Financial institutions are stuck in an uncomfortable place right now. Customer expectations have been reshaped by apps like Revolut, Monzo, and Cash App — but most legacy banks still run on systems older than the internet.
Add pressure from regulators across multiple jurisdictions, rising cyber threats, and fintech competitors that don’t carry decades of technical debt, and the picture becomes clear: the IT decisions made in the next few years will determine who survives in this market and who quietly fades.
This article breaks down which IT solutions actually matter for financial services providers — from core banking to AI, from cloud to compliance — and what to look for when building the right technology stack.
The Legacy Problem Nobody Talks About Honestly
Here’s something worth saying plainly: a significant portion of the world’s financial transactions still runs on COBOL. Written in the 1950s. Running on IBM mainframes that most developers under 40 have never touched.
The US Federal Reserve estimates roughly 95 billion lines of COBOL are still in production globally. Banks don’t advertise this.
But it shapes every IT decision they make — from how fast they can launch new products to how exposed they are when a system update goes wrong.
What’s Actually Running Inside Most Banks?
Ask any IT team at a mid-tier bank what their stack looks like and the answer tends to involve:
- A core banking platform from the 1980s or 1990s, heavily customized over decades
- A patchwork of middleware connecting systems that were never designed to talk to each other
- Spreadsheets doing jobs that should be handled by proper data pipelines
- Point-to-point integrations that nobody fully understands anymore
DXC Technology’s Hogan platform — which powers 6 of the top 10 US banks and processes roughly two-thirds of all US card transactions — has been around since the 1970s.
It handles 300 million deposit accounts. But even Hogan clients eventually need to modernize around it, expose functionality through APIs, and connect to modern digital channels.
A broader look at how this kind of specialized IT engagement works is available at https://dxc.com/industries/financial-services.
The real question isn’t whether legacy systems need updating. That’s settled. The question is how to do it without taking the bank offline or introducing catastrophic risk.
Core Banking Modernization: Not as Simple as It Sounds
“Modernization” means different things to different people. For some teams, it means rewriting everything from scratch. For others, it means wrapping old systems in APIs and calling it done. Both have serious tradeoffs.
API-First Architecture and Microservices
The most practical approach for most institutions is incremental modernization — breaking up the monolith gradually while keeping the lights on.
Platforms like DXC’s CoreIgnite act as orchestration layers that expose core banking services through modern REST APIs without requiring a full system replacement. Banks can build digital products on top without touching the underlying platform.
Temenos, Finastra, and Thought Machine take a different angle — cloud-native core banking built from scratch using microservices.
Thought Machine’s Vault platform lets banks define financial products as programmable smart contracts. Monzo and Lloyds Banking Group both run on it.
Full replacements take years and cost hundreds of millions. Incremental modernization is slower but keeps risk manageable. Most institutions end up doing a bit of both.
Real-Time Processing Requirements
ISO 20022 migration is quietly forcing every major bank to modernize whether they like it or not. The new messaging standard for payments — being adopted by SWIFT, the European Central Bank, and dozens of central banks globally — requires richer, structured data than legacy formats can handle.
The launch of FedNow in July 2023 changed expectations for instant payments in the US. SEPA Instant has been doing the same in Europe since 2017. If a bank’s core can’t handle sub-second settlement, that’s not a feature gap — it’s a competitive threat.
AI and Automation: Where the Efficiency Gains Actually Live
Let’s be direct about what AI is actually doing in financial services right now — not the hype version, the real version.
Fraud Detection
Traditional rule-based fraud detection flags transactions based on fixed thresholds. If a card is used in two countries within an hour, decline it. Simple — and increasingly easy for sophisticated fraud operations to work around.
Machine learning-based detection is different. Mastercard’s Decision Intelligence uses a neural network trained on billions of transactions to score risk in real time, factoring in everything from device fingerprinting to behavioral patterns.
PayPal has been doing this since at least 2016. The false positive rate matters enormously — every legitimate transaction declined is revenue lost and a frustrated customer.
Intelligent Process Automation
JPMorgan’s COiN (Contract Intelligence) platform can review 12,000 commercial loan agreements in seconds — a task that previously took 360,000 hours of lawyer time annually. That’s automation doing work no amount of human staffing could replicate at that cost.
The areas making the biggest difference right now:
- KYC and onboarding
- Reconciliation
- Regulatory reporting
- Customer service
The infrastructure behind all of this runs on AWS, Microsoft Azure, and Google Cloud — which have all built financial-services-specific compliance certifications (SOC 2, PCI DSS, ISO 27001) to make cloud adoption viable in this sector.
Cybersecurity: Too Much at Stake for Off-the-Shelf Fixes
A ransomware hit on a hospital is serious. A ransomware hit on a clearing house can freeze markets. That’s the scale of what’s at risk here.
The old perimeter model is gone. Zero trust is the architecture that replaced it — verify everything, trust nothing by default.
