The financial sector continues to be a prime target for highly sophisticated, customized cyber-attacks. The Society for Worldwide Interbank Financial Telecommunications (SWIFT) interbank messaging network has come under attack resulting in millions of dollars in losses for member financial institutions.

In response, SWIFT has introduced a Customer Security Program (CSP) that all its member organizations who use the interbank messaging network must comply with SWIFT’s customer security controls framework (CSCF) on an annual basis. SWIFT introduced this program with the aim of improving information sharing between members, enhance SWIFT-related tools and provide the community with a standardized assurance framework. 

What is the SWIFT Customer Security Program? 

The SWIFT CSP requires each organization to define, document, implement and attest that their SWIFT environment is compliant with SWIFT’s CSCF Objectives, Principles and Controls. The v.2021 of the SWIFT CSCF now comprises of 22 mandatory controls to which members must self-attest compliance and 9 advisory controls. These changes provide SWIFT’s response to the ever-changing cyber threat landscape and provides their user community with an enhanced, standardized assurance framework.