Managing your delivery risks during the uncertain global payment transformation

Participants will be required to adopt this standard to continue operating in the ecosystem. Migrations are being coordinated globally with strict dates for cutover to ensure interoperability. Organisations have until 2025 when the current message format is switched off, requiring use of the new messages to make payments with central schemes.

The new message format brings opportunities for organisations to improve processing, enhance analytics and provide better services for their customers.

While the transformation brings many benefits, with such a large-scale industry wide transformation, there are significant risks to consider. In the UK alone, 10 billion payments were made across the CHAPS, Bacs and Faster Payments schemes in 2020, with a value of almost 95 trillion pounds. Migrating to the new messaging format will impact billions of payments worldwide, causing systemic risk in the industry. Many banks operating globally will have over 30 migrations, one or more for each central bank they connect to, with changes impacting their whole architecture from core payment processing to customer facing systems. The dates for these migrations are also constantly changing, including the recent four-month delay by the European Central Bank which may also impact other migrations planned for 2023.

With such large-scale transformation programmes and far-reaching impacts, it is critical that participants focus on identifying and mitigating risks within their programmes and ensuring readiness for each cutover. Understanding where to direct efforts to mitigate risks will be essential to get the most ’bang for your buck’. The real danger for participants will be giving attention to the wrong risks and expending programme resources in some areas and missing issues in others.

Participants should conduct an assurance review on their global ISO 20022 programmes to identify areas of greatest risk to ensure they are set up for success. While participants are currently working to identify and mitigate risks, an insular perspective has focussed their assessments on internal risks. It is important for participants to understand wider risks in the ecosystem and the dependencies across their peers through independent assurance.

From working with participants across the globe, our experts have identified key risks for participants to consider:

1. Consider the impact of later transitions when making architectural decisions

The many migrations between now and 2025 will require different levels of ISO 20022 maturity. Due to tight timelines, participants may design their architecture for the most immediate transitions without taking a strategic view of what functionality will be required for later transitions. This could lead to higher risk changes being delayed to later phases of their transformation, when time and budget contingency is lowest. As well as increasing the risk of later migrations, this approach will lead to greater re-work in the architecture.

It is important to mitigate this risk and understand which areas of your architecture you should invest in up-front. To do this, review your current architecture to assess where you can maximise the benefit of ISO 20022 and reduce the overall complexity of technical change by implementing a strategic architecture as soon as possible. Continue to horizon scan other ongoing change programmes to ensure that decisions are not purely driven by the regulatory change required for ISO 20022, but that they also benefit the wider organisation.

2. Ensure sufficient effort is allocated to non-functional requirements and design

The new message format means that the typical size of an ISO 20022 message is significantly bigger than current payment message formats in circulation. Many participants have a legacy payments architecture that has been in use for decades. To reduce the overall risks associated with the transformation, many will have decided to decouple the transformation of their payments’ engine from their ISO 20022 implementation.

While this effectively reduces the functional risk when the new standard goes live, little effort has been spent to assess the non-functional impact on performance. This is exacerbated by the fact that the central banks which have already implemented ISO 20022 typically have low transaction volumes for key global participants and many new features of the message format may not be used yet, leading to a smaller message size. This gives a false sense of security that their architectures are fit for purpose in the long term from a non-functional perspective.

Organisations should assess their requirements and design approach to ensure that decisions appropriately consider non-functional aspects, particularly performance and capacity as message sizes increase and higher volumes of payments are expected. Focus should also be placed on non-functional testing and simulation with test data, including stress testing of larger payload sizes, service virtualisation and buddy bank testing.

3. Take a modular approach to delivery to be resilient to changing timelines

The scale of the transformation and coordination required across central banks and payment schemes worldwide means there are many milestones over which participants have little control. Industry payment schemes have delayed and changed the scope of milestones several times due to the complex nature of the transformation.

Programmes need to operate within pre-defined budgets, staffing plans and technology infrastructure plans. Changes to scheme launch dates can lead to significant re-planning efforts and wasted resources building capabilities that cannot be utilised until a later date. Opportunities may be lost to re-prioritise work to focus on capabilities that have become more time critical.

Partitioning a programme to minimise dependencies between delivery components eases the pain of adjusting to changing timelines. Done well, agile methodologies offer one approach to this. Prioritisation, to ensure that foundational and the most critical aspects are delivered first ensures robustness to subsequent changes.

4. Manage key supplier concentration risks across the industry

The nature of the transformation and the payments industry means that most participants are dependent on suppliers who provide solutions for multiple other players in the industry. Such suppliers are experts in the technology they provide and often reduce the risk to participants who seek a solution which is tried and tested in the industry.

While this reduces the technical risk, the high levels of dependencies on suppliers across the industry means that delays or issues with their deliveries could have far reaching impacts on multiple participants.

Organisations should assess their supplier and vendor management practices to ensure that they have sufficient oversight of the solution being delivered. This can be achieved through transparency to identify potential delays early, and clear traceability through requirements, scope and tests to ensure the solution meets expectations. Vendors should be asked to provide early beta releases of their product and provide demonstrable progress with working software.

As a global ecosystem change takes place across the banking industry, it is important to follow an approach that considers the technical and programme risk factors outside of your control.

By making strategic architectural decisions and ensuring sufficient consideration for non-functional design, organisations can ensure they are ready for the future of ISO 20022, and the flexibility it will demand. Creating an adaptive delivery programme with strong vendor management will enable organisations to meet ever-changing industry demands and maintain control when responding to changing scope and timelines. Together, this will improve readiness for each transition, whilst reducing overall risk to the industry.