What is the SWIFT Customer Security Programme (CSP)?
SWIFT introduced the CSP along with the Customer Security Controls Framework (CSCF) in 2017 to actively support its customers in enhancing cybersecurity. The CSP & CSCF have evolved over time through the introduction of new controls and new clarifications on implementation guidance and scope, but are built around 3 pillars:
- Securing your local environment
- Preventing and detecting fraud in your commercial relationships
- Continuously sharing information and preparing to defend against future cyber threats
All member organisations who use the interbank messaging network must attest annually with SWIFT’s CSCF. As of 2021, SWIFT users are mandated to support their self-attestation with an independent assessment from a company such as BDO, even SWIFT systems which are fully outsourced.
Depending on how your business interacts with SWIFT, an architecture type is defined which outlines specific control requirements encompassed by the CSCF.
What happens in cases of non-compliance with the SWIFT CSP?
SWIFT reserves the right to report member organisations who have not attested compliance to the supervisory or regulatory entities, as well as entities with which the non-compliant member is transacting. As such, non-compliance can result in hefty regulatory fines as well as loss of business.
How BDO can help
BDO has the knowledge and experience to ensure your SWIFT CSP is carried out efficiently and effectively with minimal disruption to your operation. Our global team of experts hold internationally recognised certifications across all relevant industries including Data Privacy & Protection, Anti-Money Laundering, Cybersecurity, Project Management, and more.
Our experts support the SWIFT CSP in the following ways:
- Gap analysis and readiness assessment - an assessment of whether current controls meet the requirements of the CSCF. We assess the entity's current level of compliance with the framework requirements.
- Remediation and monitoring - we identify technological solutions and procedural changes, in order to address the identified gaps, supporting entities in their preparation for rleveant certification or attestation. This includes re-testing and monitoring of critical controls.
- Support and advice - on Independent Assessment for the 2nd and 3rd line of defense (risk, compliance and internal audit).
- Assurance - Validation and assurance on the design, implementation and effectiveness of controls relating to the SWIFT CSP and CSCF, by issuing an independent assurance report, in accordance with applicable international standards including ISAE 3000.
- Additional services - we also offer vulnerability scanning, incident management and more, to ensure you are fully compliant.
For more information, contact Jeremy Burns, responsible for the Advisory Services Department by emailing jburns@bdo.ky.