Skip to main content
Header logo

The global provider
of secure financial messaging services

New KYC Security Attestation features

New KYC Security Attestation features

Financial Crime Compliance,
17 April 2019

Bulk Request and Auto-grant features make exchanging counterparty data more efficient

New features in the KYC-SA tool enable institutions to communicate with their counterparts en masse, avoiding the need for multiple and time-consuming communications.

The Bulk Access Request feature allows Requesters to seek access to multiple counterparties’ attestation data simultaneously. The Auto-grant capability meanwhile allows customers to identify counterparties they wish to share their attestation data with up front; they can define them via a "whitelist", thereafter automatically granting them access to view their attestations.

Counterparty cyber security risk management forms a core part of SWIFT’s Customer Security Programme (CSP), which was launched in 2016. To enable this, SWIFT developed a Customer Security Control Framework (CSCF), which both sets a security baseline for the community, and gives customers a benchmark against which to measure themselves and their counterparts.

The CSCF consists of both mandatory and advisory controls. The controls are reviewed annually and customers must attest against the mandatory subset by the end of each calendar year, submitting their attestations to the KYC-SA tool.

Brett Lancaster, Head of Customer Security, SWIFT

“Users should access their counterparties’ attestation data against SWIFT’s Customer Security Controls Framework (CSCF) to enhance their own cyber security risk management. With 94 percent of SWIFT users now attesting against SWIFT’s CSCF, representing 99 percent of traffic, customers’ counterparty data is available and it should be incorporated into their counterparty risk management decisions.” - Brett Lancaster, Head of Customer Security, SWIFT

Through the same tool, customers are then able to exchange their attestation data with counterparties by ‘requesting’ and ‘granting’ access. This fosters transparency and provides institutions with the information they require to manage the cyber risk presented by their counterparts.

Customers can make their risk decisions based on their counterparts’ attested compliance levels against the CSCF, as part of their due diligence and decision-making processes.

For more details about the bulk request and grant functions, please refer to section of the Security Attestation Application 3.0 Release Letter.