SWIFT's payments community continues to suffer from a number of cyber-attacks and breaches, (some stemming from third parties). While all SWIFT customers remain primarily responsible for protecting their own environments, SWIFT aims to support its community in the fight against cyber-attacks and have identified 19 mandatory and 10 optional security controls for all its 11,000 customers worldwide.
In 2020*, SWIFT promoted 2 existing advisory controls to mandatory and introduced 2 new advisory controls resulting in 21 mandatory and 10 advisory controls in the CSCF V2020. For 2021, SWIFT promoted 1 control to mandatory resulting in 22 mandatory and 9 advisory controls in the CSCF v2021. All SWIFT users will be required to perform an “independent assessment” as it is a key requirement of their annual self-attestation to demonstrate their compliance with the SWIFT CSCF.
SWIFT CSP Development
How are PwC positioned to help with this?
< Back
< Back
[+] Read More
Why PwC?
PwC will provide industry insight that is relevant to your market segment and geographical segment, as well as a balanced view on how to prioritise any associated actions.
Proven CSP Assurance Experience
We have performed numerous SWIFT CSP assurance engagements across multiple territories and industries.
Cohesive team who understand SWIFT
We understand SWIFT like no other as we have performed annual reviews of SWIFT for over 10 years.
Technical expertise and knowledge
We are the only ‘Big-4’ firm with a professional Certified Cyber Security Consultancy certificate from the NCSC. We are unique in our ability to leverage threat intelligence to build and simulate realistic cyber-attack scenarios.
Adapting to your requirements
PwC will leverage inhouse accelerators and our extensive SWIFT CSP expertise to ensure that your needs are met ahead of SWIFTs required independent assessment due on 31 December 2021.
PwC will provide industry insight that is relevant to your market segment and geographical segment, as well as a balanced view on how to prioritise any associated actions.
SWIFT customer security programme: FAQs
- 1) What is the SWIFT CSP?
- 2) When is the deadline for SWIFT CSP compliance?
- 3) What form does the SWIFT required independent assessment need to take?
- 4) What are the 22 SWIFT CSP mandatory controls?
- 5) What happens if you attest non-compliance?
- 6) What happens if I suspect my organisation has been targeted or breached?
1) What is the SWIFT CSP?
SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.
[*] COVID-19 Update: Given the global COVID-19 situation SWIFT has published updated guidelines on 18 June 2020 regarding changes to the CSP self-attestation and independent assessment requirements for 2020. SWIFT has announced that in 2020, customers can self-attest against the 2019 version of the SWIFT CSP and can optionally support the self-attestation with an independent assessment. In 2021, independent assessment will be a mandatory requirement and customers will be required to attest against the 2021 version of the CSP framework.
Related content
Follow us
Contact us
