Payments infrastructure transformation carries a risk profile that differs from other technology programmes. Payment systems operate under scheme compliance deadlines, regulatory reporting obligations and availability requirements that constrain the design choices available to programme teams. A migration that takes a core banking system offline for a weekend to complete a cutover is not available to a real-time payments processor. MENA Advisory provides advisory support for banks and payment institutions undertaking infrastructure transformation — from initial architecture assessment through to vendor selection, programme governance and go-live readiness.

Why Payments Transformation Is Different

The interdependencies within a payments stack are deeper than most transformation programmes account for at the outset. A change to the message processing layer affects scheme connectivity, settlement reconciliation, fraud detection integration, and regulatory reporting simultaneously. Big-bang cutovers — replacing multiple components in a single release — are the single most common cause of transformation programme failure. Phased migration designs that maintain dual running for a defined period are more complex to govern but substantially reduce the risk of settlement failures and regulatory breaches during transition.

Underestimating data migration complexity is the second most common failure mode. Payments data carries specific format, integrity and retention requirements under PCI-DSS and applicable regulatory frameworks. Data mapping between legacy and target schemas in payments systems typically takes two to three times longer than initial estimates, and errors discovered late in a programme are disproportionately expensive to resolve.

Legacy Migration Planning

We conduct a structured assessment of the current infrastructure: message formats in use, integration points with scheme networks and correspondent banks, settlement and reconciliation processes, and the PCI-DSS scope boundary. From this we develop a migration architecture that sequences the transition in phases, identifies the components that must move together, and defines the dual-running period and cutover criteria for each phase. The output is a migration roadmap that a programme delivery team can execute against, with dependencies and decision points clearly identified.

API Strategy & Open Banking Readiness

Regulatory open banking mandates in the GCC — including QCB's open banking framework and SAMA's open banking programme — require payment institutions to expose account and payment initiation APIs to third-party providers within defined timescales. Beyond regulatory compliance, API strategy has become a product capability question: institutions that build well-designed, stable APIs can distribute their payment services through third-party platforms and reduce customer acquisition costs materially. We assess current API maturity, define the target API architecture, and produce a delivery roadmap aligned to regulatory deadlines and commercial priorities.

ISO 20022 & Scheme Compliance

ISO 20022 adoption across SWIFT cross-border payments and domestic real-time gross settlement systems is progressing on a defined timeline. The SWIFT coexistence period for cross-border payments runs through November 2025, after which ISO 20022 MX messages are the required format for cross-border transactions processed over SWIFT. Domestic scheme ISO 20022 mandates vary by market. We assess the current message processing capability, identify the gaps relative to the target format requirements, and develop a compliance programme that meets scheme deadlines without disrupting ongoing operations.

Cloud & Infrastructure Readiness

Cloud migration for payment processing introduces specific considerations around data residency, PCI-DSS shared responsibility models, latency requirements for real-time processing, and regulatory notification obligations. Several GCC regulators require prior approval or notification before payment data is processed outside the jurisdiction. We assess cloud readiness against these constraints, evaluate hyperscaler and regional cloud provider options, and develop a migration approach that satisfies both operational and regulatory requirements.

Vendor Selection & Programme Management

We run structured vendor selection processes for payment platform replacements, gateway procurement, fraud tooling and AML system upgrades. This includes requirements specification, RFP design, evaluation scoring frameworks and reference checks with implementations comparable to the client's environment. Vendor references provided by the vendor are not a reliable guide to delivery quality; we conduct independent reference calls with institutions that have completed implementations of similar scale.

For programmes already in flight, we provide independent programme assurance: reviewing delivery status, identifying risks that the internal team may be incentivised to understate, and providing board-level reporting on programme health.

What Clients Receive

Depending on the engagement scope, deliverables include a current-state infrastructure assessment, a phased migration roadmap with dependency mapping, a vendor shortlist with comparative scoring matrix, a programme governance framework, and go-live readiness criteria. Engagements range from three months for a focused assessment to nine months or more for full programme advisory support.