GenAI: Optimizing Legacy Code Migration in the Banking

The banking industry stands at a critical juncture, grappling with the profound challenges posed by decades-old legacy IT systems. These antiquated infrastructures, often built on monolithic architectures and obscure programming languages like COBOL, impede agility, inflate operational costs, and introduce significant security and compliance risks. Concurrently, evolving customer expectations for seamless digital experiences and stringent regulatory demands necessitate a rapid and comprehensive modernization imperative. This report explores how Generative AI (GenAI) emerges as a transformative force, offering unprecedented capabilities to optimize legacy code migration. By automating complex tasks such as code analysis, translation, refactoring, and documentation, GenAI can dramatically accelerate modernization timelines, reduce costs, and enhance code quality. While the technology presents its own set of challenges, including data privacy, model accuracy, and the need for robust governance, strategic, phased adoption, coupled with human oversight and a focus on explainable AI, can unlock substantial value. Financial institutions that strategically leverage GenAI for legacy migration will not only mitigate critical risks but also position themselves for sustained innovation, enhanced competitiveness, and a future-ready IT landscape.

1. The Imperative of Legacy Modernization in Banking

The financial services sector, a cornerstone of global economies, operates on a foundation largely built decades ago. While these legacy systems have historically provided stability and reliability, their inherent limitations now pose significant impediments to innovation, efficiency, and security in an increasingly digital and dynamic market.

1.1 The Enduring Challenge of Legacy Systems in Financial Services

The persistence of legacy systems in banking is a multifaceted problem, characterized by several critical issues that collectively hinder progress and introduce substantial risk.

Architectural Rigidity & Inflexibility

Many core banking systems are defined by their monolithic architecture, a design paradigm from an earlier era. These systems are vast, complex, and deeply interwoven, meaning that even minor modifications become arduous undertakings, fraught with risk and requiring extensive testing. This structural rigidity severely constrains a bank's ability to adapt. The launch of new financial products or services, or the necessary adaptation of existing ones to meet evolving market demands or regulatory shifts, becomes a protracted and costly endeavor.

The inability to swiftly integrate with modern technologies or third-party fintech services, a crucial capability in the contemporary landscape of open banking and collaborative financial ecosystems, leaves traditional banks struggling to keep pace. This translates directly into missed market opportunities and a compounding competitive disadvantage, pushing established institutions further behind in the innovation race. Furthermore, while mainframes are known for processing high volumes, scaling specific functionalities or adapting to unpredictable surges in demand—such as those experienced during the pandemic for digital services—can be inefficient and expensive within a monolithic core, unlike the elastic scalability offered by modern, modular designs. The core architectural challenge of monolithic systems directly leads to this architectural rigidity and inflexibility, which in turn creates a significant competitive disadvantage for banks by impeding their ability to innovate and respond to market dynamics.

Operational Inefficiencies & Spiralling Costs

The financial burden associated with maintaining legacy core systems is not only substantial but also continuously escalating. Aging mainframe hardware, often decades old, incurs significant operational and maintenance costs, while software licenses for proprietary systems can be exorbitant. Reports indicate that companies in the US alone spend an astonishing $85 billion annually on maintaining old technology, with the global figure exceeding $300 billion. These substantial upkeep costs directly erode profits, with businesses reportedly wasting around 20% of their IT budget yearly due to unresolved technical debt.

Beyond direct financial outlays, these systems perpetuate deep-seated operational inefficiencies. Many processes remain heavily reliant on manual interventions and batch processing, which inevitably leads to delays, increased error rates, and a subpar customer experience. Extracting actionable insights from data trapped within these legacy structures is often cumbersome, with reporting limitations hindering real-time decision-making and strategic planning. The escalating maintenance costs of legacy systems directly divert significant IT budget and resources away from innovation, perpetuating a cycle of "firefighting rather than forward-thinking" within banking IT departments. This constant allocation of resources to merely "keeping the lights on" prevents investment in strategic, value-added activities, stifling long-term growth and competitiveness.

Data Silos & Integration Hurdles

Legacy core banking systems are notorious for creating formidable data dilemmas. Data is frequently trapped in isolated silos, fragmented across disparate parts of the monolithic structure or ancillary systems. This fragmentation makes it incredibly challenging to achieve a unified, single customer view, thereby hampering effective customer relationship management and personalization efforts. Critically, this data fragmentation also obstructs the development of sophisticated AI models and advanced analytics, which fundamentally rely on comprehensive, high-quality, and readily accessible data for optimal performance.

