2
or channel certificate
Connection Server
to SWIFT
Secure workflow

USB token
SWIFTNet Interface

Browser AutoClient Internet or Alliance Lite2 All SWIFTNet flows Financial

Interface or Direct Link Alliance Connect Servers (FIN, MT, MX, InterAct, Institutions
FileAct, SWIFT WebAccess)
for automated VPN
flows

Alliance Lite2 Network SWIFT SWIFT Network SWIFT Community

Customer Premises Operating Centres

D1370003
Alliance Lite2 is a hosted service operated by SWIFT, which allows customers to connect to the
SWIFT network. Alliance Lite2 enables SWIFT customers to send and to receive all types of
SWIFT messages and files, manual or automated, with a very light footprint. Alliance Lite2 also
enables the use of all SWIFTNet browse services offered over SWIFTNet upon separate
subscription to these services.

Manual sending and receiving of SWIFT messages and files through browser-based screens
Alliance Lite2 enables customers to enter, approve, send, and receive SWIFT messages and files
using a standard Internet Explorer browser on a Windows PC, and a secure USB token provided
by SWIFT.
Through the browser-based Alliance Lite2 screens, the customer can create and send SWIFT
messages (MT, MX, and FileAct), while validation and approval are performed through a secure
and auditable workflow. This workflow can be configured according to the customer's needs with 4-
eyes control. The SWIFT standards are built in, and SWIFT messages (MT or MX) are validated
against the SWIFT standards.
Customers can manually upload files and send to the counterparty on SWIFTNet as individual
SWIFT messages (MT or MX) or as entire files (FileAct) to the counterparty on SWIFTNet.

Automated sending and receiving through AutoClient

Through its lightweight AutoClient software, Alliance Lite2 offers an easy, file-based way to
integrate SWIFT messaging with customer applications. The AutoClient software runs in the
background on a Windows PC, and automatically uploads and downloads messages and files to
and from SWIFT counterparties in a secure and reliable way.

20 March 2020 6
Alliance Lite2 Overview of Alliance Lite2
Service Description

SWIFT Integration Layer - integration framework

SWIFT Integration Layer is a SWIFT generic integration framework that, in the context of Alliance
Lite2, is paired with Alliance Lite2 AutoClient in order to address customers' specific message
handling needs (for example, formats, protocols).
For more information about SWIFT Integration Layer, see the SWIFT Integration Layer Service
Description.

Alliance Lite2 Direct Link - integration framework

Alliance Lite2 Direct Link is an advanced version of SWIFT Integration Layer. It enables the
communication with the Alliance Lite2 service and is designed to enable the creation of integration
solutions beyond the file-based integration offered by Alliance Lite2 AutoClient.
Alliance Lite2 Direct Link is a framework for integration, not a turnkey product. It is an integration
product providing core transformation and connectivity services, in which custom logic is developed
to address the specific integration requirements of a customer.
SWIFT Professional Services must design, develop, and test this custom logic for the customer's
solution in the scope of a separate integration project. An integration project can be as simple as
establishing a connection between a business application that already uses standard SWIFT
message formats and Alliance Lite2, or can include custom logic needed to transform proprietary
messages to standard SWIFT message formats.
When planning an integration project, SWIFT Professional Services and customer staff must work
together to identify business needs. SWIFT Professional Services then use the Alliance Lite2 Direct
Link development features to implement connectivity with a business application, develop custom
logic for message transformation, and define integration flows. After testing, the integration solution
is deployed in a customer's production environment for run-time use.
Integration projects can support services based on FIN, InterAct, or FileAct. Depending on a
customer's Alliance Lite2 licence, single-BIC or multi-BIC configuration can be implemented.
In summary, a business application can connect to SWIFT over Alliance Lite2. The business
application communicates with Alliance Lite2 Direct Link, which runs the custom logic to map these
proprietary formats to the standard SWIFT formats that can be exchanged with SWIFT over
Alliance Lite2.
For more information about how Alliance Lite2 Direct Link interacts with a customer's business
application, see Integrating with Business Applications on page 18.

Other functions accessible through the browser-based screens

The browser-based screens also offer access to the following functions:
• SWIFT - BIC Directory
• Relationship Management Application (RMA) (see Other functions on page 15)
• Browse services on SWIFTNet to which the customer has subscribed
• Message template management (see Message drafts and templates on page 13)
• Message search and report (see Message and file receipt on page 14)
• Security management (see Other functions on page 15)
The browser-based screens also enable trusted staff at the customer side to grant users access to
Alliance Lite2, to assign permissions at various levels to these users, and, through the SWIFT
Certificate Centre, to initialise a SWIFT secure personal USB token for each user.

20 March 2020 7
Alliance Lite2 Overview of Alliance Lite2
Service Description

VPN or Internet connectivity

Alliance Lite2 customers can use a broadband Internet connection to access Alliance Lite2 screens
or to use AutoClient. However, SWIFT strongly recommends that Alliance Lite2 customers use
Alliance Connect VPN boxes to connect to SWIFT and use SWIFT's Virtual Private Network (VPN),
also called the SWIFT Secure IP Network (SIPN). A separate subscription is required to access
SWIFT's Alliance Connect products (Alliance Connect Bronze/Silver/Silver Plus/Gold).
The use of SWIFT's VPN through Alliance Connect is optional if the customer uses tokens, but is
mandatory if the customer uses channel certificates. Customers can ask SWIFT to disable Internet
access for all their users, allowing access only through SWIFT's VPN.
For Alliance Lite2 Direct Link customers, it is mandatory to use SWIFT's Virtual Private Network
(VPN). Customers must subscribe to one of SWIFT's Alliance Connect products (Alliance Connect
Bronze/Silver/Silver Plus/Gold).
Note The subscription to the SWIFT Secure IP Network (SIPN) only becomes active after a
subsequent Alliance Lite2 allowable downtime window (ADW, see Service Availability
on page 27).

Security
Alliance Lite2 offers the following security features:
• Encrypted and authenticated communication
All communication between the user and the Alliance Lite2 servers is encrypted and protected
by 2-way authenticated TLS sessions.
• Hardware security tokens
The security tokens used on Alliance Lite2 are SWIFT-specific tamper-resistant hardware USB
tokens, used for strong authentication and highly secure digital signing. When initialising a
token, a 2048-bit PKI public/private key pair is generated on it and the user assigns a personal
password to the token. The secret PKI private key never leaves the token and cannot be
extracted from it. The public key is certified by SWIFT and the certificate is stored on the token.
Only a person in possession of such a token, and who knows the password for that token, can
access Alliance Lite2's browser-based screens and sign messages or files. The password of the
token is used locally on the user's PC to access the token, and that password never travels over
the Internet. The calculation of digital signatures occurs on the token. This provides strong two-
factor authentication and signing.
• Channel certificates
A channel certificate is an encrypted, disk-based profile file that provides a means for SWIFT to
authenticate the identity of an application. On Alliance Lite2, channel certificates can only be
used on AutoClient, not by operators to access the browser-based screens. Channel certificates
are optional, and provide as advantage that the use of a USB token can be avoided on
AutoClient. The use of channel certificates on AutoClient does require that AutoClient connects
to SWIFT over SWIFT's Virtual Private Network (VPN) with an Alliance Connect product (VPN
box) owned by the same customer who owns the channel certificate.
For more information about tokens and channel certificates, see Security Features on page 21,
and Channel Certificates on page 37.
SWIFT certifies the PKI public keys using SWIFT's own Certification Authority (CA).
The specific security requirements for Alliance Lite2 must build on, and be integrated with, the
customer's existing security infrastructure.
Customers have ultimate responsibility for ensuring that they follow secure browsing practices.

20 March 2020 8
Alliance Lite2 Overview of Alliance Lite2
Service Description

For more detailed descriptions about how the customer can achieve these goals, see Security
Features on page 21 and Users' Responsibilities on page 37.

20 March 2020 9
Alliance Lite2 Features and Functions
Service Description

2 Features and Functions

This section covers the following topics:
• The services and products included in the subscription (see Included Services and Products on
page 10)
• The features available in the following 2 key components of Alliance Lite2:
- Browser-based screens (see Browser-based Screens on page 13)
- AutoClient (see AutoClient on page 15)
• The types of services offered (see Live and Test Environment on page 13)
• The types of Alliance Lite2 end users (see Types of End Users on page 21)
• Details about security management (see Security Features on page 21)
• The Alliance Lite2 software (see Accessing the Alliance Lite2 Software on page 24)
• The processing of messages and files (see Accessing SWIFT Messaging Services on page
25)
• The storage and retrieval of messages and files (see Protection of Customer Information on
page 26)
• The availability of the Alliance Lite2 service (see Service Availability on page 27)

2.1 Alliance Lite2 Subscription and Delivery

2.1.1 Included Services and Products

Overview
The Alliance Lite2 subscription automatically includes a subscription to the following SWIFT
services and products:
• SWIFTNet PKI (including Alliance Lite2-related certificates)
• online access to the Bankers World Online BIC
• online access to the Knowledge Centre (User Handbook) for all the users that are registered to
www.swift.com
• RMA Plus option
• subject to applicable eligibility criteria and other conditions, other SWIFT services and products
accessed through the Alliance Lite2, such as FIN (MT messages), InterAct (MX messages), or
generic FileAct in real-time mode in a many-to-many environment, in a Market infrastructure and
a Member-Administered Closed User Group or in SCORE.
In the case of FIN, the Alliance Lite2 user also automatically subscribes to RMA for Live
operations.
By optional subscription, Alliance Lite2 also supports access to SWIFT WebAccess services on
SWIFTNet, subject to applicable eligibility criteria and other conditions.

20 March 2020 10
Alliance Lite2 Features and Functions
Service Description

Delivery and standard set-up services

Each Alliance Lite2 user is entitled to a welcome package that includes the following item:
• a set of 10 USB hardware security tokens (personal tokens)
The software driver for personal tokens can be downloaded from SWIFT Certificate Centre.
Alliance Lite2 comes with mandatory set-up services enabling a faster implementation and a more
efficient usage of the SWIFT connectivity. The set-up services are tailored to customer
requirements. They ensure that customers acquire a basic understanding of SWIFT terminology,
understand how to send files and messages using Alliance Lite2, are able to conduct day-to-day
Alliance Lite2 tasks, and receive a configuration corresponding to their needs.
Additional options are available such as integration services. Each customer subscribing to Alliance
Lite2 will receive an Alliance Lite2 Set-up Services Service Proposal, detailing the service offering
and the specific legal terms applicable to the set-up services. For more information about set-up
services, customers can contact their Account Manager.

2.1.2 Payable Configuration Changes

Definition
Alliance Lite2 comes with a default configuration in terms of operator profiles, unit definition, and
messaging flows. Customers can request SWIFT to customise their configuration as a payable
service. The configuration customisation can be requested either during the initial Alliance Lite2
set-up, through the set-up services, or later on, for ad-hoc changes, through configuration change
requests that customers can submit to SWIFT Support. SWIFT reserves the right to reject
configuration changes.
Any other customisation request will be first assessed by SWIFT to confirm feasibility and price.
Customised requests and configuration changes that are related to the implementation of a new
business flow into Alliance Lite2, or that are triggered by the implementation of a new project within
the customer's organisation will be treated through a bespoke Services Proposal.
The possible configuration changes are divided into standard configuration changes and specific
configuration changes, each with a different price. For the list of possible configuration changes,
see List of Available Configuration Changes on page 45.
Note Removing a configuration change should also be requested from SWIFT Support and
is subject to a charge that will be specified in a separate Services Proposal.

