*# [Legacy](/services/legacy modernisation) systems in the financial sector: compliance and security *
Opened at: 21. January 2026 | Reading time: ca. 9 minutes
table of contents
Introduction: The ticking time bomb in financial IT
Yeah. The double challenge: security and compliance
Security risks of legacy systems in banks
Compliance nightmare: GDPR, PSD2 and Co.
Modernisation strategies for the financial sector
Case study: Successful [modernisation](/services/legacy modernisation) of a core bank platform
Conclusion: Modernisation as a duty for the financial sector
1. Introduction: The ticking time bomb in the financial IT
The financial sector is the backbone of the modern economy. But in the cellars of many banks and insurance companies, legacy systems are still slumbering, some of which were written on mainframes and in COBOL decades ago. These systems are not only an obstacle to innovations such as open banking and digital customer experiences, but also a ticking time bomb in terms of security and compliance.
A survey revealed that 44% of banks still run on COBOL-based systems [1]. Keeping on this outdated technology is no longer an option. This article highlights the specific risks of legacy systems in the financial sector and shows ways of safe and compliant modernisation.
Two. The double challenge: security and compliance
No other industry is so heavily regulated and at the same time an attractive target for cyber criminals as the financial sector. Legacy systems are a double challenge here:
**Safety:**Old architectures and programming languages provide a large attack area for hackers.
Compliance: New regulatory requirements (e.g. GDPR, PSD2) are often difficult or not to implement with old systems.
3. Security risks of legacy systems in banks
Fehlende Sicherheitsupdates: There are no security patches for many outdated operating systems and libraries.
**Retired developers with COBOL and mainframes are retired. The knowledge of the maintenance and security of the systems is lost.
Integratability: The connection of modern security solutions (e.g. for identity management or real-time fraud detection) to old systems is often complicated and incomplete.
4. Compliance nightmare: GDPR, PSD2 and Co.
Regulatory density in the financial sector is steadily increasing. Legacy systems are quickly becoming a compliance trap here:
GDPR: Requirements such as the "right to be forgotten" are hardly feasible in monolithic systems where customer data is stored in countless places.
PSD2 (Payment Services Directive 2): The directive requires banks to grant third-party access to account data via APIs (open banking). This is techni with encapsulated legacy systems
About the author
Groenewold IT Solutions
Softwareentwicklung & Digitalisierung
Praxiserprobte Einblicke aus Projekten rund um individuelle Softwareentwicklung, Integration, Modernisierung und Betrieb – mit Fokus auf messbare Ergebnisse und nachhaltige Architektur.
Related topics:
Read more
Related articles
These posts might also interest you.
Legacy-Modernization: How to make old systems fit for the future
Legacy systems are often the backbone of a company – but also a growing risk. Outdated technologies, lack of documentation and dependency on special knowledge make maintenance expensive and further development difficult. This Gui...
30 January 2026
LegacymodernizationThe Future of Money: How App Development Revolutionizes Financial Services and Banks
The financial world is undergoing profound change. Driven by technological innovations and changed customer expectations, **App development has played a central role in financial services & banks**. What once...
28 January 2026
LegacymodernizationLegacy Modernization for Education & Research: The Way to Digital Sovereignty
Digitization has captured all areas of society, but few sectors face such unique and complex challenges as **education and research**. Universities, universities and research institutions are the...
26 January 2026
Free download
Checklist: 10 questions before software development
What to clarify before investing in custom software – budget, timeline, requirements and more.
Get the checklist in a consultationRelevant next steps
Related services & solutions
Based on this article's topic, these pages are often the most useful next steps.
