SWIFT Releases Customer Security Guidance

SWIFT announced Monday (May 22) that it is setting global customer security standards and boosting its overall transparency on cybersecurity among users of the SWIFT network.

In a press release, SWIFT said in April it published the Customer Security Controls Policy, which lays out the terms in which self-attestations must be submitted. The policy also provides a security baseline for the SWIFT community and describes the procedures governing how access will be granted to view consenting counterparties’ attestations, it said in a press release.

“One of the key principles of the self-attestation process is to create momentum to drive improvements in security and risk management. Soon you will be able to request to view your counterparties’ self-attestations to support your cyber-risk management processes and business decision-making,” said Stephen Gilderdale, head of SWIFT’s Customer Security Program in the release.

According to SWIFT, the Customer Security Controls Policy contains further information on the requirement to self-attest against SWIFT’s mandatory security controls; the process and timelines for submitting self-attestation data to the KYC Registry Security Attestation application; the process for viewing counterparties’ self-attestation data via the KYC Registry Security Attestation application and follow-up actions in cases of late submission and non-compliance.

SWIFT said it strongly urges members to consult the documents and that self-attestations should be submitted via SWIFT’s KYC Registry Security Attestation application, which will be open for the submission and consumption of self-attestation data from July 2017 onwards.