Articles

Knowledge and Logic Extraction: The Next Evolution of Data Lineage

April 8, 2026
Caitlyn Truong

If you're searching for contextual data lineage, you've probably already discovered something frustrating: most lineage tools tell you surface-level relationships between data points–where data came from and where it went–but not much else.

You're left staring at a diagram that shows Table A feeds into Table B, which outputs to Table C. Technically accurate. But when a risk analyst asks why a capital reserve figure changed overnight, or a regulator wants to know exactly which source system contributed to a reported metric and under what transformation logic, the map answers none of it.

Where data came from and where it went is the starting point. What analysts, risk teams, and compliance officers actually need is the context: what logic touched it, what conditions applied, what changed, and what business rule was in effect at the time. That's the difference between a lineage map and lineage you can actually use.

The Problem with Traditional Data Lineage

Traditional data lineage tools were designed to answer a narrow question: where did this data come from, and where did it go?

That was a reasonable starting point decades ago. But for organizations managing complex legacy estates today – particularly mainframes or midranges running COBOL, RPG, etc. – surface-level mapping barely scratches the surface of what you need.

Consider what happens when a regulator asks you to explain how a specific calculation is derived. You can show them a data flow diagram. They'll nod politely. Then they'll ask: "But why is it calculated this way? What business rule drives this? When did this logic change, and why?"

The traditional lineage tool has no answer.

Or consider a modernization project where your legacy system produces one result and your new platform produces another. Is that difference significant? Is it a bug? Is it an intentional business rule that was never documented?

Without context, you're back to the same approach that's been failing for decades: finding someone who remembers, hoping the documentation exists, or spending weeks tracing through cryptic code.

What Contextual Data Lineage Actually Means

Contextual data lineage goes beyond mapping data flows. It captures the intent and reasoning behind how systems were built – the business logic, decision contexts, and institutional knowledge embedded in decades of code evolution.

A Gartner analyst recently described this capability as "knowledge and logic extraction" – and noted that it represents an emerging category distinct from traditional lineage tools.

The distinction matters because context transforms raw lineage data from overwhelming output into actionable intelligence:

  • Without context: You know that Field X flows through Program Y and ends up in Report Z. You have no idea why the program applies a specific multiplier, under what conditions it branches, or what business requirement drove that logic forty years ago.
  • With context: You understand that the multiplier exists because regulatory requirements changed in 1987, that the branching logic handles different asset types, and that the specific calculation matches the methodology documented in your compliance framework – or doesn't, which is exactly what you needed to identify.
This is the difference between data and understanding.

Why Raw Lineage Data Isn't Enough

Here's what some vendors don't tell you: lineage data can be extraordinarily rich and detailed, yet still fail to be useful.

We learned this directly from customers. They told us that comprehensive lineage output – no matter how accurate – was overwhelming. Compliance teams would receive massive data dumps and have no idea where to start. Business analysts would get technically correct diagrams that didn't answer the questions they were actually asking.

The problem isn't the data. The problem is that data without context forces you to become an archaeologist, piecing together meaning from fragments.

What teams actually need is the ability to ask a question and get an answer – in plain language, with business context, in a timeframe that makes the answer useful.

What This Looks Like in Practice

When context is embedded in your lineage approach, the scenarios that typically take weeks or months become manageable in hours or minutes.  See the examples below:

Legacy system modernization

Your organization is migrating off the mainframe to a modern cloud-based platform. The project is stuck in the analysis phase–and has been for months, because no one can confidently explain how the legacy system actually works.

Here's the scenario that plays out constantly: you run a transaction through the old system and get one result. You run the same transaction through the new platform and get a different result. The old system says the interest accrual is $5.00. The new system says $15.62.

Which one is right? More importantly, why are they different?

With the new system, you can trace the logic – the code is documented, the team that built it is still around. But the legacy system? That calculation was written forty years ago, modified dozens of times since, and the people who understood it have long since retired. You're left reverse-engineering requirements from cryptic COBOL modules, hoping you find the answer before the project timeline slips again.

