Adapting Software Development for AI-Powered Code Generation in Finance and Insurance

Published by Holger A. Brinkhaus on

This report explores how AI-driven code generation is reshaping the way we build software. Starting with lessons from the era of assembler programming—when engineers achieved extraordinary feats on minimal hardware—it draws parallels to today’s shift toward AI-assisted development.

It provides practical, actionable recommendations for companies, especially in finance and insurance, on how to adapt quality assurance, ensure regulatory compliance, and maintain traceability when AI enters the development pipeline. The report also examines how the choice of programming languages and frameworks influences AI effectiveness, and why over-reliance on existing code patterns could limit future innovation.

The aim: help organizations harness AI’s productivity leap while protecting software quality, regulatory compliance, and long-term innovation capacity.

Early software engineering required working directly in assembly language, pushing hardware to its limits. In the 1960s, NASA’s Apollo Guidance Computer (AGC) had only 72 KB of read-only memory and 4 KB of RAM – roughly 30 million times less processing power than a modern PC.

Detail of Apollo Guidance Computer (AGC) core rope memory, where software was literally woven into wire. The AGC`s programs were stored in this hand-craftes ROM (~72KB), enabling the 1969 Moon landing in an extremely limited 4 KB RAM computer

Yet, engineers wrote highly optimized assembly code that successfully guided astronauts to the Moon. Every byte was precious, so programmers had to ration each word of memory and write ultra-efficient routines. The AGC’s success – software literally woven into core rope memory modules – stands as an amazing feat accomplished with meager computing resources. This era demonstrated that, with enough ingenuity, complex tasks (like real-time spacecraft navigation) could run on extremely limited hardware. Assembly language became the foundation for early operating systems and applications, proving that well-crafted low-level code could achieve remarkable outcomes. Even today, assembly endures in specialized niches (e.g. embedded systems and device drivers) where direct hardware control and optimization are paramount. This historical perspective highlights how far abstraction has advanced – from hand-crafted bit-level code to modern high-level languages and now to AI-assisted code generation – each step aiming to increase developer productivity without sacrificing reliability.

From Assembly to AI: Evolution of Coding Abstraction

The progression from assembly to higher-level languages greatly improved software development efficiency. Languages like C, C++ and Java abstracted away many low-level details, allowing developers to focus on business logic rather than manual memory management. Each leap in language abstraction (from assembly to C, from C to Java/Python, etc.) delivered roughly an order-of-magnitude productivity boost for programmers. Today, AI-driven code generation represents the next revolutionary abstraction layer. Large Language Models (LLMs) and code assistants (e.g. GitHub Copilot, ChatGPT) can produce code from natural language descriptions, potentially acting as an “AI compiler” that translates high-level intent directly into working code. This promises another major productivity leap, enabling a single developer to accomplish what once required a team. However, just as early high-level languages did not eliminate the need for assembly in certain contexts, AI-generated code will not eradicate traditional programming altogether. There will remain scenarios – especially low-level, performance-critical, or highly regulated cases – where human oversight and detailed coding are indispensable. In essence, AI coding tools are best viewed as co-pilots rather than replacements: they automate boilerplate and suggest solutions, while human engineers provide guidance, domain knowledge, and critical review. The challenge for organizations is learning to effectively integrate this new level of abstraction into their development lifecycle, which requires rethinking quality assurance and compliance processes.

Quality Assurance in the AI Era: Recommendations for Companies

AI-powered code generation can accelerate development, but it also demands adaptations in Quality Assurance (QA) to maintain software reliability. Companies, particularly in finance and insurance, should consider the following recommendations to adjust their QA processes in the age of AI-assisted coding:

