Skip to content

AI development guardrails
Code DT-011
Domain Data & Technology
Owner Chief Technology Officer
Status Draft
Applicability Platform
Jurisdiction NZ + AU
Business domain BD09
Review date 2027-03-27

Regulations: CPS 234 Information Security · CPS 230 Operational Risk Management · AU Voluntary AI Safety Standard

Governs the use of AI tools in the bank's development and design processes — covering the discover & design mode (architecture, policy, planning) and the code generation mode (AI-assisted coding). Runtime AI governance is covered by DT-009.

Scope

Applies to all team members using AI tools to produce content committed to this wiki, code committed to any of the eight system domain repositories, or decisions recorded as architectural decisions or policy. Tool-agnostic — applies to all AI assistants, code completion tools, and language models regardless of provider.

Mode 1: Discover & design guardrails

These rules govern AI tools used for architecture, policy drafting, wiki content creation, and planning.

  1. Propose before implement. For any content involving an architectural decision, technology choice, policy position, or governance obligation: the AI shall state the proposed direction and wait for human confirmation before writing files or committing changes.

  2. Surface assumptions explicitly. If the AI infers intent from context, it shall flag the assumption before acting on it. Silent assumptions embedded in committed content — technology choices, paradigm decisions, scope boundaries — are prohibited.

  3. Corrections require confirmation. When an error is identified in already-committed content that touches an architectural decision or policy: the AI shall describe the error, propose the correction, and wait for confirmation before editing. It shall not correct-and-commit in a single step.

  4. The AI is an author, not an architect. Wiki content records human decisions. The AI's role is to draft, structure, cross-check, and challenge — not to determine the bank's architectural or policy positions.

  5. Guardrails are extended over time. When a new pattern or failure mode is encountered in the discover & design mode, a new rule shall be added to this policy and to CLAUDE.md. Rules are additive, not replaced.

Mode 2: Code generation guardrails

These rules govern AI tools used to generate application code, tests, configuration, and infrastructure definitions.

  1. Same gates, no exceptions. AI-generated code is subject to the same pipeline gates, code review, test coverage requirements, and security scanning as human-written code. There is no AI-generated code path that bypasses a gate.

  2. No sensitive data in prompts. Customer data, PII, secrets, credentials, internal system identifiers, and unreleased financial data shall not be included in prompts sent to external AI services. Treat any prompt to an externally-hosted model as potentially non-confidential.

  3. Human review before merge. AI-generated code requires a human code review before merge to main. The reviewer is accountable for the merged code regardless of its origin.

  4. Attribution in commits. AI-assisted commits shall include co-author attribution in the commit message. Example: Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>.

  5. No autonomous promotion. AI tools shall not push to main, create pull requests, or trigger environment promotions without explicit human instruction. The human initiates all promotions.

  6. Security scans are mandatory. SAST and dependency vulnerability scans shall run on all AI-generated code. A critical finding blocks deployment regardless of whether the code was AI-generated.

Data handling in AI development tools

  1. This wiki and the eight code repositories contain architectural decisions, compliance obligations, and system designs that are commercially sensitive. They shall not be submitted to publicly-accessible AI models unless those models operate under an enterprise data agreement with no training on submitted content.

  2. The approved set of AI development tools and their data handling classifications shall be maintained by the CTO and reviewed annually or whenever a tool is added or changed.

Tooling governance

  1. AI tool selection for development shall consider: data residency (NZ + AU), enterprise data handling agreements, and the tool's alignment with DISR Voluntary AI Safety Standard principles.

  2. No AI tool shall be used in the development pipeline that cannot provide a complete audit log of its actions. Pipeline AI actions must be as auditable as human actions.

Satisfying modules

(No modules assigned yet — manual process)

Part of Data & Technology · Governance overview Compiled 2026-05-22 from source/entities/policies/DT-011.yaml