Germany’s IT banking crisis: time for AI in legacy modernisation

While banks recognise that these traditional platforms delivered decades of stability, they struggle to meet today’s demands for speed, system resilience, and change. What was once an internal IT constraint has become a strategic and operational risk with ecosystem-wide implications that extend beyond individual institutions.

Why banks can no longer afford to stand still:

• Outdated core banking systems endanger not only the competitiveness of individual banks but also the stability of the German financial system.
• The pressure is growing as the small number of specialists who still understand these legacy platforms approach retirement.
• AI-assisted modernisation offers a way forward by reducing reliance on scarce expertise and enabling incremental application modernisation.
• Technology alone will not be enough: organisational and cultural change will be just as important.

Unlike startups, which can build their IT systems from scratch, traditional banks in Germany are heavily reliant on half-century-old core systems. This makes them significantly less agile in developing seamless, competitive digital services. It also increases their exposure to regulatory risk, cyberattacks, and IT operational failures, with potential knock-on effects for the stability of the German and European financial systems.

Even today, core banking operations at many institutions depend on just two or three specialists who understand the legacy languages used on banks’ mainframes, such as COBOL, C, and assembly.

While the systems may still function reliably for now, operational resilience relies on a small pool of expertise and warning signs are already emerging. Last year, a minor error in a poorly documented COBOL module disrupted a European institution’s online banking services for several days, illustrating just how fragile the situation has become. Such cases rarely make it into the public eye, but they’re no longer one-off incidents. For years, the European Banking Authority has highlighted these risks in its Guidelines on ICT and security risk management, warning about growing reliance on ageing core systems whose ongoing operation and development are increasingly difficult to assure.

For many banks, overhauling these central platforms triggers alarm bells. These initiatives are often large-scale programmes spanning several years, often even more than a decade. The complexity is both technical and organisational, and the costs and risks are significant. Delays or failures in migration can cause severe losses and further weaken competitiveness. Nevertheless, banks can no longer afford to postpone action. 

The good news is that a new technological option is now available: application modernisation powered by AI. AI tools for enterprise application modernisation automatically analyse legacy languages and reconstruct the underlying business logic. In doing so, they identify patterns, dependencies, and business rules that have evolved over decades and were never documented.

Zühlke applies AI-supported code analysis, backed by extensive experience in legacy application modernisation, to make the business logic embedded in existing core systems visible, for example, through digital twins. As a first step, this helps institutions meet regulatory documentation requirements.

In the next step, individual modules can be isolated, analysed, and modernised. This allows parallel systems to be built – an important aspect of risk reduction given the complete outages associated with ‘big bang’ migrations. It also means modernisation can be planned with less dependency on the few remaining legacy specialists. This gradual, low-risk approach has already been adopted by several institutions using technology to reduce operational risk and accelerate transformation.

Even with a gradual approach, a clear starting signal is crucial to ensure that change can be continuously implemented and embedded in daily work. Banks that act now and commit to an application modernisation strategy can increase delivery speed and reduce costs in the years to come. Those who delay risk falling behind – losing critical talent before legacy systems have been fully replaced.