This document defines the banking-focused test strategy for SwiftGuard, an LLM-driven contract testing framework for SWIFT financial messaging systems.
The objective is to ensure MT103 payment messages are processed in compliance with ISO 20022 standards and RBI regulatory requirements, covering:
- Message compliance
- Financial integrity
- AML & fraud controls
- Cut-off handling
- Auditability
- System resilience
SwiftGuard leverages LLM-generated test data to simulate real-world banking scenarios, including malformed, suspicious, and high-risk financial transactions.
- Component:
swiftService.js(Payment ingestion microservice) - Message Type: SWIFT MT103 (Single Customer Credit Transfer)
- Validation Logic:
parser/swiftParser.jscontracts/mt103.schema.json
- AI Integration:
llm/swiftGenerator.js(Gemini API) - UI:
ui/index.html(Operational dashboard) - Compliance Coverage:
- ISO 20022 message rules
- RBI payment systems, AML, and audit guidelines
- Core banking ledger posting
- External clearing & settlement networks
- Real customer data
- Production payment systems
Validate strict adherence to SWIFT MT103 and ISO 20022 rules.
- Mandatory tag enforcement (
:20:,:23B:,:32A:,:50K:,:59:,:71A:) - ISO-compliant date and currency validation (ISO 8601, ISO 4217)
- Field length and value constraints
- Rejection of schema-breaking messages
Objective: Prevent non-compliant financial messages from entering downstream banking systems.
Ensure correctness of transaction processing.
- Zero or negative amount rejection
- Duplicate transaction reference detection (idempotency)
- Currency mismatch validation
- Decimal precision and rounding checks
Objective: Prevent double debit/credit and settlement inconsistencies.
Use LLM-generated scenarios to validate risk controls.
- Sanctioned country and blocked BIC simulation
- Threshold breach detection
- Structuring patterns (multiple low-value transfers)
- Replay and duplicate message attacks
Objective: Ensure AML screening and fraud-prevention readiness.
Validate robustness using non-deterministic banking inputs.
- Valid MT103 variations with realistic diversity
- Invalid scenarios:
- Missing mandatory tags
- Corrupted delimiters
- Invalid currencies and dates
- Oversized field values
Goal: Ensure safe failure without crashes or data corruption.
Using Playwright, validate the full operational flow:
- MT103 generation (LLM)
- Submission to payment API
- API response validation (ACK / NACK / error reason)
- UI dashboard reflects correct transaction state
Objective: Ensure system consistency and operational visibility.
Validate business calendar rules:
- After cut-off transactions
- Weekend submissions
- Bank holiday handling
- Automatic value date adjustments
Objective: Ensure compliance with RBI settlement timelines.
Validate auditability and traceability.
- End-to-end transaction reference tracking
- Immutable processing logs
- Accurate UTC timestamps (ISO 8601)
Objective: Ensure readiness for RBI audits and regulatory investigations.
- OS: Windows (Local)
- Runtime: Node.js v18+
- Test Framework: Playwright (
@playwright/test) - LLM Provider: Google Gemini (
@google/genai) - Service Port:
1934 - Execution Mode: Local (non-containerized)
| ID | Category | Title | Description | Expected Result |
|---|---|---|---|---|
| TC001 | Compliance | Valid MT103 Acceptance | LLM generates compliant MT103 | 200 OK, valid=true |
| TC002 | Compliance | Mandatory Tag Missing | Missing :23B: or :71A: |
400, schema violation |
| TC003 | Financial Integrity | Duplicate Reference | Same :20: reused |
Second request rejected |
| TC004 | AML | Sanctioned Country | High-risk country code | Blocked + alert |
| TC005 | Fraud | Replay Attack | Same message resent | Idempotent rejection |
| TC006 | Cut-Off | After Cut-Off Time | Late submission | Queued next business day |
| TC007 | Audit | Traceability | End-to-end ID tracking | Full lifecycle trace |
| TC008 | Resilience | Garbage Input | Non-SWIFT payload | Graceful rejection |
Run the complete banking test suite using:
npx playwright test
Test Report: Playwright HTML report
Compliance Evidence: ISO 20022 rule validation logs RBI-mapped test results
Audit Logs: Transaction reference Processing status Error or rejection reason codes