Skip to main content

SWIFT Customer Security Programme

Banks are connected to each other, creating a strong need for ensuring reliable communication between them. To enable the exchange of standardized financial messages in a secure manner, SWIFT developed a messaging platform. Today, over 11,000 customers in over 200 countries and territories are connected to the messaging platform, products, and services of SWIFT transferring more 31.3 million messages a day.

SWIFT has introduced the Customer Security Program (CSP) as a countermeasure to Cybercrimes. However, it was also implemented to raise the bar of logical and physical security for the community. 

Based on our experience with the evaluation of the SWIFT CSCF for several customers using the SWIFT infrastructure, we will analyze SWIFT-related breaches and the most common control failures. We will also provide a set of recommendations based on an independent assessment to secure your SWIFT environment better.

The 2024 Customer Security Control Framework (CSCF) consists of a set of 3 objectives, which focus on 7 principles and contain 32 controls.

The document highlights the following aspects:

  • SWIFT CSCF Framework
  • SWIFT objectives and principles
  • SWIFT CSCF assessment scope
  • Our Approach and Methodology
How Deloitte can help:
  • Deloitte has been acknowledged within the SWIFT CSP Certified Assessors Directory, having met specific eligibility criteria for assessment providers. We boast a SWIFT community group with 220+ professionals across the globe, including SWIFT CSP Certified Assessors. 
  • We have established a SWIFT Center of Excellence in Belgium which directly interfaces with SWIFT for new changes and enhancements. Our Team is provided with periodic trainings for SWIFT Assessments where SWIFT Architectures, control implementations, new enhancements provided by SWIFT are discussed. 
  • Deloitte’s leadership in the field of information security assures you of our ability to assign qualified, knowledgeable, and industry-respected personnel who have performed similar consulting assignments
  • Our experience in delivering similar mandates for local organizations brings industry specific experience. Our local industry resources and high experience of security technologies, constitute an invaluable set of resources for SWIFT CSP-related engagements. This enables us to use proven tools and methods to carry out comprehensive engagements
  • We are a technology and solution agnostic, and we only recommend a solution that makes sense for the business and provides value

Our thinking

SWIFT Customer Security Controls Framework