Liquibase, provider of database change governance solutions used by many of the world’s leading financial services organizations, today announced The Financial Services Playbook for Governed Database Change, a new executive guide designed to help financial institutions modernize and secure one of the last major control gaps in enterprise technology delivery: database change.
Built for CIOs, CTOs, platform engineering leaders, database architects, and compliance teams, the playbook examines how banks, insurers, payment processors, fintechs, and capital markets firms continue to face a growing governance gap between highly automated application delivery pipelines and still-manual database change processes.
“Every other layer of the software delivery pipeline has been automated, policy-driven, and made auditable,” said Ryan McCurdy, Vice President at Liquibase. “But at many financial institutions, database changes are still routed through tickets, manually reviewed, and directly executed in production. In today’s regulatory environment, that is no longer simply inefficient. It is an operational and compliance exposure.”
Field research for the Playbook was conducted across hundreds of financial services engagements spanning enterprise banks, regional institutions, credit unions, global insurers, payment processors, fintechs, and capital markets firms.
Among key findings:
- The problem is universal. Manual database change execution is the industry baseline, not a maturity problem at lagging organizations.
- Compliance is the accelerant. SOX, PCI DSS, SOC 2, and DORA are driving purchase decisions. When auditors flag deficiencies, budget materializes.
- The DBA bottleneck is structural. Executive mandates to remove DBA involvement from routine changes are appearing at the largest institutions.
- The proven path is pilot, platform, enterprise. Start with two to five applications, build the pipeline through platform engineering, then scale.
- Multi-database reality is the baseline. Oracle, SQL Server, PostgreSQL, Snowflake, DynamoDB, Databricks. Partial coverage is not governance.
Organizations that close this gap deliberately will set the standard. The rest will be forced to catch up by their auditors, their regulators, or a production incident.
Drawing on field research from hundreds of financial services engagements, the playbook argues that manual database change execution remains the industry norm, even at highly mature institutions. It outlines how mounting regulatory scrutiny from frameworks including SOX, PCI DSS 4.0, SOC 2, DORA, and emerging operational resilience requirements is accelerating demand for governed database delivery pipelines.
The playbook also addresses a growing concern around AI adoption in software delivery. “Financial institutions are entering a phase of AI adoption under a perilous assumption: that governance frameworks built for human-driven systems can simply be extended to autonomous agents,” said Chris Steffen, Research VP, Enterprise Management Associates. “That assumption is now clearly outdated. Governance that ends too early is a crucial misstep, one that leaves databases exposed to a kill chain that’s now moving with unprecedented speed and lethality.”
Liquibase recently explored that emerging threat in its analysis: Banks Focus on AI Models. Mythos Class Attackers Focus on Your Databases.
Rather than focusing narrowly on tooling, the playbook walks readers through the operational realities financial institutions face today, including DBA bottlenecks, fragmented deployment tooling, audit evidence reconstruction, schema drift, and growing separation-of-duties concerns.
The guide also details a practical maturity path for organizations seeking to modernize database governance. Chapters include:
- The governance gap: why database delivery remains structurally different from application delivery
- How governance failures create operational, audit, and regulatory exposure
- The evolving role of DBAs, platform engineering, and compliance teams
- An eight-principle target operating model for governed database change
- A phased rollout strategy covering pilot, platform, and enterprise adoption
- A framework for evaluating build-versus-buy governance approaches
- Metrics financial leaders can use to justify modernization investments
- The impact of AI-generated SQL and hybrid cloud database environments on governance strategy
TL;DR: FinServ Operational Resilience Is At Risk
Manual database change execution is throttling data security and is the FinServ industry baseline, not a maturity problem at slow-adopter organizations.
Organizations that embed governance directly into database delivery pipelines now will gain operational resilience and regulatory advantages. Institutions that delay modernization risk being forced into reactive remediation by data loss or corruption incidents, by audit pressures, and by competitive market forces.
The executive summary of The Financial Services Playbook for Governed Database Change is available now from Liquibase: https://www.liquibase.com/resources/ebooks/financial-services-playbook-for-governed-database-change
About Liquibase
Liquibase empowers teams to deliver mission-critical applications, data products, and AI initiatives by automating and governing database change. We are the company behind Liquibase Community, a project with deep open-source roots that has been downloaded more than 100 million times and is trusted by thousands of teams worldwide.
Liquibase Secure, built on that proven community foundation, is the only enterprise platform that unifies DevOps, security, and compliance at the database layer. It enables organizations to deliver applications and data products with velocity, safety, and confidence. Trusted by the world’s most innovative and highly regulated enterprises, Liquibase Secure powers the last mile of application and data delivery.
Learn more at www.liquibase.com. Follow us on LinkedIn and X.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260519064905/en/
Media gallery
