Submit KYC-Security Attestation
Submitting your annual Security Attestation is a key milestone in your CSP compliance journey. It confirms your alignment with Swift’s mandatory security controls and supports transparency across the community. The attestation must be supported by an independent assessment to confirm your level of compliance.
Attestations must be submitted via the KYC-Security Attestation (KYC-SA) application between July and December each year. New users must attest before going live. Timely attestation submission helps to increase transparency between users and contributes to a strong and secure Swift network, it also avoids being in breach of policies and being reported to supervising instances.
Submit KYC-Security Attestation
What is the KYC-Security Attestation?
A Security Attestation is a formal declaration submitted by Swift users to confirm their level of compliance with the mandatory security controls outlined in the Customer Security Controls Framework (CSCF). It reflects the institution’s implementation of cybersecurity measures designed to protect its Swift-related environment. The attestation must be supported by an independent assessment to confirm your level of compliance.
Submitted annually via the KYC-Security Attestation (KYC-SA) application, the attestation promotes transparency across the Swift community and helps ensure that all users maintain a consistent and secure posture. Failure to submit a valid attestation or meet compliance requirements may result in policy breaches and regulatory reporting.
Submit an attestation annually
All users have to attest before the expiry date of the current controls version (applicable CSCF version), confirming their level of compliance with the mandatory security controls no later than 31 December, and must re-attest at least annually thereafter. The attestation must be supported by an independent assessment to confirm your level of compliance.
Re-attestation has to be done between July and December each year. New joiners need to attest before going live on the Swift network.
Security Attestations must be submitted via the KYC-Security Attestation application (KYC-SA). A new version of the controls becomes available in the application each year in early July.
A detailed description of the security attestation process and requirements is available in the Swift Customer Security Controls Policy and the Independent Assessment Process Guidelines.
What happens if I don’t submit my attestation?
Swift reserves the right to report users that:
- Don’t have a valid attestation: you either did not submit an attestation, or your attestation is expired;
- Are not compliant with the mandatory controls;
- Did not perform an independent assessment;
- Connect through a non-compliant service provider;
- Did not complete a Swift mandated external assessment (upon Swift specific request).
The lack of compliance are reported and made visible in a dedicated real-time application accessible by the customers’ supervisor.
How to Complete Your Security Attestation
To help you navigate the attestation process, the Security Attestation support page on MySwift offers step-by-step guidance. It includes resources to help you:
- Understand the security controls and their applicability
- Assess the impact on your institution
- Use the KYC-Security Attestation (KYC-SA) application effectively
You’ll find how-to videos, training materials, documentation, and frequently asked questions to support you throughout the process.
Before accessing the KYC-SA application, make sure your swift.com credentials are valid to avoid login issues.