Implementation timeline for configuration changes

SWIFT analyses each configuration change request and confirms its findings with the customer.
After customer confirmation, SWIFT first implements the change in the Test and Training
environment, during an Alliance Lite2 allowable downtime window (see Planned unavailability in
Service Availability on page 27), and then requests customer validation and confirmation in
writing. When the customer has successfully validated and confirmed the change in the Test and
Training environment, SWIFT implements the exact same change in the Live environment, during
an Alliance Lite2 allowable downtime window (ADW).

20 March 2020 11
Alliance Lite2 Features and Functions
Service Description

A typical implementation thus requires a minimum of two Alliance Lite2 ADWs (that is, if
provisioning is allowed during those allowable downtime windows) to have a configuration change
implemented in the Live environment.

Alliance Lite2 configuration change estimated timeline

The implementation timeline of an Alliance Lite2 configuration change depends on the nature of the
change request and the customer's prompt actions. The following table describes a typical
configuration flow, for information purpose only:

WHEN WHO/WHAT

Customer SWIFT
Requests configuration Analyses change and
change requests validation
1 2
Max 2 days

Customer
Confirms configuration
3 change
Thursday at
the latest (t)
SWIFT
Implements in
Test and Training
4
SWIFT ADW
Min: t + 9 days
Customer
Tests and validates
5 configuration change
Monday at
the latest (t’)
SWIFT
Implements in
Live
6
SWIFT ADW
Min: t’ + 5 days
D1370009

Emergency requests
The implementation timeline (see Implementation timeline for configuration changes on page 11) is
established based on the standard SWIFT change management process. Customers requiring the
implementation of a configuration change sooner than the estimated default timeline can request
this from SWIFT. SWIFT will review the request and accept or reject it at its full discretion. SWIFT
will not implement those requests that will have an impact on the general availability of the Alliance
Lite2 service. If accepted by SWIFT, an emergency request will be charged at an additional fee.

Cancellation requests
Once configuration changes are confirmed for implementation, requests to cancel the
implementation will be considered as payable emergency requests. The same principle applies for
requests to change the go-live date.

20 March 2020 12
Alliance Lite2 Features and Functions
Service Description

2.2 Live and Test Environment

The Alliance Lite2 offers two types of environments:
• Live environment
This environment is used to send live business FIN (MT) messages, InterAct (MX) messages,
and FileAct files, and to browse to live SWIFT WebAccess services over SWIFTNet (through an
optional subscription).
• Test environment
This environment allows users to exchange FIN (MT) Test and Training messages, InterAct
(MX) test messages, and FileAct test files. It also allows users to test SWIFT WebAccess
services over SWIFTNet (through an optional subscription).

Message validation in Test and Training

SWIFT implements the annual SWIFT Standards release in the test environment at least 6 weeks
before the annual FIN Standards release changeover date, to enable customers to test in Test and
Training mode.
For information about how to activate future mode testing, see Specific Configuration Changes on
page 46.

2.3 Browser-based Screens

Features
The Alliance Lite2 browser-based screens offer various features as described in this section. The
user's role profile determines which features the user can use.

Message creation
• Message creation through screens that indicate which fields are mandatory or optional, and that
provide assistance in entering the values of fields, for example, with date pickers, code word
drop-down lists, and BIC choosers.
The message creation screens allow users to enter MT or MX messages, and support the full
SWIFTStandards (all fields and options) of these MT and MX messages.
Alliance Lite2 validates the messages against the SWIFTStandards syntax before sending them
on to SWIFT, and reports any errors against the SWIFTStandard syntax to the user.
Alliance Lite2 provides the possibility to use message drafts and templates (see Message drafts
and templates on page 13).
• Optional creation of messages in 'fast' mode, which allows to enter (or copy and paste) a
message in 'raw' MT or MX syntax.
• Upload of files with MT or MX messages
Users can upload files with MT messages (RJE file format) or MX messages (XMLv2 file
format). These messages can then be approved individually or in bulk on the screens.
• Alliance Lite2 supports the creation, modification, and reception of gpi-enabled messages.

Message drafts and templates

• Save messages as drafts
• Modify draft messages

20 March 2020 13
Alliance Lite2 Features and Functions
Service Description

• Save messages as templates

Customer-defined templates allow the re-use of frequently used message data.
• Modify templates
• Create a message from a template

Message verification, approval, and sending

• Submission of messages for internal verification or authorisation, or for direct emission to
SWIFT. The actions that are possible depend on the permissions of the user, and on the
workflow as configured per the customer's requirements.
• 4-eyes authorisation of messages prior to emission.
• Verification of messages prior to authorisation. Verification is the blind re-key of important fields
(such as amount) in the message by a second user that cannot see the value that was entered
in that field by the first user.
• Message status and history (audit trail)
Alliance Lite2 keeps track of the status of messages until they are sent. Alliance Lite2 reconciles
acknowledgements (positive or negative) with the original sent message, and keeps track of a
history (audit trail) per message. The audit trail indicates which users performed which actions
on the message.
Note Drafts or messages in an incomplete state will be kept available for a period of 14
days, after which they will be cancelled (completed).
Messages awaiting approval will be kept available for a period of 14 days, after which
they will be cancelled (completed).

Data retention
Alliance Lite2 keeps all messages and the related audit trails available online for a period of 124
days after the initial message emission or reception. After this 124-day period, as per a regular
housekeeping process, SWIFT deletes the messages that are older than 124 days from the
Alliance Lite2 database.
Note Alliance Lite2 does not provide by default a local copy of all messages processed. If
customers want to keep their messages for longer than the 124 days period, then they
must request SWIFT to perform a configuration change that will ensure a local copy,
through the AutoClient, of all their messages.

Sending FileAct files

• Sending FileAct files
Users can upload FileAct files using the browser-based screens of Alliance Lite2, enter the
FileAct parameters on screen, and authorise (send) the file.
• FileAct get function
Users can initiate a FileAct get using the browser-based screens of Alliance Lite2, to request
the download of a FileAct file from a counterparty on SWIFTNet.

Message and file receipt

• Receiving MT and MX messages
Received messages can be viewed through the message search and report function.
• Receiving FileAct files
Received FileAct files can be downloaded from the message search and report function.

20 March 2020 14
Alliance Lite2 Features and Functions
Service Description

• Viewing, searching, printing and reporting of messages in various formats (PDF, XLS, CSV,
HTML)
SWIFT keeps all messages and related audit trails available online for a period of 124 days
after the initial message emission.

Other functions
• Access to reference data: the entire BIC Directory, all ISO country codes and currency codes.
• Access to the Relationship Management Application (RMA)
Alliance Lite2 allows users to exchange RMA authorisations with correspondents for the
Relationship Management Application. Viewing and revoking RMA is supported, as well as RMA
queries and answers.
• Use of security management functions
Security management functions are under the sole control of the customer's Alliance Lite2
security officers and include the creation and the deletion of users on Alliance Lite2, and the
assignment of roles to these users. These functions also include access to SWIFT's Online
Operations Manager for the creation of SWIFTNet distinguished names, the generation of initial
activation codes for personal certificates and for channel certificates, and the assignment of
SWIFTNet roles (RBAC roles) to users.
• SWIFT WebAccess over SWIFTNet
Customers who have subscribed to the SWIFT WebAccess service on SWIFTNet can browse to
that service through Alliance Lite2.
• Extraction of information from event journals or audits trails
Alliance Lite2 does not allow customers to extract information from event journals or audit trails.
In the exceptional circumstance where the investigation of a problem requires information from
event journals or audit trails, customers can request SWIFT to extract the information by
referring to specific logs (for example, date, operator ID). SWIFT is not in a position to act upon
general or extensive requests to retrieve data from those databases.

Related information
Users' Responsibilities on page 37
Alliance Lite2 User Guide
Alliance Lite2 Administration Guide
Alliance Lite2 Administration Guide - RMA

2.4 AutoClient
Features
AutoClient is an application that provides file-based communication to and from the FIN, InterAct,
and FileAct services through the Alliance Lite2 server.
With AutoClient, users can send and receive the following types of messages and files in a fully
automated way:
• FIN MT messages in a simple text file format (RJE format, XMLv2)
Files that use the same format as on Alliance Access or Alliance Entry. These files can contain
any MT message, including system messages (for reception only), with the exception of Select/
Quit and MT 047. Received files can also contain the positive or negative acknowledgements
for sent messages.

20 March 2020 15
Alliance Lite2 Features and Functions
Service Description

Several RJE or XMLv2 messages can be included in a single file.

Note To receive files in XMLv2 format, a configuration change in AutoClient is required
and can be requested to SWIFT.
• MX messages in XMLv2 file format
Files that use the same format as on Alliance Access or Alliance Entry. These files can contain
any number and type of MX messages. Note that to use this feature, AutoClient version 1.2.1 or
above is required.
• FileAct files
Files of any format (proprietary, domestic, national or counterparty-specific format) and
formatted to the extent required by the specifications of the Closed User Group or the service
provider.
To send FileAct files, AutoClient requires parameters. These parameters are contained in a
parameter file (also called companion file) that can be in either of the following 3 formats:
- Text format, compatible with Alliance Lite2
- XML format, compatible with Alliance Lite2
- XMLv2 format, compatible with Alliance Access
A configuration file can be used, by the Alliance Lite2 administrator, to avoid that the customer's
application has to provide these parameters.

Folders
Users prepare files on a back-office application for transmission, and then AutoClient directs the
files to the Alliance Lite2 server through a directory structure.
AutoClient makes received files available to a customer's back-office application using the same
directory structure. The received files can contain messages from other SWIFT users, messages
about the status of the files sent through AutoClient, or can be FileAct files. By default, ACKs/NAKs
of messages created in the browser are not returned to AutoClient. Using AutoClient customers
can download a maximum of 30 days of messages. AutoClient downloads received files only once.
AutoClient processes the content of the following pre-defined folders:
• Emission folder
Contains all files that Alliance Lite2 is due to transmit.
• Reception folder
Contains all files that Alliance Lite2 receives for the correspondent.
• Errors folder
Contains errors generated by AutoClient (FIN, MX, and FileAct).
• Archive folder
Contains any file that has successfully been transmitted by Alliance Lite2.

Message handling
On the Alliance Lite2 browser-based screens, operators can view individual FIN and MX messages
that AutoClient has imported through RJE files and XMLv2 files. They can approve or reject these
messages, either individually or in bulk.
By default, files and messages submitted through AutoClient to the Alliance Lite2 server do not
require an approval. However, customers can request a manual approval configuration.

20 March 2020 16
Alliance Lite2 Features and Functions
Service Description

Files exchanged between the customer back-office and the AutoClient software can be locally
checked for authentication and integrity of the information.