This is where contextual lineage changes everything. Instead of weeks of system archaeology, analysts can trace the calculation back through its entire history – seeing not just what the logic does, but why it was written that way, when it changed, and what business requirement drove each modification. They can determine whether the $5.00 reflects an intentional business rule that needs to be replicated in the new system, or an outdated approach that can be safely left behind.

Without this context, modernization projects stall. Teams can't confidently port or decommission legacy systems because they can't prove the new platform handles every scenario correctly. With contextual lineage, what used to take months of investigation becomes a matter of minutes – and teams can finally move from analysis to action.

Regulatory response and audit readiness

A regulator demands lineage-based evidence. An auditor spot-checks in real time. Failure to respond accurately and quickly exposes the company to fines, consent orders, or worse. Without contextual lineage, compliance teams spend months manually assembling fragmented documentation, chasing down tribal knowledge, and hoping nothing was missed. With it, they generate audit-ready responses immediately and handle live questions on the spot – transforming regulatory exposure into regulatory confidence.

Data feed or vendor replacement

Your business wants to swap an outdated data feed or vendor for a more modern alternative. Sounds straightforward, but decades of modifications have buried the answer to a simple question: which feed is actually being used today? Teams spend weeks hunting through systems, hoping they've found the right source. Get it wrong and you've got data corruption or system failures. With contextual lineage, analysts trace back to the exact source in minutes with complete confidence – eliminating weeks of effort and the risk of replacing the wrong feed.

Onboarding new team members

Your mainframe experts are retiring, and their institutional knowledge is walking out the door with them. New team members face a wall of undocumented legacy code with no way to get up to speed. Contextual lineage translates that complexity into plain language, allowing new analysts to orient themselves to unfamiliar systems in hours instead of months – preserving critical knowledge before it's lost.

The Shift from Data Extraction to Understanding

Traditional tools extract data. The next generation extracts understanding – and packages it so people can actually use it.

This isn't a feature difference. It's a category difference.

Legacy platforms like Collibra were built for metadata management and governance workflows. They're valuable for those purposes. But when it comes to unlocking the institutional knowledge trapped in legacy systems, they weren't designed for the depth of analysis that complex modernization and current compliance initiatives require.

What's needed is a fundamentally different approach: one that translates complex legacy code into plain language with business context, allows self-service access without requiring technical expertise in legacy languages, and curates rich lineage output into formats that compliance teams, business analysts, and project managers can actually address.

Finding Contextual Data Lineage

If you're evaluating lineage tools, the questions to ask are:

  1. Does it just map data flows, or does it expose business logic?
  2. Can it explain legacy code into language business users understand?
  3. Does it provide context around why calculations exist, not just that they exist?
  4. Can compliance teams use it directly, or does every question require a COBOL or RPG specialist?
  5. Is the output actionable, or is it just overwhelming?

The answers will quickly reveal whether you're looking at surface-level lineage or something that can actually solve the problems you're facing.

Zengines provides contextual data lineage for legacy systems, helping enterprises understand, manage, and modernize their most critical legacy assets. Our platform translates complex COBOL, RPG, and other legacy code into plain English with business context – enabling teams to answer questions in minutes instead of weeks.

You may also like

In this episode of the Finovate Podcast, host Greg Palmer sits down with Caitlyn Truong, CEO and Co-founder of Zengines, fresh off the company's Best of Show win at FinovateSpring 2026.

Caitlyn traces her path from hardware and software engineering in telecom to financial services consulting, where she and her co-founders kept running into the same gap: critical business logic locked inside legacy core applications written in COBOL, RPG, and PL/1. With 92 of the top 100 banks running COBOL mainframe cores and over half of credit unions and regional banks operating on RPG cores, that black box isn't an edge case — it's the industry norm.

