The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, provides safe and secure financial transactions for its 11,000 members. It provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardised and reliable environment. The importance of the SWIFT network for financial transactions inherently makes it an enticing target for cyber criminals and attackers.
Naturally, the banking industry is one of the largest users of the SWIFT network. In the last five years alone there were at least 8 high-profile attacks on banks and SWIFT systems, not to mention many other attacks of a smaller magnitude, all resulting in significant financial losses:
"PwC is an approved SWIFT Cyber Security Provider"
In the aftermath of the 2016 Bank of Bangladesh heist, SWIFT established its Customer Security Programme (CSP) to mandate the adoption of a Customer Security Controls Framework (CSCF). The establishment of this programme aims to prevent fraudulent activity through a set of 22 mandatory and 9 advisory security controls (as of version 2021), whilst also encouraging customers to be involved in community-wide information sharing initiatives and implement enhanced security features on payments infrastructure. The SWIFT CSP is therefore aimed at helping customers to secure their local environments and to foster a more secure financial ecosystem.
The SWIFT organisation requires companies such as banks operating a SWIFT environment, also referred to as SWIFT users, to attest compliance to all mandatory controls on an annual basis. As of 2021, users must provide this attestation through an independent assessment which verifies whether the implemented controls mitigate various cyber security risks.
When determining who will help carry out this independent assessment, it is important to ensure your assessor has the expertise to determine you have the right controls in place and can guard against the potential damage of a cyber attack. We recommend an independent SWIFT approved cyber security provider, such as PwC, who has familiarity with SWIFT and your industry and can assist you in understanding how you compare to your peers as well as in gaining additional insight into security best practices in this space.
PwC can help your organisation achieve the SWIFT CSP attestation compliance through the following key services:
PwC Malta is constantly working with the PwC network to gain global experience and expertise related to SWIFT CSP. The PwC network boasts a wide range of professionals with in-depth knowledge and expertise in the area. PwC therefore possesses:
The PwC network has performed numerous SWIFT CSP assurance engagements across multiple territories and industries.
The PwC network understands SWIFT like no other as we performed an annual review of SWIFT under the internationally recognised ISAE3000 standard for over 10 years.
PwC will leverage inhouse accelerators and our extensive SWIFT CSP expertise to ensure that your needs are met ahead of SWIFT's required independent assessment due on 31 December 2021.
PwC will provide industry insight that is relevant to your market segment, as well as a balanced view on how to prioritise any associated actions.
Advisory Partner, PwC Malta
Tel: +356 2564 7091
Assurance Partner, PwC Malta
Tel: +356 2564 7191
Manager, Advisory, PwC Malta
Tel: +356 2564 4629
Norbert Paul Vella
Senior Manager - Assurance, PwC Malta
Tel: +356 2564 7263