AI Underwriting Compliance
McKinsey projects 90%+ of P&C pricing and underwriting will be fully automated by 2030. The trailblazers solve speed and governance together.
The Underwriting AI Trajectory
Confidence is mixed, automation is inevitable
The Acceleration Trap
Speed buys market share. Ungoverned underwriting AI triggers regulatory and discrimination exposure that takes years to remediate.
The trailblazers are the carriers that solve speed and governance together. The laggards solve neither.
What "AI in Underwriting" Actually Means
Three distinct things — each with different governance
Predictive Risk Models
Historical data scoring applicants on loss probability.
Why it matters: ECDIS rules apply when external data sources feed the model.
Generative Underwriting Copilots
Drafting decline rationales, summarizing loss runs, comparing submissions against guidelines.
Why it matters: New attack surface for confidentiality and applicant PII.
External Consumer Data (ECDIS)
Non-traditional data — social media, credit-adjacent scores, telematics — combined with traditional underwriting data.
Why it matters: Heavily regulated; fairness testing required for every source.
The ECDIS Rules Every Underwriter Must Know
State implementations of the NAIC Model Bulletin add teeth
NYDFS Circular Letter No. 7
Effective July 11, 2024. Governs AIS and ECDIS in underwriting and pricing. Requires fairness testing, actuarial validity documentation, governance framework, transparency to applicants, and third-party oversight.
Why it matters: NYDFS exam focus; transparency to applicants is required.
Regulation 10-1-1
Governance and risk-management framework required by December 1, 2024 with interim report due June 1, 2024. Amended to cover private passenger auto and health benefit plans effective October 15, 2025.
Why it matters: Most prescriptive on documentation; broadest LoB coverage.
Bulletin MC-25
Adopted the NAIC Model Bulletin effective February 26, 2024 and made AI a market conduct exam focus.
Why it matters: Expect AI governance documentation requests in your next CT exam.
The Bias Problem You Have to Solve Before Regulators Do
Colorado SB21-169 (signed July 6, 2021) prohibits insurers from using ECDIS, algorithms, or predictive models that unfairly discriminate on the basis of race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
NYDFS Circular Letter No. 7 requires the same. The Huskey v. State Farm claims-side litigation is the canary for underwriting — the same legal theory applies in underwriting decline patterns.
Seven Governance Controls Every Underwriting AI Deployment Needs
Each control maps to a specific exam expectation
AIS Program inclusion
Every predictive model, generative copilot, and ECDIS source is documented in your AI Systems Program.
Fairness testing
Pre-deployment and annual retesting for disparate impact across all protected classes named in your state(s) rules.
Actuarial validity documentation
Required by NYDFS CL-7; defensible in market conduct exams.
Third-party vendor oversight
Each ECDIS provider and AI tool vendor has documented data lineage, contractual confidentiality terms, and a risk assessment.
PII redaction at input
Underwriting AI inputs strip applicant PII before LLM calls; rehydration happens on the carrier's side of the boundary.
Audit-ready logs
Decision logs that link applicant, model, ECDIS sources, output, and any human override. Retained per state record-retention rules.
Transparency to applicants
Required by NYDFS CL-7 — applicants must be informed of AI / ECDIS use in adverse underwriting decisions.
What Gets You Exam-Ready
A market conduct examiner asking about AI in underwriting is looking for four artifacts — the AIS Program document, the fairness testing reports, the ECDIS vendor inventory, and the decision logs.
If those four artifacts exist and are current, you pass. If any are missing or stale, you do not.
AI Underwriting Compliance — FAQ
What is ECDIS and why does it matter for AI underwriting?
ECDIS — External Consumer Data and Information Sources — is the NAIC's term for non-traditional data sources (social media, alternative credit data, telematics, etc.) used in AI underwriting and pricing. The NAIC Model Bulletin and rules like NYDFS Circular Letter No. 7 specifically govern ECDIS, requiring fairness testing and third-party oversight on every source.
Do insurers have to disclose AI use to applicants?
In some states, yes. NYDFS Circular Letter No. 7 requires transparency to applicants on AI Systems and ECDIS use in underwriting and pricing. State requirements vary, but the regulatory direction is clearly toward applicant-facing disclosure of automated decisions.
What does fairness testing for underwriting AI actually require?
Pre-deployment and ongoing testing of model outputs across protected classes named in your state(s) rules — race, color, national origin, religion, sex, sexual orientation, disability, gender identity, gender expression in Colorado, for example. Documentation must be retained and made available for market conduct examinations.
What does an AIS Program look like in practice?
A written program covering AI development, acquisition, and use — governance roles, risk-tier classification of every AI System, documentation requirements, third-party vendor oversight, and fairness testing protocols. Required by the NAIC Model Bulletin, adopted in 24 states plus DC as of late 2025.
Related Resources
Continue across the silo or bridge to a core hub
AI Claims Processing Governance
Five AI touchpoints in claims and six governance controls every deployment needs
Read article →NAIC Model Bulletin on AI
The AIS Program scope and the 6 elements every covered insurer must address
Read article →State Insurance AI Enforcement
Four jurisdictions setting the bar and the seven artifacts examiners ask for
Read article →AI Observability and Compliance
How decision logs and audit trails meet NAIC documentation expectations
Read article →Multi-Model AI Access
Pick the right model per task without leaving the governance perimeter
Read article →Build an AIS Program That Survives Audit
Start with a free Shadow AI Risk Check. Discovery, AI System inventory, ECDIS vendor review, and a 6-week roadmap to exam readiness.