.svg){kind=small}
.svg){kind=small}
The Swift Customer Security Controls Framework (CSCF) v2026 introduces some of the most impactful changes Swift users have seen in recent years. Unlike CSCF v2025, which focused on clarification and preparation,
The Society For Worldwide Interbank Financial Telecommunication (SWIFT), the network that enables banks to exchange information about financial transactions, moves trillions of dollars around the world every day.
Security in the messaging service is paramount. Customers must adhere to the SWIFT Customer Security Controls Framework (CSCF), described by SWIFT as “a security baseline for the entire community” yet the messaging service has become a prime target for sophisticated cyber attackers.
There are three levels of compliance: Self-attestation, internal audit or third-party review.
Dionach has again this year been awarded the Swift Provider – Customer Security Programme (CSP) Assessment label. This valued recognition underscores our expertise and commitment to delivering top-tier security assessments and services. Dionach have been providing Swift CSP assessments since 2019.
Dionach are independent SWIFT Customer Security Programme (CSP) auditors, providing assurance for organisations opting for an external assessment as part of the SWIFT Independent Assessment Framework (IAF).
Since July 2020, all SWIFT users have been required to carry out an independent assessment when self-attesting. As a listed provider of the SWIFT Partner Programme, Dionach fulfil the requirement of an independent external assessment.
As your chosen auditor, we will help to reduce complexity in the compliance process and relieve the pressure on your internal resources.
Note that SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.
Engaging Dionach as an external specialist will not only ensure you meet SWIFT’s mandatory compliance requirements, but also deliver an additional level of assurance in the security of your SWIFT-related infrastructure.
An attestation audit identifies where risk drivers from the SWIFT CSP are, or are not, met. Our clear report meets requirements for SWIFT IAF supporting documents, provides insight and tailored advice on how to address non-conformances to achieve attestation, and guides you through submission of a fully compliant attestation via the SWIFT KYC-SA application.
Your first external assessment may highlight more non-conformances than previously identified by internal assessments or self-attestation. As such, it may be beneficial to undergo a gap audit before an attestation audit.
Dionach’s SWIFT CSP gap audit is an analysis of your organisation’s SWIFT-related infrastructure to understand what you need to do to meet SWIFT’s mandatory compliance requirements. Consultants will interview relevant staff, review your current policies, procedures, and practices, then produce a detailed gap audit report which defines your current compliance levels, highlights any areas that need to be addressed, and provides tailored recommendations to achieve compliance against the SWIFT CSCF controls.
We have documented frequently asked questions about our SWIFT Auditing services. If you cannot find the answer to your questions, please do get in touch directly. We’ll be happy to help.
To verify compliance with the SWIFT Customer Security Controls Framework (CSCF), ensuring that institutions using SWIFT messaging services adhere to mandatory and advisory security controls to reduce cyber risks.
The SWIFT-connected organisation must undergo an independent assessment, typically conducted by an external auditor, internal audit function, or an independent compliance team.
The CSCF is a set of mandatory and advisory cybersecurity controls published by SWIFT to enhance the security of the SWIFT network and its users.
A SWIFT assessment must be completed annually, with the compliance attestation submitted to SWIFT by the deadline (usually by December 31st of each year).
Policies, procedures, system configurations, access logs, risk assessments, and evidence of control implementation and monitoring.
Potential reputational damage, increased regulatory scrutiny, or restricted access to the SWIFT network.
Certified ethical hackers with deep experience in SWIFT environments and financial messaging systems.
CREST‑approved and trusted by leading financial institutions worldwide.
Assessments shaped around SWIFT CSP requirements, your infrastructure, and business priorities.
Clear, prioritised findings with step‑by‑step remediation aligned to SWIFT compliance.
Successfully tested global banks and financial organisations across diverse SWIFT implementations.
Testing aligned with your operational resilience, regulatory obligations, and risk tolerance.
Provide your information and we’ll connect you with specialists to plan a customised security test.
The Swift Customer Security Controls Framework (CSCF) v2026 introduces some of the most impactful changes Swift users have seen in recent years. Unlike CSCF v2025, which focused on clarification and preparation,
If you are a CEO, board member or business leader, cybersecurity hardly presents itself as a standalone issue. It shows up in revenue discussions, hiring decisions, supply-chain
A technical deep dive into real-world vulnerabilities exposed by AI. The biggest risk to your AI deployment is not superintelligence; it is a logic error.
