SIBOS 2019: ISO 20022, SWIFT gpi, APIs and Real-Time Payments

This episode on the Payments Podcast features Marcus Hughes discussing some of the key points of this year’s event, specifically on ISO 20022, gpi, APIs and Real-time Payments.

Podcast Transcript

Rich Williams: Hello. I'm Rich Williams, host of The Payments Podcast, and today we’re going to talk about highlights and takeaways from Sibos 2019, which this year was hosted in London. 

Today I'm very pleased to be joined by Marcus Hughes, Head of Strategic Business Development at Bottomline Technologies. Welcome back, Marcus. 

Marcus Hughes: Hello, and thanks for having me. 

Rich Williams: Now, for anyone not familiar with Sibos, could you begin by describing the event? Who it’s for and what it’s all about.

Marcus Hughes: Well, for me Sibos is really the most important conference of the year for the transaction banking industry. It’s hosted by SWIFT, which is the largest global financial messaging network. 

Their secure messages, exchanged on this mission-critical network, cover domestic, cross-border payments, foreign exchange trading, securities processing, and of course trade finance. Just to give you an idea of its scale, in total these messages represent about $6tn of value every day. 

Sibos is therefore really the go-to place for the latest expert views on where the industry is heading. 

This year’s Sibos, in London, attracted more than 11,000 professionals, from banks, FinTech firms, and consultancies from all around the world. That’s a record in terms of attendees. As always it was a highly enjoyable and informative event with really great networking. 

Rich Williams: Thanks, Marcus. 

What were the biggest topics for you this year?

Marcus Hughes: Well, as usual discussions covered a wide range of topics. Payments, compliance, data security. There were standards, securities processing. Modernising trade finance, one of my favourites. And of course digital innovation. 

But for me the most important topics were really ISO 20022. What banks need to do about this imminent, large-scale migration and how they're going to benefit from it. 

Second was how a major cross-border payments initiative called gpi is really helping to make payments faster, more transparent, and easier to trace. 

I guess third was the rise of real-time payments, which are being adopted now all around the world. 

And, finally, what are the new challenges and opportunities in compliance and the fight against financial crime? 

Rich Williams: Plenty of big topics there to explore further. Could you tell us more specifically about ISO 20022 please?

Marcus Hughes: This is a really important programme and it goes across multiple market infrastructures. 

The good news is that this message schema known as ISO 20022 is now globally accepted as the best way to standardise and modernise all payments and financial messaging. The adoption of a network-independent standard will make interoperability so much easier. 

The bad news is that the migration from SWIFT MTFIN to ISO 20022 is going to require intensive preparation and actually the deadline dates are already getting closer by the day. One major obstacle is the difference between ISO and FIN messaging. 

The migration means that banks need to carry out a load of alignment work and even implement some temporary solutions, which they’ll be using for a few years, until this multi-phase migration is completed. 

It is a complex process, but ultimately it’s going to lead to more flexible and detailed messaging, which is therefore significantly more useful for the whole industry. 

Rich Williams: What challenges do you foresee with the migration to this standard?

Marcus Hughes: Well, systems are going to need to be able to process more data and at faster speeds to cope with instant payments and messages. We need to remember that the ISO 20022 message contains substantially more data than the legacy formats. In fact, two or three times more data. During the transition period of coexistence there’s a major risk of data being truncated. 

The natural tendency for different flavours to emerge is also a challenge. By that I mean one market infrastructure will require certain fields to be populated. Whereas another market infrastructure will require these fields. So it’s going to be very different. 

And some market structures will adopt a big bang approach to migration. That’s a one-step migration. But others will undoubtedly choose a multi-step migration. 

So it’s going to be highly challenging for banks to keep pace with all these nuances and variants. 

In summary, many banks will face large, costly projects, touching many parts of each bank and its systems. I don’t think it’s an exaggeration to say that the ISO 20022 migration could be the European payment industry’s greatest challenge since the launch of the euro. 

Rich Williams: Wow. 

Is there a scheduled timetable for this migration, Marcus?

Marcus Hughes: Yes, and it’s tight. The plan is that by 2025 ISO 20022 will be adopted globally for all payment messaging. 

In the near term, major changes have been planned for several European payment market infrastructures. The European Central Bank’s Eurosystem and EBA Clearing are modernising their infrastructures, by migrating TARGET2 and EURO1 from the legacy FIN MT message type to ISO 20022’s MX standard. 

