ISO 20022 and Regulatory Reporting

ISO 20022 and Regulatory Reporting

By Karel Engelen, SWIFT


More than a decade since the 2008 financial crisis and ten years after the start of regulatory reporting, regulators globally are conducting a major overhaul of derivatives reporting rules. Reporting to Trade Repositories – stores of data of derivative transactions – is one of the three central G-20 commitments made at the 2009 Pittsburgh summit[1] together with the mandatory use of central clearing and electronic execution on exchanges or electronic platforms, to increase oversight on OTC derivatives.

The reporting commitment is where arguably progress has been slowest. While vast amounts of data are reported daily, data quality concerns and differences in data reported between jurisdictions have made useful data aggregation on a global level, a pre-requisite to monitor systemic risk, still a far-off goal.

At the same time, the importance of data collection in the regulatory process has been steadily increasing and continues to do so. Reporting of financial transactions, trade data and valuations these days encompasses a much broader product set than just derivatives, which were the focus after the financial crisis.  Digitisation is rapidly transforming the way financial markets operate and the regulatory process is evolving with it, putting data at the centre of that process today. As Verena Ross, ESMA’ s chair, indicated[2] “In a world that runs on data, good quality data is also the essential ingredient to effective risk management” and “In this context, it is vital that we continue to streamline data reporting and enhance our data capabilities, to ensure the timely detection and mitigation of these risks, based on robust and accessible high-quality data. ESMA is therefore putting every effort into enhancing data-driven risk analysis, policy making and supervision in the EU.”

The data itself becomes better and more valuable if it is part of the day-to-day operations of firms. If reporting firms use the data as part of their regular processing and operations, the quality of the data will increase. ESMA has indicated[3] that reporting data back to the firms that they can use in running their operations will be an area of focus in the coming year.

Regulatory reporting is here to stay, but the way in which data is reported is changing.

Two changes in the upcoming new reporting requirements, that all regulators are looking to adhere to stand out:

  • The first is the use of a common set of data fields and identifiers regulators globally have agreed on: the Critical Data Elements (CDE), the Unique Product Identifier (UPI) and the Unique Trade Identifier (UTI).
  • The second global change is the use of ISO 20022 throughout the whole reporting cycle: from reporting parties to Trade Repositories and from Trade Repositories to the respective authorities.

Mandating ISO 20022 as a common messaging standard eliminates the need for translations of the data and is a big step towards standardizing the reporting process irrespective of the jurisdiction or the trade repository used.

What is ISO 20022

ISO 20022[4] is a financial industry standard developed by ISO, the International Organization for Standardization. One of the artifacts, and the most visible one, are a set of ISO 20022 XML schemas that are used for messaging applications such as payments or derivatives reporting. ISO 20022, however, is broader than the XML schemas. It contains a modelling methodology to capture in a syntax-independent way financial business areas, business transactions and associated message flows. In addition, it contains a central dictionary and a set of design rules to convert the message models into the desired syntax, mostly XML but other syntaxes are supported as well.[5]


The combination of the modelling approach, the central dictionary, and the rules to generate the schemas, together with the strong and global governance framework provided by ISO, set the standard apart from other industry standards, typically supported by a specific constituency. The ISO governance process is one of the reasons why regulators globally have chosen ISO 20022 to harmonize trade reporting.

ISO 20022 governance process

ISO develops standards in a lot of areas from the shipping industry to quality control processes and the financial industry. Many standards are ISO standards without even noticing. For example, in the financial industry, BIC and LEI are both ISO standards. The expertise from other areas allows ISO to provide a robust framework for the development of a standard from dealing with and specifying IP rights and open access to the structure of the specific groups that govern the development of the standard[6].

For the actual development, the following groups are critical:

Registration Management Group (RMG): The body that is overall responsible for the registration process of new and change requirements.

Standard Evaluation Groups (SEGs): These groups represent the current or future users of the messages. They provide their expertise to review and approve the modelling of new or changed requirements. The SEGs are organized by business area.  

Registration Authority (RA): The RA is the guardian of the 20022 Repository and provides input and guidelines for the modelling and message conversion rules. Currently, SWIFT acts as the RA for ISO 20022 under contract with ISO.


As mentioned in the governance description, the ISO process is open for market participants to provide feedback, in effect the new set of regulatory reporting messages needs to receive the stamp of approval from the Securities Evaluation Group[7] which has representatives from market participants, reporting infrastructure providers and the regulators. The review process of the updated messages has started in June 2022. To provide the industry ample time to implement and test the new messages for regulatory reporting, the goal is to finalize the review process of the updated set of messages before the end of 2022. This way the industry has all of 2023 to implement the new messages and be ready for a go-live between December 2023 and April 1, 2024, based on current regulatory deadlines.

Much has changed since the 2008 financial crisis and the start of derivatives regulatory reporting in 2011.  Authorities globally have put a lot of effort into standardizing data requirements across jurisdictions. These efforts carry the promise of achieving better data quality on a jurisdictional level and facilitate aggregation globally, providing regulators better tools and data to monitor systemic risk.  ISO 20022 Is a key part of the revised reporting framework. If implemented successfully, it should be strongly considered as a solution in other regulatory standardization efforts.

Click here to download a pdf of this article. 


[4] For more information see the website at

[5] For the ISO20022 novice, a handy introduction is the ISO 20022 for dummies booklet, which can be downloaded from

[6] For a more detailed description of the governance process, see

[7] To get involved, contact