Steve, er, the other one, no, the first one, er...
Even if it's an antediluvian mainframe system, running off an extract dataset with just the fields you want should take a decent techie oh, all of five minutes.
No procedures to follow, no source code versioning, no compile even, if you're lucky, and certainly no testing required, just bash off a quick little number in SAS, or Easytrieve or whatever you have to hand, and bish bash bosh, loads 'a' data wiv the dodgy bits left aaht.
There are different ways of treating name & address data to avoid DPA issues, by the way.
The obvious way is to encrypt the stuff to death.
The less obvious way is to use a commercial software package that obfuscates specific fields with gobbledegook; point it at the names and it'll "intelligently" change them so it's no longer possible to identify the people involved, but to a human eye they are still obviously names of some sort. Point it at the addresses, and it'll do a similar job.
In this case, it seems the names needed to remain unchanged, but the bank details could have been discombobulated by software. Of course, setting up a run of this sort of software is less than trivial if you want to do a good job: I wonder if this is what was being quoted as "too expensive"?