Swift CSP 2023 and Its Importance: Errors to Avoid 

Following a series of cyberattacks, Swift’s Customer Security Program (CSP) was developed to establish cybersecurity standards for the financial services industry. In 2022, Swift released a new version of security controls (CSCF) for users to uphold strong cybersecurity practices among all users, lower the threat of cyber-attacks, and mitigate the financial consequences of fraudulent transactions. For this year, Swift CSP 2023 continues with the 23 mandatory controls and nine advisory controls to set a realistic goal for short-term, tangible security gains and risk reduction.

SWIFT CSP 2023 and Its Importance: Errors to Avoid 
To ensure adoption and to complement the Swift Customer Security Controls Framework, we delve into the importance of Swift CSP 2023, the errors in assessment compliance, and what happens if you fail to submit your attestation on time.

Combatting cyberthreat with Swift CSP 2023 Attestation

For financial institutions, cybercrime continues to present significant challenges. The SolarWinds hack in 2020, and the Accellion FTA breach underscored the importance of having systems ready to fend off any intrusion. Swift’s analysis of cyber-threat intelligence is in conjunction with industry experts and user feedback to manage and monitor counterparty risk, both at a strategic and practical level.
The CSCF structure consists of a three-tier pyramid containing three general elements, which are further supported by eight principles:
  • Protect your environment.
  • Know and limit access.
  • Detect and respond.
These controls continually evolve over time in response to emerging threats, changes in security regulations in different jurisdictions, evolving technology utilization, and insights gathered from the Swift community’s feedback.
8 Principles of CSCF Swift CSP 2023

What happens if you don't submit your attestation?

The introduction of Swift’s Customer Security Programme Assessor Certification marks a substantial advancement in bolstering the security of financial messaging services. This framework not only boosts the confidence and consistency of Swift users but also grants them access to certified assessments. Failing to comply with the standards, Swift holds the right to report the organizations to the industry regulators.
You violate the policy if you:
  • Do not meet the mandatory controls.
  • Connect through a non-compliance service provider.
  • Fail to complete the mandatory SWIFT CSCF assessment.
  • Invalid certificate: you did not submit the certification, or the attestation is expired.

Four Errors in Swift CSP 2023 Assessment Compliance

Swift has published specific Security Guidance (SG) documents to complement the CSCF. These provide minimum security recommendations and additional guidance on existing security features of Swift messaging interfaces. However, some Swift users still need to correct common errors during CSP certification compliance. So, what errors should you avoid making the most of the Swift CSP assessment?
Significant banks and users have identified the following frequently occurring issues:
Complying with Swift CSP is critical to protect your organization from cybercrime and financial fraud. Failing to do so may result in Swift reporting your organization as non-compliant. Your Swift compliance team must possess the expertise and capabilities to conduct thorough assessments and identify potential vulnerabilities accurately.
Completing the assessment required by Swift is not merely a matter of checking boxes and resources. The certification deadline and assessment completion are set for December 31, 2023. Timely planning ensures you meet all security framework requirements.
Swift has increased the controls from 27 in 2017 to 32 since the 2022 version, which still applies to 2023. Having the right resources in place is essential in understanding all the controls. The implementation-guided forms should not be considered a strict "audit checklist" because each user's implementation can vary. These new controls are based on strong cybersecurity practices that significantly reduce emerging threats, pragmatically and collectively elevating security levels in institutions.
Just like any internal project in an organization, it's essential to gather all required documents. A significant step is securing the commitment of all relevant stakeholders and obtaining high-level sponsorship. If some pieces of paper are missing, it's advisable to promptly mobilize all necessary resources to ensure all gaps or deficiencies are addressed for the following year's assessment, avoiding unforeseen situations.

Get in Touch with Our Swift CSP Experts

Being a Swift CSP provider, we offer assessment services to support the Customer Security Program (CSP) tested against a set of criteria that is reviewed every year to help ensure that certification criteria remain appropriately aligned with the evolution of the CSP, Swift services, and products, market practices, and Swift user needs.
To ensure adoption and complement the Swift Customer Security Controls Framework, ECS Fin’s experts conduct a post-audit “checkpoint” to assess your level of compliance toward implementing the CSP mandatory and advisory controls.

Audit Checklist for CSP:

  • Incident management plan.
  • Policies and policies enforcement.
  • Abnormal activity detection in operations.
  • Multi-factor authentication management.
  • Cybersecurity training and documentation.
  • Protect your critical systems from IT environment.
  • Application lifecycle management and system patching.
  • Secure zone allocation and segregation for Swift environments.

Contact our Swift CSP experts to conduct your controls and certification.

Take a look at our publications related to Swift CSP

Swift CSP 2023: Cyber Defence for Financial Institutions

Swift CSP 2023: Cyber Defence for Financial Institutions