SWIFT Customer Security Program

Time to get ready

  • Share

Over the past few years, financial services policymakers and regulators have increasingly realized that that it is now a matter of when, not if, the industry will suffer a major system-wide disruption, one that aims to destroy. New or proposed regulatory standards are being issued more frequently in the US and abroad.
Within this context, there is an even more enhanced focus on the security of the Society for Worldwide Interbank Financial Telecommunications (SWIFT). After all, it processes 6.1 billion transactions a year, of which a significant minority (around one-fifth) are processed with manual intervention, and it has more than 11,000 customers.
SWIFT’s most prominent new initiative is its Customer Security Program (CSP), which takes effect this year, starting in Q2. The CSP covers a range of issues that are now becoming commonplace in new and more demanding — and now increasingly mandatory — requirements, notably the need for:

  • Strong access, privilege, password and database controls, and multi-factor authentication
  • Detailed knowledge of, and controls over, data flows linkages to business processes, and dependencies on external critical vendors
  • Effective, timely and robust situational awareness; vulnerability and penetration testing; scenario analysis; detection and anomaly analytics; and incident response
  • Integrated people strategy, including training and segregation of duties
  • Thorough logging, monitoring and audit processes

Our new report outlines why implementing the CSP effectively is important, what the standards are, and the critical questions firms should answer as they move forward.

EY Omni-channel report 2015

Download full report