ISO 20022 drive goes beyond the deadlines

At this point in its development, ISO 20022 has become an interesting triangle of issues. Point number 1 is the undeniable advantages of the format and its potential for adding essential data to every digital payment interaction. At point two, we have the looming November 2022 deadline for incorporating the format into the global SWIFT (CBPR+) platform as well as Market Infrastructures such as CHAPS, Target2, TIPS/RT1, MEPS+, SIC & Fedwire. However, point three is arguably the most important – it's here that ISO is flexing its muscles into new use cases and functionalities. To explore all three points, we engaged Bottomline executives Charles De Rougé (head of SaaS solutions) and Colin Wood (senior fraud analyst for financial crime) in a Q&A. 

Colin let’s start with you. Part of your remit for most of your career has been to identify bad actors and sanctioned entities. We were interested to hear that you consider ISO 20022 to be a central tool in your efforts. How can a messaging format help with sanctions screening? 

Colin Wood (CW): If you’re trying to identify financial crimes and prevent them, it makes it so much harder when you have inconsistent, unformatted data attached to a transaction. Let’s say you have a suspicious payment from a questionable source, and all you have is the name and country of residence. That’s hard to work with. But with the global adoption of ISO 20022, we’re getting more rich data coming through the expanded data fields. You've got a name, you've got an address, you've got a city, you've got a country and you know what the transaction is being used for. So, if I'm going to screen the name or entity behind that purchase, then I could certainly go to the various security databases like the U.S. Office of Foreign Asset Control (OFAC). But in a world of real-time and ‘always on’, that is not always practical. As a result, I am helped immensely by the information in the new ISO20022 message. It's going to make my sanction screening more efficient. Therefore, I am helped immensely by the information in ISO. 

Interesting. Seems like it’s one of the use cases for ISO that goes beyond the standard advantages of richer payments data. Charles, what’s your take on how ISO 20022 is being perceived in the market? Should we be laser-focused on the November 2022 deadline? 

Charles De Rougé (CDR): Yes we should, but we also need to understand that it is the beginning of a process, not an event. Rather than seeing November as a mandatory period of regulation, see it as a new era of opportunities. The first step is achieving SWIFT connectivity and the ability to receive messages through its Interact Gateway. Most of the banks are incorporating this first step, which is what we call the ISO Connectivity phase. After that, there is a variety of planning depending on your risk appetite, the size of your market and your willingness to move from Connected to ISO Native. Normally, this “native” status comes with the transformation to ISO, the enrichment of the data and then the end goal will be embracing the revolution of new payment rails and new regulations. 

Charles, you mentioned data. Colin, is there a premium on having good data policies and good data quality if ISO will automate the process?

CW: Technology will help a lot, yes. But there will be other data challenges that will take time and good partnerships to fix. And I'm sure the structure of ISO 20022 on the international payment message side will evolve during the next year. Therefore, the way you maintain your data, the way you update it, the way you manage it – all of that is becoming a big part of what makes your payment processing and screening much more efficient and accurate. Not all the banks have the tools to manage all the additional data that comes with ISO 20022 and at the beginning, this data will be mainly on their central platform because a lot of the banks will have a hybrid legacy-digital infrastructure. Without the right data, we have a lot of empty boxes within the ISO format. By partnering with FinTechs, banks will be able to send, receive, and screen the new enriched messages. But on the core system, until that migration has taken place, we'll still have the good old empty box, which is, unfortunately, light on information and will continue to pose challenges to better STP rates and effective sanction screening.

Charles, do you see banks as data challenged? 

CDR: Well, data quality will be a big challenge and as I said solving it is not going to happen in one day. Our mantra on data as well as ISO migration is “connect, comply, compete.” It starts with that initial connection to the SWIFT gateway. That’s where you start to control the information from the transaction. It will require the right tools and the right partner if you use a SaaS platform and API connectivity. Rather than complicating the payments and the data, you can have one centralised point of connectivity. The old days of paying millions and millions through an onsite payment hub with layers and layers of legacy infrastructure are long gone. This is never going to happen again. The future is SaaS in the cloud, and the ability to connect and ultimately comply with the regulation. But then once you have those things, you can start adding new functionalities and new features, varying from sanction screening to fraud protection utilising machine learning, but also with new real-time payment rails. 

Colin, it seems like the industry and the companies in it have done a good job of communicating the basic benefits of ISO 20022. How do we communicate the additional benefits that we’ve just discussed? 

CW: By connecting the benefits with business outcomes. I'm quite certain that there are some compliance people out there that think anything that's happening with ISO 20022 is the hottest payment issue of the moment. However, I think what they probably haven't grasped yet is the effect it will have on their entire internal ecosystem. Operations & Treasury will be very pleased as it will reduce their workload because if they have the data right and the compliance filter is set properly, risk scoring will be lower. This means fewer false-positive hits and lowers the chance of missing a cut off time for a payment mechanism. The other side of the coin is that it’s also less work for the compliance people as having better quality data means they will have more efficient and accurate sanction screening. Accurate screening means that when a match needs reviewing, it's obviously a higher risk, and needs their analysis to make a decision. Ultimately, it's going to improve efficiency from an operation and compliance perspective. 

Click here to find out more about ISO 20022 & how it facilitates real change across your financial institution 

About Colin Wood

Colin Wood, Senior Fraud Analyst at Bottomline is CAMS qualified and is one of the company’s Senior Fraud and Financial Crime Advisors. Colin has over twenty years’ experience in Anti Money Laundering covering Payments and Static Data Sanction Screening, Transaction Monitoring, KYC and UBO unwrapping processes, Fraud Detection/Prevention, and Dual Use Goods/Export Control. He has also worked extensively in the banking industry, primarily in Banking Operations covering areas such as: Treasury & Securities Settlements, Interbank and Customer Payments, Risk & Compliance, and Trade Finance.

About Charles De Rougé

Charles De Rougé is Head of SaaS Solutions for the Financial Messaging business at Bottomline Technologies that helps banks, financial institutions, and large multi-national corporates to pay and get paid in a simple, smart, and secure manner. Charles is a payments and connectivity expert, with over 15 years’ experience in Corporate & Transaction Banking, Asset Management, Private Banking, and Treasury Management.

About Bottomline Technologies

Bottomline delivers a single SaaS platform for payments, securities and messaging that helps financial institutions and corporates to achieve lower costs, wider reach, speed-to-market, industry compliance, greater security, and improved risk management.