Integration with modern applications, fintech platforms, or third-party services—a prerequisite for participating in burgeoning ecosystems like open banking—becomes a complex and often bespoke undertaking. Traditional point-to-point integrations are brittle, expensive to maintain, and lack the flexibility inherent in modern API-driven approaches. Furthermore, data migration, an inevitable component of any core modernization effort, is notoriously complex and risky, demanding meticulous planning and execution to ensure data integrity and business continuity. The fragmented data residing in silos directly impedes the development of sophisticated AI models and advanced analytics, thereby undermining a bank's ability to leverage data for competitive advantage and personalized services. This inability to unify and leverage data effectively limits a bank's strategic capacity in a data-driven economy.

Aging Workforce & Skills Gap

A significant and growing concern for financial institutions is the diminishing pool of skilled professionals proficient in older programming languages like COBOL. This trend is leading to a "brain drain" as experienced programmers retire. On average, COBOL programmers are typically between 45-55 years old, with a mere 11.5% under the age of 35. The scarcity of these seasoned experts not only drives up labor costs but also introduces considerable systemic risk, increasing the likelihood of system failures and prolonged downtime due to a lack of available talent for maintenance and repair.

Compounding this issue, many top universities no longer teach COBOL, making it exceedingly difficult to find younger programmers with the necessary language proficiency. This exacerbates the skills gap, creating a challenging environment for banks seeking to maintain or modernize their critical systems. The demographic trend of an aging COBOL workforce creates a critical skills gap that amplifies the systemic risk of maintaining core banking systems, as knowledge erosion makes these vital systems increasingly difficult to manage, understand, and modernize. Without a new generation of COBOL programmers, banks face the prospect of "black box" codebases that no one can effectively modify or comprehend.

Prevalence of COBOL/PL/I

Despite its age, COBOL, a language over 60 years old, remains the foundational system code for a significant portion of the financial services industry. A staggering 43% of all banking systems are built on COBOL, underpinning $3 trillion of daily commerce, handling 95% of all ATM card-swipes, and facilitating 80% of in-person credit card transactions. An estimated 220 billion lines of COBOL code are still actively in use today. This enduring prevalence is largely attributed to its original design, which made it an irreplaceable core language for business-critical computing due to its exceptional stability and high processing power.

The continued reliance on COBOL, a language foundational to global financial transactions for decades, presents a significant strategic dilemma. Its proven stability is a clear benefit, having ensured operational continuity for mission-critical systems for generations. However, its age and the associated skills gap make modernization a critical, high-stakes undertaking that demands a careful balance between preserving operational continuity and enabling future innovation. This paradox forces banks to navigate a complex transition where the risks of inaction are often greater than the challenges of modernization.

1.2 The Strategic Imperative for Digital Transformation

Beyond the internal challenges, external pressures are compelling financial institutions to accelerate their digital transformation, with legacy modernization as a foundational component.

Evolving Customer Expectations

Modern consumers, accustomed to seamless digital experiences in other sectors, now demand similar levels of convenience, speed, and personalization from their banking providers. This includes intuitive, user-friendly interfaces, robust mobile support, and instant services. Legacy systems, often inherently lacking these contemporary capabilities, directly contribute to customer dissatisfaction and can drive clients to more agile competitors who offer superior digital interactions and experiences.

Regulatory Demands

The financial sector operates under an increasingly stringent and dynamic regulatory landscape. Compliance with evolving frameworks such as GDPR, HIPAA, PCI-DSS, AML, and KYC is not merely a best practice but a legal mandate. Outdated core banking systems frequently struggle to automatically update and adapt to these changing regulations, placing institutions at significant risk of non-compliance and exposing them to hefty fines and severe reputational damage. The cumbersome and error-prone nature of tracking transactions and generating necessary reports with outdated technology further complicates compliance efforts. The inherent inability of legacy systems to automatically update and adapt to evolving regulations directly exposes financial institutions to significant non-compliance risks, including "hefty fines and reputational damage" , thereby transforming modernization from a mere IT challenge into an urgent regulatory mandate. This makes modernization a necessity for avoiding severe legal and financial repercussions, underscoring its critical importance for business continuity.

