In April SWIFT published the Customer Security Controls Framework, a detailed description of the mandatory and advisory customer security controls. This new Framework provides a security baseline for the community.  

To complement this, SWIFT is today publishing the Customer Security Controls Policy which sets out the terms under which your self-attestations must be submitted. The Policy also describes the procedures governing how you will be granted access to view your consenting counterparties’ attestations.

Stephen Gilderdale, Head of SWIFT’s Customer Security Programme, said “One of the key principles of the self-attestation process is to create momentum to drive improvements in security and risk management. Soon you will be able to request to view your counterparties’ self-attestations to support your cyber-risk management processes and business decision-making.”

The Customer Security Controls Policy contains further information on:
The requirement to self-attest against SWIFT’s mandatory security controls.
The process and timelines for submitting your self-attestation data to The KYC Registry Security Attestation application.
The process for viewing your counterparties’ self-attestation data via The KYC Registry Security Attestation application.
Follow-up actions in cases of late submission and non-compliance.

We strongly urge you to consult this document and to begin preparing yourselves. Self-attestations should be submitted via SWIFT’s KYC Registry Security Attestation application, which will be open for the submission and consumption of self-attestation data from July 2017 onwards. All SWIFT users must have submitted a self-attestation by the end of December 2017. SWIFT reserves the right to report supervised users that have failed to submit their self-attestations to local supervisors from January 2018, and to report non-supervised users to their messaging counterparties.

One of the key principles of the self-attestation process is to create momentum to drive improvements in security and risk management. Soon you will be able to request to view your counterparties’ self-attestations to support your cyber-risk management processes and business decision-making.