regulatory-priorities-for-insurers-what-firms-should-do-next-final-article


People Capabilities In this section you can find Services Banking and Finance Competition, Trade and Foreign Investment Competition, Trade and Foreign Investment overview Antitrust and Competition Investigations Antitrust and Competition Litigation Dawn Raids Foreign Investment and National Security Law International Sanctions and Export Controls International Trade Law Merger Control Procurement and State Aid Construction and Engineering Construction and Engineering overview Construction Disputes Contracts and Procurement EPC Project Advisory Corporate and M&A Corporate and M&A overview Capital Markets Corporate Governance International Corporate Reorganizations Joint Ventures Mergers and Acquisitions Private Equity Venture Capital Corporate Crime Corporate Crime overview International Sanctions and Export Controls Regulatory Investigations and Enforcement Data Privacy, Security and Technology Data Privacy, Security and Technology overview Cybersecurity Data Privacy Disruptive Technology Electronic and Mobile Commerce Information Law Product Counseling Regulatory Defense and Litigation Technology Transactions and Sourcing Telecom Services Employment, Labor and Pensions Employment, Labor and Pensions overview Corporate Transactions Cross-Border Employment and Pensions Diversity, Pay and Discrimination Employee Benefits and Executive Compensation Employment Employment Litigation Global Mobility and Immigration Labor and Industrial Relations Financial Services Regulation Financial Services Regulation overview Insurance Intellectual Property Intellectual Property overview Trademarks, Trade Dress and Copyrights Trade Secrets Litigation and Dispute Resolution Litigation and Dispute Resolution overview Commercial Litigation Construction Disputes Environmental, Health and Safety International Arbitration Procurement Disputes Real Estate Disputes Regulatory Investigations and Enforcement Real Estate and Planning Real Estate and Planning overview Commercial Development and Leasing Corporate Real Estate Planning and Environmental Real Estate Disputes Real Estate Finance Living Strategic Contracts Tax Industries Consumer Consumer overview Food and Beverage Luxury Retail and Wholesale Energy Energy overview Clean Energy Energy Regulatory Hydrogen Nuclear Oil and Gas Power Financial Services Governments and Infrastructure Governments and Infrastructure overview Governments and Strategic Projects Infrastructure Transportation Industrials Industrials overview Aerospace, Defense and Security Automotive Chemicals Manufacturing and Industrial Engineering Life Sciences and Healthcare Life Sciences and Healthcare overview Healthcare Pharmaceuticals and Biotechnology Real Estate Real Estate overview Multi and Single Family Residential Office and Industrial Real Estate Investment Retail and Mixed Use Transport Related Real Estate Technology & Digital Technology & Digital overview Digital Content Digital Infrastructure Technology Resources Insights Client tools Events and training Business topics About About us Firm leadership Purpose and values Responsible business Community Diversity and inclusion Environmental sustainability Pro bono Reports Alumni News Careers Global careers Applications Why us? Lawyers and partners Business professionals Students and recent graduates Offices Hungary Visit global site Select a local version of the site Angola Asia Austria Belgium Bulgaria Czech Republic Estonia Finland France Germany Hungary Iraq Ireland Italy Jordan Latvia Lithuania Luxembourg Mauritius Mozambique Netherlands Poland Portugal Qatar Romania Saudi Arabia Slovakia South Africa Spain Sweden Switzerland Tunisia United Arab Emirates United Kingdom United States Rest of the world en Select language English Regulatory Priorities for Insurers – what firms should do next? (final article) Home Resources Insights Home Resources Insights Regulatory Priorities for Insurers – what firms should do next? (final article) Regulatory Priorities for Insurers – what firms should do next? (final article) March 13, 2026 United Kingdom United Kingdom United Kingdom The FCA has recently launched its first Regulatory Priorities document focused on the insurance sector. This is Konexo’s final article covering the FCA priorities for the Insurance sector. It focuses on actively managing the risks associated with AI, the importance of minimising the risk of financial crime and additional products the FCA will be reviewing this year. The first article, which focused on sales and claims processes can be accessed here and the second article which is focused on service delivery, ensuring fair value and continuing to monitor customer outcomes can be accessed here. Actions firms should be taking in response to FCA priorities Actively managing the risks associated with AI use FCA focus areas include: Supporting responsible adoption of AI across the insurance sector while ensuring firms actively manage the risks associated with it. Assessing whether firms have appropriate governance, oversight and monitoring in place to ensure AI enabled processes remain aligned with Consumer Duty and broader regulatory expectations. Identifying barriers to responsible AI adoption within firms and across the sector. Firms should consider: Creating a robust AI governance model that pulls together input from operations, technology, 1^st line risk, compliance and legal where needed to ensure used cases are assessed and agreed, models are built to agreed requirements, risks are actively managed and there is regularly monitoring of the performance and AI-driven decision making to ensure good customer outcomes are being achieved. Ensuring data quality and suitability, including assessing whether the data used to train and operate AI models is accurate, representative and appropriate for the intended purpose. The AI testing data to ensure it demonstrates the spread of outcomes received by customers through AI enhanced journeys both at the outset to validate creation, during scaled implementation, and then periodically to ensure continued confidence. Maintaining transparency and auditability, ensuring firms can explain how AI models operate, demonstrate oversight and evidence that customer outcomes remain fair and consistent. Ensuring appropriate human oversight, particularly for higher-risk use cases, so that automated decisions can