Here’s a breakdown of how your organisation can comply
New attestation methodology, introduced in July 2021, stated that all SWIFT users must carry out an independent assessment, which can be completed in one of two ways:
1. Internal assessment: is carried out by your company's second or third line of defence, such as your internal compliance, risk or audit departments.
2. External assessment: through an independent, external organisation with cybersecurity assessment experience and individual assessors with relevant security industry certification.
“We have used Bottomline and AJC to meet this years’ new CSP Independent Assessment deadline and the service has been very efficient. It has given us peace of mind that the CSP attestation deadline is met and that our payment infrastructure is safe, secure and compliant.”
- Cambodia Asia Bank (CAB)
Other important information that your organisation needs to know:
- All SWIFT users, including corporates, banks and financial institutions, must attest annually to this framework
- Non-compliant customers can be reported to their local regulator
- Attestation compliance statuses can be visible to other SWIFT counterparties, which may be used when assessing new vendors
- SWIFT customers are responsible for:
- Reviewing their infrastructure and meeting control standards
- Completing their due diligence when selecting and contracting cyber security service providers or any other entity offering such services.
Strength in Numbers:
The CSP controls change every year in line with evolving threats across the community. What was advisory one year may change to mandatory the next. For example, from 2022-2023 one control moved from advisory to mandatory. The new assessment methodology introduced in 2021 is now an annual requirement.
The 2023 control framework includes 32 control, 24 mandatory and 8 advisories.
Our solutions can also help in the following areas:
Secure Payments for CSP: Detect and prevent fraud in real-time whilst providing alerts for suspicious activities (mandatory controls 2.9 and 6.4).
Secure Data in Transit: Verify and protect the integrity of messages, files and transactions with a digital signature (controls 2.4A and 2.5A)
Multi-factor Authentication: reduce unauthorised access with hard and soft tokens (control 4.3).
The benefits of partnering with Bottomline:
Clarity & transparency: we’ll keep you informed of the latest SWIFT CSP framework controls and what action you need to take, every step of the way.
No need to wish for hindsight: understand your compliance status each year, ahead of the attestation to help you understand the remediation required, which can take anywhere from 3 – 6 months.
Experts on hand: whether it’s your dedicated Account Manager or our Cyber Security specialist, we’re here to help you comply to the SWIFT CSP and reap the additional benefits for peace of mind.
By joining our programme, we’ll work with you every year to achieve a complaint attestation status. This not only helps strengthen your organisation’s reputation and instils trust and confidence with other swift customers, but you’re contributing to the collective mission of protecting the wider ecosystem.
More on Bottomline’s Trusted SWIFT CSP Auditors: AJC
AJC, our valued partner since 2017, brings a comprehensive approach to SWIFT CSP audits. All their auditors undergo annual SWIFT CSP training, ensuring the highest expertise is provided. Their two-stage audit process includes a thorough pre-attestation review to identify compliance gaps and offer remediation recommendations. The independent assessment then certifies your compliance with the CSP framework. With AJC's post-assessment support, you'll have access to valuable insights, including changes in SWIFT CSP controls and mandates throughout the year.
Learn how we help our customers
Customer Success Stories
“ABA received a CSP Independent Assessment, demonstrating that we met all of SWIFT’s security-mandated requirements. We were able to complete the assessment for 2022 while preparing for the annual SWIFT CSP requirements at the same time. We would not have been able to achieve these objectives without the best-in-class support from the Bottomline Team. The excellent services and teamwork were much appreciated.”
-Polinda Hean, Chief International Business Officer
“Lion Global Investors turned to trusted partner Bottomline for support as other options were looking very costly. Our existing relationship assured us that the project would run smoothly, and we would remain compliant. The service has been efficient, and we are very happy with the guidance and professionalism provided by Bottomline.”
- Lion Global Investors
“Bottomline’s SWIFT CSP Independent Assessment gave us reassurance that we would meet all advisory and mandatory controls and provided us with a deeper understanding of the framework. As the programme continues to evolve, we will continue to partner with Bottomline to ensure GLAS remains compliant and our SWIFT environment is secure now and in the future.”
- Stuart Draper, Chief Operation Officer
GET IN TOUCH
Want to learn more about Bottomline's solutions?
Give us a call.
Our solution experts are here to help.+61 2 9068 9438 | SG +65 6508 8088
Chat with us.
Chat with one of our solution experts. We'll recommend the right product to fit your needs.
Let us help drive your business forward.
Tell us a bit about you and your business and we’ll get back to you with all the information you need.