Submit your self-attestation, keep up-to-date with the attestation status of others, and share your own attestation data with your counterparties
It is straightforward to self-attest
The KYC Registry Security Attestation Application makes it straightforward to meet the requirement for self-attestation as outlined in the Customer Security Controls Policy. No additional software or hardware is required to access the browser-based application, which uses a two-step verification process.
Once your self-attestation data has been prepared and submitted, SWIFT will publish the submission. The presence of the self-attestation and its validity will be visible to all KYC Registry Security Attestation users, but the data contents will not be shared without the owner’s explicit permission.
Users may edit and re-submit their data at any time and self-attestation data must be updated at least every 12 months.
Full details of the self-attestation data requirements and workflows – including requirements for organisations connecting through a service provider – are described in the Customer Security Controls Policy.
Sharing data in order to improve security awareness and practice
You can search the KYC Registry Security Attestation Application by BIC, legal entity identifier or other user name keywords to identify the published self-attestation of another SWIFT user, and the validity period for the information. However, you can only view the attestation data content if the attesting user agrees to your request to share the data. Available data that may be shared, subject to approval includes, contact information; the type of assessment performed; whether the user complies with the mandatory controls (and advisory controls where included).
You can also grant or refuse access requests from counterparties to view your own attestation data via the application. By sharing data, and checking the compliance status of your counterparties, you can help to foster security awareness and improve security practice within your own organisation and across the industry.
What must I do, and when?
Self-attestation is a requirement for all SWIFT users for each of their live 8-character BICs, irrespective of whether connecting directly or through a service provider. Self-attestations must be updated at least every 12 months and within a maximum of one month if relevant data becomes inaccurate.
Self-attesting your level of compliance with the advisory controls as set out in the Customer Security Controls Framework is optional but strongly encouraged.
- By December 2017: All users must self-attest their status against the mandatory security controls.
- From January 2018, SWIFT reserves the right to report users that have failed to submit a self-attestation on time.
- From January 2019, SWIFT will extend the right to report users who have failed to self-attest compliance with all mandatory security controls (or who connect through a non-compliant service provider).