The SWIFT organization has created the following roadmap that clearly defines the evolution of the framework and delivery dates of the CSCF v2025 compliance assessments that SWIFT customers must meet.
SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, four updates to said document have been published, whose versions are: CSCF v2019, CSCF v2020, CSCF v2021, CSCF v2022, CSCF v2023, CSCF v2024 and CSCF v2025.
The current version is CSCF v2025 and all financial institutions must do a compliance assessment no later than December 31, 2025.
SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, four updates to said document have been published, whose versions are: CSCF v2019, CSCF v2020, CSCF v2021, CSCF v2022, CSCF v2023, CSCF v2024 and CSCF v2025.
The current version is CSCF v2025 and all financial institutions must do a compliance assessment no later than December 31, 2025. SWIFT customers have to carry out an evaluation of compliance with the mandatory requirements that apply to them according to their type of infrastructure (A1, A2, A3, A4 and B) before December 31, 2025 and declare them in the KYC-SA platform of SWIFT.
SWIFT, to provide transparency, will securely publish attestations through the “KYC SA”. The attestations are visible by all users on KYC SA, however, level of compliance is only visible by counterparties that were granted access.
The current version, SWIFT CSCF v2025, published in mid-2024, has 32 requirements, of which 25 are “mandatory” and 7 are “recommended”.
In July 2024, SWIFT released version CSCF v2025, which provides guidance on implementation guidelines and includes changes to the requirements from the previous version.
Disclaimer
SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.
SWIFT Customer Security Controls Framework (SWIFT CSCF) is a set of “mandatory” and “recommended” requirements that the nearly 11,000 financial institutions that are part of the network have to meet. In April 2017, the first version of SWIFT CSCF v2017 was published. Subsequently, four updates to said document have been published, whose versions are: CSCF v2019, CSCF v2020, CSCF v2021, CSCF v2022, CSCF v2023, CSCF v2024 and CSCF v2025.
The current version is CSCF v2025 and all financial institutions must do a compliance assessment no later than December 31, 2025.
Los clientes de SWIFT deben realizar una evaluación del cumplimiento de los requisitos obligatorios que se les aplican según su tipo de infraestructura (A1, A2, A3, A4 y B) antes del 31 de diciembre de 2025 y declararlos en la plataforma KYC-SA de SWIFT.
SWIFT customers have to carry out an evaluation of compliance with the mandatory requirements that apply to them according to their type of infrastructure (A1, A2, A3, A4 and B) before December 31, 2025 and declare them in the KYC-SA platform of SWIFT.
SWIFT, to provide transparency, will securely publish attestations through the “KYC SA”. The attestations are visible by all users on KYC SA, however, level of compliance is only visible by counterparties that were granted access.
The current version, SWIFT CSCF v2025, published in mid-2024, has 32 requirements, of which 25 are “mandatory” and 7 are “recommended”.
In July 2024, SWIFT released version CSCF v2025, which provides guidance on implementation guidelines and includes changes to the requirements from the previous version
“Gap Analysis” between the organization's controls and the SWIFT Customer Security Controls Framework. We can carry out a "Gap Analysis" of the existing controls in the organization against the objectives, principles and controls of SWIFT CSCF. This service will allow you to identify areas of non-compliance and receive practical recommendations to comply with the mandatory requirements. As an extension of this service, RISCCO can also monitor the correct and timely implementation of the given recommendations.
External Independent Assessment of compliance with the SWIFT Customer Security Controls Framework.
RISCCO can conduct the External Independent Assessment of compliance with SWIFT against the framework's objectives, principles, and controls.
Organizations must submit the results of the SWIFT v2025 Assessment to SWIFT no later than December 31, 2025.
Compliance review of the SWIFT Customer Security Controls Framework and associated operational controls. In addition to reviewing compliance with SWIFT CSCF requirements, jointly, you can assess the effectiveness of operational controls, processes and procedures related to money transfers via SWIFT. This comprehensive approach adds a lot of value because the organization, in addition to the technical review, receives recommendations on how to improve the controls of the money transfer operating process via SWIFT.
Disclaimer
SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.
The practical experience of our resources allows us to provide recommendations with business sense, that add value and, above all, are pragmatic. We evaluate the best way to adopt the best practices and theories, without creating unnecessary bureaucracies in our clients' operations.
At RISCCO we specialize in providing services only in technological risk management, information security, expert reports on computer crimes and internal auditing. That is what we do and will continue to do. It is precisely our specialization, which allows us to provide recommendations and solutions quickly.
Our fees, by themselves, are more accessible than other alternatives on the market.
RISCCO es una compañía regional independiente y dedicada de manera exclusiva a ayudar a organizaciones a enfrentar sus desafíos en GRC (Governance, Risk & Compliance) y ESG (Environmental, Social & Governance); compuesta por profesionales con el conocimiento y credibilidad necesaria para traducir aspectos muy ténicos a un lenguaje simple y con sentido de negocio. Con trece (13) años de haber iniciado operaciones, RISCCO cuenta en su cartera de clientes con compañías privadas e instituciones del Estado Panameño, líderes en su ramo.
Complete the following form and our team will contact you shortly.
