I have worked with several financial services clients, including banks, insurance companies, and trading firms. One of their most vexing issues was dealing with DNP (declining - not permitted technology). This is technology used in older but critical applications that, while once state of the art, are now considered dangerous because vendors no longer support it and/or have very few employees knowledgable to work on it.
While the application is fully functional and does its job, the DNP technology is frequently core to the application, meaning that the IT staff are not allowed to do any maintenance on it, for fear that the application might not even reboot.
Also, having an application with one piece of DNP technology frequently causes a spiraling effect that results in using other outdated technology. For example, one banking client of mine had a bulk FX currency application that used an old EJB server that was DNP. Because the vendor stopped upgrading this server years ago, the server could only connect to Oracle databases using older driver versions that Oracle no longer supported, thus leading to more risk.
One of the strategic challenges that I have worked on is to decide whether to completely replace the application or if the application can be ported to non-DNP technology.
In different cases, I have recommended both options. A big determinant is how well the application was developed. If the developers followed best design principles and standardizations, then it should be possible to swap out the DNP technology.
Frequently, however, the DNP technology was implemented when the technology was "bleeding edge" - before standards were developed. In those cases, the application interfaces with the DNP technology using customized programming, making it messy to port.