Risk Assessment Memorandum

Subject: Commercial Property AI Systems Insurability Review

Blog #41: The Insurance Underwriter's Dilemma

By James C. Waddell, President & Chief Risk Officer, Cognitive Corp

EXECUTIVE SUMMARY

During a routine underwriting review of a Class A commercial property in a major metropolitan market, our team encountered a critical issue that has profound implications for the insurance industry: the property houses several autonomous artificial intelligence systems making consequential decisions about building operations, occupant safety, and asset protection—yet none possess adequate governance frameworks for risk assessment, audit, or accountability. This memorandum documents our findings and raises the central question underwriters must now confront: How can we insure systems we cannot adequately govern?

RISK CATEGORY ASSESSMENTS

1. HVAC AUTONOMOUS CONTROL SYSTEMS

Severity Rating: ELEVATED

The property operates autonomous HVAC systems that make real-time decisions regarding temperature, humidity, air filtration, and airflow distribution across 12 floors and 800,000 square feet of leasable space. The system is designed to optimize energy consumption while maintaining occupant comfort. However, our review identified: (1) no documented training data, (2) no testing protocols for failure modes, (3) no audit trail of consequential decisions affecting occupant health, and (4) no clear liability assignment if the system fails to maintain adequate air quality during an emergency.

Coverage Recommendation: RESTRICTED. Standard property and boiler & machinery policies do not contemplate liability exposure from autonomous decision-making. Exclusion language required if coverage extended.

2. ACCESS CONTROL AI SYSTEMS

Severity Rating: CRITICAL

The property employs machine learning-based access control that dynamically determines which individuals have permission to enter restricted areas based on real-time analysis of biometric data, behavioral patterns, and contextual factors. The system overrides traditional badge-based access 40% of the time. Our underwriters identified a catastrophic problem: the system lacks interpretability. When access is denied, there is no way to understand why. When access is granted to an unauthorized individual (adversarial attack vectors have not been tested), there is no governance framework to assign liability or conduct forensic investigation.

Coverage Recommendation: NOT INSURABLE in current configuration. This system poses unquantifiable liability for wrongful denial and security breaches. We cannot underwrite what we cannot assess.

3. PREDICTIVE MAINTENANCE AI

Severity Rating: HIGH

The property uses a machine learning system to predict equipment failures across HVAC, electrical, plumbing, and structural systems. The system recommends maintenance interventions with varying confidence levels. Our analysis reveals: (1) training data derived solely from this property (no external validation), (2) no documented performance against failure rates, (3) maintenance decisions made without human oversight in 73% of cases, and (4) no audit mechanism if false negatives result in catastrophic equipment failure or injury.

Coverage Recommendation: CONDITIONAL. Coverage available only with mandatory human review of all recommendations exceeding $50,000 in repair cost and documented preventive maintenance history.

4. ENERGY OPTIMIZATION ALGORITHMS

Severity Rating: MODERATE-TO-HIGH

A proprietary optimization system controls electrical load distribution, renewable energy integration, and demand-response participation. The system operates 24/7 with no human intervention. Our concern: the system is trained on 18 months of historical data during an atypical market period. It has not been stress-tested against grid failures, renewable supply interruptions, or unexpected demand spikes. If the system destabilizes building operations during a demand-response event, causing power failures to critical systems, liability assignment remains unclear.

Coverage Recommendation: RESTRICTED with mandatory stress-testing annually and documented failover protocols for human override.

5. OCCUPANT BEHAVIOR ANALYTICS

Severity Rating: HIGH

The property operates an AI-driven system that analyzes occupant movement, density, and behavior patterns to optimize space utilization, predict occupancy trends, and identify potential security threats. The system makes decisions about lighting, environmental controls, and security alerts based on behavioral anomaly detection. Critical issues: (1) individuals are not informed they are subject to behavioral analytics, (2) the system's threat assessment algorithms have not been audited for bias, (3) there is no mechanism for occupants to challenge an alert triggered by the system, and (4) privacy and regulatory compliance frameworks are absent.

Coverage Recommendation: NOT INSURABLE without comprehensive privacy compliance audit and documented consent protocols.

THE GOVERNANCE PARADOX

As our underwriting team compiled these assessments, a troubling pattern emerged: None of these systems are governed. That is, there exists no institutionalized framework for: (1) documenting the training data, assumptions, and performance metrics underlying the AI decisions, (2) auditing the system's behavior against its intended function, (3) detecting and remediating failures before they cascade into safety or compliance incidents, (4) assigning accountability when the system causes injury or loss, or (5) enabling human stakeholders to understand or challenge consequential decisions.

This creates an underwriting paradox: We cannot insure what we cannot govern. We cannot govern what lacks institutional frameworks for transparency, accountability, and contestability. Therefore, we cannot insure these systems.

But here is what transforms this insight from a simple rejection into a forward-looking opportunity: Properties that implement comprehensive governance frameworks—establishing clear decision-making authority, audit trails, human oversight mechanisms, and accountability structures—become insurable. They move from unquantifiable risk to manageable risk. The governance framework is not a regulatory burden; it is the key that unlocks insurability.

This is what we call a "Building Constitution"—a living document that codifies how autonomous systems make decisions, who is accountable, how conflicts are resolved, and how the system can be audited and modified. It treats the building as a governed entity, not just a collection of connected devices.

UNDERWRITING RECOMMENDATION

We recommend the following underwriting posture:

1. Immediate Coverage Denial: Issue a formal declination for all autonomous AI systems currently operating without governance frameworks. Risk is unquantifiable.

2. Conditional Path to Insurability: Offer a structured engagement whereby the property owner commits to implementing a comprehensive governance framework within 180 days. Upon completion and third-party validation, we reopen the underwriting discussion.

3. Industry Leadership: As early underwriters evaluating these risks, we have an opportunity to establish best practices in AI governance that will define the insurance industry's approach for the next decade.

CONCLUSION

The integration of autonomous AI systems into commercial real estate is inevitable and, in many respects, beneficial. Energy efficiency, occupant safety, and asset protection all improve when these systems are well-designed. But improved technology without improved governance is not risk reduction—it is risk externalization. We transfer the risk of algorithmic failure, bias, and unaccountability onto insurers and society.

The insurance industry has always been the first line of defense against unmanaged risk. Our role is not to insure everything; it is to insure only those risks we can quantify, audit, and assign accountability for. As AI becomes more integrated into the built environment, our underwriting standards must raise in tandem—demanding governance, transparency, and contestability as prerequisites for coverage.

Properties that rise to this standard—that implement Building Constitutions and establish robust governance frameworks—will be preferred risks. They will have access to capital, attract tenants, and operate more safely. The competitive advantage goes to those who govern well.

That is the insurance underwriter's dilemma becoming the property owner's opportunity.

---

James C. Waddell | President & Chief Risk Officer | Cognitive Corp

February 2026