The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has put forth a security framework under its Customer Security Program i.e. SWIFT CSP for all of its users to address the growing needs of security and transparency as a community to combat the increase in cyber fraud.


The SWIFT CSP program aims at detection and prevention of fraudulent activity by means of a set of mandatory security controls defined under SWIFT Customer Service Control Framework (CSCF) and community wide information sharing initiative. The framework defines a set Objectives, Principles and Controls, revised and reviewed annually.

Any organization that makes use of the Society for Worldwide Interbank Financial Telecommunication (SWIFT) interbank messaging network needs to comply with the new cybersecurity standards - as well as a related "assurance framework”. The organization that requires to be SWIFT qualified needs to undergo the following steps :-

  • Self-assessment as per the SWIFT Customer Security Controls Framework (CSCF): Annual assessment of the local environment against 23 mandatory and 9 advisory controls as per best practices.

  • Self-attestation as per the SWIFT Customer Security Controls Policy: Each user is required to submit a self-attestation of their compliance against the controls defined based on the assessment results before the annual deadline.

  • CSCF v2022 to CSCF v2023

Furthermore, to enhance the overall integrity of attestations across all customers, all submitted attestations for CSCF v2023 must be supported by an Independent assessment – either internally, by a second or third line of defence (e.g. risk,compliance or internal audit), or externally, by a third-party.

All SWIFT Customers are required to perform an “Independent Assessment” as per the requirement of their annual self-attestation. As an approved SWIFT Assessment Provider, QRC will help you validate successful alignment of controls with the SWIFT CSP guidelines and work alongside your internal audit function. Our extensive SWIFT CSP expertise will ensure that all your requirements are met ahead of SWIFT’s required independent assessment.-

Audit Approach


Business Understanding

Evaluating business process and environment to understand the in-scope elements


Assessment Scope Finalization

Detailed questionnaire is shared with your teams to aid in the scope definition, planning and preparation of the audit and objectives


Initial/Readiness Assessment

As per the SWIFT CSCF framework, we will conduct an initial assessment to identify and analyze the risks in the information security posture


Validate SWIFT Architecture

Assist organizations to identify and validate SWIFT architecture, zones and the components as per the assessment requirement.


Control Validation

Perform Mandatory & Advisory Control Validation to understand the control applicability as per the environment


Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages


Documentation Support

Avail templates to ease out the documentation process during the assessment process


Remediation Support

As per the assessment QRC will provide remediation support for complying with the SWIFT Cybersecurity framework.


Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach


Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance


Concise Reporting

Our team documents a comprehensive report detailing all findings covered during the assessment cycle as per the SWIFT template.

frequently asked questions

SWIFT's customer security programme (CSP) aims to prevent and detect fraudulent activity through a set of mandatory security controls, community-wide information sharing initiatives and enhanced security features on their products.

SWIFT CSP requires one to submit a self-attestation on an annual basis by 31 December. An independent assessment is required alongside a customers attestations from 31 December 2020 onwards.

There are two forms in which a SWIFT customer can gain an independent assessment 
  • An internal assessment : The internal audit needs to be carried out as per the internal audit function of the customer and independent from the function submitting the attestation.
  • An external assessment : An external audit can be carried out by QRC, an assessment against the CSP controls.

SWIFT’s CSCF V2020 comprises 3 Objectives, 8 Principles & 31 Controls (21 Mandatory & 10 Optional). SWIFT mandatory controls focussed on securing your environment, knowing and limiting access

SWIFT reports all cases of non-compliance and where members have not verified to local regulators. 

In any circumstances, it is necessary to share all relevant information and let SWIFT know there is a problem as soon as possible, in order to protect other organisations in the network.

Related Updates

LinkedIn Facebook Twitter Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.