SWIFT has updated the Customer Security Controls Policy
Updates to the Policy provide further clarity and additional information
SWIFT has updated the Customer Security Controls Policy (the “Policy”) document, which sets out SWIFT's policy with regards to the Customer Security Controls Framework, a set of security controls – 16 mandatory and 11 advisory – that set a security baseline for banks. Attesting compliance with these controls is an essential step for customers to take towards securing their systems.
The Policy, which is designed to drive improvements to security across the community and should be integrated into ongoing risk management within a user’s organisation, sets out three key activities that foster the transparency of security compliance status between users, thereby increasing cyber risk management and strengthening security:
- Contribution of attestation information - all users are required to self-attest their level of compliance against the mandatory security controls.
- Publication to other users to enable transparency between SWIFT users - users have the ability to share their security attestation data with other users at their own discretion.
- Reporting activities to foster compliance - SWIFT reserves the right to report non-compliance to supervisors or, for corporates and other non-supervised users, to their messaging counterparties.
The updates to the Policy provide further clarity and additional information on a number of aspects of the Policy.
To find out more about the Customer Security Programme and the attestation process, visit swift.com/csp, or contact your SWIFT Relationship Manager or Customer Support.