The application of AI, as a part of any insurer’s innovative IT infrastructure, is not new. After more than a decade of intelligent systems deployment, the 2018 report by the House of Lords Select Committee on Artificial Intelligence — then chaired by Lord Clement-Jones — titled AI in the UK: Ready, Willing and Able? discussed many regulatory options concerning AI’s increasing commercial use, competitive value and possible risks.

It is in that context that the Bermuda Monetary Authority’s recent report concerning that sector’s use of “artificial intelligence” and “machine-learning” technology in Bermuda is particularly informative.

That report, based on the BMA’s late-2021 survey of Bermuda insurers, provides many valuable and informative insights — both concerning the use of AI in that sector and the BMA’s indications as to the future of AI regulation in Bermuda.

As for the current and future use of AI by Bermuda’s insurers, 38 per cent of all respondents reported they currently use some form of AI in their operations. As well, 23 per cent of insurers reported that they plan to adopt AI solutions within the next five years, thus indicating that within five years the majority of Bermuda insurers will use AI.

The AI use numbers are even more impressive among the larger insurance enterprises, defined in the report as “insurance groups”.

Sixty-eight per cent of those respondents, all of whom have international affiliates, reported that they use AI.

Of particular interest to boards of directors, insurance executives and their legal advisers are four categories of survey response that the BMA reviews in the report.

First, six out of eight of the top concerns insurers expressed about managing the risk and operational quality of AI solutions identified AI’s explainability, auditability, modelling challenges, security, consistency of output and execution challenges.

However, insurers must remember that where AI is deployed, all of those legitimate operational concerns are routinely addressed in the course of commercially contracting for those projects.

To successfully manage those risks, well-drafted AI development and service contracts pervasively stipulate the operational specifications, security features, functional service levels, and acceptance testing requirements that are required before any intelligent system is permitted to go live.

Second, most respondents indicated that their AI systems are either provided by third-party service providers or procured as third-party, off-the-shelf systems.

In that regard, all of the usual commercial, risk allocation and other contract terms that apply to the procurement of all IT goods and services from third parties, including outsourcing transactions, are equally applicable to intelligent systems and service contracts, including AI.

Third, a few revealing responses arose concerning AI corporate governance when the BMA asked “what governance and control measures are currently in place”.

Although 26 out of 30 respondents indicated “senior management” has accountability at the business unit level, only ten respondents (33 per cent) indicated that AI systems were governed at the board level.

Although the steep trend of governance best practice is to ensure that all material IT systems and services (including contracts) receive direct board oversight, I expect that board governance over AI use will organically increase as AI systems become more material to insurers.

Fourth, when the BMA asked insurers what their concerns are when considering the adoption of AI systems, both “regulatory compliance” (seventh) and “legal liability” (eighth) were among the top nine answers.

However, most of the same challenges that insurers address at present to govern their existing IT infrastructure, including security, are applicable to AI systems. Where AI solutions are secured as third-party services, regulatory compliance and legal liability can be addressed in well-drafted AI service contracts, including all privacy, outsourcing and cyber security requirements.

Remember, the use of AI systems can also reduce legal liabilities. For example, many AI systems are being used for internal analytics, modelling, decision tree formation, outcome predictability and risk management, and are not used for business-to-business or consumer applications, which tend to carry the greatest third-party liability risk.

As well, where “big data” AI applications are used for complex modelling and advanced analytics, the aggregated data used is often anonymised, thus avoiding any privacy liability risk.

Where bespoke AI solutions provide distinct competitive advantages, enterprises often use those AI systems “within the castle walls” and possibly without web access, thus reducing operational cyber risk.

The BMA’s AI survey report also provides a generous indication of how the BMA may regulate the use of AI by Bermuda’s insurers in the future, including:

  • The governance of AI use should now be proportionally considered within the existing frameworks of governance, risk management and business conduct
  • The BMA will likely expand its Operational Cyber Security Code of Conduct to include specific guidelines for the use of AI
  • The BMA will likely strengthen its oversight of outsourced services where those third-party service providers use AI

I expect that the BMA’s very thoughtful approach to assessing the unique capabilities, risks and governance requirements associated with AI’s increasing use among Bermuda’s insurers will be well received.

When I spoke at an AI Business & Law conference with Lord Clement-Jones in 2019, he reiterated one of his Select Committee’s AI recommendations, which the BMA is living up to: “We believe that existing sector-specific regulators are best to consider the impact on their sectors of any (AI regulation) which may be needed.”

First published in The Royal Gazette, Legally Speaking, December 2022

Share
X.com LinkedIn Email Save as PDF
More Publications
Website-Code-Bermuda
13 Dec 2024

Gifting a home in Bermuda: a review of your options

A home can be gifted to a spouse, or the next generation either during an owner’s life, or as an i...

050-Insolvency-Restructuring-Grid-Image
10 Dec 2024

Bermuda: Americas Restructuring Review 2025

This article discusses the defining features of Bermuda’s insolvency landscape and the primary ins...

Appleby-Website-Privacy-and-Data-Protection
5 Dec 2024

Digital identity services in Bermuda

There is steep demand for the ability to authenticate a person’s identity through the use of a tru...

Appleby-Website-Privacy-and-Data-Protection
28 Nov 2024

Augmented Advocacy Series (Bermuda): Copyright infringement in the age of AI

Artificial intelligence is revolutionising the way that humans solve problems and create.

Appleby-Website-Employment-and-Immigration
19 Nov 2024

When and how to vary a Bermuda contract of employment

A contract of employment is a legal agreement that sets out the terms and conditions of an employee�...

Technology and Innovation
8 Nov 2024

When non-tech companies buy IT

Generally, there are three categories of information technology buyers: non-technology enterprises, ...

050-Insolvency-Restructuring-Grid-Image
15 Oct 2024

Insolvency: Bermuda

In-Depth: Insolvency (formerly The Insolvency Review) offers an incisive review of the most conseque...

Appleby-Website-Insurance-and-Reinsurance
10 Oct 2024

Recovery planning for commercial insurers

New rules released by the Bermuda Monetary Authority aim to equip certain insurers with a structured...

The Global Website header
7 Oct 2024

The Global – your offshore corporate law questions answered: October 2024

The Global is a quarterly collection of corporate expert insights and analysis across Appleby's glob...