ISO 20022 Compliance Countdown Download By Edwin Oloo and Benjamin KellyThe new global messaging standard ISO 20022 provides a unified language for electronic data interchange between financial institutions. It is intended to result in increased transparency, speed and inoperability. It will also provide valuable enriched data to enhance financial crime compliance efforts. For those institutions yet to adopt the new standard, preparing for migration and dealing with the attendant compliance requirements and opportunities require thoughtful planning. And the adoption clock is counting down.IntroductionISO 20022 – the so-called new language of payments – was published in 2022 to create a common language for financial institutions and market infrastructures around the world which, in turn, will streamline payment processing and improved data analytics.As the global payment ecosystem aligns itself to ISO 20022, payment systems, such as SWIFT, have allowed for a co-existence period in which legacy and new message formats co-exist until the end of the full industry migration period which is scheduled for November 2025. Prudential regulators have not issued explicit guidance on their expectations during the co-existence period but, as a general rule, expect financial institutions to use all available data to meet their compliance requirements. The regulatory view of ancillary information treatment – such as that which ISO 20022 can provide – is demonstrated through a historical review of published violations. For example, financial institutions have been previously cited for not utilising information available (i.e., “knowable) within its systems but separate from the payment record itself. This can include information that has historically been communicated separately on SWIFT MT-199 messages – or even via e-mail. As that relates to financial crimes compliance, it suggests that financial institutions sending or receiving the new message format should make adjustments to their financial crime compliance programmes now, even if they are still within the co-existence period – which is also scheduled to end in November 2025 – to ensure all relevant data within an institution’s possession is being used to support sanctions and anti-money laundering (AML) compliance obligations. Download Topics Risk Management and Regulatory Compliance Digital Transformation Technology Enablement About the Authors Edwin Oloo is an associate director in Protiviti’s Risk and Compliance practice, specialising in regulatory compliance and advanced data analytics. He has over 10 years of experience building multivariable statistical and machine learning models in the areas of financial crime compliance, anti-money laundering, counter-terrorist financing, eDiscovery, customer risk-rating analysis, risk assessment, fraud, alert risk-scoring, forensics investigations and process automation. He is adept with data privacy laws and building machine learning applications adhering to GDPR requirements. Oloo delivers consulting and advisory services through a quantitative perspective, implementing project management best practices and advanced technical insights while identifying opportunities to integrate data-science solutions.Benjamin Kelly is an associate director in Protiviti’s Risk and Compliance practice with a focus on financial crimes compliance technology and data solutions. His client experiences span several Fortune 100 companies including multiple top 10 banks, multinational conglomerates, and insurance companies as well as several organisations across a variety of industries including credit card processing, electronics, vehicle financing, healthcare, and defense with focus over the last approximately 20 years on risk and compliance. Past employment includes solution delivery with a large, multi-national technology and services provider in both technical leadership and hands-on technical roles. How Protiviti can help Protiviti’s financial services practice can assist financial institutions with the following:Surge staffing support – Banks of all sizes are seeing an increase in customer service calls and other operational activities. As smaller banks make and field calls to reassure customers that their money is safe, larger banks must manage a surge in new account onboarding requests.Liquidity and capital – Board members across the industry are seeking reassurance that what happened to SVB, Signature, Credit Suisse, etc., won’t happen to their institutions. We’ve built a proprietary risk scorecard and industry-benchmarking database to help address this concern. We can also help banks with strategy and implementation of remediation activities if the initial risk diagnostic reveals concerns that need to be addressed.Reporting and data – Helping banks design more holistic key risk and performance indicator dashboards to measure financial risk (e.g., interest rate, market, credit, etc.) and build the data infrastructure to make this information available on a real-time basis.Regulatory compliance – We see the regulatory environment heating up in two main ways:As noted above, US regulators are under the microscope because of the banks that failed under their supervision and are dramatically ramping up the intensity of exams. We help banks prepare for these reviews and manage and resolve the issues (up to and including formal enforcement actions) that result from them. Over the medium-term, we expect supervisory policies to swing back in the direction of the original enhanced prudential standards passed as a part of Dodd-Frank and relaxed in the 2018 regulatory relief bill. Given the fractured political environment in Washington, we don’t necessarily expect significant new legislation in this area, but regulators have a number of levers they can pull to functionally raise the standards that banks are held to even if Congress does not act.Merger and acquisition integration – As banks are forced into mergers, have to sell assets, or are liquidated, a significant amount of integration work is created that the acquirer often does not have sufficient capacity to manage.
