Why Your Legacy Lending System Is Costing You More Than You Think

The true price of technical debt in financial services extends far beyond licensing renewals — and the clock is running against every institution that delays.

Introduction

Ask a board-level executive to quantify the cost of their existing loan origination system and you will most likely receive a number that reflects licensing fees, infrastructure contracts, and annual maintenance - and it’ll be wrong. It won’t be wrong through any deliberate understatement, but because the most damaging costs of legacy systems are systematically invisible to the ledger.

At ezbob, we observe the same pattern repeatedly: institutions treat their core lending platform as a fixed overhead rather than a dynamic constraint on commercial performance. That framing is expensive. In a market where challenger banks can onboard an SME borrower in under four minutes and established high-street lenders still take four to six weeks, the gap is no longer theoretical — it is measurable in lost revenue and deteriorating competitive position.

Explore how ezbob approaches this problem with a modern alternative: Replacing Legacy Lending Systems.

The Real Cost of Legacy Systems in Banking

Technical debt in lending technology manifests across four distinct cost categories, only one of which typically appears on a technology budget line. The distinction matters because institutions that evaluate their legacy loan origination system solely on its visible invoice are systematically blind to the majority of their expenditure.

Research by leading advisory firms reinforces the scale of this misperception. Financial institutions consistently underestimate the true total cost of ownership of their legacy systems by 70–80%, with the average bank discovering that its actual IT costs are 3–4 times higher than initially budgeted when all factors are considered. One mid-sized European bank that believed its core system cost €2 million per year found through a comprehensive audit that the true figure — once inefficiencies, compliance overhead, and innovation barriers were included — was €6.8 million.

The four cost categories break down as follows:

1. Direct Operational Costs — the visible 20 per cent — include licensing, hardware, contracted support, and the maintenance burden of systems built on COBOL, Mainframe, or first-generation Java. Large incumbent lenders allocate between 60 and 75 per cent of their technology budgets to maintaining existing infrastructure, leaving fewer than a third of resources for competitive innovation (UK Finance, 2023).
2. Opportunity Costs are the revenue never earned. A manual underwriting process that requires 48 hours to produce a decision on an SME loan application loses business to platforms that automate decisioning in seconds. The FCA's research into UK fintech identified response time as the primary driver of switching behaviour in SME lending — ahead of pricing. AI-enabled collections and servicing platforms are now reporting recovery rate improvements of up to 25 per cent, a gap that widens with every quarter legacy institutions delay modernisation.
3. Compliance Costs are accelerating and cannot be engineered around. The regulatory agenda under FCA Consumer Duty, EBA revised credit risk guidelines, and PRA model risk management principles (SS1/23) all require audit trails, explainable decisioning, and data lineage capabilities that many legacy systems simply cannot provide without costly middleware. Research indicates the average bank spends 4.7 times more on compliance adaptation for legacy systems versus modern alternatives.
4. People Costs are the most underestimated. The average age of a COBOL programmer in the United Kingdom is now over 55. Recruitment premium for mainframe skills has risen by 34 per cent since 2020 (IT Jobs Watch, 2024). Beyond specialist scarcity, there is a mounting talent drain: data scientists and ML engineers actively avoid institutions where legacy systems cannot ingest modern data formats or integrate with contemporary ML tooling. Staff morale and engagement are also affected — employees fighting archaic interfaces spend time navigating workarounds rather than delivering value.

Why Legacy Systems in Banking Are So Hard to Replace

If the cost of maintaining legacy systems is so high, why do institutions persist? The answer lies in a combination of genuine technical complexity, organisational inertia, and the perverse economics of risk-aversion.

• Integration Debt is one of the most significant barriers. Legacy loan origination systems in banking have typically accumulated decades of custom integrations — to credit bureaux, internal risk models, payment rails, document management platforms, and regulatory reporting systems. These integrations were built on flat-file batch processes and point-to-point connections, not APIs. Replacing the core system means either migrating all of these integrations simultaneously or maintaining a parallel bridge layer during transition — both expensive propositions.
• Skills Scarcity creates a compounding problem. As the pool of COBOL and mainframe specialists contracts, institutions become more dependent on those who remain — often expensive contractors. The same scarcity that raises maintenance costs also increases the cost and risk of any change programme, because fewer people understand the system well enough to safely modify it.
• Institutional Risk Aversion is understandable but ultimately counterproductive. The memory of failed large-scale core banking migrations — often cited are projects that ran years over schedule and hundreds of millions over budget — creates a cultural bias toward inaction. But this framing ignores two important shifts: the maturity of modern SaaS lending platforms with proven migration methodologies, and the growing cost of the status quo as regulatory requirements become more demanding.
• The 'Good Enough' Fallacy persists as long as visible metrics look acceptable. Processing volumes continue. Loans are approved. But the system that processes £500m of lending today may be structurally incapable of meeting the explainability, audit trail, and model governance requirements that regulators will enforce from 2026 onwards. 'It works' is no longer a sufficient defence.

For context on how modern platforms compare architecturally, see ezbob's analysis: Core Banking Systems vs Core Lending Platforms.

The Hidden Risks Beyond Maintenance Costs

The cost of maintaining legacy systems is only one dimension of exposure. Three concurrent regulatory programmes are placing infrastructure demands on lenders that legacy systems are fundamentally ill-equipped to meet — and the consequences of non-compliance are materially different from any previous cycle.

