Sharing your security attestation data through the KYC-SA application helps facilitate transparency and trust across our community.
Trust that your counterparties are meeting the highest cybersecurity standards is a must for instilling confidence in the financial ecosystem. The Swift Know Your Customer – Security Attestation tool (KYC-SA), which underpins our Customer Security Programme, plays a pivotal role in building this trust across our community.
Established in 2017, KYC-SA provides a mechanism for counterparties to access each other’s security attestation data. “This level of transparency is paramount as it’s about creating confidence in the ecosystem to show, as a group, we’ve secured all the end points and we’re confident that we can exchange payment messages in a secure manner,” comments Yami Shimrah, Head of Customer Security Programme Operations and Data Management at Swift.
Submission of security attestation data via this application is mandatory for the entire community. Once a counterparty has completed a security attestation, Swift will validate and publish it. The presence and validity of a counterparty’s security attestation is visible to all KYC-SA users (though the data contents will not be shared without the owner’s explicit permission).
“KYC-SA is a unique platform. It is one of the few platforms in the world that can provide financial institutions with this level of detail on how they are meeting their security obligations,” comments Shimrah. “In the last year we’ve seen the amount of access requests to KYC-SA increase by 50%, which demonstrates the importance of the application in assessing counterparty risk.”
Delivering a baseline for security attestation
The application delivers access to a global baseline for security attestation data, enabling counterparties to benchmark their levels of security compliance against the latest community standard. They can assess if the routes they’re getting payments from are secure and meet the highest security standards and develop their own security risk scores on each other.
“Based on their risk score, counterparties can decide which payments will need to be held back for further checks and which can go straight through. You want confidence that you won’t be embroiled in a scheme whereby money will be wired to a fraudulent hacker,” says Shimrah.
Providing a competitive advantage
High levels of security attestation can also provide a competitive advantage, helping to establish new correspondent relationships in new markets where they have provided assurance, via KYC-SA, that they are following the highest levels of security.
“We often see correspondents using the attestation data in the application as a way to benchmark the competencies of their correspondents. We know entities are using this information to offer different tariffs to those that meet the stricter security requirements, further developing business relationships,” notes Shimrah.
Supporting instant and frictionless payments
As Swift continues to enable transactions to be more and more instant and frictionless, applications such as KYC-SA will become even more business critical within the pre-validation stage.
“In the world of instant and frictionless, pre-checks will become increasingly sophisticated. I’m confident that KYC-SA will continue to play an extremely valuable role,” says Shimrah. “Gaining a 360 view of counterparty relationships establishes trust upfront rather than downstream at the point where payments are being subject to extra checks. The ability to assess the security risk of payment fraud is reduced, helping to protect brand and reputation.”
We are currently exploring ways we can make CSP compliance even more efficient for different members of the community, especially those who are just receiving information via the Swift network.
Reminder to attest and provide an independent assessment
The requirement to attest and provide an independent assessment against the CSCF v2022 needs to be completed by year end, 31 December 2022.
“You are able publish the fact you have completed an independent assessment of your controls and their efficiency via KYC-SA. This is an extremely powerful way to help to facilitate greater trust and transparency across the community,” Shimrah concludes.