SWIFT Customer Security Programme

An Independent Attestation for SWIFT Users in Financial Services

SWIFT’s Customer Security Controls Framework (CSCF)

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) Customer Security Programme (CSP) has laid standard security controls known as the Customer Security Controls Framework (CSCF). These aim at assisting SWIFT-connected customers in having more secure local environments, while also safeguarding the financial ecosystem. The SWIFT CSCF covers both mandatory and advisory security controls.

Independent assessments of SWIFT’s CSCF attestations

SWIFT users are required to assess their level of compliance against the SWIFT CSCF on an annual basis. In order for this to be carried out in a uniform manner, SWIFT issues an Independent Assessment Framework (IAF) document which provides a framework for undertaking assessments against the SWIFT CSCF.

Moreover, SWIFT requires that all attestations against CSCF must be independently assessed as part of the Community-Standard Assessment (CSA) process in order for each control to be evaluated as compliant or otherwise. This is meant to further enhance the integrity, consistency, and accuracy of attestations, and also to further safeguard the security of the global financial community. This can either be done by an external third party or an internal, independent function maintaining the appropriate competencies and certifications. The option to self-assess remains available but is considered as non-compliant.

SWIFT sets stringent requirements for internal assessors in terms of independence, cybersecurity experience, and relevant certifications. On the other hand, SWIFT users opting for an external assessment must ensure that it is performed by an independent external organisation. Among others, such organisations must have cybersecurity assessment experience, while the individual assessors require relevant security industry certification(s).

Support offered by Forvis Mazars in Malta

At Forvis Mazars in Malta, we can support SWIFT users throughout this whole independent assessment process.

Our auditors:

  • have ample experience in performing assessments and reviews of CSCF compliance in banking environments.
  • have sufficient training and expertise in the SWIFT security control framework and detailed mandatory and advisory controls.
  • have extensive financial service experience serving clients in cybersecurity and IT audit and advisory projects.
  • hold recognised industry qualifications such as Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, etc.

You will be provided with a detailed Gap Analysis between the SWIFT CSCF requirements and your current control level; where necessary, we will provide recommendations for improvement. Furthermore, you will be provided with completed CSCF mandatory and advisory controls checklists together with the CSCF Assessment Completion letter.

If you require further guidance or details in relation to this process, please do not hesitate to contact us so that we may assist you.

Get in touch

SWIFT CSP 2024: The Role of Independent Assessments

Independent assessments play a pivotal role in the SWIFT compliance process. Unlike internal reviews, these assessments provide an unbiased evaluation of an institution’s security measures. They ensure that the implemented controls are not only in place but are also effective and aligned with SWIFT’s stringent standards. This objectivity is vital for maintaining the trust and reliability of the global financial community.
Ensuring Security and Compliance article 1600x500px

Want to know more?