fairlane.systems

INSURANCE · INDUSTRY HUB

AI for Swiss insurance: governance, claims and underwriting

How Swiss insurers and brokers deploy AI across claims, underwriting and client queries – within FINMA Supervisory Notice 08/2024.

Researched & fact-checked by: · As of: 2026-05

The insurance sector and AI: overview

The Swiss insurance sector comprises around 200 insurance companies under FINMA supervision, plus several thousand insurance intermediaries and roughly 13,000 authorised insurance brokers. The Swiss Insurance Association (SVV) represents the majority of private insurers; sector gross written premium in 2025 exceeded CHF 60 bn.

AI in 2026 is no longer a pilot topic in the sector. The April 2025 FINMA survey found that 75 of the 187 responding institutions from the insurance category use AI productively – primarily in claims handling, underwriting triage and client queries. The 2026 Deloitte "Insurance & AI" study reports that 71 percent of Swiss insurance professionals use AI at least monthly and 85 percent believe the majority of insurers in Switzerland already do.

On 18 December 2024 FINMA published Supervisory Notice 08/2024 "Governance and risk management when using AI". It applies to all supervised institutions – banks and insurers alike – and sets four expectations: governance, inventory and risk classification, data quality, and ongoing monitoring. The conclusion: AI in insurance is no longer innovation, but a supervisory topic.

Why having a position is mandatory in 2026

FINMA Supervisory Notice 08/2024 shifts the conversation from "should we use AI?" to "how do we control the use?". Four points are now mandatory for every supervised insurance institution.

First: inventory of all AI applications. What do we use where, with which model, from which provider, with which risk classification? A simple Excel sheet is not enough – FINMA expects a systematic register per application with risk level and accountable owner.

Second: name model risks explicitly. Operational risks (robustness, correctness, bias, explainability) must be assessed per application. In anti-fraud models, bias is a key risk – for example if the model systematically rejects claims from certain regions or population groups.

Third: accountability is not delegable. FINMA states explicitly: "the autonomous and difficult-to-explain actions of AI systems complicate the allocation of responsibility". Its answer is clear – responsibility remains with the institution, not with the model provider. This has consequences for outsourcing and cloud contracts.

Fourth: confidentiality under VVG Art. 39. Insurers have a statutory duty of confidentiality regarding client data. It is not as strict as attorney privilege but stricter than ordinary data-protection law. Sending data to a US model with a training opt-out is not enough – DPA and no-training clauses are mandatory, EU or CH hosting standard.

The SVV has stressed multiple times in 2025/2026 that AI is a core area of sector strategy; SRO-SVV correspondence with FINMA (as of February 2026) shows active sector engagement with supervisory practice.

Where AI works productively in a Swiss insurer in 2026

Five application clusters cover the bulk of realistic automation today. Each requires a risk classification under FINMA 08/2024.

Claims handling with image and document analysis. Photo claims in motor, photo-attached claims in household, storm-damage reports with photos – a vision model categorises, estimates repair range, proposes claim amount and handling path. The case handler reviews. Expected effects: 30-50 percent faster first payout for simple cases, more cases closeable in the inbound call itself.

Underwriting triage and risk assessment. New applications are classified (standard, special case, decline), linked to the in-house loss history and presented with a recommendation. For special cases, the underwriter gets a summary of relevant points. Capgemini 2024 report: 62 percent of sector leaders expect AI/ML to raise underwriting quality – underwriters themselves are more sceptical.

Anti-fraud detection. Suspicious patterns in claim filings (temporal clustering, repeat-loss patterns, inconsistencies between photo metadata and claimed loss timing) are flagged. Important: this application area carries high bias risks – FINMA 08/2024 explicitly requires explainability and ongoing monitoring for systematic skew.

Client query triage and pre-qualification. Queries via web form, email or phone are classified (contract change, claim filing, premium question, complaint), summarised and routed with a draft reply to the case handler. For routine queries (address change), execution can be automatic – with audit log and human sampling.

