13 August 2025
4 min
Insurers are embracing the opportunity offered by the power of artificial intelligence (AI), and especially generative artificial intelligence (GenAI), to carve out a competitive advantage by improving their products and services and streamlining their operations. This is exciting to see, but as actuaries, we can’t help but talk about the risks involved and how they can be managed. The FCA also has a part to play in how the UK financial services sector adopts AI, and the recent launch of the “supercharged sandbox” indicates that this role could be changing in a meaningful way.
There are multiple examples in the market of AI adoption by insurers, which range from those which drive internal efficiencies to those that provide real value to customers, for example:
These examples demonstrate how many insurers have transitioned from the research and development phase into the production phase with their AI use cases. As adoption grows, it's important that these technologies are implemented with a strong foundation of risk management.
As an insurer starts to develop and use AI tools in areas like underwriting, claims handling, and customer support, the universe of risks to which it's exposed to widens greatly. This goes beyond internal use cases where the data is less varied and the stakes are slightly lower, as more steps separate the AI tools from customer outcomes. For example, using GenAI to summarise customer data or respond to claims can introduce potential uncertainty to the impact on customer outcomes because of bias (which may be introduced or amplified by GenAI models) and the lack of transparency of GenAI models. There are also ethical issues and security challenges surrounding the use of customer data in both the training and deployment of GenAI models.
Some specific and notable examples of the possible risks include:
Whilst most of these examples are not related to the financial services sector, they still highlight the potential for severe adverse impacts on customer outcomes, brand and regulatory compliance. Therefore, a strong focus on risk management is required when implementing GenAI use cases with customers.
To make the most of AI while managing the associated risks, insurers need the right internal controls in place. From our perspective, that requires focus on four key areas.
Designing metrics to monitor AI performance: To measure and communicate the risk associated with AI deployments, metrics will be key, and so care should be taken in making sure these are appropriate given the risk appetite and the particular use case. The most important factor to consider here is how metrics can track customer outcomes associated with the use case(s) over time. For example, customer satisfaction score, customer effort score (how easy did it feel to resolve your issue?), and the first contact resolution rate. These metrics must be designed carefully, and the level of granularity should be set at the right level to properly assess different use cases and customer archetypes, especially vulnerable customers.
Setting thresholds and agreeing on possible management actions: Firms must set boundaries against these metrics, with defined steps to be followed if these are crossed (for example, following a three-light system to indicate severity). For example, if the customer satisfaction score falls at a certain rate and/or below a specific threshold for a particular use case, then a review of relevant information like customer interaction transcripts could be triggered. Other measures could involve pausing deployment of specific features or more frequent escalation of human-in-the-loop. These responses help to reduce the risk of issues escalating out of control.
Fostering transparency of AI use: Transparency around how the AI models are developed and decisions are made is crucial. Good documentation not only meets regulatory needs, but it also provides a factual basis of how models work, which can be communicated to customers and other key stakeholders, which builds trust, especially when AI is affecting sensitive areas like underwriting and claims settlement.
Effective Governance of AI: Ultimately, accountability should rest at the Executive level, but strong governance also requires a defined risk appetite that links to the monitoring metrics, with independent oversight from the risk function. Identifying specific individuals and committees accountable for these and any other AI decisions ensures clarity, confidence and effective governance.
With one of its most recent announcements, the Financial Conduct Authority (FCA) is looking to play an important role here as the financial services sector builds GenAI use cases into products and services.
The Supercharged Sandbox, recently launched by the FCA, is designed to help firms test and develop AI tools in a safe and supportive environment. It gives insurers access to high-quality datasets, technical guidance, and early feedback on regulatory expectations, so they can explore new ideas while managing risks more effectively. The Sandbox also allows firms to engage directly with regulators during the early stages of innovation, reducing uncertainty and supporting more confident deployment.
This collaborative approach by the regulator is welcomed news, enabling insurers to innovate more safely.
AI will play an important role in shaping the future of the insurance industry. As adoption grows, its impact and its success will likely depend on how thoughtfully insurers approach areas such as governance, transparency, and alignment with evolving regulation. Regulators like the FCA are more supportive than they have ever been, and this presents a chance that insurers should seek to make the most of.
Hymans Robertson can provide a wealth of experience to support our clients navigating risk and regulatory issues, including those considered within this article. If your team is considering how best to implement AI safely and effectively, we'd be pleased to share our perspective and expertise. If so, Please get in touch or reach out via your usual Hymans Robertson contact.
1. The Guardian (2023). Two US lawyers fined for submitting fake court citations from ChatGPT.
2. Futurism (2023). CNET's Article-Writing AI Is Already Publishing Very Dumb Errors.
3. Washington Post (2024). Air Canada made to pay due to Chatbot error.
4. CX Today (2025). Virgin Money ChatBot’s unfortunate reprimand.
5. BBC News (2024). DPD error caused chatbot to swear at customer.
This blog is based upon our understanding of events as at the date of publication. it's a general summary of topical matters and should not be regarded as financial advice. It should not be considered a substitute for professional advice on specific circumstances and objectives. Where this blog refers to legal matters please note that Hymans Robertson LLP is not qualified to provide legal opinion and therefore you may wish to obtain independent legal advice to consider any relevant law and/or regulation. Please read our Terms of Use.
We pride ourselves on being thought leaders and are constantly discussing the many issues facing and shaping our industry. Sign up to find our current thinking on topical issues.
Opens in new window Subscribe
