ISO 20022, tried and tested?

In 2004, financial services players were incredibly excited about ISO 20022, and it was considered the global payment standard of the future. 19 years later, we’re still waiting for ISO 20022 to take the industry by storm. However, we are on the precipice of a new era. Nearly every payment rail that comes out of any interaction across payments uses ISO 20022. This, in theory, sounds great, but due to the rate of change increasing across the sector, a lot of the alterations that have been made are effectively just putting wrappers around the existing payment rails, rather than financial institutions undergoing the fundamental change that was envisaged in 2004 and what is required today.

Finextra spoke to Paul Thomalla, payments industry visionary and Walter Schmölzer, CEO of Unifits, about the unprecedented amount of change that financial institutions have had to contend with across the global payments industry. Whether it’s the immediate payments mandate in Europe or the introduction of FedNow in the United States, according to Thomalla, with every update and every change, the same number of people within the bank are working on these developments. Further, increased change drives increased workload, which can become problematic when there are very few that have the business or technical knowledge that understand and can enact change.

“In fact, a lot of the time, we see technical work being undertaken when it’s a business understanding of what these changes mean that is required, combined with a technology piece. The key people inside the bank – whether they are the programme managers or the product managers – are struggling to try and make changes happen in the way that they want. The problem is the rate of change, how much work can be done, and the fact that every country is adopting ISO 20022, is making the same changes, and testing in the same way themselves. This, to a degree, makes no sense, but that’s the way it works in the industry now,” Thomalla explained.

What are the challenges with payments testing?

When testing the functionality and security of a payment system or application, the payment gateway, payment processors, and payment methods must be checked to see if they are working efficiently. Thomalla stated that there are three levels of issue here:

1. Testing the payment rail: Organisations must comply with the requirements set by regulators or government bodies that decide to enact change. What this means is that at any given time, banks may have to keep pace with developments across Fed Now, TIPS, and NPA, for example. For this to happen, the payment rail, all specifications and the relevant messaging will need to be tested and this fundamental step can typically take three to six months because it is mostly completed manually.
2. Testing the partner bank: It is evident that no payment is sent in isolation. Payments need to be sent to a recipient through a process or an operator and received at the other end by a bank, and the end-to-end transaction needs to work. The same employees that tested the payment rail need to execute the same level of testing as the operator. These three groups need to coordinate to ensure the end-to-end testing proves that the transaction will happen as per specifications, which can be a cumbersome process.
3. Testing the onboarding process: Corporate companies will need to ensure that their existing system works in collaboration with the bank before they are onboarded. However, manually onboarding over 100 clients is a laborious process, and several business leaders within the bank are needed at separate stages and repeatedly. In addition to this, payments rails require maintenance and updates every year, so testing becomes a never-ending manual process.

What happens when testing updates cannot keep pace with shifts across the industry?

What happens when teams within banks cannot keep pace with the rate of change? At what point are annual changes in the status quo? In Thomalla’s view, this has resulted in “banks having to make decisions upon what they can and what they can’t do from a basic product availability level. At the same time, different groups in the bank – effectively the sales channel, if you will – are going out to their customers and corporates to tell them how they can benefit from new tools.

Product teams may also have to slow down, so what you have is tension between the customer and the bank. The crux of the issue here is that banks do not make money from testing the payment rail or their partner, they only make money when the client is onboarded.” He went on to mention that “effectively, you need to have the product ready and able to go to market before you can make any money out of it.” What financial institutions have done to remedy this issue is to hire more technologists, but there are smarter ways of fixing this and meeting the deadlines set by standards like ISO 20022, Fed Now, TIPS, NPA and more.

Schmölzer argued that the challenge that remains is that there is a “limited amount of resource for almost every bank across the globe to implement three or four payment initiatives and migration projects at the same time. This causes incredible demand for resources of the same knowledge. In my experience, the industry has never had so many initiatives at the same time, take place all over the globe and need the same knowledge.”

He agreed with Thomalla and added that staffing projects with more people, whether they are business oriented or technical, does not resolve the issues with testing. There is a lack of knowledge when it comes to ISO 20022 and other new standards, and that is where companies like Unifits come in. Solutions that are primed with a huge amount of relevant audit information already incorporated are incredibly beneficial to all organisations.

Schmölzer said that test automation is primarily considered “a technical framework, where you can set up a project and implement it in the domain with a team and it usually lasts months or even years. Creating scripts for testing is no longer necessary with our solution, as we have experts on board who know the banks' business. Therefore, we can read, interpret and understand all these guidelines and provide this knowledge to the bank as an integrated part of our solution.”

Unifits shared some customer comments from a few banks that showcase how test automation can simplify projects like ISO 20022 migration.

NatWest: “This has been a game-changer in increasing the accuracy and quality of testing. Not only is E2E MX testing, now much simpler and more efficient, it has also significantly helped us reduce the risk of human error. The adoption and success of the implementation of the Unifits tool within the bank is due not only to the exceptional solution itself, but also to the excellent support and training we received from Unfitis’ SMEs.”

A large Swiss bank: “Besides the fact that Unifits’ solution increased our own efficiency for client onboarding by factors, it added enormous value to our client by giving them a 24/7 ‘self-service’ that saved also their efforts and improved the overall quality at the very same time.”

Helaba Landesbank Hessen-Thüringen: “Our high expectations and demanding goals were exceeded and surpassed. The decisive factor was the Unifits Test Engine’s ability to perform automated and autonomous end-to-end tests independently of market participants. Thanks to Unifits’ exemplary support, we were able to react flexibly to changes at any time. The use of the Unifits Test Engine was thus an essential factor for the success of our project.”

What will payments testing look like in 2030?

As a concluding comment, Schmölzer said that “all of the banks are doing exactly the same stuff in terms of testing. The guidelines for our models are slightly different, but at the end, it is all the same language: ISO 20022, and this can be understood by one application. What we tried to break out of all these projects is the repeated effort of testing that is being done manually most of the time, to repeat it six months later or every year. If you need three or four people to test something that was put in place within the last 20 years, this may not be a problem. But if you have three projects in parallel that demand testing for each project to involve over 30 people, it is no longer fun.”

He also mentioned that another problem that he has seen is that banks may try to implement something new with great complexity, and to do this, will need to hire external experts and allocate budget. Once this part of the process is completed, banks are back to square one because all the experts are no longer available and testing still needs to be completed. However, with automated testing, when changes are made and shifts in the industry occur, it just takes pressing a button to ensure everything is tested again.

Thomalla added that “once the initial phases have been completed, this is not the end of the clearing lifecycle. For instance, they are updated every six to 18 months which means that the processes need to redone on an ongoing basis – a little like painting the forth bridge. As Walter said, the Unifits’ tools massively reduce this update test completely by automating the testing, making the clearing evergreen not only now, but future testing is also massively reduced.”