AJC Strengthens Building Society Security

At AJC, we recognise the distinct challenges faced by Building Societies in fulfilling rigorous security audit requirements, including SWIFT CSP compliance. This case study demonstrates AJC’s expertise in guiding one of our Building Society clients through this complex landscape.

Background

Building Societies are pivotal in the UK financial services sector, but face significant challenges in cyber security with cyber-attacks becoming more sophisticated all the time. As such, financial institutions are facing significant pressure to safeguard their customers and networks from cyber threats. SWIFT’s Customer Security Programme (CSP) is designed to ensure that financial institutions maintain the necessary controls to counter such threats. By accessing the BoE’s RTGS system through SWIFT, Building Societies are mandated to undergo an annual assessment using SWIFT’s Independent Assessment Framework and subsequently submit an independently audited attestation.

The Challenge: A Privileged Access Management (PAM) Solution 

Our Building Society client was given an external auditor finding to implement a Privileged Access Management (PAM) solution. This solution would manage administrator accounts and how they are accessed, ensuring accountability and transparency in system alterations – now seen as an essential requirement for preventing threat actors gaining access to the “keys to the kingdom” administrator accounts. However, conventional PAM solutions available in the market were tailored for larger enterprises and came with substantial costs, rendering them financially unfeasible for smaller organisations like building societies.

Our Solution:

Acknowledging the significance of securing a cost-effective yet robust PAM solution aligned with our client’s requirements, we undertook the task of sourcing an alternative product. Following extensive research and evaluation, we pinpointed a PAM solution that not only fulfilled the essential security criteria but also offered scalability tailored to accommodate the budgetary limitations of a building society.

Key Highlights:

• Tailored Solution: We secured a PAM solution explicitly crafted for smaller organisations like Building Societies. Despite its competitive pricing, the solution boasted a comprehensive array of features essential for governing and monitoring system administrator accounts, precisely aligning with our client’s compliance needs.
• Expert Assistance: Utilising our extensive network of third-party subject matter experts (SMEs), we facilitated seamless installation and training. This ensured the smooth implementation of the PAM solution, empowering our client with the necessary knowledge and skills to effectively integrate it into their daily operations.
• Cost-Effective Implementation: Opting for a competitively priced PAM solution tailored to Building Society needs, we enabled our client to meet their security audit requirements without exceeding their budget. Our cost-effective approach allowed our client to allocate resources efficiently while upholding compliance with annual auditor requirements, cyber insurance requirements and the SWIFT CSP standard.

Results:

Following the successful implementation, our client seamlessly integrated the PAM solution into their daily operations. With improved governance and monitoring of system administrator accounts, our client effectively met the security audit requirements mandated by external auditors, and strengthened their overall SWIFT CSP compliance.

Conclusion:

This case study exemplifies our commitment to providing expert assistance to Building Societies facing challenges in meeting security requirements. By understanding our client’s unique needs and leveraging our expertise and resources, we were able to source a cost-effective PAM solution and facilitate its successful implementation, ultimately enhancing our client’s security posture and compliance efforts.

“We are fully aware that cyber security is one of the biggest challenges impacting Building Societies’ operational and financial resilience in 2024. We are determined to support Building Societies in navigating the complexities of cyber compliance to enable them to safeguard their financial operations against evolving cyber threats.” Geoff Poulter, Cyber Security Specialist. 

If you’re facing similar challenges or require assistance with Swift CSP compliance, email us at info@ajollyconsulting.co.uk or call us on 020 7101 4861.