Is SWIFT CSP attestation mandatory?

Yes. All SWIFT users must complete an annual self-attestation against the mandatory controls. Since 2021, independent assessments are also required, conducted by an internal or external assessor.

What are SWIFT architecture types?

SWIFT defines architecture types (A1-A4, B) based on how an organisation connects to the SWIFT network. Each type has different control requirements. GRCTrack helps you identify your architecture type and applicable controls.

What happens if we fail attestation?

Non-compliant attestations are shared with counterparties, potentially affecting business relationships. SWIFT may also impose restrictions on messaging capabilities for persistently non-compliant users.

All Frameworks

32 Controls

SWIFT CSP 2024

SWIFT Customer Security Programme

The SWIFT Customer Security Programme establishes mandatory and advisory security controls for all SWIFT users to protect against cyber threats targeting financial messaging infrastructure. Annual attestation is required for all SWIFT users.

Start Free Trial Request Demo

Ideal For

BanksFinancial InstitutionsPayment ProcessorsSecurities Firms

What is SWIFT CSP 2024?

The SWIFT Customer Security Programme establishes mandatory and advisory security controls for all SWIFT users to protect against cyber threats targeting financial messaging infrastructure. Annual attestation is required for all SWIFT users.

SWIFT CSP applies to all organisations connected to the SWIFT network, including banks, payment processors, securities firms, and corporate treasury departments. All SWIFT users must annually attest their compliance with the mandatory security controls defined in the Customer Security Controls Framework (CSCF).

Key Requirements

Core areas of SWIFT CSP 2024 that organisations must address.

Restrict internet access and protect critical systems

Reduce attack surface and vulnerabilities

Physically secure the environment

Prevent compromise of credentials

Manage identities and segregate privileges

Detect anomalous activity and respond to incidents

How GRCTrack Supports SWIFT CSP 2024

Mandatory and advisory controls

Self-attestation requirements

Independent assessment support

Control implementation guides

Architecture type classification

Annual compliance certification

Financial Security

Protect critical financial messaging systems.

Industry Standard

Meet SWIFT network requirements.

Trust Building

Demonstrate security to counterparties.

Frequently Asked Questions

Ready to Simplify SWIFT CSP 2024 Compliance?

Join hundreds of organisations using GRCTrack to manage compliance.

Start Free Trial View All Frameworks