This article is by Indranil Roy, Managing Partner and Global Head, Industry Solutions Group, Mphasis
As insurers accelerate digital and AI ambitions, legacy systems are no longer just an IT concern. Rewiring existing foundations – rather than replacing them outright – is becoming central to resilience, governance, and sustainable change.
Insurance is an industry built on assessing future risks and anticipating uncertainty. Yet much of its operational foundation still reflects an earlier era of risk, process, and technology design.
UK regulatory commentary and supervisory analysis from the Financial Conduct Authority (FCA) continue to point to the same structural reality – over 70% of insurers rely on legacy infrastructure across core operations. Insurance remains one of the most legacy-dependent sectors in financial services. This is not simply a technology issue, but a defining constraint on how insurers innovate, scale, and respond to changing customer and regulatory expectations.
These systems were designed for a very different environment – predictable policy cycles, relatively stable risk profiles, and linear operational processes. Today’s insurance landscape is far more complex. Customers expect instant digital experiences, brokers expect near real-time underwriting decisions, and regulators expect transparency, traceability, and explainability to be demonstrable by design – across data, models, and underlying decision pathways. At the same time, insurers face an expanding and more interconnected risk landscape, from climate volatility and cyber exposure to systemic global shocks.
Legacy foundations and structural constraints
Legacy infrastructure in insurance is rarely the result of a single architectural decision. It has evolved over decades through acquisitions, regulatory change, product expansion, and successive layers of system enhancement.
Industry bodies such as the Association of British Insurers (ABI), alongside FCA supervisory observations, have consistently noted that insurers are operating on complex legacy estates that were never designed for modern, API-led or real-time architectures. These systems are often operationally stable. They handle high transaction volumes and underpin critical regulatory reporting. But beneath that stability lies significant structural complexity. Fragmented data models, duplicated capabilities, and tightly coupled dependencies make even modest changes difficult and time-consuming.
As a result, most insurers now operate hybrid environments, where newer digital capabilities sit on top of deeply embedded core systems. Progress depends less on replacing these foundations outright and more on how effectively legacy and modern platforms can be integrated and orchestrated.
AI, data and the shift to connected intelligence
This challenge becomes more pronounced as artificial intelligence (AI) moves from experimentation into the core of insurance operating models. AI is now being applied across underwriting, claims handling, fraud detection, and customer operations.
Joint analysis by the Bank of England and the FCA highlights a central limitation – the value of AI is constrained less by algorithms than by data quality, governance, and system integration. In this 2024 survey on AI in UK financial services, regulators found that around three-quarters of regulated firms are already using AI, with adoption accelerating across operations, risk, and customer functions. At the same time, supervisors noted that many firms reported only a partial understanding of the AI systems they rely on – often linked to fragmented or siloed data infrastructure and growing dependence on third-party models.
In practice, this means models are harder to operationalise at scale, outcomes can vary across functions, and decision-making becomes less consistent in environments that increasingly demand speed and automation. Although automated decision-making is now common, fully autonomous use remains limited, reflecting both regulatory caution and the practical constraints imposed by legacy architectures.
As a result, AI is no longer treated as a standalone capability that can simply be layered onto existing systems. It is increasingly embedded into core business processes, shaping how information flows and how decisions are made across the organisation.
The impact of this disconnect is often most visible in customer experience. Insurers have made genuine progress in digitising front-end journeys such as onboarding, policy servicing, and claims submission. Yet these journeys frequently falter once they reach core back-office systems that were never designed for real-time, straight-through automated processing. What appears seamless on the surface often relies on manual intervention beneath.
This gap is not primarily a design problem. It reflects a deeper misalignment between modern customer-facing platforms and operational systems built for a far less connected world.
Modernisation, constraints & the path forward
Closing this gap requires more than incremental digital upgrades. It depends on tighter integration between systems, more consistent data across the enterprise, and the ability to orchestrate processes across both modern and legacy environments.
In insurance, wholesale core replacement remains the exception rather than the rule. Such programmes are expensive, high-risk, and difficult to execute without disrupting live operations. Consequently, most insurers pursue modernisation incrementally.
Legacy systems are being broken down into smaller components, with APIs used to connect existing platforms to newer digital platforms. AI-enabled tools are beginning to support this work by analysing legacy code, mapping dependencies, and improving planning. Even so, constraints remain significant. Supervisory commentary from the FCA highlights that a substantial share of technology investment across regulated firms continues to be absorbed by maintaining existing platforms and meeting resilience requirements, limiting headroom for more aggressive transformation.
Regulatory expectations add further pressure. Under the FCA and PRA’s operational resilience framework, insurers were required to complete mapping and testing of important business services by March 2025, with supervisory focus now shifting from initial compliance to whether firms can remain within impact tolerances on an ongoing basis. Legacy complexity and static system integration are increasingly recognised as obstacles to sustaining resilience in practice.
Be the first to comment