Site Search

Loading Results

SWIFT Customer Security Program (CSP)

SWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF), before attesting their level of compliance security.

With solid attestation and compliance rates, the CSP reflects a community of highly engaged users committed to stopping cyberattacks in their tracks. And, as the cyber threat landscapes evolves, so does the CSP.

How we help our clients

 

PwC can help you by performing:

  • Readiness assessment - PwC will establish the scope, assess controls, conduct gap analysis, and provide recommendations on identified control gaps.
  • Attestation and reporting services - PwC will issue a service auditor’s opinion on the fairness of the presentation of the description of the system, the suitability of the design of the controls to meet the specified control objectives and, in a type 2 report, the operating effectiveness of those controls.
  • Staff secondment - PwC will source out employees that will act as your:
    • Project manager - we will act as a liaison officer between the auditors and process owners for your audit and compliance projects. Our responsibility includes managing document requests and audit raised issues.
    • Staff - we will execute tasks as determined by your team. This may include creation of risk and controls matrix, risk issues tracker, management written statement and controls description report.

 

Why are we qualified to help

PwC has engaged recurring third party assurance report engagements with different organizations ranging from back office solutions, research and development, healthcare, and technology service providers among others. By bringing together our industry-specific skills in technology, regulatory compliance, finance and accounting and other business processes, our team has helped multiple clients identify and mitigate risk and enhancing trust and transparency with their customers.

We have also worked with other PwC offices (under direct supervision) in assessing the Global ISAE 3402 Type 2 and GS007 reports over the Share Service Center's (SSC) controls related to the trade operations across different market segments.

Our team's combined credentials are composed of the following:

  • Certified Public Accountant (CPA) in the Philippines
  • Certified Information Systems Auditor (CISA)
  • Certified in COBIT 5 Foundation Level (CCOBIT5F) and Implementation (CCOBIT5I) 
  • ISO Lead Auditor for Business Continuity Management Systems (ISO 22301:2012) Course Passer
  • ISO Lead Auditor for Quality Management Systems (ISO 9001:2008) Course Passer
  • ISO Information Security Management System Auditor/Lead Auditor (ISO 27001:2013) Course Passer
  • Quality Assurance Improvement Program (Quality Assurance Review) Course Passer

The following selected citations represent engagements where we have helped clients:

ISAE 3000 Attestation of a Global Investment Bank

The client required an ISAE 3000 assurance report over the SWIFT CSP framework for 100 messaging BICs owned and operated by the client, hosted in 4 different SWIFT environments spread across several data centres.

A key objective of this report is to demonstrate compliance with the SWIFT CSP framework to the regulators and SWIFT.

Internal Audit of SWIFT CSP Attestation of Large Universal Bank

The client required PwC to perform an internal audit on the SWIFT CSP self-attestation submitted to the SWIFT SCRL in December 2017 to identify gaps or inaccuracies against the SWIFT CSP framework requirements.

The requirement was to provide this internal audit report over 4 BIC infrastructures located globally.

Readiness Assessment for a Large Universal Bank

The client requested us to assist in gauging their readiness to submit the SWIFT CSP self-attestation in December 2017. This was specifically aimed to help the CISO understand any gaps that might impact the self-attestation.

Review of SWIFT environment of a Financial Market Infrastructure

The client engaged us to undertake a review of their SWIFT environment and assess the BIC infrastructure to evaluate if there are adequate controls in place to protect against specific threats to the confidentiality, availability and integrity of information stored or processed in the SWIFT environment.

Research and insights

Related Content

Contact us

Maria Rosell S. Gomez

Maria Rosell S. Gomez

Risk Assurance Leader, PwC Philippines

Tel: +63 (2) 8845 2728

Linkedin Follow Email
Lalaine Aviles

Lalaine Aviles

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Linkedin Follow Email
Dyan Rose Esguerra

Dyan Rose Esguerra

Risk Assurance Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Linkedin Follow Email
Archelle Marie Azuro

Archelle Marie Azuro

Risk Assurance Assistant Manager, PwC Philippines

Tel: +63 (2) 8845 2728

Linkedin Follow Email

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide