Why insurers must put governance and legal first in AI: EY

Chris Raimondo
Chris Raimondo
EY

As insurance companies advance their AI strategies from experimentation to adoption, they must wrestle with considerations around buy-versus-build, governance, risk frameworks and legal issues.

Processing Content

Chris Raimondo, EY global and U.S. insurance consulting leader, shared insights with Digital Insurance on how to best approach these challenges.

Responses have been lightly edited for clarity. 

How are insurers currently using AI and what's ahead?

Insurers are using AI to work faster, reduce manual effort and support better decisions. The most common use cases are underwriting support, submissions intake, claims, customer service, fraud detection and across corporate functions such as information technology, finance and legal.

Carriers are moving past experimentation and treating AI as an enterprise capability, with C-suite sponsorship, dedicated funding and real accountability for results.

AI is also shifting from a productivity tool to a growth driver. Looking ahead, agentic AI will move into production across core workflows and functions, especially where it can handle pre-bind tasks, triage lower-severity claims and support decisioning. Over time, enterprise AI and physical AI will push the industry from predicting loss to preventing it, along with unlocking new growth opportunities through new products and services.

How are insurers thinking about build-versus-buy when it comes to technology deployment?

Insurers are treating build-versus-buy as a strategic choice more so than ever, not a simple either-or decision. The industry has started to shift from relying primarily on vendor-built core systems to a more intentional hybrid model, as carriers look for the speed and scale of proven platforms while reserving their own investment for capabilities that create true competitive advantage.

For most carriers, that means relying on vendor systems for the heavy lifting while building proprietary capabilities on top, especially in underwriting, pricing, decisioning and AI-enabled workflows. The goal is not to build everything. It is to build the pieces that improve loss ratio, growth and customer experience in a durable way.

Carriers with modern, cloud-based, API-first cores are moving faster because the foundation is already there. Others are having to invest in both the AI layer and the infrastructure underneath it, often in parallel.

As deployments scale, vendor partnerships will matter even more. Most insurers will not build the full stack of AI capabilities themselves, so embedded AI from core providers, plus the ability to orchestrate outside tools, will be central to how this market evolves.

What governance and risk frameworks are in place?

Governance is becoming a strategic enabler of AI scale, not just a control function. 

As insurers expand AI across the enterprise, they need a framework that addresses model risk, third-party risk, data protection, privacy, regulatory compliance and responsible oversight from the outset.

A critical part of that is traceability. Carriers need to trace model outputs and the data behind them back to a source system of record so they can defend decisions, meet regulatory expectations and resolve disputes with confidence. Just as important, they need clear controls around how sensitive data is accessed, used and protected as AI becomes more embedded in day-to-day operations.

Strong vendor-based core systems will remain essential because the carriers that can build on secure, well-governed platforms will be in a much better position to scale AI responsibly without recreating the foundational controls themselves.

That is why governance matters at the strategy level because it allows insurers to scale AI without creating unacceptable risk, while preserving trust with customers, regulators and other stakeholders over time.

What legal considerations are insurers thinking about regarding AI implementation?

Legal sits as a core stakeholder of AI implementation programs. The focus is on regulatory compliance, transparency, accountability and making sure AI systems are explainable and auditable from the start.

Insurers also need clarity around data rights, model ownership, intellectual property and liability, especially when using third-party tools. The carriers that involve legal and compliance early will be in the best position to scale AI with confidence.


For reprint and licensing requests for this article, click here.
MORE FROM DIGITAL INSURANCE
Load More