SWIFT, the global provider of secure financial messaging services, announced on Sept. 27, 2016 that financial institutions using the interbank messaging network must comply with its new cybersecurity standards. Led by the National Bank of Belgium, the oversight board which also includes: the U.S., UK, Canada, Germany, Japan, France, Italy, Sweden, Switzerland and the Netherlands, announced draft standards will be released in October with a two month comment period. The goal is to publish final standards by March 2017 with enforcement and inspection beginning Jan. 1, 2018.
These new standards are going to impact over 11,000 financial institutions across approximately 200 countries, according to SWIFT CEO, Gottfried Leibbrandt. The framework will include 16 mandatory controls, as well as 11 optional advisory controls. In an effort to help institutions manage counterparty risk and to force accountability for the institutions’ comprehensive cyber risk program, SWIFT has noted their intent to publish Cybersecurity Examination Reports for public use.
This new cybersecurity regulation adds to the existing cybersecurity regulatory pressures financial institutions are currently experiencing, which includes guidance from the Federal Financial Institutions Examination Council (FFIEC), the Securities and Exchange Commission (SEC) and most recently the New York Department of Financial Services. These regulator-specific cybersecurity rules sit on top of the myriad of existing cybersecurity frameworks, including: The National Institute of Standards and Technology (NIST) CSF, ISO/IEC 27001, COBIT 5 and ISA 62443.
While new cybersecurity regulations are released seemingly on a monthly basis, the general tenets remain the same. The themes common among the regulations are:
The aspect of compliance that will dictate success will be the ability to:
The changing rules and regulations continue to add to an already complex set of requirements. We recommend financial institutions begin reviewing their cybersecurity compliance processes.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.