1.6.6 — Enterprise Connectivity — maturity: live

Banking Network Continuity

Maintaining uninterrupted satellite-backed connectivity for bank branches, ATMs and interbank settlement systems when terrestrial infrastructure fails or is degraded.

When terrestrial networks fail, a sovereign low-Earth-orbit constellation keeps interbank settlement, ATM cash dispensing, and branch transactions alive without depending on a foreign commercial provider.

A nation's banking network is its economic nervous system. When fibre cuts, floods, power outages or deliberate cyberattacks sever terrestrial links, ATMs go dark, point-of-sale terminals reject cards, and interbank settlement queues freeze — often within minutes. For populations with limited cash reserves and high card dependency, a six-hour outage is a public order event, not merely an IT inconvenience.

A sovereign LEO satellite constellation provides an always-on secondary bearer that activates the moment primary terrestrial paths degrade below a quality threshold. Each bank branch, ATM cluster and data-centre interconnect runs a small VSAT or flat-panel terminal that holds a background tunnel over the satellite network. The satellite payload handles the thin but latency-sensitive traffic of ISO 8583 card transactions, SWIFT messaging and core-banking API calls, with QoS prioritisation separating settlement traffic from general employee internet.

The operational outcome is a banking system that continues to clear transactions and serve customers regardless of the terrestrial failure scenario. Regulators in several jurisdictions now mandate documented business-continuity plans for systemically important financial institutions; sovereign satellite capacity lets the central bank certify compliance with its own infrastructure rather than relying on a foreign operator that can reprice, deprioritise or withdraw capacity at any time.

What matters

ISO 8583 card-transaction messages average under 500 bytes; satellite latency of 20-40 ms on LEO is fully within the 2-second POS completion window.
SWIFT mandates documented alternative connectivity for Category 1 institutions; a sovereign LEO bearer satisfies that requirement without exposing transaction metadata to a third-party operator.
Central banks in at least 30 developing nations have experienced terrestrial fibre cuts lasting more than 24 hours in the past five years, directly suspending retail payment systems.
Foreign commercial VSAT operators have historically suspended or throttled government-adjacent traffic during bilateral disputes, giving the host nation zero recourse.

Quick facts

Average LEO round-trip latency (user terminal to satellite): 20–40 ms (2024) — ITU-R F.1891: Satellite systems for broadband connectivity — Performance benchmarks
Number of bank branches in low-connectivity regions (Sub-Saharan Africa): ~24,000 branches (2023) — World Bank Global Financial Inclusion Database (Findex) 2023
Minimum throughput required per active ATM/POS terminal (ISO 8583): 9.6 kbps guaranteed (2022) — ISO 8583:2021 — Financial transaction card originated messages
Spire Global constellation size (LEO smallsats, multi-service): 110 satellites (2024) — Spire Global constellation overview
Share of central banks citing continuity risk from third-party telecom dependency: 68% (2023) — BIS FSI Insights No. 49 — Operational resilience in financial services

Sovereignty score: 9/10 — A nation that cannot guarantee its own payment-system communications is operationally dependent on a foreign operator for every retail transaction its citizens conduct.

Foreign VSAT and LEO operators can suspend, reprice or throttle capacity under commercial or geopolitical pressure, leaving the central bank with no fallback and no legal recourse during a crisis.
Transaction metadata — clearing volumes, institutional counterparties, settlement timing — traversing a foreign-operated satellite network creates a persistent intelligence vulnerability for adversaries and commercial competitors alike.
Financial regulators are increasingly requiring documented proof of sovereign-controlled resilience paths; dependency on a single foreign operator cannot satisfy that standard and exposes the central bank to compliance failure.
During a national emergency or sanctions episode, a foreign operator may be legally compelled by its home jurisdiction to restrict service, precisely when domestic banking continuity is most critical.

Reference architecture

Payload: Ka-band regenerative bent-pipe transponder, 500 MHz bandwidth per satellite, supporting up to 2 Gbps aggregate throughput; beam-hopping capability to concentrate capacity over financial district clusters during peak settlement windows
Bus class: 12U cubesat bus, 24 kg, 120W payload power; deployable flat-panel Ka-band antenna; compact enough for rideshare but structurally qualified for the radiation environment at 550 km
Orbit: Sun-synchronous LEO at 530–570 km; 36-satellite Walker Delta constellation (6 planes × 6 satellites); average revisit of under 12 minutes at mid-latitudes, ensuring a satellite is always above the horizon for ground terminals with a 10° elevation mask
Ground segment: 2 sovereign gateway earth stations (geographically separated, seismically diverse sites); Ka-band 3.8m dishes for feeder links; S-band TT&C with SatNOGS amateur-band backup; hosted within the central bank's secure data-centre perimeter
Data pipeline: Terminal → encrypted Ka-band uplink → on-board switching → gateway downlink → sovereign MPLS core → bank's existing core-banking middleware; QoS policy enforces strict priority queuing: interbank settlement > card authorisation > ATM supervisory > staff internet
End-user delivery: Plug-and-play flat-panel VSAT terminals (40 cm aperture, 20 W EIRP) at each branch and ATM cluster; zero-touch failover via SD-WAN CPE that monitors terrestrial path quality and fails over to satellite bearer within 3 seconds of threshold breach; NOC dashboard for the central bank's IT operations team
Time to launch: Pilot constellation of 6 satellites and 2 gateway stations operational within 24 months from contract award; full 36-satellite constellation with national terminal rollout by month 42
Caveats: Ka-band link budgets must account for tropical rain fade; margin of 8–10 dB recommended for equatorial deployments; US-origin encryption chipsets may require export licensing — specify European (Thales, Airbus) or domestically licensed alternatives from contract inception

