We support you in your SWIFT mandated Assessment
It is hard to imagine international payments without SWIFT. The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a global member cooperative that provides secure financial messaging services for its community of 11,000 banks and financial institutions. To this end, it provides the technical infrastructure and standardized message formats for message transfer.
What are the requirements for SWIFT members?
Under the Customer Security Controls Framework (CSCF), SWIFT members are required to provide SWIFT with annual evidence of compliance with all mandatory controls. Until now, banks and financial institutions have been able to provide this proof through a “user initiated assessment” in the form of a self-assessment.
For quality assurance reasons, however, an important change was made in 2020 with regard to this proof of compliance: According to the Independent Assessment Framework (IAF), all members must provide proof in the future through an independent audit . This can be performed by external auditors as well as by internally independent persons with appropriate expertise (e.g. internal audit).
Did you know?
Keep track of your compliance obligations: You must demonstrate compliance with all Mandatory Controls to SWIFT on an annual basis.
How we support you with your SWIFT audit
Our auditors combine many years of auditing experience in the payment industry with extensive know-how in regulatory projects in the financial sector. We are therefore ideally placed to support you in your SWIFT assessment as an external and independent auditor.
Our goal is always to efficiently provide the necessary evidence for the implementation of all required requirements.
How do we perform your SWIFT audit?
In order to achieve the SWIFT requirements in a resource-saving way, we recommend the following project structure:
Kick-off workshop / definition of scope
Performance of on site/off site audit
Gap analysis, type of results: list of findings
Our tips for preparing effectively for your SWIFT audit:
1. Clarify the desired type of audit in good time – by an external auditor or by an internal audit.
2. If you opt for an external audit, look for a suitable partner promptly and involve them in the preparation early on.
3. Prepare yourself sufficiently for the audit. In the case of an independent audit, whether by an internal or an external auditor, stricter requirements are usually placed on processes and documentation than in the case of self-certification. A gap analysis or a short workshop to compare the implemented processes and the CSCP controls can be a good preparation.
Learn more about the SWIFT CSP
SWIFT Customer Security Programme
In response to the cyber attack on Bangladesh Bank in 2016, SWIFT developed the Customer Security Programme (CSP). The requirements enshrined therein are generally intended to strengthen the security of the global banking system and actively support clients in the fight against cyber attacks. In addition, the CSP aims to improve information sharing within the community and strengthen endpoint security.
SWIFT Customer Security Controls Framework
Derived from these security requirements, SWIFT developed a set of control guidelines that all entities connected to the network must comply with: the Customer Security Controls Framework (CSCF).
The CSCF consists of mandatory and advisory controls. The ever-increasing requirements for security in the financial environment mean that the CSCF is constantly being adapted to current circumstances. The CSCF now comprises 22 mandatory and nine advisory controls that must be demonstrated by the clients.