be reviewed, challenged and corrected where necessary.To meet data privacy requirements, ensure the data protection officer is consulted on AI use cases involving personal data to assess whether a DPIA is needed and whether the principles of privacy and security by design are followed throughout the AI lifecycle. Ensure appropriate consent or an equivalent lawful basis for processing personal data. Document these steps in accordance with the applicable data privacy regulations in scope. Lastly, data protection principles such as data minimisation, purpose limitation, data retention, and, for AI data sets, logs and outputs are appropriately considered and documented. On the cyber front, data sharing or third-party access to AI models should be carefully governed, especially when confidentiality and sensitive information are at high risk in AI use cases. Minimising financial crime risk (larger firms) FCA focus areas include: Looking to ensure larger firms have a robust set of financial crime systems and controls in place to mitigate risk. This includes: A genuinely risk-based financial crime framework tailored to their products, distribution model and customer base Board-level ownership and oversight of financial crime risk Effective sanctions screening, CDD/EDD and fraud controls Evidence that systems are tested, challenged and improved, not static Use of data and MI to monitor effectiveness, not just activity Firms should consider: Re-performing your financial crime risk assessment: Does it reflect your actual business model and emerging risks? Testing control effectiveness: When was the last independent review of sanctions, onboarding or fraud controls? Challenging governance: Would your Board be able to articulate your top three financial crime risks? Reviewing MI: Does it measure outcomes and risk, or just volumes? Documenting remediation: Can you evidence a cycle of testing, findings and improvement? Additional products that the FCA is reviewing/monitoring this year In addition to the work described above, the FCA has also stated that it intends to carry out the following product reviews this year: Closed customer life insurance books and child trust funds to ensure customers are receiving good outcomes. Funeral Plan providers to assess whether the funeral plan conduct of business sourcebook is delivering the outcomes intended. The FCA has also identified rising prices and issues with customer understanding for Pet Insurance and Private Medical Insurance and is continuing to monitor those products over the next year and will take action if needed. Reducing regulatory risk now The FCA’s is looking to support responsible AI adoption. It emphasises its intention to rely on existing rules and not to create a new sourcebook. This allows innovation, but creates challenges for firms. The key to successful AI deployment is ensuring that good customer outcomes are being delivered and that regulatory requirements are being met. It is crucial that compliance, first line risk and operations roles have the right AI knowledge. This will ensure the firm can deliver the right governance, analysis of used cases, and testing to give confidence that AI solutions are delivering against expectation. Upskilling these teams is the perfect place to start. Larger firms should be actively looking to review their financial crime systems and controls. The FCA intends to publish a good practice and areas for improvement report later this year. This will provide further guidance with which to enable firms to benchmark their own findings and take steps to close gaps. Firms that have products including pet insurance, closed life books, private medical insurance and funeral plans should all be looking to proactively review those products to identify gaps and make enhancements where needed. External support can be helpful for these reviews, enabling firms to get an independent perspective that benchmarks the firm against industry best practice. The purpose of this FCA publication is to ensure firms understand the key areas of regulatory focus and take action to mitigate potential risks. Those that are more proactive in doing the right thing will see less intensive scrutiny, enabling the FCA to focus its attention on the broader market and take action faster where it identifies issues. The materials on the Eversheds Sutherland website are for general information purposes only and do not constitute legal advice. While reasonable care is taken to ensure accuracy, the materials may not reflect the most current legal developments. Eversheds Sutherland disclaims liability for actions taken based on the materials. Always consult a qualified lawyer for specific legal matters. To view the full disclaimer, see our Terms and Conditions or Disclaimer section in the footer. Key contacts Emma Mitchell Business Professional United Kingdom Ian Stott Business Professional United Kingdom Latest Insights legal updates legal updates podcasts and webcasts legal updates Latest News client news firm news firm news client news Latest Events virtual \| June 09, 2026 virtual \| June 16, 2026 virtual \| June 23, 2026 virtual \| September 10, 2026 Tabs Label legal updates June 03, 2026 legal updates May 29, 2026 podcasts and webcasts May 29, 2026 legal updates May 28, 2026 Legal notices Terms & conditions Privacy notice Cookies LinkedIn Facebook YouTube Connect Contact us Client login Staff login Subscribe About us About Eversheds Sutherland Purpose and values Responsible business Alumni Insights Client tools Events and training Business topics Careers Offices © Eversheds Sutherland 2026. All rights reserved. Eversheds Sutherland is a provider of legal and other services operating through various separate and distinct legal entities. For further information about these entities and Eversheds Sutherlands' structure please see the Legal Notice page of this website. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed or affiliated firms and the members of Eversheds Sutherland (Europe) Limited and Eversheds Sutherland (Africa) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global entity. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client. For further information about these Eversheds Sutherland Entities and Eversheds Sutherlands’ structure please see the Legal Notices page of this website. For information on Konexo please also see the Legal Notices page of this website.