Key points from their discussion

  • Beyond pathway tracking: Traditional lineage tools show where data travels. Zengines Contextual Data Lineage ingests entire legacy codebases to reveal not just what happens to data, but why and how — the calculations, conditions, and business rules embedded in the code itself.
  • Answers in seconds, not months: Business analysts, data analysts, compliance teams, and technical staff get self-service answers to questions that previously required waiting on scarce subject matter experts.
  • Three use cases driving urgency: Meeting regulatory compliance requirements, de-risking modernization and transformation programs, and making legacy data AI-ready with the trust and traceability regulated institutions need.
  • The Finovate experience: Caitlyn shares how the Sherlock Holmes-themed demo brought "shining a light into the black box" to life on stage — and her advice for first-time demoers on using seven minutes to plant hooks that turn into real booth conversations.

Listen to the full episode

Watch the demo replay

There is a rule that has been on the books for over a decade, and almost nobody outside of risk and compliance teams has ever heard of it: BCBS 239. It is not a catchy name. But the idea behind it is one of the more sensible things to come out of the post-2008 regulatory response: banks should be able to explain where their risk numbers come from.

Not approximate. Not eventually. Be able to trace a number back to its source, on demand, and show the path it took to get there.

That standard came into force for the world’s largest banks in January 2016. Almost ten years later, only a handful of the 31 global systemically important banks (G-SIBs) have reported full compliance. The ECB’s RDARR Guide, published in May 2024, named data lineage as one of seven priority areas still holding institutions back, and said it expects remediation work to continue through 2027.

I want to make the case that this isn’t a story about banks dragging their feet, or regulators failing to enforce something. It’s a story about a rule that was right, running into a technical wall that was real.

The wall was real

If you’ve spent time around a bank’s core systems, you already know what the wall looks like. Decades of COBOL or RPG, written and rewritten by people who retired years ago, running calculations that nobody currently on staff can fully explain. Ask a team to trace how a specific risk figure was derived, and the honest answer is often: we’d need a few months, and a few of our most senior mainframe engineers — who are also the people we can least afford to pull onto this.

That’s not a compliance excuse. It’s a real description of how these systems work. Logic gets buried inside modules that branch into other modules, which branch into more, written in a language most engineering schools stopped teaching in the 1990s.

So banks have been stuck between a standard they understand and largely agree with, and infrastructure that makes meeting it genuinely hard. Regulators have been patient about this — I think correctly — because the alternative, demanding visibility into systems that were close to a black box, wasn’t realistic.

What’s changed

I run a company called Zengines. We built technology specifically to deal with this wall: parsing legacy code at scale, tracing how data moves through mainframes and AS/400 applications, and surfacing the business logic that’s been buried inside them for decades — with the context needed to make it usable.

At one Fortune 100 financial institution, we’re currently working through hundreds of thousands of COBOL modules, some of them tens of thousands of lines deep, netting out to tens of millions of lines of code. Questions that used to take a mainframe specialist months to answer — tracing a variable by hand through branch after branch — can now be answered in seconds. An analyst can ask the system directly where a number came from, instead of opening a ticket and waiting. That same self-service access lets teams build their own understanding, and answer questions from regulators and transformation programs directly.

I’m not suggesting this solves everything BCBS 239 asks for. Governance, and the behavioral discipline of actually using data management tools once you have them — those still take sustained organizational effort, and always will.

But the specific claim that legacy mainframes are too opaque to document fully? That claim is no longer true, at least not in the way it used to be.

Why this matters beyond one regulation

I’d guess most people reading this don’t work in regulatory compliance.

If you’re a CDO, a CIO, or a risk leader at a bank with a mainframe at its core, BCBS 239 is probably one item on a long list. But the underlying question — can we actually explain how our own systems work? — isn’t a regulatory question. It’s a basic operational one. It’s the same question that determines whether you can trust the data going into a new AI initiative, whether you can defend a number in front of your own board, and whether the next system migration breaks something nobody saw coming.

