RMA Portal Presentaion

SWIFT

RMA Portal

Relationship Management Application

Present By SWIFT_Team

Let's Start

What we will cover ..

SWIFT

• Overview About RMA service and RMA Portal
• Comparison between Alliance RMA and RMA Portal models.
• Central RMA management filtering and Local filtering use cases.
• Readiness for RMA Portal & Migration
• RMA Featurs
• FAQ

Overview About RMA

SWIFT

• What's RMA service and the need for it?
• How it works?
• What's RMA manager tasks?
• RMA Exchanging.

What's RMA service and the need for it?

SWIFT

• A service provided by SWIFT to their vendors.

• currently exist locally through the alliance access.'s messing interface.
• Stop unwanted traffic before it leaves the sender

How it works?

SWIFT

• When Institutions subscribe to the service , SWIFT creates SWIFTNet queues to store and forword messsages to recipients .

• Send RMA authorisations to BICs you want to receive traffic from.

RMA Exchanging

SWIFT

• RMA Software manage a local data store contains all authoristaions.
• Autorisation to send, recieve or both (Bilateral).

What's RMA manager tasks

SWIFT

1. Exchange RMA authorisations.
2. Reject and delete RMA authorisations.
3. Revoke RMA authorisations.

Addtional concepts

• Bootstrap RMA.
• Sparring Partner.
• Best Practices.

Management from RMA to RMA Portal

SWIFT

• RMA portal is a central application managed by Swift,which centrally records and enforces pre-agreed relationships between correspondents.

• It enables institutions to view, create, store, manage, and enforce pre-agreed relationships with their correspondents.

• The portal will gradually replace the existing Relationship Management Application(RMA) solution used by customers on their local interface.

• The portal offers :

- Secure user identification(personal certificate,role seperation). - Separation of live and test services. **RMA portal does not make a change to the RMA filters themselves, it only improves the way the filters are updated and kept synchronised.

Comparison between Alliance RMA and RMA Portal Models:

SWIFT

Current RMA management Model Vs Centralized RMA management Model: RMA management model (present):

• Current Relationship management is done locally based on distributed data sets.
• Local authorization records are synchronized by bilateral message exchange.

Comparison between Alliance RMA and RMA Portal Models:

SWIFT

Current RMA management Model Vs Centralized RMA management Model:Centralized RMA management Model:

• RMA will evolve from a distributed to a centralized database model. Central RMA management is based on a primary database maintained by SWIFT.

SWIFT

Discussion: Why Centralized RMA management Model is more efficiant ?

Central RMA management (Portal) filtering and Local filtering use cases.

SWIFT

Local filtering is disabled and authorization to send exists centrally: RMA authorization to send exists centrally and local filtering is off will result in central RMA check OK and message will be ACKED by SWIFT Network.

Central RMA management (Portal) filtering and Local filtering use cases.

SWIFT

Local filtering is disabled and authorization to receive exists centrally: When local filtering is disabled and a valid authorization to receive exists centrally the result of the central RMA check is “OK” and message will be received.

Central RMA management (Portal) filtering and Local filtering use cases.

SWIFT

Local filtering is enabled and authorization to send exists centrally: When RMA authorization to send exists locally and centrally and RMA filtering is set to input or input/output the result of local and central checks OK and Message is “ACKed” by SWIFT network.

Central RMA management (Portal) filtering and Local filtering use cases.

SWIFT

Local filtering is Disabled and RMA authorization to send is revoked, rejected or expired centrally:authorization to send RMA is revoked, rejected or expired centrally but exists locally and local filtering is set to none will result in central RMA check fails and message will be “NACKed”.

Central RMA management (Portal) filtering and Local filtering use cases.

SWIFT

Local filtering is enabled and RMA authorization to send exists centrally: When an authorization to send exists centrally but not locally and local RMA filtering is set to input or input/output the result of local RMA check will fail and message will not be forwarded to swift network.

Central RMA management (Portal) filtering and Local filtering use cases.

SWIFT

Local filtering is enabled and RMA authorization to receive exists centrally: When local filtering set to output or input/output and authorization to receive is valid centrally but not locally the result of receiver local check fails.

SWIFT

The Buttom line !!!

If we decide to keep local filtering running we MUST import Authorization files either automatically using fileAct service or manually on regular basis to avoid RMA errors.

SWIFT

Readiness for RMA Portal & Migration

1. RMA Portal Granted

SWIFT

• As of April 2022, all connected BICs were granted automatic access to the Relationship Management Portal and distribution service.

• If a BIC wants to delegate its RMA management to another BIC within its hierarchy, then they must complete and submit the “RMA Portal Delegation form”.

2. Environment Setup

SWIFT

• System Requirements: 512 Kbit of available bandwidth is needed for adequate use of the RMA Portal.

• The supported browsers are: Microsoft Edge, Google Chrome, Mozilla Firefox

• Personal Token for connectivity

SWIFT

Configuration for Users of Token-Based Certificates

1. Evaluate the number of tokens required for your institution, before order.
2. Install the token software.
3. Create and register personal token users for each end user requiring access to the RMA Portal.
4. Assign the appropriate RBAC role(s) to the appropriate end users
5. Activate the personal token through the Swift Certificate Centre.
6. Do the following to configure the end user's browser:
1. Configure security settings.
2. Add trusted sites.
3. Install SConnect.
7. Access the Relationship Management Portal using the test or live URLs.

3. Configure Certificates with RBAC Roles

SWIFT

• RBAC enables an institution to control access of its individuals and applications to a specific services.

