Hong Kong expands GenAI Sandbox++ across finance as insurers ramp up AI investment and move beyond pilots

Hong Kong expands Generative AI Sandbox++ across finance: what leaders need to know

Hong Kong's financial regulators have rolled out an expanded Generative Artificial Intelligence Sandbox++ and opened it to more parts of the market. The initiative, launched on March 5 by the HKMA, SFC, IA, and MPFA with Hong Kong Cyberport, now covers banking, securities and capital markets, asset and wealth management, insurance, MPF operations, and stored value facilities.

The focus remains clear: risk management, fraud prevention, and customer interaction. The programme also backs "AI versus AI" safeguards-using AI to detect, monitor, and mitigate AI-driven risks before models go live.

What's new and why it matters

• Broader scope: cross-sector access for banks, insurers, asset managers, brokers, MPF trustees, and SVF providers.
• Hands-on support: supervisory guidance, technical assistance, and complimentary GPU time at Cyberport's AI Supercomputing Centre.
• Safe testing ground: controlled environments to validate models, workflows, and guardrails before production.

HKMA chief executive Eddie Yue called the launch "a significant milestone under our 'Fintech 2030' strategy," aimed at growth, efficiency, and customer-centricity across financial services.

Priority use cases regulators want to see

• Insurance: AI-assisted underwriting, claims triage and adjudication, fraud detection, and agent/broker enablement.
• Capital markets and wealth: suitability checks, product recommendation support, surveillance alerts, and compliance workflows.
• MPF administration: member servicing, back-office automation, and document intelligence.
• Cross-sector: secure customer chatbots, identity and transaction fraud controls, and "AI vs AI" monitoring layers.

IA chief executive Clement Cheung framed Sandbox++ as a collective push for accountable, inclusive, and prudent AI adoption-echoing the IA's AI Cohort Programme. MPFA managing director Cheng Yan-chee urged trustees and intermediaries to use advanced fintech to lift efficiency and service quality for MPF members. SFC chief executive Julia Leung encouraged licensed corporations to participate to improve efficiency, resilience, and growth.

The operating model shift: AI versus AI

The regulators are promoting an approach where AI tools help test, observe, and contain risks from other AI systems. Think model-level red teaming, real-time prompt and output filtering, anomaly detection for model drift, and automated control testing that runs in parallel to production workflows.

• Before go-live: adversarial testing, data leakage checks, fairness and explainability reviews, and human-in-the-loop calibration.
• After go-live: continuous monitoring for hallucinations, drift, abuse, and fraud patterns-plus rapid rollback and audit trails.

Global context: insurers are spending more-and scaling beyond pilots

Accenture's Pulse of Change survey (late 2025) points to bigger AI budgets and broader deployment. 90% of insurance executives plan to increase AI spend in 2026, and 85% see more upside for growth than cost reduction. 34% report deploying AI agents across several functions, moving past isolated pilots.

Usage is getting habitual at the top: almost one-third of insurance C-suite leaders use generative AI daily; 57% use it at least weekly. 29% of organisations are redesigning end-to-end processes with AI as a core component. If an AI "bubble" burst, 47% would invest more and 37% would even increase hiring.

Leaders feel readier for technology shifts (67%) than environmental (39%) or geopolitical (44%) disruption. Despite expecting more change in 2026 than in 2025 (84%), most foresee faster revenue growth (78%) and plan to hire (82%). For details, see Accenture's research overview at accenture.com.

Practical playbook for finance and insurance teams

1) Choose high-signal use cases

• Underwriting and pricing: submission intake, risk summarisation, document intelligence, and rating guidance with tight guardrails.
• Claims: triage, fraud flags, document extraction, and explainable settlement support.
• Distribution and servicing: suitability checks, script assistance, compliant recommendations, and multilingual support.
• Controls: KYC/KYB verification, anomaly detection, transaction monitoring, and staff supervision.

2) Build the control stack early

• Data governance: PII handling, retention, lineage, and encrypted inference; private retrieval for sensitive data.
• Model risk management: policy, inventories, ratings, testing protocols, and approval workflows tied to risk tiers.
• "AI vs AI" defences: toxicity and leakage filters, adversarial prompts, output validation, and drift/fairness monitors.
• Human oversight: escalation paths, sampling plans, and decision logs for auditability.

3) Engineer for production from day one

• Define KPIs/OKRs: accuracy, loss ratio impact, claims cycle time, CSAT/NPS, fraud capture, and speed-to-resolution.
• Use modular architecture: model routing, observability, feature stores, and rollback switches.
• Cost control: token budgets, caching, hybrid model mix (open vs. closed), and GPU utilisation planning.

4) Prepare people and process

• Upskill frontline and risk teams; standardise prompts and playbooks; certify power users.
• Rewrite SOPs for AI-augmented tasks; document human responsibility at each step.
• Work with unions and HR on role redesign, incentives, and safe productivity gains.

5) Join the sandbox-and structure your ask

• Scope one to three use cases with clear compliance hypotheses to test.
• Define metrics, acceptance criteria, and phase gates; bring your MRM plan to the table.
• Leverage complimentary GPU time at Cyberport's AI Supercomputing Centre for high-intensity experiments (Cyberport).
• Engage early with regulators for guidance on data use, explainability, and record-keeping.

What participants get-and what regulators expect

• Guidance: alignment on risk standards, documentation, and audit requirements.
• Technical lift: help troubleshooting model behaviour, evaluation frameworks, and safe deployment patterns.
• Infrastructure: GPU capacity for experimentation without heavy upfront spend.
• Expectations: clear ownership, measurable outcomes, governance by design, and plans for post-sandbox scaling.

For official programme updates, check the Hong Kong Monetary Authority.

Insurance leaders: fast path to value

• Start with underwriting intake and claims triage. These deliver quick cycle-time wins while improving consistency.
• Pair every customer-facing bot with a compliance co-pilot that screens prompts, references policy, and logs decisions.
• Pilot "AI vs AI" fraud screening that cross-checks documents, voice/chat interactions, and claims narratives in real time.
• Codify a single playbook for explainability, including rationale templates and adverse decision disclosures.

Metrics worth tracking

• Underwriting hit rate, quote turnaround, and loss-cost indicators.
• Claims FNOL-to-payment time, leakage, SIU referral quality, and indemnity accuracy.
• Compliance exceptions per 1,000 interactions and supervisor rework rates.
• Customer effort score, CSAT, and cost-to-serve.

Bottom line

Sandbox++ lowers the cost and risk of testing AI in live-like environments while tightening expectations on governance. With budgets expanding and leaders moving beyond pilots, the institutions that win will combine disciplined controls with focused, high-ROI use cases.

If you're in banking, wealth, MPF, or insurance, use the sandbox to validate your risk posture and scale the few things that move the needle. Then operationalise them across teams with clear metrics and a control stack that stands up to scrutiny.

Related resources: AI for Finance | AI for Insurance