Skip to main content

SWIFT customer security programme

​Banking information is some of the most important to keep private. That's why recent high-profile cyber-attacks on customers using Society for Worldwide Interbank Financial Telecommunications (SWIFT) are so significant.

SWIFT customer security programme

​Banking information is some of the most important to keep private. That's why recent high-profile cyber-attacks on customers using Society for Worldwide Interbank Financial Telecommunications (SWIFT) are so significant. Deloitte can help business leaders navigate the factors associated with implementing SWIFT's Customer Security Controls Framework (CSCF) as well as address SWIFT dependencies and ultimately disrupt through innovation.

In response to recent cyber-attacks, SWIFT issued baseline security requirements through its Customer Security Controls Framework. While the SWIFT network itself was not compromised in the attacks, in some cases hackers successfully breached the local operating environment established by SWIFT users.

To help limit opportunities hackers have to exploit weaknesses in SWIFT users' local environments in the future, SWIFT created the Customer Security Program (CSP). The CSP Is a framework design to help users set up cyber security controls that they can implement themselves in their local environments.

SWIFT is looking to have all users set up these cyber security controls by December 31, 2017, and to update their systems according to CSP requests on an annual basis. The CSP compliance will come through self-attestation.

SWIFT encourages its users to implement and monitor these customer security controls as part of a broader cyber security risk management programme which should be regularly evaluated and adjusted, based on leading industry practices, and changes to the individual users' security posture and infrastructure.

The framework can be applied to four types of SWIFT user architectures, titled A1, A2, A3, and B. SWIFT users must first identify which architecture applies to them before implementing the applicable controls.

We help clients establish controls and processes around their most sensitive assets, balancing the need to reduce risk, while also helping to enable productivity, business growth and cost optimisation objectives.

Learn more about our Cyber Risk Services.

Deloitte in the US, and globally through the Deloitte Touche Tohmatsu Limited network of member firms, are the number one providers of cyber risk management solutions.

  • Deloitte a global leader in Enterprise Risk Management consulting by ALM in 2017
    Source: ALM Enterprise Risk Management 2017
  • Deloitte named a leader in Information Security Consulting based on current offering and strategy by Forrester
    Source: Forrester Research, Forrester WaveTM: Information Security Consulting Services Q1 2016, Martin Whitworth, January 29, 2016
  • Impact Assessment: Deloitte will conduct initial SWIFT risk assessment, provide a prioritisation framework and a review of current controls
  • Risk Mitigation Planning: Deloitte will develop a remediation strategy and a roadmap for implementation for identified gaps in controls and processes
  • Testing: Deloitte will assist in establishing a testing framework and conducting testing to meet CSP requirements
  • Implementation Support: Deloitte will assist with governance establishment, implementation execution and war gaming

* While Deloitte is prepared to assist you in connection with the SWIFT Customer Security Controls Framework, please note that Deloitte does not represent or speak for SWIFT and the Customer Security Controls Framework is part of the contractual framework between SWIFT and its users.

SWIFT Customer Security Controls

The SWIFT Customer Security Controls Framework (CSCF) consists of mandatory and advisory security controls for SWIFT users. The controls evolve over time to combat new and arising threats and to implement new developments in cybersecurity.

More information on the CSP Customer Security Controls framework is available here.