SWIFT Customer Security Programme — mandatory controls for institutions connected to the SWIFT network.
All institutions that send or receive SWIFT messages.
Continuous evidence pipeline available; audit support included for all customers.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Customer Security Controls Framework (CSCF) v2024 — 32 controls (24 mandatory, 8 advisory).
Annual attestation to SWIFT KYC-SA.
Independent assessment for the assessment cycle.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
CSCF v2024 control crosswalk with live evidence.
KYC-SA attestation pre-populated.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
CSCF v2024 attestation pack.
Independent assessment evidence.
These frameworks share substantial control overlap with SWIFT CSP. Customers running one assessment typically satisfy the others with the same evidence base.
Global (Payments)
The global payment-card data security standard, now in v4.0 with future-dated requirements becoming mandatory in March 2025.
North America
The FFIEC's interagency examination framework for cybersecurity in US financial institutions.
Cross-jurisdictional
The NIST Cybersecurity Framework version 2.0 — six functions (Govern, Identify, Protect, Detect, Respond, Recover) with broad global adoption.
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.