Security Risks

Legacy systems are inherently less secure than modern alternatives due to their lack of contemporary encryption protocols, real-time fraud detection capabilities, and consistent security updates. Studies indicate that nearly 60% of financial institutions have experienced security incidents directly linked to their legacy banking systems. The advent of open banking, which necessitates increased data sharing and interconnectedness, significantly amplifies these vulnerabilities, transforming what was once a static, internal liability into a dynamic, external threat vector. This heightened exposure increases the risk of widespread data breaches and severe reputational damage, making robust security a paramount driver for modernization. The rise of open banking and interconnected financial ecosystems significantly amplifies the inherent security vulnerabilities of legacy systems, transforming them from a static, internal liability into a dynamic, external threat vector for widespread data breaches and severe reputational damage. This elevates security from a technical concern to a critical business risk that demands immediate attention.

2. Generative AI: A Catalyst for Legacy Code Migration

Generative AI (GenAI), a type of artificial intelligence capable of creating new content and ideas, is poised to revolutionize software development, particularly in the complex domain of legacy code migration. By leveraging large language models (LLMs) trained on vast datasets, GenAI can learn human and programming languages, enabling it to solve new problems and augment human capabilities across the software development lifecycle.

2.1 Core Capabilities of GenAI in Software Development

GenAI's utility in software development extends beyond simple automation, offering sophisticated assistance across various stages.

Code Generation

GenAI can generate new software code suggestions for application development tasks. These tools can produce a variety of novel content, including software code, in response to natural language requests, eliminating the need for developers to write every line manually. This capability is particularly beneficial for creating boilerplate code, scaffolding entire applications, or even producing complex code structures on the fly, allowing developers to focus on unique business challenges. GenAI understands natural language descriptions and generates contextually relevant code that adheres to established programming patterns and best practices. This significantly boosts developer productivity, streamlines the software development process, and empowers new developers by generating code from natural language input and providing explanations.

Code Analysis

GenAI offers powerful capabilities for analyzing complex codebases. It can explore and analyze data in new ways, summarizing content, outlining solution paths, brainstorming ideas, and creating detailed documentation from research notes. In the context of legacy systems, GenAI can synthesize and interpret analysis results, transforming complex code metrics into actionable business insights. This includes evaluating code quality against industry benchmarks, identifying technical debt, and assessing security vulnerabilities through static application security testing (SAST) and software composition analysis (SCA). GenAI can also analyze commit history to reveal insights about development team activity and the average cost of new feature development. Thoughtworks' CodeConcise, for instance, leverages LLMs and knowledge graphs derived from abstract syntax trees (ASTs) to analyze and document legacy code, extract low-level requirements, and even produce abstracted program flowcharts, significantly enhancing code comprehension, especially for engineers unfamiliar with a particular tech stack. This automated understanding helps organizations shorten discovery cycles during modernization, providing invaluable clarity for re-engineering efforts on decades-old systems.

Code Refactoring

GenAI can review existing code to suggest performance improvements and other refactoring ideas. It can analyze vast codebases, identify areas requiring optimization (e.g., duplicated code, complex logic), and suggest code modifications to improve cloud compatibility. This capability is crucial for migrating applications and databases to the cloud, ensuring legacy code aligns with cloud-native features and optimizes performance. GenAI can automate large parts of the refactoring process, improving code quality and maintainability without changing external behavior and business logic. Tools like vFunction combine architectural context with AI-powered code assistants to identify structural issues such as class dependencies, dead code, and outdated frameworks, transforming them into targeted, LLM-ready tasks that drive better code quality and accelerate modernization.

Code Translation

A significant application of GenAI is the translation of legacy code into modern programming languages. GenAI can analyze legacy codebases and rewrite them into modern languages such as Java or Python, while preserving the business logic embedded within them. This capability is critical for moving off aging mainframes and proprietary languages like COBOL. For instance, some tools can convert COBOL to Python or transform monolithic codebases into modular microservices architectures. This automation accelerates modernization projects, reduces manual effort, and mitigates risks associated with traditional, labor-intensive migration methods. Success stories include a Japanese bank converting 5 million lines of COBOL to Java in nine months, and a U.S. state government translating 40-year-old PL/I code to Python.

Documentation Generation

Legacy systems often suffer from poor or non-existent documentation, making them difficult to understand and maintain. GenAI can analyze legacy code and automatically produce detailed system documentation, providing function-level summaries, code comments, and mapping interdependencies between modules, databases, and business processes. This capability is invaluable for reverse engineering undocumented systems, helping developers and business analysts quickly grasp complex logic and extract business rules that might have been lost over decades. Automated documentation generation can significantly speed up the creation of technical documentation by 45–50%, saving countless hours in understanding and mapping legacy systems.

