What are the possible impacts for a SWIFT user to be non-compliant to CSP?

The "Swift Customer Security Controls Policy" and "Independent Assessment Framework" outline the consequences of non-compliance with the CSP. Let’s evaluate each option:

•Option A: To be reported to their supervisors (if applicable)

This does not apply. Non-compliance is managed by SWIFT, not internal reporting to supervisors, unless specified by the user’s internal governance (not a CSP requirement).

•Option B: To be seen as non-compliant to their counterparts in KYC-SA

This applies. Non-compliance is reflected in the KYC-SA portal, where counterparties can view the user’s status, impacting trust and business relationships, as per the "Independent Assessment Framework."

•Option C: To be contacted by SWIFT to provide the CSP assessment report and detailed information about the reason of non-compliance

This applies. SWIFT engages with non-compliant users, requesting assessment reports and remediation plans, as outlined in the "Swift_CSP_Assessment_Report_Template" and "Independent Assessment Process for Assessors Guidelines."

•Option D: To be delisted from the BIC directory

This does not apply. Delisting is an extreme measure not automatically triggered by non-compliance; it requires persistent failure to remediate after engagement, which is not guaranteed.

Summary of Correct Answers:

Possible impacts include being seen as non-compliant in KYC-SA (B) and being contacted by SWIFT for reports (C).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Framework: Details non-compliance impacts.

•Swift_CSP_Assessment_Report_Template: Supports SWIFT follow-up.

•CSP_controls_matrix_and_high_test_plan_2025: Reflects KYC-SA visibility.

========