2020 CCAR Resubmission
Sia Partners appointed as independent Customer Security Program auditor for the 3rd consecutive time.
While the upcoming Customer Security Control Framework imposes an independent assessment for all SWIFT users, Sia Partners has an expertise of the Customer Security Program that enables it to best support users in the assessment of security controls.
Following the surge of cyber-attacks targeting banks via the SWIFT system in recent years, including the cyber-heist against the Central Bank of Bangladesh that resulted in a loss of $ 81 million in 2016, SWIFT has stepped up its cybersecurity measures to guarantee a better protection for its users. After the publication of a mandatory software update, SWIFT announced the implementation of a Customer Security Control Framework (CSCF) from 2017, which has been progressively reinforced in order to integrate more mandatory security controls each year.
Sia Partners remains at the side of SWIFT users in order to support them in their security control assessments and this in a context of the threefold increase in cyber-attacks on financial institutions since the confinement and the increased use by banks of teleworking.
Evolution of SWIFT requirements and the risks of non-compliance
SWIFT’s Customer Security Program (CSP) is evolving, with the addition of a mandatory annual independent review for all SWIFT users. This assessment can be carried out by an external service provider or by an independent function of the company. However, it should be noted that due to the health crisis linked to Covid-19, SWIFT has announced that the assessment required for the year 2020 will be based on the 2019 benchmark. The requirements initially planned are postponed for one year, in addition to the new requirements introduced in 2021.
These requirements are of major importance to SWIFT users, because in the event of non-compliance with the new control framework, SWIFT could report misconduct to the local supervisory authority and notify users of the SWIFT network.
The expertise of Sia Partners and its capacity for global intervention
Sia Partners has already worked on several missions relating to the CSP program, which allows its teams to have in-depth knowledge in this area. In addition, Sia Partners has cybersecurity experts who have the best certifications and recognitions on the market (CISSP, CISM, CISA, ISO) and follow a program of continuous and regular improvement of their skills and knowledge. In addition to this system, there is a team of 80 Data Scientists spread over 3 centers of excellence (Paris, Montreal and Amsterdam) who support all of its clients on their technological and regulatory issues.
Finally, Sia Partners is one of the few consulting firms to be approved by SWIFT in Europe, North and South America, Asia-Pacific, the Middle East and Africa, and can thus meet the needs of its customers around the world.