I'd use the strangler fig pattern to gradually replace monolith components with microservices. We'd start with the transaction monitoring module since that's the regulatory requirement, build it as a separate service consuming the same event stream, and run it in shadow mode alongside the legacy system for validation. Once we're confident, we cut over. I'd set up a dedicated migration squad with clear milestones and weekly regulator updates.
Strengths
- The strangler fig pattern is the correct architectural approach โ shows you've done large-scale migrations before.
- Shadow mode validation before cutover demonstrates mature engineering judgment and risk awareness.
- Weekly regulator updates show you understand the compliance dimension of technical leadership.
Improve
- Quantify the engineering effort โ how many engineers, what budget, what infrastructure costs.
- Address the people challenge: how do you upskill the team from monolith to microservices thinking?
- Include board-level risk communication โ CTOs need to translate technical risk into business language.
When I led the migration at my previous company โ a payments platform processing $12B annually โ under FCA regulatory pressure, I structured it as a 6-month program with three workstreams. First, Architecture: I chose the strangler fig pattern, decomposing the monolith into 14 bounded contexts. The transaction monitoring service was built first as an event-driven microservice consuming from Kafka, processing 500K+ events per second. We ran it in shadow mode for 8 weeks, comparing outputs against the legacy system until we achieved 99.9997% parity. Second, Engineering: I created a dedicated migration squad of 35 engineers pulled from across the organization, each workstream led by a principal engineer with clear 2-week sprint milestones. I also ran a 3-week internal training program on event-driven architecture for the 80 remaining engineers who'd maintain the new system. Third, Governance: I established a weekly technical steering committee with the CRO and Head of Compliance, presenting migration progress in business terms โ not technical jargon. I framed risk as 'probability of regulatory fine' and 'customer-facing downtime hours' rather than 'services migrated.' We completed the migration in 5 months โ one month ahead of the regulatory deadline โ with zero customer-facing incidents and 99.999% uptime maintained throughout. The new architecture reduced our transaction monitoring latency from 45 seconds to under 200 milliseconds.