Driving adoption of the SWIFT customer security controls and fostering transparency between SWIFT users to support cyber risk management and business decision-making.
SWIFT’s KYC Registry Security Attestation Application (KYC-SA) is now available as a central application for users to self-attest their level of compliance with SWIFT’s Customer Security Controls Framework. The KYC-SA application also enables users to securely exchange their security status information with selected counterparties, supporting cyber risk management, transparency and business due diligence.
All SWIFT users must log in to the KYC-SA and submit self-attestations for each of their live BIC8s by the end of December 2017.
During July, all SWIFT users will receive a welcome email providing information on how to access the KYC-SA*. The application is automatically available to all users at no additional charge and users do not have to be a current subscriber to SWIFT KYC Registry services to use it.
In April SWIFT published the Customer Security Controls Framework, a detailed description of the mandatory and advisory customer security controls which provide a security baseline for the community. In May, SWIFT also published details of the related security attestation policy and self-attestation process in the SWIFT Customer Security Controls Policy document. A detailed description of each data field required to complete the self-attestation is available in The KYC Registry Security Attestation Baseline document.
Resources available through mySWIFT to help you get started:
- SWIFT Customer Security Controls Framework
- SWIFT Customer Security Controls Policy
- The KYC Registry Security Attestation Baseline document
- The KYC-SA Quick Start User Guide
- The KYC-SA User Guide
- The KYC-SA How to videos
- SWIFTSmart e-learning module
- KB Tip 5021823: SWIFT Customer Security Controls Framework and KYC Registry Security Attestation Application Frequently asked questions (FAQ)
All SWIFT users must self-attest their level of compliance with the mandatory controls by the end of December 2017, and repeat the process at least every 12 months thereafter. Please ensure that you complete the steps to login to the KYC-SA and submit your self-attestation as early as practicable.
Protecting the financial community from cyber-crime requires vigilance and the adoption of security best practices. Through our Customer Security Programme, SWIFT is setting global customer security standards that will increase the overall level of cybersecurity transparency between users of the SWIFT network.
For further information visit the KYC Registry Security Attestation pages on swift.com.
*SWIFT will assign to all swift.com administrators the role of KYC-SA administrator. In the case of multiple users belonging to the same SWIFT traffic aggregation hierarchy, the swift.com administrators of the user heading the traffic aggregation hierarchy will be granted the Administrator role. The KYC -SA administrators will directly receive an invitation to login to the KYC–SA.