# Insurance AI Systems (AIS) Program

| Field | Detail |
|---|---|
| **Organisation** | [Organisation Name] |
| **Document type** | Policy — approved, mandatory |
| **Framework basis** | NAIC Model Bulletin · NY DFS CL7 (2024) · Colorado SB 21-169 · EIOPA · ASOP 56 |
| **Owner** | [Policy owner — e.g. AI Governance Lead] |
| **Approved by** | [Accountable executive / Board] |
| **Version / status** | v1.0 — DRAFT for adoption |
| **Effective date** | [Date] |
| **Next review** | [Date — at least annually] |
| **Classification** | Internal |
| **Prepared with** | autogovern.io — AI governance & risk templates |


## 1. Purpose

Establish **[Organisation Name]**’s written **AI Systems (AIS) Program** governing the design, development, acquisition and use of AI in insurance, proportionate to risk, per the NAIC Model Bulletin and state guidance (NY DFS, Colorado).

## 2. Scope

Applies to AI Systems and External Consumer Data & Information Sources (ECDIS) used across **underwriting, pricing/rating, marketing, claims and fraud**, in-house or vendor-supplied.

## 3. Governance & accountability

Board/senior-management accountability; a named AIS Program owner; written policies, roles and documentation available for **market-conduct examination**.

## 4. Risk management & internal controls

Manage AI risk across the lifecycle: data practices (provenance, quality, ECDIS controls), model development and **validation**, deployment approval, and **ongoing monitoring**.

## 5. Testing for unfair discrimination

Test AI/ECDIS for outcomes that would be **unfairly discriminatory** under insurance law:
- **Proxy testing (NY DFS CL7):** quantitatively assess whether data or outputs correlate with protected-class status.
- **Colorado SB 21-169:** maintain a governance/risk framework and annual attestation (the quantitative BIFSG testing rule remains pending — track its adoption).
- Document methodology, results and remediation.

## 6. Third-party / vendor management

Due diligence and contractual controls over AI/data vendors (audit/cooperation rights, regulator access, performance, data use).

## Regulatory mapping

| Instrument | Requirement supported |
|---|---|
| NAIC Model Bulletin (AIS Program) | Governance, risk mgmt, vendor, unfair-discrimination testing |
| NY DFS Circular Letter No. 7 (2024) | Proxy/bias testing in underwriting & pricing |
| Colorado SB 21-169 + Reg 10-1-1 | Governance framework + annual attestation |
| EIOPA AI Governance Opinion (EU) | AI governance under Solvency II / IDD |
| ASOP No. 56 (Modeling) | Actuarial model validation & governance |

## Appendix — AIS inventory & testing log

| AI system | Use (UW/pricing/claims) | ECDIS? | Owner | Last discrimination test | Result | Status |
|---|---|---|---|---|---|---|
| [system] | [use] | [yes/no] | [owner] | [date] | [pass/flag] | [live] |
|   |   |   |   |   |   |   |


---

## Document control & approval

| Version | Date | Author | Approved by | Summary of change |
|---|---|---|---|---|
| 1.0 | [Date] | [Author] | [Approver] | Initial adoption |
|   |   |   |   |   |

**Sign-off**

- Policy owner: __________________________  Signature: ______________  Date: __________
- Accountable executive: __________________________  Signature: ______________  Date: __________
- Next review due: __________

> _This template was generated by **autogovern.io** as a professional starting point. Review and adapt it to your organisation, systems, sector and legal advice before adoption. It is an educational aid, not legal advice._