How the misuse of SWIFT MT 202 is fuelling financial crime

Keith Furst, Founder of Data Derivatives, discusses how originating banks can intentionally or unintentionally be misusing the MT 202 SWIFT message type. In this guest post, he discusses the risk this scenario poses to financial institutions and their anti-money laundering / counter-terrorist financing (AML / CTF) programs.

 Catalyst for reform

The September 11, 2001 terrorist attacks on the United States could be one of the most redefining moments of the 21st century as the chain of events which followed still has a significant impact on our daily lives today. Airplane hijackings are not a new phenomenon as the first one recorded occurred on February 21, 1931 in Arequipa, Peru. Since 1931 there have been dozens of hijackings across the globe, therefore some would argue that there was a tremendous security gap in the airline industry which could have been addressed prior to 9/11. Implementing the type of airport security we have today may have been perceived as cost prohibitive prior to 9/11, yet who would have ever thought that someone would be capable of using a passenger plane as a missile? While crashing planes as a means of destruction is not a new concept, as this was done by the Japanese Kamikaze in World War II, it seems that our moral integrity could not conceive of using a passenger plane with innocent civilians on it to attack another civilian site.

MT 202 background

The banking industry reacted to the 9/11 terrorist attacks in many ways, but one was addressing the transparency concerns of *MT 202 message type as described by the Basel Committee on Banking Supervision in the paper “Due diligence and transparency regarding cover payment messages related to cross-border wire transfers” which was published in May of 2009. 

Cross-border wire transfers usually involve several different financial institutions located in different jurisdictions. The SWIFT MT 202 was used to facilitate both customer credit and interbank transfers historically. In an effort to decrease processing time an originating bank could send a MT 202 message to an intermediary bank and send the MT 103 (customer credit transfer) directly to the beneficiary bank. However, this practice would conceal the true originator and beneficiary of the message from the intermediary bank because the MT 202 does not have the originator and beneficiary fields. The risk to the intermediary bank included, but was not limited to the following:

  1. Sanctions screening on the originator and beneficiary would not be performed.

  2. The originating bank could be in a jurisdiction with different sanction watch lists and the technical capabilities of each bank’s sanction screening program could vary.

  3. Suspicious activity monitoring on the underlying originator and beneficiary in the message would not be performed.

  4. Originating banks could be intentionally using the “cover” method (MT 202 and MT 103) to obfuscate the true originator and beneficiary of the transfer from the intermediary financial institutions.

To address these transparency concerns the Society for Worldwide Interbank Financial Telecommunications (SWIFT) created a new MT 202 COV message type, which contained mandatory fields for both the originator and beneficiary of a payment, on November 21, 2009.

When to use the MT 202 COV?

As per the guidance issued in the “2009 Standards Release” the use the MT 202 COV is defined as follows:

“This message is sent by or on behalf of the ordering institution directly, or through correspondent(s), to the financial institution of the beneficiary institution. It must only be used to order the movement of funds related to an underlying customer credit transfer that was sent with the cover method. The MT 202 COV must not be used for any other interbank transfer. For these transfers the MT 202 must be used.”

What is a “cover payment”?

Again, a cover payment can be defined as a transfer with two separate message streams such as the MT 103 and MT 202.

  • The MT 103 is a direct payment order to the beneficiary’s bank.
  • The MT 202 is an interbank order to an intermediary bank or banks to cover the originator bank’s obligation to reimburse the beneficiary bank.

Cover Payment example 

Before the implementation of the MT 202 COV message type the following cover payment would be common practice.  Furthermore, using this method for customer credit transfers conceals the underlying originator and beneficiary from the intermediary banks.


In the diagram above, the originating customer is located in Japan and wants to pay the beneficiary customer located in Bosnia and Herzegovina in local currency, which is the Bosnian Convertible Marka (BAM). The originating bank is not able to send the payment order directly to the beneficiary bank so it must use one of its correspondent banks. The high level message flow is as follows:

  1. Originating customer in Japan instructs originating bank to pay beneficiary customer in Bosnian Convertible Marka (BAM).

  2. Originating bank sends MT 103 directly to beneficiary bank to pay beneficiary customer in Bosnian Convertible Marka (BAM).

