Panamá Panamá
Panamá

SWIFT

Customer Security Controls Framework

Financial institutions using the SWIFT network have to comply with the mandatory requirements, outlined in the SWIFT Customer Security Controls Framework (CSCF).

For the year 2022 there are important changes in the CSCF v2022 compliance evaluation process, as well as the addition of new mandatory controls.

What is the SWIFT CSCF?

What is the impact?

Roadmap to SWIFT CSCF version V2022

How can RISCCO help you?

What is SWIFT CSCF?

SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, four updates to said document have been published, whose versions are: CSCF v2019, CSCF v2020, CSCF v2021 and CSCF v2022.

The current version is CSCF v2022 and all financial institutions must make a compliance assessment no later than December 31, 2022.

Important changes in the evaluation process
of compliance from 2022

SWIFT International has established new guidelines regarding the process of assessing compliance with the CSCF v2022 framework that Banks must carry out every year between the months of July and December.

Until December 2020, the self-assessment of compliance with the CSCF framework could be carried out by the first line of defense in the Bank/Organization.

As of 2021, the concept of “Community-Standard Assessments” is created, which is mandatory and establishes that an “Independent” compliance assessment be carried out with internal or external advisors. The internal advisor can be the Internal Audit or Risk areas. The external advisor may be companies that are listed in the “Independent Advisors Directory” published by SWIFT. RISCCO is part of said Board of Directors.

What is its impact?

SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, four updates to said document have been published, whose versions are: CSCF v2019, CSCF v2020, CSCF v2021 and CSCF v2022.

The current version is CSCF v2022 and all financial institutions must make a compliance assessment no later than December 31, 2022.

SWIFT customers have to carry out an evaluation of compliance with the mandatory requirements that apply to them according to their type of infrastructure (A1, A2, A3, A4 and B) before December 31, 2022 and declare them in the KYC-SA platform of SWIFT.

SWIFT International, to provide transparency, will securely publish the results of the evaluation through the “KYC Registry”, so that other members of the network know the level of compliance of their peers.

The current version, SWIFT CSCF v2022, published in mid-2021, has 32 requirements, of which 23 are "mandatory" and 9 are "recommended".

In July 2021, SWIFT released version CSCF v2022, which provides guidance on implementation guidelines and includes changes to the requirements from the previous version.

Roadmap version SWIFT CSCF v2022

The SWIFT organization has created the following roadmap that clearly defines the evolution of the framework and the delivery dates of the CSCF v2022 compliance assessments that SWIFT customers have to meet.

How can RISCCO help you?

The services we are providing to our clients and friends are:

Gap Analysis

“Gap Analysis” between the organization's controls and the SWIFT Customer Security Controls Framework. We can carry out a "Gap Analysis" of the existing controls in the organization against the objectives, principles and controls of SWIFT CSCF. This service will allow you to identify areas of non-compliance and receive practical recommendations to comply with the mandatory requirements. As an extension of this service, RISCCO can also monitor the correct and timely implementation of the given recommendations.

Independent External Assessor Self Assessment

“Independent External Assessor Self Assessment” of compliance with the SWIFT Customer Security Controls Framework. RISCCO can perform the "Independent External Assessor Self Assessment" of compliance with SWIFT of the objectives, principles and controls of the framework. Organizations must submit the results of the SWIFT v2022 Self Assessment to SWIFT International no later than 31 December 2022.

Comprehensive Review

Compliance review of the SWIFT Customer Security Controls Framework and associated operational controls. In addition to reviewing compliance with SWIFT CSCF requirements, jointly, you can assess the effectiveness of operational controls, processes and procedures related to money transfers via SWIFT. This comprehensive approach adds a lot of value because the organization, in addition to the technical review, receives recommendations on how to improve the controls of the money transfer operating process via SWIFT.

Why RISCCO?

The services we are providing to our clients and friends are: RISCCO in 2019 was the first and only 100% Panamanian company, which is part of the directory of authorized providers of cybersecurity services of the SWIFT organization. In addition, to date RISCCO has at least four professionals who have taken specialization courses in CSCF v2021 and CSCF v2022 compliance assessment.

In addition, RISCCO at the beginning of 2020 was incorporated into the Directory of "Independent External Assessor" of SWIFT.

Because we provide practical recommendations, which take into account generally accepted theories

The practical experience of our resources allows us to provide recommendations with business sense, that add value and, above all, are pragmatic. We evaluate the best way to adopt the best practices and theories, without creating unnecessary bureaucracies in our clients' operations.

Because we are focused and specialized in what we do

At RISCCO we specialize in providing services only in technological risk management, information security, expert reports on computer crimes and internal auditing. That is what we do and will continue to do. It is precisely our specialization, which allows us to provide recommendations and solutions quickly.

Because RISCCO's fee/years of experience ratio can hardly be bettered

Our fees, by themselves, are more accessible than other alternatives on the market.

About RISCCO

RISCCO is an independent regional company dedicated exclusively to helping organizations meet their GRC challenges (Governance , Risk & Compliance) and ESG (Environmental , Social & Governance); made up of professionals with the knowledge and credibility necessary to translate highly technical aspects into simple language with business sense. Thirteen (13) years after starting operations, RISCCO has in its client portfolio private companies and institutions of the Panamanian State, leaders in their field.

OUR CLIENTS

Who trusts RISCCO?

RISCCO IS YOUR PARTNER IN TECHNOLOGY RISK MANAGEMENT AND INTERNAL AUDIT

Interested in learning more about our solutions?