Insurance transformation rarely stalls because a platform decision was wrong. It stalls because accountability, controls and decision rights are unclear across a fragmented estate. Data governance is what closes that gap and, in an era of accelerating AI adoption, it is no longer optional.
Data governance is the accountability layer that makes change auditable, scalable and AI-ready. Not a policy pack. Not a committee. A practical system of ownership, standards, controls and evidence that reduces risk while increasing speed. As modern data platforms mature and AI industrialises, governance becomes the difference between isolated optimisation and repeatable, enterprise-wide outcomes.
Most large insurers are not working with a single clean platform. They are managing an estate: legacy data stores across business units, platforms built over decades with limited interconnectivity, inconsistent data management approaches, and modernisation programmes that unify key data on strategic platforms but rarely the full landscape. That is exactly why this matters. Data governance is what turns fragmented progress into something leadership can trust, scale and evidence. It is the mechanism that lets insurers say, with confidence, that transformation is delivering outcomes that stand up to scrutiny.
Why AI makes the accountability layer non-negotiable
AI does not create governance problems. It amplifies them.
For many insurers, unstructured content remains the least governed part of the estate: shared drives and legacy file shares, content inherited through acquisitions, unknown stores of contracts, documents and sensitive information, and hybrid environments where cloud adoption is only partial. This creates two realities at once: a governance and data protection risk, and an AI scaling constraint. It is hard to safely use what cannot be discovered, classified, controlled or evidenced.
Tim Bowes, Head of Data Strategy & Governance:
“The insurers pulling ahead on AI are not the ones with the best models. They are the ones whose data is ready to use.”
Three accountability questions that support insurance transformation
If data governance is the accountability layer, these are the three questions that make that accountability real in practice. They anchor governance around executive priorities and surface what matters most: risk reduction, clarity of ownership and the ability to scale across the enterprise. This is the practical answer to the insurance leader’s question: why should I care, and what does good governance actually do for my business?
1) How is risk reduction evidenced across centrally managed platforms?
Most governance plans describe intent. Credibility comes from demonstrating that controls work in practice.
Data quality
The strongest approaches are measurable and operational:
- robust data quality metrics that are meaningful for reporting and decision-making
- clarity on proactive versus reactive data quality management
- accountability to fix issues at source, not just remediate downstream
- visible remediation pathways, with less heroics and more repeatability
Data security
Security lands when policy is translated into enforceable access outcomes:
- access governed against policy and real use cases
- appropriate row-level and attribute-level controls where required
- clear accountability for who can access what and why
- evidence of consistent application across teams and domains
Retention and lifecycle
Lifecycle management is where credibility is often won or lost:
- policy aligned to regulatory need
- retention exceptions controlled and reviewable
- clear review cycles that are actually executed
- consistent application across platforms, with evidence of compliance
Enterprise risk review
If governance reduces risk, it should show up in KRIs and reporting:
- KRIs tied to the governance plan
- mitigations tracked and monitored
- reporting that supports oversight, prioritisation and decision-making
Our insight: A recognised pattern: governance frameworks and PAS migrations
Across the insurance industry we’ve seen grown through acquisition, the same pattern repeats. Multiple policy administration systems, each inherited from a different deal, each carrying its own accumulated data quality problems. When the decision comes to consolidate onto a single PAS, the governance question is almost always framed as a risk question.
A risk controls framework will answer that question. What it will not do is fix the underlying data before it moves.
Poor data migrated into a new system is no longer a legacy problem. It is your current problem, sitting in your new platform. The governance approach that changes that outcome is one that resolves quality issues before migration, and that also has mechanisms to ensure data quality issues aren’t re-introduced.
2) What operating model makes accountability real across platform and business ownership?
This is where governance becomes embedded or becomes a burden carried by a small group. A workable operating model in insurance recognises multiple business units and domains, separate platform and process ownership, and shared accountability between technical and business stakeholders.
Data roles, literacy and culture
Governance fails when it is perceived as owned by the data function. It works when responsibilities are explicit and normalised: clear responsibilities across stakeholders, practical literacy that enables teams to act rather than simply comply, and expectations reinforced through cadence and governance forums.
Upstream platform ownership
Custodians and owners need to be senior, budget-holding individuals whose teams can act. This is where governance becomes operational rather than advisory.
Business data ownership
Data ownership must sit within the business, with data owners who are senior, budget-holding individuals whose teams are accountable for the quality of the data. If the business owns the outcomes, it must own the data that drives them.
Joint ownership where it resolves tension
In some domains, joint consumer/producer or technical/business ownership is the most realistic route to true accountability.
SME engagement
This is consistently underestimated. Governance needs clear expectations and outcomes, a cadence that fits the rhythm of the business, and decision rights that prevent circular debate.
Tim Bowes, Head of Data Strategy & Governance:
“Data ownership only works when owners have the right tools and the literacy to use them. A data owner who understands what they are accountable for, and is empowered to invest in improving it, stops being a label on an org chart and starts being the reason data quality actually gets better.”
3) How does governance scale across business units while preserving oversight?
Scaling governance is not a documentation exercise. It is about adoption, oversight and evidence.
Prove the model before expanding it
Successful programmes typically test the model in one domain or system where the intended outcome is clear, then scale once end-to-end controls and accountability are proven.
Single body of authority for governance decisions
A Data Governance Council creates consistent decisions across domains, visibility of risk and compliance posture, prioritisation and escalation paths, and a place where governance is owned and actioned rather than endlessly debated.
Hub-and-spoke accountability
Balance is key: a central hub that sets policy, guardrails, measurement and reporting, and spokes that own day-to-day implementation and adherence, supported by clear enforcement mechanisms and consistent policy application across business areas.
Risk and compliance embedded, not bolted on
Risk and compliance leadership involvement ensures controls are designed for evidence and oversight from the outset, not retrofitted after the fact.
How to start without boiling the ocean
A focused approach is not a compromise. It is the route to adoption. Common starting points that work in insurance include a centrally managed platform scope, a high-trust reporting domain, or a single data domain that is both high impact and high risk. There are others too, but the principle is the same: keep governance anchored to value.
From there, establish end-to-end processes and controls, ownership and decision rights, measures and evidence, and a cadence that leaders and SMEs can sustain. Then scale.
If you had to score your organisation’s data governance maturity today across ownership, quality, security, lifecycle and scalability, would you know where to start?
Data Governance Maturity Assessment
How mature is your organisation’s data governance and management capability, really?
Most insurance organisations have governance frameworks in place. Fewer can demonstrate that those frameworks are reducing risk, embedding ownership and scaling across the business. Our maturity assessment uses a proven framework to give you an honest picture of where you are, where the gaps are, and what a practical path forward looks like, without boiling the ocean.
“Good data governance has always mattered, but the acceleration of AI across the insurance value chain means it’s in the spotlight more than ever. Insurers are giving it the focus it deserves, a shift that will strengthen their ability to scale AI and reap exponential return on their investment.” – Owen Greenwood, Client Partner, Insurance