Banks have always been technology pioneers, yet many are now prisoners of their own legacy. Despite spending more on IT than any other major industry and funneling over $2.8 trillion into digital transformation since 2011, too many retail banks still can’t deliver the seamless digital experiences customers expect.

The loyalty crisis: Spending more, delivering less

My company, Baringa, recently surveyed 4,000 customers and 400 banking executives across the UK and US, revealing a widening disconnect between customer expectations and what banks can deliver.

More than one in three customers (35%) have switched banks in the past five years, most in search of better digital experiences, not better rates. And 68% of banking executives admit that their existing technology architecture actively hinders their ability to meet customer needs.

Mobile is now the dominant channel, with 45% of customers using it as their primary means of banking. Yet, it’s also the most requested area for improvement, with 44% wanting a better mobile experience. Customers want personalized, intuitive and secure interactions but instead, they encounter friction.

The result? Diminishing loyalty in an age when switching bank accounts is as simple as a few taps on a screen.

Legacy technology: The hidden barrier to progress

The problem isn’t a lack of investment. Yes, the cost is high, but effective treatment strategies are available to manage this condition. It’s the age and complexity of the systems beneath the surface that is the true problem. Our survey found that 63% of banks still rely on code written before the year 2000, while 67% say their entire technology stack would fail if the oldest systems stopped working. Even more worryingly, 77% report that only “one or two people” in their organization still have the skills to maintain this code and most are nearing retirement.

In other words, critical national infrastructure in banking runs on software designed before the internet age. This outdated technology creates three compounding problems:

• Operational fragility. Legacy code and unsupported platforms make outages and compliance failures more likely. One executive described systems still reliant on 8-inch floppy drives for critical updates, a vivid metaphor for how far behind the curve some institutions remain.
• Run-cost burden. According to Gartner, over 75% of IT budgets in many financial institutions are consumed by maintaining these old systems, starving innovation budgets and slowing transformation.
• Inhibited agility. Modernization programs overrun as banks struggle to deal with legacy architecture and data complexities. Indeed, 94% of large banking transformations exceed planned timelines, leaving customer improvements delayed and diluted.

The result is a vicious cycle. Every dollar spent patching and upgrading outdated systems is a dollar diverted from the modernization that could restore customer loyalty.

Breaking the cycle: A new technology blueprint

There is a path forward, but it demands decisive action. From our work across global banking and markets, we consistently see these issues and we believe these can be addressed over the long term with the following three strategies.

Refocus: Lead with purpose, not platforms

Banks need to start with truly understanding why (customer needs) and how their customers want to interact (experience) with their services, then define how they are going to differentiate. Technology alone will not win back loyalty. Sometimes, the greatest return comes from improving service, trust or personalization rather than layering on more tech.

Research from Forrester shows that banks leading in personalized digital experiences achieve up to 25% higher retention and a 20% uplift in cross-sell success. Conversely, institutions that rush infrastructure spend without redefining customer value risk building faster versions of the same old experience.

Replace or renovate: Build the modern digital spine

For many banks, the technological foundations are simply too old to adapt. If two-thirds of institutions say their operations would cease if legacy systems failed, the cost of inaction now exceeds the cost of replacement.

The answer lies in defining a technology strategy around a digital spine. A modular architecture that allows agility, integration and personalization at scale and is centered around three design principles:

• Build the core technology and data spine internally to retain strategic differentiation and control.
• Buy external solutions for commodity or repeatable processes that don’t define the customer experience.
• Integrate third-party and marketplace services for specialized or fast-evolving capabilities, enabling banks to scale quickly without adding new legacy dependencies.

This build-buy-integrate approach allows banks to modernize strategically and maintain control where it matters, while reducing cost and delivery risk elsewhere.

It’s also how challenger banks are winning. Monzo, for instance, built its business on this philosophy, focusing on customer differentiation through a lightweight, API-driven core. As its ex-CEO, TS Anil, recently noted, Monzo has become “a scaling, profitable digital bank with a world-class user experience that customers don’t just like, but love.”

The culture shift: Continuous transformation

Finally, transformation can no longer be treated as a one-off program. Modernization must become a continuous capability, not a project with an end date. For banks to break free of legacy constraints, the following considerations are essential:

• Transformation never ends. Change on this scale will be a multiyear, multidimensional journey. Change leaders should aim to secure a consistent stream of investment that allows the organization to build enduring capabilities. Every technology and data initiative should align with long-term strategic goals, creating compounding value across the organization.
• Full organizational shift. Transformation is everyone’s responsibility. While technology drives change, this transformation can’t be owned by IT alone. From boardroom to back office, everyone needs to be committed to making change happen. When transformation becomes embedded in organizational DNA rather than delegated to technical teams, banks can sustain the pace of change their customers demand.

The bottom line

Banks stand at a crossroads. 68% of executives acknowledge that legacy technology is holding them back. Every quarter spent maintaining outdated systems compounds risk, cost and customer attrition.

