What is ISO 20022?

When financial institutions exchange payments, they must also exchange essential data associated with them – for example, the payment amount, currency, sender and receiver, intermediary institution details, and other important information. This information needs to be structured to be usable by a firm. Unfortunately, the standards used to structure this data – and even to determine what data to include in the first place – have historically varied among firms, creating inconsistencies and introducing friction in the payment lifecycle. Financial institutions must often translate the data exchanged into a format that matches their standard in order to perform transactions. The lack of a central standard can lead to inefficiencies – and even misinterpreted information. 

What is ISO 20022?

ISO 20022 is a standard by the International Organization for Standardization (ISO) that helps financial institutions more reliably structure the data they exchange with each other during a transaction. It seeks to improve these data exchanges by creating a shared global standard between financial institutions to make the process clearer, faster, and more data-rich. 

With this in mind, what benefits might these efficiency gains offer to firms – both at a business level and, more particularly, at the level of anti-money laundering and countering of terrorist financing (AML/CFT)?

The Benefits of ISO 20022 

Although ISO 20022 can be used as a common standard, it also helps firms using different standards communicate better. It’s analogous to two people with different mother tongues who share the same second language. Without that common second language, they would be forced to translate directly from a language they don’t know. They would risk miscommunicating. But with a shared second language, each party can easily communicate with the other in a mutual language they’re confident in. Later, they can each convey the needed information to others in their mother tongue. 

Similarly, ISO 20022 can provide a bridge between firms that “speak” in different data standards. They are better able to communicate and less likely to make crucial translation errors. Thanks to this improved communication, ISO 20022 enables faster payments, better interoperability, less friction, and more reliable documentation.

Key Benefits to AML/CFT and Financial Crime Risk Management

Economist Dave Ramsden, Bank of England Deputy Director for Markets and Banking, situated ISO 20022’s benefits in the context of the “G20/FSB Roadmap on cross-border payments,” which focuses “on how a more effective use of and greater standardization of data could help to streamline AML/CFT and sanctions compliance.” Indeed, the new open data standard’s benefits have several specific applications to AML/CFT. Three key compliance areas especially stand to benefit from the standard:

• The Travel Rule (FATF R.16): ISO 20022 can potentially enhance firms’ compliance with this Financial Action Task Force (FATF) rule by enriching the available data and structuring it in a more accessible and standardized manner. The rule requires countries to collect identifying information from the originators and beneficiaries of domestic and cross-border wire transfers to ensure a reliable AML/CFT audit trail. 
• Transaction monitoring: As the new messaging standard becomes more widespread, transaction monitoring systems will have access to richer and more standardized data. This will help fight money laundering and other predicate crimes, such as fraud, while also reducing false positives caused by misread or missing data fields, resulting in more reliable transaction monitoring alerts.
• Automation and Artificial Intelligence (AI): In a recent interview, PwC Luxembourg’s Andreas Braun highlighted how FinTech companies exploit AI’s powerful data analysis to solve traditional AML and know-your-customer (KYC) cost/risk dilemmas. The data bears this out: in our 2023 State of Financial Crime report, 99 percent of firms surveyed globally expected AI to positively impact financial crime risk detection. But although regulators are beginning to show support, they are cautiously aware that the technology is still in its early days. 

Still, as Red Compass Labs highlights, better data resources like ISO 20022 can help AI mature – enhancing firms’ AML frameworks while offering use cases that encourage regulator support. By ingesting rich data enabled by the standard, AI and machine learning technologies can better inform their processes and mature at pace. (As a bonus, because the data is reliably structured, automation also stands to improve.) 

How Can Firms Prepare for ISO 20022?

3 Best Practices for Implementation

Based on extensive work with worldwide implementation initiatives, SWIFT has highlighted three industry-validated best practices for firms implementing ISO 20022:

• Begin with an ISO 20022 impact assessment. This assessment aims to create a tailored, realistic roadmap for implementation. It includes cost-benefit analyses across multiple areas and should comprise four main parts:
  • Business impact assessment – The goal is to understand the organization’s current business functions in light of how an ISO 20022 migration would impact them. The assessment should help firms plan necessary support for important frameworks (especially market- and customer-oriented infrastructures and functions) and realistic deadlines to ensure functionality and efficiency.  
  • Technology assessment – Similarly, the goal here is to understand the organization’s internal technical infrastructure at a detailed level – including how the migration will impact it. This should include analyzing current system capabilities in light of ISO 20022’s data processing requirements and assessing what resources (new or existing) will support those requirements.
  • Implementation roadmap and planned business architecture – At this stage, firms should use the data from their business and technology assessments to create a highly detailed blueprint for implementation. SWIFT emphasizes that this plan should cover “scope, phasing, and the expected organizational impact” in a granular and holistic manner.
  • Business case – Finally, the costs and benefits of the plan should be quantified and summarized, taking into account various phases and stakeholders and including strategic benefits.
• Follow with a detailed solution design. In this stage, firms should create a clear plan for how they will put the previous stage’s roadmap into practice. It should focus on the business architecture necessary to carry out the implementation successfully. The design consists of four layers:
  • Business – Design the flows for business processes and define guidelines for market practices.
  • Data – Align with ISO 20022’s Data Dictionary and open business model, map all data, and inventory the ISO 20022 data elements the initiative will use.
  • Application – Identify the technical requirements for new and existing solutions to interface with ISO 20022’s data processing requirements. SWIFT emphasizes that the “requirements should ensure harmonization across applications.”
  • Technology – Ensure processing and network adequacy, considering any differences that might impact performance with the new standard. Also, consider creating procedures for resiliency and recovery.
• Take a comprehensive approach throughout. Implementation roadmaps will look different for each firm, but regardless of size, the process must involve teams and stakeholders that reflect the project’s true breadth. This means (even for migration plans with a smaller scope) maintaining an open cross-departmental dialogue. And since the business and IT sides of the migration are equally important, the stakeholders involved should evenly represent both and oversee their own areas of expertise. It’s also crucial to centralize all the data involved so everyone can see and work from the same information source. This prevents needless inefficiencies and crossed wires.

Firms seeking a more detailed guide to ISO 20022 implementation best practices can consult ISO’s 2018 whitepaper.

Migration Challenges

A significant challenge firms must consider as they plan their migration to ISO 20022 is data management. On the one hand, the enriched, structured data the new standard enables is an excellent match for automation and (more importantly) artificial intelligence and machine learning (AI/ML). This, in turn, can profoundly enhance financial crime risk management – from AML/CFT to fraud prevention. 

On the other, firms must make detailed plans that will enable their applications, networks, and processing systems to support this enriched data so that their AI can use it. During the coexistence phase of the ISO 20022 migration, firms will also need to take measures that mitigate the risk of data truncation. If firms carefully map out their migration and create contingency plans, they will set themselves up to make the most of the improved data and financial crime risk management the new standard can offer them.

Conclusion

Although migration to ISO 20022 will present inevitable challenges for firms, it ultimately benefits them, the greater financial services sector, and the world that relies on those services. Aside from offering opportunities for key improvements in payment speed and interoperability, the global data standard also enables improvements in the world of financial crime risk management. Thanks to enhanced data that improves Travel Rule compliance and AML analysis, firms can expect notable improvements as the global community shifts towards greater reliance on ISO 20022.

Armed with the new open data standard and cutting-edge tools powered by artificial intelligence, AML/CFT teams can be on the front lines of proactive risk management, going beyond mere compliance to curbing and anticipating financial crime.