As many listeners will know, TARGET2 and EURO1 are both systemically important, high-value payment systems. And the deadline for all this migration is November 2021. Very soon. 

The US Fedwire and CHIPS payment systems are going to be following close behind, with migration set for 2022, with the rest of the world following suit by 2025. 

What’s more, the global financial community has decided to start migrating cross-border payments to ISO 20022 from November 2021. 

So the CBPR+ Market Practice Group is defining ISO 20022 usage guidelines in preparation for this very ambitious migration. 

As early as 2023 we’re expecting ISO 20022 will dominate higher value payments, covering 79% of volumes and 87% of values across the whole world. 

On this big subject of ISO 20022, it’s actually worth noting that some countries, such as China, India, Japan, and Switzerland have already made the move to ISO 20022 in recent years. So they’ve got a good head start, and they're obviously benefiting from those changes. 

Rich Williams: There’s a lot of dates there for our listeners to take notice of. 

Marcus, what are the main advantages of ISO 20022 compared to more traditional MTFIN messages?

Marcus Hughes: Well, the switch to ISO 20022 or MX standards will allow payments to carry a great deal more structured data, as well as standardising payment formats that were previously inconsistent. 

Regulators love this, and they're pushing the move to ISO 20022, because it’s going to make it easier for banks to comply with requirements for transaction screening and AML reporting. 

Another important advantage is that ISO 20022 messaging is going to really increase efficiency. This will result in lower cost and higher straight-through processing rates. 

The increase in information provided in these messages can also be used to enable easier real-time tracking of payment messages. It’s also going to reduce the risk of errors, as users will be able to include additional payment details and references, which will help reconciliation. 

MTFIN and ISO 20022 messages are going to coexist for four years, until 2025. In 2025 SWIFT support for the MT100, 200, and 900 message types is going to end. At this stage no end date’s been set for securities messages, which are category MT500, nor for the messages for trade finance, which is MT700 series. 

To support this migration, SWIFT’s going to offer a central translation service, accessible via API. This is going to help format conversion between MT and ISO 20022. Most important, the service will also store any truncated data and the original message, so available for investigation. 

At Bottomline we’ve already worked extensively with ISO 20022 formats. For example, SEPA transactions and the recent switch to ISO 20022 in Switzerland. And we’re looking at ways to make this multi-phase transition easier for our customers around the world. 

Rich Williams: Thanks, Marcus. 

So companies need to start planning and talking to the experts, like Bottomline, and certainly our customers should be doing that as well. 

Moving on to the next topic, could you explain some of the background of the SWIFT gpi and why it’s so important please?

Research Yes, this was a really hot topic at Sibos. Perhaps the most important focus of the whole event, I would say. 

Gpi stands for Global Payment Innovation. Although the industry really has universally adopted the acronym gpi. 

This initiative was launched only three years, and it’s already enabling fast, traceable, and transparent cross-border payments on a large scale. 

Its traction and success has really been pretty impressive. To the point that for me gpi is probably the single most important initiative by SWIFT I’d say in the last 15 years or so. 

The statistics are impressive. There’s 600 banks live. Over 50% of SWIFT cross-border payment messages, which are known as MT103s, now go via gpi. That’s more than $300bn of value per day. 

And 40% of those gpi messages are being credited to the beneficiary within just four minutes. That’s not bad at all compared to the two or three days that just a few years ago were the norm for SWIFT messages. And 90% of gpi messages are now being settled the same day. So tremendous progress. 

This brings significant benefits to a treasurer, in terms of speed, reliability, and predictability. So we can see an end to those old complaints that SWIFT cross-border payments are slow and opaque and inefficient. 

Rich Williams: That’s all very exciting. 

How does Bottomline fit into all of this?

Marcus Hughes: Well, we help our customer banks and corporates to access these benefits. 

For example, at Bottomline we’re exploring an important enhancement to gpi as part of our Cloud-based payments and cash management platform. This will be a multi-bank gpi solution, based on gpi for Corporates’ pay and trace service, which is also known as g4C, another acronym. 

With a few exceptions, at present multi-bank corporates can only access gpi via the e-banking platforms of their various banks which are offering gpi. This means today they can only see information relating to each bank on its separate e-banking system. That’s instead of all aggregated information being available on a consolidated basis via a multi-bank platform. 

Enabling corporates to access gpi via a multi-bank platform like Bottomline’s is going to make it easier for corporates to benefit more fully from gpi in a multi-bank environment. 

