The opportunities and challenges of ISO 20022 for fighting financial crime

The improved and expanded ISO 20022 messaging standard is being heralded in financial crime risk management circles as the key to lowering the significant volume of false positives that firms have to grapple with in payment transaction screening. Certainly, ISO 20022 brings with it more structure, data, and meta-data delivered with greater integration potential. However, potential benefits will not be achieved automatically – firms will need to adopt technology that supports ISO 20022 and can exploit the new messaging standard’s data model, or they may wind up with more false positives than they had before.

Richer, better screening data

Screening using current messaging standards presents a significant challenge – data can be fielded inconsistently, there can be missing data, and the data is often of varying quality. This is because the basis for this messaging standard was created in the 1970s – for example, the address field does format street, city, or other address information, but is one large unstructured text block. As a result, it can be very challenging to accurately match the data from payment transactions against sanctions data. This typically results in a large number of false positives and considerable human intervention in anti-money laundering and sanctions processes.

In contrast, ISO 20022 is an international and open messaging standard for the financial services industry set by the International Organization for Standardization, an independent, standard-setting body. ISO 20022 is based on an extensible mark-up language (XML) format and is structured in a three-layer data hierarchy. Messages based on ISO 20022 provide distinct and specific data on the transaction’s parties and their relationships, such as actual and on-behalf-of information, intermediate and receiving roles, and their geographic location. The messages can also contain rich structured party data, extended remittance information, and special characters and expanded character sets. This rich amount of data contained in each message means that individuals and entities can be identified much more clearly – potentially dramatically reducing false positives.

This new data structure is a quantum leap from where messaging is today. Major market infrastructures such as SWIFT, the Eurosystem, the European Banking Authority, the Clearing House, the Federal Reserve, and the Bank of England have published plans to migrate to ISO 20022 between 2022 and 2025. Also, international financial crime entities such as the Financial Action Taskforce (FATF) and national regulators such as the Financial Crimes Enforcement Network (FinCEN) have already begun the regulatory and compliance work that will need to accompany adoption.

Benefit requires investment

However, firms will not automatically benefit from the transition to ISO 20022 in their financial crime programmes – there is quite a lot of work that most firms will need to do. For example, ISO 2022 brings with it many more data fields than the previous standard, and so financial crime technology will need to be able to screen all those fields, creating additional screening volume. Moreover, the increased volume of fields grows exponentially with each new message – creating a much greater overall quantity of data that financial crime technology will need to be able to process at speed.

Also, screening more fields will result in more alerts – that is a mathematical certainty – unless the financial crime technology has robust analytics that can maximise the potential that the ISO 20022 standard data has to offer.

In order to crunch all the new data, financial firms will need agile technology that has the scale and capacity to do so – it will need to be in the cloud. Firms will also need to work with financial crime technology that uses advanced matching technology that is able to cope with many more comparison objects. In some of today’s tools the matching technology shares a pedigree with the original 1970s messaging standard; some will not be able to adopt ISO 20022 without significant re-tooling.

Thinking strategically

Financial services firms that want to fully benefit from the adoption of ISO 20022 in their financial crime programmes will need to evaluate their current platform to see if it can meet these new demands – the answer is likely that it is not. Moving quickly now to bring in a financial crime technology platform that is ISO 20022 ready will deliver faster service within payment transactions, reduce customer friction, and greatly reduce the overall compliance burden. Firms that do not embrace the need for new technology could find themselves actually worse off, with accelerating levels of false positives.