Swift users are obligated to carry out an independent assessment annually when self-attesting to the Customer Security Programme. These can be done through either:
or
As a minimum, the ‘Community Standard Assessments’ must cover all mandatory controls in the latest version of the Customer Security Controls Framework (CSCF) that are applicable based on a user’s CSP architecture type and infrastructure. Users that have attested against advisory controls may also consider asking the assessor to include these in the evaluation.
As part of our continuous efforts to support our clients in meeting their obligations, Bottomline has partnered with A Jolly Consulting, to help facilitate the process for our customers.
The purpose of this document is not to explain the CSP, but to provide a simplified summary of what the controls mean, and how we can help you. We strongly encourage your teams read Swift published documentation for full technical descriptions.
Bottomline Summary
We fully support the rationale behind the CSP and welcome the ‘raising of the bar’ when it comes to payment security. We strongly recommend that you embrace the initiative not as a tick-box exercise but to genuinely ensure your standards are increased.
Cyber fraud sits in a fast-paced and evolving environment. Securing payments is becoming more critical than ever before. It is our expectation that this programme will continue to evolve as new threats emerge and weaknesses come to light; meaning new controls, and the promotion of advisory to mandatory will likely continue as we have seen before.
Swift customers are responsible for reviewing infrastructure and meeting control standards.
This guide provides a simplified summary of what each of the Swift CSP controls means, including those updated in the latest CSCF, and how Bottomline can help your institution.
We strongly encourage your teams read Swift published documentation for full technical descriptions.