Senior actuaries spend their working life navigating risk. AI is a new tool, treated with the same discipline as any other. This page describes specifically where we use AI in our delivery, where we do not, and the controls that sit around every AI-assisted output that leaves us.

Where we use AI

  • Code drafting. First-pass implementation of ETL transforms, validation rules, regression tests and reporting templates — reviewed line-by-line by the engineer who owns the code.
  • Regulatory and methodology summarisation. First-pass summaries of APN / SAP / IFRS / Prudential Authority documents, with the cited source attached. Always read against the source by a qualified actuary before use.
  • Reconciliation triage. Anomaly detection across reconciliation differences, with the model surfacing candidate explanations as reviewable SQL or Python — not as a black-box answer.
  • First-pass commentary. Draft variance commentary, movement narratives and disclosure text, produced from the actual numbers, then edited and signed off by a senior actuary.
  • Search and lineage navigation. Semantic search across an engagement’s artefacts — assumptions, methodology notes, prior packs — so a question gets to the right document faster.
  • Improving governance. First-pass conventions for versioning, file and directory structure, and documentation coverage across model code, assumption sets and engagement artefacts — adopted as team standard only after the engagement lead has reviewed them against existing patterns.

Where we do not use AI

  • Actuarial judgement. The choice of method, the calibration of an assumption, the materiality of a movement, the wording of a regulatory submission — these are human decisions, made by a named senior actuary, signed off in writing.
  • Sign-off. No AI output goes to a client without a named human reviewer attaching their name to it.
  • Ungrounded text. If an AI agent cannot cite the source for a regulatory reference, the workflow halts. We do not let fluent text stand in for evidence.
  • Anything an actuary signs. Statutory opinions, IFRS 17 disclosures, ORSA narratives — the actuary’s signature is on the work, and the actuary is the author. AI may have drafted; the actuary edited, verified and owns.

How we manage the risk

Eight specific controls sit around every AI-assisted output on a Data Symphony engagement. They are not aspirational. They are how the work runs.

  • Named human reviewer per output. Every AI-drafted artefact has a single accountable person, named on the artefact and in the audit log. Review is not optional and is not collective.
  • Written sign-off. The reviewer attaches a written sign-off — what they reviewed, what they changed, what they accepted, what they rejected. Recorded against the artefact version.
  • Full audit trail. Every prompt, every retrieved document, every produced output is logged with timestamps and owners. Six months later the chain reproduces.
  • Grounded in your governed data. Agents read from your assumption register, your model lineage, your reporting figures — not the open internet. If it is not in the governed estate, the agent cannot cite it.
  • No training on your inputs. Enterprise contracts with Microsoft 365 Copilot, ChatGPT Enterprise and Claude for Work / Enterprise contractually exclude training on customer data. We do not use consumer-grade AI for client work.
  • Role-aware access. AI access is configurable per role. A pricing actuary sees pricing artefacts; a reserving actuary sees reserving artefacts. Cross-role retrieval is opt-in, not default.
  • The Four-Extension AI Validation Protocol. Where AI is embedded in an actuarial workflow we validate it on four explicit dimensions: explainability, drift, bias, and reproducibility under prompt and weight change. The protocol is documented and tested on every cycle.
  • Standards we reference. NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (2023), IAA Artificial Intelligence Governance Framework (2025), ISO/IEC 42001:2023 (AI management system), NIST AI Risk Management Framework (AI RMF 1.0, 2023) and the EIOPA Opinion on Artificial Intelligence Governance and Risk Management (2025). See our Standards we work to page for the full list and citations.

If AI fails, who is accountable?

The named human reviewer. AI is a tool the consultant uses, not an author. Every AI-assisted artefact carries a human signature. If the number is wrong, the consultant is wrong — not the agent. That accountability does not move because the drafting was faster.

For senior reviewers who have seen this before

The concerns we hear most often from senior actuaries:

  • “The output reads well, but is it right?” Every output is grounded in your governed estate, citable, and reviewed. Fluent text without evidence is rejected at the workflow level.
  • “What happens if the model drifts between runs?” Drift testing is one of the four validation extensions. A weekly evaluation cadence catches drift before it reaches a deliverable.
  • “Is my data going to train someone else’s model?” No. Enterprise contracts contractually exclude training on customer data. We do not use consumer-grade AI on client work.
  • “If I sign off something an AI wrote, am I exposed?” No more than if you sign off something a junior wrote. The accountability rests with the named reviewer, supported by audit trail and version history.
  • “What about regulators?” The frameworks they cite (NAIC, IAA, ISO/IEC 42001, NIST AI RMF, EIOPA) are the ones we apply. We track changes as they publish.

The pattern is straightforward. AI accelerates the busywork. Judgement, sign-off and accountability stay with the named human actuary. If you want to walk through how this lands on a specific scope of work, see our Modelling and Validation practice or contact us.

The controls described on this page are the ones we deploy on every AI-assisted engagement. If you are being asked for your firm’s AI governance in your next audit, board paper or regulator submission, this is what to expect from us — and what to ask any other firm for.