The American InsurTech Council (AITC) has submitted a regulatory framework proposal to the National Association of Insurance Commissioners (NAIC) Third Party Data and Models Task Force.
The framework focuses on insurers’ use of third-party data and predictive models, including artificial intelligence (AI), and aims to ensure compliance with the NAIC’s Model AI Bulletin.
AITC’s proposed "attestation model" would require insurers to confirm annually that their use of AI aligns with existing insurance laws and regulations. The council emphasized that the framework is designed to enhance oversight and consumer protection while enabling insurers to maintain accountability for third-party data and models.
“Our proposal introduces an attestation model framework designed to ensure that insurers using AI from third-party providers comply with regulatory guidance as outlined in the Model AI Bulletin,” AITC stated in its letter to the Task Force.
The council added that the approach would strengthen regulatory oversight and foster discussions about managing rapid developments in AI technologies, including generative AI.
AITC said that its framework is grounded in principles aimed at ensuring consistency with the NAIC’s risk-based approach outlined in the AI Bulletin. These include making insurers ultimately responsible for compliance with insurance laws when using third-party vendors, protecting consumers, and maintaining effective regulatory oversight.
The council conducted extensive research to develop its recommendations, including consultations with insurance carriers, third-party vendors, and risk management specialists. AITC noted that insurers already employ third-party risk management strategies, many of which can be adapted to address AI-related risks.
The framework emphasizes flexibility and durability to keep pace with rapid AI advancements and the growing use of AI in insurance. AITC also highlighted the importance of clear regulatory guidance for third-party vendors, equal accessibility for insurers of all sizes, and continued innovation in the ethical and fair use of AI.
AITC’s attestation model builds on the risk-based governance outlined in the AI Bulletin, adopted by the NAIC in December 2023. The bulletin places compliance responsibility directly on insurers, requiring them to ensure that AI-driven decisions align with laws such as the Unfair Trade Practices Act and the Unfair Claims Settlement Practices Act.
Under the proposed framework, insurers would annually attest to regulators that their AI use complies with applicable laws. The model extends current regulatory principles, including due diligence on third-party vendors, contract provisions for audit rights, and cooperation with regulator inquiries.
AITC suggested that many insurers are already taking steps to adapt their risk management programs for AI oversight.
“The framework provides a clear statement to third-party vendors regarding regulator expectations, strengthening insurers’ ability to secure appropriate contract language and oversight,” AITC wrote.
AITC underscored the practicality of its attestation model, which could be implemented quickly to address the rapid expansion of AI in insurance. The council noted that the model accommodates emerging certification and accreditation programs for third-party vendors and AI systems, ensuring long-term applicability without the need for frequent updates.
The proposal aligns with existing regulatory practices, offering insurers a consistent approach to managing risks associated with third-party AI. AITC believes the framework will support the continued development of best practices and foster confidence in the insurance industry’s use of advanced technologies.
“We look forward to discussing our proposal further with Task Force members,” AITC said, adding that it welcomes collaboration to refine the framework and advance regulatory strategies for AI in insurance.
What are your thoughts on this story? Please feel free to share your comments below.
