INSTANDA CEO Tim Hardcastle said compliance teams are becoming a verification layer for artificial intelligence across insurance, with the shift most visible in underwriting, pricing, and claims. He argued that as generative systems move deeper into customer-facing and operational decisions, insurers face an immediate problem: how to prevent inaccurate or hallucinated outputs from causing financial harm to policyholders and costly errors for the business.
The issue is emerging as companies adopt AI faster than they build the controls needed to oversee it. Many large organisations are already using or testing AI tools, but governance structures for auditing outputs, tracing decision paths, and explaining model behaviour remain uneven. IBM research has repeatedly put the average global cost of a data breach at more than USD $4 million, underscoring the cost of weak data controls and poor oversight. In insurance, the stakes are particularly high because decisions on risk, premiums, and claims can directly affect customers financially.
Compliance shift
Hardcastle said this pressure is shifting compliance from a function that reviews decisions after the fact to one embedded in the process. Rather than acting only as a final checkpoint for regulatory alignment, compliance teams are increasingly expected to test whether AI-generated outputs are factually sound before they are used internally or shown to customers. That creates a practical challenge for insurers seeking to scale AI while staying within regulatory expectations. Explainability has long been a concern in regulated sectors, but generative AI adds another layer of uncertainty because systems can produce plausible answers even when they are not grounded in verified information.
For insurers, auditability becomes more than a reporting exercise. Firms need workflows that allow them to trace how a model reached an outcome, what data informed it, and whether a human reviewer had the opportunity to challenge the result before action was taken. This shift highlights the growing need for insurance professionals to understand AI oversight, an area covered in resources like AI for Insurance.
Governance questions
The broader debate is moving beyond whether AI should be governed to how trust is designed into the systems themselves. Compliance leaders are taking on a more operational role in setting the checks around AI models and defining when human intervention is required. Questions of accountability are likely to become harder as adoption widens. If an automated recommendation affects a claim outcome or pricing decision, insurers may need to show not only that the model met internal standards, but also that there was a clear mechanism to identify and correct false or unsupported outputs.
This is especially relevant as insurers experiment with generative tools in areas where staff may be tempted to rely on fluent answers without fully testing them. The risk is not simply that a system makes a mistake, but that the mistake moves through business processes because it appears credible at first glance. Hardcastle said compliance is becoming "an active verification layer for AI systems - responsible not only for regulatory alignment, but for validating factual accuracy before outputs reach customers or internal decision-makers."
Why this matters for insurance professionals
Insurance professionals will increasingly need to work alongside compliance, technology, and risk teams to embed checks into AI decision-making. The shift makes compliance a frontline function, not a back-office review. Teams that build audit trails, clear review points, and escalation paths now will be better positioned to scale AI safely. For those looking to deepen their expertise, the AI Learning Path for Regulatory Affairs Specialists provides a structured way to understand AI oversight, risk monitoring, and policy automation in regulated environments.
Your membership also unlocks: