The SWIFT Customer Security Programme (CSP) is a global initiative launched by Society for Worldwide Interbank Financial Telecommunication (SWIFT) to enhance the security of the financial community and protect against cyberattacks.

It focuses on establishing a set of mandatory and advisory security controls, requiring financial institutions to attest to their compliance annually. The program evolves with the changing threat landscape and aims to maintain the integrity of the global financial network.

We provide support across all phases—initial gap analysis, risk remediation planning, documentation review, testing, and final attestation preparation—delivered by a team of cybersecurity and compliance experts

Core Objective:

The CSP's primary goal is to fortify the security of the Swift network by establishing baseline security standards and an assurance framework.

Customer Security Controls Framework (CSCF):

SWIFT provides a framework of security controls, both mandatory and advisory, that financial institutions must implement.

Annual Attestation:

Users are required to attest to their level of compliance with the CSCF controls annually, demonstrating their commitment to the program.

Evolution and Adaptation:

The CSP is a dynamic program that adapts to the ever-evolving cyber threat landscape and the evolving maturity of the Swift membership.

Independent Assessments:

In addition to self-attestation, many institutions also undergo independent assessments to validate their compliance with the CSP.

Focus Areas:

The CSP includes measures such as restricting internet access, protecting critical systems, reducing the attack surface, managing vulnerabilities, and implementing incident response plans.

Compliance and Security:

By adhering to the CSP, financial institutions contribute to a more secure global financial ecosystem and mitigate the risk of cyberattacks.

Scope of Services

Phase 1: SWIFT CSP Gap Assessment

Review current security environment against SWIFT CSCF v2024 controls.

Conduct on-site or remote technical assessment.

Interview key stakeholders (IT, InfoSec, Risk).

Identify compliance gaps and risks.

Phase 2: Remediation Roadmap & Advisory

Develop a practical remediation plan with prioritized controls.

Recommend technology solutions and process improvements.

Assist with drafting or updating:

System Security Plans

Logical Access and Network Architecture Diagrams

Asset Inventories for SWIFT components

Phase 3: Validation & Evidence Collection

Review or assist in collecting required artifacts (logs, screenshots, configurations).

Validate implementation of mandatory controls.

Perform limited testing (vulnerability scan, configuration review, firewall validation, etc.).

Phase 4: Attestation Support

Prepare draft Independent Assessment Report.

Support completion of the SWIFT CSP Attestation Template (KYC Registry).

Participate in review meetings with internal or external compliance teams.

Provide board or executive-level reporting package if required.