How banks can build a risk-intelligent approach to core modernization
Date:
Thu, 25 Jun 2026 14:07:37 +0000
Description:
As AI ambitions in banking accelerate, legacy cores create invisible risk - and banks must adapt.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Banks arent short on AI ambition. Across the industry, there are almost weekly announcements about
new deployments, new partnerships, and new capabilities.
But amidst the lofty pronouncements, not enough attention is given to
building the underlying architecture that makes any of it sustainable. The UK Treasury Committee has already warned that the financial system is not adequately prepared for a major AI-related incident, and from where I sit, that warning is aimed squarely at how modernization programs are being run. Latest Videos From Watch full video here: Katherine Yeung Social Links Navigation
Chief Risk and Compliance Officer at 10x Banking. This is a governance
problem which stems from unmade decisions; most banks have yet to make the strategic, organisation-wide commitment that should determine what gets
built, before anyone starts building.
There is a real opportunity to be grasped by inviting the risk team to be
part of design before you begin delivery. You may like AI & cost of legacy systems in UK banking AI is reaching finances core systems: Heres what it takes to run it there AI-driven cyber discovery signals a new era of systemic risk for banks Risk teams are being invited to the table too late In traditional program structures, risk and compliance are brought in to
validate decisions already made. Platforms are selected, designs agreed and timelines set, and the role of the risk function has typically been to check these things, rather than shape them. That model was never ideal, but now, in the AI-era modernization push, is structurally backwards at best and
dangerous at worst.
A genuinely AI-ready bank requires continuous data lineage, runtime-embedded controls and a real-time, cloud -native core. None of these can be
retrofitted cheaply once architecture decisions have already been made. By
the time a compliance team discovers that a new platform can't meet AI governance or data traceability requirements, the cost of fixing it is prohibitive Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
or sponsors By submitting your information you agree to the Terms &
Conditions and Privacy Policy and are aged 16 or over.
If the risk function is part of the design process from the outset, banks can build a risk-conscious architecture rather than a risk-adjacent one. The difference in outcome is substantial, and increasingly, the difference
between an institution that can operate confidently with AI and one that can't. How legacy cores create invisible risk The story of legacy architecture's constraints on innovation is well told, but it also creates blind spots that risk professionals can't see, let alone manage.
Batch-processing cores are the clearest example of this. When a core updates positions overnight rather than in real time, AML and fraud systems are operating on stale data. Suspicious activity that occurs between batch runs
is invisible until the next cycle, a direct operational liability as the volume and speed of financial crime increases. What to read next The AI governance gap: why AI is moving faster than the rules meant to control it
How enterprises can safely scale agentic AI To adopt or to adapt? Why SaaS is easing banking's customization burden
Fragmented data pipelines create a related problem. Continuous lineage (the ability to trace every decision to its data source) is a prerequisite for AI governance. On architectures where data moves through multiple disconnected systems before reaching an analytics layer, that lineage is structurally impossible to maintain without a modern, cloud-native architecture.
Finally, third-party AI deployment adds an additional layer of exposure. When models are embedded in platforms a bank doesn't have full control over, it leaves compliance teams operating with limited visibility into how decisions are being made.
Under the EU AI Act, which requires traceability and explainability for high-risk AI systems which may credit decisioning and fraud detection, that becomes a direct regulatory risk, and that's just one of a raft of emerging
AI regime banks must navigate. Risk is moving from chronic to acute What has changed is the speed at which risk moves.
Banks now have to contend with an increase in state-based cyberattacks on financial supply chains, a trend accelerated by geopolitical instability,
with agentic AI substantially increasing the speed and scale of those
attacks.
Under regimes such as DORA, which introduce near real-time cyber incident reporting, means institutions need detection and response infrastructure that operates on live data, capable of identifying and escalating incidents as
they happen rather than after the fact. Batch architectures don't meet this standard, and the window to remediate is narrowing.
The EU AI Act raises the bar further on traceability and explainability, particularly for credit decisioning and fraud detection, both areas where AI adoption is moving fastest.
Banks not designing against these requirements are accumulating risk, not avoiding it. The regulatory deadlines are known. The technical requirements are understood. The question is whether the architecture being selected today is capable of meeting the obligations that will be enforced tomorrow. What risk-intelligent modernization looks like I have sat in enough program steering committees to know that the moment risk professionals are brought into a modernization program shapes everything that follows.
When we arrive after the architecture is set, we are negotiating against decisions that are already expensive to reverse. When we are in the room from the start, we can design the non-negotiables in rather than bolt them on.
The practical starting point is three questions that every bank should answer before any platform decision is made:
What risk posture must we preserve throughout migration? The answer defines the non-negotiables for any new architecture: data integrity, audit continuity, access controls, and the governance structures that cannot lapse during transition.
What are we engineering against on a ten-year horizon? Regulatory
requirements in 2036 will look different from those in 2026. The architecture being selected today needs to be capable of meeting obligations that do not yet fully exist, which means flexibility and real-time data capability are
not optional extras. Some of the newer, digitally-native fintechs have demonstrated that building with this horizon in mind from the outset produces materially different, and more resilient, architecture than retrofitting compliance onto an existing estate.
What governance must change so we don't embed legacy risk into a modern platform? New infrastructure running old processes is window-dressing. If you modernize technology without modernizing governance, you recreate the same control failures in a different environment.
Modernization is not risk-free. But the risk of standing still now exceeds
the risk of moving carefully, and the cost of getting the architecture wrong compounds with every year it goes unfixed. Store you business data in the cloud with the best business cloud storage services . This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:
https://www.techradar.com/pro/perspectives-how-to-submit
======================================================================
Link to news story:
https://www.techradar.com/pro/how-banks-can-build-a-risk-intelligent-approach- to-core-modernization
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)