MX ISO 20022 implementation, cross-border transactions and the impact on regulatory compliance projects

The migration of transactions to the newer ISO 20022 format is keeping banks busy these days. What is the impact on compliance related sanctions screening of cross-border transactions? This article collects some experiences gathered during compliance projects.

Many projects related to the message format in cross-border transactions are currently active in banks. The main buzzword here is ISO 20022. This is an ISO standard specification for messages used in international banking. The importance of this format, particularly in Europe, comes from two running implementation changes:

1. The European Target consolidation project Target 2/T2
2. The SWIFT network changing according to CBPR+

Both these transaction messaging network related changes will modify the technical implementation of messages in the respective networks and will go live in November 2022. While the Target consolidation will go live with a big bang on this date, the CBPR+ implementation will start with a transition phase ending in 2025. Participants will need to adapt and migrate their processes and technical systems.

In general, this XML-based message format standard and its different message types become more and more widespread around the world. Harmonisation of the message format is a big advantage, which always constitutes one of the main reasons stated for the change.

However, changing the technical format within a bank is a massive task. Parts of the technical infrastructure may have to be changed. Multiple applications involved in the message processing need to be evaluated, upgraded or replaced − from the payment system to compliance-relevant components such as transaction screening applications. The format of the bank’s data mapping must be defined, implemented and checked. Involving and aligning departments across the bank is key to a successful implementation of these changes. Often, external support is required to cover the workload.

Compliance applications, such as real-time sanctions screenings, are a piece of the puzzle involved in this change, but they sometimes come into play very late. It is crucial for a bank’s compliance that these components are working properly.

Technically, the XML-based format is already used within the European Target network for SEPA transactions alongside the MT FIN format. Looking at the details, SEPA uses a format based on the ISO 20022 standard. At first glance, it looks similar to the new format under the changes, but the small differences in implementation can cause a lot of effort to make the new type of messages work.

Another major change in this T2 network is that more functional options are available for banks, e.g., liquidity management and instant payment settlements. The overall process of clearing changes and the functionality for instant payments require very short processing-times for messages. These features utilise additional technical message types that make technical changes necessary regarding formats as well as expectations in processing time.

Worldwide, the message text format (MT) is currently used in the SWIFT network alongside the MX format. As the MT format is outdated and has too many disadvantages, it needs to be replaced. A transition of message types over time is already foreseen.

Besides harmonisation, a major advantage of MX over MT messages is the better structured data. One example is the differentiation between name and address information:

Is there an impact on compliance systems screening cross-border transactions against sanctions lists?
The general answer is yes, as it is part of the process chain of the bespoken messages. When planning these changes, it is important to include the compliance department with its business needs and technical implementation in the discussion as early as possible. The size and scope of necessary change depends on several aspects. Two major aspects faced in projects are:

1. Banks utilising different message formats for different business processes in different networks: It may be the case that only MT transactions are currently used in the bank, with only a few message types, or that the bank has a lot of offerings making all types of messages necessary.
2. In some banks, the ISO standard is already known and used. Therefore, only small network-specific adaptations may be needed. But for customers currently using MT messages only, this is a major change.

What is the impact from a regulatory compliance point of view?
First big question: Are XML-based messages already used? In case they are not used yet, the effort for the implementation of data delivery including data mapping, configuring the system and testing the implementation of T2/CBPR+ changes can be significant. This effort is reduced to some degree when XML-based messages are already in use (for example for SEPA). The applications may already have a basic business configuration and the staff is experienced in handling XML messages. In any case, the setup should be tested against the business expectations to ensure the functionality of the application for the compliance department.

Technically, it is a format change that must be implemented across applications and payment streams. The integration point of the sanctions-screening solution is one factor: Does the sanctions-screening software read the plain messages as-is or is it called by another application and the interface uses proprietary data fields prepared by the calling application?

Depending on this factor, either the complete application must be prepared for the new messages and re-tested, or the implementation change must be performed on the calling application. However, the overall solution needs to be re-tested for proper sanctions screening of the message content. It is important that the necessary fields, e.g., the names of the acting parties, BIC codes and account numbers in a transaction, are correctly fetched from the message content and processed within the compliance solution.

End-users of the compliance department may have to be trained in handling the new message format. The general appearance of the message and content of the fields can look different. Therefore, also the investigators may need training for effective handling of alerts of these new message formats.

Something to be considered as well are changes in volumes respective to the different transaction formats. This may be relevant for infrastructural topics such as the technical sizing of the applications involved in the different payment streams. Also, it is expected that processing times are getting shorter. In many cases, the architectures of the systems are changed so that they can process data 24/7 and with high availability if this has not already been done.

In the coming months, the implementation and support efforts in the projects will focus more and more on proper testing of technical and business configuration to ensure a successful go-live in November 2022. And of course, my colleagues at msg Rethink Compliance and I look forward to working with our customers to achieve the goal of a technically stable and operationally compliant screening of their cross-border transactions in the future.