25 January 2018

Excellent community response to SWIFT’s Customer Security Controls Framework

Overwhelming majority of SWIFT customers meet the 31 December 2017 security control attestation deadline.

Following the introduction of SWIFT’s Customer Security Controls Framework in April 2017, we are pleased to report that 89% of all SWIFT customers attested their level of compliance with the mandatory security controls by the 31 December 2017 deadline. Combined, these institutions account for over 99% of all FIN messages sent over the SWIFT network. The number of attestations continues to rise, as several hundred organisations have subsequently attested or have attestations in progress. Banks are reminded that SWIFT reserves the right to inform financial supervisors if they have not yet attested.

This excellent response – across segments, markets and infrastructure types – demonstrates the financial industry’s commitment to combatting the persistent threat of cyber-attacks.

The community’s response to complying with this first stage in the attestation process has been extremely positive, and has enabled an increased level of security for SWIFT customers as they will now know more about their counterparts. However, significant work will still need to be done to drive further security improvements and increase transparency across the financial community. For example, in what will mark a significant step-change, all SWIFT customers will need to re-attest and to confirm full compliance with the mandatory security controls by the end of 2018. As of 1 January 2019, SWIFT again reserves the right to notify local supervisors of users that have failed to re-attest or have not confirmed full compliance with the mandatory controls within the required period. Attestations will also have to be renewed annually thereafter.

Customers should also begin to incorporate their counterparties’ attestation data into their risk management and business decision-making processes – alongside other risk considerations such as KYC, sanctions and AML. Using the KYC Registry Security Attestation Application (KYC-SA) customers can share their attestation data with their counterparties and request data from others. This creates an opportunity for an organisation to be transparent about their attestation status, which should increase the trust and confidence for counterparts doing business with each other.

The transparency provided by this counterparty data exchange system is driving attestation and compliance with the controls, as institutions seek to demonstrate their cyber security to their counterparties. SWIFT will introduce additional measures to assure the ongoing quality and effectiveness of customer security attestations in 2018.

To find out more about the Customer Security Programme, visit e-paying.info/csp, contact your SWIFT Relationship Manager or 24/7 SWIFT Support.

Product

The KYC Registry Security Attestation Application

The tool for all SWIFT users to complete and submit their attestation data

Extended reading

News

The countdown to 31 December 2017

The deadline for all users to self-attest against SWIFT’s customer security controls is only weeks away – have you attested yet?
News

SWIFT opens The KYC Registry Security Attestation Application

Driving adoption of the SWIFT customer security controls and fostering transparency between SWIFT users to support cyber risk management and business decision-making.
News

SWIFT launches the ‘SWIFT Information Sharing and Analysis Centre’

The latest development on cyber-security information sharing is part of SWIFT’s Customer Security Programme