AI, Compliance, and the Future of Mainframe Modernization: CIO Roundtable Weigh Risks, Rewards, and Strategic Trade-Offs

By Lane F. Cooper, Editorial Director, BizTechReports, and CIO.com Moderator

As artificial intelligence (AI) reshapes the enterprise technology landscape, industry leaders are rethinking modernization strategies to balance agility, security, and compliance. That was the key takeaway from a recent CIO Magazine roundtable, co-hosted by Skyla Loomis, Vice President of IBM Z Software, and John Currie, Partner, Mainframe Application Modernization at IBM.

Executives from a wide range of industries -- including financial services, insurance, retail, and higher education -- gathered to discuss the evolving role of AI in modernizing legacy IT environments, with particular focus on mainframes, cloud adoption, and AI governance.

Governance and Compliance Drive AI Adoption Strategies

AI’s rapid adoption across industries has created new governance and compliance challenges, particularly for organizations operating in highly regulated sectors. Nevertheless, leaders at the roundtable agreed that AI is no longer a theoretical discussion; for most -- if not all -- this disruptive technology has moved squarely into the realm of practical implementation.

“Governance is now at the forefront of AI conversations,” said Loomis. “A year ago, many enterprises were still asking, ‘What can AI do for us?’ Today, the focus has shifted to ‘How do we ensure AI aligns with security and compliance standards?’”

Indeed, AI governance frameworks are an essential discipline for leaders to master to ensure businesses maintain transparency, track AI decision-making processes, and prevent unauthorized data usage. An AI governance framework ensures that AI is developed, deployed, and managed ethically, securely, and in compliance with regulations while aligning with business goals.

It includes key pillars such as strategy, risk management, compliance, transparency, and operational oversight to mitigate risks like bias, security threats, and model failures. Implementation involves establishing governance committees, setting policies, conducting AI risk assessments, and deploying monitoring tools to ensure responsible AI usage. A well-structured framework fosters trust, compliance, and scalability, enabling organizations to innovate with AI while maintaining accountability and fairness.

“The fact that organizations are now embedding governance frameworks into their AI operations shows a significant shift,” Loomis added. “The priority now is ensuring AI models remain explainable, auditable, and secure.”

Related to the topic of risk management in general -- and compliance in particular -- several executives indicated a preference for on-premises AI deployments rather than relying entirely on cloud-based solutions. The move reflects growing concerns about data sovereignty and ensuring that proprietary business information remains under enterprise control.

“We are absolutely seeing a trend where companies want to run AI models in-house,” Loomis said. “Many businesses are looking for ways to control training data, limit exposure, and meet stringent industry compliance standards.”

AI is Accelerating the Mainframe Modernization Debate

One of the most pressing topics at the roundtable was the role of mainframes in an AI-driven world. For decades, mainframes have been the backbone of large enterprises, processing high-volume transactions in industries such as banking, insurance, and retail. According to John Currie, the discussion around mainframe modernization has evolved beyond simple cloud migration.

“Modernization and migration are not the same thing,” Currie said. “There was a time when modernization meant moving everything to the cloud, but today’s enterprises are realizing that a hybrid, fit-for-purpose approach provides better outcomes.”

Organizations are increasingly leveraging AI to analyze dependencies, automate code refactoring, and improve system interoperability. AI-powered automation tools are helping enterprises extract business logic from legacy systems, making it easier to integrate them into hybrid cloud environments.

“AI is proving to be an invaluable tool for assessing mainframe applications,” Currie noted. “It’s helping enterprises make informed decisions about which workloads should stay, which should migrate, and how to optimize everything in between.”

A key takeaway from the discussion was that AI is not only helping modernize mainframe environments but also extending their viability in the face of rising operational costs and talent shortages.

“We’ve seen AI help organizations uncover hidden efficiencies in their mainframe ecosystems,” Currie said. “Instead of replacing mainframes outright, AI allows businesses to maximize their existing investments while modernizing incrementally.”

AI-Powered Development Raises the ‘Build vs. Buy’ Question

The roundtable also highlighted an emerging debate around the traditional ‘build vs. buy’ model for enterprise software. With generative AI tools accelerating software development, some organizations are reconsidering their reliance on third-party SaaS solutions.

“AI is making it easier for companies to build their own applications, often in record time,” Loomis said. “That has the potential to disrupt the traditional software procurement cycle, where companies default to buying packaged solutions instead of developing in-house.”

A technology executive from the insurance sector shared an example of how AI-driven development allowed their team to build an underwriting triage system in just two weeks—a task that would have traditionally taken months.

Executives across industries acknowledged that AI’s ability to generate code, automate testing, and improve developer productivity is forcing them to rethink software development strategies. However, challenges remain, particularly around AI-generated code validation, security, and long-term maintenance.

“We see AI as an augmentation tool, not a replacement for developers,” Loomis emphasized. “While AI can rapidly generate application components, human oversight is still critical to ensure accuracy, security, and business alignment.”

Hybrid IT Strategies Remain the Preferred Approach

As AI-driven modernization accelerates, financial services and insurance leaders reaffirmed that mainframes remain critical due to their security, reliability, and transaction-processing capabilities. Rather than viewing mainframes as outdated systems, there was a consensus on making mainframe more interoperable with modern cloud and AI architectures.

“We are seeing enterprises take a pragmatic approach,” Currie explained. “They recognize the value of mainframes but are also investing in modern API-driven architectures that allow seamless integration with cloud-native applications.”

Organizations that previously aimed to migrate entirely to the cloud are now adopting hybrid IT models that blend mainframes, cloud environments, and AI-driven automation tools. The focus has shifted to business outcomes rather than technology preferences.

“The conversation is no longer about getting off the mainframe—it’s about how to optimize it,” Currie said. “Mainframes aren’t going away anytime soon, but they are evolving alongside cloud and AI capabilities.”

AI's Future in Enterprise IT: Experimentation and Adoption

As businesses navigate AI adoption, experimentation is key, according to roundtable participants. Companies are using AI sandboxes to test AI-driven automation, evaluate AI-generated insights, and refine their governance frameworks before scaling deployments.

“We’re in an era where companies need to balance rapid innovation with responsible AI governance,” Loomis said. “It’s not just about implementing AI—it’s about doing so in a way that aligns with regulatory, ethical, and business considerations.”

Currie echoed that sentiment, stressing that businesses should approach AI-driven modernization as a strategic, iterative process rather than a one-time transformation.

“The key is to think holistically,” Currie said. “AI, cloud, and mainframe modernization should all be part of a unified digital strategy that evolves with the business.”

###