The importance of SWIFT Accreditation

12 June 2024

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) established the Customer Security Programme (CSP) to promote cybersecurity within the SWIFT community and to drive industry-wide collaboration in the battle against cyber threats.

SWIFT users are responsible for the security of their infrastructure, and to support this, the CSP has been designed to help combat end-point security threats and cyber fraud. The core component of the CSP is the Customer Security Controls Framework (CSCF), a common set of security controls revised annually, which consists of mandatory and advisory controls based on industry-standard frameworks.

All organisations operating SWIFT are required to have an independent attestation of their SWIFT operating environment. SWIFT has stated that full compliance against the CSCFv2024 mandatory controls is expected by 31 December 2024.

RSM UK has an experienced team utilising a cost-effective and proven ‘no surprises’ approach to your SWIFT accreditation requirements. This approach will reduce the burden on your own resources to meet the SWIFT requirement. We provide a report confirming the controls tested, benchmarked against your peers, and outline a pragmatic improvement roadmap to prioritise any remediation efforts needed for your final attestation.

RSM UK SWIFT Accreditation

Our technology risk assurance (TRA) has established a SWIFT Centre of Excellence (CoE) in the UK. Here, we help organisations understand their SWIFT environment and Architecture Type, perform an independent assessment of their SWIFT controls and provide a report and supporting documents required for the annual Know-Your-Customer-Security-Attestation (KYC-SA) submission. Moreover, all of our team are SWIFT-qualified auditors who have successfully completed the SWIFT examination process.

How we can help with SWIFT accreditation

Mobilisation

  • We understand your SWIFT deployment and wider IT/business environment.
  • We help determine your SWIFT Architecture Type.
  • We agree a project plan and scope with you, including a schedule of stakeholder meetings, and evidence that could be provided to us for review.
  • Project plan with agreed roles and responsibilities.
  • Stakeholder meeting schedule and agendas issued.
  • Evidence request agreed.

Assessment

  • We work with you to complete the detailed assessment of the controls you have implemented to meet the objectives.
  • This is performed through a combination of stakeholder discussions, review of policies and procedures, existing assurances, and testing of key controls.
  • Live progress reporting (eg controls tested, draft issues, and outstanding evidence).

Reporting and attestation

  • We discuss and agree our findings for each control area and confirm your compliance for each SWIFT control. We develop pragmatic recommendations with you (short, medium and long-term initiatives).
  • Where control exceptions are identified, we will seek to identify mitigating controls and/or test remediated controls.
  • We will draft a final report with prioritised recommendations and a pragmatic improvement roadmap.
  • Benchmarked view of your controls against peers.

For more information, please contact Steven Snaith.