The
deadline for ISO 20022 – the new standard for electronic data interchange between financial institutions – has been notoriously changeable. Back in March 2020, Swift delayed the original migration
date for cross-border payments by 12 months (from November 2021 to the end of 2022) as banks struggled with decommissioning and preparing existing infrastructure for the transition. A
string of subsequent delays by various jurisdictions and institutions ensued.
Fast-forward to present day and migration to ISO 20022 is still in the outbox. However, Swift has asserted that the current deadline for cross-border payments will not move; organisations are set to migrate to the ISO 20022 CBPR+ standard by November 2025.
What is CBPR+?
CBPR+ is the ISO 20022 standard for cross-border payments and reporting. CBPR+ messages are exchanged via FINplus – the InterAct store-and-forward messaging service designed for ISO 20022 in a many-to-many setup.
Of the November 2025 migration, Swift
says: “The CBPR+ working group is creating new usage guidelines for the camt.025 (‘receipt’) and admi.024 (‘correspondence’) messages. We expect these guidelines to be available by the end of 2025 and mark another important milestone in the evolution of
CBPR+ standards. Hybrid postal addresses will also be introduced and enabled as part of that release. During a 1-year ‘grace-period’ CBPR+ messages will support a fully structured, hybrid or unstructured postal address for all agents and parties across CBPR+
messages.”
Once implemented,
ISO 20022 for CBPR+ will be a game-changer for the global payments space – instilling richer, structured, and more granular data; improved analytics; and end-to-end automation.
How ready is the industry?
In its December 2024 end-of-year review, Swift
revealed that while ISO 20022 adoption grew by 6% in the last quarter of 2024, under a third (32.9%) of organisations had adopted the new messaging standard. With just several months until the ISO 20022 CBPR+ deadline, the final sprint for financial institutions
(FIs) has begun.
And a frantic sprint it will be; Swift has made it clear that this deadline that will not be deferred – meaning FIs which do not comply in time risk facing severe payment disruptions and even penalties. For now, at least, the co-existence period remains
in place, with legacy MT and the ISO 20022 formats accepted.
Why the delay?
For good reason FIs have been migrating more sluggishly than expected. The shift to ISO 20022 comes against a backdrop of wider core banking system modernisation efforts and a deluge of regulatory demands. In some cases, these have not been mutually exclusive.
On 17th January 2025, the European Union’s
Digital Operational Resilience Act (DORA) went live, binding FIs to a clutch of security requirements across information technology (IT) incident and supplier management. Running alongside this have been updates to the
Basel III framework, as well as preparations for the arrival of
PSD3 and PSR.
It has been the challenge of FIs to place adequate resources and capital into both compliance and innovation drives.
How should FIs comply?
FIs should already be well on their way in conducting internal assessments that analyse the impact of ISO 20022, and laying out action plans to effectively respond. There are soft tasks – such as aligning teams and ensuring clear timelines, responsibilities,
and milestones are agreed upon – as well as hard tasks, like upgrading legacy payment systems.
A Finextra
article on the ISO 20022 countdown notes that when Swift’s coexistence period ends, MT messages that need to be converted will be subject to additional FIN network validation and will also be flagged to recipients as having been converted:
“Swift has made is clear that ISO 20022 will not be made backward compatible with MT, so MT messages that cannot be translated will be NAK’ed (non-acknowledge). In order to prevent institutions from facing these consequences, it’s crucial that organisations
are ISO 20022 compliant and compatible by November 2025.”
Looking practically at ISO 20022 migration, there are six key steps that FIs must undertake:
1. Adopt official definitions – Swift advises that banks base their implementation processes around the official message definitions published by the ISO 20022 registration. These can be found in the
Catalogue of Messages.
2. Employ valid message instances – One of the benefits of ISO 20022’s extensible markup language (XML) is that the XML schema definition (XSD) permits easy validation of message instances. In line with the advice of Swift, the XML messages
must, among others, be valid against the corresponding XML schema published in the Catalogue of Messages.
3. Be wary of the constraints – The constraints of ISO 20022 are outlined as rules and guidelines in the
second part of the Message Definition Report (MDR). All messages and data must be validated against this list.
4. Use registered code values – In its ISO 20022 implementation compliance
document, Swift underlines a distinction between internal code sets and external codes sets, for message definitions.
5. Mind the business application header – When receiving a message, a bank must ascertain, among other pieces of information: the identity of the sender and receiver, the purpose of the transaction, a reference, the creation date, and the priority.
6. Be aware of supplementary data extensions – The “supplementary data” field within ISO 20022 messages enables users to insert information that is not encapsulated by any other component. However, use of this element is subject to
strict rules.
For more detail on the technicalities of ISO 20022 compliance and maximising preparedness, read Finextra’s article on the topic,
here.
A shared purpose
Executing the ISO 20022 migration successfully is vital. From the new levels of standardisation this regulation seeks to instil, the financial services sector can expect greatly enhanced straight-through processing, with reduced costs, errors, and manual
interventions. Many of these objectives harmonise with the
G20’s roadmap, which looks to supercharge the cross-border payment experience.
With November 2025 set for final ISO 20022 for CBPR+ migration, it is sink or swim for FIs looking to compete on an increasingly fast-paced, modern, and interconnected technology landscape. Once again, effective change must happen from the ground up.