EP 13Jul 22, 2026Insurance AINAICAlgorithmic AuditingRegulatory Compliance

The Algorithmic Underwriting Audit: What NAIC AI Requirements Mean for Every Insurer

38+ states have adopted the NAIC Model Bulletin on AI. Colorado mandates external algorithmic audits for life insurance AI. California has directly challenged AI-generated property risk scores. Lemonade, Tractable, and ZestyAI are handling claims and underwriting at scale — at carriers without the governance documentation regulators are now requiring. This episode dissects what the NAIC and state requirements actually obligate, why a vendor compliance sheet doesn't satisfy them, and how to build the algorithmic audit program before your regulator builds it for you.

The Deployment Debrief · Host: Elise · AI Insight Lab

Read the memo →View slide deck →All episodes →

Key takeaways

1
38+ states have adopted NAIC AI governance requirements — if you are using AI in underwriting or claims, you are operating under this framework whether or not you've acknowledged it.
2
A vendor compliance sheet does not satisfy the NAIC model bulletin's documentation requirements — the obligation is on the insurer, not the vendor.
3
Colorado's external audit mandate is the leading indicator of where the rest of the US is going — treat it as your 18-month implementation deadline even if you're not domiciled there.
4
The audit program that passes regulatory review documents explainability, bias testing methodology, and human oversight workflow — not just model accuracy.

Episode sections

Hook & Context

Why 38+ state adoptions of the NAIC AI model bulletin means every carrier using AI in underwriting or claims is already operating under a governance framework — whether or not they've acknowledged it.

The NAIC Bulletin & State Adoptions

What the NAIC Model Bulletin on AI actually requires from carriers — explainability, bias testing, human oversight — and how state adoption creates a patchwork of enforcement.

What Regulators Are Actually Auditing

Based on Colorado's external audit requirements and California's property risk score challenges — the documentation regulators are asking for that most carriers can't produce.

The Vendor Compliance Gap

Why a vendor compliance sheet from Lemonade, Tractable, or ZestyAI does not satisfy the NAIC bulletin's documentation requirements — and who bears the obligation.

Three Audit Postures

Vendor-reliant, internal documentation program, and external audit program — what each provides and what a Colorado-style mandate requires.

The Governance Build Sprint

The 12-week sprint that builds the algorithmic audit program before your state regulator requests it — model inventory, explainability documentation, bias testing protocol.

Four Material Risks

State regulatory enforcement, market conduct exam exposure, California property risk score challenge, and the vendor indemnification gap most carriers haven't closed.

Closing Question

The question your chief actuary and general counsel need to answer jointly: for each AI model in your underwriting stack, can you produce the documentation your state regulator will ask for?

← Previous episode Next episode →

The Algorithmic Underwriting Audit: What NAIC AI Requirements Mean for Every Insurer

The Deployment Debrief · Host: Elise · AI Insight Lab

Key takeaways

38+ states have adopted NAIC AI governance requirements — if you are using AI in underwriting or claims, you are operating under this framework whether or not you've acknowledged it.

A vendor compliance sheet does not satisfy the NAIC model bulletin's documentation requirements — the obligation is on the insurer, not the vendor.

Colorado's external audit mandate is the leading indicator of where the rest of the US is going — treat it as your 18-month implementation deadline even if you're not domiciled there.

The audit program that passes regulatory review documents explainability, bias testing methodology, and human oversight workflow — not just model accuracy.

Episode sections

Hook & Context

The NAIC Bulletin & State Adoptions

What the NAIC Model Bulletin on AI actually requires from carriers — explainability, bias testing, human oversight — and how state adoption creates a patchwork of enforcement.

What Regulators Are Actually Auditing

Based on Colorado's external audit requirements and California's property risk score challenges — the documentation regulators are asking for that most carriers can't produce.

The Vendor Compliance Gap

Why a vendor compliance sheet from Lemonade, Tractable, or ZestyAI does not satisfy the NAIC bulletin's documentation requirements — and who bears the obligation.

Three Audit Postures

Vendor-reliant, internal documentation program, and external audit program — what each provides and what a Colorado-style mandate requires.

The Governance Build Sprint

The 12-week sprint that builds the algorithmic audit program before your state regulator requests it — model inventory, explainability documentation, bias testing protocol.

Four Material Risks

State regulatory enforcement, market conduct exam exposure, California property risk score challenge, and the vendor indemnification gap most carriers haven't closed.

Closing Question

The question your chief actuary and general counsel need to answer jointly: for each AI model in your underwriting stack, can you produce the documentation your state regulator will ask for?