SWIFT

Customer Security Controls Framework

Financial institutions using the SWIFT network have to comply with the mandatory requirements, outlined in the SWIFT Customer Security Controls Framework (CSCF).

For the year 2023 there are important changes in the CSCF v2023 compliance evaluation process, as well as the addition of new mandatory controls.

What is the SWIFT CSCF?

What is the impact?

Roadmap to SWIFT CSCF version v2023

How can RISCCO help you?

What is SWIFT CSCF?

SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, five updates to said document have been published, the versions of which are: CSCF v2019, CSCF v2020, CSCF v2021, CSCF v2022 y CSCF v2023.

The current version is CSCF v2023 and all financial institutions must do a compliance assessment no later than December 31, 2023.

Major changes to the compliance
assessment process starting in 2023

SWIFT has established new guidelines regarding the compliance assessment process of the CSCF v2023 framework that SWIFT users must do every year between the months of July and December. Until December 2020, the self-assessment of compliance with the CSCF framework could be carried out by the first line of defense in the Bank/Organization.

As of 2021, the concept of “Community-Standard Assessments” is created, which is mandatory and establishes that an “Independent” compliance assessment be carried out with internal or external advisors. The internal advisor can be the Internal Audit or Risk areas. The external advisor may be companies that are listed in the “CSP Assessment providers directory” published by SWIFT. RISCCO is part of such Directory.

Disclaimer

SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.

What is its impact?

SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, four updates to said document have been published, whose versions are: CSCF v2019, CSCF v2020, CSCF v2021, CSCF v2022 and CSCF v2023.

The current version is CSCF v2023 and all financial institutions must do a compliance assessment no later than December 31, 2023.

SWIFT customers have to carry out an evaluation of compliance with the mandatory requirements that apply to them according to their type of infrastructure (A1, A2, A3, A4 and B) before December 31, 2023 and declare them in the KYC-SA platform of SWIFT.

SWIFT, to provide transparency, will securely publish attestations through the “KYC SA”. The attestations are visible by all users on KYC SA, however level of compliance is only visible by counterparties that were granted Access.

The current version, SWIFT CSCF v2023, published in mid-2022, has 32 requirements, of which 24 are "mandatory" and 8 are "recommended".

In July 2022, SWIFT released version CSCF v2023, which provides guidance on implementation guidelines and includes changes to the requirements from the previous version.

Roadmap version SWIFT CSCF v2023

The SWIFT organization has created the following roadmap that clearly defines the evolution of the framework and delivery dates of the CSCF v2023 compliance assessments that SWIFT customers have to comply with.

How can RISCCO help you?

The services we are providing to our clients and friends are:

Gap Analysis

“Gap Analysis” between the organization's controls and the SWIFT Customer Security Controls Framework. We can carry out a "Gap Analysis" of the existing controls in the organization against the objectives, principles and controls of SWIFT CSCF. This service will allow you to identify areas of non-compliance and receive practical recommendations to comply with the mandatory requirements. As an extension of this service, RISCCO can also monitor the correct and timely implementation of the given recommendations.

External independent Assessment

“External independent Assessment” of compliance with the SWIFT Customer Security Controls Framework.

RISCCO can perform the "External Independent Assessment" of compliance with SWIFT of the objectives, principles and controls of the framework.

Organizations must submit the results of the SWIFT v2023 Assessment to SWIFT no later than 31 December 2023.

Comprehensive Review

Compliance review of the SWIFT Customer Security Controls Framework and associated operational controls. In addition to reviewing compliance with SWIFT CSCF requirements, jointly, you can assess the effectiveness of operational controls, processes and procedures related to money transfers via SWIFT. This comprehensive approach adds a lot of value because the organization, in addition to the technical review, receives recommendations on how to improve the controls of the money transfer operating process via SWIFT.

Why RISCCO?

RISCCO since 2019 is part of the "SWIFT directory of CSP providers". In addition, to date RISCCO has at least six professionals certified to perform the CSCF v2021, CSCF v2022 and CSCF v2023 compliance assessment.

In addition, RISCCO at the beginning of 2020 was incorporated into the Directory of "CSP Assessment providers directory" of SWIFT.

Disclaimer

SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.

Because we provide practical recommendations, which take into account generally accepted theories

The practical experience of our resources allows us to provide recommendations with business sense, that add value and, above all, are pragmatic. We evaluate the best way to adopt the best practices and theories, without creating unnecessary bureaucracies in our clients' operations.

Because we are focused and specialized in what we do

At RISCCO we specialize in providing services only in technological risk management, information security, expert reports on computer crimes and internal auditing. That is what we do and will continue to do. It is precisely our specialization, which allows us to provide recommendations and solutions quickly.

Because RISCCO's fee/years of experience ratio can hardly be bettered

Our fees, by themselves, are more accessible than other alternatives on the market.

About RISCCO

RISCCO is an independent regional company dedicated exclusively to helping organizations meet their GRC challenges (Governance , Risk & Compliance) and ESG (Environmental , Social & Governance); made up of professionals with the knowledge and credibility necessary to translate highly technical aspects into simple language with business sense. Thirteen (13) years after starting operations, RISCCO has in its client portfolio private companies and institutions of the Panamanian State, leaders in their field.

OUR CLIENTS

Who trusts RISCCO?

RISCCO IS YOUR PARTNER IN TECHNOLOGY RISK MANAGEMENT AND INTERNAL AUDIT

Interested in learning more about our solutions?

We have received your data 🎉
Thank you!

small_c_popup.png

Find out how we support your company's risk management.

let's talk