Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Banking

ISO20022 is coming – but is the banking sector ready?

ISO20022 is coming – but is the banking sector ready? 3

ISO20022 is coming – but is the banking sector ready? 4By John Smith, Chief Technology Officer, EMEA at Veracode.

ISO 20022 brings a raft of new security benefits, but ensuring a smooth transition won’t be easy

At a time of huge turbulence and uncertainty, financial institutions are facing yet more upheaval, with the introduction of ISO 20022. From November, all financial institutions will need to have the ISO 20022 process active, and by 2025 they must be fully compliant. But many in the sector are still grappling with what this will mean and the impact it will have.

ISO 20022 is an open global standard for financial information, creating a common language for payments worldwide. So, the purpose of these changes is to provide greater transparency and security – the use of Extensible Markup Language (XML) and Abstract Syntax Notation (ASN.1) protocols means that ISO 20022 can adapt to various networks, and has greater capacity to work with non-Latin alphabets.

The idea is that financial institutions will be able to use ISO 20022’s capacity to interoperate to their advantage in order to increase efficiency all while reducing cost and risk exposure. With the threat landscape evolving at pace, protocols which strengthen financial institutions’ defences against cybercrime should be welcomed. It is unsurprising that the banking sector is a prime target for cyber criminals, given the value at stake; the average cost of a data breach in the financial sector is around $5.72 million.

Research from Veracode has demonstrated that while financial institution applications typically have fewer flaws than other sectors but, where there are vulnerabilities, these tend to be more serious – with 18 percent ranked as ‘high severity’. Furthermore, the sector is lagging behind when it comes to fix rate, which sits at 22 percent. Addressing and remediating vulnerabilities throughout the software development lifecycle will, therefore, be vital to ensure a secure transition.

We have seen in the past that managing transitions from legacy systems is not easy. The large-scale shift from proprietary platforms toward open banking and APIs has left banks juggling two platforms simultaneously, presenting significant challenges. Logistics and security will need to take centre stage so that CIOs can have a standardised view and minimise risk.

To navigate this complex transition, training and consultancy  is of the utmost importance. Equipping developer teams with the right skills to remediate any flaws that are found will result in better outcomes when it comes to speed and effectiveness of remediation. Ensuring that security is embedded at every step of the transformation journey is vital to avoid any errors in deployment that could lead to significant delays in processing transactions. Successful implementation requires collaboration between the developer community and wider business, while bringing in external experts to consult and advise on the process ensures that the integration of security is seamless.

Interdepartmental collaboration is key, and communication will be required to ensure teams fully grasp the reasons behind and benefits of the transition. ISO 20022 cannot exist in an IT or security silo – it needs to be a company-wide conversation about broader strategy. CISOs must work closely with the wider C-suite to help them understand the benefits of moving from a proprietary black box system to an open API and ensure buy-in across the organisation.

The November deadline is a significant step in a period of sweeping transition for the sector. Despite being deeply rooted in tradition, banking needs to evolve with a rapidly changing world. We can expect to see further changes down the line to specific areas of service, such as PCI DSS for payment cards. Ultimately, this will require departments coming together to find solutions to complex challenges. If financial institutions can get the implementation of ISO 20022 right, it will pave the way to a smoother transition when it comes to other developments and regulatory changes.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate

Advertisement

Newsletters with Secrets & Analysis. Subscribe Now