Customer Security Programme

Start by reviewing the latest Customer Security Controls Framework (CSCF). Identify which mandatory and advisory controls apply to your Swift infrastructure, and familiarise yourself with the objectives, scope, and risk drivers defined in the documentation.

Read more

Once you’ve identified the applicable CSCF controls, the next step is to put them into practice. This may involve, as examples, updating your Swift environments, enhancing access management, and strengthening your technical infrastructure and incident response capabilities. You can do this internally with your IT, risk, or compliance teams, or partner with a cybersecurity service provider to ensure robust implementation and alignment with industry best practices.

Read more

Validate the effectiveness of the design and an implementation of your controls through an independent assessment. This can be performed internally by a second or third line of defence (e.g. risk, compliance, internal audit) or externally by an independent assessor.

Read more

Complete your attestation in the KYC-SA application, indicating your level of compliance compliance for each applicable control. If any control is not yet met, provide a remediation date and update your attestation once compliant.

Read more

Once your attestation is published in KYC-SA, it becomes visible to counterparties—supporting transparency, trust, and streamlined third-party risk management. You can also use the ISAC portal to share threat intelligence and stay informed about emerging risks, helping strengthen the resilience of the wider financial community.

Access the ISAC portal