In an interview with Financial Services Review, Mr. David Robertson, Director of Enterprise Architecture at Exeter Finance, discusses the challenges and emerging trends in the world of bespoke software engineering, sharing his insights into effectively navigating them. David Robertson is the Director of Enterprise Architecture at Exeter Finance, where he leads innovation in cloud-native platforms and automation in bespoke and AI integration. With a strong focus on scalability, security, and efficiency, David specializes in integrating AI, DevOps, and sustainable automation practices. He brings decades of experience in driving innovation, improving engineering excellence, and aligning technology strategy with business goals to deliver measurable, long-term value.

Current Role & Responsibilities

I serve as the Director of Enterprise Architecture at Exeter Finance, a premier auto finance company. My team is responsible for building and automating the bespoke systems that run critical parts of our automotive lending business. The systems we support are tailored in-house—designed to meet the company’s distinctive needs and to evolve as those needs change.

The core focus of my role is identifying opportunities to enhance efficiency, scalability, and resilience. A significant portion of our efforts is dedicated to reducing the manual and repetitive aspects of platform development and deployment. By automating these areas, we enable our teams to devote more time to high-value work, including critical problem-solving and informed decisionmaking that directly impacts the business. More recently, we’re also exploring how generative AI can enhance our platforms as an embedded capability that adds value within the systems themselves.

Challenges in Bespoke Development

One of the consistent challenges in bespoke software engineering is security. The challenge is particularly pressing when organizations aren’t just integrating third-party tools but building software from the ground up. Beyond meeting functional requirements, the software must be secure and performant by design.

To address this, we’ve integrated automation into our security workflows. This helps mitigate risks without requiring every team member to be an expert in every security detail. Automation acts as a bridge, filling knowledge gaps and enforcing consistency, which allows us to stay focused on delivering the features and capabilities the business truly needs.

The Value of a Learning Mindset

Several years ago, my team and I were tasked with something entirely new for the organization: building a customer-facing application in the cloud. At the time, this was a significant departure from our traditional approach, which relied heavily on private data centers. We were starting from scratch—new architecture, new tools and limited internal experience with cloud-native development.

The learning curve was steep, but the realization came quickly that automation would be the key to scaling efficiently. We developed tooling to automate infrastructure provisioning, application deployment and testing processes. This allowed us to streamline the entire development lifecycle—from spinning up environments to publishing changes—without needing to create multiple teams to manage each step manually. By embracing automation early, we can accelerate delivery and establish a foundation for long-term agility and operational efficiency.

AI continues to dominate headlines, but the focus is shifting from novelty to practical application. Rather than treating AI as a standalone feature, the goal is to embed it as a core capability or another tool in the engineering toolkit used to solve existing business challenges more effectively. Over the next 12 to 18 months, the focus will be on purposeful integration rather than experimentation.

There is also a growing array of AI tools designed to boost productivity, such as copilots, virtual assistants, and intelligent automation. These can deliver meaningful gains, but their effectiveness depends on how well they align with existing workflows and business objectives. Success will come from deploying AI with clear intent and measurable outcomes.

When evaluating AI tools—whether off-the-shelf or custombuilt—it’s worth considering more than just features and functionality. Governance, risk, and security should be front and center, especially when working with sensitive data like customer records or proprietary business information. Understanding where data is stored, how it’s processed, and how long it’s retained is essential.

On the technology side, long-term viability matters just as much as short-term performance. Some tools may be heavily marketed but face regulatory uncertainty or lack financial stability. Taking the time to assess the platform’s maturity, funding sources, and compliance posture can help avoid surprises later. The goal isn’t just to adopt AI—it’s to embrace it responsibly.