SWIFT CSP Assessment Provider | 5 Architecture Types | 32 CSCF Controls (v2026)
SWIFT CSP Assessment Provider
As an authorised SWIFT Customer Security Programme assessment provider, Perseus delivers independent assessments across all 5 architecture types against the 32 controls of the CSCF v2026. Our staff includes Swift Certified Assessors, and our structured quality-gate process and purpose-built assessment platform bring rigour and efficiency to every engagement, including multi-BIC groups.
SWIFT CSP Assessment Provider
Perseus conducts independent Customer Security Programme assessments under the CSCF v2026 for all 5 architecture types (A1, A2, A3, A4, B), with multi-BIC assessment capability and a structured quality-gate methodology.
CSCF Controls (v2026)
Architecture Types Covered
Control Principles
Security Objectives
SWIFT Customer Security Programme
The SWIFT CSP requires all SWIFT users to meet a set of mandatory and advisory security controls defined in the Customer Security Controls Framework (CSCF). Annual independent assessment by a qualified provider ensures ongoing compliance and protects the integrity of the global financial messaging network.
Assessment Scope by Architecture Type
SWIFT defines 5 architecture types that determine the applicable CSCF controls for your organization. Perseus assesses all of them with tailored control evaluation for each.
Full Local Stack
User owns both the messaging interface (Alliance Access / AMH) and the communication interface (Alliance Gateway / Alliance Connect), operated locally.
Messaging Interface Only
User owns the messaging interface locally; the communication interface is provided through a SWIFT-hosted or shared service.
SWIFT Connector
User owns a SWIFT connector (e.g. SWIFTNet Link or an Alliance Lite2 AutoClient) with no local messaging or communication interface.
Customer Connector
User owns only a customer connector (middleware) for application-to-application transfer. Two subtypes — customer connector and customer client connector — affect the applicable scope.
No Local SWIFT Footprint
No SWIFT-specific infrastructure operated locally. Access is entirely through a service bureau or a browser-based channel.
QG1-QG6 Assessment Process
Our structured six-phase quality gate methodology ensures thorough evaluation of all applicable controls with minimal disruption to your operations. Each quality gate produces defined deliverables before progressing to the next phase.
QG1 - Engagement Initiation
Architecture classification across all BICs, identification of applicable CSCF controls per architecture type, scope definition, team assignment, and project kick-off with key stakeholders.
QG2 - Pre-Assessment & Gap Analysis
Comprehensive documentation review, preliminary gap analysis against applicable mandatory and advisory controls, evidence request list distribution, and pre-assessment report delivery to prepare your team.
QG3 - Control Assessment & Testing
Systematic evaluation of all applicable controls through documentation review, technical verification, interviews, and observation. Risk-based sampling methodology applied for multi-location and multi-BIC environments.
QG4 - Findings Analysis
Detailed analysis of assessment findings with risk ratings, root cause identification, and cross-control impact evaluation. Draft findings reviewed with your team for factual accuracy before finalization.
QG5 - Reporting & Deliverables
Formal SWIFT CSP assessment report, executive summary, detailed control worksheets, and a remediation roadmap with prioritised actions — packaged for management and board review.
QG6 - Attestation & Follow-Up
KYC-SA attestation data preparation and submission support, post-assessment remediation guidance, re-testing of remediated controls if needed, and ongoing support through the attestation cycle.
Frequently Asked Questions
Common questions about SWIFT CSP assessments, architecture types, control scope, and the assessment process.
The SWIFT Customer Security Programme (CSP) is a mandatory security initiative for all organizations connected to the SWIFT network, including banks, payment processors, securities firms, corporate treasuries, and service bureaus. Established in response to sophisticated cyber attacks targeting financial messaging infrastructure, the CSP requires all SWIFT users to implement a baseline of security controls defined in the Customer Security Controls Framework (CSCF) and submit an annual independent assessment through the KYC-SA portal. Whether you have a direct connection (Architecture A1-A4) or connect via a service bureau (Architecture B), CSP compliance is required.
Secure Your SWIFT Infrastructure
Contact our SWIFT CSP assessment team to schedule your annual independent assessment. We cover all 5 architecture types with a structured quality-gate process and a comprehensive deliverable set.