Here’s a breakdown of how your organisation can comply
New attestation methodology, introduced in July 2021, stated that all SWIFT users must carry out an independent assessment, which can be completed in one of two ways:
1. Internal assessment: is carried out by your company's second or third line of defence, such as your internal compliance, risk or audit departments.
2. External assessment: through an independent, external organisation with cybersecurity assessment experience and individual assessors with relevant security industry certification.
“We have used Bottomline and AJC to meet this years’ new CSP Independent Assessment deadline and the service has been very efficient. It has given us peace of mind that the CSP attestation deadline is met and that our payment infrastructure is safe, secure and compliant.”
- Cambodia Asia Bank (CAB)
Other important information that your organisation needs to know:
- All SWIFT users, including corporates, banks and financial institutions, must attest annually to this framework
- Non-compliant customers can be reported to their local regulator
- Attestation compliance statuses can be visible to other SWIFT counterparties, which may be used when assessing new vendors
- SWIFT customers are responsible for:
- Reviewing their infrastructure and meeting control standards
- Completing their due diligence when selecting and contracting cyber security service providers or any other entity offering such services.
Strength in Numbers:
The CSP controls change every year in line with evolving threats across the community. What was advisory one year may change to mandatory the next. For example, from 2021-2022 one control moved from advisory to mandatory, and a new advisory control was introduced. The new assessment methodology introduced in 2021 is now an annual requirement.
The 2022 control framework includes 32 control, 23 mandatory and 9 advisories.
Our solutions can also help in the following areas:
Secure Payments for CSP: Detect and prevent fraud in real-time whilst providing alerts for suspicious activities (mandatory controls 2.9 and 6.4).
Secure Data in Transit: Verify and protect the integrity of messages, files and transactions with a digital signature (controls 2.4A and 2.5A)
Multi-factor Authentication: reduce unauthorised access with hard and soft tokens (control 4.3).
The benefits of partnering with Bottomline:
Clarity & transparency: we’ll keep you informed of the latest SWIFT CSP framework controls and what action you need to take, every step of the way.
No need to wish for hindsight: understand your compliance status each year, ahead of the attestation to help you understand the remediation required, which can take anywhere from 3 – 6 months.
Experts on hand: whether it’s your dedicated Account Manager or our Cyber Security specialist, we’re here to help you comply to the SWIFT CSP and reap the additional benefits for peace of mind.
By joining our programme, we’ll work with you every year to achieve a complaint attestation status. This not only helps strengthen your organisation’s reputation and instils trust and confidence with other swift customers, but you’re contributing to the collective mission of protecting the wider ecosystem.
Learn how we help our customers
Customer Success Stories
“By completing the independent assessment for all mandatory and advisory controls, Vattanac Bank are well prepared for any changes to the annual SWIFT CSP requirements with the continued support of Bottomline and their approved auditor. Meeting these security controls will help protect our environment and foster a more secure financial ecosystem.”
-Na Sambathchatovong, Head of IT Security and IT Governance
“Lion Global Investors turned to trusted partner Bottomline for support as other options were looking very costly. Our existing relationship assured us that the project would run smoothly, and we would remain compliant. The service has been efficient, and we are very happy with the guidance and professionalism provided by Bottomline.”
- Lion Global Investors
“Bottomline’s SWIFT CSP Independent Assessment gave us reassurance that we would meet all advisory and mandatory controls and provided us with a deeper understanding of the framework. As the programme continues to evolve, we will continue to partner with Bottomline to ensure GLAS remains compliant and our SWIFT environment is secure now and in the future.”
- Stuart Draper, Chief Operation Officer
GET IN TOUCH
Want to learn more about Bottomline's solutions?
Give us a call.
Our solution experts are here to help.+61 2 9068 9438 | SG +65 6508 8088
Chat with us.
Chat with one of our solution experts. We'll recommend the right product to fit your needs.
Let us help drive your business forward.
Tell us a bit about you and your business and we’ll get back to you with all the information you need.