SWIFT CSP 2022: Four mistakes in its compliance assessment

White Logo of ECS Fin Blue Logo of ECS Fin

SWIFT CSP 2022:
4 mistakes in its compliance assessment

Following a series of cyber-attack, the SWIFT Customer Security Programme (SWIFT CSP 2022) was developed to set the borderline of cybersecurity for the financial services industry. Recently, SWIFT published a new version of the CSCF for users to attest against in the second half of 2022. For this year there are 23 mandatory controls and nine advisories in the 2022 control framework, it’s a no-brainer that some financial institutions and SWIFT users, still struggle to stay compliant. In this post, we dive deep into the importance of SWIFT CSP 2022, mistakes in CSP assessment compliance, and what happens if you don’t submit your attestation on time.

Combating the cyber threat with SWIFT CSP 2022 attestation

For financial institutions and companies, cybercrime continues to present significant challenges that need to be dealt with by robust defenses to protect the firm from attacks. And 2020 SolarWinds hack and the Accellion FTA breach attacks have highlighted the importance of having defense systems ready. Customer Security Controls Framework (CSCF) is a part of the SWIFT Customer Security Program (CSP), which entails mandatory and advisory security controls for Financial Institutions (FIs) and SWIFT Community.
The structure of the CSCF is a three-tiered pyramid containing three overarching elements, which are further underpinned by eight principles:
objectives and principles of SWIFT CSP 2022
8 SWIFT CSP 2022 principles
Previous
Next
By employing cyber threat intelligence and feedback from industry users and experts, SWIFT developed the controls to mitigate cybersecurity risks. These controls are constantly evolving to keep abreast with cybersecurity practices or technology changes and regulatory modifications.

What happens if you don't submit your attestation?

Remember, SWIFT also reports any non-compliant organizations to industry regulators.

You are in breach of the policy if you:
  • Connect through a non-compliant service provider
  • Did not complete a SWIFT mandated external assessment
  • Don't have a valid attestation: you either did not submit an attestation, or your attestation is expired
  • Not compliant with the mandatory controls

Four mistakes in SWIFT CSP 2022 assessment compliance

0

SWIFT has published product-specific Security Guidance (SG) documents to complement the CSCF. These provide the minimum-security recommendations as well as additional guidance on existing security features of SWIFT’s messaging interfaces to align with the latest CSCF. However, still, there are some mistakes committed by FIs and companies during CSP attestation compliance. So, what are the errors that you need to omit when getting the most out of your SWIFT CSP assessment? Leading banks have identified the following problems that come up frequently:

SWIFT CSP’s compliance is the key to securing your organization from cybercrime and financial fraud. Clearly, a failure to do so can result in your organization being reported as a non-compliant firm by SWIFT. Your SWIFT compliance team should stay on top of the requirements as they change annually.

The required assessment is not merely a task of simply checking-the-resources-and-boxes exercise. The deadline for attestation, and independent assessment, is 31 December 2022. Planning a timely assessment ensures that you meet all framework requirements.

SWIFT has evolved from 27 in 2017 to 32 controls in the 2022 version. It’s essential to have the right resources in place. An important step is to understand all the controls. These new controls account for robust cybersecurity practices that address current, new, and arising threats pragmatically and collectively to raise the security bar.

As with any project, gathering all the required documents is essential. A significant step is getting engagement from all relevant stakeholders and gaining senior sponsorship. And if there is any documentation gap, it is advisable to immediately put all the resources in place to ensure that all the gaps have been closed for the following year’s assessment to avoid any unforeseen chaotic situation.

Contact our SWIFT CSP 2022 Experts

ECS Fin is listed as an assessment provider/SWIFT CSP provider in SWIFT directories to support the Customer Security Programme (CSP). We do the SWIFT risk assessment, review current mandatory controls, and provide a prioritization framework with a risk management roadmap to assess all the vulnerabilities and determine how to respond effectively in each case. We are also offering the option of a “checkpoint” option while performing a cybersecurity assessment of a SWIFT-related environment to ensure that your business complies with the SWIFT Customer Security Controls Framework (v2022).
Contact our

SWIFT CSP 2022

expert team to help you understand what the most recent changes mean for your organization.
Contact us

SWIFT CSP 2022 Audit Checklist:

Designation and segregation of the secure zone for SWIFT environments


Double factor authentication


Database and Software Integrity


Training


Application life cycle management and patching


Crisis planning



Detection of abnormal activity


Documentation

Take a look at our most recent blog posts

Wealth Management: How Technology is Changing the BFSI

Wealth Management: How Technology is Changing the BFSI

Wealth management has always been a crucial aspect of the Banking, Financial Services and Insurance industry, Let’s find out how we can integrate technology.

Cross-Border Payments: a lucrative world for Digital Banking

Cross-Border Payments: a lucrative world for Digital Banking

Cross-border payments have brought improvements to the financial industry by adding transparency of the money movement, its route, and its date of delivery

SWIFT GPI: Unveil the Mystery of Cross Border Payments  

SWIFT GPI: Unveil the Mystery of Cross Border Payments  

SWIFT gpi is at the forefront to provide a fast, transparent and trackable cross-border payment experience. Let’s talk about international payment!