Baker Tilly Kuwait - SWIFT CSCF Compliance Assessment

SWIFT CSCF Assessment

The Society for Worldwide Interbank Financial Telecommunication, abbreviated S.W.I.F.T., is the world’s leading provider of secure financial messaging services and is headquartered in Belgium.

SWIFT’s international governance and oversight reinforce the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centers.

Who are SWIFT users?

SWIFT users are as follows:

  • Supervised Financial Institutions
    Banks and investment and insurance companies.
  • Non-Supervised Entity active in the financial industry
  • Closed User Groups and Corporate Entities, which include the following:
    Corporate, Financial Market Regulator, Payment System Participant, Securities Market Data Provider, Securities Market Infrastructure System Participant, Service Participant within Member Administered Closed User Group, and Treasury Counterparty.

What is SWIFT’s CSP?

SWIFT’s Customer Security Programme (CSP) was created to promote cybersecurity within the SWIFT user community and lead the collaboration within the industry in the battle against cyber threats.

SWIFT’s CSP helps financial institutions ensure that their defenses against cyberattacks are current and efficient, to safeguard the integrity of the wider financial network.

The SWIFT Customer Security Controls Framework (CSCF) is a part of CSP, which consists of mandatory and advisory security controls for users and helps secure their local network and the SWIFT community at large.

Are SWIFT users required to have assessment on SWIFT CSCF compliance?

Yes, SWIFT mandates that, at minimum, all mandatory controls of the attestation are independently assessed. The assessment must be conducted within the normal attestation window of early July until the year-end deadline of 31 December.

What is the mandatory framework in Kuwait governing SWIFT CSCF Compliance?

As per the Cybersecurity Framework for Kuwaiti Banking Sector, Control No. 4.5.2, item (d), the Central Bank of Kuwait requires Regulated Entities to comply with the latest version of the applicable best practices and standards such as SWIFT Customer Security Controls Framework.

Is Baker Tilly listed in the SWIFT Directory of Customer Security Programme (CSP) Assessment Providers?

Yes, Baker Tilly is listed in the SWIFT Directory of CSP Assessment Providers to perform the SWIFT CSCF Compliance Assessment.

What are the principles of SWIFT CSCF?

SWIFT CSCF contains 8 principles as follows:

  • Restrict Internet Access
  • Segregate Critical Systems from General IT Environment
  • Reduce Attack Surface and Vulnerabilities
  • Physically Secure the Environment
  • Prevent Compromise of Credentials
  • Manage Identities and Segregate Privileges
  • Detect Anomalous Activity to Systems or Transaction Records
  • Plan for Incident Response and Information Sharing.

What is the added value to business entities from SWIFT CSCF Compliance Assessment?

  • Ensure compliance with SWIFT regulatory requirements.
  • Enhance the stakeholders’ confidence in the reliability of SWIFT technology ensuring the continuity of services.
  • Proactively manage risks associated with SWIFT information systems in place.

Why choose Baker Tilly to provide this service?

Baker Tilly is distinguished by specialist professional experience and offers the following characteristics carrying added value to our clients as follows:

  • Baker Tilly is listed in SWIFT Directory of CSP Assessment Providers to provide the SWIFT CSCF compliance assessment services.
  • Global consulting firm operating in the State of Kuwait.
  • World-class laboratories are equipped with state-of-the-art tools used for vulnerability assessment and cyberattack exposures.
  • Updated databases of automated systems enabling the cybersecurity audit of any technology environment that a client adopts.
  • Updated databases of new methods used in cyberattacks and the processes to prevent the same.
  • Local experience under an umbrella of a global network comprising more than 250 cybersecurity experts.
  • Bilingual team