Background
Cyber-attacks are becoming more sophisticated all the time, and financial institutions are under enormous pressure to protect their customers and networks from this threat. Recent Accenture research found that there was a 125% year-on-year increase in cyber–attacks in 2021, with banking targeted by 10% of all incidents. Given the rising frequency and sophistication of these attacks, it follows that cyber-crime could be a huge threat to the Society for Worldwide Interbank Financial Telecommunications (SWIFT) system, its more than 12,000 customers, and the processing of the 30 million financial messages which it handles every day.
SWIFT’s new requirements will strengthen the CSP and its vital goal of protecting customers from cyber-attacks.
Key call-outs in CSP 2022
Independent assessments mandatory
SWIFT reserves the right to seek independent external assessment from customers to verify the accuracy of their attestation. A refusal is reportable.
Third-party dependencies
Obtain reasonable reassurances from third parties that outsourced activities and/or externally hosted components comply with security controls.
Changes in controls
There are 32 controls in total: 23 mandatory and 9 advisory, depending on architecture type.
KYC portal’s 'grant all' feature
This improves the operational efficiency of sharing attestation data by allowing data for all pending and new access requests from counterparties.
Compliance by 31 Dec 2022
The deadline is still the end of this year.
Transaction business controls
This control was originally added as advisory only, but due to changes in the payments landscape it has been made mandatory.
Customer environment protection
This new advisory control aims to ensure protection for the ‘customer connector’ and other customer-related equipment.

Capabilities
Our Cyber Compliance for SWIFT CSP program helps financial services firms stay compliant. We use assessment tools and adversary simulations to assess how vulnerabilities could be exploited and to determine how to respond effectively in each case.
Flexible approach – basic through to detailed assessments, according to the customer’s needs.
CSP questionnaire and measurements catalogue.
Global team of cyber-security experts with professional certifications.
SWIFT architecture, implementation and product skills covering architectures A1 to B and cloud implementations.
End-to-end knowledge of payment flows, associated risks and industry trends.
Overall implementation recommendations.