Skip to main content

Swift Customer Security Programme

Strengthen your cybersecurity posture and confidently navigate the Swift Customer Service Programme (CSP). With our deep market insight into Swift’s Customer Security Controls Framework (CSCF), we can help you exceed standard requirements and enhance your business.

Meeting Swift’s required security objectives

Following a series of security breaches in the 2010s, the Society for Worldwide Interbank Financial Telecommunication (Swift) introduced the Customer Security Programme (CSP), which aims to develop core security standards and an assurance framework around the Swift infrastructure.

The CSP is a multi-year program with measures that Swift members must implement as common practices. This includes getting an attestation of having implemented all the mandatory security measures that are applicable by the end of December each year; this is known as the Know Your Customer Security Attestation (KYC-SA).

To enhance the integrity, consistency, and accuracy of attestations, Swift’s Board and Overseers now require an independent assessment.  Below is a high-level overview of the controls of v2024 of the Swift CSCF.

swift customer security program intro image

How Deloitte can help

As Swift-certified assessors, we can perform the Swift CSP independent assessment—whether as an external independent assessor or through co-sourcing an internal control function, acting as a second or third line of defense. We have extensive experience performing Swift CSP assessments on existing Swift architectures types; this includes assessing all attested controls—which should, at a minimum, cover the mandatory controls in scope—as well as any advisory controls that you might also want to assess as part of a risk-based approach.

We can review your self-attestation, confirm your team’s understanding of the Customer Security Controls Framework (CSCF), and, if necessary, provide ad-hoc support in preparing a remediation plan to improve your compliance, security posture, and achievement of the CSCF’s objectives.

We can provide information security training and improve awareness with specific trainings that are dedicated to Swift and in line with the “7.2 Security Training and Awareness” objective from the Swift CSCF.

We can help review the design and implementation of your existing security controls (e.g., “1.1 Swift Environment Protection,” also known as “Secure Zone”) and other related controls pertaining to your IT infrastructure and/or processes supporting the Swift Secure Zone. We can then propose pragmatic changes to ensure they are in line with the CSP control objectives.

We can perform penetration testing activities on your Swift infrastructure and/or supporting components. This can help identify risks that could lead to Secure Zone or back-office compromise, and help fulfill the “7.3A Penetration Testing” objective from the Swift CSCF.

Swift Customer Security Controls Framework (CSCF) v2024