Background

Recent Accenture research found that the average financial services company will face 85 targeted cyber-attacks each year. One out of 3 of these will result in a security breach, which translates into 2 to 3 effective attacks per month. Given the rising frequency and sophistication of these attacks, it follows that cyber-crime could be a huge threat to the Society for Worldwide Interbank Financial Telecommunications (SWIFT) system, its more than 12,000 customers, and the processing of the 30 million financial messages which it handles every day.

SWIFT CSP Controls Evolution

SWIFT customers are primarily responsible for protecting their IT environments. However, SWIFT aims to support its community in the fight against cyber-attacks with the development of its Customer Security Programme (CSP), and has identified a number of mandatory and advisory security controls that its customers worldwide must comply with.

SWIFT’s new requirements will strengthen the CSP and its vital goal of protecting customers from cyber-attacks.
Image Thumbnail

ACCENTURE BANKING BLOG

Common questions on SWIFT’s 2021 CSP requirements
READ MORE

Important changes in CSP 2021

Independent assessments mandatory

SWIFT reserves the right to seek independent external assessment from customers to verify the accuracy of their attestation. A refusal is reportable.

Third-party dependencies

Obtain reasonable reassurances from third parties that outsourced activities and/or externally hosted components comply with security controls.

New architecture

SWIFT’s A4 architecture relies on customer connectors (e.g. FTP solutions, MQ). A3 now represents SWIFT connectors (e.g. Lite2, SIL).

Changes in controls

There are 31 controls in total: 22 mandatory and 9 advisory, depending on architecture type.

KYC portal’s 'grant all' feature

This improves the operational efficiency of sharing attestation data by allowing data for all pending and new access requests from counterparties.

Compliance by 31 Dec 2021

The deadline is still the end of this year.

View All

Capabilities

Our Cyber Compliance for SWIFT CSP program helps financial services firms stay compliant. We use assessment tools and adversary simulations to assess how vulnerabilities could be exploited and to determine how to respond effectively in each case.

Flexible approach – basic through to detailed assessments, according to the customer’s needs.

CSP questionnaire and measurements catalogue.

Global team of cyber-security experts with professional certifications.

SWIFT architecture, implementation and product skills covering architectures A1 to B and cloud implementations.

End-to-end knowledge of payment flows, associated risks and industry trends.

Overall implementation recommendations.

View All

How we can help

Accenture can help financial institutions comply with CSP while leveraging our technological and cyber-security expertise and solutions to ensure an additional layer of protection for their revenues and reputations. Our assessment models can be customized to start from a basic assessment of SWIFT CSP controls and progress all the way through to helping with remediation efforts, where necessary.

Our leaders