A mid-size European bank we assessed last quarter runs 217 Oracle Forms modules across loan origination, treasury, and compliance reporting. They pay roughly $580K a year in Oracle licensing. DORA gave them 18 months to prove digital operational resilience.
They are not an outlier. They are the median.
The regulatory catalyst
DORA, SOX Section 404, and the next wave of data privacy rules all assume audit trails, granular access controls, and incident reporting capabilities that Oracle Forms was never built to provide. Forms can log to a database trigger. It cannot produce the kind of real-time, queryable evidence that a regulator now expects to see at audit.
Our compliance reviews consistently find the same gap: the controls exist on paper, but the system can’t surface them on demand.
The pain in practice
The bank we mentioned is typical. Inside a single Forms estate we usually find:
- 200 or more active form modules
- Dedicated workstations for every operator, with no browser or mobile path
- Annual Oracle licensing in the high six figures, with no reduction roadmap
- Three to six months of onboarding for new ops staff to become productive
- Zero native API connectivity, so every integration runs through bespoke middleware
The hidden cost isn’t the license. It’s the velocity tax on every change.
What modern financial dashboards need
Replacement systems have to clear a higher bar than the originals. Our financial services customers consistently ask for the same five capabilities:
- Real-time portfolio monitoring with drill-down from summary to individual transaction
- Automated compliance checks that run before every database commit
- Field-level role-based access, not just screen-level
- A SOX 404-grade audit trail covering every read and write
- Browser-based access with SSO into Azure AD or Okta
The DEX approach for financial services
We migrate Forms banking applications in four steps. We extract the validation rules that encode regulatory requirements. We preserve the approval workflows for loan committees and credit decisions. We generate compliance-ready screens with audit logging built in. And we expose REST APIs so the new application can talk to modern core banking and risk platforms.
The result is a web application that passes regulatory audits on day one, because the compliance logic was preserved deterministically rather than rewritten by engineers who might not have known why it existed in the first place.