Operation
1. AutoClient runs in the background and therefore does not have a user interface.
2. Operators can check the AutoClient icon in the Windows taskbar to see the status of
AutoClient, that is, whether it is running or not. Operators can click this icon to start or to stop
the AutoClient monitoring. Alternatively, operators can use the Windows command line to check
the status of AutoClient, and to start or stop it.
3. Operators must monitor that the uploaded files are moved from the emission folder to the
archive folder, which indicates the successful upload of the file, and they must check the error
folder for files that fail to be uploaded. They must also ensure that acknowledgements are
received in the reception folder for sent MT or MX messages, and that files with a .ok
extension are received in the reception folder for sent FileAct files.
4. Operators can start AutoClient from the Windows taskbar, from the Windows start menu, or
from the Windows command line.
5. The customer's security officers can activate several AutoClient tokens, or AutoClient channel
certificates, if desired. This allows to set up several standby instances of AutoClient. Only one
AutoClient instance should be active (started and running). If two or more AutoClient instances
are running at the same time, then they will all receive the same messages and files. If a
(standby) AutoClient instance is started, then it will automatically receive all files that this
instance has not yet received, up to maximum 30 days history.

Related information
Users' Responsibilities on page 37
Alliance Lite2 AutoClient User Guide

2.5 Integration Options

Features
For the users of the Alliance Lite2 platform who have more complex requirements for message
processing, SWIFT offers two products, SWIFT Integration Layer and Alliance Lite2 Direct Link, as
outlined in Overview of Alliance Lite2 on page 6.
Alliance Lite2 Direct Link is an integration product providing core transformation and connectivity
services, in which custom logic is developed to address the specific integration requirements of
customers connecting to SWIFTNet using Alliance Lite2.
This section outlines the features and functions included in Alliance Lite2 Direct Link and SWIFT
Integration Layer.
Wherever this document specifies that a task is the customer's responsibility, that task may be
performed, at the customer's choice, by one of the following entities or means:
• the customer
• SWIFT Professional Services

Related information
Users' Responsibilities on page 37
Alliance Lite2 AutoClient User Guide
Alliance Lite2 Direct Link User Guide

20 March 2020 17
Alliance Lite2 Features and Functions
Service Description

2.5.1 Integrating with Business Applications

Connectors for business application connectivity
SWIFT Integration Layer, the SWIFT integration technology embedded in Alliance Lite2 Direct Link,
provides a large number of low-level connectivity libraries, often referred to as 'qualified adapters'.
Some of the most commonly used are, for example, File, Web services, IBM MQ. These libraries
enable customers to build connectors for most business applications.

SWIFT Message standards

Alliance Lite2 supports the following message standards:
• MT message structure that can be found in SWIFT libraries, which are located in and used by
the mapping tool of Alliance Lite2 Direct Link .
• MX messages (Deployment Packages available from SWIFT or schemas available from the ISO
20022 web site)

Data, file, formats and, transformations

Business applications can exchange information with Alliance Lite2 Direct Link in almost any
format. Some examples of formats are comma-separated value (CSV), fixed-length records,
Microsoft Excel files, or RJE files. The custom logic defined as part of an integration project
transforms the content from proprietary format to a SWIFT standard format, and vice versa.
Content of a file to be sent from a business application to Alliance Lite2 can be transformed to
contain MT or MX messages.
Likewise, flows handling files received from Alliance Lite2 can transform the content to messages
in a proprietary format, MX-formatted messages, or MT-formatted messages.
File content for pass-through flows in either direction is transparent to Alliance Lite2. A pass-
through flow can include messages in any format relevant for the sender and the receiver.

2.5.2 Message Validation and Transformation

Message validation requires custom logic
Alliance Lite2 Direct Link does not provide any message validation out of the box. A customer must
work with SWIFT Professional Services to determine specific validation needs in the scope of an
integration project. Based on the agreed needs, custom logic for validation can be developed for
use in a customer's environment.

Optional proprietary message validation

Custom logic can be implemented to validate content of proprietary messages before they are
transformed to MT or MX messages.

Optional MX schema validation

Custom logic can be implemented to support MX schema validation. SWIFT Professional Services
can develop any custom logic needed to perform cross-field validations or other validations.

Optional FIN semantic validation

Custom logic can be implemented to support FIN semantic validation. SWIFT Professional
Services can develop any custom logic needed to perform cross-field validations or other
validations for ISO 7775/15022 message formats.

20 March 2020 18
Alliance Lite2 Features and Functions
Service Description

Support for message format transformation

Alliance Lite2 Direct Link does not include any pre-built transformation services for business
messages. SWIFT Professional Services can implement any necessary transformation logic, using
the features provided with Alliance Lite2 Direct Link.
On the flow from a business application to Alliance Lite2, custom logic implemented in Alliance
Lite2 Direct Link can transform proprietary messages to SWIFT standard message formats.
Custom logic must also be developed to transform the related ACK/NAK or notifications.
On the flow from Alliance Lite2 to a business application, custom logic implemented in Alliance
Lite2 Direct Link can transform standard MT, MX, or FpML messages to the customer's proprietary
format.

Transformation tools
Alliance Lite2 Direct Link includes a mapping tool to assist SWIFT Professional Services in the
development of custom logic for transforming proprietary messages to SWIFT standard messages
and vice versa. Alliance Lite2 Direct Link includes utilities that SWIFT Professional Services can
use for transformation to and from the structures needed for data exchanged with Alliance Lite2.

2.5.3 Business Flows Definition

Identify generic patterns
SWIFT Professional Services and customer staff must jointly discuss the processing needs for an
integration project. Further analysis must then identify the relevant patterns to use when developing
custom logic for business flows.
Alliance Lite2 Direct Link supports generic integration patterns. Under specific conditions, some of
the following generic patterns could be used:
• Single to single
A single message of one format is transformed to a single message of a different format.
A file containing multiple messages is processed without transforming any messages in the file
(that is, a pass-through flow).
• Group to group
A group of messages, typically a file, is split into individual messages, each of which is
transformed to a different format. The transformed messages are subsequently grouped again
and sent for further processing.
• Singles to group
Individual messages are grouped according to a set of criteria. The resulting group of messages
is sent for further processing.
• Group to singles
A group of messages is split into individual messages, each of which is transformed to a
different format. The resulting individual messages are sent for further processing.

Combining patterns into flows

The generic patterns can be seen as building blocks. When these patterns are used with specific
connectors and flow direction is considered, most basic integration activity can be modelled.
SWIFT Professional Services performs analysis using generic patterns and enterprise integration
patterns in their activities to develop custom logic for integration projects. The mapping for
proprietary message exchange requires more specific analysis and development.

20 March 2020 19
Alliance Lite2 Features and Functions
Service Description

2.5.4 Monitoring
Event logging
SWIFT Integration Layer, the SWIFT integration technology embedded in Alliance Lite2 Direct Link,
generates both business-related events and technical events. These events are visible through the
audit trail monitoring feature. The audit trail content can be viewed as XML or CSV.

E-mail distribution of events

Through SWIFT Professional Services, customers can configure Alliance Lite2 Direct Link to use e-
mail to report events. The event reporting by means of e-mail is based on the severity level of
events that Alliance Lite2 Direct Link logs. Such e-mail must be sent within the customer's SMTP
infrastructure.

2.5.5 Resilience
Alliance Lite2 Direct Link is a lightweight and stateless product without any message storage. As
such, it relies on the resiliency of the customer's business application connector and on Alliance
Lite2.
To assure smooth recovery in the event of an outage of Alliance Lite2 Direct Link (due to process
stoppage or hardware issues, for example) all aspects of the recovery procedure must be
analysed. SWIFT Professional Services, together with the customer, must design, implement, and
test recovery aspects in the scope of an integration project.

2.5.6 Solution Configuration

Connector configuration
The customer needs to configure connectors as appropriate to allow exchanging content between
a business application and Alliance Lite2 Direct Link in respect to its specific requirements and
infrastructure.

Integration solution configuration

SWIFT Professional Services may develop custom logic that requires a customer to define
configuration settings. Such settings could be related to connectivity with a business application, or
could be related to parameters needed for integration logic to work properly. Alliance Lite2 Direct
Link provides a mechanism allowing customer operations staff to define any required settings for
the integration solution.

Storage of configuration settings

The configuration uses a properties file to store relevant values. The properties file provides a way
to indicate if a value such as a password needs to be stored as an encrypted value.
If needed, configuration settings defined in a properties file can be updated after an integration
solution has been deployed. Typically the updated values are available for use after a restart.

20 March 2020 20
Alliance Lite2 Features and Functions
Service Description

2.6 Types of End Users

AutoClient operator
An AutoClient operator, appointed by the customer, controls the running of the AutoClient
application, and integrates it with the back-office application.

Business user
A business user can use the browser-based screens to create, view, and approve messages,
access SWIFT WebAccess services, and other screen functions, according to the roles assigned to
this user by the customer's security officers.

Security officer
The two Alliance Lite2 security officers appointed by the customer are responsible for the following
tasks:
• configuration of Alliance Lite2, and creation, maintenance, and deletion of the records of the
business users
• generation of the initial activation codes for the personal certificates, and handover of the initial
activation code to the intended user or AutoClient operator
• generation of the initial activation code for the channel certificates, and handover of the initial
activation code to the intended AutoClient operator
• assignment of roles to business users
The Alliance Lite2 security officers must have access to the SWIFT Online Operations Manager
and to the SWIFT Secure Channel application (for offline intervention requests in case online
access is not available).
SWIFT recommends that security officers, through the SWIFT Online Operations Manager, request
the generation of a report for all certificates on a monthly basis to be able to monitor the certificate
expiry dates and to renew them on time.

Shared security officer

When subscribing to Alliance Lite2, the customer acknowledges and accepts that SWIFT is
automatically appointed as shared security officer with respect to the storage and the management
of the customer's SWIFTNet PKI certificates. SWIFT applies the 4-eyes principle when performing
SWIFTNet PKI certificates management. Any other reference to security officers contained in this
service description or other related documentation will be deemed to be made only with regards to
the Alliance Lite2 security officers appointed by the customer himself as explained in Security
officer on page 21.

Related information
SWIFTNet Online Operations Manager User Guide

2.7 Security Features

SWIFT personal hardware tokens (USB tokens)
The left Alliance Lite2 security officer receives from SWIFT a box of hardware tokens (USB
tokens). The right Alliance Lite2 security officer receives by e-mail the initial token password that
was assigned to all the tokens in the box.

20 March 2020 21
Alliance Lite2 Features and Functions
Service Description

To activate the tokens, the left and right security officers must first work together to submit a Secure
Channel security request ('recover a pki certificate'). When SWIFT has processed the request, the
security officers receive an e-mail containing a link to the SWIFT Certificate Centre where they can
activate their own token. The security officers then assign a password to their token, which is only
known by themselves.
It is the responsibility of the Alliance Lite2 security officers to configure the tokens for the business
users and for AutoClient. SWIFT offers the services of SWIFT-certified engineers to assist with this
initial set-up.
Each Alliance Lite2 security officer and each Alliance Lite2 business user has a personal hardware
token. The security officer or the business user must plug his own token into a USB port of the
computer, and then must enter the token's password each time the token is used. After five
consecutive failed attempts to enter the valid password, the token is locked.
A token contains a certificate and its private key, a processor chip, and the algorithm to calculate
the digital signature on the token. The private key of the certificate never leaves the token. The
certificate operates at a personal level. It is not possible to put other software or data on these
tokens.

