Swift users are obligated to carry out an independent assessment annually when self-attesting to the Customer Security Programme. These can be done through either:

  • Internal assessment carried out by the company’s second- or third- line of defence such as the users’ internal compliance, internal risk of internal audit departments (independent from the first line of defence function submitting the attestation);

or

  • External assessment carried out by an independent external organisation with cyber security assessment experience and individual assessors who have relevant security industry certification.

As a minimum, the ‘Community Standard Assessments’ must cover all mandatory controls in the latest version of the Customer Security Controls Framework (CSCF) that are applicable based on a user’s CSP architecture type and infrastructure. Users that have attested against advisory controls may also consider asking the assessor to include these in the evaluation.

As part of our continuous efforts to support our clients in meeting their obligations, Bottomline has partnered with A Jolly Consulting, to help facilitate the process for our customers.

The purpose of this document is not to explain the CSP, but to provide a simplified summary of what the controls mean, and how we can help you. We strongly encourage your teams read Swift published documentation for full technical descriptions.

 

Bottomline Summary

We fully support the rationale behind the CSP and welcome the ‘raising of the bar’ when it comes to payment security. We strongly recommend that you embrace the initiative not as a tick-box exercise but to genuinely ensure your standards are increased.

Cyber fraud sits in a fast-paced and evolving environment. Securing payments is becoming more critical than ever before. It is our expectation that this programme will continue to evolve as new threats emerge and weaknesses come to light; meaning new controls, and the promotion of advisory to mandatory will likely continue as we have seen before.

Swift customers are responsible for reviewing infrastructure and meeting control standards.

This guide provides a simplified summary of what each of the Swift CSP controls means, including those updated in the latest CSCF, and how Bottomline can help your institution.

We strongly encourage your teams read Swift published documentation for full technical descriptions.

Related Resources

Customer Success Story
https://d15fjz85703yz4.cloudfront.net/7117/2226/8770/Lion-Global-CSS-Thumbnail.jpg
Lion Global Investors Ensures CSP Independent Assessment Compliance
Message Transformation & Enrichment
Datasheet
https://d15fjz85703yz4.cloudfront.net/1617/3686/4159/comprehensive-connectivity-platform-thumbnail.jpg
Access a Comprehensive Connectivity Platform for Swift and Other Financial Messaging Networks
Connectivity Services
Webinar
https://d15fjz85703yz4.cloudfront.net/8317/5933/2296/Swift-CSP-Webinar-092325LD-Website-Images-Thumbnail-1290x600.jpg
Swift Customer Security Programme (CSP): All You Need to Know for 2025 Attestation

Related Solutions

Swift CSP

Ensure compliance with Swift CSP with Bottomline. Expert guidance and secure solutions for financial institutions.

Connectivity Services for Banks and Financial Institutions

A high-performance, multi-company financial messaging solution, providing a comprehensive connection hub to Swift and other networks.

Payments Connectivity & Compliance

Securely communicate financial transactions within and between businesses, globally and locally, while easily managing payment compliance and mitigating risk.