SWIFT CSCF Compliance Assessment

SWIFT CSCF Compliance Assessment

The Society for Worldwide Interbank Financial Telecommunication, abbreviated S.W.I.F.T., is the world’s leading provider of secure financial messaging services and is headquartered in Belgium.

SWIFT’s international governance and oversight reinforce the neutral, global character of its cooperative structure. SWIFT’s global office network ensures an active presence in all the major financial centers.

Who are SWIFT users?

SWIFT users are as follows:

  • Supervised Financial Institutions
    Banks and investment and insurance companies.
  • Non-Supervised Entity active in the financial industry
  • Closed User Groups and Corporate Entities
    Corporate, Financial Market Regulator, Payment System Participant, Securities Market Data Provider, Securities Market Infrastructure System Participant, Service Participant within Member Administered Closed User Group, and Treasury Counterparty.

What is The SWIFT CSCF Compliance Assessment?

SWIFT CSCF Compliance Assessment is the assessment of SWIFT users’ level of compliance with a set of mandatory controls as described in the Customer Security Controls Framework (CSCF).

What is the frequency of the SWIFT CSCF Compliance Assessment Report?

As required by SWIFT, the members shall submit their independent SWIFT CSCF Compliance Assessment Report by 31 December of each year in addition to the Baseline self-assessment.

What is the framework that governs SWIFT CSCF Compliance Assessment?

SWIFT developed the Independent Assessment Framework, which governs and articulates the SWIFT CSCF Compliance Assessment based on the Customer Security Controls Framework (CSCF) under the Customer Security Program introduced by SWIFT.

What is the mandatory framework in Kuwait governing SWIFT CSCF Compliance?

As per the Cybersecurity Framework for Kuwaiti Banking Sector, Control No. 4.5.2, item (d), the Central Bank of Kuwait requires Regulated Entities to comply with the latest version of the applicable best practices and standards such as SWIFT Customer Security Controls Framework.

Howe many controls comprise the Customer Security Controls Framework (CSCF)?

As of 2021, the Customer Security Controls Framework (CSCF) comprises 31 mandatory and advisory security controls that SWIFT users should implement to secure their operating environment. CSCF also has 3 objectives and 8 principles.

Who is the best positioned to perform the SWIFT CSCF Compliance Assessment?

The Independent Cybersecurity Compliance auditors are best positioned to perform the Customer Security Controls Framework (CSCF) Compliance Assessment function, which is generally responsible for the Cybersecurity controls and risks associated with a business entity’s SWIFT environment.

The auditors should obtain reasonable assurance that the SWIFT environment has adequate and effective controls are in place to meet the stated control objectives in the areas of Governance, Confidentiality, Integrity, Availability, and Change Management.

What are the criteria to be met by the independent third-party auditor?

The independent third-party auditor shall meet the following criteria:

  • Cyber security services experience and credentials
  • Strategic focus on cyber security services
  • Good reputation & commitment to customers in the financial industry
  • They should be an independent third party (external firm), approved by the Central Bank of Kuwait before entering into the engagement letter; and
  • They should have an academically and professionally qualified team with previous experience in the field of cybersecurity audits.

What is the scope of the SWIFT CSCF Compliance Assessment?

The scope of the SWIFT CSCF Compliance Assessment consists of three main activities:

  • Independent validation that the regulated entities meet the SWFIT security requirements
  • Verification of all traffic connectors (extended SIP), executed by SWIFT.
  • Risk-based samples with required SWIFT technology interfaces.

What are the domains under the scope of the SWIFT CSCF Compliance Assessment?

There are eight main domains that should be reviewed under SWIFT CSCF Compliance Assessment:

  • Restrict Internet Access
  • Segregate Critical Systems from General IT Environment
  • Reduce Attack Surface and Vulnerabilities
  • Physically Secure the Environment
  • Prevent Compromise of Credentials
  • Manage Identities and Segregate Privileges
  • Detect Anomalous Activity to Systems or Transaction Records
  • Plan for Incident Response and Information Sharing.

How can SWIFT CSCF Compliance Assessment help your business entity?

  1. Ensure compliance with SWIFT regulatory requirements.
  2. Enhance the stakeholders’ confidence in the reliability of SWIFT technology ensuring the continuity of services.
  3. Proactively manage risks associated with SWIFT information systems in place.
  4. Enhance the overall performance of information exchanging across all financial transactions

Why choose Baker Tilly to provide this service?

Baker Tilly is distinguished by specialist professional experience and offers the following characteristics carrying added value to our clients as follows:

  •  Global consulting firm operating in the State of Kuwait.
  • World-class laboratories are equipped with state-of-the-art tools used for vulnerability assessment and cyberattack exposures.
  • Updated databases of automated systems enabling the cybersecurity audit of any technology environment that a client adopts.
  • Updated databases of new methods used in cyberattacks and the processes to prevent the same.
  • Local experience under an umbrella of a global network comprising more than 250 cybersecurity experts.
  • Bilingual team

icon-angle icon-bars icon-times Scroll to Top
error: Alert: Content is protected !!