Test Case Generation

GenAI can significantly accelerate and improve the quality of software testing, especially for legacy systems that often lack robust automated testing frameworks. By analyzing application logic, past test results, and user behavior, GenAI can automatically generate high-coverage test cases, identify missing scenarios, and create synthetic test data that mimics real-world user behavior. This includes generating unit tests, integration tests, and regression tests, thereby reducing manual effort, improving test coverage, and catching defects earlier in the development cycle. AI-driven test generation can reduce undetected bugs by 30% during regression testing.

2.2 Benefits of GenAI in Legacy Code Migration

The application of GenAI to legacy code migration offers a compelling array of benefits that address the core challenges faced by financial institutions.

Accelerated Migration Timelines

GenAI significantly speeds up the entire migration process by automating labor-intensive tasks such as code analysis, translation, and refactoring. This automation dramatically reduces the time and effort required, allowing businesses to expedite their cloud migration projects and accelerate time-to-market for new products and services. For example, refactoring with GenAI can be completed in nearly two-thirds the time compared to manual approaches. Case studies demonstrate substantial time reductions, such as a 66% cut in reverse engineering time (from six weeks to two per module) for a major automotive manufacturer's 15 million lines of COBOL code, potentially saving 60,000 person-days. This acceleration is crucial for banks struggling with slow processes and rigid solutions in their legacy systems.

Cost Reduction

By automating repetitive tasks and streamlining workflows, GenAI directly contributes to substantial cost savings in legacy modernization projects. It reduces the need for extensive manual rewriting and specialized, increasingly rare skill sets, which are typically expensive. The automation of code generation, testing, and optimization eliminates significant manual effort, allowing businesses to allocate resources more efficiently and reduce operational expenses. For instance, one GenAI-powered code converter reported a 57% reduction in maintenance costs. This directly addresses the "eye-watering maintenance costs" that currently consume a large portion of IT budgets in banking.

Improved Code Quality and Maintainability

GenAI tools offer real-time code suggestions based on industry best practices, helping to identify security vulnerabilities, suggest design improvements, and automatically refactor code blocks to enhance maintainability and performance. They prevent common coding mistakes, leading to cleaner, error-free, and more readable code. By automating refactoring and ensuring consistency, GenAI improves the overall quality of the modernized codebase, making it easier to manage and update in the long term. This is particularly valuable for legacy systems often characterized by "spaghetti code" and undocumented intricacies.

Enhanced Security and Compliance

GenAI can proactively identify and address security vulnerabilities in legacy code by scanning for flaws and suggesting or generating fixes. This capability is crucial for financial institutions, which face heightened cyber threats and strict regulatory requirements. By ensuring that modernized code adheres to security standards and compliance protocols, GenAI helps mitigate risks of data breaches and non-compliance penalties. The ability to analyze and provide broader and deeper visibility of data, such as potentially faulty software code, enhances pattern recognition and the ability to identify potential risks more quickly. This directly supports the need for agile systems to adapt to stricter data protection regulations like GDPR.

Bridging the Skills Gap

With the diminishing pool of experts in legacy languages like COBOL, GenAI tools can act as an "on-demand expert," guiding new developers through platform-specific topics and reducing the learning curve. They can provide code explanations, step-by-step instructions, and review existing code, making development more accessible for new programmers and augmenting the capabilities of existing teams. This directly addresses the "brain drain" and talent shortages that plague legacy system maintenance.

3. Applications of GenAI in Legacy Code Migration Stages

GenAI can be strategically applied across various stages of the legacy application modernization journey, offering specific capabilities to streamline and enhance each phase.

3.1 Assessment & Planning

The initial phase of modernization, traditionally manual and time-consuming, benefits significantly from GenAI's analytical prowess.

Automated Code Understanding and Discovery

GenAI tools can analyze existing codebases to identify technical debt, outdated libraries, and areas for improvement, providing a detailed understanding of the existing state of applications. This automated process quickly identifies the language, framework, dependencies, and complexity of the code, even spotting dead code or potential security vulnerabilities early on. Natural Language Processing (NLP) capabilities enable GenAI to process and understand legacy documentation, even if it is sparse or outdated. Tools can also map out interdependencies between various modules, databases, and business processes, and visualize the architecture, making complex systems less daunting. This automated understanding helps organizations shorten discovery cycles during modernization, providing invaluable clarity for re-engineering efforts on decades-old systems.

Risk Assessment and Cost Estimation

GenAI can help businesses understand risks before modernization begins by evaluating the code and architecture for potential security and compliance issues. It can also assist in estimating the costs associated with modernization by analyzing similar projects and providing data-driven insights. Predictive analytics can be employed to gain a better idea of potential modernization risks and estimate the effort required. This leads to a more data-driven and optimized modernization strategy and roadmap.

