Are You Ready For ISO 20022?

ISO 20022 is a harmonized set of extensible markup language (XML) messaging standards across major financial services domains (cash, securities, trade, card, and foreign exchange) based on a shared data dictionary and business process model. It has emerged as an enabler of a single, common “language” for global financial communications that can assist organizations in responding to evolving demands. For businesses and financial institutions, ISO 20022 has messages for payments, cash management, and remittance information. ISO 20022, when implemented, provides a means to simplify and standardize treasury and payment operations, and may assist in reducing operational costs.

The standardized format of ISO 20022 messages allows information to be automatically reconciled, and will help facilitate real-time payments, and gives all parties more granular transparency of transactions. This information can also be used to develop value-added services that provide additional benefit to corporates. Furthermore, the additional information included with the ISO 20022 standard will also provide compliance departments with more information when performing sanctions screening or transaction monitoring and may enhance detection of fraud and other financial crimes.

How Does This Impact Financial Institutions?

The ISO 20022 standard changes mainly impact wire payments (SWIFT and Fedwire) and Automated Clearing House files. In 2018, global agreement was reached to migrate from the SWIFT Message Type (MT) standard to ISO 20022 in the XML message format known as MX for wire payments. The adoption of the MX format by SWIFT members will commence in November 2022 and co-exist with MT until the end of 2025, when MT messages will be phased out.

The Federal Reserve Banks will adopt the ISO 20022 message format for the Fedwire Funds Service on a single-day implementation in November 2023.  

Core system upgrades may be required
Financial institutions may be required to upgrade and modernize core systems to accommodate the new message standard. For example, the new SWIFT MX format can carry many more characters in each of approximately 1,500 message fields available. 

In some instances, the core system changes required to accommodate the ISO 20022 standard could have significant cost implications. Issues that a financial institution should consider include: 

• Dual processing requirements
• The differences in the specifications of various payment infrastructures to support the new ISO 20022 format, including additional data length in the new tags
• Proper data mapping—Pointing your filter/monitoring rules at the right data (especially since structured tags are not mandated until 2025)
• What MX and what tags in the new format need to be screened
• Existing transaction monitoring rules will no longer function, and new rules will need to be constructed
• Additional testing will be required before and after the ISO 20022 launch

Upgrade may require additional effort in short and medium term
The ISO 20022 standard will allow businesses and financial institutions to include significantly more detailed payment information such as counterparty and remittance information that either cannot be included or has no dedicated field for inclusion in the current payment format. Although the ISO 20022 standard permits more detailed payment information to be included with the payment, core systems may not presently capture this information. New data feeds or Application Programming Interfaces may need to be developed to meet the ISO 20022 standard. Although many platform vendors are currently developing tools and updates to accommodate the mapping of information, in some instances the business or financial institution may not currently collect all the information for the new required fields. There may be a need to modify existing procedures to facilitate the collection of additional information from customers or counterparties.

More robust payment information could result in the following:

• Increase in hit rate due to additional fields and more robust information
• Increases in the number of cases with additional party references
• Longer times required to review alerts or clear cases
• Interim uptick in work due to maintaining dual systems (MT/MX) or inefficiencies of having to manage multiple alert queues
• The ISO 20022 standard is fairly rigid, so accuracy of data populating fields is important, as even errors in punctuation may result in rejected transactions requiring manual review or correction
• To reduce rate of rejection, additional quality assurance or quality control may be required
• Policies and procedures for Alert Handling will require updating and additional training may be required

Benefits
There are significant benefits identified with deployment of the ISO 20022 standard, including:

• More targeted screening (e.g., potentially no need to screen address tags for individuals)
• Improve the understanding of what clients are doing with greater transparency
• Ability to view more detailed information to enhance financial crime investigations
• Facilitate faster payment processing
• Source of richer data to support business analytics
• Should improve overall efficiency with more reliable and consistent payment information

Key Considerations

Financial institutions should ensure that they are prepared for the adoption of ISO, which will impact technology, processes, governance, and employees. ISO will include new defined data fields and the need for financial institutions to recalibrate sanction and transaction monitoring systems and validate continued integration with payments systems. Preparation for the data-enriched ISO 20022 standard will require mapping information from legacy systems to new and expanded field tags. Although third-party vendors have developed mapping and conversion tools, and organizations such as SWIFT have published guidance on which new fields may be subject to sanctions screening, the guidance recommends that financial institutions take a risk-based approach to targeted screening, and will require individual financial institutions to make decisions on how it will undertake to extract data to populate the new fields and how it intends to deploy sanctions screening.  Financial institutions should check that any changes are reflected within their policies, procedures, formatting, budgets, and systems changes and updates.

To prepare for the additional information contained in new ISO 20022 messages, businesses and financial institutions should consider completing a coverage assessment of existing transaction monitoring and sanctions screening rules and scenarios to leverage the additional information for sanctions screening, AML, and fraud detection. The additional information will need to be assessed to ensure party names, including country and entity references, are being subject to sanctions screening. Transactions may need to be subject to enhanced review for references to goods subject to export controls such as dual-use goods. Extensive testing prior to and following implementation will be required and may produce transaction backlogs requiring review. It will also be important to implement robust data quality measures, given the increased rigor associated with the new ISO 20022 standard.

Because of the three-year migration period for SWIFT transactions, financial institutions will have to process both transaction formats and should review existing Sanction system rules and enhance them where necessary to include the equivalent ISO tags. Financial institutions must also decide whether they screen in the ISO format or initially translate ISO to MT. Operational teams will need to be trained on the new format in order to effectively perform their duties in mitigating Sanction-related financial crime. There appears to be less of an issue for Fedwire transactions, as the implementation is expected to take place all at once when the new ISO 20022 standard goes live in November 2023.

Call to Action

Guidehouse can rapidly review and assess your financial crime framework to determine whether it is operationally effective and meets the new regulatory expectations. Guidehouse’s experienced system specialists will be able to guide financial institutions during the transfer of historic Sanction and Transaction Monitoring system rules and support data mapping from payment application to the screening filter. Guidehouse can identify enhancements through system tuning in preparation for migration and advise on optimal solutions to improve efficiency.

Our team has in-depth knowledge of the regulatory environment in North America, UK, Europe, and globally, and best practices operated by financial institutions. Our relevant expertise includes: 

• An assessment of the new MX message format against existing data
• Data Assessments & Data Mapping
• Filter Testing
• Hit-rate reduction through rules calibration
• System configuration and testing
• Training
• Updating Policies & Procedures
• Model Validation
• Managed Services to assist with any backlogs or increased volumes of alerts/investigations

Guidehouse’s financial crime consultants work with financial institutions of all sizes to build effective and efficient risk management and compliance frameworks to help clients protect against legal, fiduciary, shareholder, and reputational risk. Guidehouse experts include distinguished former prosecutors, regulators, compliance officers, and consultants, who leverage their combined experience to help clients conquer their compliance challenges.