Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology7 min read

How banks can build a risk-intelligent approach to core modernization | TechRadar

Banks need to build a risk-intelligent approach to adopting AI Discover insights about how banks can build a risk-intelligent approach to core modernization | t

TechnologyInnovationBest PracticesGuideTutorial
How banks can build a risk-intelligent approach to core modernization | TechRadar
Listen to Article
0:00
0:00
0:00

How banks can build a risk-intelligent approach to core modernization | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

How banks can build a risk-intelligent approach to core modernization

Banks need to build a risk-intelligent approach to adopting AI

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Banks aren’t short on AI ambition. Across the industry, there are almost weekly announcements about new deployments, new partnerships, and new capabilities.

But amidst the lofty pronouncements, not enough attention is given to building the underlying architecture that makes any of it sustainable.

The UK Treasury Committee has already warned that the financial system is not adequately prepared for a major AI-related incident, and from where I sit, that warning is aimed squarely at how modernization programs are being run.

This is a governance problem which stems from unmade decisions; most banks have yet to make the strategic, organisation-wide commitment that should determine what gets built, before anyone starts building.

There is a real opportunity to be grasped by inviting the risk team to be part of design before you begin delivery.

AI is reaching finance’s core systems: Here’s what it takes to run it there

AI-driven cyber discovery signals a new era of systemic risk for banks

Risk teams are being invited to the table too late

In traditional program structures, risk and compliance are brought in to validate decisions already made. Platforms are selected, designs agreed and timelines set, and the role of the risk function has typically been to check these things, rather than shape them. That model was never ideal, but now, in the AI-era modernization push, is structurally backwards at best and dangerous at worst.

A genuinely AI-ready bank requires continuous data lineage, runtime-embedded controls and a real-time, cloud-native core. None of these can be retrofitted cheaply once architecture decisions have already been made. By the time a compliance team discovers that a new platform can't meet AI governance or data traceability requirements, the cost of fixing it is prohibitive

If the risk function is part of the design process from the outset, banks can build a risk-conscious architecture rather than a risk-adjacent one. The difference in outcome is substantial, and increasingly, the difference between an institution that can operate confidently with AI and one that can't.

The story of legacy architecture's constraints on innovation is well told, but it also creates blind spots that risk professionals can't see, let alone manage.

Batch-processing cores are the clearest example of this. When a core updates positions overnight rather than in real time, AML and fraud systems are operating on stale data. Suspicious activity that occurs between batch runs is invisible until the next cycle, a direct operational liability as the volume and speed of financial crime increases.

The AI governance gap: why AI is moving faster than the rules meant to control it

To adopt or to adapt? Why Saa S is easing banking's customization burden

Fragmented data pipelines create a related problem. Continuous lineage (the ability to trace every decision to its data source) is a prerequisite for AI governance. On architectures where data moves through multiple disconnected systems before reaching an analytics layer, that lineage is structurally impossible to maintain without a modern, cloud-native architecture.

Finally, third-party AI deployment adds an additional layer of exposure. When models are embedded in platforms a bank doesn't have full control over, it leaves compliance teams operating with limited visibility into how decisions are being made.

Under the EU AI Act, which requires traceability and explainability for high-risk AI systems which may credit decisioning and fraud detection, that becomes a direct regulatory risk, and that's just one of a raft of emerging AI regime banks must navigate.

Banks now have to contend with an increase in state-based cyberattacks on financial supply chains, a trend accelerated by geopolitical instability, with agentic AI substantially increasing the speed and scale of those attacks.

Under regimes such as DORA, which introduce near real-time cyber incident reporting, means institutions need detection and response infrastructure that operates on live data, capable of identifying and escalating incidents as they happen rather than after the fact. Batch architectures don't meet this standard, and the window to remediate is narrowing.

The EU AI Act raises the bar further on traceability and explainability, particularly for credit decisioning and fraud detection, both areas where AI adoption is moving fastest.

Banks not designing against these requirements are accumulating risk, not avoiding it. The regulatory deadlines are known. The technical requirements are understood. The question is whether the architecture being selected today is capable of meeting the obligations that will be enforced tomorrow.

I have sat in enough program steering committees to know that the moment risk professionals are brought into a modernization program shapes everything that follows.

When we arrive after the architecture is set, we are negotiating against decisions that are already expensive to reverse. When we are in the room from the start, we can design the non-negotiables in rather than bolt them on.

The practical starting point is three questions that every bank should answer before any platform decision is made:

What risk posture must we preserve throughout migration? The answer defines the non-negotiables for any new architecture: data integrity, audit continuity, access controls, and the governance structures that cannot lapse during transition.

What are we engineering against on a ten-year horizon? Regulatory requirements in 2036 will look different from those in 2026. The architecture being selected today needs to be capable of meeting obligations that do not yet fully exist, which means flexibility and real-time data capability are not optional extras. Some of the newer, digitally-native fintechs have demonstrated that building with this horizon in mind from the outset produces materially different, and more resilient, architecture than retrofitting compliance onto an existing estate.

What governance must change so we don't embed legacy risk into a modern platform? New infrastructure running old processes is window-dressing. If you modernize technology without modernizing governance, you recreate the same control failures in a different environment.

Modernization is not risk-free. But the risk of standing still now exceeds the risk of moving carefully, and the cost of getting the architecture wrong compounds with every year it goes unfixed.

Store you business data in the cloud with the best business cloud storage services.

This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

You must confirm your public display name before commenting

19 ways contractors can streamline processes in 2026

2 China’s Lineshine ‘came out of nowhere’ to grab title of most powerful computer in the known universe

3 This Prime Day might be your last chance to buy this full-frame Canon camera — and it’s heavily discounted

4 Apple just delivered the worst kind of news: price hikes across many of its major products (even the Neo) — and yes, RAM prices are to blame

5 Forget Prime Day — one of the best coffee makers I've ever tested is half price right now, and anyone can grab it

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

  • News, deals, reviews, guides and more on the newest computing gadgets
  • Start exploring exclusive deals, expert advice and more
  • Unlock and manage exclusive Techradar member rewards
  • Unlock instant access to exclusive member features
  • Get full access to premium articles, exclusive features and a growing list of member rewards

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.

Start saving with Runable todayContact us for any pricing questions