3.2 Code Transformation & Refactoring

This is where GenAI's generative capabilities truly shine, automating the conversion and optimization of code.

Automated Code Translation and Generation

GenAI can convert legacy code into modern programming languages or frameworks, significantly reducing manual efforts and errors. It can automatically generate code based on project specifications described in natural language, reducing development time and costs. Tools like RefactorX can convert any legacy code to a desired modern language, including version upgrades. This automation helps to transform outdated code, such as COBOL, into modern languages like Python or Java, while preserving the underlying business logic.

Refactoring and Performance Optimization

GenAI simplifies the process of refactoring outdated code to align legacy applications with modern standards and technologies. It can improve the performance and maintainability of old codebases by identifying inefficiencies and suggesting optimized replacements. GenAI can also assist in breaking down monolithic applications into modular microservices architectures, promoting flexibility, scalability, and easier deployment. This capability is critical for achieving cloud-native readiness and optimizing performance for modern environments.

3.3 Data Migration & Integration

GenAI plays a vital role in addressing the complex and risky aspects of data handling during modernization.

Data Structure Mapping and Conversion

Legacy systems often store data in outdated formats or databases incompatible with modern architectures. GenAI assists in the complex process of migrating data by providing support for mapping data structures, converting formats, and integrating with modern data storage solutions. Tools can automatically map legacy data structures to modern database schemas, reducing the need for manual intervention and ensuring data integrity during transfer.

API and Middleware Generation

GenAI can help integrate legacy systems with modern platforms by automatically generating APIs. This is particularly useful in industries where legacy systems need to remain operational while new systems are gradually introduced, ensuring seamless integration without manual coding bottlenecks. For example, RESTful API generation can be automated for legacy mainframes, enabling communication with modern cloud-based platforms or microservices architectures.

3.4 Testing & Validation

Automated testing is crucial for ensuring the quality and reliability of modernized code, and GenAI significantly enhances this phase.

Automated Test Case and Data Generation

GenAI can automatically generate unit tests, integration tests, and regression tests, significantly speeding up the process and improving code reliability. It can analyze application logic, past test results, and user behavior to create comprehensive test cases, identifying missing scenarios and ensuring edge case testing. Furthermore, GenAI can create synthetic test data that mimics real-world user behavior, ensuring compliance with data privacy regulations and reducing the need for sensitive production data. This automation helps catch issues early, ensuring that every update works as intended before it goes live.

3.5 Documentation & Knowledge Management

GenAI addresses the critical issue of poor documentation in legacy systems, transforming undocumented code into valuable knowledge assets.

Automated Documentation Generation

GenAI analyzes codebases to generate clear, concise documentation for modernized components, including details about functionalities, APIs, dependencies, and usage guidelines. This comprehensive system documentation enhances developer understanding and facilitates smoother maintenance and updates, reducing the risk of errors and boosting productivity. It helps to capture and centralize tribal knowledge that might otherwise be lost as original developers retire.

Reverse Engineering for Business Logic Extraction

GenAI, particularly with LLM-powered analysis, can decode legacy systems at scale by understanding patterns, context, and logic. It can read and interpret various forms of legacy code (e.g., SQL, ETL, shell scripts), summarize the logic in plain English, and extract key business rules and data transformation steps. This capability is crucial for understanding undocumented mission-critical systems and translating complex workflows into modern code without losing functionality. It helps eliminate reliance on hard-to-find subject matter experts (SMEs) and speeds up discovery and impact analysis for platform modernization.

4. Risks and Challenges in GenAI-Powered Migration

While GenAI offers significant opportunities for legacy code migration, its implementation in the highly regulated banking sector is not without challenges and inherent risks.

4.1 Data Privacy and Security Concerns

The integration of GenAI into financial systems introduces serious data privacy and security risks. GenAI models, especially LLMs, are trained on vast datasets and can inadvertently memorize and reproduce sensitive information, leading to data leakage if internal bank data or customer information is used without proper controls. This poses a severe risk to customer privacy and regulatory compliance (e.g., GDPR, CPRA, HIPAA). The increased accessibility of confidential information through AI technologies also heightens the risk of data breaches and unauthorized access. Financial institutions must establish robust AI data privacy strategies, including data masking techniques, data minimization, and continuous monitoring, to mitigate these risks.

