SWIFT Customer Security Programme

SWIFT's payments community continues to suffer from a number of cyber-attacks and breaches, (some stemming from third parties). While all SWIFT customers remain primarily responsible for protecting their own environments, SWIFT aims to support its community in the fight against cyber-attacks and have identified 19 mandatory and 10 optional security controls for all its 11,000 customers worldwide.

For 2020, SWIFT promoted 2 existing advisory controls to mandatory and introduced 2 additional advisory controls resulting in 21 mandatory and 10 advisory controls in the CSCF v2020. All SWIFT users are required to undergo an “independent assessment” in support of their annual self-attestation in 2020 of their compliance with the SWIFT CSCF.

SWIFT CSP Development

How are PwC positioned to help with this?

Swift CSP Audit

Validation of successful alignment of controls with the SWIFT CSP guidelines resulting in a controls report under recognised standards (e.g. ISAE3000).

SWIFT CSP Assessment

A detailed assessment of SWIFT CSP controls by leveraging our CSP accelerator.

Embedded in Internal Audit

Work alongside your internal audit function to report on SWIFT CSP controls.

Why PwC?

PwC will provide industry insight that is relevant to your market segment and geographical segment, as well as a balanced view on how to prioritise any associated actions.

Proven CSP Assurance Experience
We have performed numerous SWIFT CSP assurance engagements across multiple territories and industries.

Cohesive team who understand SWIFT
We understand SWIFT like no other as we have been performing an annual review of SWIFT under the internationally recognised ISAE3000 standard for over 10 years.

Technical expertise and knowledge
We are the only ‘Big-4’ firm with a professional Certified Cyber Security Consultancy certificate from the NCSC. We are unique in our ability to leverage threat intelligence to build and simulate realistic cyber-attack scenarios.

Adapting to your requirements
PwC will leverage inhouse accelerators and our extensive SWIFT CSP expertise to ensure that your needs are met ahead of SWIFTs required independent assessment due on 31 December 2020.

SWIFT customer security programme: FAQs​

1) What is the SWIFT CSP?

SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.

View more

2) When is the deadline for SWIFT CSP compliance?

You are required to submit a self-attestation on an annual basis by 31 December. An independent assessment is required alongside a customers attestations from 31 December 2020 onwards.

View more

3) What form does the SWIFT required independent assessment need to take?

There are two forms in which a SWIFT customer can gain an independent assessment:

  • An internal assessment. This is similar to an internal audit, carried out by the internal audit function of the customer and independent from the function submitting the attestation.
  • An external assessment. This is similar to an external audit, carried out by organisations such as PwC who will provide an independent assessment against the CSP controls.

View more

4) What are the 21 SWIFT CSP mandatory controls?

There are 21 mandatory controls focussed on, securing your environment, knowing and limiting access and detecting and responding.

View more

5) What happens if you attest non-compliance?

SWIFT reports all cases of non-compliance and where members have not attested at all to local regulators. In addition SWIFT will select a sample of attestations for validation each year.

View more

6) What happens if I suspect my organisation has been targeted or breached?

It is vital that you share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.

View more

Contact us

David Woerndl

Global SWIFT CSP Lead, PwC United Kingdom

Tel: +44 (0)7809 756281

Alessandro Frenza

Director - Cyber Security, PwC United Kingdom

Tel: +44 (0)7493 319240

Follow us