It will be the corporate payment hub which applies a unique end-to-end transaction reference, which is attached to the payment throughout its lifecycle. This makes it easier to track, to reconcile, and to provide accurate reporting. 

This applies to all cross-border payments, whether they're in MTFIN or XML format, during this transition that we’ve been talking about. 

And the payment hub’s dashboard is going to allow users to track payments, and more importantly to manage exceptions more easily, without the need to raise queries with the banks, which can be slow and costly.

Rich Williams: What else is planned for gpi?

Marcus Hughes: That’s a good question, because the roadmap really is full of new value-add solutions. These new products will improve the speed and efficiency of payments. 

Just for example, SWIFT plans universal adoption of gpi by the end of 2020, so that all 11,000 banks on the SWIFT network will benefit from universal confirmations. That means of course that the sending bank will receive confirmation that funds have been credited to the beneficiary’s account. Today hundreds of banks are already providing this conformation, but this would be extended to all banks, whether a bank is on gpi or no. 

In addition, SWIFT have plans for a stop and recall service for payment instructions which have already been released into the SWIFT network. 

There’s also a new pre-validation scheme, which is going to enable banks to send and receive API calls over SWIFT, which will be used to check beneficiary information with the ultimate receiving bank. 

This information checking is performed before the payment is made. So the banks will then be able to quickly correct any errors and thereby reduce delays and costs of payments that might get misdirected. 

Incorrect beneficiary information on payment instruments is responsible for over 50% of rejected cross-border payments. Such a mistake is really expensive, in terms of chasing failed payments, and it’s time consuming to correct. So the new pre-validation service will really improve straight-through processing rates. 

This cross-border pre-validation service from SWIFT is of course a bit like the Confirmation of Payee solution being launched in the UK, to reduce the risk of payments being sent to the wrong party. 

So it’s a really exciting time in payments. 

As we’ve seen, cross-border payments have become increasingly fast, and in many cases settled within a few minutes, but between 2% and 5% of cross-border payments are subject to enquiries or investigations. This results in a delay in these problem payments being settled, and this delay is often due to compliance checks but not always. 

Enquiry management is really costly and time consuming for banks. According to SWIFT research, this activity costs banks between 25 and 35 times more than normal payment processing itself. 

Although it’s only a small minority of the payments which are held up by errors or missing information, these exceptions are obviously frustrating, and time consuming, and really expensive to resolve, both for banks and their consumers. 

So a new gpi case resolution service, which has been successfully piloted, is really going to make it faster and easier to manage these payment investigations. 

Rich Williams: Marcus, you’ve already described many ways that gpi is helping banks and businesses to submit payments more efficiently. Are there any initiatives to make it easier and faster for banks and businesses to get paid?

Marcus Hughes: Yes, and that’s been a really big gap historically. There’s currently no standard cross-border collection instrument, even though of course many countries have their own domestic instruments, like direct debits here in the UK. 

In response to the big demand for easier cross-border collection, SWIFT and their partners are developing a cross-border Request to Pay instrument. This cross-border model is similar to the Request to Pay instrument which Bottomline is already testing and will be launching in the UK in a few months. 

Another way in which gpi will make accounts receivable more efficient is the inbound payments tracker service. This is going to give beneficiaries early notice of a payment just being released into the SWIFT network. This is really going to improve cashflow forecasting, and it’s going to make it easier to manage all those reconciliation processes.

Rich Williams: Jumping back to payments again, and specifically cross-border real-time payments, is that something that’s likely to happen anytime soon? As there are now so many domestic real-time payment schemes in place or being planned. 

Marcus Hughes: Yes, there’s some really encouraging progress on that front too. 

At last year’s Sibos in Sydney, which I really enjoyed, it was a fantastic venue for the event, SWIFT showed that real-time cross-border payments could be supported by directly connecting gpi with domestic real-time payment systems. In this case, Australia’s new payments platform. Settlement could be achieved in less than a minute from around the world. 

This work in instant payments has continued. For example, linking gpi with Singapore’s real-time payments system, which is called FAST. 

These domestic real-time payment systems are running 24/7, which makes a big difference of course. This means that a payment can reach a beneficiary in Singapore or Australia any time of the day or night, without having to worry about local cut-off times. 

This is like the real-time payments express solution which Bottomline has developed with our partner bank, Starling. This means other banks around the world could make and receive real-time payments into the UK Faster Payments system without even needing to join the scheme, so really streamlining that process. 

