The Swift Customer Security Controls Framework (CSCF) v2026 introduces some of the most impactful changes Swift users have seen in recent years. Unlike CSCF v2025, which focused on clarification and preparation, CSCF v2026 makes several previously advisory requirements mandatory. This has potential implications for scope, architecture, and audit effort. 

If you haven’t already started preparing, now is the time. 

What’s new in CSCF v2026? 

Control 2.4A (Back Office Data Flow Security) has moved from advisory to mandatory. 

This means that organisations must: 

  • Identify and document all data flows between the Swift Secure Zone and backoffice systems 
  • Apply riskbased security controls to protect sensitive transaction data 
  • Ensure new or changed flows are secure by design 

This change significantly expands CSCF scope beyond the Secure Zone into middleware, integrations, file transfers, and operational systems. 

Customer client connectors are now in scope 

In CSCF v2026, all customer connectors are mandatory, including: 

  • Clientside applications 
  • APIs and middleware 
  • Indirect connections via service providers or bureaux 

If a system participates in a Swiftrelated data flow, it is now in scope – regardless of how it connects. 

Some organisations may need to reclassify their architecture 

Because of this expanded scope, organisations previously attesting as Architecture Type B may now need to reclassify as Type A4, increasing: 

  • The number of mandatory controls 
  • Evidence and audit requirements 

Early architectural reassessment is critical. 

Why CSCF v2026 matters 

Cyber incidents increasingly target integration layers and internal data flows, not just core messaging platforms. CSCF v2026 reflects this situation by enforcing security across the full transaction lifecycle, not just at the perimeter. 

How to prepare 

To stay on track for CSCF v2026 attestation, organisations should: 

  • Map Secure Zone to backoffice data flows 
  • Identify all customer client connectors 
  • Review architectural classification 
  • Perform targeted risk assessments 
  • Plan for updated audit and penetrationtesting evidence 

How Dionach Can Help 

Dionach is here to assist with Swift CSCF v2026 compliance, offering expert gap assessments ahead of your attestation to ensure you are fully prepared and aligned with the current requirements. 

Take the next step toward compliance and schedule your Swift CSCF v2026 gap assessment with Dionach today.

Like what you see? Share with a friend.