What is the SWIFT Customer Security Programme (CSP)?

With the SWIFT payment messaging system having become so integral to the global economy, high levels of confidentiality, traceability, and protection against unauthorised modification are required.

SWIFT’s customer security programme (CSP) aims to prevent fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives, and enhanced security features on their products.

Under the CSP, all SWIFT users must carry out an Independent Assessment to attest compliance with all mandatory security controls set out in the Customer Securities Control Framework (CSCF).

Compliance assessment

To validate that a SWIFT member complies with the security controls, the compliance status of these controls must be reported based on the SWIFT CSP guidelines, which specify that all customers must report their compliance posture using the Know Your Customer (KYC) tool on an annual basis or when there is a change in scope.

Since 2021, this compliance assessment is required to be performed independently without interference from the business units. For higher-risks users, it is mandatory for this assessment to be performed by an external organisation with demonstrable experience in cybersecurity.

The recent inclusion of new requirements to the SWIFT CSP Control Matrix and High-level Test plan (CMHLIP) has also meant that there is heavier responsibility placed on Assessors, who must possess the domain knowledge required to perform more extensive sampling and on-site verification.

With these new changes, engaging an external SWIFT-Certified Assessor will:

  • Strengthen cybersecurity resilience and reduce audit risk, with minimal operational disruption to your operations.
  • Provide actionable recommendations, information on best practices, and audit-ready – documentation.
  • Ensure a sound review of support architectures and analysis on attestation impact are made when moving from one architecture to another.

All members of the SWIFT community can check if a counterparty is CSP compliant, which makes any instances of non-compliance highly visible. SWIFT also reserves the right to report the non-compliance to local monetary authorities, central banks, and financial regulatory agencies. The potential reputational damage and erosion of trust could be irreparable. Even daily business operations could be jeopardised.

 

How can NewGens help?

NewGens has been actively involved with CSP since its inception in Y2017, assessing banks and SWIFT Corporates. We understand acutely the challenges that SWIFT users may face, and with over 7 years of assessment experiences, we are able to share best practices and recommend appropriate resolution to areas of challenge.

Furthermore, NewGens is listed as a recognised assessor in the SWIFT CSP assessor directory.

Contact us to find out more about CSP attestation as well as our services for assessment.

Scroll to Top