22 May 2017

SWIFT publishes new Customer Security Controls Policy

Enhancing security; increasing transparency

Through our Customer Security Programme, SWIFT is setting global customer security standards and increasing the overall level of transparency on cybersecurity among users of the SWIFT network.

In April SWIFT published the Customer Security Controls Framework, a detailed description of the mandatory and advisory customer security controls. This new Framework provides a security baseline for the community.

To complement this, SWIFT is today publishing the Customer Security Controls Policy which sets out the terms under which your self-attestations must be submitted. The Policy also describes the procedures governing how you will be granted access to view your consenting counterparties’ attestations.

Stephen Gilderdale, Head of SWIFT’s Customer Security Programme, said “One of the key principles of the self-attestation process is to create momentum to drive improvements in security and risk management. Soon you will be able to request to view your counterparties’ self-attestations to support your cyber-risk management processes and business decision-making.”

  • The Customer Security Controls Policy contains further information on:
  • The requirement to self-attest against SWIFT’s mandatory security controls.
  • The process and timelines for submitting your self-attestation data to The KYC Registry Security Attestation application.
  • The process for viewing your counterparties’ self-attestation data via The KYC Registry Security Attestation application.
  • Follow-up actions in cases of late submission and non-compliance.

We strongly urge you to consult this document and to begin preparing yourselves. Self-attestations should be submitted via SWIFT’s KYC Registry Security Attestation application, which will be open for the submission and consumption of self-attestation data from July 2017 onwards. All SWIFT users must have submitted a self-attestation by the end of December 2017. SWIFT reserves the right to report supervised users that have failed to submit their self-attestations to local supervisors from January 2018, and to report non-supervised users to their messaging counterparties.

One of the key principles of the self-attestation process is to create momentum to drive improvements in security and risk management. Soon you will be able to request to view your counterparties’ self-attestations to support your cyber-risk management processes and business decision-making.

Stephen Gilderdale, Head of SWIFT’s Customer Security Programme

SWIFT is currently hosting customer security work sessions across the world in order to guide and support you in understanding this process and getting ready to prepare your own self-attestations. Your institution will be invited to attend at least one session in a location close to you. For further information on the customer security work sessions and a list of those scheduled, please refer to SWIFT.com.

Extended reading

News

SWIFT launches the ‘SWIFT Information Sharing and Analysis Centre’

The latest development on cyber-security information sharing is part of SWIFT’s Customer Security Programme
News

Cyber security in the financial industry – The convergence of cyber and financial crime

Join the cyber conversation. Watch this four-part series examining cyber security in the financial industry: learn about the threats, the risks, and...
CSP

Customer Security Programme (CSP)

Reinforcing the security of the global banking system

SWIFT Insights

  • Discover the latest trends in financial services
  • Keep up with our news updates
  • Read thought-provoking industry reports
  • Explore global events and webinars
Read more