AuditXYZ

Compliance Framework

SWIFT Customer Security Programme

The SWIFT Customer Security Programme requires all SWIFT users to meet mandatory security controls. This guide covers the CSCF, architecture types, assessment requirements, and implementation strategies.

$30,000–$300,0003–9 monthsAudit Required2024 (CSCF v2024)
Request a ConsultationSee process
Issuing BodySociety for Worldwide Interbank Financial Telecommunication (SWIFT)
First Published2017-01-01
Latest Version2024 (CSCF v2024)
Typical Cost$30,000–$300,000
Typical Timeline3–9 months
Audit RequiredYes
Audit FrequencyAnnual independent assessment against the Customer Security Controls Framework (CSCF). Results submitted via the KYC Security Attestation.
Geographyglobal

SWIFT CSP: Customer Security Programme Guide

The SWIFT Customer Security Programme (CSP) was launched in 2017 following a series of high-profile cyberattacks targeting SWIFT-connected institutions, most notably the $81 million Bangladesh Bank heist. The programme requires all SWIFT users worldwide to meet mandatory security controls defined in the Customer Security Controls Framework (CSCF) and to attest to their compliance annually.

What SWIFT CSP Covers

The CSCF organizes controls into three objectives: secure your environment, know and limit access, and detect and respond. Controls are classified as mandatory (must be implemented by all users) or advisory (strongly recommended best practices). The 2024 version includes 25 mandatory and 7 advisory controls covering network security, privilege management, multi-factor authentication, software integrity, logging, and incident response.

The specific controls applicable to each institution depend on their architecture type — ranging from Type A1 (SWIFT infrastructure within the user's environment) to Type A4 (using a service provider) — with different control applicability for each type.

Who Needs SWIFT CSP Compliance

Every organization connected to the SWIFT network must comply with the CSP. This includes banks, broker-dealers, clearinghouses, custodians, and other financial market infrastructure providers. Service bureaus that operate SWIFT infrastructure on behalf of clients face additional requirements. SWIFT has over 11,000 member institutions across 200+ countries.

Implementation Approach

Determine your architecture type and identify applicable mandatory and advisory controls. Conduct a gap assessment against the CSCF. Prioritize remediation of mandatory control gaps, focusing on network segmentation, multi-factor authentication, and privileged access management. Engage an independent assessor for the annual assessment and submit your attestation through the KYC Security Attestation portal before the annual deadline.

Cost Considerations

Typical costs range from $30,000 for institutions with mature security programs and simple architectures to $300,000 for those requiring significant remediation. SWIFT publishes compliance rates and non-compliant institutions face increased counterparty scrutiny, potentially affecting their ability to transact on the network. The independent assessment requirement, introduced in 2021, added $20,000 to $50,000 in annual assessment costs.

Get the SWIFT CSP starter pack

By submitting, you agree to our privacy policy.

Framework Mappings

Related frameworks

iso-27001pci-dssnist-csf

Get matched with a SWIFT CSP auditor in 24 hours

Free, no-obligation — just tell us your email and we'll do the rest.

By submitting, you agree to our privacy policy.

Related Frameworks

ISO 27001
Framework
ISO 27001 is the international gold standard for information security management. This guide covers everything from scoping to certification, with real costs, timelines, and practical implementation advice.
View
NIST CSF
Framework
The NIST Cybersecurity Framework provides a flexible, risk-based approach to managing cybersecurity risk. Learn how CSF 2.0 helps organizations of all sizes improve their security posture.
View
PCI DSS
Framework
PCI DSS v4.0 is the global standard for protecting payment card data. This guide covers all 12 requirements, merchant levels, SAQ types, cost breakdowns, and the transition from v3.2.1 to v4.0.
View

Recommended Tools

6clicks Review 2026: Pricing, Features, and Verdict
Tool
Review of 6clicks, the AI-powered GRC platform with hub-and-spoke architecture. Covers Hailey AI, multi-entity support, pricing, and ideal use cases.
View
Akitra Review 2026: Pricing, Features, and Verdict
Tool
Review of Akitra, a compliance automation platform with broad framework coverage including FedRAMP and CMMC. Covers pricing, features, and who should use it.
View
Anecdotes Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes, a compliance OS that aggregates security tool data. Covers the aggregation approach, AI gap analysis, and comparison with Vanta.
View
Anecdotes Trust Center Review 2026: Pricing, Features, and Verdict
Tool
Review of Anecdotes Trust Center, the compliance-as-code trust portal. Covers live compliance sync, developer-friendly approach, pricing, and positioning.
View