CSP SWIFT Compliance Audit

BDO is here to help you do your yearly independent assessment of your compliance with the CSP


What is the SWIFT Customer Security Programme (CSP) ?

SWIFT runs a worldwide network that lets money move into and out of countries. The platform has a growing network of over 11,000 users, which is increasingly becoming vulnerable to advanced hacking attacks. 

Combating fraud and cyberattacks is a shared challenge for the whole SWIFT network. Attackers are using more advanced tools in this challenge. Although users of SWIFT are accountable for the security of their respective environments, the actual security of the network is collectively owned. To tackle this, SWIFT created the Customer Security Program (CSP) back in 2016. Its goal is to increase security in the SWIFT community overall and help users counter cyber fraud.

What is the Customer Security Controls Framework (CSCF)?

The SWIFT Customer Security Controls Framework (CSCF) is a set of mandatory and advisory measures for SWIFT users. These controls need to be implemented in their local SWIFT infrastructure. 

At present, the CSCF is made up of three main objectives and second order seven principles and 32 controls. In a collaboration with experts in the industry and based on intelligence of cyber threat as observed by SWIFT. They follow already established information security standards

Objective 1: Secure Your Environment

  • Restrict Internet Access: Protect critical systems from general IT environments and limit exposure to external networks.
  • Reduce Attack Surface: Minimize vulnerabilities and entry points.
  • Ensure Physical Security: Safeguard the physical environment hosting SWIFT infrastructure.

Objective 2: Know and Control Access

  • Prevent Credential Compromise: Implement robust protections for user credentials.
  • Manage Identities and Privileges: Enforce strong identity management and separate privileges to minimize risks.

Objective 3: Detect and Respond

  • Detect Anomalous Activities: Monitor system logs and transaction records for irregularities.
  • Prepare for Incidents: Develop and test incident response plans and information-sharing protocols.

Your Key Contact


Salih Krioui
Consultant Senior Manager