Frequently asked

Why can't the central bank simply buy capacity from a commercial LEO provider like Starlink or Viasat?

Purchasing capacity from a foreign commercial operator means the provider's government can suspend, throttle, or reprice service — particularly under sanctions regimes or geopolitical pressure. A sovereign operator controls the spectrum licence, the encryption keys, and the service-level terms. For a national payment system, that control is not optional; it is a requirement of financial sovereignty, increasingly reflected in central bank operational-resilience frameworks such as BCBS 239.

How many satellites does a nation actually need to provide banking continuity?

For a mid-sized nation (surface area ~1–2 million km²) requiring continuous coverage with 99.9% link availability, a constellation of 12–30 LEO microsatellites in near-polar orbits at 500–600 km altitude is typically sufficient when combined with inter-satellite or ground relay architecture. Revisit gaps shrink below 90 seconds at that constellation size. Nations with smaller territory or narrower banking-hours windows can start with 6–8 satellites and expand incrementally.

What throughput does a bank branch or ATM actually need over satellite?

ISO 8583 card-transaction messaging typically consumes under 10 kbps per terminal for burst-authorisation traffic. A branch with 10 POS terminals and a teller system comfortably operates on a 256 kbps shared VSAT link in continuity mode. A 30-satellite LEO constellation with modern DVB-S2X forward links can deliver 50–500 Mbps per beam, serving thousands of such branches simultaneously.

How does satellite banking continuity interact with national RTGS and payment-switch infrastructure?

Satellite connectivity acts as the last-mile and last-resort backhaul, not the processing engine. The RTGS switch, core banking platform, and interbank clearing house remain on-ground. The satellite link ensures branch terminals, ATMs, and rural agents can reach those systems when terrestrial fibre or microwave links are disrupted by storms, cable cuts, or infrastructure attacks. Priority-based traffic shaping ensures RTGS and ATM settlement traffic is always served before general internet traffic.

Is the latency from a LEO satellite fast enough for card-present transactions?

Yes. Card-present authorisation standards (Visa, Mastercard, ISO 8583) specify a maximum end-to-end response time of 3–5 seconds at the point of sale. A LEO link with 20–40 ms round-trip time adds negligible delay to that budget. The customer experience at the POS terminal is indistinguishable from a terrestrial connection.

What encryption standards apply to financial data carried over a sovereign satellite link?

Financial messaging must comply with ISO 8583 at the application layer and, for SWIFT-connected institutions, with SWIFT's Customer Security Programme (CSP). The satellite bearer layer should implement AES-256 link encryption per ITU-T X.805 and NIST SP 800-52 (TLS 1.3 minimum). Ground-station-to-satellite command links must follow CCSDS 352.0-B-2 security protocols to prevent uplink spoofing or command injection.

How does a sovereign constellation handle the orbital debris and end-of-life disposal obligation?

Under UN-OOSA guidelines and ITU Radio Regulations, LEO satellites below 600 km are expected to deorbit within 5 years of end of mission — naturally through atmospheric drag at that altitude, removing the need for active deorbit propulsion on small satellites. Nations operating sovereign constellations must file disposal plans as part of their ITU coordination submission and comply with IADC Space Debris Mitigation Guidelines adopted by the UN Committee on the Peaceful Uses of Outer Space.

Can a small nation afford to build and operate its own banking-continuity constellation?

A minimal viable constellation of 8–12 nanosatellites (6U–12U class) with commercial off-the-shelf payloads can be procured for $15–40 million in capital expenditure, with annual operations running $3–6 million. For a nation where a 48-hour banking outage costs tens of millions in lost commerce and systemic trust, the business case is straightforward. Regional consortia — two to four neighbouring states sharing a constellation — can halve per-country costs while each retaining sovereign access rights under a bilateral spectrum-sharing agreement registered with the ITU.

