What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
Securely and efficiently manage funds disbursements
For Businesses
Streamline the collection and management of single and recurring payments
Direct submission and processing of your UK bank payments for payables and receivables
Centralize and automate all your payment creation, controls, and submissions
Comprehensive connectivity to Swift and other domestic and global financial messaging networks
For Banks & Financial Institutions
Convert legacy financial message formats to modern message standards
Easily view analytics of financial messages with central repository
Reduce fraud and errors through digital account verification
For Banks & Financial Institutions For Businesses
Efficiently screen transactions to identify and manage sanctions risk
Stop payment fraud before it happens. Detect, investigate, and protect against internal and external threats.
View, optimize, and forecast your cash position with all accounts connected in one solution
Who We Serve
Our Company
All Swift users are mandated to carry out an independent assessment when attesting. The Independent Assessment Framework (IAF) was introduced at the request of the global Swift community to reinforce and uphold the highest level of security of the global financial community.
Swift users can complete an independent assessment in two ways.
All Swift users, including corporates, banks, and financial institutions, must attest annually to this framework. Non-compliant customers can be reported to their local regulator and attestation compliance statuses can be visible to other Swift counterparties, which may be used when assessing new vendors.
Swift customers are responsible for reviewing their infrastructure, meeting control standards, and completing their due diligence when selecting and contracting cyber security service providers.
The CSP controls change every year in response to evolving threats across the community. What was advisory one year may become mandatory the next. The 2024 control framework includes 32 controls, 25 mandatories, and seven advisories.
Our solutions can help in the following areas:
Up-to-date information on the latest Swift CSP framework controls and what action you need to take, every step of the way.
A full understanding of your compliance status each year, ahead of the attestation to help you take any remediation required.
A dedicated Account Manager or Cyber Security specialist to comply with the Swift CSP and reap additional benefits for peace of mind.
We have used Bottomline and AJC to meet this year’s new CSP Independent Assessment deadline and the service has been very efficient. It has given us peace of mind that the CSP attestation deadline is met and that our payment infrastructure is safe, secure, and compliant.
Japanese Financial Institutions face an ever-increasing Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) compliance burden. We, therefore, wanted to partner with an established transaction monitoring solution provider as Japanese institutions tend to favour established solutions that are proven to detect and prevent risk.
Lion Global Investors turned to trusted partner Bottomline for support as other options were looking very costly. Our existing relationship assured us that the project would run smoothly, and we would remain compliant. The service has been efficient, and we are very happy with the guidance and professionalism provided by Bottomline.
Bottomline’s Swift CSP Independent Assessment gave us reassurance that we would meet all advisory and mandatory controls and provided us with a deeper understanding of the framework. As the programme continues to evolve, we will continue to partner with Bottomline to ensure GLAS remains compliant and our Swift environment is secure now and in the future.
Swift can inform other members within the community and have the right to report any non-conformities to that member's local authorities. This could have detrimental effects on an organisation, potentially jeopardising daily business operations, reputational damage, and trust.
Resolution periods typically range from weeks to months. During the CSP pre-attestation review, we will identify any instances of non-conformance and provide you with a task list detailing any necessary remediation works required before conducting the actual independent assessment. Our Swift-certified auditors will be on hand to provide guidance and ensure you have the necessary measures in place to fully comply with the Swift CSP.
The pre-attestation review will allow our Swift-certified auditors to review and discuss your organisation’s current compliance status before the actual independent assessment is performed. The auditors will then recommend enhancements and possible remediation works. We will outline the outputs of this in both a summary presentation and a detailed task list containing the relevant details. We are happy to share an example of the reports with you.
Yes, we do recommend multi-year contracts and most customers have this. However, clients that have signed for just one year will need to extend their agreement to support next year’s control framework too.
The most common areas of non-compliance tend to relate to poor policy and documentation which is often overlooked. Organisations have documentation in place but it is not adequately maintained or doesn’t contain the specifics to meet the CSP requirements. Similarly, we often see organisations failing to adhere to the controls that focus on vulnerability scanning and penetration testing.
Whilst the ISO certificate and audit ensures that the organisation has appropriate information security governance, it does not cover the specifics related to the Swift CSP. As a consequence, a review of the Swift-specific components are required.
AJC, our valued partner since 2017, brings a comprehensive approach to Swift CSP audits. All their auditors undergo annual Swift CSP training, ensuring the highest expertise is provided. Their two-stage audit process includes a thorough pre-attestation review to identify compliance gaps and offer remediation recommendations. The independent assessment then certifies your compliance with the CSP framework. With AJC's post-assessment support, you'll have access to valuable insights, including changes in Swift CSP controls and mandates throughout the year.
Speak to one of our experts today.
