ComplianceTalking Shop

Talking Shop: Third Parties for SWIFT Attestation Compliance?

By September 29, 2022September 30th, 2022No Comments

Editor’s note: NeuGroup’s online communities provide members a forum to pose questions and give answers. Talking Shop shares valuable insights from these exchanges, anonymously. Send us your responses: [email protected]


Member question: “Are any of you SWIFT corporate members? If yes, SWIFT requires an independent assessment of controls as part of their security attestation compliance that can be done by internal audit (IA) or a third party. Which third-party vendors do you use?”

Peer answer 1: “We are using PwC to perform the independent assessment. We have typically done this internally, but this year we were ‘lucky enough’ to be hand selected by SWIFT to complete the assessment, which requires using an external assessor.”

Peer answer 2: “We found third parties very expensive. Our internal IA group does the assessment and it hasn’t been too burdensome. We have AL2 in-house but would like to move to the SWIFT AL2 cloud version which moves much of the assessment requirements back to SWIFT and off your shoulders. Using a SWIFT service provider does the same thing.”

Peer answer 3: “We used Grant Thornton to do this assessment last year.”

Peer answer 4: “We are looking at Axeltrees for our assessment but have not yet signed the contract.”

Peer answer 5: “Deloitte completes our third-party assessment.”

Peer answer 6: “Our company is a SWIFT member. We are approaching the independent assessment as an internal independent assessment, i.e., compliance group review.”

Peer answer 7: “We also do an internal independent assessment coordinated by our data security/information protection teams.”

Peer answer 8: “We also used our internal audit team to do the assessment in-house.”

Justin Jones

Author Justin Jones

More posts by Justin Jones