The cost of the current system is not just maintenance

Core banking systems built in the 1990s were engineered for the product set and transaction volumes of their era. Two decades later, those systems often process hundreds of thousands of transactions daily - reliably - but impose constraints that have become structural: product launch timelines measured in quarters rather than weeks, API integration capability limited or absent, cloud adoption blocked by monolithic architectures that cannot be decomposed without risk.

The cost of the current system is not just the maintenance contract. It is every product launch that takes 18 months instead of 6. It is the digital channel initiative that cannot proceed because the core cannot expose the data in the format required. It is the regulatory reporting project that requires manual reconciliation because the ledger system has no structured export capability. These are engineering problems with financial consequences, and addressing them begins with understanding the modernisation path available - because there is not one path. There are three, and the right choice depends on the regulatory environment, the current system's condition, and the organisation's tolerance for risk during transition.

The modernisation spectrum

Incremental API layer.
The lowest-disruption approach: wrapping the existing CBS with a modern API gateway that exposes core functionality to digital channels without touching the underlying system. Product teams can ship mobile apps, open banking integrations, and partner APIs against a stable interface layer while the full modernisation is planned and funded. This approach buys time without creating irreversible commitments. It is the right starting point when the core is stable, the regulatory risk of full migration is high, and digital channel velocity is the immediate constraint.

Parallel run and strangler fig migration.
A cloud-native CBS (Mambu, Thought Machine Vault, Temenos Transact, Finacle) is deployed alongside the legacy system. New products or new customer segments are onboarded to the modern platform while existing accounts remain on the legacy core. Migration proceeds in phases: product by product, segment by segment, not in a single cutover. The strangler fig pattern is the industry standard for this approach - each phase reduces the legacy system's footprint until it can be retired without risk. This is the recommended path in most modernisation programmes where the legacy system is still operable but limiting.

Full migration with phased cutover.
A complete transition from legacy CBS to a new platform: data migration, full reconciliation, regulatory notification, and cutover. This is the highest-risk approach and is not recommended as a starting point unless the legacy system has reached end-of-life or the vendor has withdrawn support. Where it is necessary, the execution requires meticulous data migration validation, parallel reconciliation runs, and regulatory pre-approval in BaFin or FINMA jurisdictions before the cutover date.

Regulatory context

Core banking migration in regulated environments is not a pure engineering exercise. BaFin's requirements for material infrastructure changes include documentation of data flows, change management procedures, and notification obligations for systemically significant changes. FINMA's standards in Switzerland are equally exacting: the expectation is that the institution can demonstrate at any point during migration that the system of record is unambiguous and that no data has been lost or altered without audit trail.

Gradion's ISO 27001 certified processes are directly applicable here. Privileged access controls, change approval workflows, and security event logging - the operational infrastructure of ISO 27001 - align with what BaFin and FINMA expect from infrastructure change management. The Swiss FINMA client engagement, in which Gradion conducted an in-depth review of more than 300 core banking applications and designed a compliant multi-cloud migration plan, is the direct reference for this capability.

Technology

Cloud-native CBS platforms: Mambu, Thought Machine Vault, Temenos Transact (formerly T24), Finacle. Custom microservices architectures for core components including ledger, accounts, and transactions where vendor platforms do not fit the product requirement. Event-sourcing for audit trail completeness - a pattern that ensures every state change in the ledger is recorded as an immutable event, satisfying both regulatory audit requirements and operational reconciliation needs.

API layers: REST and GraphQL gateways, API management platforms (Kong, AWS API Gateway, Azure APIM), OpenAPI specification-driven design for partner integration.

Security and data handling

Encryption at rest and in transit for all core banking data. Field-level encryption for personally identifiable information, ensuring that even internal engineers with database access cannot read customer data without explicit authorisation. Access logging for all privileged operations, with log integrity protection to satisfy audit requirements. GDPR-compliant data architecture, including right-to-erasure implementation for customer records within the constraints of financial records retention obligations.

Proof in production

The Swiss FINMA-regulated banking technology provider serves dozens of retail banks across Switzerland, processing half a million transactions daily. Gradion reviewed the architecture of more than 300 core banking applications, designed the compliant multi-cloud setup on Azure and Google Cloud, and delivered the hybrid migration plan - all while the platform continued operating without disruption. Instant Payments capability was enabled as part of the same engagement.

IDNow's KYC pipeline operates under similar compliance discipline. The regulatory engineering required to build identity verification at enterprise scale in a BaFin-adjacent environment is directly transferable to core banking modernisation programmes where KYC and AML integrations are part of the migration scope.

Next step

Describe the core banking system and the modernisation goal. We will scope the migration path.