SWIFT Customer Security Program

Swift Customer Security Controls Framework

The Swift CSCF is a cyber security control framework which outlines a set of security objectives linked to seven principles, based on industry standards, aligned with other cybersecurity frameworks, financial institutions and corporates have to adhere to. These objectives focus on three key areas:

• Protecting and securing your local environment (you)
• Preventing and detecting fraud in commercial relationships (your counterparts)
• Sharing information and preparing to defend against future cyber threats

Since 2021, Swift mandates that all attestations must be supported by an independent assessment to enhance the accuracy and trustworthiness of the attestation by ensuring adequate implementation and monitoring of the controls implemented. This independent assessment can be performed by an internal assessor, independent from the 1st line of defense, or by an external assessor with existing cybersecurity assessment experience, such as Deloitte. 

Deloitte's Independent Assessment Services

Deloitte has been a trusted partner in supporting Swift users with their attestations since 2016, even before Swift mandated its users to have the assessment to be performed by an independent assessor. Our extensive experience in conducting assessments and our detailed knowledge of Swift CSP together with knowledge on other cybersecurity frameworks, regulations and guidelines enable us to provide valuable insights for the use, even extending beyond the Swift infrastructure in scope.

Key Strengths of Our Approach

Automation of testing and reporting processes: Our streamlined approach for performing attestations leverages standardized processes and automation scripts, minimizing the time required from Swift stakeholders. We utilize AI-driven tools to enhance the efficiency and accuracyof Swift security assessments.

Efficient testing methodology: Our methodology for performing the assessment is split into multiple sections, to ensure an efficient collaboration which enables a more agile and responsive assessment process. Starting off, a scoping workshop is performed, ensuring the Swift infrastructure is correctly mapped and understood after which a concrete test plan is defined to ensure efficient testing.

Timely and accurate security assessments: The results from the Swift CSP assessment can provide important insights which can be leveraged to further strengthen your infrastructure, even for non Swift-relevant components. The results are furthermore shared throughout the engagement, ensuring you can follow-up on gaps identified as soon as those are detected. 

Benchmarking

Based on the expertise gathered throughout the assessment performed, part of our methodology now includes sharing and presenting a dedicated benchmarking report, comparing the Swift user’s level of maturity and compliance with other entities assessed by Deloitte.

Certified Assessor

To improve the quality of the independent assessment supporting the annual attestation now further, the concept of ‘Customer Security Programme Assessor Certification - Certified Assessor’ was introduced to raise the expertise of the independent assessors and incentivize Swift users to ensure their annual attestation is supported by a certified assessor to ensure a higher level of quality and depth of the assessment.