  3. Beneficiary bank sends MT 199 to originating bank requesting reimbursement in United States Dollars (USD).

  4. Originating bank sends MT 202 to one of its sending correspondent banks to pay the beneficiary bank in United States Dollars (USD).

    • The MT 202 does not disclose the originator and beneficiary customer of the transfer because the fields are not available in the MT 202 message type.

  5. The sending correspondent bank sends the MT 202 to the receiving correspondent bank.

  6. The receiving correspondent bank sends the MT 202 to the beneficiary bank and finally covers the MT 103 which was sent directly from the originating bank to the beneficiary bank.

US Regulators sensitive to cover payments

In the Statement of Facts released by the US Department of Justice in the case against BNP Paribas, S.A. (BNPP) it stated the following about “cover payments”:

In March and June 2006, BNPP received two additional legal opinions from U.S. Law Firm 1, which informed BNPP that (a) U.S. sanctions could apply to BNPP even when the transactions were processed by U.S. Bank 1 instead of BNPP New York, and (b) U.S. authorities had become especially sensitive to the use of “cover payments” by foreign banks that omitted underlying descriptive details about the nature of the transactions, and advised BNPP to “ensure that they had adequate procedures in place to guard against any abuses of cover payment messages that could cause their U.S. operations to engage in prohibited transactions under U.S. sanctions. 

Detecting the misuse of the MT 202 message type?

How could an intermediary bank detect if the MT 202 message type has been misused if regulators are becoming sensitive to the use of “cover payments”? One method an intermediary bank can implement is to check the MT 202 message details for keywords such as “cover”, “MT 103”, “further credit to”, etc. However, searching for these keywords in the MT 202 message details will only provide an indication that the cover payment method was used, but it doesn’t determine if the message type has been misused. To determine if the MT 202 has been misused the correspondent bank will have to contact its customer which could be the originating or beneficiary bank and request a copy of the MT 103 message type. Once, the intermediary bank has a copy of the MT 103 its investigation unit can determine if the MT 202 message type has been misused or not.

Intermediary banks monitoring the potential misuse of the MT 202 message type is a labor intensive effort, but is there a way to decrease costs and increase efficiencies while remaining proactive and compliant? 

What is the definition of an interbank transfer?

One of the reasons why monitoring the potential misuse of the MT 202 message type is extremely labor intensive stems from the amount of MT 202 message traffic which contains non-financial institution third parties appearing to be related to trade finance transactions, such as letter of credits. While each bank should have its own written policy and interpretation of the regulatory guidelines, there seems to be a consensus that non-financial institution third parties can be involved in a “cover payment” via the MT 202 and MT 103 message streams if the transaction is a letter of credit as this would be considered an interbank transfer.

Are the regulatory guidelines of an interbank transfer too ambiguous?

If regulators are sensitive to the potential misuse of “cover payments” then is the definition of an interbank transfer too broad? For example, if the guidance stated that all transfers which contain non-financial institution third parties should use the MT 202 COV and MT 103 message streams then it would make it easier for intermediary banks to detect the potential misuse of the MT 202 message type. 

Final thoughts

On the condition that your bank is originating SWIFT traffic, then do written policies and procedures exist which clearly define when and when not to use the MT 202 message type? 

Providing that your bank acts as an intermediary, then are there monitoring programs in place which can detect the potential misuse of the MT 202 message type? How would the potential misuse of the MT 202 message type be investigated? Furthermore, if the MT 202 has been misused by an originating bank then what would be the next steps to remedy the situation to ensure it doesn’t continue to recur?

Intermediary banks can leverage data visualization dashboards to monitor the potential misuse of the MT 202 message type because the traditional transaction monitoring systems (TMS) are too narrowly focused at the customer and account level and create a high number of false positives for the bank’s investigation unit. 

*When the MT 202 message type is mentioned it should be understood to mean MT 202 and / or MT 205.

Keith Furst


Written by Keith Furst

Keith has years of proven experience within a variety of financial institutions including investment banks, retail banks, payment providers, merchant acquirers and brokerage firms. His forte relates to transaction monitoring, customer due diligence, fraud and trade compliance systems, and his work included custom data analytics and root cause analyses resulting in identification of suspicious activity outside of the traditional monitoring systems.