The new standards being put in place at SWIFT are based on three overarching objectives and an associated assurance framework that SWIFT has determined will help protect its messaging environments. SWIFT did not go into detail on what the standards entail or what internal changes are required of its customers. It was, however, quite clear on how it will measure if the new principles are being met.
The assurance framework will have SWIFT's customers provide self-attestation against 16 mandatory controls annually. This will start in the second quarter of 2017 when all SWIFT customers must apply the standards. Inspection and enforcement will begin on 1st January 2018, and also starting at this time, SWIFT will report the status of any non-compliant customers and then certain customers will be randomly singled out to provide additional information proving they are abiding by the SWIFT standards.
“We recognise that this will be a long-haul, and will require industry-wide effort and investment, as well as active engagement with regulators. The growing cyber threat requires a concerted, community-wide response,” SWIFT chairman Yawar Shah, said in a statement.
This new measure follows another instituted last week by SWIFT that introduced a daily reporting system intended to help members of the financial messaging system identify fraudulent payments made over the network.
SWIFT was thrust into the spotlight earlier this year when cybercriminals implanted malware on the the organisation's banking messaging system leading to US$ 81 million(£62 million) being stolen from a Bangladesh bank in March.