SWIFT Customer Security Programme

SWIFT's payment community suffered a number of cyber-attacks and breaches throughout 2016, (some stemming from third parties). While all SWIFT customers remain primarily responsible for protecting their own environments, SWIFT aims to support its community in the fight against cyber-attacks and have identified 16 mandatory and 11 optional security controls for all its 11,000 customers worldwide.

SWIFT's customers will have to attest compliance to all 16 mandatory controls by the end of 2018.

How are PwC positioned to help with this?

Cohesive team who understand SWIFT

PwC understands SWIFT like no other as we have been performing an annual review of SWIFT under the internationally recognised ISAE3000 standard for over 10 years.

View more

Proven performance on similar projects

PwC have performed numerous SWIFT CSP security assessments worldwide and as such, we have a proven approach and understanding of how to ensure the security of SWIFT infrastructure, while maintaining functionality.

View more

Technical expertise and knowledge base

PwC is the only ‘Big-4’ firm with a professional Certified Cyber Security Consultancy certificate from the NCSC. PwC are unique in our ability to leverage threat intelligence to build and simulate realistic cyber attack scenarios.

View more

Adapting to your requirements

PwC will formulate and tailor an approach that suits your immediate requirements and future ambitions. To achieve those PwC will provide pragmatic insights and balanced views on how to prioritise any associated actions.

View more

SWIFT customer security programme: FAQs​

1) What is the SWIFT CSP?

SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.

View more

2) When is the deadline for SWIFT CSP compliance?

You are required to submit a self-attestation on an annual basis by 31st December. All organisations are required to attest compliance with the 16 mandatory controls by December 2018.

View more

3) What are the 16 SWIFT CSP mandatory controls?

There are 16 mandatory controls focussed on, securing your environment, knowing and limiting access and detecting and responding.

View more

4) What happens in non-compliance cases?

SWIFT will randomly check network members and will report any non-compliant organisations to industry regulators such as the Financial Conduct Authority.

View more

5) What happens if I suspect my organisation has been targeted or breached?

It is vital that you share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.

View more

Contact us

David Woerndl

Global SWIFT CSP Lead, PwC United Kingdom

Tel: +44 (0)7809 756281

Alessandro Frenza

Director - Cyber Security, PwC United Kingdom

Tel: +44 (0)7493 319240

Follow us