The 1-second ISIN, and why it took 35 years

ISIN: n. International Securities Identification Number. A unique 12-character alphanumeric code used to identify securities and financial instruments globally.

One of the features clients ask us about most often at Origin is something that, on the surface, sounds dull: instant ISIN generation. Click a button on a finalised termsheet, wait a few seconds, and the security has a code. It's not flashy. But it solves a problem that has left the bond market with hours of unbooked risk for thirty-five years.

To understand why a one-second ISIN matters, it helps to understand how the rest of the chain works, and why, after decades of incremental improvement, the last mile is still slow.

A short history of securities identification

The story starts not with the ISIN but with the CUSIP. By the mid-1960s, Wall Street's post-war trading boom had created what the industry called the "paperwork crunch": every trade still settled through the physical exchange of stock certificates, and backlogs were measured in weeks. In response, the American Bankers Association convened the Committee on Uniform Security Identification Procedures, and in December 1968 the first CUSIP directory was published. Every US and Canadian security would now have a unique nine-character code.

CUSIP solved a North American problem. In the late 1970s, with cross-border trading growing, experts from Switzerland, Germany, the US, and the UK convened in Moscow to thrash out a global equivalent. The first version of the ISIN standard was published on 1 November 1981. It sat largely unused for most of the decade, and reached wide adoption only after the G30 recommended it in 1989 and the ISO formalised it as 6166 the year after. The Association of National Numbering Agencies (ANNA) was founded in January 1992 to govern it. Three decades of patient expansion followed, taking the standard from equities and debt through exchange-traded derivatives, structured products, OTC derivatives, and now digital assets. ANNA today has 118 member agencies across more than 200 jurisdictions.

The supporting cast: CFI, FISN, LEI

The ISIN identifies the security, but it's now part of a family. The Classification of Financial Instruments (CFI) code, established in 1997, classifies the instrument's type: equity vs debt vs derivative, fixed vs floating, callable vs not. The Financial Instrument Short Name (FISN), from 2015, gives the instrument a human-readable abbreviated name. And the Legal Entity Identifier (LEI), created after the 2008 crisis, when regulators realised they couldn't reliably answer "who actually owns what?" identifies the legal entity behind the security. LEIs are now tied to ISINs via the ANNA/GLEIF mapping initiative launched in 2019.

Most market participants have only the vaguest idea any of this exists. But every one of these codes is a small, hard-won piece of coordination, and the network effect of having them universally adopted is what makes the modern bond market function.

One ISIN, many agencies

The ISIN is a global standard, but the actual work of assigning codes is delegated locally. Each jurisdiction has its own National Numbering Agency (NNA), responsible for issuing ISINs with that country's two-letter prefix: CUSIP Global Services for US securities (US...), the Japan Securities Depository Center for Japanese securities (JP...), HKEX for Hong Kong (HK...), WM Datenservice for Germany (DE...), and so on across ANNA's 118 member agencies. The model is federated by design. Each agency knows its own market better than any central body could, while ISO 6166 keeps everything interoperable, and many NNAs have automated the request process for their domestic markets.

The exception, and it is a large one, is the Eurobond market.

Eurobonds are issued outside the domestic market of the currency they're denominated in (a dollar bond issued in London, a euro bond issued by a Brazilian corporate) and they don't sit cleanly in any single jurisdiction. To accommodate them, the ISIN system uses the special prefix XS, which doesn't correspond to a country at all but to "international." And reflecting the broader structure of the market, ISIN allocation for XS securities is handled not by one numbering agency but two, Euroclear and Clearstream, the two International Central Securities Depositories. The Eurobond market has always had two ICSDs holding the securities, two settlement systems clearing the trades, and two numbering agencies issuing the codes.

This is, by some distance, the largest segment of the international bond market. And it is also the one where the ISIN retrieval process has remained the most stubbornly anachronistic.

