#39: Revolut’s foundation model has an “insurance state.” Most insurers should pay attention.

        April 17, 2026

#39: Revolut’s foundation model has an “insurance state.” Most insurers should pay attention.
Revolut's foundation model · AI Act and insurance · Satellite data · Cyber resilience · Open finance

  Edition #39  ·  17 April 2026

  Revolut’s foundation model has an “insurance state.” Most insurers should pay attention.

  Revolut’s foundation model  ·  AI Act and insurance  ·  The financial sherpa  ·  Satellite data for insurance  ·  Cyber resilience  ·  Open finance

  By Andres Lehtmets  ·  17 April 2026

Editor's note
First, a quick apology. Due to a technical issue during platform migration yesterday, some of you received edition #38 more than once. I am sorry for the inbox clutter. The move to a new system is now complete and things are running smoothly. You may notice a fresh look to this edition. If anything looks off in your email client or if you have any feedback on the new design, just reply to this email. I would love to hear from you.

On a more exciting note: I have been quietly building something. The EU Financial Services Regulation Tracker: one dashboard covering every major regulation from DORA to FiDA to the AI Act, with full legislative timelines, technical standards and key dates. I have been sharing it privately and the early feedback has been very encouraging. If you work in financial services, regulation or compliance, I would love your input on what would make this genuinely useful. Join the conversation on LinkedIn.

Article 01
Revolut’s foundation model has an “insurance state.” Most insurers should pay attention.
Everybody is talking about Revolut’s new AI. Almost nobody is talking about what it means for insurance.
Revolut and NVIDIA just published PRAGMA, a foundation model trained on 24 billion banking events. Buried in the architecture section, one word stood out: “insurance state.” Your customer’s insurance status is now a signal inside a bank’s foundation model. One more feature in the unified behavioural picture super-apps are quietly assembling.
Meanwhile, most insurers are still building AI in silos. This is not a race about who has the better model. It is a race about who has the better unified view of the customer.
This, for me, is the quiet case for open insurance and FiDA. Not as a compliance burden. As the infrastructure that lets insurers build comparable behavioural capabilities without needing to be a super-app first. Read my full analysis.

Article 02
EIOPA tells EU legislators: traditional insurance models should not be high-risk AI
EIOPA just shared a letter with EU co-legislators outlining proposals to clarify the application of the AI Act in Europe’s insurance sector.
The key message: established actuarial methods such as generalised linear models (GLMs) and generalised additive models (GAMs) have been widely used in insurance for decades for risk assessment and pricing. They are well understood, inherently transparent and lack the “black box” characteristics of complex AI. According to EIOPA, they should not be classified as high-risk under the AI Act.
The letter is accompanied by targeted suggestions for amendments to the Digital Omnibus on AI. This is an important intervention. The AI Act’s horizontal scope has always created tension with sector-specific frameworks that already work. I will keep you updated on how it develops. Read the letter.

Article 03
The financial sherpa: why nobody coordinates your financial life
Your bank does not talk to your insurer. Your insurer does not know about your pension. Your pension fund has no idea what you invest in privately. Nobody coordinates your financial life. You sit in the middle, entirely alone.
Himalayan sherpas figured out coordinated support long ago. A sherpa team has four roles: one builds the route before you arrive, one coordinates the whole expedition, one walks beside you step by step, one carries the load you cannot. Financial services needs the same. And it needs FiDA to make it work. Without data mobility, the sherpa is blind.
The piece was originally written for Estonia’s largest business newspaper and the full English version is now on my site. Read the full article.

Article 04
Satellites, open data and closing the insurance protection gap
EU economic losses from natural catastrophes have exceeded €900 billion since 1981. The protection gap keeps widening. Traditional data sources alone are not closing it.
EIOPA and EUSPA just published a white paper on using Copernicus Earth Observation data for insurance. The core idea: free, open satellite data can map flood extent in near-real time, assess wildfire damage, track drought and monitor ground movement after earthquakes. For insurers, this means faster and more accurate loss assessment and more precise underwriting, especially where ground-level data is sparse. For supervisors, a new data source for monitoring catastrophe risk exposures.
The 2021 Western and Central Europe floods killed over 200 people and caused more than €50 billion in losses. This is another example of why I firmly believe in open data and open finance. When high-quality data is freely accessible, it enables better risk assessment, faster response and ultimately better protection for citizens. Read the white paper.

Article 05
Cyber insurance needs to become a resilience tool, not just a financial backstop
Median annual losses from cyber incidents have risen 15-fold in 15 years. From USD 190,000 to nearly USD 3 million. The top 10% of loss events in 2024 averaged over USD 28 million.
The Geneva Association just published a report on cyber resilience and the role of insurance. The numbers grab attention, but the recommendations are what matter. Expanding cyber insurance uptake and making it a real tool for resilience, especially among SMEs, will require coordinated action across insurers, firms, intermediaries, tech providers and government.
Seven priorities stood out: improving awareness and education of cyber risks, especially for SMEs. Developing more flexible products with clearer coverage terms. Streamlining underwriting and claims processes across jurisdictions. Modernising customer engagement through digital distribution. Partnering with cybersecurity vendors for continuous risk assessment. Working with government on common cyber hygiene standards. And supporting system-wide resilience initiatives including coordinated vulnerability discovery.
None of this is simple. But the direction is clear: cyber insurance needs to move from reactive financial backstop to proactive resilience tool. Read the report.

Quick Links

Hong Kong charts a responsible AI roadmap for financial services. The Financial Technology Association of Hong Kong published a position paper calling for principles-based AI validation guidance, broader sandbox access and structured dialogue on cross-border data flows. When technology moves this fast, the gap between the financial market and supervisors becomes a risk in itself. Having sat on both sides of this conversation, I know that this kind of input makes better regulation possible. Read the paper.

Agentic AI and the future of insurance operations. Agentic AI will not just speed up insurance. It will collapse the boundary between underwriting, claims, fraud and loss prevention into one connected system. But it only works if the data does. The conversation about open finance and FiDA-type regulation is not going away. It just got more important. Read the Microsoft report.

The UK just published its open finance roadmap to 2030. The FCA released a clear, ambitious plan to extend open banking into insurance, investments, mortgages and pensions. High-impact use cases first, outcomes-based regulation, a phased build through PolicySprints and TechSprints. Research suggests the combined impact of open banking and open finance could reach £7.4 billion per year within five years. Meanwhile, the EU still cannot agree on FiDA. The contrast is becoming harder to ignore. Read the roadmap.

Open finance without supervision is a promise without accountability. CGAP published a working paper on how financial authorities should actually supervise open finance. Not just set the rules, but monitor whether the system delivers. API performance, consent journeys, fraud prevention, policy outcomes. For anyone following FiDA or building open finance frameworks in emerging markets, this is essential reading. Supervision has to be built into the foundation, not bolted on later. Read the paper.

Number of the Week
~10%
The share of SMEs globally that currently have cyber insurance, according to the Geneva Association. Cyber losses have risen 15-fold in 15 years, yet nine out of ten small businesses remain unprotected. Can the industry close this gap before the next major incident forces the question?

Working together
Advisory for regulators, boards and fintech leaders navigating digital finance policy and regulation. See how I can help.
Selectively considering sponsorship for this newsletter. Reach 4,600+ decision-makers in financial innovation and regulation. Enquire.

                                Don't miss what's next. Subscribe to Andres Lehtmets:

            Email address (required)