Navigating technical framework - Focus on SWIFT

This training session provides an in-depth overview of the SWIFT Customer Security Programme (CSP) and the Customer Security Controls Framework (CSCF). While Support PFS entities may not be direct SWIFT users themselves, many provide hosting, IT infrastructure, or operational support services to financial institutions that are SWIFT users. Understanding SWIFT CSP requirements is essential for Support PFS entities to ensure their service delivery meets the security standards their clients must comply with. This session covers the CSP framework, control requirements, and the specific responsibilities and considerations for service providers supporting SWIFT environments. Participants will learn how to align their services and controls with SWIFT CSP expectations.

By the end of this training, participants will be able to:

• understand the SWIFT CSP framework and its implications for service providers;
• identify mandatory and advisory controls for hosting and support services;
• recognise service provider responsibilities under the shared responsibility model;
• implement controls and security measures to support client SWIFT CSP compliance;
• navigate service provider assessments and attestation support requirements;
• manage client relationships and contractual obligations related to SWIFT security.

• Part 1 - SWIFT CSP overview
• Part 2 - Relevant CSCF controls for service providers
• Part 3 - Service provider implementation
• Part 4 - Service provider assessments and client support

This training is coordinated by Cristian Amancei and Arpit Jain, Senior Managers at PwC Luxembourg.

• Cristian has over 19 years of experience in providing IT advisory and IT audit services for clients in the financial sectors, operational companies as well as for European Institutions. He managed several IT reviews, from IT strategy to IT processess reviews, IT compliance reviews for DORA, SWIFT CSCF, PSD2 etc., but also IT internal audits, IT advisory missions, and controls reports reviews (ISAE 3402 and ISAE 300 reviews).
• Arpit has over 13 years of experience in providing IT audit and IT advisory services for client across financial services, manufacturing, media and telecommunication sectors. He has been involved in several IT general controls and internal controls over financial reporting review in line with local and international audit frameworks such as ISA , SOX 404, ICFR and JSOX. He has extensively worked on SWIFT CSCF certification assessments for banks and service bureaus. He also has worked on review and preparation of service organisation controls report such as ISAE3402 and ISAE3000.