But those that act now and redefine their customer proposition, rebuild their digital spine and embed continuous change, will turn technology from a constraint into a competitive edge.

The future belongs to banks that leave legacy behind and build loyalty by design.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

Compliance is no longer the brake on digital transformation. It is the steering system that determines how fast and how far innovation can go. In sectors such as healthcare, insurance, manufacturing, and banking, regulation defines how fast and how far innovation can progress. When compliance becomes an architectural principle rather than a procedural constraint, it transforms from a cost center to a competitive edge.

But in the past decade, leading enterprise transformation across these industries, I’ve learned that compliance isn’t the enemy of innovation. It’s the foundation of digital confidence. When handled strategically, compliance can evolve from a passive checklist into an active driver of resilience, trust and growth.

The enterprises that thrive in today’s regulated world share a common trait: they design their technology, data and culture to make compliance an enabler, not a barrier.

The compliance paradox

Across regulated industries, the paradox is striking. Regulations grow more complex each year, yet the demand for agility and innovation grows just as fast.

• In healthcare, HIPAA, FDA and CMS guidelines shape how patient data flows and how AI models can be used in clinical or administrative decisions.
• In insurance, frameworks such as NAIC, SOC 2 and emerging state-level data protection acts determine how claims, underwriting and member engagement systems are designed.
• In manufacturing, ISO standards and environmental disclosures require traceability across the entire production lifecycle.
• And in banking, AML, KYC, Basel III and now AI-model-risk rules require transparency at every level of algorithmic decision-making.

Each industry has its own acronym soup of regulation, but the underlying challenge is the same: enterprises must prove what they know, how they know it and how responsibly they use it. For CIOs, this means leading ecosystems that are innovative, interoperable and fully auditable simultaneously.

From burden to differentiator

In one large healthcare transformation I led, the audit process for claims and provider data reconciliation took more than a month and consumed hundreds of manual hours. By embedding audit trails directly into workflow engines and metadata layers, we reduced preparation time by 70% and achieved complete transparency for regulators and internal reviewers.

This experience reinforced a key lesson: compliance should be built into the architecture, not appended after deployment.

I’ve seen similar results in other sectors.

• In insurance, predictive underwriting models were facing long delays due to regulatory explainability reviews. We built an AI governance layer that automatically tracked model lineage, dataset evolution and decision thresholds. The review cycle was shortened from six weeks to two and the same system later became the benchmark for model transparency across the enterprise.
• In manufacturing, a digital twin initiative used IoT data to monitor production quality. Initially designed for efficiency, it later became the foundation for audit-ready traceability; every material change, machine calibration and test record became part of a verifiable digital thread.
• And in banking, I’ve seen model-risk governance evolve from compliance paperwork into real-time dashboards. These systems can generate “trust reports” visualizing every variable used by credit or fraud models and making them defensible before regulators even ask.

These examples prove a point: compliance, when operationalized, becomes a differentiator. It transforms oversight into foresight.

Why the mindset must shift

Technology rarely fails because of a lack of innovation. It fails when organizations lack the governance maturity to scale innovation responsibly.

Too often, compliance is viewed as a bottleneck. It’s a scalability accelerator when embedded early.

According to Gartner, organizations with mature data-governance practices are three times more likely to achieve measurable business outcomes from AI programs. McKinsey’s analysis shows that AI deployments in regulated sectors with built-in compliance design achieve 20–30% faster adoption and reduce audit findings by half.

The shift begins when leaders see compliance not as external policing but as internal assurance. A well-designed governance framework turns regulation into predictability. Predictability, in turn, builds trust, and trust is what enables adoption at scale.

In one cross-industry transformation roundtable I facilitated, a manufacturing CIO said something that stayed with me: “Compliance doesn’t slow us down. It prevents us from having to stop.” That insight captures the new reality. In regulated industries, digital maturity is measured not by how quickly you deploy AI, but by how confidently you can defend and explain it.

Governance as a growth engine

When governance and compliance converge, they unlock a feedback loop of trust. Consider a payer-provider network that unified its claims, care and compliance data into a single “truth layer.” Not only did this integration reduce audit exceptions by 45%, but it also improved member-satisfaction scores because interactions became transparent and consistent.

• In manufacturing, integrated governance platforms now allow plant managers to monitor non-conformance trends and compliance risks in real time. Instead of waiting for a quarterly audit, teams can act within hours, preventing both downtime and regulatory penalties.
• In banking, machine-learning models for AML detection can now explain why a transaction was flagged, not just that it was. This explainability builds regulator confidence, which in turn accelerates approval for new AI-based risk tools.

The pattern is consistent: when compliance data feeds into operational decision-making, it creates a growth multiplier. Transparency isn’t just a legal requirement; it’s a market advantage. When governance and compliance share data pipelines instead of separate dashboards, they move from passive monitoring to active performance management, transforming risk control into business acceleration.