  • Maintain Independent Test Development: Ensure that unit tests are created independently from the AI-generated code. For example, have separate developers or even a separate AI tool generate test cases based on requirements, so that tests do not inadvertently share the same assumptions or flaws as the generated implementation. This separation of concerns increases the likelihood that bugs in AI-produced code will be caught. Modern AI tools can even assist by automatically generating unit tests to exercise different code paths, but these should be reviewed and augmented by QA engineers to verify they truly cover the specification. The key is that QA must not be an afterthought – treat AI-written code with the same rigor as you would human-written code, starting with a robust suite of independent tests.
  • Implement AI-Assisted Code Reviews: Incorporate a “generate-review” loop where an AI agent (or a human) reviews the AI-generated code against the original requirements. This provides a safety net to catch mistakes and deviations from specifications. In practice, teams have found that after an AI produces code, asking either a second AI or a human reviewer to verify compliance with the requirements can reveal issues and even have the AI itself fix many of its mistakes. Leveraging AI in a reviewer role – much like a pair-programmer double-checking the work – can enforce coding standards and ensure the solution actually meets the intended business logic.
  • Strengthen Test Automation and CI/CD Integration: Treat AI-generated code as you would any code by running it through rigorous automated test suites and static analysis tools. It’s wise to integrate AI coding tools with your continuous integration pipeline so that any suggestion or generated code is automatically compiled, tested, and checked for security issues. Many AI development assistants now offer features like automated test generation and full-stack scaffolding – ensure these tests run in CI and that failures are caught early. In highly regulated sectors, consider adding extra gates in the pipeline (such as approval steps or static analysis with compliance rules) before AI-written code is merged.
  • Enforce Coding Standards and Policies: Companies should update their coding standards to encompass AI contributions. Define guidelines for acceptable AI usage (e.g. forbidding AI suggestions for certain safety-critical modules, or requiring human sign-off). Use policy enforcement features if available – for example, some AI coding tools allow blocking of insecure coding patterns or inclusion of certain licenses. By configuring these guardrails, organizations can prevent common pitfalls (like AI inadvertently introducing vulnerabilities or using incompatible open-source code). A policy-driven approach to AI-generated code ensures that compliance and security requirements are met by design.
  • Train and Upskill QA Teams: Finally, invest in training QA engineers and developers to work effectively with AI tools. QA teams in finance and insurance should learn how to interpret AI-generated outputs and identify potential failure modes. This includes understanding that AI suggestions are probabilistic and can be incorrect or non-compliant. Teams might practice “red-teaming” the AI – intentionally probing it with edge cases and tricky scenarios to see how the generated code handles them. By developing an intuitive grasp of where AI tends to err (e.g. handling of rare conditions, off-by-one errors, etc.), testers can better target their efforts. Encourage a culture where no AI-generated code goes live without thorough QA and human approval, reinforcing that accountability ultimately lies with the development team, not the tool.

By implementing these QA adaptations, enterprises can confidently harness AI coding assistance while preserving (and even improving) software quality. Tools that generate code or tests can certainly boost productivity, but the responsibility for correctness and reliability remains with the organization’s QA process. In short: trust, but verify every AI contribution through independent testing and oversight.

Traceability and Compliance in Regulated Industries

In highly regulated sectors like finance and insurance, traceability and auditability are not optional – they are mandatory requirements. Any shift toward AI-generated code must respect the stringent compliance standards these industries uphold. A critical concern is ensuring that the software development process remains transparent and explainable from requirements to deployed code. Regulatory mandates (financial regulations, data protection laws, etc.) demand not just functional correctness, but also the ability to verify who created code, how it was created, and why. For instance, auditors may require evidence of code reviews, test results, and even the decision rationale behind code changes. If an AI is involved in code creation, companies must document its involvement to maintain this traceability.

AI coding tools pose new challenges for compliance. Development teams in banking, insurance, healthcare and other regulated fields have voiced concerns that AI suggestions might introduce logic that cannot be easily verified or might copy in code from unknown sources. There is a real risk of violating internal policies or external regulations if, say, an AI inadvertently uses an insecure practice or a GPL-licensed code snippet. Moreover, black-box AI decisions can undermine the explainability regulators expect. In practice, the lack of explainability in AI outputs often necessitates extensive manual validation, reducing stakeholder trust and negating much of the efficiency gains. In other words, if a bank cannot explain how a piece of code was generated or justify that it meets compliance rules, that code might be deemed unusable no matter how quickly it was produced.

To address these issues, organizations should implement strong traceability measures for AI-generated code. Modern AI development platforms are beginning to offer features for this purpose. For example, teams can enable inline markers or comments identifying AI-generated lines of code, attach metadata about AI model versions to Git commits, or label pull requests that include AI contributions. Such practices ensure that if a defect is later found in production, engineers can trace it back to whether it was AI-introduced and under what context. Additionally, logging and audit trails should capture AI activity: which model suggestion was accepted, by whom, and when. These logs become part of the compliance evidence. In the event of an incident, this level of traceability allows root-cause analysis that maps defects to their origin – a necessity in environments where accountability is critical.

