Security requirements are fully met: Bankhaus Metzler assessed according to SWIFT CSCF

2. February 2023

Bankhaus Metzler, the oldest family-owned private bank in Germany with headquarters in Frankfurt am Main, successfully completed its SWIFT assessment in July. In an assessment based on the SWIFT Customer Security Controls Framework (CSCF) version 2022, auditors from usd AG verified that Metzler meets all mandatory and recommended security requirements of the CSCF for secure financial messaging services.

About the SWIFT Customer Security Controls Framework

To strengthen the security of the global banking system, SWIFT developed the Customer Security Programme (CSP) in 2016. Derived from its security requirements, SWIFT formulated a set of control guidelines that all entities connected to the network must comply with: the Customer Security Controls Framework (CSCF). The CSCF consists of mandatory and advisory controls. SWIFT members are required to demonstrate compliance with all Mandatory Controls to SWIFT annually through an independent assessment by external or internal qualified auditors.

Security through mandatory controls - and beyond

In the course of the SWIFT assessment, usd AG's team of auditors conducted site visits, employee interviews, document and configuration reviews, most of which were carried out remotely but some of which were also carried out on site. It was confirmed that Bankhaus Metzler fully complies with all mandatory and optional security requirements of the CSCF.

The project team led by Ulrich Trabert, Information Security Officer (CISO) at Bankhaus Metzler, and Tobias Weber, Managing Security Consultant at usd AG, was able to additionally optimize the assessment processes in the course of the assessment. This created a basis for future assessments under simplified conditions and with less effort..

More security for highly sensitive data

As a bank with a particular commitment to long-term and trusting relationships with its customers, Metzler invests extensively in the protection of information and IT assets. To this end, information security that is independently audited and demonstrably strong is crucial.

"Stability and reliability are the foundation for our customers' trust. As a bank, we bear a great responsibility for the security of their financial transactions," says Ulrich Trabert. "That is why our choice for the SWIFT Assessment fell on usd AG as an independent auditor, with whom we have already been working successfully for many years in various security projects. With the successful SWIFT Assessment, we now have the confirmation that we meet the high security requirements of the CSCF and are also well positioned for future assessments.

Tobias Weber conducted the assessment as lead auditor of usd AG: "We have a long-standing, trusting partnership with Bankhaus Metzler in various areas of IT security. We are very pleased that we were able to contribute our auditing experience and our expertise in regulatory projects in the financial sector to the SWIFT assessment for Metzler. We would like to express our sincere thanks to all project participants for their trust and the success we achieved together."

Also interesting:

Cloud Provider plusserver Certified According to PCI DSS v4.0

Cloud Provider plusserver Certified According to PCI DSS v4.0

At the beginning of 2024, the leading German cloud provider plusserver was certified by usd AG according to the globally mandatory PCI DSS v4.0 credit card security standard. With its cloud platforms, plusserver provides its customers with a data-sovereign and...