The FCA has recently launched its first Regulatory Priorities document focused on the insurance sector.

This is Konexo’s final article covering the FCA priorities for the Insurance sector. It focuses on actively managing the risks associated with AI, the importance of minimising the risk of financial crime and additional products the FCA will be reviewing this year.

The first article, which focused on sales and claims processes can be accessed here and the second article which is focused on service delivery, ensuring fair value and continuing to monitor customer outcomes can be accessed here.

Actions firms should be taking in response to FCA priorities

Actively managing the risks associated with AI use

FCA focus areas include:

Supporting responsible adoption of AI across the insurance sector while ensuring firms actively manage the risks associated with it.
Assessing whether firms have appropriate governance, oversight and monitoring in place to ensure AI enabled processes remain aligned with Consumer Duty and broader regulatory expectations.
Identifying barriers to responsible AI adoption within firms and across the sector.

Firms should consider:

Creating a robust AI governance model that pulls together input from operations, technology, 1^st line risk, compliance and legal where needed to ensure used cases are assessed and agreed, models are built to agreed requirements, risks are actively managed and there is regularly monitoring of the performance and AI-driven decision making to ensure good customer outcomes are being achieved.
Ensuring data quality and suitability, including assessing whether the data used to train and operate AI models is accurate, representative and appropriate for the intended purpose. The AI testing data to ensure it demonstrates the spread of outcomes received by customers through AI enhanced journeys both at the outset to validate creation, during scaled implementation, and then periodically to ensure continued confidence.
Maintaining transparency and auditability, ensuring firms can explain how AI models operate, demonstrate oversight and evidence that customer outcomes remain fair and consistent.
Ensuring appropriate human oversight, particularly for higher-risk use cases, so that automated decisions can be reviewed, challenged and corrected where necessary.To meet data privacy requirements, ensure the data protection officer is consulted on AI use cases involving personal data to assess whether a DPIA is needed and whether the principles of privacy and security by design are followed throughout the AI lifecycle.

