Why banks aren't ready for ISO 20022

Invoice with payment details displayed on desktop computer screen
Adobe Stock

As digital payments become more mainstream and process faster, the risk of fraud and errors also increases. There is a potential solution that's been in development for years, though compliance still lags.

The ISO 20022 standard enables payment messages to include more detailed information organized in a manner that is consistent for all participants. ISO 20022 has been in the works for nearly a decade and is nearing a November 2025 target date for compliance, but a large portion of banks will not be ready.

Less than 40% of banks in North America and Europe are highly confident (seven on a scale of one to 10) in being ISO 20022 compliant in major use cases by the "go live" date of November 2025, according to new research from Finextra that was funded by Volante. And in the United States, more than one-third of banks say they will miss the deadline, according to KPMG research released earlier this year.

 The banks have had a lot of time to prepare for the standard, but payment experts say it's still a heavy lift with a long window to reap financial benefits.

"It's a massive undertaking to update the infrastructure that banks would need to revise to take advantage of this standard," said Jonathan Holland, vice president of account management at Mastercard and vice chair of the Cross-Border Payments Work Group at the U.S. Faster Payments Council. 

How ISO works

The International Standards Organization developed ISO 20022 with a sub-group of financial industry experts developing and managing the standard, and the global messaging service Swift acting as ISO 20022's guardian or supervisor. ISO 20022 was originally slated to go live in 2020 but was delayed due to the Covid-19 pandemic and related recovery issues over the past few years.

ISO 20022-formatted messages include a greater volume of data and more individualized information than traditional messaging protocols, according to the Federal Reserve, which administers the FedNow real-time payments network. The Clearing House's RTP network, real-time payment networks in Europe and most major bank core processors are ISO 20022 compliant. Large banks are mostly developing ISO 20022 systems internally, while smaller banks will likely rely on vendors.

ISO 20022 messages include a person or payor's name along with other identifiers such as an address, a secondary address, a building or apartment number, the sender's town, county, state, country, corporate affiliation and other details.

These details make it easier to spot potential fraud, mitigate processing errors and reduce the need for interpretation. Many ISO 20022 messaging fields allow up to 70 characters, which also allows more information in each field.

By contrast, non-ISO 20022 fields are open, meaning they are not dedicated to specific information, and generally have shorter limits in each field. Information can appear anywhere on the non-ISO 20022 form, and as such is open to interpretation if the field does not fully identify the parties in a transaction.

"This new standard breaks down information to make sure you have the right recipient," Holland said. 

The argument for ISO 20022

Since a real-time payment processes in less than 10 seconds, it leaves less time to vet transactions for fraud and to catch errors. More information better equips banks and other stakeholders to determine and ensure transaction integrity.

"There are many elements of the ISO 20022 equation when it comes to answering 'who should care?'" said Greg Murray, managing director and head of transaction banking product management at Santander. "Certainly the banks are a major beneficiary, and the clearing systems that the banks use to move money."

Companies that receive and make a large volume of payments also track and store payments records in enterprise resource planning systems, Murray said. "If these ERP systems haven't been updated, the benefits of ISO 20022 may not materialize."

Fraud and accuracy management requires banks to check identities, accounts and analyze if a payment is unusual for the sender based on transaction history. Under current protocols, payments may not have the necessary information if a risk-related decision has to be made instantly, Murray said. 

"For a faster payment, the more information you can provide the more likely that payment will be seamless," he said. "It benefits companies that do business with each other to have access to more data with more detail that is structured in the same way."

And while most real-time payment networks are capable of supporting ISO 20022, the lack of bank readiness challenges the maturation of real-time payments. 

"With [ISO 20022] it becomes easier to execute instant payments across borders," said Nadish Lad, head of strategic business and product at Volante, a financial technology seller. "Right now there is not a standard that works across all regions. With the new standard, banks can see more data." 

What's the holdup?

Banks face significant challenges in adopting ISO 20022, said Enrico Camerinelli, strategic adviser at Datos Insights. 

Hurdles include a lack of education, difficulty in upgrading legacy infrastructure and uncertainty about client readiness. "Lower-tier banks struggle with compliance requirements, while many institutions need guidance on implementation," Camerinelli said. "And concerns exist about standard degradation and the ability to effectively utilize the enriched data."

The usual route for a payment includes several stops from the initiation to settlement that includes bank processes or products, requiring technology that needs to be adjusted to support ISO 20022.

According to Lad, the steps include:

  • Orchestration. The transaction is routed through the most efficient and cost-effective processing option. This includes traditional processors and payment facilitators, or firms that help merchants and other organizations to manage payment options.
  • Authorization. This includes authentication and ensuring the payor and payee are legitimate. Real-time payments place stress on authorization given the short processing time.
  • Accounting. Payments in nearly all cases are routed to corporate accounting systems. Banks enable or offer this linkage as a value-added service to their clients.
  • Cross-selling. Emerging trends such as embedded finance link payments and payment enrollment to other financial services.
  • Billing. Real-time payments includes emerging use cases such as Request for Payment, which pairs invoicing to instant processing to reduce overdraft risk and improve visibility into cash positions. 
  • Notifications. The statement that a principal intends to make a payment, including amount, date, invoice numbers and the type of transaction. 
  • Reconciliation. This ensures that a payment or list of payments that are owed are the same as the payments that appear on bank statements. 
  • Settlement. The completion of the transaction, which enables the receiving business to access the funds. Real-time payment systems like the RTP network and FedNow are designed to settle payments in less than 10 seconds.

"It's a challenge for banks to handle all of this data for all of these touchpoints," Lad said. "Some banks are being left behind because of their legacy architecture."
The ISO 20022 standards could improve fraud protection with the addition of more robust data, coupled with advanced AI-powered analytics, making payment security more proactive in an instant settlement environment. The expanded data from the new standard could also provide more information for statements, such as context for transaction histories, balances and in-coming and outgoing payments.

Santander's Murray, who "strongly recommends" banks adopt ISO 20022, said banks should consider extensive training on all functions that are performed during a payment.

Camerinelli said banks should focus on education and demonstrating benefits to clients to facilitate ISO 20022 adoption. He pointed to benefits such as faster settlement, improved reconciliation, and enriched data capabilities that are important for cross-border transactions.

"Providing guidance, especially to lower-tier banks, is crucial. Helping clients update file formats and consume data is key," Camerinelli said, adding that emphasizing use cases like enhanced analytics and positioning all benefits can drive adoption.

Staff also need to be trained or hired to support the more complex and detailed messaging fields.

"People have to understand that this is not just a technical problem," said Barry Tooker, a principal and consultant at TransactionBanker.com. "There's also a huge learning curve, there's new fields and new formats."

For reprint and licensing requests for this article, click here.
Payment standards Payments
MORE FROM AMERICAN BANKER