How to comply with the mandatory controls for SWIFT participants

In response to recent cases of major cyber-fraud exploiting weaknesses in local infrastructures run by SWIFT participants, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) has issued a set of mandatory controls designed to help participants combat the threats.

To establish a security baseline for the entire SWIFT community, all SWIFT participants are called upon to implement 16 mandatory and 11 advisory security controls based on existing SWIFT guidelines and best practice standards. The controls, part of the SWIFT Customer Security Programme (SWIFT CSP), revolve around securing the environment, knowing and limiting access, and detecting and responding to threats.

Urgent action required

The SWIFT CSP will come into force on 1 January 2018, and shortly afterwards participants will be required to demonstrate compliance, either via a self-assessment, an internal audit, or an external audit. There will also be regular spot-checks by SWIFT. Non-compliance or late submission of confirmation of compliance will be reported to local supervisory authorities or other SWIFT counterparties, so there are major implications for participants failing to implement the controls properly.

SWIFT participants should act quickly to do a self-assessment, make sure they can prove compliance annually, and take steps to understand and anticipate the cyber-threats.

PwC’s Cybersecurity and Risk Assurance services are there to help participants get an up-to-date view of the relevant threats, assess their SWIFT readiness, implement the new controls, report on compliance, and detect threats on an ongoing basis.

The team at PwC has produced a brochure with comprehensive information on the new SWIFT controls.

For more information please contact:

Reto Häni
Cyber Security Partner and Leader
PwC Digital Services
+41 79 345 01 24

Yan Borboën
Cyber Security Partner
PwC Assurance
+41 79 580 73 53

Jens Probst
Systems & Process Leader
PwC Assurance
+41 58 792 29 59

Nicolas Vernaz
Data Protection and Regulatory Compliance Leader
PwC Digital Services
+41 79 419 43 30


Published by

Reto Häni

Reto Häni

Reto Haeni
Partner and Leader Cybersecurity and Privacy
Bahnhofplatz 10
3001 Bern
+41 58 792 7512

Reto Haeni leads the cybersecurity practice of PwC Switzerland and is a member of the PwC Digital Services Leadership Team. PwC Cybersecurity is a multi-disciplinary group of cybersecurity, technology risk and forensics specialists who provide end-to-end cybersecurity consulting services across the whole lifecycle, from strategy through design and implementation to operation. We are the largest professional security consulting provider worldwide as ranked by Gartner and operate 55 forensic laboratories in 42 countries including Switzerland. Having a range of proprietary tools covering breach detection, intrusion analysis and threat intelligence we can provide a "follow the sun" model for cybersecurity services across all industries.