DIRECTORY OF CSP ASSESSMENT PROVIDERS

TERMS OF USE
(04 July 2022)

Please note that access to, use of or downloading of information from, the Directory of CSP Assessment
Providers is subject to the terms of use below. These Terms of Use supplement the Terms of Use of the
SWIFT website. Furthermore, the Directory of CSP Assessment Providers is one of the “CSP Initiatives”
described in the SWIFT Customer Security Programme Terms and Conditions (as available on
swift.com). As such, these Terms of Use supplement the SWIFT Customer Security Programme Terms
and Conditions. To the extent there should be any inconsistency between these terms and conditions and
either of the Terms of Use of the SWIFT website or the SWIFT Customer Security Programme Terms
and Conditions, these terms and conditions shall take precedence.

SWIFT reserves the right, at its discretion, to add, modify, or remove portions of, these Terms of Use at
any time. If you visit the Directory, you accept to be bound by the applicable Terms of Use.

SWIFT has endeavoured to compile information in this Directory of CSP Assessment Providers about
third-party providers (“Providers”) that may be able to assist customers with regard to carrying out an
independent assessment of their security attestation against security controls, as prescribed by the SWIFT
Customer Security Programme (CSP). Such information is furnished solely for the convenience of
customers. Customers need not use any Provider in this Directory and are always free to make their own
choice regarding use of (i) a suitable internal independent assessment function (for example, customer’s
compliance or risk management or internal audit function) or (ii) a suitable external independent CSP
assessment provider of their own choosing, regardless of whether or not in the Directory. Each customer
must independently conduct its own analysis to determine whether any Provider is suitable for that
customer’s needs or purposes, including whether such Provider is suitably independent (for example, the
Provider’s assessment will not be influenced by any other commercial or other relationship it may have
with the customer). Any relationship between a customer and a Provider is independent, and without
involvement, of SWIFT. SWIFT is not responsible for the accuracy or completeness of information or for
maintaining up-to-date information. SWIFT does not certify, warrant, endorse or recommend any
Provider or any of its personnel or staff. SWIFT is not responsible for determining whether or not any
Provider possesses sufficient independence to carry out an unbiased and objective assessment of a
customer’s self-attestation against CSP prescribed security controls. SWIFT shall not have liability or
responsibility for any act or omission of any Provider or any of its personnel or staff with respect to any
assessment, advice, service or product.

SWIFT EXCLUDES ALL LIABILITY (TO THE EXTENT PERMITTED BY APPLICABLE LAW)
FOR ANY COSTS, LOSSES, CLAIMS, DAMAGES, EXPENSES OR PROCEEDINGS OF
WHATEVER NATURE INCURRED OR SUFFERED BY YOU ARISING DIRECTLY OR
INDIRECTLY IN CONNECTION WITH YOUR USE OF THIS DIRECTORY AND ITS CONTENTS,
OR DUE TO ANY UNAVAILABILITY OF PARTS OR ALL OF THE DIRECTORY.

These Terms of Use are governed by the laws of Belgium.