Probably the real cost is in providing adequate ongoing support, and possibly insurances, and I suspect the banks know this and might baulk at too low a figure.<p>They don't want to be left holding the bag.<p>So I would have thought a risk based approach to the situation would be in order, especially given the nature of the situation.<p>What will it cost to get external validation services performed to check the code?<p>What could it cost if you had to pay consultants to do what would be needed if there was an error or a breach associated with the module, in terms of analysis and rectification?<p>What will it cost to have people available who are familiar with the code to make any changes that might be requested?<p>What will it cost to develop the code further and stay in front of competitors or attackers?<p>What will insurances cost, given the possible losses and probability a loss could occur?<p>Will you be limited to exclusivity? e.g. not sell to other banks who might be competitors.<p>Given the above, will you need to have dedicated premises and infrastructure?<p>So what, 5-8 people at reasonable wages for skills and experience, plus insurance, premises, infrastructure and other factors, like keeping people interested to stay working for you in a maybe boring job? Plus actually make some profit and stash some cash for a rainy day or another development opportunity to pursue.<p>Starts to sound like 1-3 mill a year all up is needed to run it as a going concern, if you are going to do it properly and depending where you are based. Maybe more if insurances are expensive.<p>Otherwise, are you sure you can't sell them the IP and walk away?