At the end of 2022, SWIFT released its updated version of the Independent Assessment Framework. Which is a framework that guides how to undertake assessments under CSCF. The independent Assessment Framework is yearly developing and progressing. A main focus this year is when does it apply and how re-use old reports. It still stands that banks and institutions utilsing Swift -except receiving only users- have to perform attestation by end of 2022. Then finalise the remediation and full compliance of CSCF 2022 by mid of 2023.
Is it worth the hassle to publish a compliance status? Well, your compliant status reflects your security standards in front of your correspondents. This, first hand, affects the reputation of your organization, and your reputation strongly affects the business as a whole. After all, no bank or financial institution would be willing to deal with an insecure correspondent. Moreover, by the end of December 2022, if attestation is not performed under the umbrella of IAF, SWIFT will report the bank or financial institution to the regulator.
As an information security consultancy, SBS performs the assessment as per SWIFT requirements and provides all the needed support to reach compliance status and publish it. These activities can be summarized as follows: