As AI moves from experimentation into everyday business operations, the conversation is shifting from capability to accountability, especially in regulation-heavy contexts. For insurers, this increasingly means understanding how to govern AI, where responsibility sits, and how to balance innovation with regulatory and operational risk.
These questions were at the center of a recent HTEC-hosted gathering of insurance leaders, bringing together executives and decision-makers from across the industry. Moderated by Gary Duggan, Strategic Advisor and Insurance Transformation Leader, the panel featured Darren Coomer, CIO at Tesco, and Michael Sicsic, Managing Partner at Sicsic Advisory. The conversation ranged from regulatory preparedness and board accountability to data quality, legacy technology, and the practical realities of implementing AI in highly regulated environments.
Building for AI while regulation catches up
Much of the discussion around AI regulation assumes regulators are trying to catch up with technology. The reality is more nuanced. As AI continues to evolve, insurers and regulators are confronting many of the same questions at the same time: what constitutes effective oversight, where accountability should sit, and how organizations can safely scale AI without stifling innovation.
This is one reason why AI regulation has so far evolved more cautiously than many expected. Rather than introducing entirely new rulebooks, regulators have largely focused on applying existing principles around governance, risk management, operational resilience, and customer outcomes to emerging AI use cases. The expectation is not necessarily more regulation, but greater confidence that firms understand, control, and can explain how AI is being used.

That does not mean regulators are taking a hands-off approach. As AI capabilities advance, supervisory attention is increasingly concentrating on specific areas of risk. One example discussed during the panel was the recent warning from the Bank of England, FCA, and HM Treasury about the cybersecurity risks posed by increasingly capable AI models, highlighting concerns around operational resilience and cyber risk rather than AI itself.
As panelists noted, regulators are increasingly looking to “learn by doing” alongside industry, rather than relying solely on traditional supervision models. FCA’s AI sandbox initiative is a great example, allowing firms to experiment with AI solutions in a controlled environment while helping regulators better understand emerging use cases and risks.
Who owns the outcome?
One of the more difficult questions raised by AI is not technical but organizational: who is ultimately accountable for decisions influenced or made by AI systems? This challenge becomes more complicated as AI systems continue to evolve after deployment. Unlike traditional software, AI is not a “once-and-done” implementation. Models change, learn, and require ongoing oversight, raising questions about who owns not only the initial deployment but also its long-term performance and behavior.
The discussion repeatedly returned to a simple but important principle: accountability should sit with the person who owns the business outcome, not the technology itself. AI may inform decisions, accelerate analysis, or automate tasks, but responsibility cannot be delegated to a model.
At the same time, participants acknowledged that traditional notions of a “human in the loop” may become more complicated as AI systems grow more autonomous, especially in multi-agentic contexts. The challenge for insurers is no longer simply determining where humans should intervene, but how to design governance models that ensure meaningful oversight without eliminating the efficiency gains AI promises to deliver.
Not every AI application requires the same level of scrutiny
Even though it’s very clear by now that not all AI applications carry the same level of risk, organizations still frequently discuss AI as though it were a single category of technology rather than a broad spectrum of use cases with very different implications.
Effective governance, therefore, starts with an inventory of AI use cases and a risk-based framework that distinguishes between them. Using AI to summarize meeting notes is fundamentally different from using it to influence underwriting decisions, process claims, or interact directly with customers.
This distinction is likely to become even more important as organizations move beyond copilots and productivity tools toward more autonomous systems. The challenge is not deciding whether AI is risky, but determining which AI applications deserve the greatest attention, and which should be allowed to move at pace.
AI is only as good as the foundations beneath it
Insurance has never had a shortage of data. The challenge is that much of it sits across decades-old platforms, disconnected systems, and complex processes built over many years. As insurers look to deploy AI more broadly, many are discovering that the effectiveness of those systems is still heavily influenced by the quality, accessibility, and consistency of the underlying data.
The importance of data quality was a recurring theme throughout the discussion. As AI becomes more deeply embedded in underwriting, claims, customer service, and operational processes, the quality of the underlying data increasingly determines the quality of the outcomes. Poor data does not simply create inefficiencies. Rather, it amplifies errors and leads to poor decisions much faster and at scale.
Looking beyond what’s mandatory
One of the more practical ideas raised during the discussion was the importance of looking beyond mandatory requirements and adopting proven practices from other jurisdictions, industries, and organizations. Firms operating across multiple markets are particularly well positioned to learn from a broad range of governance approaches.
The same mindset applies to technology. Rather than treating AI as a build-versus-buy decision, many organizations are using partnerships to accelerate adoption while retaining ownership of the data, knowledge, and business context that differentiate them.
As insurers move from experimentation to implementation, success will depend on more than selecting the right AI tools. It requires the right foundations, governance models, and operating approach. HTEC partners with insurers to turn AI ambitions into practical, scalable solutions that align with both business objectives and regulatory expectations.




