The pressure is real: SWIFT Customer Security Programme

The SWIFT Customer Security Programme (CSP) sets mandatory security standards for every institution connected to the SWIFT network. Annual self-attestation backed by an independent external assessment is no longer optional, it is a regulatory imperative. Yet many banks still struggle with limited internal resources, fragmented documentation, and the complexity of aligning IT, security, risk, and compliance teams around a single deadline.

Banks connected to the SWIFT network face an increasingly demanding compliance landscape. The Customer Security Programme requires annual self-attestation against a defined set of mandatory and advisory controls — and since 2021, this attestation must be supported by an independent external assessment. Swiss institutions participating in the SNB Swiss Interbank Clearing (SIC) face an additional layer of obligation under the SIC Endpoint Security (EPS) Framework.

The pressure is real: more controls, tighter timelines, and a growing expectation — from regulators, auditors, and counterparties alike — that your SWIFT environment is not just compliant on paper, but genuinely secure. For many banks, particularly smaller and mid-sized institutions, this means navigating a technically complex and regulatory-sensitive process without the in-house expertise to do it efficiently. Resources are constrained; the responsible function within each institution varies (CISO, CFO, COO), and the stakes of a failed attestation are significant.

Our team has successfully completed more than 50 external assessments for Swiss financial institutions. Our experience spans the full range of SWIFT architecture types (A1 through A4 and B), diverse infrastructure environments, and widely varying levels of institutional maturity.

Among our references: Different cantonal banks as well as retail and private banks. We have also supported an infrastructure provider in the preparation of its own SWIFT CSP and SNB SIC EPS Compliance Statement. A critical deliverable that enables multiple Swiss banks to complete their own assessments. Becoming an official SWIFT partner is not a starting point. It is the formal recognition of a track record-built assessment by assessment, client by client.

Our assessment follows a consistent six-phase approach, adapted to each institution's architecture and environment:

• Scoping: We confirm the perimeter of the engagement (SWIFT CSP only, or also SNB SIC EPS), identify the client's architecture type, in-scope assets, connectivity model, and third-party dependencies. This determines the applicable controls and the evidence required.
• Kick-off: We establish governance from day one: communication channels, timeline, milestones, and stakeholder responsibilities. Clients and assessors are fully aligned before evidence of collection begins.
• Identification of vulnerabilities: We review initial documentation, map the environment against applicable SWIFT controls, and issue targeted clarification questions and evidence requests. This is an ongoing dialogue throughout the engagement, not a one-shot exercise.
• Risk assessment: We evaluate the implementation status of each mandatory control, issue a formal compliance decision, and translate any gaps into pragmatic remediation actions. Always balanced against risk, feasibility, and attestation impact.
• Documentation: We prepare the full assessment package: completion letter, assessment report, and attestation documentation. For institutions also participating in the SNB SIC, additional output is produced in line with the SIC Endpoint Security Framework (EPS) requirements.
• Presentation: We conclude with a structured results readout covering scope, compliance status, identified gaps, remediation priorities, and the path to annual SWIFT KYC-SA submission.

This is a pragmatic, risk-oriented methodology — not a theoretical checklist exercise. We engage with your environment, your people, and your specific risk profile.

Whether you are approaching a SWIFT CSP assessment for the first time or looking for a more experienced partner for your annual cycle, adesso delivers:

• Increased security and compliance with SWIFT requirements
• Full transparency on risks, gaps, and remediation priorities
• Reduced assessment, audit, and certification risk
• Relief for your internal teams through proven external expertise
• A pragmatic approach grounded in real-world Swiss banking environments

adesso's new SWIFT partnership formalizes what our clients already know: a committed, expert, and locally present team that guides Swiss financial institutions through one of their most demanding annual compliance cycles. With more than 50 assessments completed across a wide range of institutions and infrastructure environments, our knowledge goes well beyond standard consulting: It is built on direct, recurring delivery.

If your institution is preparing for its next SWIFT CSP assessment, or if you want to understand what the process involves and how to approach it efficiently, we would be glad to speak with you. Reach out for an initial, no-obligation conversation and let us show you what a structured, transparent assessment looks like in practice.