Skip to content Skip to footer

Loading Results

Are you ready to respond to the new requirements of the SWIFT Customer Security Programme?

The Society for Worldwide Interbank Financial Telecommunication, or SWIFT,  provides safe and secure financial transactions for its 11,000 members. It provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardised and reliable environment. The importance of the SWIFT network for financial transactions inherently makes it an enticing target for cyber criminals and attackers.

Naturally, the banking industry is one of the largest users of the SWIFT network. In the last five years alone there were at least 8 high-profile attacks on banks and SWIFT systems, not to mention many other attacks of a smaller magnitude, all resulting in significant financial losses:

Swift Graph

"PwC is an approved SWIFT Cyber Security Provider"

The global provider of secure financial messaging services

In the aftermath of the 2016 Bank of Bangladesh heist, SWIFT established its Customer Security Programme (CSP) to mandate the adoption of a Customer Security Controls Framework (CSCF). The establishment of this programme aims to prevent fraudulent activity through a set of 22 mandatory and 9 advisory security controls (as of version 2021), whilst also encouraging customers to be involved in community-wide information sharing initiatives and implement enhanced security features on payments infrastructure. The SWIFT CSP is therefore aimed at helping customers to secure their local environments and to foster a more secure financial ecosystem.

The SWIFT organisation requires companies such as banks operating a SWIFT environment, also referred to as SWIFT users, to attest compliance to all mandatory controls on an annual basis. As of 2021, users must provide this attestation through an independent assessment which verifies whether the implemented controls mitigate various cyber security risks.

swift plan

When determining who will help carry out this independent assessment, it is important to ensure your assessor has the expertise to determine you have the right controls in place and can guard against the potential damage of a cyber attack. We recommend an independent SWIFT approved cyber security provider, such as PwC, who has familiarity with SWIFT and your industry and can assist you in understanding how you compare to your peers as well as in gaining additional insight into security best practices in this space.

How are PwC positioned to help with this?

PwC can help your organisation achieve the SWIFT CSP attestation compliance through the following key services:

swift plan


Validation of successful alignment of controls with the SWIFT CSP guidelines resulting in a controls report under recognised standards (e.g. ISAE3000).


swift plan

SWIFT CSP Assessment

A detailed assessment of SWIFT CSP controls by leveraging our CSP accelerator. We can also work alongside your internal audit function to report on SWIFT CSP controls.


swift plan

Scenario Risk Assessments and Penetration Testing 

Align with SWIFT CSCF controls 7.3 and 7.4 and validate the operational security configuration by simulating an external or internal threat actor.


Why PwC?

PwC Malta is constantly working with the PwC network to gain global experience and expertise related to SWIFT CSP. The PwC network boasts a wide range of professionals with in-depth knowledge and expertise in the area. PwC therefore possesses:

swift plan

A proven CSP Assurance Experience

The PwC network has performed numerous SWIFT CSP assurance engagements across multiple territories and industries.

A cohesive team who understand SWIFT

The PwC network understands SWIFT like no other as we performed an annual review of SWIFT under the internationally recognised ISAE3000 standard for over 10 years.

The ability to adapt to your requirements

PwC will leverage inhouse accelerators and our extensive SWIFT CSP expertise to ensure that your needs are met ahead of SWIFT's required independent assessment due on 31 December 2021.

PwC will provide industry insight that is relevant to your market segment, as well as a balanced view on how to prioritise any associated actions.

Swift chart

Contact us

Michel Ganado

Michel Ganado

Advisory Partner, PwC Malta

Tel: +356 2564 7091

Fabio Axisa

Fabio Axisa

Assurance Partner, PwC Malta

Tel: +356 2564 7191

Kirsten  Cremona

Kirsten Cremona

Manager, Advisory, PwC Malta

Tel: +356 2564 4629

Norbert Paul Vella

Norbert Paul Vella

Senior Manager - Assurance, PwC Malta

Tel: +356 2564 7263

Follow us

Subscribe to the PwC Thought Leadership Newsletters / Alerts

PwC Malta engages through regular publications on relevant issues covering accounting, income tax, VAT, regulatory and industry specific topics.

Required fields are marked with an asterisk(*)

Please tick as appropriate


  1. By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers).
  2. Personal data can be changed on request, via email - PwC Malta reserves the right to reject new subscription requests or terminate subscriber accounts at any time without notice and/or justification. If you wish to stop receiving these e-mails from us, please send an email with 'Unsubscribe' as the subject.