4.2 Model Hallucinations and Accuracy Issues

GenAI models are prone to "hallucinations," where they generate plausible but factually incorrect or entirely fabricated outputs. In a banking context, this could lead to chatbots providing erroneous financial advice, risk models generating flawed assessments based on invented data, or even AI agents inhibiting access to bank accounts or failing to execute transactions properly. Such errors in critical banking systems can have catastrophic consequences. Mitigation strategies include grounding outputs in verified internal data, using Retrieval-Augmented Generation (RAG) systems, and applying prompt engineering techniques to reduce ambiguity.

4.3 Regulatory Uncertainty and Explainability

The global AI regulatory landscape is currently fragmented, creating uncertainty for organizations integrating AI into their operations. Banking regulators demand clear explanations for AI-driven decisions, especially in critical processes like loan approvals and compliance monitoring. However, the "black box" nature of many GenAI systems makes it difficult to understand how they arrive at their decisions, posing challenges for transparency and accountability. This lack of explainability undermines trust among regulators and customers, potentially leading to fines and reputational damage. Developing Explainable AI (XAI) frameworks is essential to ensure AI-driven decisions can be understood, audited, and trusted, maintaining compliance with regulatory standards.

4.4 Integration Complexity with Legacy Infrastructure

Integrating GenAI with existing legacy systems is a complex undertaking. Older systems often lack the flexibility needed for seamless integration with modern AI solutions, posing compatibility issues with outdated technology, APIs, or middleware. Data migration difficulties are also significant, as legacy systems typically store data in outdated or incompatible formats, requiring meticulous planning and execution to ensure data integrity. This necessitates significant investments in APIs, middleware, and data-sharing protocols to bridge the gap between old and new systems.

4.5 Ethical and Bias Concerns

GenAI models can perpetuate or amplify existing societal biases if trained on biased data, leading to discriminatory outcomes in sensitive areas like credit scoring, loan applications, or fraud detection. This can result in lawsuits, brand damage, and financial penalties. Financial institutions must implement robust governance frameworks, monitor AI outcomes for group disparities, use diverse training data, and ensure human oversight to mitigate these biases and ensure fairness. The ethical implications extend beyond technical risks, requiring banks to ensure automated decisions align with societal values and maintain customer trust.

5. Strategic Considerations for GenAI Adoption in Banking IT Modernization

Successfully leveraging GenAI for legacy code migration in banking requires a strategic, holistic approach that addresses technological, organizational, and governance aspects.

5.1 Phased Adoption and Pilot Programs

A phased approach to GenAI integration can significantly mitigate risks and allow for gradual adjustments rather than abrupt changes, promoting stability and minimizing disruptions. Financial institutions should start by identifying non-critical, low-risk components of their legacy systems, such as a batch processing job or a reporting function, for small pilot projects. This allows teams to experiment with GenAI tools without risking disruption to core business operations, building familiarity with the technology and developing foundational competencies. Successful pilot projects can then demonstrate value quickly, build confidence, and inform the refinement of AI strategies before scaling to broader competitive advantages.

5.2 Building a Robust Governance Framework

Establishing a comprehensive governance framework is paramount for responsible and effective GenAI deployment in banking. This framework should involve:

• Clear Ownership and Accountability: Define clear ownership of decision-making processes and assign roles and responsibilities for oversight, ensuring accountability and transparency across the organization.

• Risk Management and Control Systems: Develop new models to manage GenAI risks, including data leakage, model manipulation, and inherent biases. Implement robust testing protocols, establish oversight mechanisms, and integrate automated monitoring tools to detect anomalies or potential issues in real-time.

• Compliance and Ethical Guidelines: Uphold existing governance policies and procedures related to data privacy (GDPR, CPRA, HIPAA), security, and ethical AI use. Implement explainable AI (XAI) tools to make decision-making processes transparent, building trust in the AI system and mitigating compliance risks.

• Vendor Management: Establish clear policies for managing vendor-provided AI solutions, including assessing their data security practices, compliance, and reliability.

5.3 Talent Development and Cultural Transformation

The successful adoption of GenAI is as much about people as it is about technology.

• Upskilling and Reskilling: Financial institutions must invest in upskilling existing employees and attracting new talent with necessary AI skills, including AI specialists (data scientists, machine learning engineers, AI architects, ethicists), data-driven relationship managers, and techno-functional strategists. This addresses the skills gap and ensures teams can effectively work alongside AI technologies.