How it works

The XS ISIN request process is a chain of emails. The dealer sends the termsheet to the issuing and paying agent. The IPA validates it and forwards to Euroclear or Clearstream. The ICSD checks the issuer, jurisdiction, documentation, and security eligibility, and either issues a code or sends questions back up the chain. Each step is a human reading an email, opening an attachment, and copying fields into another system.

On a good day this takes a few hours, on a bad day, much longer. Overnight transactions are particularly frustrating. Despite the name, Eurobonds are issued globally, from Australia to South America, but the ISIN infrastructure (the major IPAs and the two ICSDs) is based in Europe. A USD or HKD issuance priced in the Hong Kong morning may not have an ISIN until the European close, or worse, the next day. And until the ISIN exists, most risk systems can't book the trade. The dealer has committed capital they can't formally record; the investor is exposed without their exposure being captured. Everyone agrees this is bad. The fix has been slow because it requires every party in the chain to change at once.

The FIGI parable

Given how slow the XS ISIN process is, the obvious question is whether a better identifier might displace it. There has been a credible attempt: Bloomberg's FIGI, the Financial Instrument Global Identifier, launched in 2009 specifically to solve the speed problem. FIGIs are free, open, and can be assigned essentially instantly. There are now around 197 million FIGIs in circulation, against roughly 26 million ISINs. By every technical measure, FIGI is a better identifier.

But, it hasn't displaced anything in the back office. The SEC permitted FIGIs for 13F filings in 2021, and last year nine US regulatory agencies proposed accepting FIGI under the Financial Data Transparency Act. Trading desks have adopted FIGIs widely. And yet middle and back office operations still run on ISINs and CUSIPs. The booking systems haven't moved, so ISINs are still considered the "gold standard" code.

EPIM, and the limits of partial automation

The infrastructure has, to be fair, tried to automate. In 2006 Euroclear, Clearstream, and DTCC launched the European Pre-Issuance Messaging service (EPIM), a joint platform handling ISIN and common code requests electronically, linking dealers, IPAs, and the numbering agencies through standardised real-time messaging. For the products it covers, it works.

The catch is the products it covers: mostly money market instruments such as Euro Commercial Paper and Certificates of Deposit, and some Medium Term Notes. The wider bond universe sits outside EPIM and still relies on the email chain. The system's design is also starting to show its age. There is limited validation at the interface level, so dealers under time pressure often put "dummy data" in to get a code quickly, and then update the transaction information later on. The duplication isn't just inefficient, the bad data introduces operational risk that lands on the shoulders of the IPAs and ICSDs down the chain.

The better path: improve the standard

Origin recognised early that faster ISINs would provide enormous value, but only if the underlying infrastructure was robust. That meant doing the validation work upfront - security details, issuer, documentation, jurisdiction, ICSD eligibility - and then automating via API the communication that the email chain had been doing manually. When everything is pre-validated and the integrations are live, the actual ISIN issuance is a few hundred milliseconds of network latency, not a multi-hour negotiation.

To do this for the whole eurobond market, the market infrastructure community has to be willing to participate. Credit goes to Clearstream for kickstarting this in 2022 with the launch of their PMI API, now evolved into D7. Euroclear is planning its own API. Much of the IPA community has begun to move as well, and for good measure - the structure of the eurobond market requires their buy-in for this to work.

By requiring more robust data validation rather than less, API-powered ISIN generation doesn't just accelerate the timeline from hours to milliseconds, it also improves data integrity. No more dummy data shortcuts. Because the API is natively connected to the issuance documentation, what's registered with the CSD matches the legal contracts by construction.

Where to from here

Today, Origin generates instant ISINs every trading day, and market coverage is growing as more paying agents connect. Our goal is complete coverage of the Eurobond market, and then eventual expansion to all major domestic markets globally. As with everything in the capital markets, the technology is no longer the hard part - it's the adoption. But the benefits are real.

As one client said to us the first time they tried it: "This is magic! Click and ISIN." Sometimes the best infrastructure isn't the new thing that replaces the old. It's the old thing, finally working the way it always should have.