The market in one read
AI regulation in insurance in Brazil does not yet live in a single dedicated rulebook, and that is exactly why explainability has become the operative demand. As of mid 2026, an AI driven underwriting decision sits at the intersection of three live frames: SUSEP (the insurance regulator) supervising market conduct and prudential risk, the LGPD, Law 13.709/2018, enforced by the ANPD (the data protection authority), and the proposed national AI bill moving through Congress, PL 2338/2023. The practical message for any insurer running models in Seguros e Danos (P&C) is consistent across all three. An automated risk score or an automated decline must be reviewable, explainable, and traceable, ahead of any prescriptive code.
State of the P&C insurance market
Brazil runs one of the largest insurance markets in Latin America, and Seguros e Danos (P&C) has been a primary growth engine. The segment grows double digits per year. The strain is that company structure does not keep pace with that acceleration. Premium volume, the number of automated quotations, and the share of decisions touched by Machine Learning are all rising faster than the compliance, audit, and model governance functions meant to supervise them. That gap is the structural backdrop for the regulatory conversation.
Four data points frame where the operating pressure concentrates. Underwriters spend 40% of their time on administrative tasks, according to Deloitte. Seventy percent of insurers do not execute on innovation because of IT limitations, according to BCG. 60%+ of brokers choose an insurer by response speed, according to Capgemini. And corporations lose 20-30% of their time organizing unstructured data, according to Gartner. Read together, they describe a market where volume and speed expectations climb while governance headcount stays flat.
What is pressuring underwriting
The first driver is algorithmic accountability under the LGPD. As a general legal principle, LGPD Article 20 gives the data subject the right to request review of decisions taken solely on the basis of automated processing of personal data that affect their interests, including decisions that define a personal, professional, consumer, or credit profile. The same article requires the controller to provide, on request, clear information about the criteria and procedures behind the automated decision, subject to commercial and industrial secrecy. For subscrição (underwriting), this means an automated score or an automated decline cannot be a black box.
The second driver is conduct supervision. SUSEP's market conduct mandate puts automated pricing and automated declines under scrutiny for fairness. A pricing model that produces materially different premiums for similar risks, with no explainable and risk based justification, is a conduct exposure, not only a data exposure.
The third driver is growth outpacing operational structure. Double digit expansion concentrates more decisions inside models, which raises supervisory interest in how those models actually behave. The fourth is the proposed Marco Legal da IA, PL 2338/2023, built around risk classification, transparency, human oversight, and rights of explanation and contestation. Insurance underwriting and pricing read as textbook high impact use cases under that logic. The fifth is Open Insurance, the SUSEP led framework that widens the data feeding models. More data sharing means more sources whose use must be lawful under the LGPD and explainable in any decision built on top of it. Governance has to travel with the data.
Risk, fraud, and the AI shift
The quotation and underwriting journey in Seguros e Danos runs through submission intake, document reading, broker (corretor) enrichment, risk and fraud assessment, pricing, and decision. Each step is a candidate for AI assistance, and each is a point where an automated decision must remain explainable.
In intake and document reading, models extract and normalize data from broker submissions. The governance requirement is provenance: which field came from which document, so any later review can trace the input. In risk scoring, Machine Learning evaluates the risk against the carrier's underwriting manual and risk appetite, and the regulatory demand is that the score be explainable, showing which factors drove the result and confirming that protected or proxy attributes are not silently steering the outcome. In pricing, where the premium adapts to risk signals, the model has to justify the number on risk grounds, defensible as non discriminatory under conduct supervision.
Fraud detection carries the same logic. Insurance fraud is a persistent loss driver, and Machine Learning flags anomalies far faster than manual review. But a fraud flag that blocks or delays a claim (sinistro) is itself an automated decision the insured can ask to have reviewed. So fraud models need explainability, not only accuracy. The carrier must be able to state why a claim was flagged. The net shift is from opaque automation to governed augmentation. The decision needs a full audit trail, inputs, model version, score, thresholds, and the human who confirmed or overrode it, and human review is the bridge between a solely automated decision and a supervised one.