Ensure appropriate consent or an equivalent lawful basis for processing personal data. Document these steps in accordance with the applicable data privacy regulations in scope.
Lastly, data protection principles such as data minimisation, purpose limitation, data retention, and, for AI data sets, logs and outputs are appropriately considered and documented.
On the cyber front, data sharing or third-party access to AI models should be carefully governed, especially when confidentiality and sensitive information are at high risk in AI use cases.

Minimising financial crime risk (larger firms)

FCA focus areas include:

Looking to ensure larger firms have a robust set of financial crime systems and controls in place to mitigate risk. This includes:
1. A genuinely risk-based financial crime framework tailored to their products, distribution model and customer base
2. Board-level ownership and oversight of financial crime risk
3. Effective sanctions screening, CDD/EDD and fraud controls
4. Evidence that systems are tested, challenged and improved, not static
5. Use of data and MI to monitor effectiveness, not just activity
Firms should consider:
Re-performing your financial crime risk assessment: Does it reflect your actual business model and emerging risks?
Testing control effectiveness: When was the last independent review of sanctions, onboarding or fraud controls?
Challenging governance: Would your Board be able to articulate your top three financial crime risks?
Reviewing MI: Does it measure outcomes and risk, or just volumes?
Documenting remediation: Can you evidence a cycle of testing, findings and improvement?

Additional products that the FCA is reviewing/monitoring this year

In addition to the work described above, the FCA has also stated that it intends to carry out the following product reviews this year:

Closed customer life insurance books and child trust funds to ensure customers are receiving good outcomes.
Funeral Plan providers to assess whether the funeral plan conduct of business sourcebook is delivering the outcomes intended.

The FCA has also identified rising prices and issues with customer understanding for Pet Insurance and Private Medical Insurance and is continuing to monitor those products over the next year and will take action if needed.

Reducing regulatory risk now

The FCA’s is looking to support responsible AI adoption. It emphasises its intention to rely on existing rules and not to create a new sourcebook. This allows innovation, but creates challenges for firms. The key to successful AI deployment is ensuring that good customer outcomes are being delivered and that regulatory requirements are being met. It is crucial that compliance, first line risk and operations roles have the right AI knowledge. This will ensure the firm can deliver the right governance, analysis of used cases, and testing to give confidence that AI solutions are delivering against expectation. Upskilling these teams is the perfect place to start.

Larger firms should be actively looking to review their financial crime systems and controls. The FCA intends to publish a good practice and areas for improvement report later this year. This will provide further guidance with which to enable firms to benchmark their own findings and take steps to close gaps.

Firms that have products including pet insurance, closed life books, private medical insurance and funeral plans should all be looking to proactively review those products to identify gaps and make enhancements where needed. External support can be helpful for these reviews, enabling firms to get an independent perspective that benchmarks the firm against industry best practice.

The purpose of this FCA publication is to ensure firms understand the key areas of regulatory focus and take action to mitigate potential risks. Those that are more proactive in doing the right thing will see less intensive scrutiny, enabling the FCA to focus its attention on the broader market and take action faster where it identifies issues.

The materials on the Eversheds Sutherland website are for general information purposes only and do not constitute legal advice. While reasonable care is taken to ensure accuracy, the materials may not reflect the most current legal developments. Eversheds Sutherland disclaims liability for actions taken based on the materials. Always consult a qualified lawyer for specific legal matters. To view the full disclaimer, see our Terms and Conditions or Disclaimer section in the footer.