Tender - 2024

We require the following services: -


i) An independent party review of our self-assessment of our compliance to the MEPS+ security guidelines and MEPS+ contingency requirements [Annex 21 of the MEPS+ Operations and Contingency Manual for Participants and Non-Participants and

ii) An Independent assessment on our annual self-attestations to SWIFT Customer Security Framework

For the Independent review of our self-assessment of our compliance to the MEPS+ security guidelines and MEPS+ contingency requirements , you would be required to:


1. evaluate if bank’s policies and procedures are adequate and conduct testing to verify the effectiveness of the checks and controls against the MEPS+ security guidelines;

2. provide its opinion on the adequacy and effectiveness of Bank’s control environment and rectification measures in the report. The report should also set out the gaps and deficiencies noted, including follow up action and timeline to remediate the gaps and deficiencies.

3. the opinion expressed in the written report could be in a “positive” or “negative” form of expression per the Singapore Standards on Assurance Engagements (“SSAE”) 3000.

For the independent assessment on our annual self-attestations to SWIFT Customer Security Framework you would be required to perform the following exercise


  1. Examine the Bank’s policies, procedures and documentation related to SWIF CSP compliance.
  2. Review incident response plans, risk assessments and security-related documents.
  3. Conduct interviews with key personnel who are involved in SWIFT operations and security
  4. Review the processes, controls and security measures in place including logs, reports and other relevant data.
  5. Review the penetration testing and vulnerability scanning to identify weaknesses or vulnerabilities in the SWIFT environment
  6. Evaluate the bank’s compliance with both mandatory and advisory SWIFT CSP controls, including user authentication, incident response and risk management.
  7. Test the Bank’s incident response plan to assess its effectiveness in responding to security incidents related to SWIFT transactions.
  8. Evaluate the Bank’s risk management practices, including risk identification, assessment and mitigation as they pertain to SWIFT CSP.
  9. Prepare a detailed assessment report that outlines the findings of the assessment. This report should include:
    • Identified areas of compliance and non-compliance with SWIFT CSP controls.
    • Recommendations for remediation and improving security.

The external assessor should be experienced in conducting SWIFT CSP assessments and holds at least one industry-relevant professional certification, for example. the Cybersecurity and Infrastructure Security Agency (CISA) certification.

Both reports has to be submitted not later than 31st December 2024.

If you are able to take up the assignment, kindly provide us with a detailed quote, that is for the above assignment not later than 30th September 2024, together with the following information

  • Details on Background of the firm, partner etc.
  • Qualification and Experience of the Auditors assign for performing the above task.
  • Number of man days estimated/required to complete the task.