Where WIR fits
WIR is the AI layer for insurance, an external intelligence layer that sits on top of the systems the insurer already runs, never in their place. It is 100% external, with no core migration and no load on the insurer's IT, and it is neither an insurer, a broker, nor an MGA, so it does not carry risk. WIR automates the quotation and underwriting journey according to the insurer's own risk acceptance policy, with Machine Learning calibrated to the carrier's risk appetite and underwriting manual. That calibration is what makes a decision defensible: the model scores against a documented policy, not against an opaque heuristic.
The explainability demand is met by design. Every WIR decision is explainable and returns a full audit trail, and the data is encrypted at every step and LGPD compliant. Underwriter Intelligence automates the quotation journey per the insurer's risk policy, with real time scoring calibrated to appetite, automatic routing by appetite and exposure, and a decision step that issues a quote, an automated decline, or an escalation to a human, always with an explanation and a write back of the audit trail to the policy core. This is the practical answer to LGPD Article 20: criteria and procedures that can be shown on request, and a human in the loop where the review right applies. WIR's current public traction is a POC in execution with a global insurer in the Transport line.
Outlook
The direction of travel is clear even where the final text is not yet law. A risk based national AI framework is advancing through Congress in PL 2338/2023, organized around risk classification, transparency, human oversight, and rights to explanation and contestation, with insurance underwriting, pricing, and claims sitting in its high impact zone. Carriers that already produce explanations and audit trails should absorb the rules with little upheaval. Those running opaque models face retrofit cost.
The ANPD is likely to keep sharpening LGPD enforcement on automated decisions and profiling, anchored in Article 20, and that requirement, the ability to explain criteria and to offer human review, is enforceable today. SUSEP, through its regulatory sandbox, Open Insurance, and ongoing conduct work, is positioned to fold model governance, fairness, and explainability into how it supervises pricing and underwriting, rather than waiting for a standalone AI code. The strategic read for the Brazilian P&C market is sober. Explainability is becoming a condition of operating, not a differentiator, and the carriers best placed are those whose AI layer is explainable and auditable by design, augmenting underwriters and leaving the core in place.
Frequently asked questions
How do SUSEP and LGPD address the use of AI in insurance?
SUSEP supervises market conduct and fairness in automated pricing and declines, while the LGPD governs how personal data feeds those decisions. As a general legal principle, LGPD Article 20 gives the data subject the right to request review of solely automated decisions affecting their interests. Together they make an automated score reviewable, explainable, and traceable, ahead of any dedicated AI code. WIR meets both by keeping every decision explainable, with a human in the loop where the review right applies.
What does explainability mean in an AI underwriting decision?
Explainability means the model can show which factors drove a score or a decline, in terms a reviewer can audit. It confirms the result is risk based and that protected or proxy attributes are not silently steering the outcome. For underwriting under SUSEP conduct supervision and LGPD Article 20, the carrier must be able to state why a quote or an automated decline happened. WIR scores against a documented underwriting policy, so each decision is defensible rather than opaque.
How does WIR ensure an audit trail for automated decisions?
Every WIR decision is explainable and returns a full audit trail, calibrated to the insurer's documented underwriting policy and risk appetite. The trail records inputs, model version, score, thresholds, and the human who confirmed or overrode the result, then writes back to the policy core. This is the practical answer to LGPD Article 20: criteria and procedures that can be shown on request. WIR states the mechanism, not a certain outcome, and keeps human review where it applies.
Is the data used by the AI compliant with LGPD?
Yes. The data WIR processes is encrypted at every step and LGPD compliant by design. Provenance is tracked, so any reviewer can trace which field came from which document, and the criteria behind an automated decision can be shown on request under LGPD Article 20. As Open Insurance widens the data feeding models, governance travels with the data, keeping each source lawful and each decision built on it explainable.
Does WIR replace the core to operate within regulation?
No. WIR does not replace the insurer's core. It is the external AI layer that sits on top of the systems the insurer already runs, 100% external, with no core migration and no load on IT. It is neither an insurer, a broker, nor an MGA, so it does not carry risk. WIR automates the quotation and underwriting journey per the insurer's own risk policy, writing decisions and the audit trail back to the existing policy core.