Rich Williams: So are global real-time payments becoming a reality now? And what’s happening with real-time payments in Europe specifically? 

Marcus Hughes: Yes. Real-time payments is another major trend around the world. According to SWIFT there are now 46 real-time payment initiatives that are live, and there are another 12 initiatives being planned or underway. 

In Europe there’s good progress on real-time payments. EBA Clearing’s scheme, called RT1, is really leading the way for adoption of real-time euro payments across Europe. 

They were the first pan-European infrastructure to launch SEPA instant credit transfers at the end of 2017. And they already have a good reach to some 2,300 banks across Europe, and they're processing over two million transactions a week. So this is a very good start. 

Regarding the big question of when mass adoption is going to be achieved, it is worth remembering that in the UK our Faster Payments service took 10 years to reach the now impressive levels of £1.7tn in value per year and two billion transactions in 2018. So we do need to be patient, I think. 

I also believe the proposed pan-European Request to Pay instrument is a really exciting initiative. This does show great promise and could in fact accelerate the usage of real-time payments across Europe, I believe. 

Another initiative, in May this year the European Central Bank launched another programme to extend the reach of instant cross-border payments by enabling gpi transactions to be settled via their TIPS system. 

TIPS stands for TARGET Instant Payment Settlement service, and it enables instant crediting of accounts at beneficiary banks all the way across Europe. So far 20 banks are participating in this trialling and so on, but it has great potential. 

Rich Williams: Based on what you’ve said so far, this is a rapidly changing environment and industry that we’re part of. What’s Bottomline’s role in this, Marcus? 

Marcus Hughes: This progress in real-time payments is great news for Bottomline, since the approach being adopted in the European Union and in the US is similar to the UK’s new access model, which was developed several years ago to provide easy and cost-effective access to the UK Faster Payments service. 

Bottomline was one of the first FinTech firms to become accredited as an aggregator service provider. That’s how we’ve enabled banks and non-bank institutions to obtain direct technical access to the Faster Payments central infrastructure. This proven expertise positions us really well to help with other countries who are adopting real-time payments and using similar models. 

Rich Williams: With all these real-time payment schemes planned or in place already, what trends are we seeing in relation to fraud, Marcus? And are we seeing that getting better or worse?

Marcus Hughes: That’s really an important challenge. Payments are definitely becoming faster, both domestic and cross-border payments, as we’ve seen. But banks do of course need to balance this market demand for faster payments with the regulatory requirement for proper controls on financial crime and risk management. 

One worrying aspect about the increasing adoption of real-time payments is that faster payments can also become faster problems. By that I mean with faster payments there’s a real-time risk of fraud. Hence control systems need to operate in real time, or else fraudulent payments will already have been released before the alert is raised. 

With the increase in cyber fraud it’s really essential that banks and businesses up their game, so they can ensure they have multiple layers of defence. This can help them keep ahead of the fraudsters. 

Obviously, security policies and procedures, as well as training, they're all vital for protecting an organisation against cyber fraud, but it’s technology above all that has a key role to play. 

So it’s essential to encrypt data, whether it’s at rest and data in transit. But it’s not just a case of protecting customer data. It’s also vital to do everything possible to detect and prevent fraudulent payments. 

Payment systems really must have a secure internal control framework, like secure access, segregation of duties, four-eyes approval workflow, full audit trail, and multi-factor authentication. 

Another valuable technique is to deploy transaction and user behaviour monitoring. This helps to detect unusual activity and this strategy really should form part of a bank’s layered cyber defence. 

Advanced analytics and profiling of user behaviour and transactions enables the system to understand normal transaction patterns and user behaviour. This data’s then used as the basis for detecting abnormal and potentially fraudulent transactions in real time. 

A powerful fraud analytic system combines rule-based detection with machine learning, which enhances the rules engine to reduce false positives. In this way, machine learning updates the system continuously. 

Today a payment fraud prevention system must have the ability to flag suspicious transactions and block those potentially fraudulent payments in real time. That’s because it’s important that these suspicious transactions are stopped before they're released onto the payment or messaging network. 

Rich Williams: Was there any news this year on the growing adoption of APIs? 

Marcus Hughes: Well, APIs are already well established as a secure means of communicating between systems. And they're really widely used in many day to day business activities, such as aggregating information on hotel and travel booking websites and so on. 

But in recent years APIs are having a really major impact on the financial services industry. The growing adoption of APIs is driven by new regulations, such as Open Banking and PSD2. It’s also driven by the emergence of FinTech firms, which are using Cloud-based techniques to help systems communicate with each other. 

