ISO 20022: The journey to becoming ISO native

By now, ISO 20022 is well-known in the Financial Services industry as a standard like no other; a recipe for eliminating cross-border barriers and for creating harmonisation, innovation and resilience in the industry. Major banks around the world are racing to meet the fast-approaching mandatory deadline for sending and receiving ISO messages this November. Yet even market-ready ISO doesn’t mean banks are automatically ready for instant payments. The journey to real migration can be difficult.

And so, the question arises, what must banks do internally and externally to become ready to implement the changes that ISO 20022 requires? What benefits would a more robust messaging standard bring to both the Financial Services industry and its customers? And how can financial actors combat other issues related to instant payments, such as fraudulent payments? We asked Camilla Åkerman, Secretary General at the Nordic Payments Council to share her insights – a taste of what is to come this October at MoneyLIVE Nordic Banking.

How must banks ensure they are market-ready for the upcoming ISO 20022 deadline this November? Are banks around the world really on track for preparation?

The change of payment format to ISO 20022 via TARGET2 with a planned start in November will have a large impact on banks. A prerequisite for success is to have secured resources at an early stage and developed a strategy which includes the necessary IT. Planning is essential to implement the changes that ISO 20022 entails. The IT strategy may in the short term involve using a conversion service and thereby reducing development requirements. However, this does not mean that greater development needs will be avoided in the future.

To ensure that banks are market ready for the upcoming ISO 20022 deadline, one should consider that there are different categories of banks and that the preparations may therefore differ somewhat. If the bank is an international full-service bank with many different banking products, they will also have a more complex payment infrastructure compared to a bank that operates locally and offers a limited number of banking products, thus has a simple payment infrastructure. Banks which have a large part of their IT operations outsourced to a partner can also influence how to prepare for ISO 20022 in November. To be market ready, the banks, regardless of category, need to have a dedicated management that allocates resources to be responsible for informing and supporting, both internally and externally, about upcoming changes and timetables. To give some examples: Internally, everyone needs to understand how the change affects their own organization and work processes. Externally, customers and business system suppliers need to be able to develop changes in the business systems and analyse whether the changes affect work processes. In addition, information and support resources must be allocated to address and resolve any errors discovered during the tests that are in full swing with TARGET2 and other banks. It is important to carry out as authentic tests as possible through, for example, end-to-end tests between systems. Finally, there must be an organization that is ready to take care of any issues at the start date and for some time thereafter e.g., IT-related issues or customer support.

It is difficult to say whether all banks around the world really are on track for ISO 20022 implementation in November. The planned transition of SWIFT’s MT format to MX format via TARGET2 has already been postponed once and is now scheduled for November this year. It is a large change affecting many actors which needs to be implemented. However, there are some shortcuts available for the banks as they can convert the various SWIFT formats for a temporary period. Hence, the November timeline should be possible to meet for most banks. An interesting question in my opinion is whether all banks will be ready if conversion is no longer allowed.

“To be market ready, the banks, regardless of category, need to have a dedicated management that allocates resources to be responsible for informing and supporting, both internally and externally, about upcoming changes and timetables”

What are the tangible short- and long-term benefits that ISO 20022 legislation will bring?

The benefits of ISO 20022 have long been communicated by various actors: a global standard-based payment format that enables greater interoperability, provides improved compliance and interbank communication, enables increased automation and streamlined reconciliation processes, and is the basis for innovation of better customer experiences. ISO 20022, with its data-rich format, is perfect for end-customers who demand real-time, 24/7 service and for companies and e-retailers which need support to meet their customers’ needs and demands.

A question is what advantages this brings in the short term. In my opinion, the timeline is rather long before we see the benefits of ISO 20022 in effect. According to the plans that have been communicated, the roll-out of ISO 20022 will take place per region, central bank, and currency, starting with TARGET2 in November this year and lasting for the next 4 years. (It is arguably a timeline which ought to be longer.)

Looking at the Nordics (except for Finland) and what advantages ISO 20022 means in the short term, one can note that it, in most cases, means a transition away from regional information-poor payment formats. As the transformation is planned to take place gradually – currency by currency – for the regional batch payments, with the possibility of cross border payments, starting September 2023 for Sweden, the regional payment service providers and companies will be able to harmonize their payment processes when reconciling payments for SEK payments with EUR payments. As the other Nordic currencies move to ISO 20022, the benefit of the new payment format will enable increased efficiency. Full effect for payments in the Nordic currencies will only come when all markets and banks follow the payment regulations found at the Nordic Payments Council (NPC) which aims to resemble the EUR regulations (SEPA) at the European Payments Council (EPC). The more data-rich payment format ISO 20022 also means that end customers can look forward to better analysis and reporting of their payments. Payment service providers can find new sources of revenue and authorities gain information to combat fraud more effectively. The improvements will thus be noticeable gradually and they might initially be experienced as costly without major benefits.

In the long run, ISO 20022 means a common payment standard for regional and international payments, batch payments and real-time payments 24/7 with the benefits stated in the introduction. My hope is that we can see regions and countries agreeing on a common interpretation of the ISO 20022 standard through similar payment regulations as those of the EPC and NPC to guarantee interoperability and enable efficiency for companies, payment service providers and business system providers. This is a prerequisite for achieving our ambition of harmonising payments and payments infrastructures.

“Payment service providers can find new sources of revenue and authorities gain information to combat fraud more effectively. The improvements will thus be noticeable gradually and they might initially be experienced as costly without major benefits.”

Is satisfying the minimum compliance requirements enough? What more could be done other than payments messaging standardization?

The globalization of products and services together with technology development and real-time payments has not only benefited individuals and businesses. It has also created certain opportunities for actors who have malicious or criminal intentions. In response, authorities have launched regulations such as the AML regulations and requirements for sanction screening of payments which banks must comply with. Introducing new payment infrastructures into existing fraud prevention systems increase capacity needs and hence risk delaying payments that are not subject to fraudulent activities. 

What can be done to more effectively combat fraudulent payments? The best thing would of course be if banks and authorities could be more proactive in identifying the true positives. Then resources are allocated to the right tasks and thus support authorities in the exercise of their authority in a more efficient way. Attempts have been made – the central organisation of the payment infrastructure (e.g., ACH) develops methods to be able to see patterns in payments and thus catch suspicious payment patterns for certain individuals and companies. Another requirement that creates trust regarding payments is for all account-holding institutions to carry out comprehensive customer surveys (see the Know Your Customer regulations – KYS), hence regularly checking their customers. As a customer, it can be perceived as difficult and unnecessary to answer many questions. Therefore, it would be relevant to consider whether KYS could be done in a more automatic way. A common central platform for information disclosure between banks and authorities and information sharing, within the framework of the regional regulations that guarantee personal integrity, could be a further measure. To conclude – the faster payments can be sent, the better banks and authorities need to be at identifying and stopping those who try to exploit systems and harm others.

“What can be done to more effectively combat fraudulent payments? The best thing would of course be if banks and authorities could be more proactive in identifying the true positives.”