As ISO 20022 becomes more prevalent as a message standard of choice, banks are wrestling with the compliance risks that come with implementing this standard.
For the last 40 years a name and address in Swift MT consisted of 4 lines of 35 characters each. MT focused on concise information as opposed to clarity since it was developed in the days of low bandwidth and leased data lines were every expensive. In addition, over the last few years there has been the requirement of AML screening against sanctions lists and enhanced KYC including more information about LEI, names and addresses of beneficiaries. Further, the MT formats only support a Latin syntax whereas the rise of Asian character sets like Chinese are required nowadays.
The ISO 20022 message definitions specified by payment providers include more data than the corresponding MTs used in cross-border business. If an ISO 20022 instruction is converted to MT for a cross-border leg, there is a risk of data being dropped or truncated. This creates compliance concerns because dropping data in end-to-end payment processing is unacceptable.
Incomplete data, truncated data, false positives around sanctions lists all lead to increased regulatory burden for banks. The cost of investigation of errors and customer service grows proportionally.
Banks must consider several thousand man-days of effort to ensure the data flows seamlessly. Some areas they will need to look at:
-Legal Entity Identifier reference look up database
-Source data for KYC with more accurate data capture at payment origination point.
-High value system gateway updates
-Updates from clearing system need to have a process to manage and apply the changes periodically
-Support of ISO20022 data, XML middleware, storage, and security
