The Swift Customer Security Programme (CSP) defines specific architecture types in itsCustomer Security Controls Framework (CSCF)documentation to classify how Swift users connect to the Swift network. These architecture types help determine the applicable security controls based on the user’s connectivity and infrastructure setup. The architecture types relevant to this question—A1, A2, A3, and A4—are outlined in theCSCF v2024(and prior versions like CSCF v2023), which is the latest framework as of March 06, 2025, unless superseded by a newer release.
Step 1: Understand the Scenario
The question specifies that the Swift user relies on ansFTP server(Secure File Transfer Protocol) to connect through anexternally exposed connectionwith aservice provider or a group hub. This implies that the user’s Swift environment involves external connectivity, potentially managed by a third party (service provider) or a centralized entity (group hub), rather than a fully self-managed, local setup.
Step 2: Define Swift Architecture Types
According to theSwift Customer Security Controls Framework (CSCF)and supporting documentation (e.g.,Swift Customer Security Programme – Architecture Types Explained), the architecture types are categorized as follows:
A1: Messaging Interface Only (Local Deployment)
The user operates a local Swift messaging interface (e.g., Alliance Access/Entry) with no external connectivity to a service provider or hub.
Connectivity to Swift is direct and locally managed.
A2: Messaging Interface with Connectivity Service (External Connectivity)
The user operates a local Swift messaging interface but connects to Swift via anexternally provided connectivity service(e.g., through a service provider or third-party connection).
The connection point is exposed externally to the service provider.
A3: Hosted Messaging Interface
The Swift messaging interface itself is hosted externally by a service provider, and the user accesses it remotely (e.g., via a browser or client application).
No local messaging interface exists at the user’s site.
A4: Group Hub or Shared Connectivity
The user connects to Swift via agroup hubor shared infrastructure operated by a parent entity, affiliate, or third-party provider.
This may involve centralized messaging and connectivity services shared across multiple entities.
Step 3: Analyze the Scenario Against Architecture Types
sFTP Server Usage: The use of an sFTP server suggests a file transfer mechanism, commonly employed in Swift environments to exchange payment messages or files with external parties (e.g., service providers or hubs). This aligns with scenarios where connectivity extends beyond the user’s local environment.
Externally Exposed Connection: The phrase “externally exposed connection” indicates that the Swift user’s infrastructure interfaces with an external entity (service provider or group hub), ruling out a fully self-contained setup.
Service Provider or Group Hub:
Aservice providertypically implies a third-party entity managing connectivity or hosting services, which could align withA2(external connectivity) orA3(hosted interface).
Agroup hubsuggests a shared infrastructure within a corporate group or consortium, pointing towardA4.
Step 4: Match to Architecture Types
A1: Does not apply. A1 requires a fully local deployment with no external connectivity reliance. The externally exposed sFTP connection contradicts this.
A2: Applies. If the Swift user maintains a local messaging interface (e.g., Alliance Access) and uses the sFTP server to connect to a service provider’s external infrastructure, this fits A2. The “externally exposed connection” aligns with A2’s requirement of relying on an external connectivity service.
A3: Unlikely, but possible with clarification. A3 involves a fully hosted messaging interface (e.g., no local Alliance software). The question does not explicitly state that the messaging interface is hosted externally, only that an sFTP server is used for connectivity. Without evidence of a hosted interface, A3 is not a strong fit.
A4: Applies if a group hub is involved. If the sFTP server connects to a centralized group hub (e.g., a shared Swift infrastructure within a corporate group), this matches A4. The “group hub” reference in the question supports this possibility.
Step 5: Conclusion and Verification
Based on theCSCF v2024architecture definitions and theSwift CSP Architecture Types Explainedguidance:
A2is confirmed because the sFTP server and externally exposed connection suggest reliance on a service provider for connectivity, with a local messaging interface assumed unless otherwise specified.
A4is also applicable if the “group hub” scenario is active, indicating shared connectivity infrastructure.
The question asks to “choose all that apply,” and since it specifies “service providerorgroup hub,” both A2 and A4 are valid depending on the context. However, A2 is the most universally applicable based on the sFTP and external connection details, with A4 as an additional fit for group hub cases.
References
Swift Customer Security Controls Framework (CSCF) v2024, Section: Architecture Types.
Swift Customer Security Programme – Architecture Types Explained, available via Swift’s official documentation portal (swift.com).
Swift CSP FAQ, clarifying connectivity and hosting scenarios.