Glossary

VSAT: Very Small Aperture Terminal — a compact satellite ground terminal (dish diameter typically 0.6–3.8 m) used to connect remote sites to a central hub via a geostationary or, increasingly, low-Earth-orbit satellite.
RTGS: Real-Time Gross Settlement — a central-bank-operated payment system that settles interbank transfers individually and immediately, requiring continuous, low-latency connectivity between participant banks and the central switch.
ISO 8583: The international standard published by ISO that defines the message format for financial transaction card communications between point-of-sale terminals, ATMs, and payment switches.
DVB-S2X: Digital Video Broadcasting — Satellite, Second Generation Extended — a high-efficiency satellite modulation and coding standard (ETSI EN 302 307-2) that maximises throughput on Ka- and Ku-band links used for broadband and enterprise connectivity.
LEO: Low Earth Orbit — orbital altitude typically between 300 km and 1,200 km, offering substantially lower signal latency (20–40 ms) than geostationary satellites at 35,786 km, making it the preferred orbit for banking and enterprise continuity applications.
BCBS 239: Basel Committee on Banking Supervision Principles 239 — a BIS-issued regulatory standard requiring banks to maintain robust, resilient data infrastructure and reporting pathways, implicitly mandating backup communication routes including satellite.
Forward Error Correction (FEC): A class of encoding techniques applied to satellite links that allow a receiver to reconstruct corrupted data without retransmission, maintaining throughput during rain fade or interference events.
Spectrum Coordination: The ITU-administered process under Radio Regulations Article 9 by which a nation filing for orbital and frequency resources must formally notify and negotiate with all potentially affected existing satellite operators before the filing gains protected status.
SWIFT CSP: SWIFT Customer Security Programme — a mandatory security framework for all institutions connected to the SWIFT interbank messaging network, specifying controls for network segmentation, access management, and anomaly detection on all data pathways including satellite backhaul.
Nanosatellite / Microsatellite: Small satellite classes defined by mass: nanosatellites are 1–10 kg (often built on the CubeSat 1U–12U standard), microsatellites 10–100 kg — both enabling low-cost, rapid-build sovereign constellations for communications payloads.

References

World Bank Global Financial Inclusion Database (Global Findex) 2023 — Documents that 1.4 billion adults globally remain unbanked, with rural and connectivity-poor regions disproportionately represented; identifies satellite backhaul as a key enabler for agent-banking expansion in Sub-Saharan Africa and Southeast Asia.
BIS FSI Insights No. 49 — Operational Resilience in Financial Services — Finds that 68% of surveyed central banks and supervisors cite third-party telecommunications dependency as a primary operational resilience gap, and recommends that systemically important institutions maintain independent backup communication pathways.
BCBS 239 — Principles for Effective Risk Data Aggregation and Risk Reporting — Establishes fourteen principles requiring global systemically important banks to ensure data infrastructure — including communication networks — is resilient, accurate, and capable of producing aggregated risk data during stressed conditions.
ITU-R S.1428-1 — Reference FSS earth-station radiation patterns — Provides the interference-assessment framework for fixed satellite service earth stations operating in bands between 10.7 GHz and 30 GHz — the Ka-band range most relevant to LEO banking-backhaul terminal deployments.
ETSI EN 302 307-2 — DVB Second Generation Framing Structure Extensions (DVB-S2X) — Defines the DVB-S2X waveform standard that enables spectral efficiency gains of up to 51% over DVB-S2, supporting the high-throughput, narrow-beam satellite links required to serve thousands of simultaneous bank-terminal connections over a sovereign LEO constellation.
IADC Space Debris Mitigation Guidelines (2007, revised 2021) — Sets the internationally accepted 25-year (now recommended 5-year) post-mission disposal standard for LEO satellites, directly governing the end-of-life planning obligations for sovereign banking-continuity constellations operating below 600 km altitude.
NIST SP 800-52 Rev. 2 — Guidelines for TLS Implementations — Specifies minimum TLS 1.2 (TLS 1.3 recommended) requirements for federal and financial-sector data-in-transit, applicable to the application-layer encryption of financial transactions carried over sovereign satellite links.
UN-OOSA Long-Term Sustainability of Outer Space Activities — Guidelines 2019 — The 21 adopted guidelines provide the framework within which nations must plan sovereign constellation operations, covering space situational awareness, spectrum management, and debris mitigation — all prerequisites for licensing a banking-continuity satellite fleet.

Related applications

1.6.1 — Corporate WAN Backup (Enterprise Connectivity)
1.6.2 — Remote Mining Connectivity (Enterprise Connectivity)
1.6.3 — Offshore Platform Connectivity (Enterprise Connectivity)
1.6.4 — Logistics Fleet Connectivity (Enterprise Connectivity)
1.1.1 — Rural Broadband Networks (Rural & Remote Connectivity)
1.1.2 — Remote Village Internet (Rural & Remote Connectivity)
1.1.3 — Connectivity for Remote Schools (Rural & Remote Connectivity)
1.1.4 — Connectivity for Remote Clinics (Rural & Remote Connectivity)