Perspectives
SWIFT Customer Security Program
Faced with highly sophisticated and organized cyberattacks on SWIFT users, global banks need to do more to protect themselves against this cyber threat landscape. Deloitte can help business leaders navigate the issues associated with implementing SWIFT's CSCF and address SWIFT dependencies.
The issue: Growing risk from cybersecurity threats
A variety of cyberattacks have prompted banks and regulators to focus increasingly on managing cybersecurity risks.
Limiting future cyberattacks
In response to recent cyberattacks, SWIFT issued baseline security requirements through its Customer Security Controls Framework. While the SWIFT network itself was not compromised in the attacks, in some cases hackers successfully breached the local operating environment established by SWIFT users.
To help limit hackers’ opportunities to exploit weaknesses in SWIFT users' local environments in the future, SWIFT created the Customer Security Program (CSP), a framework designed to help users set up cybersecurity controls that they can implement themselves in their local environments.
The CSP’s main components are the Customer Security Control Framework (CSCF) and the Customer Security Controls Policy (CSCP). An Independent Assessment Framework (IAF) has also been defined to guide the clients while assessing the CSP.
How SWIFT users can protect themselves
After its original release, the CSP has been updated on an annual basis to improve its coverage and to take into account the evolution of the cyber threat landscape. Compliance assessment declarations are expected at the end of each year.
SWIFT encourages its users to implement and monitor these customer security controls as part of a broader cybersecurity risk management program, which should be regularly evaluated and adjusted based on leading industry practices and changes to the individual users' security position and infrastructure.
How Deloitte can support your organization
Deloitte offers holistic services that can support your organization as you address your SWIFT dependencies, balancing the need to reduce risk with the goal of meeting productivity, business growth, and cost optimization objectives:
Impact Assessment: Deloitte will conduct initial SWIFT risk assessment, provide a prioritization framework, and review current controls
Risk Mitigation Planning: Deloitte will develop a remediation strategy and a roadmap for implementation for identified gaps in controls and processes
Testing: Deloitte will assist in establishing a testing framework and conduct testing to meet CSP requirements
Implementation Support: Deloitte will assist with governance establishment, implementation execution, and war gaming
Independent Assessment: Deloitte will review and validate your compliance with the SWIFT CSP controls and issue independent assurance reports under recognized standards (e.g., ISAE, SOC 2).
While Deloitte is prepared to assist you in connection with the SWIFT Customer Security Controls Framework, please note that Deloitte does not represent or speak for SWIFT, and the Customer Security Controls Framework is part of the contractual framework between SWIFT and its users.
SWIFT Customer Security Program