Description

SWIFT customers must submit their annual security attestation via the KYC-SA platform by December 31, 2026, using CSCF v2026. New for 2026: Control 2.4 Back Office Data Flow Security becomes mandatory, requiring protection of bridging servers between secure zones and back-office systems. Independent assessments are required to support attestations.

Requirements

Complete CSCF v2026 self-assessment
Implement mandatory Control 2.4 for back-office data flow security
Engage independent assessor for attestation support
Submit attestation via KYC-SA platform
Protect bridging servers between secure and back-office zones

Applicable To

SWIFT-connected banksSecurities firms using SWIFTMarket infrastructure operators

Penalty Information

⚠Non-attesting institutions may be reported to local regulators and their counterparties. SWIFT may restrict messaging services.

308

days remaining

December 31, 2026

Share:X in @

Framework

SWIFT CSP

SWIFT Customer Security Programme

Related SWIFT CSP Deadlines

SWIFT Incident Response Protocol Implementation
December 31, 2026

SWIFT CSP Annual Attestation Deadline