Cybersecurity: Building trust through transparency | SWIFT
Trust that your counterparties are meeting the highest cybersecurity standards is a must for instilling confidence in the financial ecosystem. The SWIFT Know Your Customer – Security Attestation tool (KYC-SA), which underpins our Customer Security Programme, plays a pivotal role in building this trust across our community.
Established in 2017, KYC-SA provides a mechanism for counterparties to access each other’s security attestation data. “This level of transparency is paramount as it’s about creating confidence in the ecosystem to show, as a group, we’ve secured all the end points and we’re confident that we can exchange payment messages in a secure manner,” comments Yami Shimrah, Head of Customer Security Programme Operations and Data Management at SWIFT.
Submission of security attestation data via this application is mandatory for the entire community. Once a counterparty has completed a security attestation, SWIFT will validate and publish it. The presence and validity of a counterparty’s security attestation is visible to all KYC-SA users (though the data contents will not be shared without the owner’s explicit permission).
“KYC-SA is a unique platform. It is one of the few platforms in the world that can provide financial institutions with this level of detail on how they are meeting their security obligations,” comments Shimrah. “In the last year we’ve seen the amount of access requests to KYC-SA increase by 50%, which demonstrates the importance of the application in assessing counterparty risk.”
Delivering a baseline for security attestation
The application delivers access to a global baseline for security attestation data, enabling counterparties to benchmark their levels of security compliance against the latest community standard. They can assess if the routes they’re getting payments from are secure and meet the highest security standards and develop their own security risk scores on each other.
“Based on their risk score, counterparties can decide which payments will need to be held back for further checks and which can go straight through. You want confidence that you won’t be embroiled in a scheme whereby money will be wired to a fraudulent hacker,” says Shimrah.
Gloss