For institutions connected to the SWIFT network.
- Mandatory annual self-attestation against ~24 mandatory + ~8 advisory controls
- Counterparty visibility — correspondent banks see your attestation status
- Independent assessment every 2 years for the higher-risk architecture types
SWIFT itself is a Critical Third-Party Service Provider under DORA Article 31, so SWIFT CSP and DORA frequently appear together.