SWIFT customer security program


SWIFT customer security program

​Banking information is some of the most important to keep private. That's why recent high-profile cyber-attacks on customers using Society for Worldwide Interbank Financial Telecommunications (SWIFT) are so significant. Deloitte can help business leaders navigate the factors associated with implementing SWIFT's Customer Security Controls Framework (CSCF) as well as address SWIFT dependencies and ultimately disrupt through innovation.

Limiting future cyber-attacks

In response to recent cyber-attacks, SWIFT issued baseline security requirements through its Customer Security Controls Framework. While the SWIFT network itself was not compromised in the attacks, in some cases hackers successfully breached the local operating environment established by SWIFT users.

To help limit opportunities hackers have to exploit weaknesses in SWIFT users' local environments in the future, SWIFT created the Customer Security Program (CSP). The CSP Is a framework design to help users set up cyber security controls that they can implement themselves in their local environments.

How SWIFT users can work to protect themselves

​SWIFT is looking to have all users set up these cyber security controls by December 31, 2017, and to update their systems according to CSP requests on an annual basis. The CSP compliance will come through self-attestation.

SWIFT encourages its users to implement and monitor these customer security controls as part of a broader cyber security risk management program which should be regularly evaluated and adjusted, based on leading industry practices, and changes to the individual users' security posture and infrastructure.

SWIFT's strategic security principles

The framework can be applied to four types of SWIFT user architectures, titled A1, A2, A3, and B. SWIFT users must first identify which architecture applies to them before implementing the applicable controls.

Back to top

More information on the CSP Customer Security Controls framework is available.

SWIFT CSP controls scope

gx-finance-swift-security-controls.jpg (935×323)

We help clients establish controls and processes around their most sensitive assets, balancing the need to reduce risk, while also helping to enable productivity, business growth, and cost optimization objectives.

Learn more about our Cyber Risk Services.

Back to top

Why Deloitte?

​Deloitte in the US, and globally through the Deloitte Touche Tohmatsu Limited network of member firms, are the number one providers of cyber risk management solutions.

  • Deloitte a global leader in Enterprise Risk Management consulting by ALM in 2017
    Source: ALM Enterprise Risk Management 2017
  • Deloitte named a leader in Information Security Consulting based on current offering and strategy by Forrester
    Source: Forrester Research, Forrester WaveTM: Information Security Consulting Services Q1 2016, Martin Whitworth, January 29, 2016

We offer holistic services that can support your organization as you address your SWIFT dependencies:

  • Impact Assessment: Deloitte will conduct initial SWIFT risk assessment, provide a prioritization framework and a review of current controls
  • Risk Mitigation Planning: Deloitte will develop a remediation strategy and a roadmap for implementation for identified gaps in controls and processes
  • Testing: Deloitte will assist in establishing a testing framework and conducting testing to meet CSP requirements
  • Implementation Support: Deloitte will assist with governance establishment, implementation execution, and war gaming

* While Deloitte is prepared to assist you in connection with the SWIFT Customer Security Controls Framework, please note that Deloitte does not represent or speak for SWIFT and the Customer Security Controls Framework is part of the contractual framework between SWIFT and its users.