Open a trading dashboard at any large US bank in 2026 and the underlying compute is almost certainly running on someone else’s metal. According to McKinsey research published this year, public-cloud spending across the global financial services industry has moved from an experimental line item to a material share of every large bank’s technology budget, with institutions steadily retiring the mainframes that have run their core systems since the 1980s. The shift is no longer a side experiment for innovation labs; cloud computing in finance has become the operating model of mainstream banking, and the pace of migration is rewriting how risk, latency, and cost are measured inside every Tier 1 lender.
From mainframes to managed services
For most of the last forty years, bank IT was synonymous with on-premise infrastructure. Cobol-coded core banking platforms, owned by the bank, lived in private data centres and were upgraded once a decade at most. That model was secure, predictable, and slow. It also became expensive. Even before the cloud shift accelerated, the largest US banks were each spending tens of billions of dollars a year on technology, with a sizeable share going to keep legacy mainframe systems running. Cloud changed the spending pattern. Instead of capital expenditure on servers, banks now buy compute, storage, and database services as operating expense, scaling them up or down with demand. Capital One was the first major US bank to publicly close its last data centre, completing the migration in 2020. Goldman Sachs, BNY Mellon, and JPMorgan have since followed with multi-year programmes built around AWS, Microsoft Azure, and Google Cloud. The same trend is shaping digital transformation in finance across mid-tier institutions, where smaller IT budgets make on-premise stacks even harder to justify. According to a 2024 study by IBM, roughly eight in ten financial institutions are now operating in some form of hybrid or multi-cloud environment, and the share is climbing as more workloads come up for renewal. Bank of America has stated publicly that it now runs more than 90 percent of new internal applications on a private and public cloud combination, while Wells Fargo and Citi have announced phased shutdowns of their largest legacy data centres over the next four years. Even the most conservative Tier 1 institutions, which spent the early 2010s blocking cloud at the architecture-review stage, are now mandating cloud-first as the default for any greenfield system.
Where the cloud spend actually goes
Cloud budgets in banking break into four broad categories. Customer-facing applications, including mobile banking, account opening, and self-service portals, lead the way and absorb roughly 35 percent of cloud spend. Risk and analytics workloads, such as Monte Carlo simulations, anti-money-laundering screening, and credit scoring, take another 25 percent. Core banking modernisation, where banks migrate ledger and payments engines off the mainframe, has grown to about 20 percent. The remainder funds developer tooling, observability, and AI infrastructure. The geographic distribution is uneven. North American banks lead public-cloud penetration at around 45 percent of total IT spend, followed by Western Europe at 38 percent and Asia-Pacific at 30 percent, according to Synergy Research Group estimates published in late 2025. The gap reflects regulator comfort with cloud rather than a difference in technology readiness. US regulators issued cloud-specific guidance through the FFIEC in 2020, giving banks a clear framework that has accelerated American adoption. The same guidance underpins much of the modern payments systems and infrastructure that now sits on managed services from the major hyperscalers.
What pushed banks past the tipping point
Three forces broke the old reluctance. The first was the 2020 pandemic, which forced banks to spin up new digital channels in days rather than months. Cloud was the only way to absorb the demand. The second was the rise of fintech competitors that had been cloud-native from inception; they shipped product faster, and incumbents needed the same operating model to keep up. Stripe, Block, and a wave of neobanks proved the cost structure was viable at scale, and the cost gap widened each quarter. Analysts at Forrester estimated that cloud-native challengers were running their core technology at roughly one-third the unit cost of incumbents by 2023, a gap large enough to force boardroom attention even at banks with healthy net interest margins. The third force was the AI workload itself. Large language models and the agentic systems that depend on them require GPU clusters at a price point that no bank wants to own outright. Renting capacity through AWS Bedrock, Azure OpenAI Service, and Google Vertex AI is now the default. By the end of 2025, more than half of new banking AI projects were running entirely on managed cloud services. The pattern is similar to what played out with real-time payments, where the operational lift of running infrastructure in-house no longer matched the speed of customer expectations.
Compliance, residency, and the open questions
None of this has been frictionless. European banks have spent the last three years arguing with regulators over how to handle data residency under GDPR and the Digital Operational Resilience Act, which came into force in January 2025. The new rules require financial firms to demonstrate that critical cloud providers can be replaced if a major outage occurs, a standard that pushes many institutions toward multi-cloud designs. Concentration risk is the other recurring concern. AWS, Azure, and Google Cloud control roughly two-thirds of public cloud globally, and the three of them together host the majority of US banking workloads. The Bank of England flagged this in a financial stability publication, warning that the failure of one hyperscaler could disrupt payments and trading across the financial system. American supervisors have echoed the concern, and 2026 is expected to bring formal designations of critical third-party providers under the Financial Stability Oversight Council framework. Banks are responding with portability strategies that keep workloads movable between providers, but the engineering cost of true multi-cloud remains high. The infrastructure teams running these programmes are also competing for talent with the hyperscalers themselves, which has pushed total compensation for senior cloud engineers in financial services well above their peers in other infrastructure roles.
The next phase: AI workloads and data sovereignty
The spending mix is about to shift again. AI infrastructure, which made up less than 5 percent of bank cloud budgets in 2022, is forecast to reach 15 percent by 2028 as model training and inference scale across treasury, fraud, and customer experience. That growth is colliding with a parallel push for data sovereignty. Several European jurisdictions now require sensitive customer data to remain inside national borders, prompting the rise of sovereign cloud offerings from each of the major hyperscalers. US banks are watching this debate closely. Federal agencies have signaled comfort with mainstream public cloud as long as encryption and access controls meet supervisory standards. Smaller US firms are also tapping cloud-native services to compete with larger rivals on speed, a pattern visible across the wave of fintech innovations launching in 2026. The bigger domestic question is how Treasury will treat AI-specific cloud compute under the executive orders issued in 2025, which require disclosure of large training runs above a defined threshold. Most banks will be well below that threshold individually, but vendors that aggregate fine-tuning workloads on their behalf may not be, and that has lawyers across the industry rewriting their cloud contracts.
A decade ago, putting a core banking ledger on someone else’s server was treated as a regulator’s nightmare. In 2026 the cloud is the default architecture, and the institutions still running their own data centres look like the outliers. The remaining work is no longer about whether to migrate; it is about which workloads belong on which cloud, how to keep them portable, and what happens when one of three vendors becomes too critical to fail. The next leg of competition in banking will play out inside cloud control planes, not on private hardware, and the institutions still treating cloud as a procurement question rather than an engineering discipline are likely to find themselves outpaced.
