Highest risk
Algorithmic underwriting
Models trained on postcode, occupation, or claims history can disadvantage specific communities without explicitly using prohibited grounds. Fairness testing and documented rationale are non-negotiable.
AI governance for NZ insurers under FMA conduct and RBNZ prudential expectations.
Aotearoa has no insurance-specific AI law. The FMA, RBNZ, the Office of the Privacy Commissioner, and the Human Rights Commission are still watching. We build governance under the Privacy Act 2020, Fair Trading Act 1986, CoFI Act 2022, Insurance (Prudential Supervision) Act 2010, and Human Rights Act 1993.
Built for
Insurer boards · Appointed actuaries · Chief underwriting officers · Claims executives · Heads of conduct
We work against: CoFI Act 2022 / Privacy Act 2020 / Fair Trading Act 1986 / Human Rights Act 1993 / Insurance (Prudential Supervision) Act 2010 / Te Tiriti o Waitangi / OECD AI Principles
What you walk away with.
Full engagement methodologyUnderwriting and pricing fairness audit
Bias and proxy-discrimination testing across demographic groups, including Māori and Pacific populations, with documented actuarial justification for risk factors.
CoFI-aligned conduct programme
Fair conduct programme covering AI-driven decisions, monitoring of customer outcomes, vulnerable-consumer protocols, and complaint handling.
Privacy and data compliance
Privacy Act 2020 controls across collection, accuracy, access, correction, and IPP 12 cross-border transfers for offshore AI vendors.
Audit-ready evidence pack
Documentation the FMA, RBNZ, the Office of the Privacy Commissioner, or an internal auditor can work through end to end.
The absence of insurance AI rules is not the absence of risk.
Aotearoa has no prescriptive AI requirements for insurance. The regulatory gap creates its own set of management challenges, and global regulation is moving in one direction.
- 01Standard gap
No clear standard for insurers to follow.
Without specific AI rules, insurers interpret existing legislation alone. What counts as adequate governance? What does the FMA consider sufficient under CoFI? What does RBNZ solvency require when AI drives underwriting? Most organisations are guessing, and guessing creates liability.
AI governance programme for insurers - 02Aug 2026
Global regulation is heading one way.
The EU AI Act classifies insurance underwriting and credit scoring as high-risk. US states are passing algorithmic fairness laws. NZ insurers operating internationally, using offshore vendors, or accessing offshore reinsurance markets will feel these pressures regardless of domestic timing.
International regulatory mapping - 03In force
CoFI fair conduct already covers AI.
The Conduct of Financial Institutions Act 2022 requires fair conduct programmes covering all customer interactions and outcomes. If AI is making or influencing decisions about customers, it falls within scope. The FMA expects monitoring of customer outcomes, fair treatment of vulnerable consumers, and effective reporting whether decisions are human or algorithmic.
Build a CoFI-aligned programme - 04Section 48
Proxy discrimination under the Human Rights Act.
Section 48 of the Human Rights Act 1993 allows differentiation based on reasonable actuarial or statistical data. The exception is narrower than many insurers assume. If a model uses proxy variables that correlate with prohibited grounds and the differentiation is not based on defensible actuarial data, discrimination risk follows. Te Tiriti o Waitangi reinforces the obligation for pricing affecting Māori.
Underwriting fairness audit
Where insurance AI governance matters most.
Not every insurance AI use case carries the same risk. The systems that affect what people pay, whether their claim is approved, and whether they are flagged as suspicious need the most rigorous oversight.
Highest risk
Premium-setting algorithms
Dynamic pricing using behavioural data, telematics, or external datasets can be actuarially sound and socially unfair. Transparency about pricing factors and impact analysis on vulnerable groups is required.
High risk
Claims automation and triage
Straight-through processing for simple claims works. AI triage and damage assessment from photographs needs clear escalation paths and accessible appeal processes.
High risk
Fraud detection
Pattern recognition flags suspicious claims. False positives subject legitimate claimants to invasive scrutiny. Monitor false-positive rates by demographic group.
The PolyGovern tracks that apply to insurers.
Three practice tracks built around NZ insurance regulation as it stands today and positioned for the regulation arriving from Europe and the US.
Track A
Governance and strategy
AI governance for underwriting, claims, and pricing tied to CoFI fair conduct programmes, RBNZ solvency standards, and Companies Act 1993 director duties.
Track B
Assessment and assurance
Underwriting fairness audits, claims automation reviews, and bias testing across demographic groups including Māori and Pacific populations.
Track C
Compliance and advisory
Privacy Act 2020 alignment, Fair Trading Act application to AI-generated quotes, Te Tiriti-aware practice, and leadership education on the regulation arriving from the EU and US.
Common questions from NZ insurers.
If there are no AI-specific insurance regulations in NZ, why invest now?
The FMA's fair conduct obligations under CoFI, the Privacy Act 2020, the Fair Trading Act 1986, the Human Rights Act, and RBNZ solvency standards under the Insurance (Prudential Supervision) Act 2010 all cover the outcomes of AI decisions even though they predate the technology. Global regulation is also moving fast, and retroactive compliance costs more than proactive design.
What does the FMA expect from insurers using AI?
The Conduct of Financial Institutions regime requires fair conduct programmes covering all customer interactions and outcomes. If AI is making or influencing decisions about customers, it falls within scope. The FMA expects insurers to monitor customer outcomes, address systemic issues, and treat vulnerable consumers appropriately.
How does the Fair Trading Act apply to insurance AI?
The Fair Trading Act 1986 prohibits misleading and deceptive conduct in trade. AI-generated quotes must accurately reflect actual pricing. Chatbot responses must not misrepresent policy terms. Marketing claims about AI-driven personalisation must be substantiable.
What Privacy Act 2020 obligations apply to our AI systems?
The 13 Information Privacy Principles apply across collection, accuracy, access, correction, and IPP 12 cross-border transfers. If your AI makes automated decisions about individuals, you should be able to explain the basis for those decisions.
Can underwriting AI legally differentiate based on factors correlated with ethnicity or gender?
Section 48 of the Human Rights Act 1993 allows insurers to differentiate based on actuarial or statistical data that is reasonable in the circumstances. The exception is narrower than many insurers assume. If a model uses proxy variables correlated with prohibited grounds and the differentiation is not based on defensible actuarial data, discrimination risk follows. Regular bias audits and documented actuarial justification are essential.
Insurance AI governance before the regulator comes knocking.
We will map your AI systems against current NZ legislation, including FMA conduct obligations, RBNZ solvency standards, the Privacy Act 2020, the Fair Trading Act 1986, and the Human Rights Act 1993. From there we build a compliance programme that protects policyholders and the licence.