The introduction of mandatory security requirements through SWIFT’s Customer Security Programme (CSP) brings new challenges for FI’s, which will be required to demonstrate their compliance against the specified controls set out in the framework. SWIFT’s Customer Security Programme defines a series of mandatory and optional controls.
As per SWIFT’s Customer Security Framework supplementary guide, the following requirements are mandatory:
- Interface audit logs are retained for no less than 12 months and are sufficiently protected from an enterprise administrator-level compromise (for example, log files are transferred to a separate system with different administrator credentials).
- SWIFT transaction submission and approval is restricted outside of normal business hours, or is at least monitored.
- Session numbers are tracked to ensure that the sequential session numbering is intact with no unexpected breaks.
The INTIX Message Suite provides you with the appropriate add-ons to implement some of the mandatory changes related to “logging and monitoring”.
- The INTIX Archive module offers the opportunity for FI’s to upload and access all their financial messaging data, audit and log files, independent of the interface system used. In line with the SWIFT requirements the INTIX Archive module is a separate system where all interface audit logs can be stored.
- The INTIX Monitor module provides a real-time view on all messaging flows. It will signal exceptions and anomalies in the message flows, such as SWIFT transaction submission and approval outside of normal business hours, or unexpected breaks in session numbers.