And really it’s the consumer or customer user experience, and their preference for intuitive and fast systems, which is really driving the adoption of APIs in payments. 

But the industry’s approach is fragmented, and, worryingly, this really risks introducing friction. Unfortunately, this is in direct contradiction to the objective of using APIs to deliver a frictionless user experience and to connect innovative new ecosystems. 

When implementing Open Banking, the Competition and Markets Authority did recognise the importance of standardisation and interoperability, so it required the UK’s nine top banks to collaborate and develop a common API. 

So this makes it easier for third-party providers to exchange data and bank account information and to initiate payments, always with the customer’s permission of course, in order to deliver new services. 

In practice, the APIs used by the CMA9 are not identical regarding procedure and content requirements, but in broad terms they do have a common standard API. 

On the other hand, the European Commission has taken a completely different stance. They felt that imposing a single common API standard was anti-competitive. So the European Commission left the technical details of PSD2’s APIs completely open, encouraging market forces to define them. 

Unfortunately, this position really risks creating fragmentation, and a number of different consortia have been formed to develop their own APIs at a national or regional level. 

Probably a good example of this approach is the Berlin Group, which has about 40 banks and payment associations, and they’ve been defining a common API standard called NextGenPSD2. But this is only one of several other initiatives that have been set up in Poland, Slovenia, and France, for example. 

So ironically I’d say the EU’s decision not to impose a common API standard does actually risk creating unnecessary complexity to opening up bank data. This is because different banks and countries across the European Union are adopting different API standards. 

And that, in turn, really puts at risk the PSD2’s timeline and could ultimately impact the success or failure of this really ambitious undertaking. 

Other countries around the world who are adopting APIs and Open Banking principles face the same risk, unless they opt for some common standards and start making sure this is coordinated globally. 

Rich Williams: What’s SWIFT’s position regarding APIs, Marcus?

Marcus Hughes: Well, the financial services industry is definitely starting down a path towards an API-centric world, and SWIFT is of course adapting to this new normal of using APIs to exchange data. 

So they're developing an API ecosystem, which is going to make data consumption easier. They're planning to coordinate the development of API standards globally, not just for Europe. And as a second phase SWIFT propose to deliver an API platform for their bank customers. In other words, they're looking at becoming an API aggregator. 

At Bottomline I think we really welcome SWIFT’s approach to API standardisation, and they're very well positioned to coordinate the development of open API standards. They’ve definitely got strong credentials for this kind of work, and they're already the registration authority for ISO 20022, so they maintain the content and integrity of this messaging format. So this is really a logical extension into APIs for SWIFT. 

Rich Williams: As we come now towards the end of this podcast, what do banks and financial organisations need to prioritise going forwards?

Marcus Hughes: The first thing I’d say is that there’s never been a period of such unprecedented change in the payments world, with so many innovations and new regulations. 

For this reason it’s probably more important than ever that banks work with trusted advisors, who can help them develop a digital strategy and help them move forward faster and more cost-effectively. Cloud-based payment solutions have a really important role to play in this journey towards digitisation. 

I would say open, instant, and cyber are three key buzzwords to bear in mind. Open Banking APIs, real-time payments, and cybersecurity are all areas where banks need to focus and where they can upgrade their own operations and [differentiate 0:28:30] their customer propositions. 

So banks should make sure they have easy and secure access to the growing range of real-time payment systems all around the world, as well getting positioned to be proactive in Open Banking. 

Adoption of Cloud-based solutions is helping banks to manage their costs and insulate themselves from some of the complexity of the many changes going on in the marketplace, and this way they can also future proof themselves. 

In the exciting area of Open Banking it’s really important that banks capitalise on this opportunity to develop account information services and payment initiation services, rather than just doing the minimum to comply with these new regulations. 

But the key message is banks don’t have to undertake these projects all on their own. There are FinTech firms out there with the expertise and the technology to help. 

Rich Williams: Well, that was all very inciteful. There’s a lot to take onboard, but of course if you need assistance you should reach out to the experts for some assistance there. 

Marcus, thanks once again for joining us. 

Marcus Hughes: My pleasure. 

Rich Williams: Unfortunately, that’s all we have time for today. We’ll be back with some new podcasts very soon. In the meantime, you can listen to more episodes and all things payments at the touch of a button using your preferred provider. And we’ll see you all next time.