The CIO’s leadership imperative

No transformation from compliance to confidence happens without leadership alignment. The CIO sits at the intersection of technology, policy and culture and therefore carries the greatest influence over whether compliance is reactive or proactive.

Here are four imperatives every CIO in a regulated enterprise should champion:

1. Treat governance as architecture, not administration

Governance is not documentation. Its design. CIOs must ensure that auditability, traceability and explainability are engineered into systems from day one.

For example, instead of creating external audit logs, modern architectures can use blockchain-based or immutable metadata records to self-document every change. In my experience, systems built this way reduce compliance reporting time by 40–50% while improving internal confidence in data quality.

2. Unite data, risk and compliance under a single operating model

Many enterprises still treat compliance as a department instead of a discipline. The CIO must align data governance, risk management and IT controls into one cohesive framework.

Cross-functional governance councils that include compliance officers, business heads and data owners help make compliance a shared accountability not an afterthought.

3. Humanize compliance through transparency

Technology maturity alone is not enough. The workforce must trust the system. When employees understand how AI or analytics systems make decisions, they become more confident using them.

In one insurance contact center, we trained representatives on how the AI recommendation engine worked. Within two months, adoption rose 37% and call-resolution accuracy improved significantly. Transparency builds human alignment.

4. Champion ethical AI as the next compliance frontier

AI ethics is no longer philosophical; it’s operational. The CIO must ensure algorithms are tested for fairness, bias and explainability before deployment. Tools like Google’s What-If Tool and IBM’s AI Fairness 360 provide practical methods for continuous assurance.

As regulatory frameworks like the EU AI Act and US Algorithmic Accountability Act evolve, ethical compliance will define enterprise reputation. CIOs who prepare early will not just pass audits they’ll earn stakeholder trust.

Measuring Progress: CIOs should define success not only by audit completion rates but by trust readiness metrics, for example, governance-maturity scores, audit-cycle speed or AI-model explainability indexes. These indicators convert compliance from a legal requirement into a performance KPI, signaling to boards and regulators that trust is being operationalized.

Ultimately, the modern CIO’s role extends far beyond systems integration. It’s about trust integration connecting people, policy and platforms under a single banner of accountability.

From compliance to confidence

Confidence is not the absence of regulation; it’s mastery of it. A confident enterprise doesn’t fear audits because its systems are inherently explainable. It doesn’t delay innovation because its teams understand how to govern data responsibly. It doesn’t treat compliance as a paperwork exercise; it sees it as a performance framework. Consider what “confidence” looks like across industries:

• In healthcare, it’s the ability to trace every AI-supported clinical recommendation back to source data.
• In insurance, it’s the assurance that pricing or claim decisions can be justified algorithmically.
• In manufacturing, it’s having a digital thread that ties every product to its quality, safety and sustainability metrics.
• In banking, it’s demonstrating that customer risk models are explainable, unbiased and resilient under regulatory scrutiny.

Confidence grows when leadership builds systems that are transparent by design, not by request.

 This shift is gaining policy traction worldwide. The EU AI Act requires enterprises to maintain verifiable documentation on AI systems’ training data, bias tests and human oversight. Similarly, the proposed U.S. Algorithmic Accountability Act pushes organizations to conduct regular impact assessments. Together, these frameworks formalize what leading CIOs already practice: governance as a continuous, auditable process rather than a reactive audit cycle.

According to Deloitte’s 2025 outlook, 70% of CEOs in regulated industries now see “digital trust” as a direct growth lever. Companies that combine compliance automation with clear governance frameworks experience 20% higher stakeholder trust ratings and outperform peers on market reputation. In practical terms, moving from compliance to confidence means:

• Embedding trust checkpoints into product development life cycles.
• Establishing AI assurance frameworks that test every model for fairness, accuracy and auditability.
• Building explainable data architectures where every decision is traceable.
• Creating a culture of shared accountability between compliance, data and product teams.

The result is not just regulatory alignment, it’s operational resilience and reputational strength.

The future of regulated transformation

As AI reshapes every sector, regulation will continue to evolve faster than technology stacks. Enterprises that succeed will be those that internalize compliance as part of their DNA.

In healthcare, this means using AI responsibly to support clinical and administrative workflows. In insurance, it means linking predictive analytics to transparent customer journeys. In manufacturing, it means aligning IoT and sustainability reporting under one trusted data fabric. In banking, it means moving from algorithmic opacity to algorithmic accountability. The future will belong to organizations that govern as they innovate.

CIOs are at the epicenter of this shift. CIOs are now the custodians of digital trust, responsible not only for running systems but for ensuring that every line of code and every algorithm earns confidence from regulators, customers and employees. The real competitive edge in a regulated world isn’t speed or scale. It’s trust engineered through transparency and sustained by governance-driven leadership.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?