Actuare
Financial services is moving towards standardisation for cost efficiency and control, but Actuare’s Charles Kilkenny isn’t sure it’s the right way to go given the nuances that exist
How important is it to have a single global messaging standard?
It is commendable to want to have a single standard for everything and, indeed, we do need to do more to standardise. However, having one single global standard for all things in financial services is nonsense, really. There’s no logic in mixing everything together. Imagine throwing lots of different tiny items into a bucket, only to have to separate them out again. It probably makes more sense for each business to try to progress with what they have and to align to common technical standards. In funds distribution, for example, there is a need for more participants to standardise. However, it does not make sense for them to have to adopt the latest over-the-counter (OTC) derivatives vocabulary or even to understand such definitions.
On top of this, there are the economies of scale to consider. Anything that is more efficient for the market as a whole is likely to reduce costs for the end customer. But, on the other hand, if there is a lot of pain involved in getting to that standard, or if that standard is not appropriate—if it actually prevents market participants from getting things done—then it’s going to be more costly for everyone in the long run.
There’s a balance to be struck. A standard is something that is adopted and used by the majority of market participants. If it hasn’t been adopted then it’s just a proposed standard, it’s not a standard yet. A critical mass is required for it to have any value.
Are certain standards being adopted?
Most certainly, there are a number of standards that have meaning and purpose. The ISO 20022 messaging standard supported by SWIFT is very much a focus for securities settlement and payments, and it has been adopted by many SWIFT members, including Actuare. However, in the UK, EMX remains the dominant standard for funds; FIX for trading generally; and FpML for OTC derivatives. ViaNova (a variant of 20022) is also used by many pension administrators.
I would ask, though, if achieving a single standard with 20022 is actually the best thing for the industry. I know a lot of people think it is, and it has certainly done a lot to bring everything in line, but in some cases businesses are moving a lot faster than 20022. Even within 20022, there are so many different flavours of it, that it is almost not a standard within itself.
At the end of the day, it is important to achieve the simplest solution for the market. For example, even comma-separated value (CSV) files may actually be more useful and relevant than a complex messaging structure such as 20022, which can take years to become fully crafted and properly standardised.
There is a risk that by the time standards such as 20022 are implemented they are already out-dated. Depending on the area of business, regulation and competition can change things rapidly and the industry needs an effective way of being able to craft and update standards just as fast. Feeding these changes back into a broader common standard takes time and it almost has to be done in the background.
ISO 20022 isn’t a bad way to go necessarily, but I doubt it will solve everyone’s problems, or be the right solution for everyone.
Why is this drive for standardised messaging happening now?
I suspect the industry now realises that there are real benefits to standardisation and it is necessary for progress. Cleaning up things like corporate actions and OTC derivatives has become important, especially in terms of reporting and trying to automate them for various back-office systems. When these things are manual, or not properly reported, it leads to unnecessary risk. Automation can make them both timely and cost-efficient.
Of course, it won’t be possible to automate everything, and our industry can be complex, so the more visibility and standardisation we can achieve, the better.
What about security? How can you make sure messaging data stays safe?
Information security is a big topic and not necessarily specific to electronic messaging. Most organisations now understand that they need to do much more up-front to become more secure. Yes, it’s about authentication, confidentiality, integrity, availability and non-repudiation, but it’s also much more than that. Organisations can’t just react to security breaches. They have to start with their company policy and implement proper risk assessment to ensure that they have the necessary controls and internal processes in place to prevent security breaches.
It has become more hazardous because we’re a lot more connected now. You’re only ever as strong as your weakest link and, as ever, the devil is in the detail. For example, a lot of security breaches occur because a software or network component has been overlooked or because an employee has accidentally misplaced something that contains confidential data. Whether it’s a large amount of data or just one or two records, these accidents can be very serious and represent a lack of effective controls within an organisation.
We really are more connected now and more information is available electronically. When organisations use software-as-a-service, they are essentially outsourcing their security. Outsourcing has become more prevalent and complex, so it’s increasingly important to understand the data you have and where it is, and the security in place with suppliers. The risk increases with every supplier. If firms don’t conduct due diligence to ensure that their suppliers’ controls are as robust as theirs, then they’re going to be exposed. And it’s not just the firm’s data at risk, it’s the firm’s clients’ data, and it’s clients’ clients’ data, and so on.
Firms need to have good housekeeping in place, and that includes investigating suppliers properly, and then managing those relationships properly.
How much control do financial institutions have over their own messages, once they’re sent?
Banks should know where their messages are, depending upon sensitivity, and have control over them. However, having said that, in trade finance in particular, some participants will pass messages on, and there is always a risk of fraud. It is possible in some cases for people to intercept messages and to mess around with them to create fake messages, and it has become more challenging to know what is genuine. In other cases, genuine messages are being distributed where they’re not supposed to be—including messages that are supposed to be confidential.
Once something is in electronic form outside of an organisation, it can be passed around more easily, so you will have less control, especially where there is a chain of intermediaries involved.
You can dictate the extent to which suppliers and partners safeguard messages, and you would conduct due diligence. You can also ensure contractual obligations with other parties. Additionally, we have certain standards and minimum expectations across our industry for parties such as correspondents, trade counterparties and settlement parties.
I thus feel confident financial institutions are in control over their messages when it matters.
