SWIFT CSCF Assessment

SWIFT CSCF Assessment

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has put forth a security framework under its Customer Security Program i.e. SWIFT CSP for all of its users to address the growing needs of security and transparency as a community to combat the increase in the cyber fraud. The SWIFT CSP program aims at detection and prevention of fraudulent activity by means of a set of mandatory security controls (SWIFT(CSCF)) and community wide information sharing initiative.

Being the widest international payment network, SWIFT has suffered from the consequence over the years with the advancement in the technology and hence to combatthe growing threat profile, SWIFT has defined a set Objectives, Principles and Controls under its Customer Service Control Framework (CSCF)

As an approved SWIFT Assessment Provider, QRC will help you validate successful alignment of controls with the SWIFT CSP guidelines and work alongside your internal audit function. Our extensive SWIFT CSP expertise will ensure that all your requirements are met ahead of SWIFT’s required independent assessment due on 31 Dec’20

Who is SWIFT CSP for?

Any organization that makes use of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) interbank messaging network needs to comply with the new cybersecurity standards - as well as a related "assurance framework”.

As per the new update, any organization that required to be SWIFT qualified needs to undergo the following steps:

Self-assessment as per the SWIFT Customer Security Controls Framework (CSCF) :
- Annual assessment of local environment against 19 mandatory and 10 advisory controls as per best practices.

Self-attestation as per the SWIFT Customer Security Controls Policy:
- Each user is required to submit a self-attestation of their compliance against the controls defined based on the assessment results before the annual deadline.

Furthermore, to enhance the overall integrity of attestations across all customers, all submitted attestations for CSCF v2020must be supported by an Independent assessment – either internally, by a second or third line of defence (e.g. risk,compliance or internal audit), or externally, by a third-party.

As per the new update, SWIFT’s CSCF V2020 comprises of 3 Objectives, 8 Principles & 31 Controls (21 Mandatory & 10 Optional)

CSCF v2020 will become effective in the KYC Security Attestation application (KYC-SA), the online repository for customer attestations, in July 2020.

All SWIFT Customer are required to perform an “Independent Assessment” as per the requirement of their annual self-attestation. The self-attestation is due on 31 Dec’2020

SWIFT assessments follow guideline depending on the program and categorized into:

SWIFT Mandatory: Applicable to sample users, to be assessed by externally.
Community Standard: Applicable to all users, can be assessed internally or externally.

The assessment process would be hassle free, cost effective to complete all the compliance requirement as per the defined SWIFT guidelines:

GAP Analysis-

  • Assessing the Scope Review and Gap Assessment as per the defined plans
  • Well Documented Executive Level Reporting as per the SWIFT Guidelines and with milestones


  • Assist in development of workstreams to address the identified gaps in both the technology and process changes


  • Control Verification to assure the validation of compliance and third part controls under recognised standards (e.g. ISAE3000).
  • Documenting the findings as per the standard templates and forms.

Final Deliverables would include

  • Formal Assessment Report
  • Completion Letter
  • Awareness Trainings

SWIFT has implied mandatory yearly attestations for all SWIFT customers, the results of those will be shared to all the partners of the SWIFT community as per the community policy.  Complying with the standard CSP framework, the financial institutes can:

  • Avoid Penalties and data breach complications and maintain a rigid framework to combat cyber fraud.
  • Improve Customer Security and organization’s security posture.
  • Increase in Reputation among the SWIFT community.
  • Enhanced security controls assure that data management is been securely handled.
  • Increase in Business

Get Free Consultation