SWIFT Customer Security Programme

Reinforcing the security of the global banking system

SWIFT is the global provider of secure financial messaging services. The Customer Security Programme (CSP) was established by SWIFT to actively support customers in the fight against cyber-attacks.

Learn More

SWIFT’s customers have to attest compliance with all mandatory controls on an annual basis. SWIFT has recently introduced a requirement that mandates an independent assessment for all customers’ attestations.

This comes into force in 2021.

How can Vectra help?

While all customers are responsible for protecting their own environment, the CSP programme improves information sharing throughout the community, enhances SWIFT-related tools for customers and provides a set of cybersecurity controls which helps users strengthen end-point security and combat cyber fraud.

Vectra has extensive experience with Swift CSP assessments and has conducted many Swift CSP engagements across many territories both locally and internationally.

Swift CSP Audit

Validation of successful alignment of controls with the SWIFT CSP guidelines resulting in a controls report under recognised standards (e.g. ISAE3000).

Swift CSP Assessment

A detailed assessment of SWIFT CSP controls.

The mandatory security controls establish a security baseline for the entire community. They must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gains and risk reduction.

All controls are articulated around three overarching objectives:

  • Secure your Environment
  • Know and Limit Access
  • Detect and Respond

Security Attestation

As part of the Customer Security Programme (CSP), every SWIFT user has to submit an annual Security Attestation, showing compliance levels with the controls.

All users have to attest before the expiry date of the current controls version, confirming full compliance with the mandatory security controls no later than 31 December, and must re-attest at least annually thereafter.

Re-attestation has to be done between July and December each year. New joiners need to attest before going live on the SWIFT network.