Field note

Why your payment modernization is backwards

Most banks modernize core-first and treat compliance as the finish line. With Fedwire going ISO 20022-native in July 2025, that order is exactly backwards - compliance is the foundation, not the finish.

Jun 10, 2025 · Navin Agrawal · Architecture · 3 min read

Why your payment modernization is backwards

Visual brief

Visual brief

Why your payment modernization is backwards

As of June 2025

Start with compliance as your foundation, not your finish line. With Fedwire going ISO 20022-native this summer, a core-first modernization is building the house from the roof down.

I keep seeing banks run modernization programs in the same backwards order: core system first, payment rails second, compliance last. It looks orderly. It breaks the first time a regulation moves faster than the core can adapt.

There is a clock on this. Fedwire flips to ISO 20022 on July 14, 2025, and FedNow follows right after. The messaging layer of the US high-value and instant rails is going structured and native, and every bank touching those rails inherits that change regardless of where its core modernization happens to be.

That is exactly why the usual sequence is wrong. If compliance is the last thing you bolt on, then every new requirement - a fresh AML rule, a sanctions change, a reporting mandate - lands on an architecture that was never designed to absorb it. I have watched beautiful technical architectures crumble when new AML requirements dropped. The ones that survived had a flexible compliance layer underneath, not a fast core on top.

The banks with the most adaptable compliance fabric will dominate the next decade - not the ones with the fastest cores.

The regulation-first blueprint

Invert the stack. Put the parts that change most often, and cost the most when they break, at the bottom.

The inverted stack (June 2025)

The backwards order versus the regulation-first order, and the July 2025 Fedwire ISO 20022 trigger that makes the sequencing urgent.

As of June 2025: payment modernization built backwards (core system first, payment rails second, compliance last - which breaks when rules change) versus regulation-first (compliance engine as the foundation, ISO 20022-native payment orchestration across all rails, core systems plugging in, readable audit trails). Trigger: Fedwire moves to ISO 20022 on July 14, 2025, FedNow follows.
Same components, opposite order: the layer that changes most often and hurts most when it breaks goes at the foundation.

The inverted stack (June 2025)

The inverted stack (June 2025)

As of June 2025: payment modernization built backwards (core system first, payment rails second, compliance last - which breaks when rules change) versus regulation-first (compliance engine as the foundation, ISO 20022-native payment orchestration across all rails, core systems plugging in, readable audit trails). Trigger: Fedwire moves to ISO 20022 on July 14, 2025, FedNow follows.

Why the order is the whole argument

The blueprint that actually holds up has four moves. A compliance engine that adapts to new rules without touching settlement logic. A payment orchestration layer that speaks ISO 20022 natively across all rails, so a rail going native is a configuration event, not a re-platform. Core systems that plug into that architecture instead of driving it. And audit trails your regulators can actually read, designed in from the start rather than reconstructed under pressure.

None of those four components is exotic. The argument is entirely about sequence. Core-first means the compliance and orchestration layers have to bend around decisions the core already locked in. Compliance-first means the core is a replaceable participant in an architecture that already knows how to absorb a rule change or a rail migration.

The trigger

Fedwire goes ISO native

Fedwire moves to ISO 20022 on July 14, 2025, with FedNow following. The rails are going native whether or not the rest of the stack is ready.

The common order

Core first

Most programs sequence core system first, payment rails second, compliance as an afterthought - and that order breaks when rules move faster than the core can adapt.

The call

Compliance is the floor

Start with an adaptable compliance fabric as the foundation. The banks with the most flexible compliance layer outlast the ones with the fastest core.

The controversial part is not the components. It is that the fastest core is the wrong thing to optimize for. The decade belongs to whoever can absorb the next regulation without a re-platform.

Was this useful?

Choose once.

Related Posts

View All Posts »
The broker pattern is older than the agentic-commerce headline

The broker pattern is older than the agentic-commerce headline

Stripe Shared Payment Tokens are the agentic-commerce headline, but anyone who ran a card tokenization rollout in 2014 recognizes the shape in five seconds. A scoped surrogate credential with a thin stable interface in front and brokered complexity behind is not new. Visa Token Service shipped it twelve years ago, and the architects who see the pattern early build the right systems instead of rebuilding every eighteen months.

ISO 20022's real deadline is a data migration, not a message change

ISO 20022's real deadline is a data migration, not a message change

The translator is ready, the mapping is tested, the structured fields are wired - and the project is still not on track, because the customer records are missing structured address data across KYC, core banking, and correspondent files. In November 2026, SWIFT, SEPA, and CHAPS start rejecting unstructured addresses, and most banks are framing the wrong problem.

Consumer auth patterns fail the bank exam

Consumer auth patterns fail the bank exam

Authentication that works for web scraping becomes a compliance problem the moment an AI agent moves real money. Enterprise payment systems need certificate identity, scoped service accounts, and short-lived tokens - the things a banking examiner expects to see.