noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3 Fill 1

Why banks must overhaul their card systems to meet rising compliance requirements

With regulatory demands increasing, Toms Jansons argues banks urgently need to upgrade aging, complex card systems to comply with impending legislation and meet the demands of the digital age.

Toms Jansons / October 16, 2023

Over the next couple of years, new legislation and compliance requirements will dramatically increase the compliance burden faced by banks. This will also have a major impact on the card management platforms used by banks, several of which are decades old and would require significant investments in maintenance to be allocated from a bank’s overall IT budget.

With the new PCI DSS v4.0 regulations taking full effect in 1Q 2025, issuers and especially acquirers will be forced to evaluate whether their existing systems can cope with these requirements and also whether they are PCI SSF (Software Security Framework) certified.

New requirements for all European banks to fully support SEPA instant payments by the end of 2024 will also have an impact on the ability of card management platforms to instantly process incoming payments on credit card accounts. Not much further ahead, the EU’s Digital Operations Resilience Act (DORA) is due for implementation in early 2025. This will have deep implications for how banks manage systemic risk – especially with their payment partners. Finally, the EU’s PSD3 is due for roll-out by 2027. It promises to further strengthen transaction authentication processes and tighten existing KYC requirements.

“90% of bank IT spend goes on legacy systems and compliance.” – McKinsey

Even as things stand, many bank systems are old and increasingly difficult to manage, placing a burden on banks through their complexity and expense. In their 2022 Global Banking Report, McKinsey & Co estimate[1] just ten cents in every dollar of bank spend on IT goes on product innovation or customer service, with the remaining 90% spent on legacy system upgrades and compliance.

With costs at such high levels, banks simply cannot afford to continue maintaining their old systems whilst hoping to compete with a growing range of digital-first, nimble challengers from neo-banks to tech giants and their payment solutions. Our latest research report reveals a majority of European banks believe their systems are no longer fit for purpose and cannot be adopted to modern requirements such as online marketplaces or embedded finance offerings.

As mentioned previously, new certification requirements will make it impossible for some older systems to operate, running the risk of incurring penalties or, in the worst case scenario, the revocation of licenses. At the same time as banks face these increasing burdens, both corporate and retail banking customers are looking for faster, safer and more innovative services. This places further pressure on IT budgets, product managers and compliance teams to deliver at a time when margins remain tight, and the “C” suite is looking for revenue increases across the board.

In the report, we explain how banks can prepare for the realities of a world focused on digital payments in which current levels of complexity will only increase. We set out the reasons why banks that fail to prepare end up making forced decisions to migrate to more modern systems and processes due to compliance requirements that place unmanageable burdens on existing, outdated systems. Finally, we provide options for how banks can transform their IT architectures to deliver modern, more capable solutions that are ready to meet the demands of both regulators and customers in the digital age. As an experienced migration partner we advise all banks to consider the following action-points:

  • Clearly define and agree objectives and their future vision for their card systems, goals, responsibilities and success measures, as well as the requirements of their business;
  • Achieve understanding and buy-in from senior management both inside business units and the technology function;
  • be flexible and willing to review and change their working procedures;
  • Work with their migration partner or supplier for success, backing up the availability of their resources with the right knowledge;
  • Set realistic implementation timetables in partnership with their vendor.

For more insights download “Options for Change”, the new study from Tietoevry Banking, for more on the migration imperative and making the right strategic choices when implementing new card systems.

[1] See “The Cost of Legacy Technologies for Banks” at: 
Toms Jansons
Lead Payments Offering Manager

Toms Jansons currently holds the position of lead strategic product manager and has over 15 years experience in card and payment product development.

Share on Facebook Tweet Share on LinkedIn