Lineage has quietly become a prerequisite for almost everything banks are now trying to do with their data. Most executives don’t ask for it directly, because they don’t think to ask — they ask for the AI use case, or the modernization roadmap, or the faster reporting cycle, and lineage turns out to be the thing standing between them and any of it.

Where I land

I don’t think this is a story that needs villains. The standard was right. The barrier was real. What’s changed is narrower, and more hopeful: the wall that made the standard so hard to meet has a way through it now.

If you’re a regulator, I’d offer this as something worth knowing: the technical excuse has less weight than it used to. If you’re an executive at a bank still living with this problem, I’d offer something more direct — this is more solvable, and more quickly, than you’ve been told.

Either way, the goal was never the regulation itself. It was being able to look at your own systems and actually understand them. That’s now a lot closer than it’s been in years.

Sincerely,

Caitlyn Truong

CEO, Zengines

At industry conferences this year, I’ve spent dozens of hours inside conversations with CEOs, CDOs, CIOs and operating executives across financial services. When I ask what’s keeping them up at night when it comes to their data, the answer is remarkably consistent: data access. They want data more accessible, faster, in more usable form, in more places, with fewer gatekeepers.

What's notable is what they don't ask for. Not trustworthiness. Not audit-ability. Not the ability to defend a number to a regulator without calling three people first. Access is the ceiling of the conversation, and honestly, that makes sense. In large financial enterprises built on decades of legacy applications, murky integrations, and pipelines that nobody fully documented, just getting the data somewhere useful is still a meaningful achievement.

The problem is that "getting the data" is already more complicated than most leaders realize. The moment data leaves its source system, decisions are being made about it. Decisions that quietly change what it means. And if you don't know those decisions were made, you don't know what you're actually looking at.

That's where lineage comes in, and why it matters even before you get to the outcomes leaders should be asking for.

Below, I’ll walk through (1) what “access” really delivers, (2) the abstraction layer hidden inside every extraction, (3) the compounding problem of “data derivatives”, (4) a concrete example – encoding and precision – where this gets expensive, and (5) what business leaders should be asking for instead.

What “Data Access” Really Delivers

When a business team asks for access to data, they almost always receive something that has already been processed for their consumption. Someone – usually a data engineer or database administrator – sat down with the source system and made a series of decisions:

  • Which tables matter for this use case
  • Which fields to expose
  • How to filter, aggregate, or join the records
  • Which technical artifacts to strip out (temp tables, system metrics, audit fields that don’t translate to business meaning)

These decisions are reasonable. Business consumers don’t want raw operational data; they want something readable without extraneous noise. But every one of those decisions encodes logic and judgment that doesn’t travel with the data. The output looks complete – and to the business user, it looks like the source of truth – but it is already an abstraction.

The Extraction Event Is a Translation Event

I find it useful to think of an extraction as a translation. Someone translated the operational reality of a data storage system into a business-readable view. Like any translation, choices were made: what to keep, what to drop, how to render concepts that don’t map cleanly across contexts. And like any translation, those choices can quietly change the meaning.

When a business leader looks at the extracted view, the assumption is usually that the data was “moved and shifted” – that is, copied with fidelity. That assumption is possible. In my experience, it is also highly doubtful. Logic gets applied at the moment of extraction, and unless someone deliberately captured and shared that logic, it is invisible by the time the data reaches a dashboard.

Abstractions of Abstractions: How Data Derivatives Compound the Problem

Here is where it gets harder.

Once an extracted data set exists, other people start using it. And why wouldn't they? There is already a data access path. The alternative - forging a new data access path - is the full corporate yellow tape headache: hunting for a charge code, filling out a technical work request that Business can’t quite decipher, watching that ticket age in a queue, and depending on legacy data SMEs who left the company in 2019. The extracted data set skips all of that. Already shaped for consumption, already lightly documented, already trusted by some peer team who vouched for it in a meeting six months ago. So the next team builds a report off it. Or creates a derivative data set for their own use case. Or both. What they don't realize is that the easy path and the right path may not be the same one.