• Fostering an Innovation Mindset: Cultivate a culture that embraces change and encourages experimentation with new AI-driven approaches to banking. Overcoming cultural resistance, stemming from mistrust and fear surrounding AI, requires careful change management and communication. Showcasing successful pilots and modernizing interfaces for delivering AI insights can build enthusiasm and overcome skepticism.

• Human-in-the-Loop: While GenAI automates many tasks, human oversight remains critical, especially in regulated industries. Human experts are needed to verify the accuracy of AI-generated code, manage modernization patterns for custom-built legacy software, and provide essential feedback. This ensures responsible AI deployment and mitigates risks associated with model hallucinations or biases.

5.4 Integration with Modern Cloud-Native Architectures

GenAI's full potential is realized when integrated with modern, flexible IT infrastructures.

• Cloud-Native Environments: Migrating to cloud-native environments (e.g., AWS, Azure, Google Cloud) provides the scalable and flexible infrastructure necessary to support GenAI workloads. Cloud platforms offer robust data storage, security, and integration capabilities with AI tools for various financial tasks.

• API-Led Connectivity: Utilizing Application Programming Interfaces (APIs) to connect legacy systems to newer AI platforms enables smoother data flow and better interoperability. This approach allows for modular integration, minimizing disruption to critical legacy components while gradually introducing modern capabilities.

• Data Modernization: Prioritizing data modernization is crucial, as data is the fuel for AI. This involves centralizing data to avoid silos, creating unified data lakes, and improving data quality through cleansing, normalization, and structuring to ensure it is usable by AI algorithms.

6. Case Studies and Industry Examples

The transformative potential of GenAI in legacy code migration is already being demonstrated across the financial services sector.

6.1 Notable Implementations and Pilot Programs

Several leading technology providers and financial institutions are actively deploying GenAI for modernization efforts:

• Thoughtworks CodeConcise: Thoughtworks utilized its GenAI-based accelerator, CodeConcise Legacy Assistant, to help a major automotive manufacturer modernize a vital system comprising 15 million lines of COBOL code. By leveraging LLMs and knowledge graphs derived from Abstract Syntax Trees (ASTs), CodeConcise dramatically accelerated the reverse engineering process, reducing time by two-thirds (from six weeks to two per module) and potentially saving 60,000 person-days across the entire codebase. Thoughtworks has also signed a strategic collaboration agreement with AWS to develop GenAI-powered solutions for clients across various verticals, including banking and financial services, focusing on core banking and legacy payment modernization.

• Amazon Q Developer: Amazon Q Developer is a GenAI-powered assistant designed to accelerate the modernization of enterprise applications, particularly Java applications. It can analyze legacy code, map dependencies, and execute migration and modernization workflows, simplifying the upgrade process and reducing manual effort for Java 8, 11, and 17 applications to Java 17 or 21. This tool helps simplify dependency management, reduce technical debt, and streamline maintenance.

• IBM watsonx Code Assistant: IBM offers watsonx Code Assistant for modernizing IBM i and mainframe applications. This generative AI solution leverages specialized models (like IBM Granite for RPG and COBOL) to help developers understand existing code, generate higher-quality code, and enhance productivity. It supports code explanation, unit test creation, documentation, and translation of COBOL to Java, with a reported capability to translate approximately 5,000 lines of code per resource unit.

• Google Cloud AI: Google Cloud offers products like the Mainframe Assessment Tool (MAT), powered by Gemini models, to assess and analyze mainframe estates. MAT provides in-depth code analysis, generates code explanations, summarizes application logic, creates automated documentation, identifies dependencies, and generates initial test cases. Google also collaborates with partners like Mechanical Orchard, which uses GenAI to rapidly rewrite mainframe applications into idiomatic modern languages (e.g., Java, Python) without changing the business logic, by capturing data flows and ensuring functional equivalence.

• RefactorX by mobileLIVE: This GenAI-powered Code Converter automates the transformation of legacy code into modern languages or updated versions, offering code translation, optimization, documentation generation, and AI-enabled unit testing. It reports significant benefits, including 59% increased agility, 57% reduced maintenance costs, and 70% better integration with other platforms, specifically addressing the needs of industries like banking.

• vFunction: vFunction's AI-driven platform accelerates the modernization of Java and.NET applications by identifying the root causes of technical debt, prioritizing modernization areas, and automating microservices extraction. It streamlines refactoring by identifying structural issues and generating LLM-ready tasks, and simplifies microservices extraction by generating RESTful APIs and managing framework upgrades.

