The migration to the new ISO 20022 payment standard is well under way, with the coexistence period for SWIFT messaging starting this month.
While the move to ISO 20022 promises many benefits—including richer, more structured data, less manual interventions, and enhanced harmonisation between cross border and domestic payments—many are experiencing challenges with the migration. As well as the changes banks have had to make at a core system level to adapt to the change, it has also presented challenges when it comes to financial crime compliance reporting, as regulators including AUSTRAC require reporting on the full data set if it is available.
The impact of ISO 20022 on AUSTRAC reporting
In order to align with SWIFT’s new message format, AUSTRAC undertook a major ISO 20022 transformation, which is forming part of its current REST project aimed at allowing reporting entities to easily comply, report and interact with AUSTRAC. The outcome is that the regulator will be able to accept reports in both the new MX and old MT messaging formats.
The increased data capture provided in MX messaging will give the regulator and law enforcement agencies an abundance of information on potentially suspicious transactions. However, getting this data to AUSTRAC requires banks and other regulated entities to change how they report.
After a recently conducted temperature check, to understand more about the challenges regulated entities were facing in meeting their AUSTRAC obligations, three core themes were highlighted repeatedly:
Legacy technology and reporting solutions: Current solutions for IFTI reporting to AUSTRAC must be updated if they are to facilitate ISO 20022 reporting to the regulator. Automating IFTI reporting is a key goal for many organisations but if current solutions can not scale to meet the increased data demands of ISO 20022, it will force regulated entities into using manual workarounds until they are, which increases the risk of exploitation or non-compliance.
Data truncation: ISO 20022 messages contain significantly more data than other payment formats. When reporting entities are translating between MX and MT messages, and back, data is being lost as the MX elements have no corresponding fields in MT messages. Despite this, AUSTRAC requires you to report on the full data set if it was available, so how you re-map data to enable it to be reported is a challenge.
In-house inefficiencies: many banks use custom-built spreadsheets and in-house reporting solutions to manage their AUSTRAC obligations. These solutions are often difficult to change and hard to scale and may be reliant on prioritisation of resources to make the changes happen. If there are delays updating existing solutions, that can also push compliance and operations teams into manual work-arounds, reducing visibility, oversight and ultimately putting compliance at risk.
An improved approach to AUSTRAC reporting
As technology and payment regulations develop over time, so too do the criminals looking to exploit the weaknesses and vulnerabilities. As Brad Brown, National Manager Regulatory Operations at AUSTRAC, said in a recent interview: “this is why it is so important that businesses take their AML obligations seriously in relation to understanding the risks within their business operations. AUSTRAC continues to provide financial intelligence and expertise to law enforcement and industry to assist in the understanding and efforts to disrupt these risks. Our ongoing positive engagement with domestic and international partners is critical to our success in protecting the community from harm.”
Any activities focused on the migration to ISO 20022 should be considered as part of a strategic development to holistically improve internal payment systems, eradicate legacy technology, and build robust, automated compliance processes.
Many banks are looking toward third-party technology providers, rather than their own in-house builds, to support their regulatory reporting requirements and Identitii is working with several global and local banks in Australia to ensure compliance with our automated, ISO-ready AUSTRAC reporting platform.
Identitii’s platform automates IFTI and TTR reporting to AUSTRAC, allowing banks to start reporting ISO 20022 messages immediately. The platform provides assurance that reporting has been done right, helps reduce manual processing, and offers a complete oversight of what has been reported and why.
Learn more about how Identitii can help you improve your AUSTRAC reporting here.