ISO 20022 in 2026: The Five Key Risks for Banks

Firms that manage these risks effectively will gain a clear competitive advantage.

Executive Overview

The migration from SWIFT MT messages to ISO 20022 represents one of the most significant changes to global payments in decades. While many institutions have focused on meeting technical deadlines, experience across the industry shows that the real challenge is not simply message conversion, it is managing the operational, data, and risk implications of richer, structured information.

As the market moves beyond initial compliance, especially the key November 2025 date, five critical risk areas are emerging. Banks that address these proactively will reduce operational disruption, improve data quality, and position themselves to realise the long-term benefits of ISO 20022.

1. Translation Risk: Data Loss Between MT and MX

During the transition period (March 2023 – November 2025), many institutions were relying on translation layers to convert legacy MT messages into ISO 20022 MX format (and vice versa). While this approach supports short-term compliance, it introduces a significant risk: data truncation and loss of structure.

MT messages were designed around fixed field lengths and unstructured text. ISO 20022, by contrast, supports detailed structured elements such as full names, addresses, purpose codes, and extended remittance information. When translating between formats, this additional information is often truncated or flattened into free text.

The consequences include:

• Incomplete or inconsistent payment data
• Reconciliation challenges for corporate clients
• Reduced effectiveness of sanctions and AML screening
• Increased operational investigations and repair activity

Over time, institutions that continue to rely heavily on translation rather than native ISO 20022 processing risk embedding poor data quality across their payments ecosystem.

2. Incomplete Data Model Changes Across Legacy Systems

WISO 20022 significantly expands the volume and structure of payment data. However, many core banking platforms, payment engines, and downstream systems were designed around the limitations of MT formats.

Common issues include:

• Field length constraints:  that truncate customer names or addresses. So whilst the message can contain full details, these are truncated when entered into core banking platforms and other systems
• Lack of support for structured address components: ISO 20022 introduces fully structured address fields, separating customer information into defined elements such as street name, building number, town, country, and postal code. Many legacy systems, however, were designed to store address information in a limited number of free-text lines. This creates significant challenges when receiving ISO 20022 messages, as structured data must either be truncated, reformatted, or flattened into unstructured fields. The result is a loss of data quality and consistency, which can directly impact sanctions screening, AML monitoring, and payment repair processes. In addition, poor address structuring increases false positives in financial crime controls and reduces the ability to automate processing, ultimately driving higher operational costs and customer friction.
• Inability to store purpose codes or regulatory reporting fields: SO 20022 supports a range of additional data elements designed to improve payment transparency, including purpose codes, category purpose indicators, and regulatory reporting information. These fields are increasingly important for compliance, cross-border reporting, and enhanced transaction monitoring. Many legacy payment engines, core banking platforms, and downstream systems were not designed to capture or retain this level of detail. As a result, critical information may be discarded, stored outside core transaction records, or handled through manual workarounds. This limits the effectiveness of regulatory reporting, reduces the value of enhanced data for analytics and risk monitoring, and creates operational inefficiencies when information must be retrieved or reconstructed after processing.
• Inconsistent data handling across channels, products, and reporting systems: In many institutions, different payment channels (online banking, host-to-host, branch, APIs), product types, and downstream systems apply different data standards and validation rules. With the introduction of ISO 20022, these inconsistencies become more visible and more problematic. Structured data received through one channel may be truncated, reformatted, or mapped differently in another, leading to discrepancies between customer instructions, transaction processing, and financial reporting. This fragmentation increases reconciliation effort, complicates exception management, and creates challenges for enterprise-wide monitoring of payments, liquidity, and financial crime risk. Without a consistent, end-to-end data model and governance framework, banks risk undermining the core benefits of ISO 20022 and increasing operational complexity.

These limitations create operational workarounds, manual interventions, and data inconsistencies across the transaction lifecycle. They also reduce the value of ISO 20022 by preventing banks from fully leveraging richer information.

Institutions that treat ISO 20022 as a front-end message change, rather than an end-to-end data model transformation, risk ongoing inefficiency and increased operational complexity.

