Southeast Asia's general and health insurers are looking to benefit from AI solutions. However, to do so, many are plugging in digital AI tech to their ‘analogue’ legacy core technology; whilst others are ‘hollowing-out’ their legacy core, turning it into a passive data repository and substituting its functionality with an expansive and elaborate ecosystem of unique and bespoke solutions.
Both strategies will create long-term cost, complexity and technical debt, diminishing the business and policyholder value achieved from AI. These strategies also prevent AI transparency and accountability and make governance difficult.
Duck Creek APAC’s Managing Director, Christian Erickson said that adding digital AI solutions on top of ‘analogue’ legacy core systems is incompatible. The retrofit does not resolve the underlying issues, it preserves them. It then creates long-term complexity, which leads to expensive, inevitable failures.
This unnatural fit then prevents insurers from maximising the value their AI can deliver. Furthermore, it represents a significant regulatory risk, due to a lack of transparency and accountability of AI logic and decision making.
Hollowing out the core
Another strategy is to ‘hollow out’ the legacy core, treating it merely as a system of record or data suppository, and rebuilding its functionality via an elaborate system of peripheral solutions, orchestrated via a middleware platform. This creates even more elaborate complexity and technical debt and further reduces transparency. The ‘analogue’ to ‘digital’ incompatibility issue remains but is masked by extra layers.
ISG’s Ashish Jhajharia, an esteemed insurance industry analyst, believes insurers are chasing the wrong goal by deprioritizing core system transformation in the new AI world. Whilst moves to add AI tech to legacy foundations signify board-level momentum, none improve the system that books policies, rates risk, settles claims and feeds reinsurance and solvency.
“Plugging anything into a legacy or on-prem core is inadvisable when used as a substitute for transformation. For example, agentic AI on legacy is fundamentally smart agents shackled to brittle batch jobs. Low-code on legacy is a pretty user interface on broken pipes. The agent reads through screen-scrape APIs, the UI hides, but doesn't fix, the inconsistent product machine underneath. ROI plateaus inside 18 months,” he said.
He noted that if the legacy core stays, so does the ceiling on what every other initiative can ever achieve. Instead, a modern cloud-delivered core will allow an insurer to compound an unfair advantage in unit economics, speed-to-market and policyholders experience every quarter, forever.
Potential hidden costs
According to Mr Jhajharia, there are two ways to look at costs when it comes to implementing a fully modern technology core. One is the line-item finance teams model, which is usually the migration cost. However, there are overlooked costs that destroy value that sit elsewhere. These costs are incurred whilst insurers remain trapped on a legacy core.
“When you’re on a legacy core, talent will leave and top engineers won't maintain COBOL, mainframe or twenty-year-old packages. The people who will, cost more each year and the tech will mean they’re delivering less,” he said.
He also pointed out the ‘AI ceiling’, where every agentic-AI or analytics initiative built on legacy plateaus in 12–18 months when it hits the ‘data quality’ wall. “That ROI loss is a real modernisation cost, even if no one accounts for it as one,” he said.
Mr Erickson noted that Insurers do not need to spend large amounts of OpEx dollars on legacy technology upkeep and overheads anymore. “Truly modern InsurTechs, like Duck Creek’s, is cloud enabled and can be maintained via a managed service model,” he said.
“For cloud-delivered SaaS core InsurTech, there’s the initial delivery costs as well as the ongoing SaaS fee, which is priced in relation to premium volumes. On top of these, there may be some delivery-related infrastructure and software costs, such as devops, project management and testing. Good InsurTech providers are very transparent about costs as part of the overall partner relationship. So, nothing is ever “hidden”,” he said.
He has also found that insurers that have moved from legacy to modern SaaS InsurTech usually make net savings within three to five years.
However, he said that insurers do risk incurring hidden costs if they try to rebuild legacy processes and products in their new modern system. “Doing so means they’re failing to unlock and utilize the unique architecture and capabilities offered by modern solutions. Modern cores call for new and innovative approaches. Rebuilding legacy in a modern system prevents them from extracting the most speed, efficiency, intelligence and business profitability possible.”
Business interruption
Insurers must prepare for interruptions to their operations if they want to implement a modern core, but the magnitude is a choice insurers make, said Mr Jhajharia.
“There’s the fear that rip-and-replace programs can cause genuine disruption such as blackout cutovers, reconciliation nightmares and regulatory blowback. That’s what keeps most insurers stuck on legacy,” he said.
However, he pointed out that modern core programs do not run that way. The credible path is phased coexistence where insurers stabilise their legacy tech first, then remove it module-by-module while the new modern core takes over the load.
“New lines of business shift to the new platform and old capabilities migrate in waves. The customers see no interruption, only better service appearing in new lines and segments first,” he said. “The "interruption" question is really a partner question. Insurers should ask their integration provider not "can you replace our core?" but "can you manage a hybrid environment for 12, 24 or 36 months while we cut over without business disruption?" If the answer is ‘no’, then that’s the wrong partner.”
Mr Erickson emphasised the point: “Delivery happens in parallel to ongoing BAU on the legacy system. When the first new line of business is ready on the new modern core module, it’s a matter of switching over and this happens overnight. New and renewing policies, and new claims are managed on the new solution and existing policies and claims are migrated over the next 12 months. We’ve had one of our largest customers go-live on their new platform and in market, writing new business, in just nine months.
“Disruption isn’t usually due to the switch over, but more due to acclimatization to the new and modern ways of working.”
Regulatory and governance risks
Existing methods of marrying AI systems to legacy cores are also fraught with regulatory and governance risks, which Mr Jhajharia said, “deserves more attention than it gets.”
“In hollow-out situations where legacy, middleware and modern solutions coexist for years, the audit trail forks. Which system is "master" for what role, such as solvency reporting? Where does the insurance regulator look when a claim is disputed?” he said.
Building, or plugging agentic AI into legacy is harder still. “When an agent acts on policy or claims records through screen-scrape APIs, accountability fragments. The agent acts; the legacy system records; the audit log lives in three places. Model governance becomes near-impossible without a clean data layer to explain why a decision was made.”
At the same time, Mr Erickson expects to see regulatory and governance maturity converge within a really short period of time, as all markets adhere to similar standards and the region becomes more inter-connected.
“Regulation and good governance are ultimately about creating stronger businesses that build trust and deliver better customer and social outcomes. Anything that creates more complexity, costs and risk, reduces speed and transparency and destroys trust, is counter to this,” he said.
He added that legacy and hollowed-out solutions put sensitive customer data at risk, as most legacy cores were designed at a time when security wasn’t such a concern. “Retrofitting security to legacy only reduces risk slightly. With a hollowed-out core, yes, each solution will come with its own security, but security standards will vary between them, and the connections between the solutions create risk.
“Compare this to a modern cloud-delivered core solution that’s been designed with security as a native and inherent feature. When it comes to security offered by a modern solution, the provider does a lot of the heavy lifting and the onus is shared with insurers, it’s not on them,” he said.