Swift announced Tuesday additional efforts to beef up security on its network, following highly publicized hacks of member banks earlier this year.
The global financial messaging system said it is introducing "mandatory" core security standards for its customers, along with an associated "assurance framework." Banks that use the Swift network will be required to demonstrate their compliance annually against the specified controls set out in the assurance framework, Swift said.
Last week, Swift separately announced it would also start producing daily validation reports in December. The reports are designed to help banks quickly detect fraud, the network said, and each report would contain a daily rundown of banks' message flows so they can verify them independently, detect unusual patterns and potentially cancel transfers they find to be fraudulent.
Swift's recent efforts come after several cyberattacks on Swift members, beginning with a February incident where $81 million was stolen from the Bangladesh Bank's account at the Federal Reserve Bank of New York. Swift has maintained its core software was not compromised, and placed the onus on member banks to ensure their systems are secure.
"While customers remain responsible for protecting their own environments, Swift is fully committed to helping strengthen customers' security and helping them improve their security measures," said Gottfried Leibbrandt, chief executive of Swift, in a press release Tuesday. "Our aim in setting out this framework is to support customers by helping to drive awareness and improvements in the industry's overall security."
Inspections and enforcement of the new requirements will begin on Jan. 1, 2018, when customers' compliance status will be made available to their counterparts, "ensuring transparency and allowing firms to assess risk of counterparts with whom they are doing business," the network said in a press release.
Starting January 2018, Swift will report the status of any non-compliant customers to their regulators, and randomly select customers who will be required to provide additional assurance from their internal or their external auditors, it said.
