ISO20022: are we looking in the right direction?
In January, I commented on this website on the progress of ISO20022. Since then, little has changed, despite several initiatives that, one would have hoped, should have accelerated take-up. To be clear, I’m strongly in favour of anything that improves financial transparency. ISO20022 as a standard for communication could bring exceptional opportunities, not just to improve the safety and efficiency of payments, but as a tool to improve detection of malfeasance by pattern recognition and associated activities. With millions of uniformly structured messages to analyse, it should be possible to make global business far safer and more efficient.
The problem is that ISO20022 can’t deliver that in the current environment. I’ve already covered its poor information-to-structure ratio, which makes even the greatly expanded message capacity of SWIFT’s compliant system a significant limitation, but even that’s not the essential problem. Even given universal adoption and deployment of the standard, the dream of transparency and enhanced diligence can’t be realised without a universal means of communication.
But ISO20022 is a means of communication, surely?
Well, yes and no.
Is it universal?
Once fully adopted, it will allow connected institutions to share massively more data. SWIFT ISO20022 members can enjoy improved compliance, fewer RFIs and faster (and hopefully cheaper) international payments. That’s good news for SWIFT subscribers, but many smaller banks - and the majority of NBFIs - aren’t connected to the network. How do they access the ISO20022 information? It’s common for an international payment to pass through multiple participants. If any one of them isn’t a SWIFT member, the information chain breaks. This isn’t a criticism of SWIFT - it can hardly be blamed for establishing a persuasive market advantage - but an impartial body should consider how this shortcoming can be resolved.
Can it carry documents?
This is a crucial element; ISO20022 is a text-only medium. It can carry links to documents, but not the documents themselves. Unless a recipient is willing to execute an instruction purely on the transaction data in the ISO20022 message, they need access to separate storage. This brings us to the current methods of document sharing, which may include Dropbox, email, WeTransfer or even physical mail or courier services. All of these methods have security weaknesses, create delay and increase the likelihood of error.
Each time a document is exchanged via one of these methods, a new copy is created of each one. It’s a sobering thought to consider that all of us are probably exposed by multiple copies of our personal documents, scattered across unknown file sharing platforms and email accounts. Worse still, there’s no means of knowing that they’re all up to date or even genuine.
And here we come to the question at the top of this article: are we looking in the right direction?
ISO20022 as part of a comprehensive solution
We should be thinking far more creatively about what ISO20022 can bring, as long as it’s part of a joined-up solution. We can build a vast, standardised data bank that allows us to access all elements of a business interaction. It can connect every part of a transaction, including shipping movements, letters of credit and trade finance operations. Supply chains can be more effectively controlled, Processes can become more automated, and compliance can be greatly enhanced. Big data analysis can reveal new and as-yet unconsidered opportunities.
But none of this can work unless it’s tightly linked with a single, unified document repository. One that identifies every transaction and holds a single immutable record of every associated document, be it transactional, company-based or individual identity. The repository has to police updates and renewals, while retaining those documents that were current at the time of the transaction. The record should also hold its own copy of the ISO20022 message, which can then be viewed by all parties, whether or not they’re SWIFT subscribers.
Data collections must be identified by a unique key that can be shared by any means, not just through SWIFT messaging. The keys identify the collection, while access is granted at a granular level according to a secure protective vault.
The repository has to be ultra-secure, especially as quantum computing raises the approaching spectre of elevated hacking capability. It also needs to be capable of multi-region location to meet jurisdictional privacy requirements (a factor that’s tacitly ignored in many current cross-border operations).
These were the considerations that dictated the architecture for CertiQi’s eKeyiD concept. It runs on a platform-agnostic and quantum-resistant federated ledger system, It started life as a clean-sheet project to allow banks to interact transparently within the constraints of SWIFT MT messaging. It’s now a fully functional document and data exchange system that allows ISO20022 to deliver its promise. Because each collection can contain unlimited documents* of unlimited size, ISO20022’s information-to-structure ratio doesn’t matter, nor is it constrained into 199 data fields of restricted length.
Solid, dependable case analysis requires an undoubted and immutable source of truth. Without it, we’re trying to save a leaky ship by getting it into port faster. We need to look at fixing the leak.
* strictly speaking, what each collection contains is an internal reference to a document, not a copy of the document itself. There is only ever one current copy of any item, which can be referenced by any number of collections.