AI Governance for Australian Insurers: APRA, ASIC, and the Pricing Fairness Imperative

The regulatory architecture for insurance AI in Australia

Australian insurers operate under a dual regulatory structure: APRA for prudential regulation (focusing on financial soundness and operational resilience) and ASIC for conduct regulation (focusing on fair treatment of policyholders and distribution obligations). Both regulators have developed expectations for AI governance that apply simultaneously. A claims AI system that satisfies APRA's operational resilience requirements may still breach ASIC's conduct obligations if it produces unfair outcomes for policyholders. Managing both dimensions is the central governance challenge for insurance AI.

APRA's prudential expectations for insurance AI

APRA applies its general prudential framework to insurance AI rather than AI-specific standards. The key frameworks are CPS 230 (Operational Resilience), which requires material operational dependencies — including AI systems used in underwriting or claims — to be within the insurer's operational resilience framework; CPG 234 (Information Security), which requires information security governance for AI systems processing policyholder data; and APRA's model risk management expectations, which require model validation, documentation, and monitoring for AI models used in risk pricing and claims assessment.

The model risk management expectations are particularly significant for underwriting and pricing AI. APRA expects insurers to maintain a model inventory that includes all models used in material business decisions, to validate models before deployment and after material changes, and to monitor model performance in production. These expectations apply to ML and AI models as much as to traditional actuarial models — the technical sophistication of the model does not reduce the governance requirement.

ASIC's conduct focus: DDO and pricing fairness

ASIC's primary conduct focus for insurance AI is on product design and pricing fairness. The product design and distribution obligations (DDO), which have been in force since 2021, require insurers to design products for identified target markets and to review whether products are reaching and being appropriate for those markets. AI-driven pricing that systematically overcharges certain groups — or that produces price increases that are not reflective of actual risk — may breach DDO obligations if it results in the product not being appropriate for the target market.

Loyalty pricing has been specifically identified by ASIC as a conduct concern in insurance. Algorithmic pricing that charges long-standing policyholders significantly more than new customers for equivalent coverage is unfair and has been the subject of remediation programs in the UK under similar FCA guidance. ASIC has signalled that Australian insurers should review their renewal pricing practices and address systematic loyalty penalties.