For years, banks in Southeast Asia have looked modern from the outside. The mobile app is polished. The onboarding journey is smoother. The customer sees a bank that appears to have transformed.
Behind the curtain, however, the core banking system often tells a different story. It is batch-oriented, heavily customised, expensive to change and understood by a shrinking pool of specialists. It is the old engine beneath a new dashboard. You can repaint the car, but if the engine cannot accelerate, the journey still disappoints.
That is why coverage of Boston Consulting Group’s June 2025 report on core banking system modernisation in Southeast Asia matters. BCG argues that modernisation is no longer optional for regional banks; it is a strategic, business and technical necessity. Fintech Singapore and Kapronasia echoed the central message: customer demand, digital competition, compliance pressure and resilience expectations are exposing legacy cores.
Frankly, this is overdue. For too long, core modernisation has been treated as the painful project everyone agrees is important but nobody wants to sponsor. The hard truth is that the cost of waiting is now becoming larger than the cost of change.
The front-end illusion
The first mistake is confusing digital channels with digital banking. A good mobile app can hide a weak core for a while, but not forever.
BCG notes that over the last decade, transformation spend across Southeast Asian banks has typically focused on front-end channels such as mobile banking, internet banking and CRM. Its survey found that 88% of respondents selected customer experience and journeys, while only 35% selected product manufacturing and operations.
That split explains the current tension. Banks improved what customers could see, while leaving many product and processing constraints buried underneath. The result is a widening gap between the promise made by the digital front end and the capability available in the core.
I once advised a regional bank with a beautiful loan application journey. The customer could apply in minutes. The problem came after approval. Drawdown, amendment and servicing still depended on manual steps because the product processor could not support the promised self-service journey. The app created expectation. The core created friction.
This is the front-end illusion. It buys time, not agility.
Why Southeast Asia feels the pressure first
Southeast Asia is an unforgiving market for legacy banking technology. The region combines young digital customers, fast-moving payment ecosystems, super-app competition, digital banks, fintech partnerships and rising regulatory expectations.
Customers now compare banks with ride-hailing platforms, e-commerce wallets and instant messaging, not with the branch queue of 15 years ago. They expect real-time status, personalised offers, fast fulfilment and fewer paper processes.
Digital challengers sharpen the comparison. Neobanks and fintechs do not always have the balance sheet or trust advantage of incumbents, but they are often built around cloud-native, API-first architectures. They can configure products faster, integrate with partners more easily and design journeys without dragging decades of process history behind them.
Regulation adds a third pressure point. Banks are expected to maintain resilience, recover services quickly, protect customer data and provide reliable digital access. A fragile core does not merely slow innovation; it becomes a supervisory and reputational risk.
The economics of the ageing core
Core banking systems are not obscure back-office assets. They support deposits, lending, product servicing, customer records, ledger entries, interfaces, operational reporting and regulatory extracts. BCG describes the core banking platform as the “central nervous system” of a bank. If the core misfires, the whole body feels it.
The economics are uncomfortable. BCG estimates that banks spend between 15% and 20% of total IT spend on upkeep and changes to core systems, which can be north of a hundred million dollars a year for a large tier-one bank. That is before counting the opportunity cost of slow product launches, duplicated workarounds and scarce specialist skills.
The region’s technology profile is equally sobering. BCG estimates the average age of core banking systems in Southeast Asian banks at 20 years or more. It also estimates that 90% to 95% of incumbent Southeast Asian banks run primarily mainframe-based, on-premises cores, with only 1% to 2% cloud-native.
Those numbers explain why “run the bank” keeps eating “change the bank”. The older and more customised the core becomes, the more effort goes into keeping it stable. Every regulatory change, product tweak or campaign becomes a negotiation with accumulated technical debt.
Why banks keep postponing the move
If the case is so clear, why have banks waited? Because core modernisation is genuinely difficult.
BCG points to a familiar set of fears: weak standalone technology ROI, time and cost overruns, write-offs and management exits after failed programmes. Its report cites examples including a European national bank programme initially budgeted at €500 million and 4.5 years that extended by more than two years with costs increasing fourfold, and a global bank writing off more than US$1.4 billion after a failed common-core programme across markets.
These examples haunt executives. Nobody wants to be remembered as the CIO who touched the core and broke the bank. The safest career move can appear to be incremental change: wrap the old system, customise another interface, defer the big decision.
I understand that instinct. In one transformation I reviewed, the core had been modified for so many local products, exceptions and reporting needs that simple change requests required archaeology. The system was less a platform than a museum of past decisions. Replacing it sounded reckless. Not replacing it was also reckless.
