Other relevant parties, such as the Association of British Insurers, have provided guidance to their members on the use of AI.
Navigating AI
In order for the insurance industry and other sectors to make the most out of AI, businesses will first need to map out where they are already using AI systems. You can only control what you understand.
And similar to when businesses first began their GDPR compliance programmes, the starting point is often to identify where within the organisation they are using personal data and, in particular, where they are using AI systems that are higher risk because of the sensitivity of the data they are processing or the criticality of the decisions for which they are being used.
Once the mapping stage is complete, organisations should then begin the process of building a governance and risk management framework for AI.
The purpose is to ensure clearly defined leadership for AI is in place within the business, such as a steering or oversight group that has representation from different functions, articulating the business's overall approach to AI adoption.
Organisations will also need to decide how aggressive or how risk averse they want their business to be regarding the use of AI. This includes drafting key policy statements that will help to clarify what the business is prepared to do and not do, as well as defining some of the most fundamental controls that will need to be in place.
Following this, more granular risk assessment tools will be needed for specific use cases proposed by the business that can be assessed, including a deeper dive on the associated legal risks, combined with controls on how to build the AI system in a compliant way, which can then be audited and monitored in practice.
The approach that a business takes will also depend significantly on whether they buy their AI systems from a technology vendor or instead buy in the data they need for their own in-house AI system, as well as potentially selling AI to their own customers at the other end of the pipeline.
An insurance broker, for example, might sell certain services to an insurer that depends on the use of AI and will therefore need to consider how they manage their risk at both ends of that pipeline in terms of the contracts, the assurances that they get from their vendors, and whether they are prepared to give the same assurances to their customers.
The challenge with AI at present is that use cases are continuously emerging and consequently demand is increasing. Therefore the creation of governance frameworks and processes need to be designed alongside the business processes to assess and prioritise the highest value AI activities and investments.
