The Challenge
Our client, one of Europe’s largest retail banks with over 15 million customers, faced a critical inflection point. Their core banking platform — a 25-year-old COBOL-based monolith running on IBM mainframes — was becoming a competitive liability. New product launches required 12-16 weeks of development and testing cycles. Real-time payment capabilities mandated by PSD2 were impossible to deliver within the existing architecture. Annual mainframe licensing costs exceeded €12 million.
Previous modernization attempts had stalled due to the sheer complexity of the existing system: over 4 million lines of COBOL, 2,500+ batch jobs, and deep coupling between business logic and data access layers.
Our Approach
Phase 1: Architecture Assessment (6 weeks)
We began with our signature Architecture Assessment, deploying a team of four senior architects to conduct a comprehensive evaluation:
- System archaeology: Reverse-engineered the existing COBOL codebase to identify bounded contexts, data ownership patterns, and hidden dependencies
- Stakeholder interviews: Conducted 40+ interviews across business, technology, operations, and compliance teams
- Constraint mapping: Identified regulatory requirements (PSD2, DORA, GDPR), operational constraints, and organizational readiness factors
- Risk analysis: Catalogued 85 architectural risks ranked by business impact and mitigation complexity
The assessment revealed that a big-bang replacement was not viable. Instead, we recommended a strangler fig pattern — progressively extracting capabilities from the monolith into a new microservices platform while maintaining continuous operation.
Phase 2: Target Architecture Design (8 weeks)
We designed a cloud-native target architecture built on four architectural pillars:
Event-Driven Core: Apache Kafka as the central nervous system, enabling real-time event streaming between services and providing a complete audit trail for regulatory compliance.
Domain-Driven Microservices: 23 bounded contexts identified through event storming workshops, each owning its data and exposing well-defined APIs. Key domains included Account Management, Payment Processing, Product Catalog, Customer 360, and Regulatory Reporting.
Multi-Cloud Foundation: Primary deployment on AWS with disaster recovery on Azure, leveraging Kubernetes (EKS) for container orchestration and Terraform for infrastructure as code.
Zero Trust Security: Service mesh (Istio) for mTLS between services, OAuth 2.0/OIDC for API authentication, and policy-as-code for compliance enforcement.
Phase 3: Migration Execution (12 months)
We organized the migration into six waves, each building on the previous:
- Wave 1 — Foundation: Cloud landing zone, CI/CD pipelines, observability stack (Prometheus, Grafana, distributed tracing)
- Wave 2 — Customer 360: Customer data platform extracted from mainframe, enabling real-time customer insights
- Wave 3 — Payment Processing: PSD2-compliant payment engine with real-time settlement capabilities
- Wave 4 — Account Management: Core account lifecycle management with event sourcing
- Wave 5 — Product Catalog: Configurable product engine enabling self-service product creation by business users
- Wave 6 — Regulatory & Reporting: Automated regulatory reporting with real-time data pipelines
Throughout execution, our architects provided continuous oversight: weekly architecture reviews, ADR governance, and hands-on pairing with development teams.
Results
The transformation delivered measurable business outcomes:
- 85% reduction in transaction processing time: From 2.3 seconds average to 340 milliseconds
- Product launch cycle compressed from 12 weeks to 2 weeks: Business users can now configure and launch new products without code changes
- 99.99% system availability: Up from 99.5%, eliminating costly weekend maintenance windows
- 40% reduction in annual infrastructure costs: Cloud-native architecture eliminated mainframe licensing and reduced operational overhead
- Real-time regulatory reporting: Automated PSD2 and DORA compliance reporting, reducing compliance team workload by 60%
Key Architectural Decisions
| Decision | Rationale |
|---|---|
| Strangler fig over big-bang | Minimized risk and allowed continuous delivery of business value |
| Event sourcing for accounts | Provided complete audit trail and enabled temporal queries for regulatory compliance |
| Multi-cloud DR strategy | Met regulatory requirements for operational resilience (DORA) |
| API-first design | Enabled open banking integrations and third-party fintech partnerships |
Lessons Learned
The most critical success factor was not technology — it was organizational alignment. By involving business stakeholders in event storming workshops and making architectural trade-offs transparent through ADRs, we built the cross-functional trust necessary for a transformation of this scale.
The strangler fig pattern proved essential. Each wave delivered standalone business value, maintaining stakeholder confidence and funding approval throughout the 18-month program.