6.2 Broader Industry Adoption and Future Outlook

The banking industry is increasingly recognizing GenAI as a strategic imperative for IT modernization. Surveys indicate that 75% of banks struggle to implement new payment solutions due to outdated infrastructure, and 59% see legacy systems as a significant business challenge. This pressure is driving widespread adoption, with 90% of banking leaders allocating budgets for GenAI projects in 2025.

GenAI is expected to transform banking by:

• Enhancing Customer Experience: Providing hyper-personalized services, AI-driven financial advice, and advanced chatbots that can leverage transaction histories for proactive service.

• Improving Operational Efficiency: Automating routine tasks, streamlining back-office operations, and reducing processing times for loans and payments.

• Strengthening Risk Management and Compliance: Enhancing fraud detection, assessing credit risk more accurately, and automating compliance monitoring and reporting.

• Accelerating Innovation: Enabling faster product development, creating new revenue channels, and fostering a culture of continuous innovation.

The global AI in finance market is projected to reach $190.33 billion by 2030, growing at a CAGR of 30.6%. This growth will be driven by the need to process large volumes of data, improve risk detection, and offer tailored services. The future of banking will increasingly feature composable banking, where modular services are integrated via APIs, and agentic AI, enabling systems to act independently and continuously improve through learning. The widespread adoption of digital technologies and AI is expected to make banking universally accessible, delivering inclusive, personalized, and proactive services by 2030.

Conclusions and Recommendations

The banking industry's reliance on legacy code presents an urgent and multifaceted challenge, encompassing architectural rigidity, escalating operational costs, fragmented data, a critical skills gap, and heightened security and compliance risks. These issues collectively impede innovation, erode competitiveness, and threaten the long-term viability of financial institutions in a rapidly evolving digital landscape. The imperative for modernization is clear, driven by evolving customer expectations, stringent regulatory demands, and the pervasive threat of cyberattacks.

Generative AI offers a powerful and transformative solution to optimize legacy code migration. Its capabilities in automated code understanding, translation, refactoring, documentation, and test generation can dramatically accelerate modernization timelines, reduce costs, improve code quality, enhance security, and bridge the critical skills gap. By automating traditionally manual and error-prone tasks, GenAI frees up human capital to focus on higher-value strategic initiatives, fostering a culture of innovation rather than maintenance.

However, the journey to GenAI-powered modernization is not without its complexities. Financial institutions must navigate significant risks related to data privacy, model hallucinations, regulatory uncertainty, integration complexities, and ethical biases. The probabilistic nature of GenAI outputs, coupled with the sensitive nature of financial data, necessitates a cautious and well-governed approach.

To successfully unleash the power of GenAI in optimizing legacy code migration, financial institutions are advised to implement the following strategic recommendations:

1. Adopt a Phased and Incremental Approach: Begin with small, non-critical pilot projects to build internal familiarity, validate GenAI tools, and refine processes in a controlled environment. This minimizes disruption and allows for iterative learning before scaling across mission-critical systems.

2. Establish Robust AI Governance and Oversight: Develop comprehensive governance frameworks that define clear ownership, accountability, and risk management protocols for GenAI systems. Implement mechanisms for continuous monitoring, auditing, and human-in-the-loop validation to mitigate risks such as data leakage, hallucinations, and bias.

3. Prioritize Explainable AI (XAI): Invest in XAI frameworks and tools to ensure transparency and interpretability of AI-driven decisions, particularly in regulated areas like lending and compliance. This is crucial for building trust with regulators and customers and for demonstrating adherence to ethical guidelines.

4. Invest in Data Modernization and API-Led Connectivity: Recognize that high-quality, accessible data is the fuel for GenAI. Prioritize centralizing fragmented data, cleansing and standardizing datasets, and building robust data pipelines. Leverage APIs and middleware solutions to create seamless integration layers between legacy systems and modern GenAI applications.

5. Foster Talent Development and Cultural Adaptation: Address the skills gap by investing in upskilling existing employees in AI literacy and modern development practices, and by attracting new talent with specialized GenAI expertise. Cultivate an organizational culture that embraces technological change, encourages experimentation, and understands the symbiotic relationship between human expertise and AI augmentation.

6. Collaborate with Expert Partners: Given the complexity and specialized nature of GenAI and legacy systems, consider partnering with technology consultancies and solution providers that offer proven GenAI-powered modernization platforms and deep industry expertise.

By strategically embracing GenAI, financial institutions can transform the daunting challenge of legacy code migration into a powerful catalyst for digital transformation, enabling greater agility, enhanced security, reduced costs, and sustained innovation in the competitive financial landscape of tomorrow.