The Society for Worldwide Interbank Financial Telecommunication (SWIFT) released the Customer Security Controls Policy on May 19 – an update to the organisation’s Customer Security Programme (CSP).

CSP aims to reinforce the security of the entire SWIFT ecosystem by improving the local environment security of each individual SWIFT user.

The Customer Security Controls Policy contains further information when it comes to the roles, responsibilities and process details of the CSP’s customer security attestation and follow-up process.

Our latest publication contains the highlights of the SWIFT update, how should a user comply with the requirements and what are the consequences of non-compliance.

All organisations, not just financial institutions, that use the SWIFT interbank messaging network must comply with CSP, or face being reported to regulators and other SWIFT users.

The Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) Customer Security Program (CSP) was established to support SWIFT users against cyber-fraud. SWIFT released cybersecurity standards in March 2017, with enforcement beginning in January 2018.

The SWIFT Customer Security Program (CSP) requires each user to self-assess their SWIFT infrastructure against SWIFT’s set of Objectives, Principles and Controls – including 16 mandatory controls and 11 optional “advisory” controls.

Subsequently, users are required to report their compliance status to SWIFT via the self-attestation process based on the self-assessment results.

• Evaluate your readiness to meet the SWIFT CSP rules and attestation requirements.
  
• Implement new controls and remediation of existing controls within your organisation’s SWIFT environment, and to the broader Payment and Wire Transfer Processes if required. 
• Assessment services to comply with SWIFT’s self-attestation processes.