The data-driven revolution in risk management

ISO 20022 enables financial institutions to adopt data-driven risk management strategies, enhancing security and control as financial fraud becomes more complex

April 2, 2025

8 mins

Corporate & investment bankingTransaction banking

As digital transactions surge and fraud becomes more sophisticated, the ability to harness high-quality, structured data has never been more critical. Financial institutions (FIs) need to shift towards smarter, data-driven strategies, and ISO 20022 is the key enabler of this transformation.

Redefining the foundation for payments

The financial industry is counting down as the MT/MX cross-border coexistence period comes to an end. By November 2025, legacy formats will no longer coexist and will be replaced by ISO 20022, the new payment language. 

“The current systems were revolutionary in their time, but they can no longer support the future demands of the financial landscape,” said Danielle Sharpe, Head of FI Clearing Product, Standard Chartered.

ISO 20022 was conceptualised in 2004 as a response to the growing inefficiencies in legacy payment messaging systems. For decades, the financial industry relied on MT formats introduced in the 1970s. These formats have become increasingly obsolete for the complexities of modern finance, constrained by limited fields and unstructured data formats.

Despite its technical nature, the implications of ISO 20022 are broad. “At its core, it’s about harmonising the way we communicate in payments,” Sharpe added. “We are moving from a world of limited, truncated data fields to one where over 1,000 structured fields give us unparalleled clarity and control.”

A study showed that as much as 10 per cent of cross border payments trigger some form of alert, and 99 per cent of those are usually false positives. Such inefficiencies not only strain compliance teams but also delay legitimate transactions, impacting client experience. “There is a lot of friction in the system today and a lot of opportunity. ISO 20022 will be able help us get there,” she said.

The new frontier in financial security

Sharpe’s career in the financial industry began in law enforcement, where she investigated financial crimes. This frontline experience exposed her to the sophisticated tactics used by fraudsters, reinforcing the importance of data-driven risk management in today’s complex financial ecosystem.

“The richer data in ISO 20022 messages helps uncover patterns that previously went unnoticed. ISO 20022 is not a silver bullet against fraud, but it is a massive leap forward,” she explained.

Financial crime detection has traditionally relied on static, rules-based models that trigger alerts based on predefined criteria such as transaction amount, location, or counterparties. While effective to a certain extent, these systems have also been plagued by high false-positive rates, creating operational inefficiencies and customer friction.

ISO 20022’s machine-readable XML schema enables FIs to leverage advanced technologies such as artificial intelligence (AI) and machine learning (ML). These tools can process data predictively, identifying patterns and anomalies more effectively than traditional static rules-based systems.

Additionally, the ISO 20022 standard introduces more detailed payment metadata, such as purpose codes, remittance information, and payer-payee relationships, allowing for a more nuanced understanding of transactional intent. This level of granularity is crucial for combating fraud typologies like authorised push payment (APP) fraud, money laundering, and synthetic identity fraud, which cost the global financial system billions annually.

Sharpe noted that the future of fraud prevention lies in smarter systems. “It is incredibly important to leverage the ISO 20022 structures, standardisation, and ability to be able to ingest the insight into downstream systems.”

From ‘Cuba’ to clarity

The shift to ISO 20022 is not just about compliance; it is about transforming operations. As Sharpe explained, in sanctions or monitoring, there are numerous payments that are impacted and disrupted because the payment formats are unstructured, and this requires human intervention.

“In today’s systems, a restaurant name like Cuban Eats might trigger a compliance alert because it contains the word ‘Cuba.’ With ISO 20022’s structured fields, these false positives can be eliminated, allowing teams to focus on the real risks.”

Unstructured data often causes unnecessary red flags, consuming valuable resources and slowing down transactions. ISO 20022’s clear segregation of information within payment messages addresses this directly. The new standard also enhances automation by aligning payment data with predefined structures. This reduces the likelihood of formatting errors that disrupt transaction flows.

Furthermore, ISO 20022’s capability to integrate seamlessly with downstream systems enables banks to resolve exceptions more quickly, ultimately improving client service levels.

Industry-wide harmonisation and resiliency

The global financial ecosystem has long suffered from fragmentation, with domestic and cross-border payment systems often operating in silos. ISO 20022 addresses this challenge by fostering interoperability. Harmonised schemas ensure that payment messages can flow seamlessly across different systems, reducing friction and enabling banks to reroute payments during disruptions.

“A unified standard allows financial institutions to operate consistently across jurisdictions, even in crisis scenarios,” Sharpe noted. However, she acknowledged that achieving true interoperability requires overcoming challenges such as data localisation requirements and nuanced downstream expectations.

How will ISO 20022 play a role in addressing resiliency for banks and potential systemic risks?  “I think the benefit from a resilience perspective is high. Consider a scenario where the payment systems or certain infrastructures are down, and you still need to be able to keep things moving.”

“That is challenging, because depending on the RTGS that your payments are destined for, it really could drive a difference between the schema that’s used and the payment format that is required. While it is a step in the right direction, the local requirements for mandatory fields will still create challenges even if ISO 20022 CBPR+ is in place,” Sharpe added.

November 2025 is just the beginning

The migration to ISO 20022 is well underway and its significance is not underestimated. Platform transformation takes time, requiring organisational commitment and strategic planning, particularly as the changes extend to a number of MT-based systems and processes developed over the years.

With various message types in scope of migration, Swift has emphasised the importance of prioritising instruction messages and Swift’s data reveals that as of March 2025, 35.3 per cent of global payment instruction traffic has shifted to ISO 20022. With less than nine months until the November 2025 deadline, FIs are gearing up to meet the new standards to avoid operational disruptions and competitive disadvantages.

Sharpe said that Swift has made it clear that if FIs are not ready by November 2025, natively or through the use of converters or contingency solutions, they will risk being excluded from international payment systems, and there is still “a long way to go.” 

However, November 2025 is not the finish line – it’s just the beginning. While FIs must be ready to send and receive ISO 20022 messages natively or through contingency measures by this deadline, the real transformation will unfold over the years that follow. This shift is not merely a compliance exercise but the foundation for a broader, data-driven payments evolution. FIs that treat ISO 20022 as a one-time regulatory hurdle will miss out on its long-term benefits, while those that proactively integrate its structured data into their systems will gain a competitive edge in the evolving financial ecosystem.

This migration should not be seen as just a compliance requirement, it is a strategic opportunity. Sharpe emphasised the need for FIs to move beyond a “check-the-box” mindset and focus on leveraging ISO 20022 data for business value.

“I think it’s important for us to not only look at this as a means to an end or meeting a compliance deadline. We should ensure that we can do something meaningful with the data. What clients are going to expect from us is the benefits that we are bringing to them out of this wide migration.”

Myth Buster: Is ISO 20022 a silver bullet against fraud?

A common misconception about ISO 20022 is that the standard alone can solve all risk management and operational inefficiencies.

“On its own, ISO 20022 does not solve our problem,” Sharpe cautioned, highlighting the paradox of richer data. “At first, it might actually lead to more false positives as we adapt to the new volume and complexity of information. It is incredibly important for us to tune the downstream systems and not just hope that because we have the extra data in the in the fields that will be a silver bullet for us to be able to be excellent and proficient at our risk management.”

In the first episode of the “ISO 20022 Made Simple” podcast series, Danielle Sharpe, Head of FI Clearing Product and Sunday Domingo, Global Head of Digital Channel Solutions, demystifies the potential implications of ISO 20022 for the banking industry. Tune in via Spotify and Apple Podcasts.