Channel certificates
A channel certificate is an encrypted, disk-based profile file that provides a way for SWIFT to
authenticate the identity of an application. The Alliance Lite2 AutoClient application is authenticated
through a 2048-bits PKI private key that is generated at customer premises.
Alliance Lite2 supports channel certificates as an alternative means to physical tokens for securing
the connection between the Alliance Lite2 AutoClient or Direct Link instance at customer premises
and SWIFT.
Alliance Lite2 supports channel certificates on Windows, yet channel certificates mandate the use
of the SWIFT VPN connection over an Alliance Connect product (VPN box) that belongs to the
owner of the channel certificate. To prevent misuse of channel certificates, SWIFT ensures that
channel certificates cannot be used by a VPN box having an IP address outside the range of IP
addresses that is linked to the BIC of the certificate. In addition, channel certificates are only
permitted for application-to-application flows, not for human-to-application flows, such as browse
services.
The policy ID for channel certificates is 1.3.21.6.3.10.100.1.
Token management functions
For token management functions, see the SWIFT Certificate Centre Portal User Guide.

Back-up security officer

SWIFT strongly recommends that the two Alliance Lite2 security officers appoint a third person as
the back-up in case one of the two Alliance Lite2 security officers is not available. For example, if
one of the Alliance Lite2 security officers has left the customer's institution, then the two remaining
Alliance Lite2 security officers can perform the necessary actions, for instance, retrieve the USB
token, revoke the certificate and remove the associated www.swift.com administrator account of
the security officer that has left the customer's institution, grant the security officer role to new
security officers. These actions require the authorisation of two security officers, therefore it is
necessary that a third security officer token is created and approved.
If one of the security officers changes, then the customer must inform SWIFT by registering the
new user on www.swift.com and then registering this new user as an offline security officer by
means of the SWIFT Secure Channel application.
For more details on the procedure, see the knowledge base tip 5017169.

20 March 2020 22
Alliance Lite2 Features and Functions
Service Description

4-eyes principle
The following operations are carried out under the 4-eyes principle:
• Creation and modification of the Alliance Lite2 user records
Requires the approval of at least two Alliance Lite2 security officers.
• Dual processing of messages created in the browser-based screens
A central workflow handles the message creation and approval. Alliance Lite2 security officers
can configure the application in such a way that a second business user must approve a
message before that message is released to SWIFT. SWIFT strongly recommends that the
Alliance Lite2 security officers configure the application in such a way that two different business
users must process a message before that message is released to SWIFT. SWIFT recommends
that this dual processing of messages is performed on two different PCs.
• Approval of transactions from AutoClient
By default, files and messages submitted through AutoClient to the Alliance Lite2 server do not
require approval. SWIFT strongly recommends that Alliance Lite2 customers request SWIFT for
a configuration change in such a way that the transactions from AutoClient must be approved
before they are released to SWIFT.

Business user profiles

Business users can have specific profiles, such as creator, approver, or viewer. It is also possible,
upon request, to make payable configuration changes, to define amount limits per transaction for
the creation and the approval of transactions, and to establish an approved list of usable bank
accounts, known as whitelisting.

PKI-based security
Alliance Lite2 customers are identified on SWIFTNet using BICs, just like any other SWIFTNet
customer.
All SWIFTNet messages or files initiated by, or intended for, Alliance Lite2 customers are signed
with standard SWIFTNet PKI certificates associated with the BICs of the customer, like any
message exchanged between other SWIFTNet customers.
Relationship Management Application authorisation messages must also be exchanged with
Alliance Lite2 users when required, such as for authenticated FIN messages.
A BIC identifies each Alliance Lite2 customer, and the Alliance Lite2 user has two identities:
• one identity for access to the Alliance Lite2 server
• a second identity to exchange messages or files over SWIFTNet. Only the second identity is
visible to other SWIFTNet customers.
An Alliance Lite2 user is authenticated towards the Alliance Lite2 server through a 2048-bit PKI
private key that is generated at the user's premises. That PKI credential is protected in, and never
leaves the FIPS 140-2-level3-compliant USB token.
The USB token uses the private PKI key to sign the most sensitive operations that the user creates
and sends to the Alliance Lite2 server. To activate the USB token, the user must enter the
password.

Encryption
All exchanges with Alliance Lite2 through the Internet are fully encrypted using standard HTTPS
(TLS 1.2) and a strong encryption algorithm.
Note A strong encryption algorithm means the highest priority with the Cipher Suite
TLS_RSA_WITH_AES_256_CBC_SHA.

20 March 2020 23
Alliance Lite2 Features and Functions
Service Description

Local Authentication option on AutoClient

Users can, optionally, configure AutoClient to check and produce a signature (Local Authentication
[LAU]) that accompanies FIN MT (RJE or XMLv2) files, and/or FileAct files, and/or XMLv2 files.
This LAU signature protects these files from tampering, when the files are in transit between
AutoClient and the customer's application that produces or processes these files.
Implementing LAU is optional. When LAU is implemented, a secret key is shared between
AutoClient and the customer's application at the time of configuration. Both the AutoClient and the
customer's application verify and produce LAU signatures according to the algorithm that is
described in the Alliance Lite2 AutoClient User Guide. SWIFT strongly recommends configuring/
using LAU between customer's application and AutoClient.

2.8 Accessing the Alliance Lite2 Software

Key components
The Alliance Lite2 application consists of the following components:
• The Alliance Lite2 browser-based screens
The Alliance Lite2 browser-based screens run inside a Microsoft Internet Explorer browser.
SConnect must be present on this Internet Explorer.
To access the Alliance Lite2 browser-based screens, business users must insert their personal
hardware security token into a USB port of the PC from which they access the application. To
use this hardware security token, users must install driver software on the Microsoft Windows
workstation. Users can find this driver software in the SWIFT Certificate Centre.
• AutoClient
AutoClient has specific software that users must install on the AutoClient PC. Users can find the
AutoClient software in the Alliance Lite2 box, or they can download the AutoClient software from
the Download Centre.
Users of AutoClient must insert an AutoClient hardware security token into a USB port of the PC
on which AutoClient is installed. Alternatively, AutoClient can be configured with a channel
certificate. In that case, no token or USB port is required to use AutoClient, however AutoClient
must connect to SWIFT over an Alliance Connect VPN box.
Windows administrator rights are required to install the AutoClient software. The same rights are
required to install the driver software for the hardware security tokens for the Alliance Lite2
browser-based screens and AutoClient.
Users can operate Alliance Lite2, both browser and AutoClient, from a Windows account that
does not have Windows administrator rights.
• SWIFT Integration Layer and Alliance Lite2 Direct Link
SWIFT Integration Layer and Alliance Lite2 Direct Link are supported on Microsoft Windows
and Red Hat Enterprise Linux operating systems. Depending on the operating system, a
customer can optionally run SWIFT Integration Layer as a Windows service or a daemon (on
Linux). Note that hardware security tokens are not supported on Linux.
SWIFT Integration Layer and Alliance Lite2 Direct Link do not provide a GUI.
The lightweight nature of SWIFT Integration Layer and Alliance Lite2 Direct Link allows for an
easy-to-manage, highly resilient integration solution. This lightweight nature also means that
functions dependent on message storage, such as message archive and message
investigation, are not available within SWIFT Integration Layer and Alliance Lite2 Direct Link.

20 March 2020 24
Alliance Lite2 Features and Functions
Service Description

SWIFT Integration Layer and Alliance Lite2 Direct Link are stateless and therefore do not
persist business messages for recovery or message search. These functions are handled for
the emission flow by either the business application or middleware, and for the reception flow by
Alliance Lite2.

Limitations on use
Any software supplied as part of the Alliance Lite2 application, including any embedded third-party
software, is for use by Alliance Lite2 users only, and must be used to access and use Alliance Lite2
only or other SWIFT services and products as authorised in other applicable documentation.

2.9 Accessing SWIFT Messaging Services

Alliance Lite2 servers
SWIFT operates Alliance Lite2 servers (see Overview of Alliance Lite2 on page 6). These servers
contain a SWIFTNet Interface, which includes a FIN interface also called computer-based terminal
(CBT), an MX InterAct interface or CBT, a FileAct interface and a secure access to SWIFT
WebAccess services on SWIFTNet (through an optional subscription). SWIFT operates these
services to serve Alliance Lite2 customers.
Sending messages and files
SWIFT sends FIN (MT messages), InterAct (MX messages), or FileAct files over SWIFTNet
pursuant to instructions received from the Alliance Lite2 users.
The central infrastructure FIN or MX computer-based terminal or SWIFTNet interface starts
sending these messages or files within minutes of the customer's instruction to send (through the
browser-based screens or AutoClient), and reports on (positive or negative) acknowledgements
returned by SWIFTNet. If applicable to the FIN message, this FIN computer-based terminal also
reports MT 010 non-delivery warnings, MT 011 delivery notifications, MT 012 notifications, and MT
019 abort notifications.
For FIN messages that are sent from the Alliance Lite2 browser-based screens or AutoClient, the
customer can choose the delivery option (that is, N, N2, U1, or U3). For MX messages, the
customer can specify that the normal priority is used to send messages. In all cases, the Alliance
Lite2 interface reports the status of the sent message.
For manually entered messages, the messages should have a Swift completed status within 10
minutes after final approval. Messages sent using AutoClient should appear in the Alliance Lite2
interface within 30 minutes (with a Swift live status), and then have a Swift completed status
within 10 minutes. These time limits are valid if the permitted usage (see "Permitted usage" of
Service Availability on page 27) is not exceeded. If it is not the case, then the customer must
contact SWIFT Support to investigate.
Alliance Lite2 customers can send and receive RMA messages in Live and Test and Training
mode.
SWIFT rejects FileAct files that are sent with parameters (for example, service name) that are not
permitted by the customer's profile.

Receiving messages
SWIFT processes all FIN and MX messages in real-time mode. They are displayed on the browser-
based screens for Alliance Lite2 users, and SWIFT also forwards them to the customer's
AutoClient.

20 March 2020 25
Alliance Lite2 Features and Functions
Service Description

SWIFT gpi unique end-to-end transaction reference (UETR) field

For certain FIN messages, Alliance Lite2 automatically generates a unique end-to-end transaction
reference (UETR) in the MT header. A UETR is a unique end-to-end transaction reference in the
MT header: field 121. This field provides an end-to-end reference across a payment transaction.
For more information, see the Alliance Lite2 User Guide.

SWIFT's responsibilities
SWIFT performs certain verifications on the signature of messages, as set out in the requirements
described in the FIN Service Description.
SWIFT is responsible for the protection and the use of the SWIFTNet PKI certificates of the
Alliance Lite2 users.
SWIFT signs messages and files on behalf of the Alliance Lite2 user with its PKI certificates.
SWIFT keeps and protects customer's data, messages, and files on SWIFT systems as further
detailed in Protection of Customer Information on page 26.

