SWIFT And The New Regulatory Environment Of 2018

Posted on: Tuesday, December 12th, 2017

From January 1 2018, financial institutions that use SWIFT, the global banking messaging platform, will have to comply with a new cybersecurity framework that aims to establish a baseline for security. Many will remember the large scale heist that happened last year that saw Bangladesh Bank lose $81 million and the backlash from that particular occasion, among others, has resulted in the creation of this new regulatory framework.

The SWIFT Customer Security Controls Framework will require the implementation of security controls such as incident response, security awareness training, multi-factor authentication and anomalous behavior detection. With the addition of these 16 mandatory controls and 11 that are advisory, and with so many banks using the SWIFT network (11,000 across 200+ countries), a change of this scale is significant and could change the rate at which financial institutions are being attacked. However, as those of you in the industry very well know, despite the speed at which banks can transform technology, hackers are always one step ahead.

According to Bay Dynamics VP of Strategy, Steven Grossman, ‘SWIFT has a responsibility to establish the standard for transacting on its network. Just one bank having lax security controls in place lowers the bar and elevates cyber risk for everyone else who uses the platform. The framework affects banks of all sizes, that vary in cyber maturity levels, in developed and underdeveloped countries,’ Grossman highlighted.

When announcing this framework back in September, SWIFT explained that the ‘core security standards are based on three overarching objectives which address major areas of attention for customers’ SWIFT-related environments’. Alongside this, ‘self-attestation will start in the second quarter of 2017 when the standards will be made applicable to all customers connected to SWIFT, including those connected through service bureaus.’

But what does this mean? For a framework that is being launched in 2018, it seems a little clunky and outdated. Is this because it is for outdated institutions? When discussing whether or not the banking sector is an industry in which actions are not taken unless something breaks, Grossman stated that ‘most every industry is focused on their mission, which is usually to make money by fulfilling a need. Security is important as it supports or has the potential to interrupt that mission.’

‘I’m not sure we can paint the whole banking industry with a single brush, but some banks are certainly more proactive than others in how they address the risks and rewards of good cyber security practices. Regulations are an attempt at motivating those that lag to up their game. The SWIFT Control Framework is interesting in that it introduces an unprecedented level of transparency by revealing to all banks on the network who is and is not complying. It adds a peer pressure angle to ensure that everybody plays nicely in the sandbox, or they will be excluded from the game,’ Grossman said.

SWIFT CEO Gottfried Leibbrandt explored how while it is up to the customer to protect their environment, what SWIFT is doing is strengthening security. ‘SWIFT is fully committed to helping strengthen customers’ security and helping them improve their security measures and our aim in setting out this framework is to support customers by helping to drive awareness and improvements in the industry’s overall security. We will do this by maintaining a dynamic assurance approach, evolving the framework in line with the changing threat landscape, and making sure it complements emerging regulatory guidance,’ Leibbrandt said.

Source: https://www.forbes.com/sites/madhvimavadiya/2017/12/11/swift-new-regulation-2018/#3ce5919178fd

Contact Us

AID Compliance Ltd.
106, Cospicua Road,
Paola, PLA 1902
+356 2149 9454
+356 9985 7158

Alternatively, please fill in the form below to get in touch with us.

Why AID Compliance?

What makes us different?

When someone asks, “What’s different about AID Compliance?”, the answer resides in our experienced professionals who are innovative and constantly involved in bringing fresh ideas. Ongoing training and education is one of the pillars of AID Compliance’s service to our clients. Our staff successfully implements effective compliance solutions tailored to each client’s needs.

Our one-stop-shop provides all the relevant services under one roof. Due to this structure, clients save time and effort and queries will be dealt with promptly. Any essential points can often be discussed in a more time-saving manner for the client as many material facts are already known to us through our ongoing advisory work.

Getting compliance right is important for all businesses. We know and understand the challenges you face.

Read More

Latest News

Let us keep you informed with our latest company updates, industry news, local and foreign articles.

Monday, February 12th, 2018

DUBAI (CNNMoney) - IMF chief Christine Lagarde says it's only a matter of time before cryptocurrencies come under government regulation. "It's inevitable," she told CNNMoney emerging markets editor John Defterios. "It's clearly a domain where we need international regulation and ...read more »

Monday, January 22nd, 2018

Experts discuss the IT solutions that help businesses meet the EU's tough new data privacy regulation. In roughly four months, the European Union's (EU) General Data Protection Regulation, or GDPR for short, goes into effect. Businesses that aren't prepared for ...read more »

Let's keep in touch

Enter your details below and stay informed with the latest industry news, articles as well as useful information.

We will not spam your email or sell your data to other companies. You may also unsubscribe at any time.