Skip to main content

SWIFT customer security program

​Banking information is some of the most important to keep private. That's why recent high-profile cyber-attacks on customers using Society for Worldwide Interbank Financial Telecommunications (SWIFT) are so significant.

Contact us
Submit RFP

SWIFT customer security program

​Banking information is some of the most important to keep private. That's why recent high-profile cyber-attacks on customers using Society for Worldwide Interbank Financial Telecommunications (SWIFT) are so significant. Deloitte can help business leaders navigate the factors associated with implementing SWIFT's Customer Security Controls Framework (CSCF) as well as address SWIFT dependencies and ultimately disrupt through innovation.

Limiting future cyber-attacks

Navigating the 5G patent landscape

5G is poised to transform operations and industries across the globe in the next 15 years. In this fast-moving, high-investment context, telecommunications patent holders will seek to monetize their patents.
Find More

Economic Modelling and Forecasting

Using economic modelling to guide decision making and analyse the impact on the economy including economic contribution studies, macroeconomics, and outcomes and impact measurement.
Find More

cyberattack

Do leaders accurately gauge the impact a cyberattack can have on their organization? Do common assumptions about the costs and recovery process associated with data breaches paint a clear picture? This paper considers—in financial terms—the broad and extended business impact of cyberattacks, including both direct and intangible costs.
Find More

M&A Central | Deloitte

Businesses that plan to adopt 5G technology will have to consider how to reduce their operational risk and cost exposure and consider a more proactive approach to managing 5G patents and licensing.
Find More

In response to recent cyber-attacks, SWIFT issued baseline security requirements through its Customer Security Controls Framework. While the SWIFT network itself was not compromised in the attacks, in some cases hackers successfully breached the local operating environment established by SWIFT users.

To help limit opportunities hackers have to exploit weaknesses in SWIFT users' local environments in the future, SWIFT created the Customer Security Program (CSP). The CSP Is a framework design to help users set up cyber security controls that they can implement themselves in their local environments.

SWIFT is looking to have all users set up these cyber security controls by December 31, 2017, and to update their systems according to CSP requests on an annual basis. The CSP compliance will come through self-attestation.

SWIFT encourages its users to implement and monitor these customer security controls as part of a broader cyber security risk management program which should be regularly evaluated and adjusted, based on leading industry practices, and changes to the individual users' security posture and infrastructure.

The framework can be applied to four types of SWIFT user architectures, titled A1, A2, A3, and B. SWIFT users must first identify which architecture applies to them before implementing the applicable controls.

We help clients establish controls and processes around their most sensitive assets, balancing the need to reduce risk, while also helping to enable productivity, business growth, and cost optimization objectives.

Learn more about our Cyber Risk Services.

Deloitte in the US, and globally through the Deloitte Touche Tohmatsu Limited network of member firms, are the number one providers of cyber risk management solutions.

  • Deloitte a global leader in Enterprise Risk Management consulting by ALM in 2017
    Source: ALM Enterprise Risk Management 2017
  • Deloitte named a leader in Information Security Consulting based on current offering and strategy by Forrester
    Source: Forrester Research, Forrester WaveTM: Information Security Consulting Services Q1 2016, Martin Whitworth, January 29, 2016
  • Impact Assessment: Deloitte will conduct initial SWIFT risk assessment, provide a prioritization framework and a review of current controls
  • Risk Mitigation Planning: Deloitte will develop a remediation strategy and a roadmap for implementation for identified gaps in controls and processes
  • Testing: Deloitte will assist in establishing a testing framework and conducting testing to meet CSP requirements
  • Implementation Support: Deloitte will assist with governance establishment, implementation execution, and war gaming

* While Deloitte is prepared to assist you in connection with the SWIFT Customer Security Controls Framework, please note that Deloitte does not represent or speak for SWIFT and the Customer Security Controls Framework is part of the contractual framework between SWIFT and its users.

Recommendations

Navigating the 5G patent landscape

5G is poised to transform operations and industries across the globe in the next 15 years. In this fast-moving, high-investment context, telecommunications patent holders will seek to monetize their patents.
Perspective
5 minute read
Consulting

2022 Global Corporate Divestiture Survey

Analysis
5 minute read
Consulting

Activist investors: gaining the activist’s edge

Applying an activist investor’s mindset and lens to your own business can highlight opportunities or shortcomings in an existing strategy.
Perspective
5 minute read
Consulting

How to tackle supply chain challenges and thrive

This will be an article page that will feature a video, as well as a download button for the report.
Perspective
5 minute read
Consulting

SWIFT Customer Security Controls

The SWIFT Customer Security Controls Framework (CSCF) consists of mandatory and advisory security controls for SWIFT users. The controls evolve over time to combat new and arising threats and to implement new developments in cybersecurity.

More information on the CSP Customer Security Controls framework is available here.

Learn More

Get in Touch

Jon Calvert

Partner
+44 (0) 777 150 4295