Contract and guideline research with RAG. Your own GTC, internal guidelines and claim precedents are indexed. Case handlers can ask "Which damages are excluded under the 2019 GTC in the household policy?" and get grounded answers with citations. See "Your own knowledge with RAG".

Across all applications: a multi-LLM gateway routing by data classification. Claim photos and client data go only to EU- or CH-hosted models with DPA and no-training; general research may go to cheaper US models.

How an insurer starts with AI – in 7 steps

  1. 01Run an AI inventory: capture all AI applications already deployed or embedded, including those silently in standard software (CRM, OCR modules, voice bots). FINMA compliance is not possible without this inventory.
  2. 02Nominate an executive-level AI owner and anchor in the organigram. Responsibility under FINMA 08/2024 cannot be delegated to a model provider.
  3. 03Build a risk-classification matrix: per application risk level (low/medium/high), model type, data classification, hosting region, DPA status. At least annual update.
  4. 04Decide hosting and routing architecture: multi-LLM gateway with data-classification routing. Personal data and claim photos exclusively to EU/CH-hosted models with DPA. Local fallback (Llama 3.x, Mistral) for especially sensitive applications.
  5. 05Start a pilot in one line of business: realistic options are client-query triage, claims pre-qualification or an internal RAG knowledge base. Eight to twelve weeks implementation, clear KPIs.
  6. 06Set up FINMA-compliant monitoring: data quality, model drift, bias metrics, explainability. Quarterly reporting to the board, audit-grade trail per Art. 957a CO.
  7. 07Staff training and SVV-aligned communication: train claims handlers and underwriters on "AI proposes, human decides". Customer-side transparency where legally required.

Where an insurer should start in 2026

FINMA expectations change the introduction order. Governance work comes before each use case.

Stage 0 – FINMA compliance baseline. An AI application inventory (including existing AI often silently embedded in standard software), nomination of an executive-level AI owner, a risk-classification matrix and internal board reporting. This is the non-negotiable mandatory work under FINMA 08/2024 and should sit before any new pilot.

Stage 1 – Light audit for the first use case. Realistic choice for a mid-size insurer or broker: client-query triage at the central inbox, or claims pre-qualification in one line of business (e.g. household). The dividing line to policy administration is critical – no portfolio interventions without case-handler approval.

Stage 2 – Pilot in one line of business. Eight to twelve weeks of implementation, three months of accompanied production with FINMA-compliant monitoring (data quality, model drift, bias metrics). Only after this validation step comes expansion into further lines.

Stage 3 – Scaling with a proprietary RAG knowledge base. GTC, internal guidelines, claim precedents and underwriting rules are indexed. Case handlers and underwriters get fast access to firm knowledge – without that firm knowledge leaving the data centre.

For smaller SME insurers or brokerages, a managed service with FINMA-compliant monitoring is a sensible option, since the ongoing operation of governance requirements demands specialist knowledge.

Where AI does not belong in insurance

Three areas where reservation in 2026 is not "conservative" but supervisory or ethical.

Automatic claim denial without a human. A denial intervenes in a contractual promise. Even when the anti-fraud model shows convincingly high probabilities, the denial itself must be signed and justified by a case handler. That is FINMA's position and SVV practice. AI may handle anti-fraud triage, but not final denial.

Underwriting decisions on special cases without a human deep-dive. Risks with significant financial consequences (industrial cover, large life policies, new risk classes) should not be decided by a language-model classifier alone. Pre-qualification and data preparation – yes. The decision – no.

Health-data processing in US-hosted standard models. Health and life insurance handle especially protected personal data under revDSG. These do not belong in an OpenAI free account or in any model not secured with a DPA. EU/CH hosting with an explicit revDSG-compliant DPA is required, or local hosting (Llama 3.x, Mistral) on owned GPU servers.

Particularly delicate and not yet finally settled in the sector in 2026: fully automated premium discrimination. AI-driven pricing must remain explainable and must not lead to indirect discrimination – the 2026 EU AI Act classification labels several insurance applications as "high-risk".

