Bulk Request and Auto-grant features make exchanging counterparty data more efficient
New features in the KYC-SA tool enable institutions to communicate with their counterparts en masse, avoiding the need for multiple and time-consuming communications.
The Bulk Access Request feature allows Requesters to seek access to multiple counterparties’ attestation data simultaneously. The Auto-grant capability meanwhile allows customers to identify counterparties they wish to share their attestation data with up front; they can define them via a "whitelist", thereafter automatically granting them access to view their attestations.
Counterparty cyber security risk management forms a core part of SWIFT’s Customer Security Programme (CSP), which was launched in 2016. To enable this, SWIFT developed a Customer Security Control Framework (CSCF), which both sets a security baseline for the community, and gives customers a benchmark against which to measure themselves and their counterparts.
The CSCF consists of both mandatory and advisory controls. The controls are reviewed annually and customers must attest against the mandatory subset by the end of each calendar year, submitting their attestations to the KYC-SA tool.
“Users should access their counterparties’ attestation data against SWIFT’s Customer Security Controls Framework (CSCF) to enhance their own cyber security risk management. With 94 percent of SWIFT users now attesting against SWIFT’s CSCF, representing 99 percent of traffic, customers’ counterparty data is available and it should be incorporated into their counterparty risk management decisions.” - Brett Lancaster, Head of Customer Security, SWIFT
Through the same tool, customers are then able to exchange their attestation data with counterparties by ‘requesting’ and ‘granting’ access. This fosters transparency and provides institutions with the information they require to manage the cyber risk presented by their counterparts.
Customers can make their risk decisions based on their counterparts’ attested compliance levels against the CSCF, as part of their due diligence and decision-making processes.
For more details about the bulk request and grant functions, please refer to section 18.104.22.168 of the Security Attestation Application 3.0 Release Letter.