LogoRegulatory Alerts
2024-01-01

Bank of Zambia Circular No. 14/2024 on SWIFT Customer Security Programme Compliance

The Bank of Zambia mandates all commercial banks to comply with the SWIFT Customer Security Programme (CSP) by implementing required security controls, conducting regular risk assessments, and maintaining incident response plans. Institutions must submit annual attestations to SWIFT and communicate compliance evidence to the Director of Payment Systems by the tenth working day of January each year. Non-compliance triggers penalties under Section 43 of the National Payment Systems Act of 2007 and may disrupt daily operations, damage reputation, and erode stakeholder trust.

Bank of Zambia logo

Zambia

Bank of Zambia

Click to view thumbnail

Bank of Zambia Logo

Bank of Zambia OFFICE OF THE DEPUTY GOVERNOR - OPERATIONS

BOZ/EXEC/DGO/psd/bp

July 30, 2024

CB Circular No. : 14/2024

To : All Heads of Commercial Banks

COMPLIANCE WITH SWIFT CUSTOMER SECURITY PROGRAMME

As you are aware, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) introduced a Customer Security Programme (CSP) in 2016 to support customers in strengthening the security of SWIFT related infrastructure. This programme aims to prevent cyber-attacks and protect the confidentiality, integrity, and availability of SWIFT-related data.

As part of the Bank of Zambia’s joint efforts with SWIFT to enhance the security and integrity of the financial system, it is expected that all commercial banks shall comply with SWIFT CSP as follows:

  1. Submit an Annual Attestation to SWIFT in adherence to the SWIFT CSP. Evidence of compliance shall be communicated to the Director – Payment Systems through the digital financial services data platform by the tenth working day of every January.
  2. Implement and maintain the required security controls to guard against cyberattacks, as specified in the SWIFT CSP.
  3. Conduct regular risk assessments to identify and mitigate potential security threats.
  4. Establish and maintain an incident response plan to promptly respond to security incidents.

Please note that the SWIFT CSP is subject to periodic updates and, therefore, all commercial banks must accordingly adhere to the latest versions as may be provided by SWIFT from time to time. In the instance of failure to comply with these requirements, there could be detrimental effects to the erring commercial bank as this could lead to disruption of daily business operations as well as reputational damage and loss of trust.

Given the significance of SWIFT in processing of domestic and cross-border payments, failure to comply with SWIFT CSP shall attract penalties as outlined in Section 43 of the National Payment Systems Act of 2007.

...2/-

Bank Square, Cairo Road, P.O. Box 30080, Lusaka, Zambia Tel:+260-211-399303, 399300, E-mail: dgo@boz.zm. Web: http://www.boz.zm

CB Circular No. 14/2024 - 2 - July 30, 2024

Kindly be advised accordingly.

[Signature]

Francis Chipimo (PhD) DEPUTY GOVERNOR – OPERATIONS

cc Governor Deputy Governor – Operations Deputy Governor – Administration Director – Payment Systems Director – Prudential Supervision Director – Financial Conduct Supervision Director – Information and Communications Technology

Bank Square, Cairo Road, P.O. Box 30080, Lusaka, Zambia Tel:+260-211-399303, 399300, E-mail: dgo@boz.zm. Web: http://www.boz.zm

Share