SWIFT publishes cybersecurity counterparty risk guide

Guide made available as 94% of SWIFT customers meet attestation deadline

SWIFT today publishes a new guide to assist financial institutions in assessing levels of cybersecurity risk in their counterparties and incorporating this into their risk management frameworks. The publication comes as 94% of all SWIFT customers, representing 99% of SWIFT’s traffic, met the 31 December deadline to submit their self-attestations against SWIFT’s Customer Security Controls Framework and sets out guidance for customers looking to consume their counterparty’s attestation data.

In addition to encouraging users to protect their own environments, a major focus of SWIFT’s Customer Security Programme is helping companies to assess the risks posed by counterparties and take appropriate mitigating action. This guide gives an overview of how users, particularly those with limited numbers of counterparties, can go about doing this within their existing cybersecurity risk management frameworks and allows them to put their counterparts’ attestation data to practical use within their own organisations.

The publication, Assessing Cybersecurity Counterparty Risk - A Getting Started Guide, is the latest product of SWIFT’s Customer Security Programme (CSP), through which the co-operative aims to promote best practice in security among SWIFT’s thousands of users worldwide.

Though relevant to all financial institutions, the guide is primarily intended for use by small and medium sized organisations with relatively few counterparties, and correspondent banks that act as intermediaries between originating payers and end beneficiaries.

The guide provides a series of practical, but non-binding information and recommendations, including on how to:

  • Establish a governance model
  • Establish a cybersecurity risk management framework
  • Adopt cybersecurity risk countermeasures

“Through the CSP, we work to promote strong cybersecurity standards in the financial services industry – asking our users to consider their own organisations, their counterparties and the wider community. The launch of this guide is a natural continuation of those efforts”, said Brett Lancaster, Global Head of Customer Security, SWIFT.

Customer Security Programme
Last update: 
30 April 2019

Cybersecurity getting started guide

This document provides general and non-binding guidance for SWIFT users on how to use and interpret cybersecurity data...
PDF iconDownload (97.6 KB)
Also available in: 
  • Collateral
  • Product guides
EN

Brett Lancaster, Global Head of Customer Security

Attestation Data

The guidance will assist customers in incorporating counterparties’ cybersecurity attestations against SWIFT’s Customer Security Control Framework (CSCF). The CSCF establishes a security baseline of mandatory and advisory controls for the entire user community, against which SWIFT users are required to self-attest their compliance on an annual basis. The controls are reviewed every twelve months, and customers had until 31 December 2018 to attest their compliance against the applicable controls – a deadline which 94% of customers met.

 

Attestations are published and managed through the KYC-Security Attestation (KYC-SA) application provided by SWIFT, a tool through which customers are able to exchange attestation data with their counterparties by mutual agreement through ‘requesting’ and ‘granting’ access. This allows institutions to assess counterparty risk, and then make counterparty risk decisions based on the attested compliance levels. This attestation data is rich in information and a unique source of cybersecurity counterparty risk data.

Attestation Data

The guidance will assist customers in incorporating counterparties’ cybersecurity attestations against SWIFT’s Customer Security Control Framework (CSCF). The CSCF establishes a security baseline of mandatory and advisory controls for the entire user community, against which SWIFT users are required to self-attest their compliance on an annual basis. The controls are reviewed every twelve months, and customers had until 31 December 2018 to attest their compliance against the applicable controls – a deadline which 94% of customers met.

 

Attestations are published and managed through the KYC-Security Attestation (KYC-SA) application provided by SWIFT, a tool through which customers are able to exchange attestation data with their counterparties by mutual agreement through ‘requesting’ and ‘granting’ access. This allows institutions to assess counterparty risk, and then make counterparty risk decisions based on the attested compliance levels. This attestation data is rich in information and a unique source of cybersecurity counterparty risk data.

 

 

Related

Resource

Cybersecurity getting started guide

PDF icon Download (97.6 KB)
  • Collateral
  • Product guides
EN
CSP

Customer Security Programme (CSP)

Reinforcing the security of the global banking system.

Fraud control

Payment Controls

Protecting your payment operations against fraudulent attacks.

SWIFT Insights

  • Discover the latest trends in financial services
  • Keep up with our news updates
  • Read thought-provoking industry reports
  • Explore global events and webinars
Read more