1) What is the SWIFT CSP?
SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.
2) When is the deadline for SWIFT CSP compliance?
SWIFT's customers are required to submit their attestations on an annual basis to SWIFT's KYC portal by 31st December.
In 2020*, customers can attest compliance to either CSCF v2019 or CSCF v2020. In 2021, an independent assessment is required alongside the customer's attestation.
3) What form does the SWIFT required independent assessment need to take?
There are two forms in which a SWIFT customer can gain an independent assessment:
- An internal assessment. This is similar to an internal audit, carried out by the internal audit function of the customer and independent from the function submitting the attestation.
- An external assessment. This is similar to an external audit, carried out by organisations such as PwC who will provide an independent assessment against the CSP controls.
4) What are the 22 SWIFT CSP mandatory controls?
5) What happens if you attest non-compliance?
SWIFT reports all cases of non-compliance and where members have not attested at all to local regulators. In addition SWIFT will select a sample of attestations for validation each year.
6) What happens if I suspect my organisation has been targeted or breached?
It is vital that you share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.