Another consideration is maintaining an intermediate code artifact even if AI tools could theoretically generate executable systems from requirements. In regulated domains, the source code itself often serves as a legal artifact that must be peer-reviewed and stored for years. Companies in finance/insurance are therefore unlikely to eliminate the code implementation step any time soon, because doing so would remove a level of control and visibility. Instead, the emerging best practice is a human-AI collaboration model: AI can draft the code, but human developers curate it, ensure it meets requirements, and produce the final source code that is checked into version control and audited. This way, the “code creation” step remains in place as a checkpoint where traceability and compliance checks occur, even if AI did most of the heavy lifting behind the scenes. In fact, industry experts emphasize that the future of coding in regulated environments will be a shared effort between human engineers and intelligent machines, with governance and oversight as the glue that binds them. Speed and automation are beneficial, but not at the cost of losing process visibility that regulators demand. For financial and insurance firms, it’s crucial to integrate AI in a way that augments development while strengthening compliance – for example, using AI to generate code along with a built-in audit trail, and auto-generating documentation or test evidence to satisfy regulatory scrutiny.

In summary, regulated industries can reap the efficiency benefits of AI-assisted coding only if they embed robust traceability and compliance checks into their AI development workflows. By doing so – and by retaining a clear, auditable code artifact – banks and insurers can innovate with AI while still meeting their legal and fiduciary responsibilities for accountability.

Implications for Programming Languages and Frameworks

AI code generation heavily relies on publicly available codebases, examples, and frameworks—because models are trained on them. This often improves the accuracy and speed of AI-generated code, but it also shapes which languages and frameworks benefit most.

  • High-Level, Popular Languages: Languages like Java, C#, and Python tend to have extensive open-source ecosystems and well-defined idioms, making it easier for AI to generate correct, idiomatic code. Static typing in Java and C# helps catch AI-generated errors at compile time, while Python’s simplicity allows for rapid iteration and testing. C++, while well-known, is more prone to subtle pitfalls (manual memory management, undefined behavior) that require more human oversight. Nevertheless, AI models trained on abundant C++ examples can still perform well, particularly in established patterns.
  • Frameworks and Conventions: Using established frameworks such as Spring Boot (Java) or ASP.NET (C#) provides structure and predictable patterns for AI to follow. These frameworks reduce boilerplate and enforce best practices, which aligns well with the pattern-matching nature of AI code generation. The result is often higher initial quality and better maintainability. Without such frameworks, AI suggestions may be less consistent and harder to integrate.
  • Dependence on Existing Patterns: As I already notes in AI Bubble or Productivity Leap?, today’s AI models recombine what already exists. This means they excel when reusing standard approaches, but may struggle to produce fundamentally new architectures or frameworks. If fewer developers work on “foundational” innovations—such as creating new frameworks or novel algorithms—the source material AI depends on could stagnate. Over time, this risks creating a feedback loop where AI output becomes repetitive, narrowing the diversity of solutions.
  • Short-Term Productivity vs. Long-Term Innovation: Leveraging AI with popular frameworks brings immediate productivity gains, especially in enterprise contexts. But an overreliance on existing stacks could suppress experimentation and innovation, particularly in areas not well represented in AI training data.

Practical Guidance for Companies

  1. Play to the AI’s strengths: Use popular, well-documented languages and frameworks for AI-assisted projects to maximize quality and reduce the guidance needed.
  2. Balance with human innovation: Encourage developers to not only adapt AI output but also contribute back to frameworks, libraries, and design patterns—feeding future AI training data with fresh, innovative examples.
  3. Guard against over-standardization: Periodically review the tech stack and experiment with less common tools or approaches to prevent architectural stagnation.
  4. Use frameworks strategically: Let frameworks provide a safe, consistent base while AI accelerates their application. Avoid letting AI generate “from scratch” architectures without human oversight.
  5. Preserve architectural diversity: For regulated industries, maintaining a variety of approaches ensures resilience, helps meet compliance, and reduces single-point dependencies on one style of code generation.

