SWIFT Customer Security Program
What is the SWIFT Customer Security Program (CSP)?
SWIFT introduced the CSP along with the Customer Security Controls Framework (CSCF) in 2017 to actively support its customers in enhancing cybersecurity. The CSP & CSCF have evolved over time through introduction of new controls and new clarifications on implementation guidance and scope, but are built around 3 pillars:
- Securing your local environment
- Preventing and detecting fraud in your commercial relationships
- Continuously sharing information and preparing to defend against future cyber threats
All member organizations who use the interbank messaging network must attest annually with SWIFT’s CSCF. As of 2021, SWIFT users are mandated to support their self-attestation with an independent assessment from a company such as BDO, even SWIFT systems which are fully outsourced.
Depending on how your business interacts with SWIFT, an architecture type is defined which outlines specific control requirements encompassed by the CSCF.
What happens in cases of non-compliance with the SWIFT CSP?
SWIFT reserves the right to report member organizations who have not attested compliance to both the to the supervisory/regulatory entities as well as entities with which the non-compliant member is transacting. As such, non-compliance can result in hefty regulatory fines as well as loss of business.
How BDO can help
BDO has the knowledge and experience to ensure your SWIFT CSP is carried out efficiently and effectively with minimal disruption to your operation. Our global team of experts hold internationally recognized certifications across all relevant industries including Data Privacy & Protection, Anti-Money Laundering, Cybersecurity, Project Management, and more.
Our experts support the SWIFT CSP in the following ways:
- Gap analysis / readiness assessment : Assessment of whether current controls meet the requirements of the CSCF, that is, we assess the entity's current level of compliance with the framework requirements;
- Remediation/monitoring: Identification of technology solutions and procedural changes in order to address the identified gaps, supporting entities in their preparation for certification/attestation, including re-testing and monitoring of critical controls;
- Support/advice on Independent Assessment for the 2nd and 3rd line of defense (risk, compliance and internal audit)
- Assurance/assurance: Validation/assurance on the design, implementation and effectiveness of controls in accordance with the SWIFT CSP and CSCF, by issuing an independent assurance report, issued in accordance with applicable international standards, ie: ISAE 3000; and
- Additional services: Vulnerability scanning, incident management, etc.
For more information, contact Richard Carty, responsible for the Advisory Services Department by emailing [email protected]