2.10 Protection of Customer Information

Data retrieval
Messages and files sent or received by the Alliance Lite2 user are stored by SWIFT on the Alliance
Lite2 servers, located in the active data centre in the European Union, and are available for
consultation or download by the Alliance Lite2 user. In case of unplanned unavailability (see
Service Availability on page 27) and disaster recovery (see Alliance Lite2 Service Levels on page
49), the above messages and files are stored by SWIFT on the Alliance Lite2 servers located in
Switzerland.
Customers can find more information about the consultation and download of messages from the
Alliance Lite2 servers in Browser-based Screens on page 13, and more information about the
download of files in AutoClient on page 15.
SWIFT may retrieve, use, and disclose traffic or message data from these Alliance Lite2 servers
only in any of the following circumstances:
• when required for the provisioning of Alliance Lite2, as documented in this service description or
other relevant SWIFT contractual documentation
• when permitted by the SWIFT Data Retrieval Policy
This does not affect any retrieval, use, and disclosure of traffic or message data of the Alliance
Lite2 user as part of any other SWIFT services and products accessed through Alliance Lite2 (for
example, FIN or FileAct in a many-to-many environment, in a Member-Administered Closed User
Group or in SCORE), as permitted under the relevant contractual documentation.

Use of data for security monitoring and investigation purposes

In accordance with the SWIFT Data Retrieval Policy and the Distributed Architecture principles,
SWIFT may process and store traffic and message data in order to support SWIFT’s protection
measures and forensic capabilities against cybersecurity threats. SWIFT processes and stores
such data on dedicated security systems and in strict accordance with its security policies and
procedures and may analyse such data in the context of a specific security investigation as part of
its security monitoring and investigation processes.

20 March 2020 26
Alliance Lite2 Features and Functions
Service Description

User space
SWIFT provisions each customer with a user space on the Alliance Lite2 server that can be used
by operators to perform manual file uploads. SWIFT provides this user space as a temporary file
storage. Customers are responsible for removing files from this location after successful file
emission. SWIFT will automatically delete from these individual user spaces the files that have not
been modified during the past 7 days.

2.11 Service Availability

Operational status
SWIFT displays the operational status of the SWIFT services at www.swift.com > mySWIFT >
SWIFT Operational Status.
It is the responsibility to consult any notifications about the operational status of the SWIFT
services.

Planned unavailability
SWIFT plans for specific dates and times when the service, or the SWIFT WebAccess, FIN, FileAct
or SWIFTNet service will be unavailable.
Planned unavailability can be for various events including the following:
• downtime due to scheduled equipment maintenance
• scheduled system or service changes
• business continuity activities
SWIFT performs system changes and maintenance during allowable downtime windows (ADW).
During an allowable downtime window, the Alliance Lite2 may be unavailable either for the whole
duration of the downtime, or only intermittently.
For information about the scheduled downtime, see the Planned maintenance page on swift.com.
SWIFT notifies customers in advance of planned unavailability. SWIFT recommends that
customers subscribe to the products and services notifications to be notified of any maintenance
updates. For more information about the notifications subscription, see the SWIFT Operational
Status page on swift.com (Subscribe to notifications).

Unplanned unavailability
If SWIFT becomes aware of a problem in the Alliance Lite2 service, then SWIFT will initiate any
recovery or fallback operation for which it is responsible and that is necessary to restore the
service.
In the extreme event that the operating centre where Alliance Lite2 is running becomes
unavailable, SWIFT will restore the Alliance Lite2 live services in a standby infrastructure located in
another operating centre. The standby disaster recovery infrastructure then becomes the main
infrastructure.
The standby operating centre is deployed as a cold standby infrastructure. This means that the
standby server infrastructure is ready and configured, and that the configuration data it contains is
identical to the data that was on the primary site at the time of the last data synchronisation.
Customers will need to undertake certain actions to be able to continue using Alliance Lite2. These
actions will be detailed in a disaster recovery guide that will be distributed to customers as and
when required.

20 March 2020 27
Alliance Lite2 Features and Functions
Service Description

The Alliance Lite2 service is available through the Internet. The availability of the Internet network
route between the customer and the Alliance Lite2 servers is not under SWIFT's control. Therefore
SWIFT disclaims any liability for unavailability of the Internet network route. Users seeking service
level guarantees on the connection between their premises and the Alliance Lite2 server should
use SWIFT's VPN with the Alliance Connect products of SWIFT, and use lines from SWIFT's
network partners with guaranteed service levels.
The levels of service that this document specifies assume normal operating conditions. These
include resilient operations during most single-component failure scenarios within the active SWIFT
operating centre where SWIFT runs the Alliance Lite2 service. The Alliance Lite2 service is
designed to handle many anomalous events without impact to the activities of the Alliance Lite2
subscribers and users. However, under certain, very unlikely, disaster scenarios (for example, the
complete unavailability of a SWIFT operating centre, dual failures of similar components), SWIFT
may be unable to meet these levels of service, in whole or in part.

Availability
Outside the allowable downtime windows and the cases of unplanned unavailability as described
above, SWIFT provides the Alliance Lite2 service 24 hours per day, 7 days per week, all year long.

Permitted usage
Alliance Lite2 has been designed to meet the needs of most customers with regards to traffic
volumes, performance, and resilience. Customers with specific requirements that are beyond what
can be considered as standard usage are not permitted to use Alliance Lite2 and are advised to
use an on-premise infrastructure. In case the usage of an existing Alliance Lite2 customer evolves
over time to a point where it is no longer considered as permitted usage, SWIFT reserves the right
to terminate the customer's Alliance Lite2 subscription at any moment.
SWIFT recommends the use of on-premises FIN and SWIFTNet interface solutions for Market
Infrastructures such as central banks and Central Securities Depositories (CSD) that wish to
connect to SWIFT. This connectivity option ensures the highest level of business continuity for
Market Infrastructure customers and the communities they serve. Alliance Lite2 should not be used
by Market Infrastructures to operate their own service to their community (such as an RTGS, or a
SWIFTNet browse service for CSD application). For other types of usage, even though not
recommended, Alliance Lite2 could be offered, on a case by case basis, after acceptance from the
Market Infrastructure of the current Cloud services capabilities in terms of volume, throughput and
latency. Authorisation to use Alliance Lite2 should be granted by SWIFT.
Usage limits : Alliance Lite2 supports the following:
• Daily volume
- FIN: 10,000 messages per day in each direction
- MX: 1,200 messages per day in each direction
- FileAct: 1,200 files per day in each direction
• GUI/browse users
- up to 10 concurrent users
- up to 20 defined users (maximum 20 tokens)
• Throughput
- maximum 2,500 FIN messages per hour
- maximum 300 MX messages per hour
These maximum throughput volumes are achievable only if multiple messages per file are
submitted to the AutoClient by means of back-office message batching.
• Business flows configuration

20 March 2020 28
Alliance Lite2 Features and Functions
Service Description

Alliance Lite2 supports simple and a limited number of business flows configurations.

20 March 2020 29
Alliance Lite2 System Requirements
Service Description

3 System Requirements
Operating systems for use with Alliance Lite2
Alliance Lite2 is qualified to operate with Microsoft Windows. Customers can find details about the
operating system levels and releases in the Alliance Lite2 Administration Guide, the Alliance Lite2
AutoClient User Guide, and the Alliance Lite2 Direct Link User Guide.
Note Alliance Lite2 can be installed and used on a Windows system running under
virtualisation technology. The use of SWIFT's security hardware tokens requires that
the virtualisation technology supports USB ports. Channel certificates do not require
USB support. Given the variety of possible virtualisation technologies, SWIFT refrains
from formally qualifying its software, including Alliance Lite2 AutoClient, on such virtual
environments. Instead, customers should seek assurance and support from the
vendor of the virtualisation technology. SWIFT has not qualified the release under any
virtualisation technology.

Operating systems for use with Alliance Lite2 Direct Link

For system requirements related to Alliance Lite2 Direct Link, see to the Alliance Lite2 Direct Link
User Guide.
Connectivity
Alliance Lite2 requires the following connectivity:
• Customers are strongly recommended to use Alliance Connect VPN boxes from SWIFT.
Customers can also use standard broadband Internet access with minimum 128 kbps (for
example, ADSL). Dial-up connections are not supported.
• HTTPS over TLS 1.2 over standard TCP port 443 for the Alliance Lite2 web interface and for
AutoClient. When using the AutoClient configuration tool to create a channel certificate, TCP
port 49171 must also be open.
The TCP connections are always initiated by the browser or AutoClient, towards the Alliance
Lite2 servers.
The Alliance Lite2 servers never initiate TCP connections towards the customer.
• Alliance Connect VPN boxes when channel certificate is used.
Alliance Lite2 Direct Link requires connection to SWIFT's Virtual Private Network (VPN).
Customers must subscribe to one of SWIFT's Alliance Connect products (Alliance Connect Bronze/
Silver/Silver Plus/Gold) to use the SWIFT VPN, also called the SWIFT Secure IP Network (SIPN).
For connectivity details, refer to the selected Alliance Connect product documentation.

Compatibility with other security tokens

To be able to use the USB security token (SafeNet eToken PRO, SafeNet eToken 5110), Alliance
Lite2 requires the appropriate SafeNet driver. The SafeNet driver installed by Alliance Lite2 can
replace SafeNet drivers or DataKey drivers or Alladin drivers that were already present on the PC.
Customers who still need these previous versions of the drivers must install Alliance Lite2 on a
different PC.
The use of other USB security tokens at the same time as the Alliance Lite2 token can lead to
conflicts. Therefore, SWIFT recommends that users only insert and use the Alliance Lite2 token
and that no other tokens are inserted in USB ports of the same PC.
An SConnect browser add-on is required to connect to the Alliance Lite2 user interface. For more
information about how to install SConnect, see the Alliance Lite2 Administration Guide.

20 March 2020 30
Alliance Lite2 System Requirements
Service Description

Related information
Alliance Lite2 AutoClient User Guide
Alliance Lite2 Direct Link User Guide
Alliance Connect product page

20 March 2020 31
Alliance Lite2 Third-Party Software
Service Description

4 Third-Party Software
The following third-party software is embedded in the Alliance Lite2 AutoClient:
• Oracle Java 2 Standard Edition (J2SE) (Runtime Environment)
• Bouncy Castle Java
SWIFT Integration Layer, the SWIFT integration technology embedded in Alliance Lite2 Direct Link,
embeds certain third-party software, in whole or in part, which is described in the SWIFT
Integration Layer Installation Notice. This Installation Notice is contained within the software
medium.
The customer acknowledges that it may not under any circumstances use any third-party software
(whether specifically identified in this service description or not) embedded as part of SWIFT
Integration Layer for any function other than as an integral part of SWIFT Integration Layer. Any
misuse of such third-party software by the customer may subject the customer to a revocation of
the right to use SWIFT Integration Layer.

20 March 2020 32
Alliance Lite2 Ordering
Service Description

5 Ordering
Order SWIFT services and products
To use SWIFT services and products, a customer must subscribe to, or order, the relevant services
and products.

Related information
For information about SWIFT's online ordering facility and how to order, see www.swift.com >
Ordering & Support > Ordering.

New and existing customers

New customers who order Alliance Lite2 will first be requested to register as a SWIFT customer
before the order is processed. Existing customers who are already connected to SWIFT, can
migrate their existing connection (BIC) to Alliance Lite2, or order Alliance Lite2 as an additional
connection (for an additional BIC).

Export restrictions
Due to export control and other sanctions programmes, Alliance Lite2 may not be supplied or made
available to certain customers. If you have any questions about your particular status regarding the
various sanctions programmes, then contact your regional support centre.

