Attest to increase community transparency
Submit an attestation annually
All users have to attest before the expiry date of the current controls version, confirming full compliance with the mandatory security controls no later than 31 December, and must re-attest at least annually thereafter.
Re-attestation has to be done between July and December each year. New joiners need to attest before going live on the Swift network.
Security Attestations have to be submitted via the KYC-Security Attestation application (KYC-SA). A new version of the controls becomes available in the application each year in early July.
A detailed description of the security attestation process and requirements is available in the Swift Customer Security Controls Policy.
What happens if I don’t submit my attestation?
Swift reserves the right to report users that have not attested compliance with all mandatory security controls (or that connect through a non-compliant service provider) to their local supervisors.
You are in breach of the policy if:
- you don’t have a valid attestation: you either did not submit an attestation, or your attestation is expired
- you are not compliant with the mandatory controls
- you connect through a non-compliant service provider
- you did not complete a Swift mandated external assessment
Guidance on the process
The Security Attestation support page on mySWIFT provides guidance on how to get started, understand the security controls, assess the impact for your institution, and use the KYC-SA.
The Security Attestation support page provides easy access to the relevant information, how-to videos, training, documentation, and frequently asked questions. We recommend checking that your swift.com password is still valid to continue using the KYC-SA.
If you need support to implement the controls, a cyber security service providers (CSSP) directory is available.
Log in to the CSP applications and portals
Find the dedicated login links to KYC-SA application, Attestation support page and ISAC portal