Email Contact Phone Company Visit Website

SWIFT Office Head Office

Avenue Adèle 1
La Hulpe


+32 2 655 4228 Mobile: 032.474.76.77.27


Veronique Vanderbrug
[email protected]
Back to all SWIFT announcements

SWIFT introduces mandatory customer security requirements and an associated assurance framework

SWIFT announces the introduction of a set of core security standards and an associated assurance framework for its customers. The standards will be mandatory for all customers, who will be required to demonstrate their compliance annually against the specified controls set out in the assurance framework.

The core security standards are based on three overarching objectives which address major areas of attention for customers’ SWIFT-related environments. Under SWIFT’s new assurance framework, customers will be required to provide self-attestation against 16 mandatory controls on an annual basis. Self-attestation will start in the second quarter of 2017 when the standards will be made applicable to all customers connected to SWIFT, including those connected through service bureaus.

SWIFT CEO Gottfried Leibbrandt, said: “While customers remain responsible for protecting their own environments, SWIFT is fully committed to helping strengthen customers’ security and helping them improve their security measures and our aim in setting out this framework is to support customers by helping to drive awareness and improvements in the industry’s overall security. We will do this by maintaining a dynamic assurance approach, evolving the framework in line with the changing threat landscape, and making sure it complements emerging regulatory guidance.”

Inspections and enforcement will begin on 1 January 2018, when customers’ compliance status will be made available to their counterparts, ensuring transparency and allowing firms to assess risk of counterparts with whom they are doing business.

From January 2018, SWIFT will report the status of any non-compliant customers to their regulators, and randomly select customers who will be required to provide additional assurance either from their internal or their external auditors. This quality assurance process will not preclude customers from independently requesting additional assurance from their counterparts. In addition, customers will also be able to choose to disclose their compliance with a further 11 advisory controls that will supplement the 16 mandatory controls.

SWIFT Chairman Yawar Shah said: “We recognise that this will be a long-haul, and will require industry-wide effort and investment, as well as active engagement with regulators. The growing cyber threat requires a concerted, community-wide response. This is also why the SWIFT board unanimously approved the framework and remains fully engaged in overseeing and driving the further development of SWIFT’s Customer Security Programme.”

The detailed objectives and controls will be made available to SWIFT customers at the end of October 2016. During a two-month validation period, SWIFT will engage with nominated security contacts at SWIFT National Member Groups to collect community feedback before the final standards are published at the end of March 2017.