That is the leadership dilemma. Core modernisation is risky, but indefinite postponement is simply a decision to pay the technical debt tax every year.
Four paths, not one silver bullet
Boards often frame core modernisation as a binary choice: replace the core or leave it alone. That framing is too crude. In practice, banks have several paths.
The first is full core replacement. This is the cleanest and hardest route. It can reset product architecture, data flows, integration patterns and operating models. It also carries high execution risk, especially for large banks with complex estates.
The second is progressive modernisation by domain. A bank might move deposits, lending, cards or SME products in phases, reducing risk while building capability. This requires strong architecture discipline, because old and new cores must coexist without creating a spaghetti estate.
The third is the sidecar model. The bank launches new products or segments on a modern core while the legacy system continues to handle mature portfolios. This can be powerful for digital banks, embedded finance, SME offerings or new lending products. The danger is that the sidecar becomes another silo if migration and integration are not planned properly.
The fourth is API wrapping and selective remediation. This can expose core services to digital channels and partners while buying time for deeper change. It is useful, but not magic. Wrapping a slow, batch-oriented core does not make it real time. It only makes the constraint easier to consume.
Modernisation is not a software purchase. It is a sequencing strategy.
What modern really means
A modern core is not just a cloud label. It should change what the bank can do.
It should support product configurability so teams can launch and modify offerings without months of hard-coded change. It should expose secure APIs for internal channels and external partners. It should improve event logging, data access and operational visibility. It should scale for campaign-driven spikes, salary-day peaks and digital-wallet behaviour. It should support resilience patterns that reduce blast radius when something fails.
BCG gives a useful example from digital marketing: a cashback campaign during salary day or mealtimes could create a six- to eightfold volume increase. A modern architecture should handle dynamic peaks more efficiently than a system sized permanently for rare spikes.
This matters for P&L. Faster product launches mean faster revenue tests. Better data means sharper cross-sell and risk signals. Stronger resilience reduces outage cost. Cleaner integration lowers partner friction. The business case is not “new core equals lower IT cost”. It is “new core equals digital speed without breaking control”.
The compliance and resilience angle
Executives sometimes sell core modernisation as innovation. In Southeast Asia, resilience may be stronger.
Digital banking has turned availability into a trust issue. Customers do not care whether the outage sits in the mobile app, middleware, payment gateway or core. They simply see a bank that cannot be accessed. Regulators increasingly see the same incident through the lens of operational resilience.
BCG notes that customer access through mobile or internet banking can require more than 50 applications, with the core being integral. The core cannot be treated as a separate back-office concern. It is part of the digital service chain.
This is where old architecture hurts. Different recovery mechanisms, active-passive setups, batch dependencies, brittle interfaces and limited observability make recovery harder. When the bank cannot see the end-to-end chain, it cannot confidently explain impact, recovery time or customer remediation.
For boards, that should be a red flag. The question is no longer whether the core can process transactions overnight. The question is whether it can support a resilient, always-on digital bank.
A practical boardroom roadmap
The right starting point is brutal transparency. Banks should map the true cost and risk of the current core: annual spend, change lead time, incident history, manual workarounds, regulatory pain points, skills dependency, product constraints and data-access gaps.
Next, segment the portfolio. Not every product needs the same modernisation route. High-growth digital products, SME banking, embedded finance and real-time lending may justify a modern sidecar or phased migration. Stable legacy books may need containment before eventual retirement.
Third, create an architecture decision framework. Decide where the bank will use APIs, where it will migrate product processors, where it will retire customisation, and where coexistence is acceptable. Without this, every programme creates another exception.
Finally, govern modernisation as a business transformation, not an IT upgrade. Product, risk, operations, finance, compliance and technology must own the roadmap together. If the core team is left alone, the bank will reproduce old processes on new software.
The moment has arrived
Core banking modernisation is uncomfortable because it touches the bank’s deepest machinery. It exposes old decisions, old products, old operating models and old fears. That is precisely why it matters.
Southeast Asian banks have reached the point where customer expectations, digital competition, regulatory resilience and cost pressure are converging. The institutions that keep polishing the front end while avoiding the core will look modern until the next product launch, outage or compliance demand reveals the truth.
The winners will not be the banks that attempt reckless big-bang replacement for its own sake. They will be the banks that treat the core as strategic infrastructure, choose a realistic migration path, and finally align the engine with the promise shown on the screen.