Baker Tilly Kuwait - SWIFT CSCF Compliance Assessment

SWIFT CSCF Assessment

The Society for Worldwide Interbank Financial Telecommunication, abbreviated S.W.I.F.T., is the world’s leading provider of secure financial messaging services and is headquartered in Belgium.

SWIFT’s international governance and oversight reinforce the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centers.

What is SWIFT’s CSP?

SWIFT’s Customer Security Programme (CSP) was created to promote cybersecurity within the SWIFT user community and lead the collaboration within the industry in the battle against cyber threats.

SWIFT’s CSP helps financial institutions ensure that their defenses against cyberattacks are current and efficient, to safeguard the integrity of the wider financial network.

The SWIFT Customer Security Controls Framework (CSCF) is a part of CSP, which consists of mandatory and advisory security controls for users and helps secure their local network and the SWIFT community at large.

Who are SWIFT users?

SWIFT users are as follows:

  • Supervised Financial Institutions: Banks and investment and insurance companies.
  • Non-Supervised Entity active in the financial industry
  • Closed User Groups and Corporate Entities, which include the following:
    Corporate, Financial Market Regulator, Payment System Participant, Securities Market Data Provider, Securities Market Infrastructure System Participant, Service Participant within Member Administered Closed User Group and Treasury Counterparty.

Are SWIFT users required to have an assessment of SWIFT CSCF compliance?

Yes, SWIFT mandates that, at minimum, all mandatory controls of the attestation are independently assessed. The assessment must be conducted within the normal attestation window of early July until the year-end deadline of 31 December.

What is the mandatory framework in Kuwait governing SWIFT CSCF Compliance?

As per the Cybersecurity Framework for Kuwaiti Banking Sector, Control No. 4.5.2, item (d), the Central Bank of Kuwait requires Regulated Entities to comply with the latest version of the applicable best practices and standards such as the SWIFT Customer Security Controls Framework (CSCF).

Is Baker Tilly Kuwait listed in the SWIFT Directory of Customer Security Programme (CSP) Assessment Providers?

Yes, Baker Tilly is listed in the SWIFT Directory of CSP Assessment Providers to perform the SWIFT Customer Security Controls Framework (CSCF) Compliance Assessment.

What is the latest SWIFT CSCF version and what are the changes introduced?

The latest version is SWIFT CSCF v2023 published on 21 October 2022.

The latest version introduced a new addition to the list of mandatory controls. New Mandatory Control – 1.5 Customer Environment Protection – A control to ensure protection for customers’ connectivity infrastructure from the external environment.

What are the principles of SWIFT CSCF?

SWIFT Customer Security Controls Framework (CSCF) contains 8 principles as follows:

  • Restrict Internet Access
  • Segregate Critical Systems from General IT Environment
  • Reduce Attack Surface and Vulnerabilities
  • Physically Secure the Environment
  • Prevent Compromise of Credentials
  • Manage Identities and Segregate Privileges
  • Detect Anomalous Activity to Systems or Transaction Records
  • Plan for Incident Response and Information Sharing.

What is the deadline for achieving SWIFT CSP compliance?

Each year by December 31, SWIFT’s customers must submit their attestation to SWIFT’s KYC portal as part of the compliance requirements.

What are the scope and timing for the SWIFT CSCF Assessment?

The scope of the assessment must at least cover all mandatory controls of the applicable year and architecture type.

The timing for the associated attestation submission is from early July until the year-end deadline of 31 December.

What is the added value to business entities from SWIFT CSCF Compliance Assessment?

  • Ensure compliance with SWIFT regulatory requirements.
  • Enhance the stakeholders’ confidence in the reliability of SWIFT technology ensuring the continuity of services.
  • Proactively manage risks associated with SWIFT information systems in place.

Why do you choose Baker Tilly Kuwait to provide this service?

Baker Tilly Kuwait is distinguished by specialist professional experience and offers the following characteristics carrying added value to our clients as follows:

  • Baker Tilly Kuwait is listed in the SWIFT Directory of CSP Assessment Providers to provide the SWIFT Customer Security Controls Framework (CSCF) compliance assessment services.
  • Global consulting firm operating in the State of Kuwait.
  • World-class laboratories are equipped with state-of-the-art tools used for vulnerability assessment and cyberattack exposures.
  • Updated databases of automated systems enable the cybersecurity audit of any technology environment that a client adopts.
  • Updated databases of new methods used in cyberattacks and the processes to prevent the same.
  • Local experience under an umbrella of a global network comprising more than 250 cybersecurity experts.
  • Bilingual team