These days, IT security is a must, especially around payments, which are crucial for all companies. SWIFT, a key player in this landscape, has recently launched a new initiative aimed at detecting whether users of the SWIFT network are compliant with basic security controls. But is this taking things a step too far for corporates?
SWIFT has recently launched the Customer Security Programme (CSP), a new initiative based on a self-assessment questionnaire to determine whether a SWIFT user is or is not ‘secured’ and therefore respecting best practices in terms of security. On paper, this looks like a sound initiative. But is it a good idea in practice? After all, as the British would say: “if it ain’t broke, don’t fix it”.
At its heart, the CSP is dedicated to supporting financial institutions to reinforce the security of their SWIFT-related infrastructure. A Customer Security Control Framework (CSCF) was published in April 2017, partly as a result of the consequences of the cyberattacks faced by SWIFT. This Framework defines a set of mandatory and advisory controls that should be implemented in SWIFT customers’ operating environments.