3. Compliance Rule Misalignment

One of the key benefits of ISO 20022 is improved transparency for financial crime and regulatory monitoring. Structured fields for names, addresses, and payment purpose can significantly enhance the effectiveness of sanctions screening, AML controls, and fraud detection.

However, many compliance engines and rule sets were designed for the free-text nature of MT messages. Without redesign, banks face two major risks:

• False negatives, where structured data is not fully analysed or mapped into screening logic
• False positives, where formatting differences or duplicated information trigger unnecessary alerts

In addition, inconsistent use of structured fields by counterparties during the early stages of adoption can create further complexity. To realise the compliance benefits of ISO 20022, institutions must review data mapping, screening logic, and operational processes — not simply connect new message formats to existing controls

4. Operational Readiness and Exception Management

Even where systems are technically compliant, many organisations are experiencing increased operational pressure during the migration period.

Typical challenges include:

• Higher exception volumes due to data format differences
• New investigation scenarios for operations teams
• Inconsistent data received from counterparties at different stages of migration
• Increased customer queries relating to rejected or delayed payments

Operations teams must adapt to richer data, new validation rules, and evolving market practices. Without appropriate training, updated procedures, and enhanced monitoring, the transition can lead to reduced straight-through processing and higher operational cost.

The key risk for many institutions in 2026 is being technically compliant but operationally unprepared.

5. Programme Underestimation and Governance Gaps

A common industry theme has been the underestimation of ISO 20022 as a simple payments technology upgrade. In reality, the change affects multiple functions, including:

• Payments and transaction banking
• Operations
• Compliance and financial crime
• Finance and reconciliation
• Customer channels and reporting
• Enterprise data management

Where programmes are led purely by IT or focused narrowly on SWIFT connectivity, organisations often encounter late-stage issues around data ownership, business process change, and customer impact.

Successful institutions are treating ISO 20022 as an enterprise transformation programme, with:

• Clear executive sponsorship
• Cross-functional governance
• Defined data ownership and standards

Active engagement from business and operational teams

Moving Beyond Compliance

The immediate priority for most banks has been meeting market deadlines and ensuring continuity of payment processing. However, the strategic value of ISO 20022 lies beyond compliance.

Institutions that address the risks outlined above will be better positioned to achieve:

• Higher straight-through processing rates
• Reduced manual repair and operational cost
• More effective financial crime controls
• Improved corporate client experience and reconciliation
• Enhanced analytics, liquidity visibility, and reporting

ISO 20022 is ultimately a data transformation opportunity. Banks that invest in end-to-end data quality, operational readiness, and enterprise governance will not only reduce risk during transition — they will also build the foundation for the next generation of real-time, cross-border, and data-driven payment services.

About Brickendon

Brickendon is a specialist consulting firm supporting financial institutions across risk, regulation, data, and transformation. We work with banks, investment firms, and regulators to strengthen governance, enhance control frameworks, and deliver complex regulatory change.

Our team brings deep, hands-on experience across valuation control, prudent valuation, market data governance, model risk, and supervisory inspections. We combine regulatory insight with technical delivery capability, enabling clients not only to meet supervisory expectations, but to build valuation frameworks that are robust, transparent, and sustainable.

Brickendon is trusted by leading institutions to support high-stakes regulatory engagements, including implementation, remediation programmes, and target operating model design.

Speak to Our ISO 20022 & Banking Payment Specialists

Brickendon brings deep expertise across the full lifecycle of regulatory and industry change, having supported global financial institutions through every major market infrastructure and regulatory transformation since 2010. Our specialists combine payments domain knowledge with enterprise data, operational, and risk expertise to help firms move beyond technical compliance to true operational readiness. From impact assessment and data model design to testing, operational readiness, and post-migration optimisation, we work alongside your teams to reduce risk, improve data quality, and ensure ISO 20022 delivers lasting strategic value — not just regulatory compliance.

If your institution is facing challenges with ISO 20022, Brickendon can help.

Contact us to discuss how our Banking Change specialists can support your organisation either via this email: [email protected]

Alternatively you can complete this contact form and we will be in touch: https://www.brickendon.com/contact-us/