By combining AI’s pattern replication strength with deliberate human-led innovation, organizations can capture both short-term efficiency and long-term adaptability—avoiding the “innovation drought” Brinkhaus warns against.

Conclusion: Balancing Innovation with Accountability

The advent of AI-driven code generation is transforming how software is developed. Companies in finance and insurance stand to gain faster development cycles and reduced costs as AI assistants automate repetitive coding tasks and help developers write code more efficiently. However, to fully realize these benefits, organizations must thoughtfully adapt – not abandon – their existing engineering rigor. History reminds us that new abstractions (from assembly to high-level languages to AI) can dramatically increase productivity, but sound engineering principles remain constant. Quality assurance, testing, and traceability are more important than ever when an unpredictable AI is part of the development loop. By implementing independent testing, thorough reviews, and strong compliance checkpoints, firms can ensure that “AI-written” does not mean “unchecked”. Regulated industries, in particular, should proceed with caution and clarity: introduce AI as a powerful tool in the developer’s toolkit, but continue to require that every line of code – no matter who (or what) wrote it – is justified and auditable.

In the near future, we can expect a human-AI partnership model in software projects. AI will handle more of the grunt work, and humans will provide oversight, domain knowledge, and final judgment. This collaboration can indeed deliver exponential productivity gains, as long as companies also invest in the process adjustments and cultural mindset to use AI responsibly. Finance and insurance organizations that strike this balance will be able to innovate rapidly with AI while maintaining the trust of regulators, customers, and other stakeholders. The intermediate step of code creation, with all its documentation and review, will not vanish overnight – especially not where transparency is paramount – but it will become more streamlined and supported by AI. In essence, the goal is to harness AI as a force-multiplier for developers, not a replacement. By keeping software engineering “report-like” – structured, transparent, and evidence-driven – even as AI takes on larger roles, companies can confidently navigate the new era of coding. The message to tech leaders in these sectors is clear: embrace the AI revolution, but fortify your QA and compliance evolution in parallel. This way, you leverage the best of both worlds – cutting-edge automation with rock-solid assurance – as you build the financial and insurance software systems of tomorrow.

Sources:

  1. Kyrlynn D. “What Happened To Assembly Language? Do We Need It Anymore?” Quantum Zeitgeist – Technology News, Aug. 16, 2024
  2. Arxiv (2022). Brief Analysis of the Apollo Guidance Computer – AGC specification
  3. Ken Shirriff’s Blog (2019). “Software woven into wire: Core rope and the Apollo Guidance Computer.” – Memory details of AGC
  4. GoCodeo (J. Garg, 2025). “Evaluating AI Coding Tools for Regulatory Compliance, Testing, and Traceability.” – AI in regulated industries
  5. Ibid. – Importance of traceability and audit trails
  6. Shah et al. (2023). “Explainability as a Compliance Requirement… in Regulated Industries.” – Explainability issues requiring manual validation
  7. Martin Fowler (2023). “How far can we push AI autonomy in code generation?” – Using a review agent to catch mistakes
  8. Zencoder (2023). “Real-world Use Cases of AI Code Generation.” – AI-generated tests for better coverage
  9. Reddit (Brian Coords, 2023). “Is LLM-generated code good for open source?” – LLMs excel with popular frameworks
  10. Diffblue (Z. Laycock, 2024). “Accelerating unit test generation: Assistants vs. autonomous AI.” – Specialized AI for Java testing
Categories: Talent & Transformation

Related Posts

Talent & Transformation

Flexibility Despite DORA: Smart Use of IDV Tools in Banks

Introduction Banks are facing the challenge of using Individually Developed Applications (IDV) flexibly while complying with increasingly strict regulatory requirements. IDV – often referred to as End-User Computing (EUC) – includes any tools developed or Read more

Talent & Transformation

AI Bubble or Productivity Leap? Why Long-Term Success Requires More Than Artificial Intelligence

Over the past few months, I’ve noticed an interesting trend: platforms like SourceForge, once vibrant hubs for open-source innovation, are seeing a decline in activity. At the same time, we read daily about the rise Read more

Talent & Transformation

From Banks to Energy Traders – Why Financial Quants Are Jumping Ship

In recent years, a noticeable trend has emerged in the European financial services sector: a growing number of business analysts, quantitative modelers, and trading system experts are leaving banks to join energy companies and commodity Read more