20 March 2020 33
Alliance Lite2 Support and Care Services
Service Description

6 Support and Care Services

6.1 Support
Support for SWIFT customers
By default, SWIFT Support is the single point of contact to report all problems and queries that
relate to SWIFT services and products. SWIFT Community Support is available to all SWIFT
customers.
Individuals within a customer organisation must register on swift.com to use the Support service.
On top of the SWIFT Community Support, customers can purchase the Advanced Support and
Care Services.
SWIFT automatically registers the Alliance Lite2 customer security officers, specified at ordering
time, as users of the Support service. Other users within a customer organisation must register to
get access to the Support service.
Subscription to Alliance Lite2 includes the SWIFT Community Support package.
For more information about the different services that SWIFT offers as part of the SWIFT Advanced
Support and Care Services and the procedure to order support, see Support and Care Services on
swift.com.

SWIFT provides support for SWIFT services and products only. For example, SWIFT does not offer
support for the underlying hardware and software systems (operating system, third-party
messaging middleware) which are used in conjunction with the SWIFT product. In case of
problems or queries that relate to those third-party hardware or software systems, customers must
contact the responsible vendor.

Related information
For more information about Support services, see the Service Description related to the applicable
support package: Support documentation

6.2 Care Alliance Lite2

Alliance Lite2 customers can opt to purchase the Care Alliance Lite2 offering. By default, when
customers contact a SWIFT Support Centre, Care Alliance Lite2 includes the 'Remote Access' and
'Hands-On Assistance' service modules. Customers can purchase additional service modules from
the Advanced Support and Care Services portfolio to include 'Case Reviews and Management
Escalation' and 'days of SWIFT effort' related to maintenance activities. For full details, see the
SWIFT Advanced Support and Care Services Service Description.

20 March 2020 34
Alliance Lite2 SWIFT Training
Service Description

7 SWIFT Training
SWIFT provides training about standards, products, and services to suit different needs. From
tailored training to self-paced e-learning modules on SWIFTSmart, a range of training options are
available for all SWIFT end users.

SWIFTSmart
SWIFTSmart is an interactive, cloud-based training service that offers a large variety of courses for
different levels of knowledge. The courses contain exercises and quizzes and are available in
multiple languages. The SWIFTSmart catalogue provides a list of courses that are organised into
these learning tracks:
• General knowledge
• Work with messages
• Deploy and manage SWIFT software solutions
• Security and audit
• Compliance and shared services
SWIFTSmart is accessible from the desktop or from a mobile device. No installation is required.
It is available to all connected SWIFT end users and registered SWIFT partners with a swift.com
account. For more information, see How to become a swift.com user.

Tailored training
A full range of tailored programmes are available to meet specific training needs. For more
information, visit the Training web page.

20 March 2020 35
Alliance Lite2 Roles and Responsibilities
Service Description

8 Roles and Responsibilities

8.1 SWIFT Integration Layer and Alliance Lite2 Direct

Link Licences
Overview
This section is applicable for SWIFT Integration Layer and Alliance Lite2 Direct Link licences for
Alliance Lite2, Alliance Lite2 for Business Application Provider, and Alliance Lifeline qualified
adapters.

Licence terms
Subject to the applicable licence terms set out from time to time in the SWIFT contractual
documentation, including the SWIFT General Terms and Conditions or any third-party licence terms
which shall be contained in an application installation notice, SWIFT grants the customer a non-
exclusive and non-transferable right to use SWIFT Integration Layer, the integration technology
embedded in Alliance Lite2 Direct Link, as contemplated by this service description and as
permitted under the SWIFT Integration Layer base licence subscribed to by the customer.

SWIFT Integration Layer and Alliance Lite2 Direct Link base licences
Each base license must have an association with one active SWIFT BIC that grants the licensee
the right to use all the low-level connectivity libraries that are part of the product. Optionally,
depending on the type of customer (Alliance Lite2, Alliance Lite2 for Business Application Provider,
or Alliance Lifeline) and the options the customer has purchased, SWIFT grants customers a
licence to use the transformation engine (that is built into the product).
For further information, as well as the latest information about the calculation of the base licence,
customers should contact their SWIFT Account Manager.
The base licence has no limit on the number of users or attached application systems.

Installation options
The SWIFT Integration Layer and Alliance Lite2 Direct Link base licences authorise the customer
to install and run the respective product on all of the following environments:
• one production instance
• one test instance
• one contingency instance, potentially deployed in a different site

Not included in the base licence

The SWIFT Integration Layer and Alliance Lite2 Direct Link base licences do not include a
connection to, or licence for Alliance Lite2 or Alliance Lifeline products.
The customer must subscribe to Alliance Lite2 or Alliance Lifeline separately.

Number of transformations deployed in Alliance Lite2 Direct Link

SWIFT Integration Layer, embedded in Alliance Lite2 Direct Link, allows the customer to define
multiple business message transformations to integrate business applications into FIN, InterAct, or
FileAct messaging services.

20 March 2020 36
Alliance Lite2 Roles and Responsibilities
Service Description

Information about licence bands

For further information, as well as the latest information about the SWIFT Integration Layer licence
bands, customers should contact their SWIFT Account Manager.
Extension of the SWIFT Integration Layer base licence
A customer can extend the SWIFT Integration Layer base licence to include additional production,
test, and contingency systems.
For pricing and other information about the SWIFT Integration Layer base licence extension,
customers should contact their SWIFT Account Manager.

8.2 Users' Responsibilities

8.2.1 Users' Systems

Secure and effective operation
The Alliance Lite2 user must ensure that the confidentiality, integrity, and availability of data, for
instance, traffic, message and configuration data, are maintained at all times on those systems on
which it decides to run the Alliance Lite2 interface or AutoClient.
The Alliance Lite2 user must ensure that only authorised software is installed on those systems on
which it decides to run the Alliance Lite2 interface or AutoClient.
SWIFT is not responsible for any security problems, misuse, or malicious attacks that are due to a
user's insecure systems, inappropriate browsing practices, negligence or fraudulent act of a
security officer or any authorised business users, or any other breach of security by the user.

Internet access
The Alliance Lite2 user is responsible for the availability of the Internet connection and the
resolution of any other problems caused by or arising during the Internet connection to the Alliance
Lite2 server.
In particular, the Alliance Lite2 user must troubleshoot problems related to the user's Internet
connection, or problems with the set-up of the Internet on the user's side.

VPN access
When using a VPN box as ordered from SWIFT, the customer must comply with any guidelines or
instructions in force given by SWIFT regarding the use of the equipment, in particular as detailed in
the VPN Box Terms and Conditions and in the Alliance Connect Service Descriptions.

8.2.2 Channel Certificates

User's responsibility for channel certificates
The Alliance Lite2 user utilising channel certificates (for operational purposes in application-to-
application flows) must be mindful of the relevant security features described in this document, for
example, in Security Features on page 21. In addition, the user must assure that each password is
linked to a single authorised person, that passwords cannot be easily deduced and are not written
down or communicated to unauthorised people, and that the physical environment does not allow
unauthorised people to observe passwords being typed or keyed in. Passwords should be
introduced only following prompting by the Alliance Lite2 application, not any other application.

20 March 2020 37
Alliance Lite2 Roles and Responsibilities
Service Description

Delegation or sub-contracting of rights or obligations

If the customer delegates or sub-contracts to a third party the exercise of its rights or the
performance of its obligations (typically, the use or management of its token, channel certificate
and AutoClient) it does so at its own risk and must ensure that the scope of rights granted to any
such third party does not exceed those contracted with SWIFT. In all cases, the customer that
delegates or sub-contracts to a third party the exercise of its rights or the performance of its
obligations remains fully responsible to SWIFT for the performance and observance by any such
third party of any obligations applicable to the customer.

What the user must do

For channel certificates, the customer's security officer has to set up the related distinguished
name (DN) for recovery as part of the activity to renew such a certificate.

Related information
Security Features on page 21

8.2.3 Tokens and Passwords

User's responsibility for tokens
The Alliance Lite2 user is fully responsible for the security and the use of its tokens. In particular, it
is the sole responsibility of the Alliance Lite2 user to prevent an unauthorised party from using its
token and password to initiate a transaction.
Therefore, the Alliance Lite2 user must take the utmost care to protect its tokens physically from
unauthorised borrowing, loss, and theft. The user must also take all necessary measures to
prevent any unauthorised disclosure of the token's password.
The policy ID for token-based certificates is 1.3.21.6.3.10.100.2.

What the user must do

In particular, the Alliance Lite2 user must ensure to abide by the following non-limitative
safeguards:
• ensure that each USB token is linked to a single, authorised person
• store the tokens in a locked safe when they are not needed
• revoke any unused or lost tokens
• introduce the password of the token only when requested by the Alliance Lite2 application and
not by other applications
• If the customer delegates or sub-contracts to a third party the exercise of its rights or the
performance of its obligations (typically, the use or management of its token), it does so at its
own risk and must ensure that the scope of rights granted to any such third party does not
exceed those contracted with SWIFT. In all cases, the customer that delegates or sub-contracts
to a third party the exercise of its rights or the performance of its obligations remains fully
responsible to SWIFT for the performance and observance by any such third party of any
obligations applicable to the customer.

What the user must not do

The user must never:
• lend the tokens to others
• on the PC running the browser, leave the token inserted in the PC while Alliance Lite2 is not
being used by an authorised person

20 March 2020 38
Alliance Lite2 Roles and Responsibilities
Service Description

• on the PC running AutoClient, leave the token inserted in the PC, unless the PC is in a secured
area, protected from physical and logical (network) access by unauthorised people or
applications
• write down any password or communicate a password to unauthorised people, especially the
password to unlock the token
• use a password that can be deduced easily
• allow anybody to watch over the shoulder of a user who is typing a password

8.2.4 General Security Safeguards

What the user must do
The Alliance Lite2 customers must protect the systems used for Alliance Lite2 in line with industry
security practices, such as:
• Protect the Alliance Lite2 PC from unauthorised physical and network access. The Alliance
Lite2 user must use a firewall to shield that PC from incoming Internet traffic, and from
unauthorised access over the internal network.
The firewall must be both a physical one to protect incoming traffic, and a PC-local one to
ensure that only authorised programs communicate with the outside.
• Install only authorised and required software on the Alliance Lite2 PC.
• Ensure that all software applications that run on the PC are regularly updated and patched. This
includes Windows, the Internet browser, and additional features, called plug-ins like Shockwave,
QuickTime, Real Player, and any others.
• Restrict outgoing traffic from the PC to business-critical sites, as well as to legitimate sites
required for software updates.
• Use up-to-date virus scanners and malware scanners to protect the Alliance Lite2 PC from
malware such as viruses, worms, keyboard loggers, trojans, and rootkits.
• Scan any file sent to or received from AutoClient.
• Ensure that all critical internal flows to or from the AutoClient PC are protected against
disclosure and malicious changes, especially if the AutoClient files are transferred through a
network. To achieve this, customers can use the Local Authentication (LAU) option on
AutoClient. Customers can find more information about this option in Security Features on page
21.
The customer must ensure that its end users are following secure browsing practices, such as:
• Reserve certain PCs to access sites of the same criticality as Alliance Lite2 and only access
those sites from those PCs.
• Always restart the browser instance before and after accessing the Alliance Lite2 site.
• Verify the Alliance Lite2 server's SSL certificate authenticity at each login to the Alliance Lite2,
as described in Log in to Alliance Lite2 of the Alliance Lite2 User Guide.
• Be suspicious of e-mails that appear to come from SWIFT, and never provide the token or
channel certificate password if asked. SWIFT never asks for a token or channel certificate
password in an e-mail.
The Alliance Lite2 customers must implement the following management principles to alleviate the
risks to its system:
• Establish user management practices to ensure that only authorised users are created and
remain on the system.