• RMA RBAC roles:
• RMA Viewer: can search and view relationships.
• Administrator: can set up and manage distribution files subdcriptions and can run reports
• Admin 4 eyes RMA
• Operator: issues and maintains relationships in the portal.
• Operator 4 eyes
• Operator Approver
• Operator Bulk

Configure Certificates with RBAC Roles

SWIFT

• All entities that connect to SWIFT obtain SWIFTNet certificates from the SWIFTNet Certification Authority.

• The SwiftNet PKI certificates used by users of the Portal must be configured with the correct RBAC roles assigned to the Distinguished Name (DN) of the user.
• The certificates must be stored on an HSM box or on a personal token.

RBAC Roles

SWIFT

• One team with one or more RMA operators .
• All operators have only the operator role.
• No 4 eyes enforced.

RBAC Roles

SWIFT

• One team with two or more operators.

• All operators need 4-eyes approval for RMA actions.

• 4 eyes enforced.

RBAC Roles

SWIFT

• All operators can request changes.

• The supervisor operator (with operatorapprover role) must validate and approve to enable theauthorisation.

RBAC Roles

SWIFT

• All operators can request changes.

• The supervisor operator (withoperator role only) must validate and approve to enable theauthorisation.

4. Connect to the RMA Portal

SWIFT

Pilot: (https://rma-portal-pilot.browse.swiftnet.sipn.swift.com)

Live: (https://rma-portal.browse.swiftnet.sipn.swift.com)

5. Validate centrally stored authorizations

SWIFT

• Centrally stored FIN authorisations will be used as the basis for the FINplus bootstrap.

• This is a required step that is highly recommend before distributing the central records or turning off local RMA validation.

• Reports from the portal can be compared with reports from the local RMA database.

Reference: Central RMA Validation Guidelines (for users who manage Relationship Management authorisations)

SWIFT

6. Review the bootstrapped records in the RMA Portal

• The bootstrap process introduces message equivalence between FIN and FINplus relationships, which will be stored in the Relationship Management Portal.

• Customers are fully responsible for validating the result of the bootstrap exercise.
• Customers can review them using a portal report and compare their FIN and FINplus authorisations to ensure that they are aligned.

• Customers who use local RMA can download the records as a single distribution file in their local RMA interface and do the comparison.

SWIFT

7. Extract the distribution file from the RMA Portal

• Distribution files can be created manually using the RMA Portal, downloaded locally, then imported into the messaging interface.

• You can set up automated distribution through FileAct. It will distribute the changed authorisations to a store-and-forward queue.

• Extract only records for the swift.finplus service.

8. Import bootstrapped FINplus relationships into your RMA interface and distribute to your messaging interfaces.

SWIFT

• Take a database back-up before importing distribution file to retain the FINplus record history.
• Importing an RMA distribution file will remove the history for these records. Therefore import only the bootstrapped FINplus records.

Reference: RMA Service Operations Guide

9. Activate central RMA Management for pilot and live services

SWIFT

• Activation is done directly in the RMA Portal

• Swift will no longer support customers' local RMA interfaces after 30 March 2024.

• Activation means the following:
• You accept central authorisations as your main RMA database.
• Swift will reject locally issued RMA updates.

Summary: RMA Portal Readiness

SWIFT

1. All connected BICs were granted automatic access to the Relationship Management Portal.
2. Environment Set up.
1. Meet System Requirements.
2. Configure certificates with RBAC roles.
3. Connect to the RMA Portal using:
1. Pilot: (https://rma-portal-pilot.browse.swiftnet.sipn.swift.com)
2. Live: (https://rma-portal.browse.swiftnet.sipn.swift.com)
4. Validate centrally stored authorizations.
5. Review the bootstrapped records in the RMA Portal
6. Extract the distribution file from the RMA Portal
7. Import bootstrapped FINplus relationships into your RMA interface and distribute to your messaging interfaces.
8. Activate central RMA Management for pilot and live services. (optional until March 30, 2024).

RMA Portal

SWIFT

FAQ

SWIFT

Communicate with correspondents

SWIFT

Communicate with correspondents

SWIFT

Communicate with correspondents

SWIFT

Manage Authorisations to receive traffic

SWIFT

Manage Authorisations to receive traffic

SWIFT

Mange Authorisations to receive traffic

SWIFT

Mange Authorisations to send traffic

SWIFT

Manage Authorisations to send traffic

SWIFT

Mange Authorisations to send traffic

SWIFT

FAQ

SWIFT

FAQ

SWIFT

FAQ

SWIFT

FAQ

SWIFT

Demo

SWIFT

Demo

SWIFT

Demo

SWIFT

Demo

SWIFT

FAQ

SWIFT

Do we need to disable the local RMA database after migration to RMA Portal?

FAQ

SWIFT

Can an operator have all the RBAC roles at th same time?

FAQ

SWIFT

In the Relationship Management Portal Getting Started, the supported browsers are listed as Chrome and Firefox. Does this mean that Edge is not supported?

FAQ

SWIFT

Will it be possible to exchange equivalent of Query&Answer using the RMA Portal?

FAQ

SWIFT

After all the RMAs are migrated to the portal how alliance access know that we send a message to a BIC that we have an RMA with ?

FAQ

SWIFT

When Alliance Access imports a full RMA file, it basically deletes the full RMA stored and creates new records. There may be a small risk because messages could be in transit hence some could fail validation.

SWIFT