How a Decade-Long Core Banking Overhaul Got De-Risked by One QA Strategy
How a Decade-Long Core Banking Overhaul Got De-Risked by One QA Strategy
AI-generated summary, reviewed by editors
Core banking transformations are not technology projects. They are open-heart surgeries performed on a living, breathing financial institution. Systems cannot stop. Customers cannot wait. Regulators do not forgive. And yet, banks must modernize or risk becoming obsolete.
Over the past decade, Manu Subhashchandrabose had a front-row seat, and often a steering role, in one of the most ambitious core banking transformations ever attempted in U.S. regional banking. The program covered six affiliate banks under a top-tier US regional bank, more than 70 integrated systems, millions of customer records, and a modernization budget of over $200 million. It touched every corner of the banking ecosystem: deposits, lending, teller operations, ATM networks, anti-money-laundering rules, statements, data pipelines, and cloud migration.
The surprising truth, Manu argues, is that the single biggest factor that de-risked the entire program was not the core platform, not the cloud strategy, and not the vendor ecosystem. It was the Quality Engineering strategy.
Not "testing." Not "bug finding." A holistic, architectural, domain-driven QA approach that became the backbone of the transformation.
The Scale Problem Banks Underestimate
Most banks treat their core platform replacement as the project. Manu, who progressed from Senior Engineer to Senior QA Manager to QA Architect and now Director of Quality Engineering across a career serving Fortune 500 banking clients, says that framing is the first failure point.
"A core platform is only about 20 percent of the transformation," he explains. "The remaining 80 percent is integrations, data migration, downstream systems, teller and ATM networks, statements and notices, AML and compliance, batch processing, and customer servicing. Most failures occur not in the core, but in the ecosystem around it."
That ecosystem is where his QA organization, scaled to as many as 55 engineers across 10 banking verticals at peak, spent most of its time. The program included a first-time implementation of a modern core platform across all six affiliate banks of one of North America's largest retail banking groups, with sequential conversions stretching across roughly a decade.
The measurable outcomes line up with the scale. Manu reports a 20 to 30 percent improvement in operational efficiency across the affected banking operations, a 40 to 60 percent reduction in production defects against industry baselines, and 100 percent reconciliation on the critical data migrations. Thousands of hours of manual effort were eliminated across statements processing, AML rules, teller systems, data migration, and ATM systems.
Data Migration as the True Risk Surface
If integrations are where transformations break, data migration is where they fail catastrophically.
"Banks underestimate the complexity of mapping legacy data, cleansing decades of inconsistencies, transforming formats, reconciling millions of records, and ensuring zero-loss migration," Subhashchandrabose says. "These are not test cases you write. They are validation systems you build."
His teams ran SQL-driven extract-transform-load validation, automated reconciliation across the conversion windows, and Oracle Cloud migration checks. The 100 percent reconciliation outcome on the critical migrations is the single statistic he is most willing to defend in front of a regulator. In a sector where a single mis-mapped account can become a federal disclosure event, that number is not a performance metric. It is a license-to-operate metric.
SOX Compliance, Engineered Rather Than Inspected
The most original piece of the program, by Manu's own account, was the way his organization handled Sarbanes-Oxley compliance.
In a program touching 70-plus systems, identifying every SOX control point manually is, in his words, "really complicated, with high chances of key SOX areas being missed." His team built an automation and pattern-recognition layer that continuously scanned incoming, outgoing, and financially critical transactions, tagged the SOX-relevant scenarios automatically, and then validated each tagged scenario against the underlying SOX requirements.
The model treats compliance the way most engineering teams treat security: not as a final audit gate, but as a property of the system that must be engineered in. The same philosophy carried through the program's handling of anti-money-laundering rule validation, payment card industry data security standard controls, the data privacy requirements of GDPR, and the comprehensive capital analysis and review framework. None of these regimes, Manu notes, can be tested at the end. They have to be embedded into requirements, data models, access controls, batch jobs, and API flows from day one.
QA as the Bank's End-to-End Risk Lens
What emerges from the decade is a definition of Quality Engineering that does not look like the one most banks have on their org chart.
"QA is the risk-control layer of banking," Manu says. "It is the only function in the bank that sees the entire institution end-to-end. The lending product owner sees lending. The teller systems owner sees teller. The compliance officer sees regulation. QA, done correctly, sees the chain."
That stance shaped the way the program was governed. Manu's group built modular QA architecture, reusable frameworks, governance models, metrics, KPIs, and reporting structures that were not specific to the original conversion. The same architecture has since served multiple banking programs at the parent holding company and across a major US affiliate banking network, and pieces of it have been adopted by the program's vendor ecosystem.
It is the kind of asset that does not show up cleanly on a project plan but becomes the institution's permanent vocabulary for talking about software risk. Several of the methodology's reusable components are referenced internally by compliance, SOX, security, and banking product managers as the certification approach for any new banking workload.
The Coordination Challenge No Slideware Captures
Subhashchandrabose is candid about what most failed transformations get wrong, and it is not the technology.
"Most banks underestimate the cultural shift, the operational disruption, the training needs, the governance required, and the cross-team alignment," he says. "A decade-long program does not survive on architecture diagrams. It survives on the way 10 teams of engineers, vendors, business owners, auditors, and regulators coordinate over thousands of decisions."
The QA function, in his model, becomes the coordination layer. It is where business intent gets translated into testable conditions, where vendor commitments get verified, where audit-readiness is maintained between audits, and where the bank's own product teams can see, in evidence, that the new platform behaves like the old one for every customer in every legal jurisdiction the bank operates in.
What Comes Next
Asked where the field is heading, Manu points to agentic AI in banking operations. Predictive scheduling, autonomous testing, and self-healing systems, he says, will define the next decade of core banking work. He has begun applying agentic AI test frameworks in adjacent enterprise programs and expects the same architectural discipline that carried the core banking program to carry the AI-augmented next wave.
The lesson he wants other transformation leaders to take from the decade is shorter than the program itself.
"The single biggest factor that de-risks a multi-year core banking program is not the platform you choose, the cloud you migrate to, or the vendor you trust," Manu says. "It is whether you treat Quality Engineering as the backbone of the program, or as the team that finds bugs at the end. The banks that get this right modernize. The banks that get this wrong spend a decade learning why their project plan was wrong."
For an industry preparing for the next wave of core platform replacements, that may be the most useful sentence anyone has written about a decade-long transformation.
Click it and Unblock the Notifications
Sign in with Google