AI-enabled controls in Swiss insurance: Readiness, gaps, and the path forward leveraging AI
AI may solve three of the most pressing challenges in control functions: rising regulatory complexity, growing control volumes, and scarcity of qualified staff. But 83% of risk and compliance leaders are still experimenting, and 91% admit their teams are not equipped to oversee AI-enabled controls. Our recent roundtable findings and survey indicates what separates those who will scale from those who will stall.
Swiss insurers are under pressure: Regulatory complexity is increasing, control volumes are growing, and the availability of qualified staff is scarce. AI-enabled controls, from automated regulatory mapping to AI-driven testing of control effectiveness, promise to address all three problems . But how advanced is the second line of defence at handling AI?
To find out, we surveyed risk management and compliance practitioners across the Swiss insurance market covering life, non-life and health, as part of our recent risk roundtable.
Where the industry stands
83% of respondents use AI experimentally, with occasional prompting, no defined use cases and no structured rollout. The transition into pilot or productive deployment is the exception, not the rule.
While organisations are adopting AI for controls testing and risk reporting, they are currently bypassing more transformative opportunities in risk sensing and fraud detection.
The risk perception gap
When asked to rank AI risks, practitioners consistently put erroneous outputs and uncontrolled data leakage at the top. Dependency on external providers and unauthorised use ranked considerably lower, despite being flagged explicitly by FINMA in its Supervisory Communication 08/2024 as key concerns. This perception gap deserves attention: the risks that regulators worry about most are not the ones the industry prioritises.
The capability gap
60% of respondents expect time savings exceeding 30% from AI-enabled testing agents. The conviction that AI delivers value is clearly there.
But 91% assess their teams as insufficiently equipped to oversee AI-enabled controls. This is one of our strongest findings: the ambition-to-capability gap is wide. The regulator’s guidance is unambiguous – responsibility for AI-driven decisions cannot be delegated to technology or third parties. Internal competence is not optional: it is a regulatory requirement.
What leading practice looks like
Three areas distinguish those who will grow successfully from those who will struggle to progress.
First, data sovereignty as a non-negotiable. For regulated Swiss insurers, processing sensitive data within Switzerland is the minimum standard. Any infrastructure model – whether managed service, Swiss cloud provider, or hyperscaler – must guarantee enforceable data residency. This is not just a compliance checkbox; it is the foundation on which regulators, boards and clients will assess trustworthiness.
Second, targeted use cases as a catalyst. Individual applications like a Controls Testing Agent can deliver measurable time savings and, critically, create momentum within teams and across the organisation. A successful proof of concept demonstrates tangible value, builds internal buy-in, and shifts the conversation from ’whether AI works’ to ‘where we deploy next’.
Third – and most importantly – these individual use cases must be embedded in a broader transformation context. Scaling AI beyond isolated pilots requires working three levers simultaneously: data (quality, accessibility, governance), processes (redesigned around AI capabilities, not retrofitted), and people (upskilled to oversee, validate, and evolve AI-enabled controls). Organisations that treat AI as a technology project rather than a transformation of all three will plateau at the pilot stage.
The human-in-the-loop horizon
The question of when AI controls can run without human review produced one of the roundtable’s most instructive findings. 91% of participants expect autonomous operation to arrive gradually and selectively. Simple, rule-based controls may reach full automation within three years. Complex, judgement-intensive controls are expected to require human oversight for five to ten years or more.
The organisations best positioned for this transition are not those waiting for AI to ’do it all’, but those designing hybrid operating modes now, with clear protocols for which controls can be automated and how that boundary evolves over time.
How Deloitte supports the journey
We work with Swiss clients across the full spectrum – from initial proof-of-concept engagements on secure infrastructure through to end-to-end implementation of AI-enabled control environments, bringing both the regulatory depth and the technical capability to make it work. Whether you are exploring your first use case, exploring control testing agents or designing your target operating model for AI-enabled controls, we bring both the regulatory depth and the technical capability to make it work.
Authors
- Denise Wipf, Partner, Audit & Assurance
- Dr. Madan Sathe, Partner, Forensic & Financial Crime
- Gabriel Schwab, Director, Swiss Audit & Assurance
- Magnus Kerner, Senior Manager, Swiss Audit & Assurance
- Dr. Marcel Thom, Partner, Swiss Technology & Transformation