In practice that means IAM tools like CyberArk or Microsoft Entra, micro-segmentation so one compromised server doesn’t become a network-wide breach, and continuous monitoring via Dynatrace or Splunk. SWIFT’s Customer Security Programme mandates a baseline of this for all 11,000+ connected institutions.
AML and KYC
HSBC paid $1.9 billion in AML fines in 2012. Deutsche Bank paid $630 million in 2017. The pattern is consistent — underinvest in compliance tooling, pay later at scale.
Platforms like NICE Actimize use behavioral ML to flag suspicious activity without drowning compliance teams in false positives.
Biometric KYC vendors like Onfido have cut onboarding from weeks to minutes. Both have become standard infrastructure, not differentiators.
Payments and RegTech: Two Areas That Can’t Be Ignored
Batch settlement is a legacy problem with real competitive consequences. FedNow launched in 2023. SEPA Instant has been live since 2017.
India’s UPI clears over 10 billion transactions a month. Banks that can’t match that pace are losing ground to those that can.
The fix is a payments hub — one platform routing across multiple rails, handling format conversion and compliance screening in one place. Finastra’s Global PAYplus and Volante Technologies both do this well.
Regulatory Tooling
DORA came into force in January 2025. Basel IV is reshaping capital reporting. MiFID II transaction reporting hasn’t gotten simpler.
Doing all of this manually doesn’t scale — firms that are still relying on spreadsheets for regulatory submissions are one audit away from an uncomfortable conversation with their regulator.
RegTech platforms automate the bulk of this: reporting generation, reconciliation across positions and collateral, real-time liquidity tracking.
The underlying requirement is clean data. Fix the data quality problem and the compliance tools do the rest.
Trading and Risk Management Systems
Capital markets firms face a different set of IT challenges. The dominant platforms here are well-known in the industry:
- Murex MX.3 — a front-to-back platform for derivatives, fixed income, and equity trading used by ABN AMRO, Société Générale, and dozens of major investment banks
- Finastra Kondor — treasury and capital markets risk management
- Orchestrade — derivatives lifecycle management and risk analytics
- Nasdaq Surveillance — market surveillance and trade analytics
These platforms handle everything from pre-trade risk checks through post-trade processing and regulatory reporting.
Integrating them cleanly with core banking systems — and keeping them current as EMIR and Dodd-Frank continue to evolve — is ongoing work, not a one-time project.
A trading platform health check isn’t optional. Systems that aren’t properly maintained accumulate technical debt that eventually shows up as latency issues, reconciliation breaks, or mispriced risk exposure nobody notices until it costs real money.
How to Choose the Right IT Partner?
Not every technology vendor understands financial services. And not every firm that claims expertise actually has it.
When evaluating IT solution providers, the criteria that matter:
- Domain depth — has the vendor worked with institutions of similar size and complexity? Supporting a community bank’s IT is a different problem from running infrastructure for a global custodian
- Regulatory fluency — does the team actually understand DORA, Basel IV, MiFID II, and local jurisdiction requirements? Compliance expertise has to be embedded, not bolted on
- Track record with legacy systems — financial services IT is dominated by legacy infrastructure. Experience with COBOL, IBM z/OS, and aging middleware is rare and genuinely valuable
- Partner ecosystem — does the vendor have established relationships with the specialized platforms financial firms actually use? Murex, Temenos, Finastra, Nasdaq — these aren’t generic enterprise software tools
- Security certifications — ISO 27001, SOC 2 Type II, PCI DSS, and sector-specific certifications are a baseline, not a differentiator
- Long-term commitment — financial services IT engagements don’t end in six months. The right partner is one prepared for a multi-year relationship
Scale matters too. A vendor working with 10 regional banks operates in a different league from one trusted by 17 of the world’s 20 largest financial institutions, with 45 years of domain experience behind them.
The Bottom Line
Nobody in financial services IT is dealing with one clean problem. It’s always several at once — a core system held together with customizations from three different decades, a compliance deadline landing in Q1, a security audit pending, and somewhere in the background a fintech competitor that launched six months ago and already has better onboarding than you do.
The institutions that handle this well tend to share one trait: they don’t try to fix everything in a single program.
They sequence it. Get the core stable. Pick one modernization track and actually finish it before starting the next.
Automate the processes that eat the most analyst hours. Build security in from the architecture level, not as an afterthought bolted on before go-live.
None of that is complicated in theory. The execution is where things get hard — because every one of those workstreams involves legacy systems, vendor dependencies, regulatory constraints, and internal politics that no implementation roadmap fully accounts for.
The technology to solve these problems exists and has existed for a while. What’s genuinely scarce is the combination of deep domain knowledge and technical capability to deploy it in environments where getting it wrong has real consequences.
That’s the thing worth spending time evaluating — not which platform has the best feature list, but who has actually done this before in conditions similar to yours.
