Accenture Cyber Compliance for SWIFT CSP
Get fit for SWIFT CSP 2021
Recent Accenture research found that the average financial services company will face 85 targeted cyber-attacks each year. One out of 3 of these will result in a security breach, which translates into 2 to 3 effective attacks per month. Given the rising frequency and sophistication of these attacks, it follows that cyber-crime could be a huge threat to the Society for Worldwide Interbank Financial Telecommunications (SWIFT) system, its more than 12,000 customers, and the processing of the 30 million financial messages which it handles every day.
SWIFT CSP Controls Evolution
SWIFT customers are primarily responsible for protecting their IT environments. However, SWIFT aims to support its community in the fight against cyber-attacks with the development of its Customer Security Programme (CSP), and has identified a number of mandatory and advisory security controls that its customers worldwide must comply with.
SWIFT’s new requirements will strengthen the CSP and its vital goal of protecting customers from cyber-attacks.
SWIFT reserves the right to seek independent external assessment from customers to verify the accuracy of their attestation. A refusal is reportable.
Obtain reasonable reassurances from third parties that outsourced activities and/or externally hosted components comply with security controls.
SWIFT’s A4 architecture relies on customer connectors (e.g. FTP solutions, MQ). A3 now represents SWIFT connectors (e.g. Lite2, SIL).
There are 31 controls in total: 22 mandatory and 9 advisory, depending on architecture type.
This improves the operational efficiency of sharing attestation data by allowing data for all pending and new access requests from counterparties.
The deadline is still the end of this year.
Our Cyber Compliance for SWIFT CSP program helps financial services firms stay compliant. We use assessment tools and adversary simulations to assess how vulnerabilities could be exploited and to determine how to respond effectively in each case.
Flexible approach – basic through to detailed assessments, according to the customer’s needs.
CSP questionnaire and measurements catalogue.
Global team of cyber-security experts with professional certifications.
SWIFT architecture, implementation and product skills covering architectures A1 to B and cloud implementations.
End-to-end knowledge of payment flows, associated risks and industry trends.
Overall implementation recommendations.