Trust at Scale: Governance, Auditability, and the Future of Agentic AI in Insurance

Part 3 of 3 in the series “Building the Agentic Underwriter” by Daniel Pass, CTO at Send

Over the first two posts in this series, I’ve talked about why insurance needs an agentic approach to AI and walked through how it works in practice. Microapps that embed into the workflow, human-in-the-loop controls, and responsible AI principles built into the architecture rather than bolted on.

But there’s a question that sits behind all of this, and it’s the one that will determine whether agentic AI actually gains traction in our industry: can you prove it’s working the way you say it is?

Teams won’t deploy what they can’t audit, and regulators won’t accept what they can’t inspect. Trust at this scale needs evidence.

How the Send Agentic framework ensures AI decisions remain controlled and auditable

Auditability in the Send Agentic Framework isn’t a reporting layer added on the side. It’s part of the runtime itself.

Every agent interaction generates a structured audit trail: a complete record of inputs, outputs, tool calls, and reasoning steps, linked by correlation IDs so any decision can be traced back to its source. If an agent recommended declining a submission, you can see what data it ingested, what rules it applied, what tools it called, and what output it produced.

These interactions are also captured as immutable snapshots. These are point-in-time records of AI outputs stored in a way that can’t be retroactively altered. Each snapshot is linked to the relevant risk, submission, or workflow step. For teams demonstrating contract certainty, that matters: you need to show what the AI contributed to a decision at the moment it was made.

For operational monitoring, the framework integrates directly with enterprise platforms like Coralogix, CloudWatch, and others, so that AI activity feeds into the same security and observability infrastructure your organisation already uses. AI agents aren’t a monitoring blind spot. They’re visible to the same teams and tools as the rest of the estate. It is adapter-based and can easily be extended to suit your own monitoring solution.

How this aligns with ISO 42001

ISO 42001 gives the industry a concrete standard for AI management systems, with shared controls and requirements rather than just principles.

When we designed the Send Agentic Framework, we mapped our governance modules directly to ISO 42001 clauses as a design input rather than retrofitting later.

The agent registry functions as the system inventory that A.4 and A.6 require. Every agent is catalogued with a system card describing its purpose, its lifecycle stage, and its operational status across environments. You can enable or disable agents per environment, track their progression from development through to production, and maintain a clear record of what’s deployed and where.

Drift detection addresses the performance monitoring requirements in Clause 9 and C.3.5. The framework enables you to build agents that automatically monitor latency, error rates, and token usage against established baselines and flag deviations. These are designed to run continuously rather than relying on teams to remember to check.

Fairness monitoring maps to A.5.3 and A.7.5, the requirements around bias and equitable treatment. The framework analyses agent outputs using established statistical methods, aligned with the UK Equality Act protected characteristics. When disparities emerge, they’re flagged for review in real time.

The oversight and feedback modules I discussed in Part 2 of the blog series map to A.9.4 and A.10.5, providing the human-in-the-loop review tracking and structured improvement mechanisms the standard calls for.

And when agents reach end of life, the retirement module (mapped to A.6.6) provides a structured decommissioning workflow. The audit trail is preserved, downstream dependencies are accounted for, and the organisation’s governance record remains intact even after an agent is switched off.

The framework also supports EU AI Act conformity assessment requirements under Article 11, auto-generating technical documentation from evidence across the framework. As the regulatory picture evolves, having that documentation produced automatically is a practical advantage over assembling it by hand.

Together, these modules form a governance stack: a coherent answer for teams, regulators, and reinsurers when they ask how your AI is being governed.

The agent gateway: infrastructure-level control

One piece I haven’t covered yet is the agent gateway, the infrastructure layer that controls how agents access models and external services at runtime.

This matters because governance isn’t only about what agents do. It’s also about what they have access to. The gateway provides secure, controlled access to enterprise-ready models and platforms, with authentication, rate limiting, and policy enforcement applied at the infrastructure level. Even if an individual agent has a misconfiguration, the infrastructure itself enforces boundaries.

Together, the compliance modules govern the agents, and the gateway governs the infrastructure they run on. Doing the responsible thing doesn’t depend on any one team remembering to.

What impact will this have on the industry?

I think agentic frameworks will become the standard way commercial insurers deploy AI within the next few years. Not because the technology is novel, but because the industry’s requirements demand it.

Underwriting teams need to process more submissions with consistent quality, and demonstrate to their capacity providers and reinsurers that the resulting portfolios reflect disciplined, auditable decision-making. A chatbot doesn’t solve those problems. It takes AI that operates inside a governed framework, with both the autonomy to be useful and the controls to be trusted.

Organisations that adopt this approach early will scale their underwriting without scaling their teams at the same rate. They’ll be able to demonstrate compliance with evidence, and give their partners real transparency into how AI-assisted decisions are made.

Those who wait will find the gap harder to close than expected. An agentic framework is an organisational capability as much as a technology investment. The governance processes, the oversight culture, and the workflow integration all take time to mature.

If you remember one thing from this series

The question is no longer whether AI will transform underwriting. It’s whether you can prove to your board, your regulators, your partners, and the brokers and policyholders relying on your judgement that you’re doing it responsibly.

The future of underwriting will belong to organisations that can operationalise trusted AI at scale. That’s the foundation Send was built on.

Daniel Pass is CTO at Send, where he leads the development of Send’s underwriting platform and Agentic AI Framework. Connect with him on LinkedIn.

This is the final post in the three-part series “Building the Agentic Underwriter.” Read Part 1: Why the Insurance Industry Needs an Agentic Approach and Part 2: Autonomy With a Safety Net.