Insurance AI Governance Guide

Overview

Insurance AI regulation is accelerating. The NAIC Model Bulletin sets expectations states are adopting. Colorado has specific insurance AI requirements. State unfair trade practices acts prohibit AI discrimination. Rate filing requirements increasingly require AI disclosure. Insurers need to understand what applies and prepare for compliance.

This guide provides a structured approach to insurance AI governance. Work through it to understand your requirements and identify compliance gaps.

What's Inside

Regulatory Landscape Overview

• NAIC Model Bulletin (December 2023): "Use of Artificial Intelligence Systems by Insurers"
• Colorado SB 21-169: First state law specifically addressing AI in insurance
• State Unfair Trade Practices Acts: Prohibit unfair discrimination
• State Rate Filing Requirements: AI disclosure requirements
• Colorado AI Act (February 2026): Broad AI requirements applying to insurers

1. AI Use Case Classification
Insurance function classification with risk levels:

• HIGH RISK: Underwriting decisions, premium pricing/rating, claims adjudication
• MEDIUM RISK: Fraud detection/SIU, risk selection/appetite scoring
• LOWER RISK: Marketing/segmentation, customer service, loss forecasting, document processing

2. NAIC Model Bulletin Requirements
Governance & Risk Management:

• Written AI governance program
• Board/senior management oversight
• Enterprise risk management integration
• Policies for AI development, acquisition, use
• Ongoing monitoring and validation procedures
• Clear accountability and roles

Third-Party AI/Vendor Management:

• Due diligence requirements
• Contractual provisions
• Ongoing monitoring

Unfair Discrimination Prevention:

• Testing for proxy discrimination
• Disparate impact analysis
• Documentation requirements

3. State-Specific Requirements

• Colorado SB 21-169 compliance checklist
• State adoption status of NAIC Model Bulletin
• Rate filing AI disclosure requirements
• State-specific unfair trade practices considerations

4. Unfair Discrimination Testing

• Testing methodology for protected classes
• Proxy variable identification
• Disparate impact analysis
• Documentation for regulatory examination

5. Adverse Consumer Impact Assessment

• Consumer harm identification
• Mitigation requirements
• Appeals and human review processes
• Notification obligations

6. Documentation Requirements

• Governance program documentation
• Testing records
• Vendor due diligence files
• Regulatory examination preparation

Who This Is For

• Chief AI Officers in insurance companies
• Chief Compliance Officers managing regulatory requirements
• Chief Actuaries validating rating AI
• Underwriting Leaders using AI in underwriting
• Claims Leaders implementing claims AI

Why This Resource

Insurance AI governance has industry-specific requirements that generic frameworks don't address. NAIC Model Bulletin compliance, state insurance law requirements, and rate filing considerations require insurance-specific guidance. This guide addresses what insurance regulators expect.

Use case classification helps you quickly identify which AI applications trigger the most stringent requirements.

FAQ

Q: Which states have adopted the NAIC Model Bulletin?

A: Adoption is ongoing. The guide provides a framework for checking your states of operation against current adoption status. Requirements vary by state adoption approach.

Q: What about AI from InsurTech vendors?

A: Third-party AI requirements are covered in detail—due diligence, contractual requirements, and ongoing monitoring. You're responsible for vendor AI governance under NAIC guidance.

Q: How do we test for unfair discrimination?

A: The unfair discrimination testing section provides methodology for protected class analysis, proxy variable identification, and disparate impact testing—the testing regulators expect for rating and underwriting AI.