Insurance AI Systems (AIS) Program
A ready-to-use template — fill in the bracketed placeholders and adopt it in your organisation.
Insurance AI Systems (AIS) Program
| Field | Detail |
|---|---|
| Organisation | [Organisation Name] |
| Document type | Policy — approved, mandatory |
| Framework basis | NAIC Model Bulletin · NY DFS CL7 (2024) · Colorado SB 21-169 · EIOPA · ASOP 56 |
| Owner | [Policy owner — e.g. AI Governance Lead] |
| Approved by | [Accountable executive / Board] |
| Version / status | v1.0 — DRAFT for adoption |
| Effective date | [Date] |
| Next review | [Date — at least annually] |
| Classification | Internal |
| Prepared with | autogovern.io — AI governance & risk templates |
1. Purpose
Establish [Organisation Name]’s written AI Systems (AIS) Program governing the design, development, acquisition and use of AI in insurance, proportionate to risk, per the NAIC Model Bulletin and state guidance (NY DFS, Colorado).
2. Scope
Applies to AI Systems and External Consumer Data & Information Sources (ECDIS) used across underwriting, pricing/rating, marketing, claims and fraud, in-house or vendor-supplied.
3. Governance & accountability
Board/senior-management accountability; a named AIS Program owner; written policies, roles and documentation available for market-conduct examination.
4. Risk management & internal controls
Manage AI risk across the lifecycle: data practices (provenance, quality, ECDIS controls), model development and validation, deployment approval, and ongoing monitoring.
5. Testing for unfair discrimination
Test AI/ECDIS for outcomes that would be unfairly discriminatory under insurance law:
- Proxy testing (NY DFS CL7): quantitatively assess whether data or outputs correlate with protected-class status.
- Colorado SB 21-169: maintain a governance/risk framework and annual attestation (the quantitative BIFSG testing rule remains pending — track its adoption).
- Document methodology, results and remediation.
6. Third-party / vendor management
Due diligence and contractual controls over AI/data vendors (audit/cooperation rights, regulator access, performance, data use).
Regulatory mapping
| Instrument | Requirement supported |
|---|---|
| NAIC Model Bulletin (AIS Program) | Governance, risk mgmt, vendor, unfair-discrimination testing |
| NY DFS Circular Letter No. 7 (2024) | Proxy/bias testing in underwriting & pricing |
| Colorado SB 21-169 + Reg 10-1-1 | Governance framework + annual attestation |
| EIOPA AI Governance Opinion (EU) | AI governance under Solvency II / IDD |
| ASOP No. 56 (Modeling) | Actuarial model validation & governance |
Appendix — AIS inventory & testing log
| AI system | Use (UW/pricing/claims) | ECDIS? | Owner | Last discrimination test | Result | Status |
|---|---|---|---|---|---|---|
| [system] | [use] | [yes/no] | [owner] | [date] | [pass/flag] | [live] |
Document control & approval
| Version | Date | Author | Approved by | Summary of change |
|---|---|---|---|---|
| 1.0 | [Date] | [Author] | [Approver] | Initial adoption |
Sign-off
- Policy owner: __________________________ Signature: ______________ Date: __________
- Accountable executive: __________________________ Signature: ______________ Date: __________
- Next review due: __________
This template was generated by autogovern.io as a professional starting point. Review and adapt it to your organisation, systems, sector and legal advice before adoption. It is an educational aid, not legal advice.