20 March 2020 39
Alliance Lite2 Roles and Responsibilities
Service Description

Because users change roles or leave the company, the customer must maintain an accurate
and up-to-date list of authorised users.
• Establish entitlement management practices to ensure that customers are granted access to
Alliance Lite2 functions only on a need-to-know or need-to-have basis.
As an example, use this capability to whitelist bank accounts, and to set a limit on the maximum
amount per transaction or per day.
• Use the dual approval features provided by Alliance Lite2 (see 4-eyes principle on page 23),
ideally from two different PCs.
• Configure the application in such a way that the transactions from AutoClient must be manually
approved before they are released to SWIFT.
• Ensure that only the person with the required permission has physical and logical access to the
Alliance Lite2 PC, to the AutoClient PC, and to the backups.
• Reconcile daily traffic, to detect mismatches between authorised and actual traffic, both sent or
received.

What the user must not do

• The user must not run AutoClient, or the browser on the PC where Alliance Lite2 is used, from a
privileged Windows account, that is, an account with Windows administrator rights.
• The user must not browse to internet sites that it believes may be unsafe, from the same PC on
which it accesses Alliance Lite2.
• The user must not click links in e-mails that appear to come from SWIFT or anyone else, even if
the link seems perfectly valid from a business perspective.
Such phishing attacks may lead to a rogue site that can steal information or infect the PC.
If the user can confirm a business need for visiting the site, then the user should re-type the link
within the browser as it was visible in the e-mail.
• The user must not browse any other site at the same time as it accesses Alliance Lite2.
• The user must not accept a pop-up that asks to download and install executable software.
• The user must not delegate all the administrator roles to a single person who can then use the
two different USB tokens.
• The user must not assign administrator and message-approval roles to a single individual.

Customer Security Programme

Alliance Lite2 comes with a set of features and functions designed to help customers to deploy and
use it in accordance with the customer security controls set out in the SWIFT Customer Security
Controls Framework - Detailed Description. Nothing in the features and functions of Alliance Lite2
shall be construed or interpreted as SWIFT taking or accepting any responsibility or liability for
customers' roles and responsibilities as set out elsewhere in the SWIFT contractual documentation,
including but not limited to the obligation for each customer to duly protect and secure its SWIFT-
related infrastructure and local environment.

8.2.5 Other Responsibilities of Alliance Lite2 Users

Overview
Subject to applicable eligibility criteria, usage rights, and other conditions, Alliance Lite2 permits
users to exchange messages or files over SWIFTNet using FIN (MT), InterAct (MX), or FileAct.
Users can also access browse services over SWIFTNet, in a many-to-many environment, in a
Market infrastructure and a Member-Administered Closed User Group (CUG), or in SCORE.

20 March 2020 40
Alliance Lite2 Roles and Responsibilities
Service Description

Specific obligations and responsibilities apply to customers of these services, as set out in the
relevant service description and other related SWIFT contractual documentation.
For the latest available versions of the relevant service descriptions and other SWIFT contractual
documentation, see Knowledge Centre (User Handbook).
Unless performed by SWIFT as an integral part of the Alliance Lite2 release or not relevant in the
context of the Alliance Lite2 release, Alliance Lite2 customers must also abide by these obligations
and responsibilities when using the following services.

General operational tasks

In addition to the specific user responsibilities mentioned below, Alliance Lite2 customers must:
• ensure that the Alliance Lite2 security officers manage the RBAC roles for browse users to use
browse services through Alliance Lite2
• take measures to identify the emission or reception of duplicate messages. As per the FIN
Service Description, these measures can include detection of Possible Duplicate Message or
Possible Duplicate Emission trailers, or other means of identifying duplicate messages (for
example, end-of-day reconciliation, message ID identification).

FIN
The Alliance Lite2 customers accessing FIN must in particular:
• use the appropriate SWIFT Standards. Customers can find more information about the use of
FIN message standards in the FIN Service Description.
• take all necessary steps to receive all messages queued to them during local working hours,
and before the applicable cut-off time. SWIFT reserves the right, in exceptional circumstances,
to delay the cut-off time.
• never ignore the receipt of a message. A customer that receives a message from another
customer cannot just reject or ignore the message. The receiving customer must either process
the message or promptly revert to the sender.
Customers can find more information about their obligations and responsibilities regarding the
receipt of FIN messages in the FIN Service Description.

InterAct MX
Alliance Lite2 users receiving InterAct MX messages must:
• take all necessary steps to receive all messages queued to them
• never ignore the receipt of a message
InterAct MX messages can be sent and received by Alliance Lite2 over InterAct in store-and-
forward or in real-time mode. Customers can find more information about InterAct in the SWIFTNet
Service Description.
FileAct
Alliance Lite2 users using FileAct in a many-to-many environment must accept having their
participation published in the generic Directories Over FileAct Implementation Guidelines, part of
the SWIFTNet Services Directory (restricted area). These users must also adhere to the policies
and other customer responsibilities in the SWIFTNet Messaging Operations Guide.

Market infrastructure and Member-Administered Closed User Group

Alliance Lite2 users participating to a market infrastructure must verify with the Market
Infrastructure service administrator that they are allowed to connect to this market infrastructure
through Alliance Lite2. Furthermore, Alliance Lite2 users participating in a market infrastructure or
Member-Administered Closed User Group acknowledge and agree that the market infrastructure or

20 March 2020 41
Alliance Lite2 Roles and Responsibilities
Service Description

Member-Administered Closed User Group service administrator must approve their participation.
Also the market infrastructure or Member-Administered Closed User Group service administrator
may at all times request SWIFT to withdraw them from the market infrastructure or Member-
Administered Closed User Group. These users must also adhere to the service parameters and
any operational rules that the market infrastructure or Member-Administered Closed User Group
service administrator defines from time to time in respect of the use of SWIFT services and
products in their market infrastructure or Member-Administered Closed User Group.

Information consultation or download from the central infrastructure

It is the sole responsibility of the Alliance Lite2 customer to consult or download all necessary
information from the Alliance Lite2 central infrastructure within the relevant period of time.
Customers can find more information about the consultation or download of messages or files from
the Alliance Lite2 servers in Browser-based Screens on page 13 and AutoClient on page 15.

Distinguished Names (DNs) and certificates for personal tokens

For the personal tokens, the customer can create Distinguished Names (DNs) anywhere in the
customer's 8-character BIC DN tree, and assign a certificate of type Personal (policy ID
1.3.21.6.3.10.200.2) to them. This certificate will be generated and placed on the customer's
personal token when the token is activated through the SWIFT Certificate Centre.
SWIFT can automatically create one or more DNs starting with cn=%n (where n is a number
between 1 or 01 and 99) under such a personal token DN. Each of these sub-DNs will
automatically be associated with a SWIFTNet PKI certificate, which will be stored in the SWIFT
OPC-based HSMs for the purpose of signing browse traffic initiated by that token.
The customer can create and manage (revoke, set up for recovery, disable, and so on) a personal
token's certificate of type Personal (policy ID 1.3.21.6.3.10.200.2). The customer is not allowed to
create or manage any sub-DNs or certificates under personal token DNs.

Other Distinguished Names (DNs) and certificates

Some DNs and related certificates are reserved by SWIFT. For more information, see the Alliance
Lite2 Administration Guide.

20 March 2020 42
Alliance Lite2 Contractual Framework
Service Description

9 Contractual Framework
SWIFT General Terms and Conditions
Together with this service description, the SWIFT General Terms and Conditions govern the
provision and the use of Alliance Lite2, except otherwise provided in the Liability section with
respect to SWIFT liability. Such section on liability shall prevail in the case of conflict or
inconsistency with the SWIFT General Terms and Conditions.
For the latest available version of the SWIFT General Terms and Conditions, see www.swift.com >
About Us > Legal > Terms & Conditions.

Liability
However, SWIFT's liability for the provision and the use of Alliance Lite2 to any and all Alliance
Lite2 users shall together not exceed, in respect of any and all claims notified to SWIFT in each
calendar year, an aggregate maximum of one million euro per calendar year.
This specific limit of SWIFT's liability does not apply to any liability for death or personal injury, or in
respect of claims relating to physical damage or loss of the user's tangible property. Any limit to any
such liability of SWIFT will be assessed according to the SWIFT General Terms and Conditions
only.
The SWIFT General Terms and Conditions also apply to the provision and the use of SWIFTNet
PKI.

Hardware security tokens

The provision and the use of the tokens are governed by the HSM Tokens and Cards Terms and
Conditions.

SWIFTRef Products
The provision and use of the SWIFTRef Products are governed by the SWIFTRef Products Terms
and Conditions.

SWIFT services and products accessed through Alliance Lite2

The SWIFT General Terms and Conditions also govern the provision and the use of other SWIFT
services and products accessed by users through Alliance Lite2 - for instance FIN and FileAct in a
many-to-many environment; in a Market infrastructure and Member-Administered Closed User
Group. It also governs the provisioning and use of other SWIFT services and products accessed by
users through Alliance Lite2 Standardised Corporate Environment (SCORE), and Relationship
Management Application (RMA).
Subject to the Alliance Lite2 customer complying with all obligations applicable to it, SWIFT
accepts liability for the provision or the use of the SWIFT services and products accessed through
Alliance Lite2 according to the SWIFT General Terms and Conditions or any other contractual
documentation identified in a separate subscription form.

Services related to Alliance Lite2

The set-up services that customers must order together with Alliance Lite2 are subject to a
separate Services Proposal which will be governed by the related SWIFT Services Terms and
Conditions (available at Legal page on www.swift.com).
Configuration changes are support services governed by the SWIFT General Terms and
Conditions. In some cases specified in this service description these support services will require a
separate order form and a related service proposal.

20 March 2020 43
Alliance Lite2 Contractual Framework
Service Description

Should SWIFT provide professional services related to Alliance Lite2 Direct Link, SWIFT's
obligations and responsibilities will be governed by the applicable service proposal and the related
SWIFT Services Terms and Conditions.

Customer testing
Customers must not conduct any performance or vulnerability tests on or through SWIFT services
and products unless expressly permitted in the SWIFT Customer Testing Policy. If customers
believe they have identified a potential performance or vulnerability threat, they must immediately
inform SWIFT thereof and treat all related information, data or materials as SWIFT confidential
information.

20 March 2020 44
Alliance Lite2 List of Available Configuration Changes
Service Description

Appendix A List of Available Configuration Changes

A.1 Standard Configuration Changes

Customers can order the following standard configuration changes, one by one, as payable
changes:

Configuration change Description Reference

Add one unit for manual message By default, BIC8_Unit is Alliance Lite2 User Guide
processing. assigned to all messages (Message Creation section)
manually created or processed,
and all operators are assigned to
this BIC8_Unit. Additional units
can be created for manual
message processing to
segregate the messages
displayed to the operators.

Add or change one operator profile. Additional operator profiles can The list of default operator
be defined to customise the profiles is available in the
applications and the activities Alliance Lite2 Administration
that the operators can perform. Guide (Default Operator Profiles
section).