Trade-offs

STRENGTHS

  • Claims handling 30-50 percent faster for simple photo claims
  • Underwriting triage relieves underwriters from standard cases, more time for complex risks
  • Anti-fraud detection more systematic than pure sampling – earlier discovery of recurring patterns
  • Client queries answered faster, complaint rate drops through consistent first response
  • FINMA Supervisory Notice 08/2024 creates clarity – the sector can act with structure

WEAKNESSES

  • Governance overhead under FINMA 08/2024 demands dedicated resources – not deliverable on the side
  • Bias risks in anti-fraud models are real and require continuous monitoring
  • Model drift in claims classifiers forces periodic retraining and validation
  • VVG Art. 39 and revDSG force careful hosting and DPA architecture – standard US models are not enough
  • EU AI Act 2026 classifies parts of insurance AI as "high-risk" – additional duties for EU customers

FAQ

What exactly does FINMA Supervisory Notice 08/2024 require of us?

Four expectations: (1) governance – AI strategy and accountability at executive level; (2) inventory and risk classification of all AI applications; (3) data quality including testing and bias review; (4) ongoing monitoring including model drift and explainability. The notice is not a regulation in the narrow sense, but it describes FINMA's supervisory practice – deviations require justification.

Are we allowed to send client data to a language model at all?

Yes, under clear conditions. First: a DPA with the model provider guaranteeing no-training and EU/CH hosting. Second: revDSG-compliant client information about the model use. Third: pseudonymisation where possible. Fourth: data classification – especially protected data (health, biometric) may only go into especially secured environments. VVG Art. 39 confidentiality applies at all times. See the revDSG knowledge page.

What does the SVV say about AI? Is there a sector position?

The SVV engages actively. It has expressed support for the new FINMAG ordinance and corresponds via SRO-SVV with FINMA on supervisory practice. A comprehensive public AI position in the style of the SAV guidance does not exist as of May 2026 – but concrete sector recommendations are being developed. Tracking SVV publications and sector days in 2026 is worthwhile for every supervised institution.

How do we handle anti-fraud detection with respect to bias?

Anti-fraud is a FINMA 08/2024 focus area. Three steps: (1) review training data for systematic skew – historical claim decisions may carry old bias; (2) explainability for each flag – the case handler must understand why a case is suspicious; (3) regular bias audits with metrics split by region, age, gender and language. A flag must never be an automatic denial – it is triage for the human handler.

Related topics

AI-READINESS AUDIT · SERVICEAI-Readiness Audit: where your business stands with AI today – clarified in one to five daysRAG ON YOUR OWN KNOWLEDGE · SERVICERAG on your own knowledge: answers from your documents – with sources, not made upFINMA · COMPLIANCEFINMA awareness: AI governance for banks, insurers and asset-managing fiduciariesEU AI ACT · COMPLIANCEEU AI Act 2026: high-risk duties from 2 August 2026 – what Swiss providers must do nowrevDSG · COMPLIANCErevDSG / revFADP and AI: what the revised Swiss Data Protection Act means for LLM useART. 957a CO · COMPLIANCEArt. 957a CO and AI bookings: audit trail, GeBüV, and 10-year retentionMANAGED · SERVICEManaged Service & Monitoring: we keep it running, you use it

Sources

  1. FINMA – Aufsichtsmitteilung 08/2024: Governance und Risikomanagement beim Einsatz von KI (PDF) · 2024-12
  2. FINMA – Künstliche Intelligenz auf dem Vormarsch in Schweizer Finanzinstituten (Umfrage) · 2025-04
  3. Schweizerischer Versicherungsverband SVV – Themenbereich FINMA und Branchenstrategie · 2026-04
  4. Deloitte Schweiz – Insurance and AI 2026: KI in der Versicherungsbranche · 2026-04
  5. Capgemini – World Property and Casualty Insurance Report 2024 (AI in Underwriting & Anti-Fraud) · 2024-05

FITS YOUR STACK?

What this looks like in your business – a 30-minute intro call.

Book a call