Questions insurers should be asking about their clients' AI usage

As the use of AI in businesses operations continues to increase, insurance policies (even those which are not specifically targeted at AI risks such as professional indemnity policies) are increasingly picking up AI-related risks.

This article covers what questions insurers may want to consider asking their clients about their AI usage. Naturally, the questions will vary by insurance product. However, we have set out a starter for 10 of some useful questions for insurers about AI. 

General questions

• What forms of AI are you using? This question is important to understand the specific technologies like machine learning, natural language processing, or others that a client is using.

• Where is AI being implemented within your business? This helps identify potential areas of risk exposure. It is also important to understand the extent of clients’ AI use. 

• How is AI integrated into your processes? Is it fully embedded or used in specific tasks?

• Are you building AI capabilities in-house or using licensed versions or instances developed by third-party providers? Building in-house can mean greater customisation, integration with existing systems and control over data for clients. Whereas outsourcing may mean faster deployment but can introduce third party risks. 

Data usage and handling  

• How is data being used to train your AI models?

• How do your AI systems interact with customer data? Are you using AI for processing and handling of customer data?

• If your systems use customer data, how is this data used and stored? Does the AI model process personal data securely or is it used to train other AI models?

• Have you considered the risk of intellectual property infringement related to AI training data or outputs?

• Where and how do you store and access data? 

• If you are using third party AI solutions, what due diligence have you done on the vendor? How does the vendor handle data and mitigate risks?

Data security 

• What measures are in place to protect data when using third-party AI systems? Using third-party systems can introduce cybersecurity vulnerabilities.

• How is data privacy and security ensured, especially sensitive personal information?

• Have you adapted existing privacy policies, security protocols and technical and organisational security measures to account for AI usage? If so, how?

Regulatory compliance and risk management 

• What governance and policies are in place to manage AI risks? These can demonstrate the level of commitment the business has to responsible AI practices.

• Are you aware of any potential for bias or discrimination in your AI models? If so, what steps are being taken to address it?

• What measures are in place to monitor the operation of your AI systems? 

• How do you ensure AI systems are robust and reliable? What mechanisms are in place to monitor the use of AI and detect anomalies or errors? 

• Have you conducted audits of your AI systems for fairness and accuracy? 

• How do you address the transparency of AI-driven decisions? 

• What is the process for contesting or appealing decisions made by AI? 

• How do you plan to adapt your AI systems to evolving regulations and best practices? 

• How do you measure the success and impact of your AI initiatives? 

• How are you staying informed about the latest developments in AI and its implications for your business? 

Contractual arrangements

• What are the liability provisions in your contracts with your suppliers of AI software? This is important to ensure you understand the extent of any recovery rights you may have in the event of covering a claim caused by faulty AI

• What ongoing maintenance and supported is provided by any third parties in relation to your AI?

This list is intended to be non-exhaustive. It may be appropriate to raise all, or some, of the questions listed, in addition to any further questions specific to the relevant client or product, that may arise at the relevant time. This list has been updated as at the date of this article; as AI models develop, parts of the above lists may need to be adapted.