SWIFT introduces mandatory customer security requirements and an associated assurance framework
Standards and framework will be applicable to all SWIFT customers
Geneva, 27 September 2016 – SWIFT announces the introduction of a set of core security standards and an associated assurance framework for its customers. The standards will be mandatory for all customers, who will be required to demonstrate their compliance annually against the specified controls set out in the assurance framework.
The core security standards are based on three overarching objectives which address major areas of attention for customers’ SWIFT-related environments. Under SWIFT’s new assurance framework, customers will be required to provide self-attestation against 16 mandatory controls on an annual basis. Self-attestation will start in the second quarter of 2017 when the standards will be made applicable to all customers connected to SWIFT, including those connected through service bureaus.
SWIFT CEO Gottfried Leibbrandt, said: “While customers remain responsible for protecting their own environments, SWIFT is fully committed to helping strengthen customers’ security and helping them improve their security measures and our aim in setting out this framework is to support customers by helping to drive awareness and improvements in the industry’s overall security. We will do this by maintaining a dynamic assurance approach, evolving the framework in line with the changing threat landscape, and making sure it complements emerging regulatory guidance.”
Inspections and enforcement will begin on 1 January 2018, when customers’ compliance status will be made available to their counterparts, ensuring transparency and allowing firms to assess risk of counterparts with whom they are doing business.
From January 2018, SWIFT will report the status of any non-compliant customers to their regulators, and randomly select customers who will be required to provide additional assurance either from their internal or their external auditors. This quality assurance process will not preclude customers from independently requesting additional assurance from their counterparts. In addition, customers will also be able to choose to disclose their compliance with a further 11 advisory controls that will supplement the 16 mandatory controls.
SWIFT Chairman Yawar Shah said: “We recognise that this will be a long-haul, and will require industry-wide effort and investment, as well as active engagement with regulators. The growing cyber threat requires a concerted, community-wide response. This is also why the SWIFT board unanimously approved the framework and remains fully engaged in overseeing and driving the further development of SWIFT’s Customer Security Programme.”
The detailed objectives and controls will be made available to SWIFT customers at the end of October 2016. During a two-month validation period, SWIFT will engage with nominated security contacts at SWIFT National Member Groups to collect community feedback before the final standards are published at the end of March 2017.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services.
We provide our community with a platform for messaging and standards for communicating, and we offer products and services to facilitate access and integration, identification, analysis and financial crime compliance.
Our messaging platform, products and services connect more than 11,000 banking and securities organisations, market infrastructures and corporate customers in more than 200 countries and territories, enabling them to communicate securely and exchange standardised financial messages in a reliable way. As their trusted provider, we facilitate global and local financial flows, support trade and commerce all around the world; we relentlessly pursue operational excellence and continually seek ways to lower costs, reduce risks and eliminate operational inefficiencies.
Headquartered in Belgium, SWIFT’s international governance and oversight reinforces the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centres.
For more information, visit www.swift.com or follow us on Twitter: @swiftcommunity and LinkedIn: SWIFT
About SWIFT’s Customer Security Programme
SWIFT’s Customer Security Programme, which launched in June 2016, is a dedicated initiative designed to reinforce and evolve the security of global banking, consolidating and building upon existing SWIFT and industry efforts. The programme will clearly define an operational and security baseline that customers must meet to protect the processing and handling of their SWIFT transactions. SWIFT will also continue to enhance its own products and services to provide customers with additional protection and detection mechanisms, and in turn help customers to meet these baselines.
The programme will focus on five mutually reinforcing strategic initiatives:
- Improving information sharing amongst the global community
- Enhancing SWIFT related tools for customers
- Enhance guidelines and provide assurance frameworks
- Support increased transaction pattern controls
- Enhance support by third party providers.
Brunswick Group LLP
Tel: +44 (0)20 7404 5959