Making the most of ISO 20022 to help tackle financial crime compliance

As firms prepare for ISO 20022’s November 2022 SWIFT and April 2023 CHAPS go-lives, the remaining quarter of this year is critical. Now is not the time to down tools.

Having supported the inception and rollout of ISO 20022, we predict that by end 2023 over 90 per cent of the world’s high value financial transactions will use the new standard. ISO 20022 will introduce standardisation, structure, and greater richness in payments data, and become the de facto international standard for payments messaging and reporting.

However, while firms focus on technical readiness, not enough consideration has been given to the downstream impact on financial crime (FC) controls. 

Ready your organisation and your systems

Many firms have prioritised core systems updates to support ISO data processing but robust readiness extends beyond system changes. Firms need to ensure full organisational readiness.

All impacted staff across first and second lines need to understand the impact of ISO 20022 for their role. By providing targeted training for affected personnel, you can educate staff on how ISO 20022 impacts their responsibilities as risk owners and stewards. Operating procedures also need to be updated to reflect the new standard. Without these critical updates, significant knowledge will be lost when the current message types are turned off in 2025.

Improve risk mitigation across all financial crime controls

Having guided several international direct participant banks to develop CHAPS readiness plans, we found that payments data is not always effectively used within FC screening and monitoring.

Yes, screening tools will be updated to capture and process ISO payment files, but FC controls relating to money laundering, sanctions evasion and fraud must be updated to use additional payment information for improved risk mitigation.

Three key areas firms should be exploring:

  • Sanctions screening: ISO makes it significantly more effective to screen sanctioned entities, including PEPs, monitoring against fields that previously contained shortened and often inaccurate data. Integrating the new payments format into screening controls will improve true positive rates and reduce operational impact. This will also produce a smoother end-customer experience and faster payments processing.
  • Transaction Monitoring: The identification of money laundering typologies beyond typical risk factors – such as high-risk geographies and rapid movement of funds – often requires experienced investigative resource to provide case-by-case insights. Firms should familiarise themselves with ISO 20022’s new format to capitalise on additional remittance data, including structured information on debtors and creditors. Accessing more complete payment fields will improve the identification of typologies – specific combinations of risk characteristics within transactions that pertain to criminal activity. Teams will also improve their understanding of end-to-end payment flows and counterparty verification, resulting in more robust risk coverage
  • Fraud monitoring: Higher-quality data will improve the identification of fraudulent payments and enable more efficient fund recovery. This will also enable the shift towards real-time monitoring and tackling of more complex fraud risk. To benefit from the additional data, firms should examine existing fraud monitoring controls, identify pain points, and overlay with higher quality data.

The devil is in the data

Additional data within payment messages could create further benefits for firms, leading to significant operational efficiencies and more effective cross-checking against customer risk profiles. This will ultimately feed into perpetual KYC models and enrich standard and periodic CDD processes.

More enriched and accurate payment information allows firms to understand customer spending patterns and trends, providing intuitive analysis. Through AI adoption and use of Natural Language Processing (NLP), ‘predicting’ customers’ financial requirements will become a closer reality.

ISO data is richer and more accurate but that does not automatically translate into more effective financial crime risk management. Firms must challenge whether they are effectively checking customers’ risk profiles, improving KYC models, and capitalising on the additional insights which ISO brings. An ISO 20022 health check can help FC teams explore the advantages of the new standard. The time to explore these opportunities is now.

Area of expertise: