Gottfried Leibbrandt highlights the importance of SWIFT’s Customer Security Programme (CSP) in supporting its customers reinforce their cyber security
SWIFT’s CEO spoke to the Central Banking Journal about SWIFT’s response to the ongoing cases of cyber fraud at its customer environments.
In the interview Leibbrandt underlined that SWIFT had met its goals of confidentiality, integrity and availability in 2016, and gave the cooperative full marks on its performance: “On availability, we are at 100% year-to-date – and we aim to be up 99.999% of the time, or to have no more than five minutes of downtime in a year… [yet] there is no reason for complacency and we are constantly striving to improve performance.”
SWIFT’s CEO remarked that there has been much public confusion about SWIFT’s role and responsibilities since the Bangladesh Bank fraud in February: “Many media reports have stated that ‘SWIFT has been breached’. To which our response is: No, we have no indication that our infrastructure – what we operate, and what the banks consider SWIFT – has been compromised. What has been breached are individual customer environments with the result that input fraud has occurred, credentials compromised and fraudulent messages sent over SWIFT, just as they could be over other networks.”
He further underscored SWIFT’s role in helping its customers shore up their defences: “The Customer Security Programme we have laid out and are taking a leadership role in, is about multiple lines of defence and controls all the way from the general customer IT environment and its security, to the security of the customer's SWIFT infrastructure – in terms of what goes into the pipe of the payments system – then at the other end for the receiving party to check these payments, much as they do for anti-money laundering (AML) and know-your-customer (KYC) rules.”
The Customer Security Programme we have laid out and are taking a leadership role in, is about multiple lines of defence and controls all the way from the general customer IT environment and its security, to the security of the customer's SWIFT infrastructure.