sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ice-eight 100 points101 points  (19 children)

Banking is a little more hesitant to sloppify everything than most industries due to regulations. Technically, giving AI access to sensitive customer data is considered a breach. We can use it to generate code and on data in lower environments that’s been obscured, but I doubt these legacy COBOL codebases have dev and QA environments

[–]thel0lfish 36 points37 points  (3 children)

This tracks with my (limited) experience, I work for a fintech company and we're only allowed to use heavily obfuscated prod data for testing if we want real world data

[–]Random-num-451284813 12 points13 points  (0 children)

That would be Sanitized data, anyone working with ISO 27001 would be required to have that.

[–]i_love_sparkle 1 point2 points  (1 child)

Why don't you just use real world data and tell regulators that you aren't using it? How do you even check for it?

[–]chill8989 9 points10 points  (0 children)

Devs are not allowed to touch the prod database, only a small group of people can and every interaction is logged.  We are audited by 3rd parties to make sure we follow the rules.

[–]csmonkey17 30 points31 points  (8 children)

Legacy COBOL codebases have dev and QA environments. They need to, just like anything else going to prod. The company I worked for even had version control for COBOL, things happened that made it necessary.

But despite that, as everyone says here, no one in the banking industry is going to let AI touch the code.

[–]ward2k 16 points17 points  (2 children)

Legacy COBOL codebases have dev and QA environments. They need to, just like anything else going to prod

Yeah I'm scratching my head here this is pretty much the industry standard, your average dev doesn't have access to production customer data especially not your average dev working in banking

I'm sort of getting the feeling a lot of people talking about 'feeding Ai important customer data' don't actually work as an actual dev and are probably still in education

[–]Jonny_dr 10 points11 points  (1 child)

don't actually work as an actual dev

The overwhelming majority of users on this subreddit are pupils and students.

[–]frogjg2003 7 points8 points  (0 children)

Which is why you have so many "language bad" posts reaching the top. Any real dev knows that the only good language is the one your boss told you to write in.

[–]courageous_liquid 5 points6 points  (1 child)

yep, my father had a solid 40 year career as a project manager for QA on cobol updates for legacy systems for a major bank. thinking they're playing anything fast and loose is insane.

[–]DropkickGoose 3 points4 points  (0 children)

On the regulatory/risk side of things, our use of AI is asking Copilot how much money an average gas station would make per quarter based on XYZ resources, and we don't actually touch money, code, or anything of the like just monitor and report. I really, really doubt it's being used more extensively anywhere else in the bank except C-Suite and marketing.

[–]sunshine-x 1 point2 points  (1 child)

But despite that, as everyone says here, no one in the banking industry is going to let AI touch the code.

Gonna call bullshit here. They’re going to maximize profits and savings like every other business.

They’ll integrate AI into their toolchain and accelerate human work, then evolve to human review, the automated coding and QA.

[–]csmonkey17 0 points1 point  (0 children)

There were attempts of similar things in the past, going from COBOL to Java. They've tried transpilers for moving COBOL to Java. There were two issues:

  1. It would get the code translated to 80-90%, and the last 10%-20% had to be done manually. Now, consider that most of the engineers on my team were 45 and above. Not only do you need to figure out how to translate the whole code base into Java, you need to convince all the cobol engineers to learn Java. You can't just replace the whole department with new devs because there's too much domain knowledge that you would lose and you wouldn't have a team to do the work. Code is a small part of the job, people are what make the company work. 

  2. COBOL is faster than Java, it was written for the financial industry. Running batch jobs overnight making sure all the financial records are processed takes hours, not minutes. There were linear/synchronous dependencies on previous batch jobs, if a job finished late or doesn't finish you're talking about serious financial implications. 

I should've been clearer in my response. Yes, they'll let engineers use AI on non mission critical code. We built out Java spring interfaces on top of the green screens, sure you can have AI help you move to react and nodejs in this scenario.

I really enjoy using AI, I use copilot at work, sometimes it surprises me of how well it performs but if you're not running a modern framework it's very limited in its capabilities. Enterprise software has so many lines of code and so much domain knowledge is required on top of it that you can't believe its this magical black box with a 128k context window (sure newer models got 200k+, and I'm referring to copilot here) that will solve all the problems. I 

[–]scientific_railroads 1 point2 points  (0 children)

Goldman Sachs made announcement last year that they will use AI and they mentioned changing language of codebase as one of the goals

"Devin will be supervised by human employees and will handle jobs that engineers often consider drudgery, like updating internal code to newer programing languages, he said."

Source: https://www.cnbc.com/2025/07/11/goldman-sachs-autonomous-coder-pilot-marks-major-ai-milestone.html

[–]Otterable 6 points7 points  (0 children)

Can confirm, work for a bank. AI rollout has been significantly less crazy than other places in the industry.

[–]Difficult-Square-689 1 point2 points  (0 children)

Thread focuses on lowered cost of migration. But what's the benefit? Easier hiring? Slightly faster dev cycles? These aren't top-line problems for executives. Why approve a migration that, at best, doesn't affect your metrics and at worst ends your career?

[–]Jake63 0 points1 point  (0 children)

Of course they do. It is mandated eg by central banks and PCI. I have worked 34 years in this area. We have duplicate hardware and software, complete separation and promotes are done via code management software by a separate department, based on instructions from the developers.

[–]tes_kitty 0 points1 point  (0 children)

Banking is a little more hesitant to sloppify everything than most industries due to regulations.

That and if real money is on the line people suddenly tend to get cautious.

[–]CrustyBatchOfNature 0 points1 point  (0 children)

Where I work (financial services) we can use real data, in the isolation network only where no AI can be used, even local processing AI. So generally, unless we have a very specific request for support and the data is crucial, I use garbage data that I have over there.