Context
Najm Insurance, Saudi Arabia's leading insurance claims processor, needed to scale AI-driven claims processing across 40 cities while maintaining zero-tolerance misclassification under strict SAMA (Saudi Arabian Monetary Authority) compliance and PDPL (Personal Data Protection Law) requirements. The regulatory environment demanded that every claims decision be attributable, auditable, and reversible.
Regulatory Constraint
- • SAMA compliance — Saudi Arabian Monetary Authority oversight of all insurance operations
- • PDPL data protection — Saudi personal data protection law governing claims data handling
- • 40-city deployment — consistent governance across geographically distributed infrastructure
- • Zero-tolerance misclassification — no room for error in claims categorization
Architecture Decision
Hybrid cloud + edge architecture with governance-first deployment. Each city deployment went through the same governance gate sequence. The framework didn't slow deployment — it made deployment reliable.
- • Constrained agent identities for each claims processing agent per city
- • Full audit logging of every classification decision
- • Human-in-the-loop gates for high-value or ambiguous claims
- • Kill threshold monitoring on misclassification rate
Governance Controls
Lesson
Governance infrastructure scaled with deployment scope. Every new city deployment went through the same governance gate sequence. The framework didn't slow deployment — it made deployment reliable. SAMA compliance was maintained not through manual audits, but through architectural enforcement.