Compliance teams become AI verification layer in insurance
Thu, 9th Jul 2026 (Today)
INSTANDA Chief Executive Officer Tim Hardcastle said compliance teams are becoming a verification layer for artificial intelligence in insurance, with the shift most visible in underwriting, pricing and claims.
He argued that, as generative systems move deeper into customer-facing and operational decisions, insurers face a more immediate problem than routine rule-checking. The central question, he said, is how firms prevent inaccurate or hallucinated outputs from causing financial harm to policyholders and costly errors for the business.
The issue is emerging as companies adopt AI faster than they build the controls needed to oversee it. Many large organisations are already using or testing AI tools, but governance structures for auditing outputs, tracing decision paths and explaining model behaviour remain uneven.
That gap has wider financial implications. IBM research has repeatedly put the average global cost of a data breach at more than USD $4 million, underscoring the cost of weak data controls and poor oversight.
In insurance, the stakes are particularly high because decisions on risk, premiums and claims can directly affect customers financially. If an AI system produces a recommendation that appears convincing but is wrong, firms may still have to account for how the decision was made and who approved it.
Compliance shift
Hardcastle said this pressure is shifting compliance from a function that reviews decisions after the fact to one embedded in the process. Rather than acting only as a final checkpoint for regulatory alignment, compliance teams are increasingly expected to test whether AI-generated outputs are factually sound before they are used internally or shown to customers.
That creates a practical challenge for insurers seeking to scale AI while staying within regulatory expectations. Explainability has long been a concern in regulated sectors, but generative AI adds another layer of uncertainty because systems can produce plausible answers even when they are not grounded in verified information.
For insurers, that makes auditability more than a reporting exercise. Firms need workflows that allow them to trace how a model reached an outcome, what data informed it and whether a human reviewer had the opportunity to challenge the result before action was taken.
Governance questions
The broader debate is moving beyond whether AI should be governed to how trust is designed into the systems themselves. In that context, compliance leaders are taking on a more operational role in setting the checks around AI models and defining when human intervention is required.
Questions of accountability are likely to become harder as adoption widens. If an automated recommendation affects a claim outcome or pricing decision, insurers may need to show not only that the model met internal standards, but also that there was a clear mechanism to identify and correct false or unsupported outputs.
This is especially relevant as insurers experiment with generative tools in areas where staff may be tempted to rely on fluent answers without fully testing them. The risk is not simply that a system makes a mistake, but that the mistake moves through business processes because it appears credible at first glance.
Hardcastle's assessment reflects a wider concern in regulated industries that AI oversight cannot remain separate from day-to-day decision-making. If governance sits too far downstream, firms may find they are reviewing problems only after they have already affected customers, pricing or claims handling.
In practice, this points to a model in which compliance works more closely with technology, risk and operations teams. The aim is to build controls into decision-making processes from the start, so audit trails, review points and escalation paths are in place before AI tools are widely deployed.
That approach also changes how insurers may measure readiness for wider AI use. Adoption alone is no longer a useful marker if companies cannot show that outputs can be checked, challenged and explained when they influence regulated decisions.
Hardcastle said compliance is becoming "an active verification layer for AI systems - responsible not only for regulatory alignment, but for validating factual accuracy before outputs reach customers or internal decision-makers".