Consumer Duty (FCA, effective July 2023)

Consumer Duty requires firms to demonstrate, not merely assert, good outcomes for customers. That means capturing and retaining granular decision data, monitoring outcomes at cohort level, and producing board-level evidence of fair pricing. A monolithic origination system with a flat data model cannot provide this without significant, expensive customisation — and customisation of legacy systems carries its own compounding maintenance costs.

PRA SS1/23 on Model Risk Management

The PRA's model risk management principles mandate documented model governance, independent validation, and clear performance monitoring for all models used in credit decisions. Legacy decisioning engines — often black boxes with no documented logic and no version control — fail this requirement categorically. The cost of retrofitting governance frameworks onto undocumented systems is often higher than the cost of replacing them.

EU AI Act (Annex III — effective August 2026)

The EU AI Act classifies AI systems used in credit scoring and lending decisions as high-risk under Annex III. Institutions using AI-driven credit models within the EU must demonstrate conformity assessments, human oversight mechanisms, and comprehensive technical documentation. This is not a future consideration — August 2026 is within most institutions' current planning horizon. Legacy systems that lack explainable decisioning, model documentation, and audit trails are structurally non-compliant.

Beyond regulatory exposure, the competitive gap is structural rather than cyclical. McKinsey's Global Banking Report identified that the top quartile of banking technology performers achieved return on equity 4.7 percentage points above the sector median — a gap almost entirely attributable to operating leverage from modern technology stacks. That gap will widen, not narrow, as AI-native origination and servicing platforms mature.

Legacy System Modernization: What the Transition Looks Like

The decision to defer modernisation is not a decision to save money — it is a decision to incur costs less visibly. A practical framework for quantifying this is to model three categories of loss over a five-year horizon: foregone revenue from slower decisioning; escalating compliance adaptation cost; and increasing people costs from specialist skill scarcity.

For institutions with lending portfolios of £250m and above, the crossover point — where cumulative modernisation investment becomes cheaper than the accumulated cost of staying put — typically falls within 18 to 36 months. Below that threshold, the modern SaaS LOS partnership model delivers payback within 12 months in the majority of documented cases. Separately, phased migration to a modern platform has been shown to reduce total cost of ownership by 38–52 per cent while enabling 60 per cent faster time-to-market for new lending products.

Legacy system modernization is not a single event. The most effective programmes share several characteristics: a clear separation between core replacement and integration migration; executive sponsorship with a commercially framed business case rather than a technology project framing; phased delivery that keeps production systems live throughout; and a vendor relationship that includes data migration support, policy engine configuration, and regulatory documentation as part of the engagement.

ezbob's cloud-native platform supports automated loan processing from application through to fund disbursement, with over 40 third-party integrations covering open banking, credit bureaux, KYC/KYB/AML, and HMRC data sources — substantially reducing the integration rebuild burden that has historically delayed modernisation programmes.

Build a Legacy System Migration Strategy That Works

A successful legacy system migration strategy begins with honest cost accounting. Institutions that have conducted comprehensive TCO audits consistently report that their first surprise is the scale of indirect and compliance costs that had never appeared on a technology budget. Without that baseline, any business case for modernisation will understate the return.

Three broad remediation paths exist, each with a different risk and timeline profile:

Whatever path is chosen, several principles consistently differentiate successful programmes from failed ones:

• Start with Data. Map your current data model before committing to a target architecture. Institutions that underestimate data migration complexity are the most common source of programme overruns.
• Decouple the Policy Engine. The credit policy — eligibility rules, pricing logic, risk appetite — should be separated from the core platform as early as possible. This alone creates significant flexibility in subsequent phases.
• Treat Compliance as a Design Constraint, not an Afterthought. The most cost-effective approach to Consumer Duty, SS1/23, and EU AI Act compliance is to select a platform that provides these capabilities natively, rather than building middleware over a non-compliant core.
• Define 'Done' Commercially, not Technically. Migration milestones should be expressed in terms of product capability and revenue potential, not system components. This maintains board-level sponsorship and prevents the project from being de-prioritised when short-term pressures arise.

What is not a viable option — given FCA Consumer Duty, PRA SS1/23, and the EU AI Act on the immediate horizon — is sustained inaction. The regulatory frameworks that are arriving do not accommodate systems that cannot produce an audit trail, explain a decision, or demonstrate model governance. The cost of legacy is no longer merely commercial. It is becoming a compliance liability.

Frequently Asked Questions

Sources and Further Reading

1. FCA (2023). Consumer Duty: Final Rules and Guidance (PS22/9). Financial Conduct Authority. www.fca.org.uk/firms/consumer-duty
2. PRA (2023). Model Risk Management Principles for Banks (SS1/23). Prudential Regulation Authority. www.bankofengland.co.uk
3. EBA (2023). Guidelines on Loan Origination and Monitoring. European Banking Authority. www.eba.europa.eu
4. European Parliament (2024). EU Artificial Intelligence Act (Regulation 2024/1689). artificialintelligenceact.eu
5. UK Finance (2023). Technology in UK Financial Services: Annual Survey.
6. McKinsey & Company (2023). Global Banking Annual Review 2023. www.mckinsey.com
7. Deloitte (2024). Banking Survey: Legacy System TCO Analysis.
8. IT Jobs Watch (2024). UK COBOL/Mainframe Skills Market Report.
9. ezbob Ltd (2024). Lending Technology Platform Overview. ezbob.com