Chat with anyone in the finance sector these days, and the topic of ISO 20022 is sure to come up before long. The new standard is pushing banking and finance entities away from decades-old niche systems towards the lofty goal of a common platform for the development of messages.
How? Why? And where does API management fit into all this? Read on to find out.
What is ISO 20022?
ISO 20022 is a banking and financial services standard that provides a common set of rules for communicating and exchanging data between financial systems. It covers most financial activities, such as foreign exchange trading and credit card payments.
Many banking and financial services have either adopted the standard or are planning to do so soon. This leaves organisations with little choice – they can either embrace ISO 20022 or be cut off from systems on which they rely.
ISO describes the standard as a “single standardisation approach (methodology, process, repository) to be used by all financial standards initiatives”. It is managed by an ISO technical committee whose members come from a wide range of industry organisations, including the European Central Bank, MasterCard, Swift and numerous national banks.
Swift’s role here is key. In August 2022, it enabled ISO 20022 messages for cross-border payments and cash reporting businesses on an opt-in basis, followed by general availability from March 2023. Swift is a major player in the financial messaging market and the primary contributor to ISO 20022. Its enabling of ISO 20022 messages will significantly impact the financial industry, with over 11,000 banks affected.
Are financial businesses ready for ISO 20022?
The critical challenge of introducing a universal standard such as ISO 20022 is to untangle legacy systems from incumbent standards. This won’t be an easy task for many of those in the banking and finance sector, meaning that organisations need to act fast.
Fortunately, multi-year coexistence periods give organisations the necessary time to adapt. Swift has committed to support the existing Swift MT standard for the next three years, to ensure that organisations can be ready for the cut-off when the coexistence period ends.
There are already numerous tools and services available that aid ISO 20022 adoption, including many that come from within the banking and financial industry itself. They target a range of needs:
- Translation and mapping for existing standards
- Machine-readable data schemas
- Middleware connectivity components
- General consultancy and training
Interestingly, there is a strong connection between these needs and the solutions provided by API management. Before we dive into that, let’s take a quick look at what the ISO 20022 standard entails.
ISO 20022 in depth
The standard is composed of three layers:
- The first defines key business processes and concepts, clearly defining the terminology used.
- The second defines logical data models and flows, representing the connections between objects and illustrating workflows.
- The third defines the syntax, specifying the information contained within objects.
The primary concerns of ISO 20022 are not technical implementation details but rather the conceptual ideas of processes, terminology, data models and flows.
The most commonly used data format for ISO 20022 is XML. As part of this, there are XSDs provided for each message type, which specify the structure, fields and validation. However, it’s also possible for messages to use a different syntax if it’s been agreed upon.
ISO 20022’s ambitious goals of becoming a unified standard have inevitably led to the specification being rather large:
- There are more than 700 messages and 775 business components, with the scope to add more.
- Some messages contain in excess of 100 fields, each with its own validation rules, leading to XSDs of over 1,000 lines.
- Due to the broad spectrum covered by ISO 20022, it’s unlikely that any one system will make use of all messages. Instead, they will choose the messages and processes that meet their needs.
ISO has helpfully published a searchable online message catalogue, which includes documentation and other useful resources, such as UML diagrams and XSDs. Swift has also provided tools for the migration process, such as mappings between Swift MT and ISO 20022.
How does API management fit with ISO 20022 adoption?
API management is well-positioned to assist in adopting ISO 20022. As part of the API request lifecycle, API gateways can take an active part in the process in four key areas.
API management can enable communication between incompatible systems by translating messages. Using an API gateway as an interpreter can therefore reduce the effort required to refactor support for ISO 20022 into legacy systems. The gateway can translate messages between client and server by opaquely handling the translation of messages during transit, enabling both parties to use their preferred protocols and data formats.
Using a gateway to intercept messages also enables legacy systems to gradually implement ISO 20022 compliance. Rather than replacing an entire system in one go, the changes can be introduced one endpoint at a time using the strangler fig pattern. Handy.
Transformation can also be a viable solution during coexistence periods, when interim formats, such as multi-format MX messages, may need to be used.
Financial entities can ensure the compliance of messages by validating against a specification and enforce data integrity by validating messages through the API gateway. Any messages that fail validation will be rejected with contextual error messages, allowing the sending party to understand why they failed.
The ability to write custom middleware as part of API management can provide solutions for edge cases. After all, only some problems can be solved with out-of-the-box solutions.
Custom middleware can be particularly useful with complex or unusual projects, such as the adoption of legacy transformations in ISO 20022. Freedom of choice over the implementation language also reduces the burden on development teams.
The richer data structures of ISO 20022 present exciting new opportunities to analyse and report on data. Again, this fits neatly with the role of an API gateway. Gateways record data about the messages they process, such as the requested API’s name or the request’s payload.
This data goes to backend systems for further processing and reporting. In the finance sector, access to better data can improve decision-making and make it easier for organisations to detect fraud and target financial crime. Should compliance requirements dictate, data can be redacted before storage.
Move it or lose it
The approaching coexistence deadlines will compel organisations to act or face losing access to critical services. As market momentum builds towards embracing ISO 20022, it will drive demand for solutions that simplify the process. Those solutions will involve a range of tools, with API management holding a rightful place in the tool kit.
If you’re keen to learn more about the business of APIs and finance and the role that API management plays, feel free to get in touch with the Tyk team for a chat.