“We have used Bottomline and AJC to meet this years’ new CSP Independent Assessment deadline and the service has been very efficient. It has given us peace of mind that the CSP attestation deadline is met and that our payment infrastructure is safe, secure and compliant.”
- Cambodia Asia Bank (CAB)
So what does this mean for your organisation?
New attestation methodology, introduced in July 2021, stated that all SWIFT users must carry out an independent assessment, which can be completed in one of two ways:
Internal assessment: This is carried out by your company's second or third line of defense, such as your internal compliance, risk or audit departments.
External assessment: Through an independent, external organisation with cybersecurity assessment experience and individual assessors who have the relevant security industry certification.
Other important information you need to know:
All SWIFT users, including corporates, banks and financial institutions, must attest annually to this framework
Non-compliant customers can be reported to their local regulator
Attestation compliance statuses can be visible to other SWIFT counterparties, which may be used when assessing new vendors
SWIFT customers are responsible for:
- Reviewing their infrastructure and meeting control standards
- Completing their due diligence when selecting and contracting cyber security service providers or any other entity offering such services.
The CSP controls change every year in line with evolving threats across the community. What was advisory one year may change to mandatory the next. For example, from 2020 to 2021, one control moved from advisory to mandatory and the new assessment methodology was introduced.
The 2021 framework includes 31 controls, 22 mandatory and 9 advisory.
How Bottomline can help you meet and exceed compliance with the CSP
Our independent, SWIFT certified Cyber Security partner will carry out a pre-attestation to help you understand where there might be shortfalls in your current infrastructures and policies ahead of carrying out a full attestation.
It’s essential to start your pre-attestation now as remediation can take anywhere from 3 to 12 months, which could impact your compliance with the programme.
Don’t leave it too late. Speak to us today to help you understand what the new changes mean for your organisation and why it’s important to act now.
We can also offer solutions in the following areas:
User Behaviour Monitoring and Transactional Monitoring: Comply with CSP controls 6.4 and 2.9A to help detect and prevent fraud in real-time whilst providing alerts of suspicious activities.
Secure Data in Transit: Assists in compliance with CSP controls 2.4A and 2.5A by verifying and protecting the integrity of messages, files and transactions with a digital signature.
Multi-factor Authentication: Helps you to comply with CSP control 4.3 by reducing unauthorised access with hard and soft tokens.
GET IN TOUCH
Want to learn more about Bottomline's solutions?
Give us a call.
Our solution experts are here to help.+61 2 8047 3700 | SG +65 6508 8088
Chat with us.
Chat with one of our solution experts. We'll recommend the right product to fit your needs.
Let us help drive your business forward.
Tell us a bit about you and your business and we’ll get back to you with all the information you need.