A new imperative: the evolving SWIFT Customer Security Programme
April 05, 2019
With cyber crime becoming more sophisticated, and the cyber threat landscape continually evolving, it is not surprising that the SWIFT Customer Security Programme (“CSP”) is expanding. Security standards are of critical importance to the network, and so the introduction of further both mandatory and discretionary controls for the 2019 attestation cycle has been welcomed by many.
But the expansion is now going one step further, with the announcement at Sibos 2018 that independent assurance over the SWIFT CSP attestation will become mandatory from 2020. Either through an accredited member of an internal function or through formal external assurance, the bar for proving compliance will continue to rise, alongside developments to the framework itself.
Regardless of the complexity of your infrastructure, the attestation is required and will be subject to independent assurance. Using a shared service bureau does not reduce the requirement either, with the majority of mandatory controls still in scope, regardless of the use of a third party infrastructure. This combined with the increasing interest from the Bank of England regarding all network members and their response to the CSP, there is a new imperative for both commercial and financial institutions alike to step up and use this as an opportunity to demonstrate their commitment to tackling cyber crime.
Independent external assurance will subject your security processes and controls to a new level of rigour. That rigour, combined with essential peer insights and recommendations for improvement, lends credence to your attestation; and in a form that can be formally shared with your regulators, network peers and other stakeholders. The journey to assurance, through readiness, design effectiveness and finally operating effectiveness, is challenging and cannot be completed overnight. But ultimately it is an invaluable catalyst for confidence.
For further information, please refer to our SWIFT page, or reach out to us on the contact details below.