This case study examines how AI tools respond to regulatory questions relevant to Compliance teams operating within Reinsurance firms in the United Kingdom. It covers one regulation — Consumer Duty (PS22/9 + PRIN 2A), issued by the Financial Conduct Authority — and aggregates findings from questions where AI assistants produced materially incorrect answers. Across the finding examined here, AI tools misrepresented the scope of regulatory obligations in ways that could directly affect how a Compliance team maps its firm's exposure.
The errors identified are not marginal — they concern whether core regulatory requirements apply at all to specific reinsurance and group insurance activities, making accurate AI output especially consequential in this sub-sector.
Compliance teams at Reinsurance firms regularly turn to AI tools when scoping the applicability of FCA rules to their business lines. Typical trigger points include: mapping Consumer Duty obligations at the outset of a new product launch or cedant relationship; drafting internal policy guidance on which activities fall within or outside the Duty's scope; preparing training materials for underwriting and distribution colleagues; and responding to ad hoc queries from business lines asking whether a particular arrangement — such as a group policy extension or a large-risk commercial contract — is caught by the regime.
These are precisely the contexts in which a confident but wrong AI answer causes most harm, because the output is often taken as settled fact and embedded in firm-wide materials before anyone verifies it against the primary source.
The corporate use-cases that sit on top of these questions are substantial. A Compliance team relying on an AI tool's scope assessment may produce regulatory mapping documents that inform product design, distribution agreements, and board risk appetite statements. If the AI has incorrectly extended the Consumer Duty's reach into activities that are expressly carved out — or, equally, missed obligations that do apply — those errors propagate across every downstream work-product. A firm may invest in compliance infrastructure for obligations it does not bear, or fail to build it where it does.
The firm, not the individual analyst, absorbs the consequences. Where an incorrect AI answer leads the firm to misstate its regulatory position — to the FCA, in a Section 166 review, or in client-facing representations — the potential exposure includes supervisory intervention, public censure, and remediation costs. In a reinsurance context, where the boundary between in-scope and out-of-scope arrangements can turn on the precise structure of a policy or the domicile of the underlying risk, an AI tool's tendency to generalise across these distinctions is a material operational risk.
The finding in this case study reflects a specific and consequential class of AI error: scope misstatement. Rather than fabricating a rule that does not exist, the AI tool took a genuine regulatory principle — the Consumer Duty's distribution-chain logic — and extended it beyond the express carve-outs written into the FCA's final rules. The result is an answer that sounds authoritative and technically grounded but directly contradicts what the regulator actually published.
This pattern is particularly dangerous for Compliance teams because it does not announce itself as an error; it reads as a reasonable interpretation, with cited sources that appear relevant even though they do not support the stated position.
The errors cluster on the Consumer Duty and the FCA, which is the dominant source of conduct risk for UK financial services firms. Within that regulation, the misstatement concerns scope exclusions — specifically, the rules governing reinsurance, group insurance distribution, and large-risk commercial contracts. These are exactly the categories that matter most to a Reinsurance firm's Compliance function, because they define the outer boundary of the regime for the firm's core activities.
A Compliance team that accepts an AI tool's incorrect answer on this point may conclude that its firm bears Consumer Duty obligations it does not in fact carry, leading to disproportionate compliance spend, or alternatively may overlook nuanced in-scope activities by assuming the carve-out is broader than it is.
The systemic risk compounds when the AI's answer becomes the input to multiple downstream processes. A single incorrect scope assessment, embedded in a regulatory mapping document, can flow through to training programmes, product approval frameworks, distribution contract templates, and board-level risk reporting. Each of those work-products then rests on a foundation that contradicts the regulator's published position. The cost of correcting that chain of errors — once identified, whether internally or by the FCA — is materially higher than the cost of a single verification step at the point of first use.
1 finding in this case study. Click any to see its full evidence card.
The default position for any Compliance team using AI tools in these rule areas should be: AI output is a starting point for research, not a primary source for regulatory conclusions. This is particularly important for scope questions — questions about whether a regulation applies at all — because those determinations tend to anchor everything that follows. Where the Consumer Duty's applicability to a specific reinsurance structure or group policy arrangement is in question, the team's answer must come from the FCA's published policy statements and Handbook text, verified directly, before it enters any firm work-product.
An AI tool's answer, however confident, should be treated as a prompt to look, not as the answer itself.
At a firm level, the Compliance team and its leadership should put in place a small number of practical safeguards. A written regulatory-verification policy — one that names AI tools explicitly as an unreliable source for scope assessments and rule-text questions — sets clear expectations across the department and reduces the risk of junior team members treating AI output as settled fact. Audit trails for AI-influenced work-products, combined with a sign-off requirement before any AI-generated regulatory analysis enters a board paper, training programme, or client-facing document, create the checkpoint the team needs.
It is also worth distinguishing in document metadata between content that was AI-drafted (and then independently verified) and content that was merely AI-summarised from a document the team already holds — these carry different verification burdens.
There are areas where AI tools add genuine value in a Compliance workflow without this level of risk. Drafting non-regulatory prose — explanatory summaries for internal audiences, first-draft agendas for regulatory update sessions, plain-English descriptions of process steps — is generally lower risk because it does not depend on the AI correctly stating what the law says. Similarly, using AI to summarise a long FCA consultation paper, as a starting point for a human reader who will then read the primary document, is a proportionate use.
The principle is simple: AI is useful for generating material the team will then verify; it is not reliable for generating conclusions the team will act on directly.
RegLeg's published hallucination research is available as a free reference tool for Compliance teams before they rely on any AI answer in areas covered by our findings catalogue. If your team is working on a regulatory question that touches Consumer Duty scope, or FCA conduct rules more broadly, checking the research takes minutes and can surface known failure modes before an incorrect AI answer enters your workflow. The findings are organised by regulation and jurisdiction, so a Reinsurance Compliance team can go directly to the rule areas most relevant to its business without reading across the full dataset.
For firms that want a more structured view of their exposure, RegLeg offers bespoke regulator deep-dives tailored to the Reinsurance sub-sector. These map which AI-supported workflows within a Compliance function carry the highest hallucination risk — scope assessments, regulatory change monitoring, policy drafting, training content — and produce a prioritised picture of where verification requirements are most urgent. This kind of mapping is particularly useful when a firm is updating its AI-use policy or when leadership needs to brief the board on the firm's AI governance position in a regulatory context.
RegLeg also works with Compliance teams on a confidential review of their existing AI-use policy against our failure-mode catalogue. Where gaps or misalignments are identified, we provide prioritised remediation guidance rather than a generic checklist — the output is practical and specific to the firm's actual workflows. For teams that want to build capability across the department, we can provide training material and CPD-aligned content covering AI reliability in regulatory research contexts, designed to be delivered internally without external facilitation. Our aim throughout is to work alongside your team, not to replace the judgement your people bring to these questions.