SWIFT Compliance – A Guide

The growing problem of cyber attacks is still a pressing issue for today’s organizations. Recent instances of payment fraud in banks local environments show the need for an industry-wide collaboration to prevent these threats from reoccurring.

Cyber attacks are becoming increasingly complicated within the financial community. The persistence of these threats underlines the importance of remaining proactive and vigilant in the long term.

While customers are responsible for protecting their access to SWIFT and their environments, the CSP (Customer Security Programme) was introduced to help customers with fighting against cyber fraud.

The CSP has created around 3 mutually reinforcing areas. First, banks will have to secure and protect their local environment; then they must detect and prevent fraud in their relationships and continue preparing to defend itself from cyber threats and continue sharing information.

What Advisory Controls are Available?

Three of the previous controls are mandatory

  1. Control 2.6: Falling under the “reduce attach surface vulnerabilities,” relates to the operator session integrity and confidentiality and requires organizations to protect the integrity and confidentiality of interactive sessions that are connected to the local SWIFT infrastructure.
  2. Control 2.7: This control refers to the vulnerability scanning and imposes the requirement to identify vulnerabilities within the SWIFT environment by implementing a vulnerability scanning process. Organizations are required to act upon the scanning results.
  3. Control 5.4: This control is located in the “manage identities and separate privileges” section is related to logical and physical password storage. This control requires the protection of logically and physically stored passwords.

How Can I Prepare for SWIFT Customer Security Program?

  • Don’t delay. Meeting these requirements is mandatory and the program isn’t going away, so there’s no reason in putting it off. You have to put a strategy in place that doesn’t only meet SWIFT’s requirements but protects your organization from payment fraud threats.
  • Don’t make compliance more difficult than it needs to be. The thought of meeting a SWIFT customer security program’s rules is daunting – even terrifying if you’re handling it alone. It doesn’t have to be that way. The best solutions are simple to adapt to your organization and there are technology firms that can handle the attestation process for you – this includes translating it into plain English so you know what to do.
  • Think of security as a long term initiative. While there’s an immediate need to comply with SWIFT customer security program and there’s a deadline associated with that. But protecting your organization is not something that can be crossed off a to-do list. Payment fraud is a marathon, not a sprint.


You have to implement a solution that will help your organization grow, offer fraud protection, and help you comply with SWIFT’s policies at the same time. Things you have to consider as you evaluate solutions is the ability to conduct a transaction and user monitoring. Look across the multiple payment types and the ability to hold payments if something goes wrong.

Do you have any questions SWIFT customer security program?

Tell us in the comments below.


Adam Hansen

Adam is a part time journalist, entrepreneur, investor and father.