CFT supports banks in complying with SWIFT CSP security requirements
In 2017, Center of Financial Technologies (CFT) was included in the Directory of Cyber Security Service Providers accredited for implementation of the SWIFT Customer Security Programme (CSP). The company started implementing the projects on attestation and analysis of the connection security of the financial institutions’ IT infrastructure to SWIFT.
In 2016, SWIFT developed the Customer Security Programme (CSP) in order to increase the level of cyber security of SWIFT customers. Within its framework, all SWIFT customers are required to carry out annual attestation of banking security compliance against 16 controls. The new requirements apply to the whole IT environment of the bank – from data exchange to user PC settings.
SWIFT customers are required to evaluate the compliance independently or with the assistance of independent auditors accredited by SWIFT. CFT has a long-term experience in auditing the compliance with different banking standards, and is a member of the Russian National SWIFT Association (ROSSWIFT). CFT has all required expertise and resources to provide high-quality services to banks on audit and consulting under the SWIFT CSP.
“Our task as a vendor is to help banks make the system for transfer of payment information even more secure and eliminate to the fullest the financial and reputational risks of the banks and their customers,” says Andrey Visyaschev, Chairman of CFT Board. “As of today, we have already implemented several successful projects on the analysis of the connection security of financial institutions to SWIFT. We completed our first project on attestation of the compliance of local infrastructure with the new SWIFT requirements at Expobank, one of the leading participants of the Russian financial market. The work results showed our partner the high security level of their connection to SWIFT. Our specialists also audited the information security of the IT infrastructure at Aksonbank, and implemented their own internal project, i.e. evaluated the compliance of Credit Union “Payment Center” (part of CFT Group) with the new SWIFT requirements. Such checks have become mandatory and yearly for financial market participants since 2018, therefore we have included consulting services related to compliance with the SWIFT CSP standards in our services portfolio and we are ready to render assistance to banks in checking the efficiency of their information security measures.”
Within the framework of cyber security services for SWIFT customers, CFT specialists perform comprehensive analysis of the financial institution’s IT infrastructure security, survey the bank’s existing IT environment, and evaluate the compliance of the front-end SWIFT infrastructure with the requirements of the SWIFT Customer Security Controls Framework.