BANKING INSTITUTION

From VB6 to .NET 8 in an anti-money laundering application:
modernization
with strict technical constraints in a banking environment

Regulatory compliance applications in banking institutions add a layer of complexity to legacy modernization that does not appear in other sectors: technical constraints are more rigid, operational traceability is a regulatory requirement, and any variation in control logic can have direct compliance implications. This banking legacy modernization case documents how GO4IT Solutions modernized a critical anti-money laundering application, migrating it from VB6 to .NET 8 while respecting highly specific technical constraints defined by the bank’s corporate architecture.

Project scope


  • Complete migration from Visual Basic 6 to .NET 8 + HTML + jQuery
  • Integration with SQL Server and Teradata through corporate web services
  • Preservation of OCX components to maintain existing integrations
  • Adaptation to an environment with browser compatibility constraints
  • Operation logging centralized in database tables
  • Critical regulatory compliance application used daily

The challenge: modernizing without breaking compliance or existing integrations

The original application, developed in VB6, had accumulated years of evolution and had become a key part of the institution’s control and compliance technology ecosystem. Its integrations with corporate data systems — SQL Server and Teradata — and its OCX components were not secondary technical details: they were part of the regulated process.
The bank established very precise technical constraints from the start of the project. Two of them were especially restrictive: mandatory compatibility with an older browser version imposed by the corporate architecture, and the preservation of the original OCX components to avoid breaking pre-existing integrations critical to compliance processes.
In the context of DORA, in force since January 2025, banking institutions must document and actively manage the technological risk of their critical systems, including applications without vendor support. A VB6 regulatory compliance application without an active modernization plan is a regulatory risk point that auditors are identifying with increasing frequency.
Mujer trabajando en un banco mirando la pantalla en la oficina

The solution: .NET 8 + HTML + jQuery while respecting
each of the client’s technical constraints

GO4IT Solutions approached the modernization from the VB6 codebase, evolving it toward an environment based on .NET 8, HTML, and jQuery while taking all client constraints into account from the outset. Compatibility with the older browser version was resolved without compromising the technological modernization of the application layer. The original OCX components were preserved where necessary to maintain existing integrations, adopting a coexistence strategy rather than forced replacement. In addition, log management was redesigned: the text file model was replaced with centralized storage in database tables, improving operational traceability and auditability — a de facto requirement in regulatory compliance applications.


Results: compliance preserved,
improved traceability, reduced technological dependency

The project enabled the institution to modernize a critical regulatory compliance application without ever compromising service continuity or the integrity of the control processes it supports. The migration from VB6 to .NET 8 eliminated dependency on a technology unsupported since 2008, reducing the associated technological and regulatory risk. The new platform, aligned with current development standards, offers greater integration capacity with the corporate ecosystem. The improvement in operational traceability — moving from file-based logging to centralized database storage — was especially valued in the context of the audit requirements specific to anti-money laundering applications.

Key Challenges Addressed

  1. Ensure compatibility with an older browser version imposed by the bank’s corporate architecture.
  2. Maintain the use of the original OCX components to avoid breaking critical pre-existing integrations.
  3. Evolve the application without altering its functional behavior or critical operational control processes.
  4. Adapt the data access layer to the institution’s corporate web services model.
  5. Replace file-based log storage with a centralized database model.
Delivered by

Project team

Guillermo Rodríguez
Project Leader Unai Arrizabalaga

at GO4IT Solutions, a spin-off from Tecnalia, has supported modernization projects in the banking, insurance, and retail sectors in Spain and Europe, with clients operating critical systems with volumes ranging from 500 to 6,000 functional windows.