They use it because it’s available and easier than starting from scratch – it’s already shaped for consumption, already lightly documented, already trusted by some peer team. So they build a new report off it. Or they create a derivative data set for their own use case. Or both.

That derivative is now an abstraction of an abstraction. The further you move from the originating system, the more layers of unrecorded judgment sit between the business decision and the operational event the data was supposed to describe. By the third or fourth hop, the question “where did this number come from?” can be genuinely difficult to answer – even for the team that produced the report.

A Concrete Example: How Encoding and Precision Quietly Rewrite Your Data

Let me make this concrete with an example I keep encountering.

When data is moved between systems, engineers make practical choices about how to package it. One of those choices is how to handle numeric precision. A value originally stored at six decimal places in the source might be packaged at four, or two, depending on what the receiving system supports – or simply what the engineer is most familiar with.

In some industries, that’s fine. In financial services, insurance, and healthcare, it is often not fine. A decimal place in an interest rate, a reserve calculation, or a pricing model can represent material variance. Once precision has been silently reduced, the data is no longer the real data – it is an approximation that looks identical to a casual reviewer. The business consumer assumes they’re working with the underlying record; in reality, they’re working with a rounded version of it that was reshaped during packaging.

This is exactly the kind of change that lineage is built to surface. Without lineage, you can’t tell that anything happened. With lineage, the precision change is documented, traceable, and reviewable.

Why Regulated Industries Can’t Afford to Skip Data Lineage

Regulatory frameworks have been ahead of business intuition on this point. BCBS-239 requires banks to demonstrate the accuracy, completeness, and timeliness of their risk data – which is impossible to defend without lineage. ORSA and Solvency II require insurers to substantiate the data flowing into solvency and capital calculations. None of these frameworks ask whether you have access to the data. They ask whether you can prove what the data is and how it got there.

For institutions operating under these regimes, lineage isn’t a nice-to-have analytics enhancement. It is the substrate that makes the rest of the data conversation defensible.

What Business Leaders Should Be Asking For Instead

If “give me access to the data” is the wrong ask on its own, what’s the right one? In my view, business leaders should be asking three questions every time a new data set lands on their desk:

  1. Where did this data originate, and what happened to it between then and now? Not a verbal summary – a documented path that is understandable in Business terms.
  1. What decisions were made during extraction or packaging that could have changed the meaning of the values I’m looking at? Especially around encoding, precision, filtering, and aggregation.
  1. If a regulator or auditor asked me to defend this number tomorrow, do I have the evidence trail to do it? If the answer is “we’d have to go find the engineer who built this,” the answer is no.

These questions don’t replace the access conversation – they extend it. Access is the entry point. Lineage is what makes access trustworthy.

A Final Thought

The reason business teams don’t ask for lineage isn’t that lineage doesn’t matter. It’s that the absence of lineage rarely announces itself. The data looks fine. The dashboard renders. The report mostly ties out. The risk lives in the assumptions you didn’t know you were making about what the data went through to get to you.

If your business teams are only asking for access, you have a gap – and in legacy environments where decades of undocumented logic sit between the source and the report, that gap is widest. The fix is to start asking for lineage too.

See Contextual Data Lineage in Action

Zengines Contextual Data Lineage is built for the environments where the lineage gap is widest – large financial enterprises with critical business logic locked inside COBOL, RPG, PL/1, and AS/400 code. We extract that embedded logic, make the data path visible, and give your teams the evidence trail they need to defend their numbers to auditors, regulators, and themselves.

If you’re working through a BCBS-239, ORSA, or Solvency II mandate, a planned mainframe migration, or a growing trust gap between your business teams and the data they consume, we’d like to hear about it.

Subscribe to our Insights