Swift Compliance and Certification

Call Us

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has put forth a security framework under its Customer Security Program i.e. SWIFT CSP for all of its users to address the growing needs of security and transparency as a community to combat the increase in cyber fraud.

The SWIFT CSP program aims at detection and prevention of fraudulent activity by means of a set of mandatory security controls defined under SWIFT Customer Service Control Framework (CSCF) and community wide information sharing initiative. The framework defines a set Objectives, Principles and Controls, revised and reviewed annually.

Any organization that makes use of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) interbank messaging network needs to comply with the new cybersecurity standards - as well as a related "assurance framework”. The organization that requires to be SWIFT qualified needs to undergo the following steps :-

Self-assessment as per the SWIFT Customer Security Controls Framework (CSCF): Annual assessment of the Swift environment for mandatory and advisory controls.
Self-attestation as per the SWIFT Customer Security Controls Policy: Each user is required to submit a self-attestation of their compliance against the controls defined based on the assessment results before the annual deadline.
Third Part Attestation

Furthermore, to enhance the overall integrity of attestations across all customers, all submitted attestations for CSCF v2023 must be supported by an Independent assessment – either internally, by a second or third line of defence (e.g. risk,compliance or internal audit), or externally, by a third-party.

All SWIFT Customers are required to perform an “Independent Assessment” as per the requirement of their annual self-attestation. As an approved SWIFT Assessment Provider, QRC will help you validate successful alignment of controls with the SWIFT CSP guidelines and work alongside your internal audit function. Our extensive SWIFT CSP expertise will ensure that all your requirements are met ahead of SWIFT’s required independent assessment.-

Audit Approach

Business Understanding

Evaluating business process and environment to understand the in-scope elements

Assessment Scope Finalization

Detailed questionnaire is shared with your teams to aid in the scope definition, planning and preparation of the audit and objectives

Initial/Readiness Assessment

As per the SWIFT CSCF framework, we will conduct an initial assessment to identify and analyze the risks in the information security posture

Validate SWIFT Architecture

Assist organizations to identify and validate SWIFT architecture, zones and the components as per the assessment requirement.

Control Validation

Perform Mandatory & Advisory Control Validation to understand the control applicability as per the environment

Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages

Documentation Support

Avail templates to ease out the documentation process during the assessment process

Remediation Support

As per the assessment QRC will provide remediation support for complying with the SWIFT Cybersecurity framework.

Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach

Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance

Concise Reporting

Our team documents a comprehensive report detailing all findings covered during the assessment cycle as per the SWIFT template.

frequently asked questions

What Is The SWIFT CSP?

SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.

When Is The Deadline For SWIFT CSP Compliance?

SWIFT CSP requires one to submit a self-attestation on an annual basis by 31 December. An independent assessment is required alongside a customers attestations from 31 December 2020 onwards.

What Form Does The SWIFT Required Independent Assessment Need To Take?

There are two forms in which a SWIFT customer can gain an independent assessment

An internal assessment : The internal audit needs to be carried out as per the internal audit function of the customer and independent from the function submitting the attestation.
An external assessment : An external audit can be carried out by QRC, an assessment against the CSP controls.

What If You Attest Non-Compliance For SWIFT?

SWIFT reports all cases of non-compliance and where members have not verified to local regulators.

What If I Suspect My Organisation Has Been Targeted Or Breached?

In any circumstances, it is necessary to share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.

Should Advisory Controls Be Adopted?

Customers are required to implement all mandatory controls.However the advisory controls are provided to reduce the attack surface and vulnerabilities, detecting anomalous activity to systems or transaction records, and planning for incident response and information sharing. These controls should be ideally selected after performing risk assessments.

SWIFT CSCF Assessment