Add one unpublished BIC. An unpublished BIC is, by

default, not included in the
Alliance Lite2 BIC Directory.
Adding an unpublished BIC in
Alliance Lite2 will make it visible
to all Alliance Lite2 users.

Generate a PDF automatically for all This configuration enables the Alliance Lite2 AutoClient User
the messages that are sent and/or customer to print, in PDF format, Guide (Additional Configurations
received through AutoClient. all the messages that are sent section)
and/or received for a customer
BIC in AutoClient. These
messages are stored in a PDF
folder in the reception directory
of AutoClient.

Change the FIN message default By default, the received FIN Alliance Lite2 AutoClient User
output format from RJE to XMLv2. message files are available in Guide (Message File Preparation
RJE format. On request, SWIFT section)
can change the default output
format to XMLv2 per customer.

Change the InterAct message output By default, the received InterAct Alliance Lite2 AutoClient User
format to XMLv2 rev7 message output format is XMLv2 Guide (XMLv2 Format used by
rev3. On request, SWIFT can Alliance Lite2)
change the default output format
to XMLv2 rev7 per customer.

20 March 2020 45
Alliance Lite2 List of Available Configuration Changes
Service Description

Configuration change Description Reference

Change the message flow so that all By default, files and messages Alliance Lite2 AutoClient User
messages sent to SWIFT through that are submitted through Guide (Successful Upload
AutoClient require authorisation. AutoClient to the Alliance Lite2 section)
server do not require
authorisation and are sent
directly to SWIFT. This message
flow can be changed to force
manual authorisation before
sending to SWIFT.

Change the message flow so that the By default, the ACKs of Alliance Lite2 User Guide
ACKs of all messages created messages created manually are (Management of Messages
manually are routed to the AutoClient automatically completed. This section)
directory. message flow can be changed to
have all the ACKs routed to the
AutoClient directory.

Segregate one received message flow By default, all received Alliance Lite2 AutoClient User
into its own, separate subdirectory (for messages are sent to the Guide (Reception Directory
example, based on MT, correspondent, AutoClient Reception directory. section)
request type). This message flow can be
updated to have part of it (for
example, based on a message
type or correspondent) routed to
a new and separate AutoClient
subdirectory.

Segregate the message flow to By default, all received Alliance Lite2 AutoClient User
separate subdirectories based on the messages are sent to the Guide (Reception Directory
traffic type (for example, FIN, FileAct). AutoClient Reception directory. section)
This message flow can be
updated to route messages of
different types (for example, FIN,
FileAct) to new and distinct
AutoClient subdirectories.

A.2 Specific Configuration Changes

Customers can order the following specific configuration changes, one by one, as payable
changes:

Configuration change Description Reference

Add one BIC11. BIC11s are, by default, not Knowledge base tip 5017673
defined as internal
correspondents in Alliance Lite2.
SWIFT can change the customer
BIC11 definition to allow
message sending from that
BIC11.

20 March 2020 46
Alliance Lite2 List of Available Configuration Changes
Service Description

Configuration change Description Reference

Change the message flow so that a By default, files and messages Alliance Lite2 AutoClient User
subset of messages sent to SWIFT that are submitted through Guide (Successful Upload
through AutoClient require verification AutoClient to the Alliance Lite2 section)
or authorisation. server do not require verification
or authorisation, and are sent
directly to SWIFT. This message
flow can be changed to force
manual verification or
authorisation of a subset of
messages before sending to
SWIFT.

Change the message flow so that a By default, the AutoClient Alliance Lite2 User Guide
copy of all messages (including ACKs Archive directory only contains (Management of Messages
and manually created messages) is the messages processed section)
sent to the AutoClient Archive through AutoClient. This
directory. message flow can be changed to
have a copy of all messages,
including ACKs and manually
created messages, sent to the
AutoClient Archive directory.

Change the message flow so that the By default, the ACKs of Alliance Lite2 User Guide
ACKs (FIN, FileAct) are routed to a messages sent to the Alliance (Management of Messages
separate AutoClient subdirectory. Lite2 server through AutoClient section)
are sent to the AutoClient
Reception directory. This
message flow can be changed to
have those ACKs routed to a
separate AutoClient
subdirectory.

Change the message flow so that the By default, the delivery Alliance Lite2 User Guide
delivery notifications (FIN, FileAct) are notifications of messages sent to (Management of Messages
routed to a separate AutoClient the Alliance Lite2 server through section)
subdirectory. AutoClient are sent to the
AutoClient Reception directory.
This message flow can be
changed to have those delivery
notifications routed to a separate
AutoClient subdirectory.

Change the unit assignment of By default, messages are Alliance Lite2 User Guide
messages during message processing. processed and routed without (Management of Messages
changing their unit assignment. section)
This message flow can be
changed to have the unit
assignment modified while
processing the messages.

20 March 2020 47
Alliance Lite2 List of Available Configuration Changes
Service Description

Configuration change Description Reference

Change network configuration to By default, customers who are Knowledge base tip 5018026
disable internet access, for customers using an Alliance Connect
connecting through Alliance Connect. connectivity pack to connect to
Alliance Lite2 can also connect
to Alliance Lite2 through the
internet. SWIFT can change the
access configuration to disable
the internet access for such
customers.

Import FIN message templates created By default, there are no Alliance Lite2 User Guide (Use
in Alliance Access or created in an message templates defined in Message Templates section)
Alliance Lite2 test environment. Alliance Lite2. Customers can
create their own message
templates. It is also possible to
request SWIFT to import into
Alliance Lite2 message
templates previously created in
Alliance Access or in an Alliance
Lite2 test environment.

Import MX message templates, By default, there are no Alliance Lite2 User Guide (Use
created in Alliance Access or in an message templates defined in Message Templates section)
Alliance Lite2 test environment. Alliance Lite2. Customers can
create their own message
templates. It is also possible to
request SWIFT to import into
Alliance Lite2 message
templates previously created in
Alliance Access or in an Alliance
Lite2 test environment.

Note The following requests are part of the Community Support service provided to all
Alliance Lite2 customers:
• Request to switch FIN LTs into future mode testing
This allows customers to start testing a new SWIFT Standards Release before Live
availability. Requests for future mode testing do not require a SWIFT maintenance
window. When the tests are completed, the customer must explicitely request
SWIFT to set the mode back to the original value.
For more information, see Knowledge Base tip 5019985.
• Request to create additional Alliance Lite2 LSOs and RSOs
By default, Alliance Lite2 is configured with one left security officer (LSO) and one
right security officer (RSO). Customers can create additional LSOs and RSOs, but
this requires the intervention of SWIFT.

20 March 2020 48
Alliance Lite2 Alliance Lite2 Service Levels
Service Description

Appendix B Alliance Lite2 Service Levels

As per the SWIFT General Terms and Conditions, SWIFT provides SWIFT services and products
and complies with any applicable service levels in all material respects as set out in the relevant
service description. This Appendix summarises the key service levels applicable to Alliance Lite2
and refers to additional service descriptions which describe other applicable service levels.

Service availability objective

Outside the allowable downtime windows (ADW) and in the cases of unplanned unavailability as
described in Service Availability on page 27, the monthly Alliance Lite2 weighted service availability
is targeted at 99.9%.
Availability is defined as the percentage of time during which Alliance Lite2 is available to Alliance
Lite2 users. The availability calculation is weighted to give a single overall availability percentage
that reflects the impact of outages affecting only parts of the user base.

Service availability reporting to customers upon request

Alliance Lite2 customers can request to receive a copy of the Alliance Lite2 service availability
report by contacting SWIFT Support. The Alliance Lite2 service availability report is updated on a
monthly basis and reports on the year-to-date Alliance Lite2 weighted availability.
Service resilience
The Alliance Lite2 infrastructure consists of a set of hosts and related infrastructure that provide for
resilient operations during most single-component failure scenarios within the active SWIFT
operating centre where SWIFT runs the Alliance Lite2 service. The Alliance Lite2 service is
designed to handle many anomalous events without impacting the activities of the Alliance Lite2
customers

Recovery Time Objective

Recovery Time Objective is defined as the maximum amount of time required to restore the
Alliance Lite2 service in another operating centre when the service becomes unusable in one site.
The Recovery Time Objective is set to 8 hours.
If SWIFT is not able to meet this Recovery Time Objective, SWIFT will inform customers about the
additional time required to recover the service. Customers agree that SWIFT's only responsibility is
to inform them of such additional recovery time, and that such information will be their sole remedy
in such circumstances.

Change management procedures

The change management procedures on the Alliance Lite2 infrastructure are in line with the
change management procedures applied for FIN and SWIFTNet. For more information about these
procedures, see section Change Management of the ISAE_3000 Report (report available upon
request).
For customer configuration changes, see Payable Configuration Changes on page 11.

Notification and reporting of incidents to customers

See Monitoring and Alerting in the SWIFT Advanced Support and Care Services Service
Description.

SWIFT actions following failure

In the unlikely event of a failure that would affect the Alliance Lite2 service availability, SWIFT will
take the necessary measures to minimise the service downtime. SWIFT will take all appropriate

20 March 2020 49
Alliance Lite2 Alliance Lite2 Service Levels
Service Description

actions depending on the nature of the failure. If required, SWIFT will declare an incident, with
potential notification to the SWIFT Command Centre.

Disaster recovery procedures

In the extreme event that the operating centre where Alliance Lite2 is running becomes
unavailable, SWIFT will restore the Alliance Lite2 live services in a standby infrastructure located in
another operating centre. The standby disaster recovery infrastructure then becomes the main
infrastructure.
The standby operating centre is deployed as a cold standby infrastructure. This means that the
standby server infrastructure is ready and configured, and that the configuration data it contains is
identical to the data that was on the primary site at the time of the last data synchronisation, which
occurs every week after the live allowable downtime window (ADW).
Customers will automatically reconnect to the other operating centre as soon as it becomes
operational. Customers will have to review and update their configuration data, to cover the period
of time between the last configuration data synchronisation and the activation of the other operating
centre.
For more information about service availability and disaster recovery, see Service Availability on
page 27.
SWIFT has implemented monitoring processes to test the availability of the standby site and its
readiness to take over.

Service continuity exercise

SWIFT does not need to involve Alliance Lite2 customers in service continuity tests for the Alliance
Lite2 infrastructure because service continuity is provided by the active monitoring tools that are
permanently checking the availability of the automated and manual flows. For automated flows, the
monitoring tools are testing the sending and receiving of messages through AutoClient. The GUI
availability is tested by simulating a user's activity. Additionally, the standby site infrastructure
replicates the infrastructure of the primary site.

Response time to customers requests

See Call and Problem Management in the SWIFT Community Support Service Description.

20 March 2020 50
Alliance Lite2 Legal Notices
Service Description

Legal Notices
Copyright
SWIFT © 2020. All rights reserved.

Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.

Translations
The English version of SWIFT documentation is the only official and binding version.

Trademarks
SWIFT is the trade name of S.W.I.F.T. SC. The following are registered trademarks of SWIFT:
3SKey, Innotribe, MyStandards, Sibos, SWIFT, SWIFTNet, SWIFT Institute, the Standards Forum
logo, the SWIFT logo and UETR. Other product, service, or company names in this publication are
trade names, trademarks, or registered trademarks of their respective owners.

20 March 2020 51